Skip to content

Instantly share code, notes, and snippets.

@mitchellh
mitchellh / merge_vs_rebase_vs_squash.md
Last active November 11, 2024 17:07
Merge vs. Rebase vs. Squash

I get asked pretty regularly what my opinion is on merge commits vs rebasing vs squashing. I've typed up this response so many times that I've decided to just put it in a gist so I can reference it whenever it comes up again.

I use merge, squash, rebase all situationally. I believe they all have their merits but their usage depends on the context. I think anyone who says any particular strategy is the right answer 100% of the time is wrong, but I think there is considerable acceptable leeway in when you use each. What follows is my personal and professional opinion:

@gmurdocca
gmurdocca / socat_caesar_dpi.md
Last active June 28, 2024 15:53
Circumventing Deep Packet Inspection with Socat and rot13

Circumventing Deep Packet Inspection with Socat and rot13

I have a Linux virtual machine inside a customer's private network. For security, this VM is reachable only via VPN + Citrix + Windows + a Windows SSH client (eg PuTTY). I am tasked to ensure this Citrix design is secure, and users can not access their Linux VM's or other resources on the internal private network in any way outside of using Citrix.

The VM can access the internet. This task should be easy. The VM's internet gateway allows it to connect anywhere on the internet to TCP ports 80, 443, and 8090 only. Connecting to an internet bastion box on one of these ports works and I can send and receive clear text data using netcat. I plan to use good old SSH, listening on tcp/8090 on the bastion, with a reverse port forward configured to expose sshd on the VM to the public, to show their Citrix gateway can be circumvented.

Rejected by Deep Packet Inspection

I hit an immediate snag. The moment I try to establish an SSH or SSL connection over o

@neilmayhew
neilmayhew / Identity-HowTo.md
Created December 16, 2021 18:26
Configuring git to use a different GitHub/GitLab identity for some projects

Using a different GitHub/GitLab account for some projects

If you're working on a project that requires you to use a separate account on GitHub/GitLab, it can be a bit tricky to set up. Your ssh key identifies you uniquely, so you can't use the same key for two different accounts. However, git doesn't have a simple way for you to configure an ssh key for a repo or a group of repos. You have to do it by creating an alias for the host name and associating a different key with that host name. Here's one way to do it.

Note: Replace all instances of something with the project or client name.

Create a new ssh key

ssh-keygen -f ~/.ssh/id_rsa-something [other-options]
<?
# MIT license, do whatever you want with it
#
# This is my invoice.php page which I use to make invoices that customers want,
# with their address on it and which are easily printable. I love Stripe but
# their invoices and receipts were too wild for my customers on Remote OK
#
require_once(__DIR__.'/../vendor/autoload.php');
@gullyn
gullyn / flappy.html
Last active May 4, 2024 15:35
Flappy bird in 205 bytes (improved!)
<body onload=z=c.getContext`2d`,setInterval(`c.width=W=150,Y<W&&P<Y&Y<P+E|9<p?z.fillText(S++${Y=`,9,9|z.fillRect(p`}*0,Y-=--M${Y+Y},P+E,9,W),P))):p=M=Y=S=6,p=p-6||(P=S%E,W)`,E=49) onclick=M=9><canvas id=c>
@Justintime50
Justintime50 / ssh-agent-in-crontab.md
Last active October 4, 2024 05:31
Use Your SSH Agent in a Crontab

Use Your SSH Agent in a Crontab

Getting access to SSH inside a Crontab is often a problem for many as the environment in which your cron runs is not the same as your normal shell. Simply running ssh-add will not allow you to use your SSH Agent inside your crontab. Follow the below guide to setup your crontab to use your ssh-agent:

Usage

  1. Install Keychain.
  2. Add the following to your ~/.zlogin file which will be invoked on each login. This will allow your crontab (and normal shell) to use your ssh keys and bypass needing to punch in your password each time you need SSH. This will also span across multiple sessions and shells.
@FBosler
FBosler / retry.py
Last active March 19, 2022 23:50
retry.py
#Copyright 2021 Fabian Bosler
# Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation
# files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom
# the Software is furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in all copies or substantial portions of the
# Software.
@AndrewLipscomb
AndrewLipscomb / README.md
Created March 24, 2020 11:06
How to set up static nspawn IP address networking without a bridge

How to set up static nspawn IP address networking without a bridge

Note - this article assumes you have reasonable familiarity with systemd, networkd and nspawn/machinectl

What is this guide for

There seem to be a lot of references on the internet for nspawn networking with a bridge - but not on simply using the stock veth networking with static addresses. The default behaviour of nspawn (as of 24/03/20 and systemd:245 on Arch) is to:

  • Make a virtual ethernet port on the host (defined by /lib/systemd/network/80-container-ve.network)
  • Make a virtual ethernet port in the container (defined by /lib/systemd/network/80-container-host0.network)
  • Based on those configurations, serve the host port a random IP from the local network ranges with a 28 bit subnet, and a DHCP server for the host port serves a random IP in the subnet to the container
@alexellis
alexellis / inlets-kind.md
Last active January 19, 2021 07:19
Expose Kubernetes ClusterIP services with inlets.dev

KinD with inlets.dev

Expose Kubernetes ClusterIP services with inlets.dev

Get KinD:

# Linux

sudo curl -Lo /usr/local/bin/kind \
@Yloganathan
Yloganathan / get-aws-creds.sh
Created May 12, 2019 05:23
Extended https://github.com/sweharris/aws-cli-mfa/blob/master/get-aws-creds and pushed the token, access key and Id to credentials
#!/bin/bash
# This uses MFA devices to get temporary (eg 12 hour) credentials. Requires
# a TTY for user input.
#
# GPL 2 or higher
if [ ! -t 0 ]
then
echo Must be on a tty >&2