Skip to content

Instantly share code, notes, and snippets.

View mnalis's full-sized avatar

Matija Nalis mnalis

38 followers · 13 following
View GitHub Profile
@mnalis
mnalis / fast_firefox.md
Created November 22, 2025 19:02 — forked from RubenKelevra/fast_firefox.md
Make Firefox fast again
@mnalis
mnalis / README.md
Created October 26, 2025 22:18 — forked from flaviovs/README.md
How to use TARPIT in Linux without consuming (your) resources

Iptables(8) TARPIT is a useful security mechanism that can slow down or stop attacks on a network. If everyone used TARPIT to block attackers, in theory their resources would be exhausted as their connection attempts would be delayed, which would discouraged people from attempting unauthorized access. Here's a brief description of how TARPIT works:

To achieve this tar pit state, iptables accepts the incoming TCP/IP connection and then switches to a zero-byte window. This forces the attacker's system to stop sending data, rather like the effect of pressing Ctrl-S on a terminal. Any attempts by the attacker to close the connection are ignored, so the connection remains active and typically times out after only 12–24 minutes. This consumes resources on the attacker's system but not

@mnalis
mnalis / count_housenumber_letters.sh
Created February 13, 2024 15:17
OSM housenumbers ending in "a" vs "b"/"c"/"d"/"e"/"f"
#!/bin/sh
# first step takes about 1h 45m on my 4core VM and produces about 300MB output file. The second step is about 2.5m
# it counts housenumbers ending in a number and a single letter (e.g. '42b') and outputs frequency of those letters a-f
# for testing https://github.com/streetcomplete/StreetComplete/issues/5479#issuecomment-1937812748
time pv -ptebar planet-240205.osm.bz2 | pbzip2 -dc | ag -F 'addr:housenumber' | zstd > housenumbers.xml.zstd
time pv housenumbers.xml.zstd | zstdmt -dc | perl -nE 'if (/^\s*<tag k="addr:housenumber"\sv="(.*?)\s*".*$/) { $n=$1; $a++ if $n=~/\da$/i; $b++ if $n=~/\db$/i; $c++ if $n=~/\dc$/i; $d++ if $n=~/\dd$/i; $e++ if $n=~/\de$/i; $f++ if $n=~/\df$/i;} END { say "a=$a\nb=$b\nc=$c\nd=$d\ne=$e\nf=$f\n" }'
# result:
#a=4593803
@mnalis
mnalis / gist:f77bbf938230616960ed3947fbcaa212
Created August 25, 2022 00:48
StreetComplete 45.0-alpha1 invalid shoulder=* tag detection (OSM changeset parsing in shell)
### Detecting StreetComplete AddShoulder corruption from SC/Zazolc 45.0-alpha1
### or: using hacky shell commands for (rapid, but noncompliant XML) fun and profit
### See https://github.com/streetcomplete/StreetComplete/issues/4170
% time pbzip2 -dc changesets-220815.osm.bz2 | env -i LC_ALL=C grep -B1 -A2 'StreetComplete:quest_type.*AddShoulder' > shoulder_quest.txt
pbzip2 -dc changesets-220815.osm.bz2 1579.50s user 14.95s system 379% cpu 7:00.41 total
env -i LC_ALL=C grep -B1 -A2 'StreetComplete:quest_type.*AddShoulder' > 47.80s user 10.19s system 13% cpu 7:00.40 total
% fgrep -c changeset shoulder_quest.txt
23333
@mnalis
mnalis / etc_kernel_postinst.d__cdc-acm-irtoy-kludge
Last active October 22, 2025 17:23
RaspberryPI IrToy - restore /dev/ttyACM0 interface in newer kernels automatically on kernel upgrade
#!/bin/sh
# by Matija Nalis <[email protected]> GPLv3+ started 20211112
# automatically kludge cdc_acm.ko for IrToy /dev/ttyACM0 usage "old-way"
# updated by Matija Nalis <[email protected]> 20251022 for RpiOS-Trixie (6.12.47+rpt-rpi-v8)
#
# put this file with +rx permissions in /etc/kernel/postinst.d/cdc-acm-irtoy-kludge
#
#echo script: $0
#echo params: "$@"
@mnalis
mnalis / kludge_cdc_acm_irtoy.sh
Last active October 22, 2025 17:25
RaspberryPI IrToy - restore /dev/ttyACM0 interface in newer kernels
cd /lib/modules/`uname -r`/kernel/drivers && \
mv -n media/rc/ir_toy.ko media/rc/ir_toy.ko.DISABLED && \
mv -n usb/class/cdc-acm.ko usb/class/cdc-acm.ko.DISABLED && \
env -i sed -e 's/\xd8\x04\x08\xfd/\xff\x04\x08\xfd/' < usb/class/cdc-acm.ko.DISABLED > usb/class/cdc-acm.ko && \
depmod -a
# reboot after doing the change.
#
# This changes blacklisting of USB ID `04d8:fd08` in cdc-acm, so IrToy gets recognized
# as it was in previous kernel versions, and `/dev/ttyACM0` gets created for it instead of `/dev/lirc0`
@mnalis
mnalis / show_cert_path.sh
Last active November 7, 2021 20:30
show full certificate path (for multi-cert `.pem` files)
perl -nE '$c.=$_; if (/^-----END/) { say "* file: $ARGV"; say `echo "$c" | openssl x509 -noout -subject -issuer -dates`; $c=""}' domain.crt zimbra_chain.crt
@mnalis
mnalis / building_id_sc_diff.sh
Created February 24, 2021 23:17
compare StreetComplete and iD building tag presets
#!/bin/sh
# Matija Nalis 2021-02-25, MIT license
# Compares StreetComplete building descriptions to iD tag presets
# see https://github.com/streetcomplete/StreetComplete/issues/2588
wget -q -N https://github.com/streetcomplete/StreetComplete/raw/master/app/src/main/java/de/westnordost/streetcomplete/quests/building_type/BuildingType.kt
fgrep '"building' BuildingType.kt | cut -f4 -d\" | sort -u > sc.tags
curl -s https://raw.githubusercontent.com/openstreetmap/id-tagging-schema/main/dist/presets.json | grep '"building": "[a-z]' | cut -f4 -d\"| sort -u > id.tags
@mnalis
mnalis / pre-commit
Created October 12, 2020 17:19 — forked from kuy/pre-commit
git: pre-commit hook script to prevent committing FIXME code
#!/bin/sh
matches=$(git diff --cached | grep -E '\+.*?FIXME')
if [ "$matches" != "" ]
then
echo "'FIXME' tag is detected."
echo "Please fix it before committing."
echo " ${matches}"
exit 1