This proof of concept uses ipvlan feature of Linux to split up main
network interface into two in order to use one in a separate namespace
with jool-siit performing CLAT translation.
This way, enabling CLAT is least intrusive to the default network namespace - no need to enable forwarding or touch firewall rules.
| (version 1) | |
| #Kicad 7 | |
| # 2-layer, 1oz copper | |
| (rule "Minimum Trace Width (outer layer)" | |
| (constraint track_width (min 5mil)) | |
| (layer outer) | |
| (condition "A.Type == 'track'")) | |
| (rule "Minimum Trace Spacing (outer layer)" |
| { pkgs, ... }: | |
| # Based on https://wiki.archlinux.org/title/Nftables#Working_with_Docker | |
| let | |
| dockerHostName = "dockernet"; | |
| hostip = "${pkgs.util-linux}/bin/nsenter --target 1 --net -- ${ip}"; | |
| ip = "${pkgs.iproute2}/bin/ip"; | |
| dockerNsSetupScript = pkgs.writeShellScript "docker-netns-setup" '' |
I've spent the day trying to get this setup working with GitHub and given the number of gotcha's I encountered, it seemed like a good idea to document how I finally got this working with as few hacks as possible. There's a lot of documentation out there (some of it old and misleading) and committing here for posterity will help me remember this when I inevitably need to do this again.
Passwords are simply not enough these days. Regardless of the company, breaches (and the associated Personally Identifiable Information harvested) are a matter of not if, but when. There are a number of things you can do to protect yourself, but being on the tin-foil-hat side of paranoia, means there are a few Commandents that I adhere to (and recommend for other folks)[Insert link to Fight Club Rules for the Secure Internet].
That being said, if you use 2-factor authentication and have committed to using a hardware token such as the Yubikey, then you're already ahead of the curve. The problem is that wh
| #!/bin/bash -e | |
| blake2s_mix() { | |
| local A_NAME="$1" | |
| local A="$2" | |
| local B_NAME="$3" | |
| local B="$4" | |
| local C_NAME="$5" | |
| local C="$6" | |
| local D_NAME="$7" |
With wf-recorder it is possible to record one output. When ffmpeg is compiled with sdl support, then it is possible to use "sdl" as the muxer and replay the recorded video instead of writing it to a file.
| * { | |
| background-image: none; | |
| } | |
| window { | |
| background-color: rgba(46, 52, 64, 0.9); | |
| } | |
| button { | |
| background-color: #2e3440; | |
| border-style: solid; | |
| border-width: 0px; |
| # I am ashamed for writing this. | |
| import inspect; | |
| class Cin: | |
| """ time to whip out some python magic """ | |
| def __rshift__(self, other): | |
| # I don't want to require that "other" is declared global. | |
| cin = input(); |
| #!/bin/bash | |
| PREFIX="$1" | |
| IFACE="$2" | |
| ip netns add jool | |
| ip link add name to_jool typ veth peer name to_world | |
| ip link set up dev to_jool | |
| ip link set dev to_world netns jool | |
| ip netns exec jool ip link set up dev to_world |
