tam7t

developer things and stuff

  • Home
  • Github
  • Twitter
drinks

Tequila Screwdriver

I had some leftover orange juice from my Sunday morning mimosas and an almost empty bottle of tequila - so I made something that wasn't terrible. 2 oz tequila 2 oz orange juice

  • Tommy Murphy
    Tommy Murphy
1 min read
tls

Key pinning in Golang

Key pinning is a technique that can protect clients from rogue or compromised certificate authorities [1, 2, 3]. If you have control over the client and the server, you can bake the server's

  • Tommy Murphy
    Tommy Murphy
2 min read
github

keybase and github commits

Now that Github visualizes signed commit, I wanted to start using my keybase pgp key to sign commits. Unfortunately my keybase key had a single uid of tam7t@keybase.io which is not

  • Tommy Murphy
    Tommy Murphy
2 min read
security

SSH keys on a yubikey

There is something oddly satisfying about having my private ssh keys only on a hardware device where they cannot be directly accessed. For the past 6 months I've been using a yubikey for

  • Tommy Murphy
    Tommy Murphy
2 min read
tls

MailChimp Information Disclosure

Earlier this year I was working on a MailChimp integration for my "Real Job" and spent the evening poking around their application. I found a few small things that, when combined,

  • Tommy Murphy
    Tommy Murphy
2 min read
drinks

Cucumber Mint Margarita

The warm weather this weekend in New York City put me in the mood for margaritas. This, combined with the 5 hours of pre-Kentucky Derby coverage, inspired me to make a mint version

  • Tommy Murphy
    Tommy Murphy
1 min read
security

Vimeo account takeover

A while back I was playing around with the OAuth2 spec and discovered a flaw in how Vimeo associates Facebook accounts. Their Facebook connect callback URL was vulnerable to a Cross Site Request

  • Tommy Murphy
    Tommy Murphy
1 min read
golang

Golang range and pointers

I've encountered bugs using pointers inside a range loop twice in the past few weeks. It seems like an easy/common mistake that is worth sharing. an example In this example a producer

  • Tommy Murphy
    Tommy Murphy
2 min read
rails

Rails autoload and eager load paths

How rails finds and loads classes when using autoload_paths and eager_load_paths can be pretty confusing. This post is the best that I've read on the topic, but there are a

  • Tommy Murphy
    Tommy Murphy
1 min read
homebrew

Keeping my brews up-to-date

Here's how I ensure my homebrew packages are the latest and greatest! First I setup a crontab for my user: ~ $ crontab -e I then add this line to update the brew database every

  • Tommy Murphy
    Tommy Murphy
1 min read

Organizing My Day

I started a new job in August and am using the following method to get things done. Each day I create a new text file on my computer with the following template: 1

  • Tommy Murphy
    Tommy Murphy
1 min read
ssl

Securing ruby SSL connections

By default, ruby uses OpenSSL settings that leave you open to insecure cipher combinations when making HTTPS requests. I wrote the following gist to document my attempt to secure HTTP requests from a

  • Tommy Murphy
    Tommy Murphy
1 min read
tls

nginx self signed cert

Create your self-signed certificate: openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 3650 -nodes Configure your nginx: server { listen 443 ssl; listen [::]:443 ssl ipv6only=on; # Diffie-Hellman parameter

  • Tommy Murphy
    Tommy Murphy
1 min read
ssl

Heartbleeding an OpenVPN server

Everyone has been atwitter lately over the heartbleed bug which motivated me to look into what lesser known implementations of OpenSSL might be vulnerable. My ddwrt home router seemed like a good choice

  • Tommy Murphy
    Tommy Murphy
1 min read
tam7t © 2019
Latest Posts Ghost