Skip to content

Instantly share code, notes, and snippets.

View aarcro's full-sized avatar

Aaron McMillin aarcro

21 followers · 10 following
View GitHub Profile
@aarcro
aarcro / AA-Third-try.md
Last active June 26, 2025 21:12

Using HashiCorp Vault Certificate Authentication with Kafka Connect via CSID Secrets Provider

Overview

This guide shows how to configure the CSID Secrets Provider for Vault to authenticate Kafka Connect to Vault using TLS client certificate authentication, using PEM-encoded files (no Java keystores).

We also explore a possible bug or major oversight in the current implementation that may prevent cert-based auth from working at all.

How It Should Work

@aarcro
aarcro / Arc-agent.md
Last active June 25, 2025 14:23

The Azure Arc agent itself does not allow arbitrary lateral movement or full remote control over on-prem hosts from the cloud—but it can be a control path, depending on how it’s configured.

What it can do:

Once a machine is onboarded with Azure Arc, Azure services can be applied to it from the cloud, including:

  • Policy enforcement (e.g. password policies, required services)
  • Install/update software via Guest Configuration
  • Run scripts via Custom Script Extension
  • Enable Defender for Endpoint or other security tools
  • Collect logs and metrics via Log Analytics
@aarcro
aarcro / f5-certs.md
Created June 20, 2025 15:07

To prevent an F5 BIG-IP device from stripping client certificates from requests, you typically need to ensure that:

  1. SSL Termination Settings

If your F5 is terminating SSL (which it usually does by default), the client certificate is only visible to the F5 and won’t be passed to the backend server unless you explicitly forward it. • Check if SSL Profile (Client) has “Client Certificate” set to request or require. • Use an iRule or HTTP header injection to pass client cert info to the backend.

@aarcro
aarcro / keybase.md
Created May 18, 2021 05:28

Keybase proof

I hereby claim:

  • I am aarcro on github.
  • I am luckidog (https://keybase.io/luckidog) on keybase.
  • I have a public key whose fingerprint is 8AA4 D727 7E6E 7531 284F 2D06 3F8F F46F D8F2 70B3

To claim this, I am signing this object:

@aarcro
aarcro / 41427.txt
Created December 11, 2016 05:10
@0
@1
LOOP:
MOV UP ACC
MOV ACC RIGHT
MOV ACC DOWN
@2
@aarcro
aarcro / 22280.txt
Created December 10, 2016 06:52
More clever than fast
@0
## FASTER
@1
MOV RIGHT, DOWN
MOV UP, ACC
MOV ACC, RIGHT
MOV ACC, DOWN
@2
@aarcro
aarcro / VersionOne Stories.md
Last active April 7, 2016 13:31
open solr issues for comment

#B-14918 [solr] Logging and/or metrics around searcher warming times

Since overlapping searcher is a know issue causing cluster instability, we should start logging how long cache warming is taking. Ideally there's a logging config that can enable this, less ideally a script that loads polls for stats and loads into graphite.

Actually... I just found this in New Relic. But it's only Averaged (over time) and Agrregated (Over all the hosts), I'm not terribly certain it will help pin point bad behavior, but is good for an overall view. Transaction traces do show some outliers.

============== #B-15039 [Spike] Determine how to log Solr Queries to analyze run-away queries

We are not able to analyze the querie

@aarcro
aarcro / danger.py
Created August 21, 2014 14:34
try:
something.dangerous()
except Exception as e:
type_, value, tb = sys.exc_info()
traceback.print_exc()
pdb.post_mortem(tb)