- Download intermediate certs as
.pemfrom Lets Encrypt - Add records based on:
- type (R is RSA, E is ECDSA)
- just the current keys, backup key, and future keys
- Use a "2 1 1" record:
- 2 is Trust Anchor (TA)
- 1 is the public key (0 is the full cert)
- 1 is SHA-256 (2 is SHA-512)
gwire
gwire
/ letsencrypt_tlsa.md
Last active
October 19, 2025 08:16
Generating TLSA records from Lets Encrypt intermediate certs
Nginx can be used to proxy several mail protocols. This can be useful in a variety of scenarios: load balancing, providing up-to-date TLS for servers that don’t support it, graceful server migration, or enabling user-specific storage policies.
Unfortunately, what’s not clear from the documentation is that nginx (at least at 1.18) can’t proxy over encrypted connections - which makes this unworkable except in the case of servers on the local network.
gwire
/ red_salon_steam.py
Last active
April 21, 2025 14:52
Script to solve the steampipe puzzle in "Vampire The Masquerade - Swansong"
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| In scene 07 of the game Vampire: The Masquerade - Swansong, you need to turn three valves | |
| on three pipes, in order to set all three gauges to 12. | |
| Each valve has a different effect across all three gagues. | |
| If the gagues go over 12 they wrap around to zero. | |
| Online guides suggest a specific sequence of turns, but this isn't a solution as it assumes | |
| a known starting position. |
gwire
/ bingbotsearch.json
Last active
April 14, 2025 12:13
AWS WAF Rule for blocking WordPress search requests by Bingbot
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Name": "BingbotSearch", | |
| "Priority": 13, | |
| "Statement": { | |
| "AndStatement": { | |
| "Statements": [ | |
| { | |
| "ByteMatchStatement": { | |
| "SearchString": "bingbot", | |
| "FieldToMatch": { |
IMAP4 Keywords are small bits of metadata that can be attached to stored email messages.
They're free-form text, but the convention is that
\indicates a system keyword$indicates a keyword with a common meaning
See the IMAP4 spec and the IANA registry
gwire
/ thames.jsonld
Created
July 28, 2024 16:33
A review of the claim that the River Thames is the cleanest river in the world
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "@context": "https://schema.org", | |
| "@type": "ClaimReview", | |
| "claimReviewed": "The Thames is considered one of the cleanest rivers in the world.", | |
| "reviewBody": "This sounds like bollocks, mate", | |
| "itemReviewed": { | |
| "@type": "Claim", | |
| "author": { | |
| "@type": "Person", | |
| "name": "Lucy Williamson" |
gwire
/ calendar-file.sieve
Last active
April 18, 2024 15:20
Sieve script to file mails containing iCal events
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require["mime","fileinto"]; | |
| ## IANA registered type is "text/calendar", but some sources use "application/ics" | |
| if header :mime :anychild :subtype "Content-Type" ["calendar","ics"] { | |
| fileinto "calendar"; | |
| } |
I have a site where there is no legitmate use of the HTTP POST method (or anything other than GET/HEAD).
limit_except is usually used for method restriction, but only produces 403 responses, not 405.
There's a Stack Overflow
question that notes this.
There's a 2015 blog post
that suggests something like the following (which I needed to modify to get the Allow: header to appear):
server {
I have a process that outputs a list of .in-addr.arpa values. These consist of names with 3 to 6 labels.
161.187.42.143.in-addr.arpa
18.139.243.162.in-addr.arpa
38.51.19.58.in-addr.arpa
136.67.34.in-addr.arpa
16.134.243.162.in-addr.arpa
18.240.203.159.in-addr.arpa
240.54.in-addr.arpa
gwire
/ user_data.yml
Last active
September 21, 2024 23:32
Cloud-init config to allow password-less sudo via ssh-agent
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #cloud-config | |
| ## I want to authenticate sudo via ssh-agent on Ubuntu 22.04 | |
| users: | |
| - name: bob | |
| gecos: Bob | |
| shell: /bin/bash | |
| primary_group: bob | |
| groups: sudo |
NewerOlder