Skip to content

Instantly share code, notes, and snippets.

View geor-g's full-sized avatar

geor-g

40 followers · 283 following
View GitHub Profile
@geor-g
geor-g / 0 ProPublica Tor hidden service config.md
Created April 10, 2023 16:31 — forked from mtigas/0 ProPublica Tor hidden service config.md
Configuration for ProPublica’s Tor hidden service proxy.

Note (December 16, 2021): These example files haven't been updated since 2016. In either 2019 or 2020, our onion domain was changed to a longer v3 onion address (p53lf57qovyuvwsc6xnrppyply3vtqm7l6pcobkmyqsiofyeznfu5uqd.onion). The examples below don't reflect this, but the configuration portions remain accurate regarding how we currently serve the onion site. (Tor Browser dropped support for v2 addresses, such as propub3r6espa33w.onion, in the second half of 2021.)

These files contain the base configuration for ProPublica’s Tor hidden service mirror.

Of note:

  • We're using the nginx "subs_filter" and "headers more" modules to allow us to rewrite content and update headers, so that we can convert clearnet links into onion links, where possible.
@geor-g
geor-g / haproxy_maintenance.conf
Created October 14, 2020 23:23 — forked from sts/haproxy_maintenance.conf
HAProxy Maintenance Page
#
# Proof of concept for a HAProxy maintenance mode
#
#
# Control the maintenance page during runtime using the stats socket:
#
# To put the whole site in maintenance mode (for all IPs):
# > add acl #0 0.0.0.0/0
#
# To exclude your own ip, so you are able to test things out:
@geor-g
geor-g / get_stun.py
Created April 11, 2020 00:16 — forked from duncanturk/get_stun.py
python script that whether a jitsi instance uses googles stun servers
import requests as req
import re
domains = [
"jitsi.linux.it",
"chat01.kuketz-meet.de"
]
bad_stuns = {
r"stun[\d]{0,1}\.l\.google\.com": "Google"
}
@geor-g
geor-g / README.md
Created November 18, 2019 23:16 — forked from pklaus/README.md
Generating Random MAC Addresses with Python

The mini-tool has a CLI-Interface with the following options:

  • Unicast or Multicast? Default: Unicast
  • Locally Administered or Globally Unique? Default: Locally Administered
  • Prescribe specific OUI (overwrites the above two)

TODO

  • Add an option to generate a number of MACs without collisions.
@geor-g
geor-g / keyservers.md
Created June 29, 2019 18:02 — forked from rjhansen/keyservers.md
SKS Keyserver Network Under Attack

SKS Keyserver Network Under Attack

This work is released under a Creative Commons Attribution-NoDerivatives 4.0 International License.

Terminological Note

"OpenPGP" refers to the OpenPGP protocol, in much the same way that HTML refers to the protocol that specifies how to write a web page. "GnuPG", "SequoiaPGP", "OpenPGP.js", and others are implementations of the OpenPGP protocol in the same way that Mozilla Firefox, Google Chromium, and Microsoft Edge refer to software packages that process HTML data.

Who am I?

@geor-g
geor-g / consequences.md
Created June 29, 2019 18:02 — forked from rjhansen/consequences.md
SKS Keyserver Network Attack: Consequences

SKS Keyserver Network Attack: Consequences

This work is released under a Creative Commons Attribution-NoDerivatives 4.0 International License.

Back in late February, the Internet Freedom Festival put together a roundtable of communications security nerds to help dissidents in Venezuela figure out how to organize and communicate in the face of widespread DNS poisoning. I contributed a brief HOWTO explaining what the Maduro regime was doing and some simple, effective mitigations. At the very top of the HOWTO was a paragraph of security considerations. Chief among them was a caution that this document came with an OpenPGP digital signature: before relying on the information in the document they ought ensure nobody had tampered with it, either to install malware into the PDF or to alter the advice I was giving.

I put this HOWTO out in the wild. I've had four people send me thank-you notes for writing it. I figure that means it's been seen by between fo

@geor-g
geor-g / index.html
Created February 12, 2019 00:37 — forked from diafygi/index.html
SKS/GPG Keyserver Gossip Network
<!DOCTYPE html>
<meta charset="utf-8">
<style>
.node {
font: 300 11px "Helvetica Neue", Helvetica, Arial, sans-serif;
fill: #bbb;
}
.node:hover {
@geor-g
geor-g / README.md
Created February 11, 2019 00:21 — forked from feklee/README.md
GnuPG on Termux for accessing USB smart card reader

Prerequisites

  • smart card reader supported by GnuPG

    I use the [SCM332 V2][1] with an OTG adapter to connect it to my Xiaomi Mi A2.

  • root access from Termux

@geor-g
geor-g / haproxy.log
Created February 7, 2019 10:55 — forked from ingshtrom/haproxy.log
haproxy but report docs
"_messagetimems","_messagetime","container_name","message"
"1548793228554","01/29/2019 15:20:28.554 -0500","k8s_haproxy_haproxy-router-d5csc_routing-external-default_23340a5e-23c6-11e9-a7e5-0242ac11000b_59","7ffd6cfef000-7ffd6cff1000 r-xp 00000000 00:00 0 [vdso]"
"1548793228554","01/29/2019 15:20:28.554 -0500","k8s_haproxy_haproxy-router-d5csc_routing-external-default_23340a5e-23c6-11e9-a7e5-0242ac11000b_59","ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]"
"1548793228550","01/29/2019 15:20:28.550 -0500","k8s_haproxy_haproxy-router-d5csc_routing-external-default_23340a5e-23c6-11e9-a7e5-0242ac11000b_59","7ffd6cfec000-7ffd6cfef000 r--p 00000000 00:00 0 [vvar]"
"1548793228549","01/29/2019 15:20:28.549 -0500","k8s_haproxy_haproxy-router-d5csc_routing-external-default_23340a5e-23c6-11e9-a7e5-0242ac11000b_59","7f99cb65a000-7f99cb65b000 rw-p 00024000 ca:10 534226 /lib/x86_64-linux-gnu/ld-2.24.so"
"1548793228549"
@geor-g
geor-g / 00-haproxy.cfg
Created December 11, 2018 22:20 — forked from robbat2/00-haproxy.cfg
rsync haproxy frontend with ratelimiting & deny, uses haproxy-lua
# This is a very very minimal rsync config that gives ratelimit and ban messages
global
lua-load 01-deny-rsync.lua
frontend fe_rsync
mode tcp
bind *:9873
tcp-request content set-var(txn.rsync_deny_message) str("") # Start empty
# Track the backend state