Check all repositories in a GitHub organization for SHA1Hulud vulnerabilities by analyzing lock files via GitHub API (no cloning required).
export GITHUB_ORG=myorg
export GITHUB_TOKEN=ghp_xxx
curl -s https://gist.githubusercontent.com/Lp-Francois/cf203ef12ffd597dceb4716900e0dbe1/raw/392abd4bf134245085fb877ed837d47b5b60b487/check-github-org-sha1hulud.js | node| name | description |
|---|---|
Pipeline Investigation |
Debug GitLab CI/CD pipeline failures using glab CLI. Investigate failed jobs, analyze error logs, trace child pipelines, and compare Node version differences. Use for pipeline failures, job errors, build issues, or when the user mentions GitLab pipelines, CI/CD problems, specific pipeline IDs, failed builds, or job logs. |
Use this skill when investigating GitLab CI/CD pipeline issues.
| #cloud-config | |
| # Enable automatic package updates and upgrades during cloud-init execution | |
| package_update: true | |
| package_upgrade: true | |
| packages: | |
| # Security and Hardening | |
| - ufw | |
| - fail2ban |
| """ | |
| Script to automatically update uv.lock and then update pyproject.toml dependencies. | |
| Prerequisites: | |
| 1. Python 3.11+ (for tomllib) | |
| 2. tomli-w package (`pip install tomli-w`) | |
| 3. uv installed and available in PATH | |
| Usage: | |
| Run this script: `python upgrade_pyproject.py` |
If you encounter a problem where you cannot commit changes in Git – neither through the terminal nor via the GitHub Desktop application – the issue might be a freeze during the Git commit process. This is often caused by GPG lock issues. Below is a concise and step-by-step guide to resolve this problem.
Open your terminal and try to perform a GPG operation (like signing a test message). If you see repeated messages like gpg: waiting for lock (held by [process_id]) ..., it indicates a lock issue.
| // I'm tired of extensions that automatically: | |
| // - show welcome pages / walkthroughs | |
| // - show release notes | |
| // - send telemetry | |
| // - recommend things | |
| // | |
| // This disables all of that stuff. | |
| // If you have more config, leave a comment so I can add it!! | |
| { |
| FROM debian:latest | |
| # Install basic dev packages | |
| RUN apt-get clean && apt-get update && apt-get -y install --no-install-recommends \ | |
| apt-utils \ | |
| openssh-client \ | |
| git \ | |
| gnupg2 \ | |
| dirmngr \ | |
| iproute2 \ |
When it comes to Infrastructure As Code, the software versioning system known as Semantic Versioning (semver.org) works from an API perspective but falls short elsewhere.
In short a semver is broken down into three "octets" and optional, additional information tagged to the end. Here are a few examples: v1.0.1, v3.1.1, v1.15.0-4. Each of these is a valid semver.
If we take the first example - v1.0.1 - and change the first octet, 1, to 2, we're saying the following:
There has been a change to this code and that change is not compatible with how you're using
v1.0.1. The change is a breaking change. You should take care to introduce versionv2.0.0into your code or your environment.
| # based on https://github.com/unicorn-engine/unicorn/blob/master/bindings/python/sample_arm.py | |
| from __future__ import print_function | |
| from unicorn import * | |
| from unicorn.arm_const import * | |
| # https://github.com/raspberrypi/pico-bootrom/blob/ef22cd8ede5bc007f81d7f2416b48db90f313434/bootrom/bootrom_rt0.S#L441-L445 | |
| CODE = bytes.fromhex(""" | |
| .byte 0x11, 0x38, 0xc0, 0x7a, 0x00, 0xbd, 0x00, 0xb5 | |
| .byte 0x42, 0x40, 0x00, 0x2a, 0x00, 0xf0, 0x02, 0xf8 |
I have a Linux virtual machine inside a customer's private network. For security, this VM is reachable only via VPN + Citrix + Windows + a Windows SSH client (eg PuTTY). I am tasked to ensure this Citrix design is secure, and users can not access their Linux VM's or other resources on the internal private network in any way outside of using Citrix.
The VM can access the internet. This task should be easy. The VM's internet gateway allows it to connect anywhere on the internet to TCP ports 80, 443, and 8090 only. Connecting to an internet bastion box on one of these ports works and I can send and receive clear text data using netcat. I plan to use good old SSH, listening on tcp/8090 on the bastion, with a reverse port forward configured to expose sshd on the VM to the public, to show their Citrix gateway can be circumvented.
I hit an immediate snag. The moment I try to establish an SSH or SSL connection over o
