Filip Sobalski pinkeen

Run a systemd container using cgroupv2 [NOTES]

Post on r/docker

In theory this would allow the nested systemd init to manage its own resources via slices and scopes - kind of like with LXC's nested mode but without the nasty security implication of bind mounting the real cgroupfs into the container.

Running a systemd container is not the only thing that this would enable - together with fuse-overlayfs it might allow one to run containers inside containers more securely.

The problem is that by default the nested group is mounted ro into the container which should not be necessary according to my research. It gets mounted rw as expected when userns-remap is enabled in Docker what is not desirable for me. I am not sure if docker/moby/containerd is at fault here or if it's a limitation of Linux control groups or user namespaces. It would be great if som

Poor Man's VPN over SSH

If you have ssh then you can setup a "bridge" to any external network or server in minutes.

This doesn't replace standard VPN solutions, but it has the advantage of being really simple and fast and will serve a lot of use-cases.

Drawbacks

Ubiquity EdgeRouter - Personal Cheat Sheet and Improvements

Computational Solid Modeling Language - IDEA

Lets kickstart the 3D printing open things revolution!

...by creating a vibrant, coherent open things ecosystem modeled after the best practices already established by the Open Source Software community.

Purely functional and almost declarative - no mutations or side-effects allowed
Transpiled to JS which is then evaluated calling native libs or optimized computation cores for heavy-lifting.

	{
	"C_Cpp.default.systemIncludePath": [
	"/Library/Developer/CommandLineTools/usr/include/",
	"/Library/Developer/CommandLineTools/usr/lib/clang/12.0.0/include/",
	"/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include/",
	"/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/"
	]
	}

	###
	# Vhost that terminates HTTPS and also proxies raw TLS connection
	# for certain endpoints.
	###
	https://a-site.example.com {
	# Get a certificate and decrypt the traffic as usual.
	tls auto

	handle /naked {
	# Proxy the decrypted traffic to an HTTP backend effectively terminating the HTTPS

	/*************************************************************************************************
	* Simple Google Apps script for removing GMail messages
	*
	* Rationale: If you've got hundreds of thousands of e-mails (automated error reports in my case)
	* filling up your account's quota and there's too many of them creating huge threads so
	* GMail GUI, IMAP or anything else cannot handle this removal.
	*
	* Usage: Set up your query and run this script using a trigger every 5/10 minutes - it took days
	* for my Inbox to be finally free from the crap.
	*************************************************************************************************/

	Some experiments, which worked but were eventually not used.
	See http://www.greenhills.co.uk/2011/06/10/lxc.html

	Now, the next big milestone is to get networking working.
	In the config, we told lxc-create to use br0 as the link,
	and inside the container we have eth0:

	root@thunder:/# brctl show br0
	bridge name bridge id STP enabled interfaces
	br0 8000.962e6bb72480 no vethP70LNx

	#include<stdlib.h>
	#include<stdio.h>
	#include<string.h>
	#include<unistd.h>
	#include<signal.h>

	#define MIB_SZ(SZ) ((SZ) / 0x100000)
	#define PER_SZ(SZ, TOTAL) ((SZ * 100) / (TOTAL))

	#ifdef __linux__

	from __future__ import absolute_import, division, print_function
	__metaclass__ = type

	import re
	import sys
	import json
	import datetime
	import itertools
	import traceback
	import configparser