Skip to content

Instantly share code, notes, and snippets.

View jiphex's full-sized avatar

James Hannah jiphex

34 followers · 7 following
View GitHub Profile
@jiphex
jiphex / .gitignore
Last active August 29, 2015 14:00
Distro thing
index.html
@jiphex
jiphex / 00_Intro.md
Last active August 29, 2015 14:04
Router build 2014-07

I need a new router. I've had lots of bad ones, let's fix that once and for all. We need to handle lots of simultaneous connections, and Internet connections at home are only going to get faster.

When I'm at home, if I'm not in bed then I'm probably not far from using some kind of Internet connection, so this thing should be good and the money I have available to spend on it should be proportional to the amount that this thing is going to get used. For this reason, it should also support emerging protocols such as 802.11AC.

It's time to stop relying on third party operating systems. The news over the past year has shown how shady governments and companies can be, let's run an Open operating system on this thing, and configure it from scratch.

Once it's configured, I should never have to do anything to this box. It should never go down for no reason, and I shouldn't have to think about it working, it should just get on with it. That's not to say it should be locked down completely, just that once stable, it

@jiphex
jiphex / LTSP on Trusty.md
Created July 25, 2014 09:16
LTSP Trusty.md

Creating a functional LTSP environment

with Ubuntu Trusty and Nvidia ION based thin clients

  1. Install Trusty server
  2. Do updates
  3. Install the desktop crap (Gnome and stuff, including probably xubuntu-desktop and gnome-fallback)
  4. Install ltsp-server-standalone from the Ubuntu Archive
  5. Configure networking, you need to have a second NIC with a static 192.168.8.0/24 address on it, and a DHCP server running there (the config comes with the aforementioned standalone package)
  6. Run sudo ltsp-build-client
  7. mount -t proc none /opt/ltsp/amd64/proc
@jiphex
jiphex / gist:7e1fd0878d517345e882
Last active August 29, 2015 14:05
Deny mail from PHP scripts owned by the www-data user
## This is supposed to find (and freeze in the queue) any messages which are sent from
## PHP scripts that are owned by the www-data user, so it should stop someone from executing
## the following common attack scenario:
##
## 1. Malicious person finds exploitable upload form on a website that allows writing
## arbitrary PHP files to the web root of the server
## 2. Person uploads a PHP script used to send out email spam
## 3. Person executes that script either with exec() or via the web browser to send out spam
##
## This ACL should mean that messages just get stuck in the queue. A legitimate developer will
@jiphex
jiphex / update-bash-add-squeeze-ltd.yml
Created September 25, 2014 13:16
Ansible Playbook to upgrade Bash to latest version (and add Squeeze LTS if necessary)
---
- hosts: all
sudo: yes
tasks:
- name: make sure lsb_release is installed
apt: name=lsb-release
- name: add squeeze-lts repo if squeeze
apt_repository: repo='deb http://mirror.bytemark.co.uk/debian/ squeeze-lts main contrib non-free'
when: ansible_distribution_major_version == "6" and ansible_distribution == "Debian"
- name: upgrade bash to the latest version
@jiphex
jiphex / keybase.md
Created November 27, 2014 14:21

Keybase proof

I hereby claim:

  • I am jiphex on github.
  • I am jiphex (https://keybase.io/jiphex) on keybase.
  • I have a public key whose fingerprint is 5006 A070 19BB 6D7C 38FF 8EEF BEB5 C536 D46D A098

To claim this, I am signing this object:

@jiphex
jiphex / openbsd-on-bigv.md
Last active August 29, 2015 14:12
Instructions/readme for running OpenBSD on BigV

Running OpenBSD on BigV

Use the normal virtio profile, everything just works

Networking

To get IPv6 to work, configure hostname.vio0 as follows:

dhcp

up

@jiphex
jiphex / keybase.md
Created April 9, 2015 15:34

Keybase proof

I hereby claim:

  • I am jiphex on github.
  • I am jiphex (https://keybase.io/jiphex) on keybase.
  • I have a public key whose fingerprint is AA0D 95BB B25B 595A 14B9 6906 25E1 4B9F 86A2 49D4

To claim this, I am signing this object:

@jiphex
jiphex / README.md
Last active August 29, 2015 14:23
OpenBSD Battery widget for awesome 3.5

Include this in your ~/.config/awesome/rc.lua file and then add the widget at the same place you add your clock.

Output is like 69%[123] - the number in the square brackets is the minutes remaining (or ??)

Colour will be green if charging, white if battery is high, yellow if low or red if critical.

@jiphex
jiphex / ipv6onlynet.mdown
Created July 27, 2015 08:43
6to4

IPv6-only LAN with OpenBSD

My ISP provides IPv6 for their home broadband networks, soon other ISPs will too (notably BT who are running a trial of it at the moment). Unless they do it in some insane way, this means that every broadband subscriber will be allocated a /64 of IPv6 space to do with as they please.

The normal way to use this is to "dual-stack" your network, keeping DHCPv4 to hand out NAT-ed RFC1918 addresses to your machines while also using SLAAC to advertise your IPv6 prefix from the router so that machines on the network can autoconfigure themselves an IPv6 address.

If you only want to access IPv6 sites from networked machines, you can disable DHCPv4 altogether on your network, and subject to some caveats[1] your machines will work just fine when they access sites with working AAAA records (such as Facebook and Google).

The problem comes when your machines try and access websites which don't have AAAA records - these will just display a browser error.