Skip to content

Instantly share code, notes, and snippets.


Vito Genovese vito-lbs

View GitHub Profile

Keybase proof

I hereby claim:

  • I am vito-lbs on github.
  • I am vito ( on keybase.
  • I have a public key whose fingerprint is 3D67 0192 A797 5173 646C 79D3 B07D 6161 43CA A77B

To claim this, I am signing this object:

View gist:ac1ad852e85428872b03
group = ECDSA::Group::Secp256k1
point_field = group.order
e1 = ECDSA.normalize_digest logs[0].uuid, group.bit_length
e2 = ECDSA.normalize_digest logs[1].uuid, group.bit_length
pack =
up1 = pack.unpack(logs[0].signature)
up2 = pack.unpack(logs[1].signature)
View gist:0eb86443b897a1e5e1a2
each ListLogResp is from a different signing key
<Choripan::Messages::ListLogResp logs: [<Choripan::Messages::Log uuid: "0621719b-f3bd-41d5-9560-2d698420f0b6", signature: "23gej2yicat16111vsyhe45fb50hrzcx2w5roxrhkhep3ao1yflfaux2b66ykjsetghliq4bhjn8wpqzqog2zyjau9uupcmp57te", timestamp: 1401847188>, <Choripan::Messages::Log uuid: "99129876-4080-4d5c-b16e-e6a38de5d7aa", signature: "24g5jmy7c3tw6j1lv6ywey56bv0lrmcu2w51o3rmk8ee3wotyalua0xwbb61ktsqtdhxih4zh2nqw3qaqjg3zwjmumuvp9ma52tf", timestamp: 1401847200>]>
<Choripan::Messages::ListLogResp logs: [<Choripan::Messages::Log uuid: "9c73d194-d20e-4444-9558-9036f85c2c20", signature: "1355dim3k8d54epwc5z3llv1mtyws6z40me2cy3s1i2d1m89vfi16273gjgyhjhx3kumpjg28gbswijz0fatq3g08phn9w7g1mgm", timestamp: 1401847398>, <Choripan::Messages::Log uuid: "7efefbce-0ea6-4ad0-9086-ea599158b8e4", signature: "145udymekgdg4lp0cfzxlevxmlyosfz608eecb3f1e2m1x89vfiu6l71g5g1h7hy33uipkgc8lbnwzjv0dapqmg782hi947y1xgf", timestamp: 1401847447>]>
<Choripan::Messages::ListLogResp logs: [<Choripan:
View gist:bc5459b02bd915cc898a
def to_token_string
def self.from_token_string(token_string)
key, secret = token_string.chars.each_slice(2)
candidate = self.where(key: key).first
return nil

I don't think people understand what vulnerability sellers really do. They invest thousands of man and computer hours into finding bugs which people are willing to pay lots of money for. As a business, they want to keep their customer base happy, which means allowing their customers (yes, presumably the NSA/FBI/etc.) to use their exploits rather than selling them to Tails OS maintainers. Yes, it's probably the case that these exploits don't just go to nabbing child pornographers or drug traffickers, they also probably try to catch the next Snowden, which not everyone agrees is The Right Thing To Do. But for what it's worth, I'd still trust the US government (even with all its faults) far more than the Russians or Chinese.

But let's be honest here, Tails OS maintainers probably couldn't afford the same price that Exodus's customers will happily pay. Even if Exodus were happy to sell it to the Tails folks, that is certainly going to be a loss of money.

The arguments I'm used to hearing go something like "but

View clone_all.rb
#!/usr/bin/env ruby
require 'pp'
host = "git@legitbs git server"
in_git = FileTest.exist?(File.join(Dir.pwd, '.git'))
if in_git
puts <<-EOS
Don't run this from inside a git working copy, run it from an empty
View token.rb
class Token < ActiveRecord::Base
include BCrypt
belongs_to :instance
belongs_to :round
has_many :redemptions
has_many :captures, through: :redemptions
validates :instance, presence: true
validates :round, presence: true
View asdf.rb
ActiveRecord::Base.connection_pool.with_connection do
Nonce.where('expires_at < ?', rescue nil
#!/bin/env python -u
import random
from os import environ, listdir, path
from sys import exit
from subprocess import Popen, PIPE
import signal
from base64 import b64decode
def alarm_handler(signum, frame):
print "timed out, sorry"
View MDErgo1-Default.json
"header": {
"Name": "MDErgo1",
"Layout": "Default",
"Base": "Blank",
"Version": "0.1",
"Author": "HaaTa (Jacob Alexander) 2015",
"KLL": "0.3c",
"Date": "2015-09-12",
"Generator": "KIICONF 0.2"