- Get latest CA certificates from Mozilla: https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReportPEMCSV
- Extract PEM format certificates from CSV, using this tool I wrote: https://github.com/inntran/RubyPowerTools/blob/master/bin/csv or DIY
./csv IncludedCACertificateWithPEMReport.csv "PEM Info" > moz-cert-$(date +%Y%m%d).crt - Upload/Copy generated bundle certificate file to RouterOS
- Import using command
/certificate import file-name=moz-cert-20180101.crt, should replace 20180101 with actual filename.
Yinchuan Song inntran
inntran
/ ruby_upgrade.sh
Created
December 18, 2012 05:08
Upgrade Ruby on AWS instances. Applied falcon patch. Root required.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| export PATH=/usr/local/bin:$PATH | |
| RUBY_VER="1.9.3-p327" | |
| NGINX_VER="1.2.6" | |
| # 1. Create archive of /usr/local | |
| tar --transform='s,usr/local/,,' -cvf /root/ruby_old_pack.tar /usr/local | |
| # 2. Delete contents in /usr/local | |
| rm -rf /usr/local/* |
inntran
/ DisplayVendorID-1e6d.xml
Created
June 10, 2017 07:45
LG 27EA83 computer monitor EDID for newer Macs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <!-- Location: /System/Library/Displays/Contents/Resources/Overrides/DisplayVendorID-1e6d/ ,remove .xml from filename --> | |
| <!-- Need to use csrutil to disable before copying this file to desination.--> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>DisplayProductName</key> | |
| <string>27EA83 - forced RGB mode (EDID override)</string> | |
| <key>IODisplayEDID</key> | |
| <data>AP///////wAebXlZAQEBATAWAQSlPCJ4hh3xrk81syUNUFSlS4BxT4GAgY+p |
inntran
/ routeros-install-moz-root-ca.md
Created
January 4, 2018 18:13
Install latest Mozilla trusted CA certificates on Mikrotik RouterOS
inntran
/ dhcpv6-he.net-ddns-https.md
Created
January 4, 2018 19:48
Cable provider's IPv6 address DDNS update for HE.net DNS service over HTTPS
Official documentation on HE.net DDNS, you have to logout or open another browser session to check it out: https://dns.he.net
- Check "Enable entry for dynamic dns" checkbox for the domain record you want to enable DDNS on.
- Click the
in DDNS column of your domain record table.
- Generate a new DDNS key, keep a record of it somewhere(you won't be able to retrieve it again from this interface). Save.
inntran
/ cisco-trustpool-import-bundle.md
Last active
February 8, 2025 19:33
Trusted ROOT certificates for HTTPS client on Cisco IOS 15 M&T
If you ever need to access HTTPS site from a Cisco router running IOS, whether it's the copy command or TR-069 client or DDNS HTTP client, the request won't go through, because the SSL/TLS certificate (chain) provided by the server cannot be validated.
Setup trustpool policy
crypto pki trustpool policy
cabundle url http://www.cisco.com/security/pki/trs/ios.p7b
chain-validation
inntran
/ vzw-lte-ipv6-prefix-translation.md
Last active
March 18, 2025 07:46
To configure IPv6 NPTv6 on Linux to allow more hosts behind Verizon Wireless LTE IPv6 single /64 prefix
Verizon Wireless assigns you ONE IPv4 address and ONE /64 IPv6 prefix for their cellular service, and VZW would reset your datalink once they received 1 packet with an illegal source address.
We have NAT for IP but for IPv6 we would like to avoid address translation to get some kind of end-to-end communication.
NPTv6, defined in RFC6296, would help us to do stateless prefix translation for IPv6.
inntran
/ autounattend.xml
Last active
October 3, 2024 19:08
Windows 11 24h2 Clean Setup, sponsored apps will not be installed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8"?> | |
| <unattend xmlns="urn:schemas-microsoft-com:unattend"> | |
| <servicing></servicing> | |
| <settings pass="windowsPE"> | |
| <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> | |
| <DiskConfiguration> | |
| <WillShowUI>OnError</WillShowUI> | |
| <Disk wcm:action="add"> | |
| <CreatePartitions> | |
| <CreatePartition wcm:action="add"> |
inntran
/ copy-spotlight-pics.sh
Created
July 25, 2018 02:21
Copy Windows spotlight wallpapers to a folder in C/D/E drive
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Steps | |
| # 1. Install Linux subsystem | |
| # 2. Install a Linux distro in Windows 10, e.g. Ubuntu | |
| # 3. Create a symbolic link to your ContentDeliveryManager Assets directory | |
| # yourname@YOURMACHINE:~$ ln -s /mnt/c/Users/_YOUR_WINDOWS_USERNAME_/AppData/Local/Packages/Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy/LocalState/Assets spotlight-assets | |
| # 4. Create a directory in your D drive, named "SpotlightPhotos" | |
| # 5. Run this script from your home directory |
inntran
/ qla2xxx-reenable-ol8.md
Created
November 21, 2020 14:16
Enable qla2xxx Linux target support on Oracle Linux 8
The RHEL8 offcial kernel and Oracle RHCK kernel have removed FC target support of QLogic HBAs.
But Oracle's UEK kernel still has relevant kernel modules.
Userland tools like targetcli depends on python3-rtslib, qla2xxx support is implemented but commented out.
Commands below would unmask qla2xxx support, so it will show up in targetcli's ls output.
sed -i s'/^# "qla2xxx"/ "qla2xxx"/' /usr/lib/python3.6/site-packages/rtslib/fabric.py
sed -i s'/^# "qla2xxx"/ "qla2xxx"/' /usr/lib/python3.6/site-packages/rtslib_fb/fabric.py
inntran
/ gist:249dea7a8ea097bc76605e2e29667aa6
Created
September 18, 2021 19:33
Enable OpenSCAP security profiles for CentOS Stream 8 installer
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # I'm facing similar issue like [1] and [2], | |
| # as of today (2021-09-18) CentOS Stream 8 installer does not list any OpenSCAP backed "Security Profile". | |
| # By reading source code at [3] and [4], I figured out a way to make CentOS Stream 8 to read and use CentOS 8 and RHEL 8 security profiles. | |
| #################################################### WARNING ########################################################## | |
| # CentOS 8 or CentOS Stream 8 are not certified with RHEL 8 profiles, you may not get them through compliance audits. # | |
| # Use this at your own risk. # | |
| ####################################################################################################################### | |
| # Step 1, at the language selection page, don't click next, but switch to a virtual console, type the 2 commands below |
OlderNewer