Skip to content

Instantly share code, notes, and snippets.

View Shonke's full-sized avatar
😗
I may be slow to respond.

xiaoke Shonke

😗
I may be slow to respond.
View GitHub Profile
# Load the contents of the receipt file
receipt_file = open('./receipt_data.bin', 'rb').read()
# Use asn1crypto's cms definitions to parse the PKCS#7 format
from asn1crypto.cms import ContentInfo
pkcs_container = ContentInfo.load(receipt_file)
# Extract the certificates, signature, and receipt_data
certificates = pkcs_container['content']['certificates']
signer_info = pkcs_container['content']['signer_infos'][0]
@Luzifer
Luzifer / README.md
Last active March 31, 2025 18:54
Running docker-compose as a systemd service

Running docker-compose as a systemd service

Files

File Purpose
/etc/compose/docker-compose.yml Compose file describing what to deploy
/etc/systemd/system/docker-compose-reload.service Executing unit to trigger reload on docker-compose.service
/etc/systemd/system/docker-compose-reload.timer Timer unit to plan the reloads
/etc/systemd/system/docker-compose.service Service unit to start and manage docker compose
@mustafaturan
mustafaturan / network-tweak.md
Last active June 17, 2025 21:44
Linux Network Tweak for 2 million web socket connections

Sample config for 2 million web socket connection

    sysctl -w fs.file-max=12000500
    sysctl -w fs.nr_open=20000500
    # Set the maximum number of open file descriptors
    ulimit -n 20000000

    # Set the memory size for TCP with minimum, default and maximum thresholds 
 sysctl -w net.ipv4.tcp_mem='10000000 10000000 10000000'
@ageis
ageis / systemd_service_hardening.md
Last active July 5, 2025 21:37
Options for hardening systemd service units

security and hardening options for systemd service units

A common and reliable pattern in service unit files is thus:

NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict

systemd containers

Assumptions

This how-to uses mybox as container name, mkosi in order to create containers (it works for multiple distributions and has more features compared to dnf --installroot), and crudini for configurations file (you can use your preferred text editor instead).

How to create a container with mkosi

# mkosi --cache /var/cache/mkosi -d fedora -t directory -o /var/lib/machines/mybox
@staltz
staltz / music.md
Last active November 23, 2024 22:31
coding music

Not for everyone. Each programmer has their own appreciation of what is good coding music.

For when I need to think deep, debug something, or design

(From most influential to least)

@bom-d-van
bom-d-van / mysql-tcpdump.sh
Last active May 13, 2025 20:17
tcpdump advanced filters
# https://www.percona.com/blog/2008/11/07/poor-mans-query-logging/
tcpdump -i eth0 -s 0 -l -w - dst port 3306 | strings | perl -e '
while(<>) { chomp; next if /^[^ ]+[ ]*$/;
if(/^(SELECT|UPDATE|DELETE|INSERT|SET|COMMIT|ROLLBACK|CREATE|DROP|ALTER)/i) {
if (defined $q) { print "$q\n"; }
$q=$_;
} else {
$_ =~ s/^[ \t]+//; $q.=" $_";
}
@dpino
dpino / ns-ipv6-no-nat.sh
Created April 29, 2016 22:19
Create Network Namespace with IPv6 connectivity via Hurricane Electric tunnel (no NAT66 needed)
#!/usr/bin/env bash
set -x
if [[ $EUID -ne 0 ]]; then
echo "You must run this script as root."
exit 1
fi
# Fill up IPv6 addresses for the veth pair. Addresses must belong to the
@ryerh
ryerh / tmux-cheatsheet.markdown
Last active July 14, 2025 18:49 — forked from MohamedAlaa/tmux-cheatsheet.markdown
Tmux 快捷键 & 速查表 & 简明教程

注意:本文内容适用于 Tmux 2.3 及以上的版本,但是绝大部分的特性低版本也都适用,鼠标支持、VI 模式、插件管理在低版本可能会与本文不兼容。

Tmux 快捷键 & 速查表 & 简明教程

启动新会话:

tmux [new -s 会话名 -n 窗口名]

恢复会话: