Xiol

Extend Gitlab Access Tokens

Gitlab enforced token expiry limits to 365 days last year, and the time is now upon us.

They don't have an opt-out for this, and haven't provided a way to easily extend tokens in the web interface. They have also gated their credential management interface behind their Ultimate license.

This quickly thrown together script will allow you to add an extra year to all tokens that expire in the next 30 days. It will not reactivate tokens that have already expired.

Requires the python-gitlab module. Edit your self-hosted Gitlab instance details into the script and run it. It will dump out CSVs of all expiring tokens, and then dump out a list of commands you can paste into a gitlab-rails console session to extend the expiry date by another year. If you need them to be active for longer, change 1.year.from_now to the value of your choice, e.g. `10.years.fro

thesamesam

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.

Background

sloonz

#!/usr/bin/python

import argparse
import os
import shlex
import sys
import tempfile
import yaml

config = yaml.full_load(open(os.path.expanduser("~/.config/sandbox.yml")))

DoubleYouEl

def decode(msg):
    text = ""
    for i in range(0, len(msg), 2):
        text += unrot(msg[i: i + 2], i // 2)                    # add position as extra parameter
    return text


def unrot(pair, pos, key=ord('x')):
    if pos % 2 == 0:                                            # "even" position => 2nd char is offset
        pair = pair[1] + pair[0]                                # swap letters in pair

terashim

#!/usr/bin/env bash
#
# Down all running Docker Compose projects
#

docker ps --filter "label=com.docker.compose.project" -q |\
  xargs docker inspect |\
  jq -r 'map( .Config.Labels ) |
    map({"
      project": ."com.docker.compose.project",

kiler129

iLO Remote Console

This small script lets you start iLO Java-based console from shell.

But why not HTML5?

• iLO 2/3 doesn't have HTML5 console
• Mounting local (from the client computer) ISOs is PAINFULLY slow via HTML5 client

TL;DR

If you just start it, it will ask you for everything:

jogu

ServerName foo.com

Protocols http/1.1 acme-tls/1
MDCAChallenges tls-alpn-01
MDCertificateAgreement accepted
MDomain foo.com
MDPrivateKeys RSA 4096

<VirtualHost _default_:443>
  ServerAdmin [email protected]

cooldil

import requests, pickle
from datetime import datetime
import json, pytz
import pandas as pd
from influxdb import DataFrameClient

# Set "static" variables
login_url = "https://monitoring.solaredge.com/solaredge-apigw/api/login"
panels_url = "https://monitoring.solaredge.com/solaredge-web/p/playbackData"
DAILY_DATA = "4"

leucos

package main

import (
	"fmt"
	"os"
)

func main() {
	if len(os.Args) != 2 {
		fmt.Println("usage: spamcause gggruggvucft...")

ishad0w

deb http://deb.debian.org/debian buster main contrib non-free
deb-src http://deb.debian.org/debian buster main contrib non-free

deb http://deb.debian.org/debian buster-updates main contrib non-free
deb-src http://deb.debian.org/debian buster-updates main contrib non-free

deb http://security.debian.org/debian-security/ buster/updates main contrib non-free
deb-src http://security.debian.org/debian-security/ buster/updates main contrib non-free