Skip to content

Instantly share code, notes, and snippets.

View rufoa's full-sized avatar

Rufus rufoa

20 followers · 12 following
  • UK
View GitHub Profile
@rufoa
rufoa / gist:f7901bfda28ce0ea49a8
Last active August 18, 2018 01:56
the correct way to use SecureRandom in clojure. automatically reseeds every ttl ms
(defn- reseeding-prng [ttl]
(let [state (atom {})]
(fn []
(let [now (.getTime (java.util.Date.))]
(when (> (- now (:last-seeded @state 0)) ttl)
(let [new-generator (java.security.SecureRandom/getInstance "SHA1PRNG" "SUN")]
(.nextBytes new-generator (byte-array 0))
(swap! state assoc :last-seeded now :generator new-generator)))
(:generator @state)))))
@rufoa
rufoa / zpop.py
Last active June 5, 2018 16:40
redis zpopmin/zpopmax in lua
# same behaviour as zpopmax/zpopmin in redis 5.0.0-RC2:
# count arg defaults to 1
# count > 0: return count many items
# count <= 0: return all items
lua_zpopmax = """
assert(#KEYS == 1)
assert(#ARGV <= 1)
local count = 1
@rufoa
rufoa / ee bright box 2.md
Created August 18, 2018 01:35

The Bright Box 2 is a combined VDSL modem and wireless router supplied to customers of EE (Orange). It is manufactured by Arcadyan and uses a Broadcom bcm63xx SoC

These instructions are based on the latest firmware at the time of writing: v0.04.05.0001-OT (Fri Mar 24 17:29:32 2017)

Put it in bridge mode

  • This is for if you want to use the Bright Box as a VDSL modem only, and have a separate router act as the PPPoE client (e.g. ubiquiti edgerouter), avoiding double NAT
  • There is lot of nonsense, not least from people on EE's own forum, about how this cannot be done
  • If desired, change the Bright Box IP and subnet before doing this because the settings tab becomes inaccessible
  • Connect your router to port 4 (GigE) on your BB
@rufoa
rufoa / Jenkinsfile
Created May 13, 2019 02:29
Jenkins [skip ci] implementation for multi-branch declarative pipeline
// change 'agent' lines as appropriate
pipeline {
agent none
stages {
stage('Run CI?') {
agent any
steps {
@rufoa
rufoa / warp.md
Last active April 4, 2024 15:29

Connecting to Cloudflare WARP with WireGuard

Cloudflare's WARP VPN uses a slightly modified version of the WireGuard protocol, but it remains backwards compatible with the normal WireGuard client software. This means you can connect to it on platforms which don't yet have an official WARP client, e.g. your computer or EdgeOS-based router.

Step 1

Generate a WireGuard keypair, as usual:

wg genkey | tee private.key | wg pubkey > public.key

@rufoa
rufoa / tor attacks.md
Created October 18, 2019 17:36

De-anonymising Tor users

An incomplete history of attacks

Operation Pacifier (2015)

  • Watering hole attack against "Playpen" onion site
  • Believed to exploit a vulnerability in Firefox
  • FBI chose to drop case rather than reveal details of technique

CMU SEI (2014)

@rufoa
rufoa / st4 linux build 4094
Last active April 1, 2024 00:25
printf '\00\00\00' | dd of=sublime_text bs=1 seek=290764 count=3 conv=notrunc
https://www.google.com/search?q=%22EA7E-890007%22
@rufoa
rufoa / patch.sh
Last active February 2, 2024 06:41
sublime merge 2 build 2068 linux
#!/bin/bash
set -o errexit
set -o nounset
set -o pipefail
target="${1:-/opt/sublime_merge/sublime_merge}"
check_sha() {
local sha_valid