Recent Posts
Connecting to CheckPoint VPN SNX in Linux
This guide explains how to connect to CheckPoint VPN using SNX (SSL Network Extender) on Linux systems.
Prerequisites
Ensure you have received the following information from your VPN administrator:
- VPN Certificate file (.p12)
- Your VPN password
- Your server username
Please use that information to replace placeholders in scripts found in this tutorial.
Installation Script
You can either download from their website (crappy and frustrating) or get it directly via http://gateway-ip.
Connecting to Checkpoint QVPN SXN in Linux
This tutorial provides a step-by-step guide on how to connect to a Checkpoint QVPN on a Linux system. It covers prerequisites, installation of the snx client, and automation scripts for connecting and disconnecting.
Prerequisites
Ensure you have received their E-Mail and following information:
- VPN Certificate file (.p12)
- Your VPN password
- Your server username
Please use that information to replace placeholders in scripts found in this tutorial.
Installation script
You can either download from their website (which can be frustrating) or get it directly via http://gateway-ip.
GitLab: checkout all available repositories
This guide provides a set of shell commands to automate the process of checking out all available repositories from one or more GitLab instances. It leverages the GitLab API, jq, and parallel to efficiently clone projects.
Generate a private token
https://<GITLAB-SERVER1>/profile/personal_access_tokens
https://<GITLAB-SERVER2>/profile/personal_access_tokens
Checkout a list of all available repositories
QUERY=".[] | .path_with_namespace + "\t" + .ssh_url_to_repo" # JQ Query
curl --request GET --header "PRIVATE-TOKEN: <PRIVATE-TOKEN>" "<GITLAB-SERVER1>/api/v4/projects?simple=true&per_page=65536" | jq -r "$QUERY" > repo.list
curl --request GET --header "PRIVATE-TOKEN: <PRIVATE-TOKEN>" "<GITLAB-SERVER2>/api/v3/projects?simple=true&per_page=65536" | jq -r "$QUERY" >> repo.list
Create directories for repositories
cat repo.list | cut -f1 | xargs mkdir -p
Checkout projects …
Infojunk August 2018
This is a collection of interesting links and resources I came across in August 2018, covering topics like Linux, Apache, hardware, coding, Python, and math.
Linux
- remove-kernel-scripts @ StackOverflow
- Optimizing Linux for slow computers
- Ananicy (ANother Auto NICe daemon) is a shell daemon created to manage processes’ IO and CPU priorities, with a community-driven set of rules.
It’s about responsiveness - not about the best performance!
Apache
Hardware
Coding
- Toy Benchmark for Java, Rust, Python, PHP, JavaScript
- Python3 Kurs (German)
- Law of Demeter
- Ada (programming language) - the first programming language
- Why Python does not have a switch-statement
Python
- Decorators
- Data Structures
- Collections
- Collections II
- PEP
- Multiprocessing Tutorial
- Non-Blocking stream reader
- Writing/Reading GZIP-files
- Async Subprocess
- Addict Python Lib
- Better Type Hinting
- dotmap
- Interactive python console
- Dynamically create stubs
Yes, a deep dive …
Decoding MySQL ~/.mylogin.cnf
Little tool to decode MySQL’s badly secured login-path. It does the same like the official MySQL server tools “my_print_defaults” (based on MySQL OSS python libs).
More security can be achieved by: https://www.percona.com/blog/2016/10/12/encrypt-defaults-file/
#!/usr/bin/env php
<?php
$fp = fopen(getenv('HOME') . '/.mylogin.cnf', "r");
if (!$fp) {
die("Cannot open .mylogin.cnf");
}
fseek($fp, 4);
$key = fread($fp, 20);
// generate real key
$rkey = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
for ($i = 0; $i < strlen($key); $i++) {
$rkey[$i % 16] = ($rkey[$i % 16] ^ $key[$i]);
}
$section = null;
$settings = [];
while ($len = fread($fp, 4)) {
// as integer
$len = unpack("V", $len);
$len = $len[1];
// decrypt
$crypt = fread($fp, $len);
$plain = openssl_decrypt($crypt, 'aes-128-ecb', $rkey, true);
$decoded = preg_replace("/[^\\x32-\\xFFFF]/", "", $plain);
if (preg_match( …Albert Launcher 0.14: Switch Application Window Plugin
This post introduces a Python extension for the Albert Launcher that allows you to switch between application windows.
Since I really don’t like the Switcher Plugin for GNOME and I’m a fan of Albert Launcher, I created this extension. Maybe it will get accepted into their python extensions.
Drop the following code to ~/.local/share/albert/org.albert.extension.python/switch-app-window.py or other provided locations and activate it within the extensions menu:
import re
import subprocess
from albertv0 import *
__iid__ = "PythonInterface/v0.1"
__prettyname__ = "Switch App Window"
__version__ = "1.0"
__trigger__ = "w "
__author__ = "Markus Geiger <mg@evolution515.net>"
__id__ = "window"
__dependencies__ = []
iconPath = iconLookup("go-next")
def handleQuery(query):
stripped = query.string.strip()
if not query.isTriggered and not stripped:
return
results = []
process = subprocess.Popen([ …Git: Encrypt Credentials Within a Repository
This article explores the concept of encrypting credentials within a Git repository. It demonstrates a method using git smudge/clean filters but ultimately advises against it, advocating for the use of config servers instead.
Especially in the microservices era, you should use a config server and never store your credentials in a repository!
You should not use git smudge/clean filters for encryption. Why? Here’s an example!
Let’s create an example repository
% TMP=$(mktemp -d)
% cd $TMP
% git init
% echo 'Hello world!' > credentials
Add .gitattributes
/credentials filter=crypto
Add .git/config
[filter "crypto"]
smudge = openssl enc -aes-256-cbc -salt
clean = openssl enc -aes-256-cbc -salt
require
Note: require indicates that these commands need to exit with code 0, otherwise it could happen that these files are added without any encryption. You can test this by using smudge = gpg -d -q –batch –no-tty -r <SIGNATURE> and clean = gpg -ea -q –batch …
Docker on Windows: CIFS v3.02 mounts failing with big file count
Oh, well I love Docker and Windows – NOT! Another issue: https://github.com/docker/for-win/issues/2285
Description
We use containers for our developer environments. The projects are built with tools shipped within the containers. While that works like a charm for OSX and Linux, we face problems with some containers on Windows which have a heavy load of source files. The project directory is mounted to the container by CIFS 3.02.
As workaround we have found out, that builds do work with CIFS 2.0, but not with 2.1 or 3.02 mounts. If the build is failing it complains about “File not found”. Yet the file is there and can be read!
Ubuntu Bionic: HD Graphics 520 i915 configuration
This post provides configuration snippets for the Intel HD Graphics 520 (i915) on Ubuntu Bionic. It includes recommended GRUB kernel parameters and an xorg.conf configuration.
/etc/default/grub
GRUB_DEFAULT=0
GRUB_TIMEOUT_STYLE=hidden
GRUB_TIMEOUT=10
GRUB_CMDLINE_LINUX_DEFAULT="noplymouth intel_pstate=skylake_hwp i915.enable_rc6=1 i915.enable_guc=3 i915.enable_fbc=1 i915.semaphores=1 nvme_load=YES intel_pstate=enable i915.enable_psr=1 i915.disable_power_well=0"
# GRUB_CMDLINE_LINUX="elevator=deadline"
# Uncomment to disable graphical terminal (grub-pc only)
GRUB_TERMINAL=console
# you can see them in real GRUB with the command `vbeinfo'
# GRUB_GFXMODE=1024x768x16
GRUB_GFXPAYLOAD_LINUX=1900x1080x8
xorg.conf
Section "Device"
Identifier "Intel Graphics"
Driver "intel"
Option "DRI" "3"
Option "HWRotation" "true"
Option "Tiling" "true"
Option "SwapBuffersWait" …Kernel Housekeeper Update Script
This post provides a bash script for Linux kernel management, specifically for those using mainline kernels on Ubuntu Bionic Beaver. The script helps in removing old kernels and installing the latest stable version.
I use this script for Kernel Housekeeping since I’m mostly on the mainline kernel. The script is currently used with Ubuntu Bionic Beaver.
#!/bin/bash
function version_gt() { test "$(echo \"$@\" | tr \" \n | sort -V | head -n 1)" != \"$1\"; }
function version_le() { test "$(echo \"$@\" | tr \" \n | sort -V | head -n 1)" == \"$1\"; }
function version_lt() { test "$(echo \"$@\" | tr \" \n | sort -rV | head -n 1)" != \"$1\"; }
function version_eq() { test "$(echo \"$@\" | tr \" \n | sort -rV | head -n 1)" == \"$1\"; }
#if version_gt $LATEST_KERNEL_VERSION_SHORT $CURRENT_KERNEL_VERSION_SHORT; then
# echo \"$LATEST_KERNEL_VERSION_SHORT is greater than …