Skip to content

Instantly share code, notes, and snippets.

View tiran's full-sized avatar

Christian Heimes tiran

View GitHub Profile
#!/usr/bin/env python2.7
import os
from PIL import Image
from Crypto.Cipher import AES
# random key
key = os.urandom(16)
# load image
img = Image.open("militarygrade.png")
# encrypt
#!/usr/bin/env python3.3
"""Test / demo script for Apple OpenSSL Verification Surprises (CVE-2014-2234)
https://hynek.me/articles/apple-openssl-verification-surprises/
Christian Heimes <christian@python.org>
"""
import os
import platform
import socket

Keybase proof

I hereby claim:

  • I am tiran on github.
  • I am ChristianHeimes (https://keybase.io/ChristianHeimes) on keybase.
  • I have a public key whose fingerprint is BB97 AF8B C4E7 A5C0 D962 23D3 C788 C4C1 D455 0D45

To claim this, I am signing this object:

# http://nedbatchelder.com//blog/201407/creative_looping.html
>>> l = [1, 2, 3, 4]
>>> it = iter(l)
>>> while True:
... try:
... print(next(it))
... except StopIteration:
... break
...
1

Next Steps

  • Measure time spend on index, flush, refresh, merge, query, etc. (TD - done)
  • Take hot threads snapshots under read+write, read-only, write-only (TD - done)
  • Adjust refresh time to 10s (from 1s) and see how load changes (TD)
  • Measure time of a rolling restart doing disable_flush and disable_recovery (TD)
  • Specify routing on query -- make it choose same node for each shard each time (MD)
  • GC new generation size (TD)
  • Warmers
  • measure before/after of client query time with and without warmers (MD)
@tiran
tiran / tor
Created November 6, 2014 15:41
## /etc/tor/torrc
# hidden service
HiddenServiceDir /var/lib/tor/ssh
HiddenServicePort 22 127.0.0.1:22
# relay
ORPort 9001
Nickname some name
RelayBandwidthRate 100 KB # Throttle traffic to 100KB/s (800Kbps)
RelayBandwidthBurst 200 KB # But allow bursts up to 200KB/s (1600Kbps)
#define _DEFAULT_SOURCE
#include <netdb.h>
#include <netinet/in.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
/*
@tiran
tiran / openssl_rng.c
Last active August 16, 2017 16:59
OpenSSL CPRNG RAND_bytes() and pid wrap-around demo
/* Demo for repeated CPRNG output after pid wrap around
*
* Christian Heimes <christian@python.org>
*
*
* $ gcc -lcrypto openssl_rng.c -o openssl_rng
* $ ./openssl_rng
* $ head -n1 rng.txt
* 29104: 76949c6012516ca3
* $ egrep '2920.+:' rng.txt
@tiran
tiran / gist:32eb2ab8265a31984bb5cf3cf468b72a
Created June 17, 2016 11:29
glibc getaddrinfo() parsing with trailing data
#define _DEFAULT_SOURCE
#include <netdb.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
/*
# create keytab for radius user
ipa-getkeytab -p 'radius/HOSTNAME' -k /etc/raddb/radius.keytab
chown root:radiusd /etc/raddb/radius.keytab
chmod 640 /etc/raddb/radius.keytab
# make radius use the keytab for SASL GSSAPI
mkdir -p /etc/systemd/system/radiusd.service.d
cat > /etc/systemd/system/radiusd.service.d/krb5_keytab.conf << EOF
[Service]
Environment=KRB5_CLIENT_KTNAME=/etc/raddb/radius.keytab