Skip to content

Instantly share code, notes, and snippets.

View thomasdarimont's full-sized avatar
🏠
Working from home

Thomas Darimont thomasdarimont

🏠
Working from home
1.3k followers · 864 following
View GitHub Profile
@bllacksheep
bllacksheep / haproxy_whitelists.md
Last active January 22, 2025 06:10
Whitelists in haproxy (the right way)

tldr; Don't just test a whitelist based on an initial pass/fail. An update to that whitelist or addition of a parameter to a use_backend statement alone can cause a routing mess.

I don't normally say things like "the right way" but in this case attention to detail is usually always the right way. We had two use_backend statements in haproxy shown below where when an IP address wasn’t in the whitelist it would be routed straight to production. The proposed fix for this meant that traffic in the whitelist would always be routed to production. Which is the opposite of what I believe was intended in both cases.

  use_backend b1 if host-site worldpay_callback worldpay_whitelist worldpay_env_dev worldpay_auth
  use_backend b2 if host-site worldpay_callback worldpay_whitelist worldpay_env_prd worldpay_auth

This works, you can put whitelist evaluation in a use_backend statement but if it's nested inside a larger scope and the logic falls through it's going to bite you. Troubleshooting this par

@ryuheechul
ryuheechul / collection.rego
Last active January 8, 2024 13:37
OPA Rego collection helpers
package collection
# Map
my_add(x, y) = x + y
map_add[x] = val {
col := input.col
delta := input.delta
@vivekhaldar
vivekhaldar / color_edit.py
Last active November 29, 2024 13:57
#!/usr/bin/env python
import math
import sys
from moviepy.editor import AudioClip, VideoFileClip, concatenate_videoclips
# Get average RGB of part of a frame. Frame is H * W * 3 (rgb)
# Assumes x1 < x2, y1 < y2
@taylorza
taylorza / GO-Fillslice.md
Last active May 28, 2025 01:14
Golang - Fill slice/array with a pattern

Filling an array or slice with a repeated pattern

Looking for an efficient pure GO approach to copy repeating patterns into a slice, for a toy project, I ran a few tests and discovered a neat approach to significantly improve performance. For the toy project, I am using this to fill a background buffer with a specific RGB color pattern, so improving this performance significantly improved my acheivable framerate.

All the test were run with a buffer of 73437 bytes, allocated as follows

var bigSlice = make([]byte, 73437, 73437)

Fill the slice with the value 65 by looping through each element and setting the value

@System-Glitch
System-Glitch / go-worker.go
Last active May 10, 2024 15:57
A resilient Go worker
package main
// This is an example of a resilient worker program written in Go.
//
// This program will run a worker, wait 5 seconds, and run it again.
// It exits when SIGINT or SIGTERM is received, while ensuring any ongoing work
// is finished before exiting.
//
// Unexpected panics are also handled: program won't crash if the worker panics.
// However, panics in goroutines started by the worker won't be handled and have
@stokito
stokito / jwt-decode.sh
Last active June 12, 2024 14:49 — forked from KevCui/jwtDecoder.sh
A shell (ash, dash, Bash) script to decode JWT token. Version ported to OpenWrt here https://gist.github.com/stokito/43afca84fc34d1d362bf210cd941a366
#!/bin/sh
# Decode a JWT from stdin and verify it's signature with the JWT issuer public key
# Only RS256 keys are supported for signature check
#
# Put OAuth server public key in PEM format to /var/cache/oauth/$JWT_KID.key.pub.pem
# You must create the folder first
# $ sudo mkdir -p /var/cache/oauth/
# To converted key from JWK to PEM use https://8gwifi.org/jwkconvertfunctions.jsp or https://keytool.online/
# NOTE: For Google you can get the keys in PEM format via https://www.googleapis.com/oauth2/v1/certs
# Decode the keys with decodeURIComponent()
@MichaelDrogalis
MichaelDrogalis / apache-kafka-productivity-hacks.md
Last active July 31, 2025 16:30

I've been working with Apache Kafka for over 7 years. I inevitably find myself doing the same set of activities while I'm developing or working with someone else's system. Here's a set of Kafka productivity hacks for doing a few things way faster than you're probably doing them now. 🔥

Get the tools

@wybiral
wybiral / noscript-tracking.go
Last active October 28, 2024 23:01
Tracking cursor position in real-time with remote monitoring (without JavaScript)
// Tracking cursor position in real-time without JavaScript
// Demo: https://twitter.com/davywtf/status/1124146339259002881
package main
import (
"fmt"
"net/http"
"strings"
)
@drmalex07
drmalex07 / README-fail2ban-keycloak.md
Last active November 22, 2025 10:31
Use fail2ban to block brute-force attacks to keycloak server. #keycloak #fail2ban #brute-force-attack

Add regular-expression filter under /etc/fail2ban/filter.d/keycloak.conf:

[INCLUDES]

before = common.conf

[Definition]

_threadName = [a-z][-_0-9a-z]*(\s[a-z][-_0-9a-z]*)*
_userId = (null|[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})
@lizthegrey
lizthegrey / attributes.rb
Last active August 29, 2025 15:40
Hardening SSH with 2fa
default['sshd']['sshd_config']['AuthenticationMethods'] = 'publickey,keyboard-interactive:pam'
default['sshd']['sshd_config']['ChallengeResponseAuthentication'] = 'yes'
default['sshd']['sshd_config']['PasswordAuthentication'] = 'no'