Skip to content

Instantly share code, notes, and snippets.

View libesz's full-sized avatar

Gergo Huszty libesz

21 followers · 1 following
View GitHub Profile
@smx-smx
smx-smx / XZ Backdoor Analysis
Last active June 2, 2025 22:53
[WIP] XZ Backdoor Analysis and symbol mapping
XZ Backdoor symbol deobfuscation. Updated as i make progress
@aveexy
aveexy / nginx.conf
Last active October 22, 2025 13:12
immich nginx reverse proxy with base url (not a full/complete nginx config) base url is /immich (if you want something other, replace "/immich" with other path
pid /run/nginx/nginx.pid;
error_log stderr;
daemon off;
events {
}
http {
proxy_cache_path /var/cache/nginx/immich_revprox keys_zone=immich_revprox:10m levels=1:2 use_temp_path=off inactive=1d max_size=1g;
server {
listen 0.0.0.0:443 ssl ;
@darkxst
darkxst / rules.txt
Last active November 3, 2025 13:03 — forked from denniskupec/rules.txt
KiCad DRC rules for JLCPCB, 2 & 4-layer PCB
(version 1)
#Kicad 7
# 2-layer, 1oz copper
(rule "Minimum Trace Width (outer layer)"
(constraint track_width (min 5mil))
(layer outer)
(condition "A.Type == 'track'"))
(rule "Minimum Trace Spacing (outer layer)"
@pudquick
pudquick / brew.md
Last active May 5, 2025 21:30
Lightly "sandboxed" homebrew on macOS

brew is a bad neighbor

This isn't a guide about locking down homebrew so that it can't touch the rest of your system security-wise.

This guide doesn't fix the inherent security issues of a package management system that will literally yell at you if you try to do something about "huh, maybe it's not great my executables are writeable by my account without requiring authorization first".

But it absolutely is a guide about shoving it into its own little corner so that you can take it or leave it as you see fit, instead of just letting the project do what it likes like completely taking over permissions and ownership of a directory that might be in use by other software on your Mac and stomping all over their contents.

By following this guide you will:

  • Never have to run sudo to forcefully change permissions of some directory to be owned by your account
@rogpeppe
rogpeppe / go-generics-runtime-1.md
Last active November 3, 2021 16:14

Go generics at runtime (part 1 of 2)

From the design document:

Generic functions, rather than generic types, can probably be compiled using an interface-based approach. That will optimize compile time, in that the package is only compiled once, but there will be some run-time cost.

Generic types may most naturally be compiled multiple times for each

@HighMacGuy
HighMacGuy / first_run.ini
Last active January 4, 2025 22:18 — forked from andyspicer/install.sh
OpenVPN Access Server Letsencrypt
# OpenVPN Let's Encrypt first run config file
#https://loige.co/using-lets-encrypt-and-certbot-to-automate-the-creation-of-certificates-for-openvpn/
cert-name=
authenticator = standalone
standalone-supported-challenges = tls-sni-01
non-interactive = True
rsa-key-size = 4096
email = "[email protected]"
domains = "vpn.server.com"
@kekru
kekru / 1-Enable Docker Remote API with TLS client verification.md
Last active September 20, 2025 16:38
Docker Remote API with client verification via daemon.json

Enable Docker Remote API with TLS client verification

Docker's Remote API can be secured via TLS and client certificate verification.
First of all you need a few certificates and keys:

  • CA certificate
  • Server certificate
  • Server key
  • Client certificate
  • Client key

Create certificate files

@ipedrazas
ipedrazas / gist:9c622404fb41f2343a0db85b3821275d
Created June 19, 2017 08:57
Delete evicted pods
kubectl get pods | grep Evicted | awk '{print $1}' | xargs kubectl delete pod
@kvark
kvark / Rust Optimization.md
Created May 16, 2017 15:30 — forked from jFransham/Rust Optimization.md
@silo
silo / babun-Hyper-Win.md
Last active May 24, 2023 02:20
Babun + Hyper + Windows - Setup