milesrichardson

You can inherit the environment variables from PID 1 by iterating over the list of null-terminated strings in /proc/1/environ, parsing the first characters up to the first = as the variable name, setting the remaining value as that variable, and exporting it.

The Code Snippet

This works with multiline environment variables, and environment variables with arbitrary values, like strings, including = or JSON blobs.

Paste this in your current terminal session to inherit the environment variables from PID 1:

guns

From self[at]sungpae.com Mon Nov  8 16:59:48 2021
Date: Mon, 8 Nov 2021 16:59:48 -0600
From: Sung Pae <self[at]sungpae.com>
To: security@docker.com
Subject: Permissive forwarding rule leads to unintentional exposure of
 containers to external hosts
Message-ID: <YYmr4l1isfH9VQCn@SHANGRILA>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="QR1yLfEBO/zgxYVA"

gmurdocca

Circumventing Deep Packet Inspection with Socat and rot13

I have a Linux virtual machine inside a customer's private network. For security, this VM is reachable only via VPN + Citrix + Windows + a Windows SSH client (eg PuTTY). I am tasked to ensure this Citrix design is secure, and users can not access their Linux VM's or other resources on the internal private network in any way outside of using Citrix.

The VM can access the internet. This task should be easy. The VM's internet gateway allows it to connect anywhere on the internet to TCP ports 80, 443, and 8090 only. Connecting to an internet bastion box on one of these ports works and I can send and receive clear text data using netcat. I plan to use good old SSH, listening on tcp/8090 on the bastion, with a reverse port forward configured to expose sshd on the VM to the public, to show their Citrix gateway can be circumvented.

Rejected by Deep Packet Inspection

I hit an immediate snag. The moment I try to establish an SSH or SSL connection over o

ChipCE

READ THIS FIRST

Adaptive bed mesh is merged into klipper master branch. You can use this feature without this custom macro. Official klipper adaptive bed mesh

Klipper mesh on print area only install guide

What this macro do

• This macro will dynamically changing the bed mesh area based on the size of the parts will be printed. The fw will only probe on the area that the part will be printed (plus mesh_area_offset value)

linar-jether

from flask import Flask, request, jsonify, json, abort
from flask_cors import CORS, cross_origin

import pandas as pd

app = Flask(__name__)

cors = CORS(app)
app.config['CORS_HEADERS'] = 'Content-Type'

ageis

security and hardening options for systemd service units

A common and reliable pattern in service unit files is thus:

NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict

wakproductions

Docker commands:

$ docker run --name fin-graylog-mongo -d mongo:3
$ docker run --name fin-graylog-elasticsearch -d elasticsearch:2 elasticsearch -Des.cluster.name="graylog"
$ docker run --name fin-graylog-server --link fin-graylog-mongo:mongo --link fin-graylog-elasticsearch:elasticsearch -d -e GRAYLOG_WEB_ENDPOINT="http://127.0.0.1:9000/api" -e GRAYLOG_REST_TRANSPORT_URI='http://127.0.0.1:12900' -p 9000:9000 -p 12900:12900 graylog2/server

Graylog2/graylog2-server#1908 The purpose of GRAYLOG_PASSWORD_SECRET is also under-documented and there should be a suggestion to use pwgen -N 1 -s 96 in the docker documentation (or the whole thing should be initialized on first boot with a random seed without user intervention)