A common and reliable pattern in service unit files is thus:
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
ageis
/ systemd_service_hardening.md
Last active
April 27, 2024 09:46
Options for hardening systemd service units
A running example of the code from:
- http://marcio.io/2015/07/handling-1-million-requests-per-minute-with-golang
- http://nesv.github.io/golang/2014/02/25/worker-queues-in-go.html
This gist creates a working example from blog post, and a alternate example using simple worker pool.
TLDR: if you want simple and controlled concurrency use a worker pool.
gusennan
/ crypt_unlock.sh
Created
March 7, 2015 17:57
initramfs-hook for unlocking LUKS-encrypted LVM partition
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| PREREQ="dropbear" | |
| prereqs() { | |
| echo "$PREREQ" | |
| } | |
| case "$1" in | |
| prereqs) |
AverageMarcus
/ Dockerfile
Created
September 2, 2021 08:49
Example multi-arch Dockerfile for Go projects
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.16 as builder | |
| ARG TARGETPLATFORM | |
| ARG BUILDPLATFORM | |
| ARG TARGETOS | |
| ARG TARGETARCH | |
| WORKDIR /app/ | |
| ADD . . | |
| RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -ldflags="-w -s" -o yourapplication main.go |
mgoodness
/ k8s-svc-annotations.md
Last active
March 11, 2024 16:24
AWS ELB-related annotations for Kubernetes Services (as of v1.12.0)
service.beta.kubernetes.io/aws-load-balancer-access-log-emit-interval(in minutes)service.beta.kubernetes.io/aws-load-balancer-access-log-enabled(true|false)service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-nameservice.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-prefixservice.beta.kubernetes.io/aws-load-balancer-additional-resource-tags(comma-separated list of key=value)service.beta.kubernetes.io/aws-load-balancer-backend-protocol(http|https|ssl|tcp)service.beta.kubernetes.io/aws-load-balancer-connection-draining-enabled(true|false)
Hi. My name is Sadayuki "Sada" Furuhashi. I am the author of the MessagePack serialization format as well as its implementation in C/C++/Ruby.
Recently, MessagePack made it to the front page of Hacker News with this blog entry by Olaf, the creator of the Facebook game ZeroPilot. In the comment thread, there were several criticisms for the blog post as well as MessagePack itself, and I thought this was a good opportunity for me to address the questions and share my thoughts.
To the best of my understanding, roughly speaking, the criticisms fell into the following two categories.
chanks
/ gist:7585810
Last active
February 29, 2024 03:50
Turning PostgreSQL into a queue serving 10,000 jobs per second
RDBMS-based job queues have been criticized recently for being unable to handle heavy loads. And they deserve it, to some extent, because the queries used to safely lock a job have been pretty hairy. SELECT FOR UPDATE followed by an UPDATE works fine at first, but then you add more workers, and each is trying to SELECT FOR UPDATE the same row (and maybe throwing NOWAIT in there, then catching the errors and retrying), and things slow down.
On top of that, they have to actually update the row to mark it as locked, so the rest of your workers are sitting there waiting while one of them propagates its lock to disk (and the disks of however many servers you're replicating to). QueueClassic got some mileage out of the novel idea of randomly picking a row near the front of the queue to lock, but I can't still seem to get more than an an extra few hundred jobs per second out of it under heavy load.
So, many developers have started going straight t
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- Create a group | |
| CREATE ROLE readaccess; | |
| -- Grant access to existing tables | |
| GRANT USAGE ON SCHEMA public TO readaccess; | |
| GRANT SELECT ON ALL TABLES IN SCHEMA public TO readaccess; | |
| -- Grant access to future tables | |
| ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO readaccess; |
josephspurrier
/ aescmd.go
Created
December 23, 2014 07:11
Golang - Encrypt, Decrypt, File Read, File Write, Readline
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "bufio" | |
| "crypto/aes" | |
| "crypto/cipher" | |
| "crypto/rand" | |
| "fmt" | |
| "io" | |
| "io/ioutil" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/perl | |
| # | |
| # @file | |
| # Converter tool, from Apache Common Log file to CSV. | |
| # | |
| # All code is released under the GNU General Public License. | |
| # See COPYRIGHT.txt and LICENSE.txt. | |
| # | |
NewerOlder