This is the second installment of a series on Stripe's CTF 2014. You may wish to start from level 0.

Level 1

Level 1 proposed a crypto-currency named Gitcoin that used Git's SHA1 hashes. The player was provided with a git repository and asked to create a commit with a …

I participated in a week-long CTF hosted by Stripe in Jan 2014. This series of blog posts will cover some of the problems and their solutions.

Level 0

The first level was a breeze, and mainly served as an introduction/tutorial for participating in the CTF. We were given the …

This is a short tutorial on creating a websocket server in Ruby using James Coglan's websocket driver. The complete example is available on github.

About Websocket Driver

The websocket-driver gem decouples the websocket protocol from the I/O layer, providing drivers that handle the websocket procotol (handshakes, upgrades etc) on …

Using Pipes for Cheap IPC

A UNIX pipe is a unidirectional interprocess communication channel with a read end and a write end. You have probably used pipes in the command line. For example,

$ git ls-files | xargs grep foo

This executes both commands concurrently and creates a pipe for interprocess communication …

I read a lot of open source code in my free time to make myself a better engineer. Here are some of my notes from reading foreman's cli.rb.

Code Style - Raising Exceptions with a Bang

You might occasionally encounter code that looks like this:

def start(process=nil)
  raise …

I recently released Verbal, a ruby gem that provides a fluent DSL for creating regular expressions. It's a fork of jehna's popular VerbalExpressions javascript library. Detailed documentation and code examples are available at rubydoc.info.

To create a regular expression that matches http, https, ftp, and sftp, one can use …

GitHub imposes a rate limit on API requests, and encourages developers to use conditional requests. Here is how to do that using Peter's popular github api gem.

Method A - Faraday HTTP Cache w. ActiveSupport::Cache

This uses the faraday-http-cache gem, which takes care of expiration, etags, and response statuses.

Method …

In a recent project, I experimented with AngularJS on Rails, and managed to get Karma to work nicely with Jenkins on CloudBees. This post documents the steps I took. (Part 2 will cover e2e tests, if I get that sorted out.)

An example project is available on GitHub.

Setup

First …

I was playing around with Stripe's source code for last year's CTF, and from what I could see online, most people solved Level 4 by using XSS in the password field. But look at the following line in srv.rb:

unless username =~ /^\w+$/
  ie("Invalid username. Usernames must match /^\w …

The is the second installation of a series of posts about my deployment experiences with Enteract. Part 1 is available here.

In this post, I will focus on our use of Faraday and Upstart for some simple monitoring.

Faraday

We wanted a tool to monitor the web application and notify …