Skip to content

Instantly share code, notes, and snippets.

View yingziwu's full-sized avatar

yingziwu

39 followers · 50 following
View GitHub Profile
@mondain
mondain / public-stun-list.txt
Last active May 8, 2024 10:43
Public STUN server list
23.21.150.121:3478
iphone-stun.strato-iphone.de:3478
numb.viagenie.ca:3478
s1.taraba.net:3478
s2.taraba.net:3478
stun.12connect.com:3478
stun.12voip.com:3478
stun.1und1.de:3478
stun.2talk.co.nz:3478
stun.2talk.com:3478
@nitred
nitred / optimal_mtu.md
Last active May 7, 2024 01:51
Wireguard Optimal MTU

About

  • I faced bandwidth issues between a WG Peer and a WG server. Download bandwidth when downloading from WG Server to WG peer was reduced significantly and upload bandwidth was practically non existent.
  • I found a few reddit posts that said that we need to choose the right MTU. So I wrote a script to find an optimal MTU.
  • Ideally I would have liked to have run all possible MTU configurations for both WG Server and WG Peer but for simplicity I choose to fix the WG Server to the original 1420 MTU and tried all MTUs from 1280 to 1500 for the WG Peer.

Testing

  • On WG server, I started an iperf3 server
  • On WG peer, I wrote a script that does the following:
    • wg-quick down wg0
  • Edit MTU in the /etc/wireguard/wg0.conf file
@TrillCyborg
TrillCyborg / mastodon-docker-setup.md
Last active May 5, 2024 22:42
Mastodon Docker Setup

Mastodon Docker Setup

Setting up

Clone Mastodon's repository.

# Clone mastodon to ~/live directory
git clone https://github.com/tootsuite/mastodon.git live
# Change directory to ~/live

cd ~/live

@thesamesam
thesamesam / xz-backdoor.md
Last active May 4, 2024 09:26
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Background

On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that

@ZipFile
ZipFile / README.md
Last active May 4, 2024 04:28
Pixiv OAuth Flow

Retrieving Auth Token

  1. Run the command:

    python pixiv_auth.py login

    This will open the browser with Pixiv login page.

@touilleMan
touilleMan / SimpleHTTPServerWithUpload.py
Last active May 4, 2024 01:08 — forked from UniIsland/SimpleHTTPServerWithUpload.py
Simple Python Http Server with Upload - Python3 version
#!/usr/bin/env python3
"""Simple HTTP Server With Upload.
This module builds on BaseHTTPServer by implementing the standard GET
and HEAD requests in a fairly straightforward manner.
see: https://gist.github.com/UniIsland/3346170
"""
@sindresorhus
sindresorhus / post-merge
Last active May 2, 2024 03:18
git hook to run a command after `git pull` if a specified file was changed.In this example it's used to run `npm install` if package.json changed and `bower install` if `bower.json` changed.Run `chmod +x post-merge` to make it executable then put it into `.git/hooks/`.
#!/usr/bin/env bash
# MIT © Sindre Sorhus - sindresorhus.com
# git hook to run a command after `git pull` if a specified file was changed
# Run `chmod +x post-merge` to make it executable then put it into `.git/hooks/`.
changed_files="$(git diff-tree -r --name-only --no-commit-id ORIG_HEAD HEAD)"
check_run() {
echo "$changed_files" | grep --quiet "$1" && eval "$2"
@ixs
ixs / intel_x520_patcher.py
Last active April 25, 2024 07:19
Intel x520 EEPROM Patcher allows to unlock the x520 network card to work with non-intel branded SFP modules.
#!/usr/bin/env python3
#
# Simple Intel x520 EEPROM patcher
# Modifies the EEPROM to unlock the card for non-intel branded SFP modules.
#
# Copyright 2020,2021,2022 Andreas Thienemann <andreas@bawue.net>
#
# Licensed under the GPLv3
#
# Based on research described at https://forums.servethehome.com/index.php?threads/patching-intel-x520-eeprom-to-unlock-all-sfp-transceivers.24634/
@klzgrad
klzgrad / TLS指纹调查.md
Last active April 5, 2024 03:14
@klzgrad
klzgrad / Traffic analysis survey.md
Last active March 17, 2024 09:49
流量分类调研

为什么流量可以进行分类

这里的“流量”一般定义为中间人观测到的一组由(时间,方向,包大小)元数据组成的序列 [Cai2014]。其源头是应用层的读写操作,经过传输层协议的变换(分片、协议状态机、加密等),流量序列产生一定变化。但是这种变化非常有限,因为流量的发生过程本质是确定性的,随机因素较小,因此对于特定环境中的特定应用(浏览器访问 google.com)各种流量特征体现出相当大的一致性和独特性,这就使“从流量特征识别应用”的监督学习问题成为可能。虽然有若干不利因素使得确定性下降,例如多层次上软件多版本的排列组合爆炸、有状态的缓存、流水线和连接复用、用户随机行为,但是因为版本的幂律分布、应用层读写操作间的依赖关系、流量特征和检测算法的改进等原因,分类依然具有相当的可行性。

分类的对象:流量应用分类与网站指纹攻击

根据分类的对象产生了两个相近但是不同的研究领域。从流量特征中分类应用类型的被称为流量分类(traffic classification),从流量特征中分类所访问网站或者网页的被称为网站指纹(website fingerprinting)。以机器学习的方法而论前者是比后者更弱但本质相同的一个问题。

这两类攻击的威胁类型不同。流量分类威胁的是可用性,如果GFW检出流量是隧道应用然后进行封锁,则破坏了可用性。而网站指纹威胁的是匿名性和隐私,如果从隐秘流量中检出是谁在访问哪个网站,则破坏了匿名性,丝绸之路就是这样被FBI破获的。