Skip to content

Instantly share code, notes, and snippets.

@ageis
ageis / systemd_service_hardening.md
Last active November 15, 2024 09:28
Options for hardening systemd service units

security and hardening options for systemd service units

A common and reliable pattern in service unit files is thus:

NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
@JPvRiel
JPvRiel / ubunut_network_manager_docker_dns_workaround.md
Last active July 18, 2022 23:09
Ubuntu, NetworkManager and Docker DNS workaround

Docker issues are frequently logged for DNS resolution in containers because it doens't inhert or get values for DNS from NetworkManager which leverages a built in dnsmasq to inteligently manage DNS.

Perminant workarround

sudo bash -c "echo listen-address=$(ip -4 addr show dev docker0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}') > /etc/NetworkManager/dnsmasq.d/docker-bridge"
sudo systemctl reload NetworkManager
sudo bash -c 'echo -e "{\n\t\"dns\": [\"$(ip -4 addr show dev docker0 | grep -oP "(?<=inet\s)\d+(\.\d+){3}")\"]\n}" > /etc/docker/daemon.json'
sudo systemctl restart docker
@nicoulaj
nicoulaj / test-master.sh
Created June 2, 2016 14:54
SGE -notify and -inherit
#!/bin/bash
# Trap signals
for signal in HUP INT QUIT ABRT KILL SEGV USR1 USR2 TERM; do
trap "echo 'master : Received signal ${signal}...'" ${signal}
done
# Submit slaves
slave_id=0; while read host slots queue procs; do
for slot in $(seq $slots); do
import java.io.File;
import java.io.IOException;
import java.io.RandomAccessFile;
import java.nio.channels.FileLock;
import java.nio.channels.OverlappingFileLockException;
import static com.google.common.base.Preconditions.checkNotNull;
public class FileSystemLock {
private final File lockFile;
@ypetya
ypetya / loadJMXAgent.java
Last active September 2, 2016 16:15
Starting up jmx remote agent on a specified port in case it was not started by the JVM. (No jmxremote jvm arg specified on startup )
public static String loadJMXAgent(int port) throws IOException,
AttachNotSupportedException, AgentLoadException,
AgentInitializationException {
String name = ManagementFactory.getRuntimeMXBean().getName();
VirtualMachine vm = VirtualMachine.attach(name.substring(0,
name.indexOf('@')));
String lca = vm.getAgentProperties().getProperty(
"com.sun.management.jmxremote.localConnectorAddress");
if (lca == null) {
@headius
headius / ffi-jep.md
Last active January 26, 2016 00:57
JDK Enhancement Proposal: FFI

Title: Foreign Function Interface Author: Charles Oliver Nutter Organization: Red Hat Owner: Charles Oliver Nutter Created: 2014/01/28 Type: Feature State: Draft Exposure: Open Component: --/-- Scope: JDK

@neomatrix369
neomatrix369 / PerformanceRelated.md
Last active November 3, 2023 20:27
Interesting links in the areas of HPC, low latency, mechanical harmony/sympathy, garbage collection
@preshing
preshing / sort1mb.cpp
Created October 25, 2012 11:28
Sort one million 8-digit numbers in 1MB RAM
#include <stdio.h>
#include <stdlib.h>
#include <assert.h>
typedef unsigned int u32;
typedef unsigned long long u64;
//-------------------------------------------------------------------------
// WorkArea
//-------------------------------------------------------------------------
@agnoster
agnoster / README.md
Last active September 25, 2024 09:27
My ZSH Theme

agnoster.zsh-theme

A ZSH theme optimized for people who use:

  • Solarized
  • Git
  • Unicode-compatible fonts and terminals (I use iTerm2 + Menlo)

For Mac users, I highly recommend iTerm 2 + Solarized Dark

@piscisaureus
piscisaureus / pr.md
Created August 13, 2012 16:12
Checkout github pull requests locally

Locate the section for your github remote in the .git/config file. It looks like this:

[remote "origin"]
	fetch = +refs/heads/*:refs/remotes/origin/*
	url = [email protected]:joyent/node.git

Now add the line fetch = +refs/pull/*/head:refs/remotes/origin/pr/* to this section. Obviously, change the github url to match your project's URL. It ends up looking like this: