Netbox SSO with Okta, Vouch and Nginx
Matt Mercer cheeseprocedure
Jamesits
/ debian-bullseye-cloud-image-build.sh
Last active
February 3, 2023 01:57
Build a new Debian bullseye image which works around the problem that when cloud-init is fed a static IPv6 config, ifup/ifdown will fail
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -Eeuo pipefail | |
| # Build a new Debian bullseye image which works around the problem that | |
| # when cloud-init is fed a static IPv6 config, ifup/ifdown will fail with: | |
| # "/etc/network/if-pre-up.d/cloud_inet6: 12: IF_TRY_DHCP: parameter not set" | |
| # | |
| # Requirements: | |
| # - wget | |
| # - qemu-utils |
roycewilliams
/ clientside-software-update-verification-failures.md
Last active
August 6, 2024 01:51
Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS).
Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS).
Contributions welcome. All text taken from the vulnerability descriptions themselves, with additional emphasis mine.
- I consider exploitation or privilege escalation of the package tool/system itself (that would have been mitigated by secure transport) to be in scope.
- Issues only described as being triggered by malicious mirrors are assumed to also be vulnerable to MITM.
- Failure to verify the software update at all is currently provisionally in scope if it could have been mitigated by secure transport, but I'm waffling about it. Most of these are actual signature verification failures, and my original purpose was to highlight cases where claims of "It's OK to be HTTP because verification!" seem to me to be specious.
- Software components regularly used to verify integrity in other software pipelines a
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| eval `go build -work -a 2>&1` && find $WORK -type f -name "*.a" | xargs -I{} du -hxs "{}" | gsort -rh | sed -e s:${WORK}/::g |
BaseCase
/ dc_2017_biblio.md
Last active
January 23, 2020 05:13
List of resources recommended or mentioned by the speakers at Deconstruct 2017
Here are all of the resources mentioned by Deconstruct 2017 speakers, along with who recommended what. Please post a comment if I missed something or have an error!
- Seeing Like a State by James Scott
- Public Opinion by Walter Lippmann (Evan Czaplicki)
- A Pattern Language by Christopher Alexander (Brian Marick)
- Domain Driven Design by Eric Evans (Brian Marick)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/boot/bzImage | |
| # Linux kernel userspace initialization code, translated to bash | |
| # (Minus floppy disk handling, because seriously, it's 2017.) | |
| # Not 100% accurate, but gives you a good idea of how kernel init works | |
| # GPLv2, Copyright 2017 Hector Martin <[email protected]> | |
| # Based on Linux 4.10-rc2. | |
| # Note: pretend chroot is a builtin and affects the current process | |
| # Note: kernel actually uses major/minor device numbers instead of device name |
atoponce
/ gist:07d8d4c833873be2f68c34f9afc5a78a
Last active
April 25, 2025 13:56
— forked from tqbf/gist:be58d2d39690c3b366ad
Cryptographic Best Practices
Putting cryptographic primitives together is a lot like putting a jigsaw puzzle together, where all the pieces are cut exactly the same way, but there is only one correct solution. Thankfully, there are some projects out there that are working hard to make sure developers are getting it right.
The following advice comes from years of research from leading security researchers, developers, and cryptographers. This Gist was [forked from Thomas Ptacek's Gist][1] to be more readable. Additions have been added from
cloud-init is absolute cancer. Its code is horrible. It has no documentation at all.
It took me 5 fucking hours to figure out how to properly configure networking on recent
cloud-init (Ubuntu 16.04 cloud image) with local datasource.
It's not mentioned anywhere you need to provide dsmode: local. (but only if you need network-config,
besides that everything is fine; someone below noted that -m flag does the same thing, good to know) Of course nobody needs documentation for network-config format
either. (cloudinit/net/__init__.py is a protip, enjoy the feces dive)
Oh, and by the way - no, it's not possible to provide network-config to uvt-kvm without patching shit.
mikehwang
/ jq-profilejsonschema.md
Last active
March 9, 2025 12:14
Use jq to profile the schema of a given JSON object or an array of JSONs objects
Using jq is great for examining JSON objects. You can extend its functionality with custom methods. The following is useful to understand at a high level the structure of arbitrary JSONs which is useful when trying to understand new data sources.
Requires jq verison 1.5.
Add the following method to your ~/.jq:
NewerOlder