Skip to content

Instantly share code, notes, and snippets.

View ebirn's full-sized avatar

Erich B ebirn

51 followers · 51 following
View GitHub Profile
@arianvp
arianvp / SSH_MACOS_SECURE_ENCLAVES.md
Last active April 1, 2026 04:38
Native Secure Enclaved backed ssh keys on MacOS

Native Secure Enclave backed ssh keys on MacOS

It turns out that MacOS Tahoe can generate and use secure-enclave backed SSH keys! This replaces projects like https://github.com/maxgoedjen/secretive

There is a shared library /usr/lib/ssh-keychain.dylib that traditionally has been used to add smartcard support to ssh by implementing PKCS11Provider interface. However since recently it also implements SecurityKeyProivder which supports loading keys directly from the secure enclave! SecurityKeyProvider is what is normally used to talk to FIDO2 devices (e.g. libfido2 can be used to talk to your Yubikey). However you can now use it to talk to your Secure Enclave instead!

@jauderho
jauderho / gist:5f73f16cac28669e56608be14c41006c
Last active March 21, 2026 02:10
HOWTO: Upgrade Raspberry Pi OS from Bookworm to Trixie
### WARNING: READ CAREFULLY BEFORE ATTEMPTING ###
#
# Officially, this is not recommended. YMMV
# https://www.raspberrypi.com/news/bookworm-the-new-version-of-raspberry-pi-os/
#
# This mostly works if you are on 64bit. You are on your own if you are on 32bit or mixed 64/32bit
#
# Credit to anfractuosity and fgimenezm for figuring out additional details for kernels
#
@kmille
kmille / How to use a TPM on Linux.md
Last active February 13, 2026 08:04
How to use a TPM on Linux

This is part of a blog post I wrote: https://debugging.works/blog/tpm-explained/

How to use a TPM on Linux

Prerequisites

  • I use it on Arch Linux (systemd 257.3-1)
  • Install dependency: yay tpm2-tools (5.7-1)

Do I have a TPM 2.0?

@BertanT
BertanT / guide_macskeyinstaller.md
Last active March 30, 2026 20:25
macOS OpenSSH Client Patcher for Hardware Security Key Support (ED25519-SK With YubiKey Etc.)

🔐 macOS OpenSSH Patcher for Hardware Security Keys

Supports ED25519-SK with Yubikey and other FIDO2 hardware security keys!

🤔 Discussion

Despite being compiled to support hardware security keys that take advantage of the FIDO2 protocol, the built-in OpenSSH client on macOS Sonoma and above lacks the middleware/library to support these devices. To keep using the built-in client - which is often the most stable and secure method for SSH connections - we need to compile the Security Key Provider from OpenSSH source and tell the macOS client about it ourselves.

This script does all of that for you on both Apple Silicon and Intel Mac computers!

The script installs openssl and libfido2 along with the required build tools from Homebrew. It then clones the latest main branch of OpenSSH Portable and builds from it the Security Key Provider library: sk-libfido2.dylib. It finally moves the built library to /usr/local/lib/, modifies ~/.zshenv to expor

@thesamesam
thesamesam / xz-backdoor.md
Last active March 9, 2026 22:51
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.

Background

@thelastlin
thelastlin / libsk-libfido2_BUILD_FROM_OPENSSH.md
Last active March 2, 2026 22:27
Build libsk-libfido2.so from OpenSSH-portable

Tested on macOS Sonoma Developer beta 2 (23A5276g)

Build libsk-libfido2.so

Prerequisite

  1. Download openssh-portable source code, install libcrypto, libfido2;
  2. Configure openssh-portable build system by ./configure # [options].

Apply patch

@JVital2013
JVital2013 / How-To-Hand-Track-Polar-Orbiting-Satellites.md
Last active March 10, 2026 03:20
How to Hand-Track Polar-orbiting satellites

How to Hand-Track Polar-Orbiting Weather Satellites

This is how I hand-track polar-orbiting weather satellites using an old equatorial mount telescope tripod and a 1.7 GHz grid dish. This may not be the best way to do it, and other ideas are welcome!

If you're unfamiliar with HRPT reception, this is not the right place to learn about it. Head over to https://sgcderek.github.io/blog/beginner-hrpt-guide.html for that. This write-up only focuses on hand-tracking to record a baseband.

Hardware Required

The crux of the "tracking" design is the equatorial mount. These are not cheap to buy new, it's destructive to mount a dish to it, and the mount is not used the way it's designed - but for my needs, it works! I had an old one from the early 1990s lying around, so it was convenient and essentially free. Of course, you can use another mount - but you'll need to ask for someone else's opinion on how that works since equatorial is all I know 😄.

@Paraphraser
Paraphraser / Checking your Raspberry Pi's view of its power supply.md
Last active March 30, 2026 11:06
Checking your Raspberry Pi's view of its power supply (sometimes it's not the wall-wart)

Checking your Raspberry Pi's view of its power supply

Sometimes it seems like the first (and sometimes only) advice you get offered for almost any problem with a Raspberry Pi is "check your power supply". You think something like:

"hey, I'm using an official power supply sold as being matched with my Pi so how can there be any problem?"

You look up the specs then stick a controlled load across your supply and confirm that it can deliver the required number of Watts.

Yet your problems persist…

@HosseyNJF
HosseyNJF / DELETE_DATA_FROM_PROMETHEUS.md
Last active September 29, 2025 09:16
Delete data from exported time-series from Prometheus / VictoriaMetrics in a time range.

Usage

Note that the response cache must be deleted after these steps in order to remove previously cached results - see more details here.

@darwin
darwin / readme.md
Last active January 15, 2026 20:19
APFS Container cloning/replicating under Catalina (with a bootable system)

Today I wanted to move existing APFS-resident macOS Catalina installation to a new disk. I upgraded my late 2014 Mac Mini with a shiny new 1TB SSD. This took way too many hours of my life I will never get back. Hope this saves some time to you.

Good news:

  1. it is possible to create a DMG image from existing APFS container with macOS Catalina installation including metadata needed for complete restore (the DMG contains OS, OS Data, Preboot, Recovery and VM volumes)
  2. it is possible to restore this DMG image into empty APFS container and get a bootable copy of the original system

This information is relevant for Catalina (I'm currently running macOS 10.15.1).