Skip to content

Instantly share code, notes, and snippets.

View inntran's full-sized avatar

Yinchuan Song inntran

28 followers · 15 following
View GitHub Profile
@inntran
inntran / itunes-windows.md
Created February 20, 2024 01:53
iTunes individual installers (Apple Software Update) for Windows
@inntran
inntran / apple-background-sounds.md
Last active April 11, 2023 12:10
Apple Background Sounds
@inntran
inntran / gist:249dea7a8ea097bc76605e2e29667aa6
Created September 18, 2021 19:33
Enable OpenSCAP security profiles for CentOS Stream 8 installer
# I'm facing similar issue like [1] and [2],
# as of today (2021-09-18) CentOS Stream 8 installer does not list any OpenSCAP backed "Security Profile".
# By reading source code at [3] and [4], I figured out a way to make CentOS Stream 8 to read and use CentOS 8 and RHEL 8 security profiles.
#################################################### WARNING ##########################################################
# CentOS 8 or CentOS Stream 8 are not certified with RHEL 8 profiles, you may not get them through compliance audits. #
# Use this at your own risk. #
#######################################################################################################################
# Step 1, at the language selection page, don't click next, but switch to a virtual console, type the 2 commands below
@inntran
inntran / qla2xxx-reenable-ol8.md
Created November 21, 2020 14:16
Enable qla2xxx Linux target support on Oracle Linux 8

The RHEL8 offcial kernel and Oracle RHCK kernel have removed FC target support of QLogic HBAs. But Oracle's UEK kernel still has relevant kernel modules. Userland tools like targetcli depends on python3-rtslib, qla2xxx support is implemented but commented out. Commands below would unmask qla2xxx support, so it will show up in targetcli's ls output.

sed -i s'/^#    "qla2xxx"/    "qla2xxx"/' /usr/lib/python3.6/site-packages/rtslib/fabric.py
sed -i s'/^#    "qla2xxx"/    "qla2xxx"/' /usr/lib/python3.6/site-packages/rtslib_fb/fabric.py
@inntran
inntran / copy-spotlight-pics.sh
Created July 25, 2018 02:21
Copy Windows spotlight wallpapers to a folder in C/D/E drive
#!/bin/bash
# Steps
# 1. Install Linux subsystem
# 2. Install a Linux distro in Windows 10, e.g. Ubuntu
# 3. Create a symbolic link to your ContentDeliveryManager Assets directory
# yourname@YOURMACHINE:~$ ln -s /mnt/c/Users/_YOUR_WINDOWS_USERNAME_/AppData/Local/Packages/Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy/LocalState/Assets spotlight-assets
# 4. Create a directory in your D drive, named "SpotlightPhotos"
# 5. Run this script from your home directory
@inntran
inntran / autounattend.xml
Last active August 17, 2020 14:33
Windows 10 1803 Clean Setup, sponsored apps will not be installed, Administrator is enabled.
<?xml version="1.0" encoding="utf-8"?>
<!-- UEFI & GPT, 64GB C drive, 160GB D drive, Administrator enabled with empty password -->
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<servicing></servicing>
<settings pass="windowsPE">
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DiskConfiguration>
<WillShowUI>OnError</WillShowUI>
<Disk wcm:action="add">
<CreatePartitions>
@inntran
inntran / vzw-lte-ipv6-prefix-translation.md
Last active September 9, 2022 00:58
To configure IPv6 NPTv6 on Linux to allow more hosts behind Verizon Wireless LTE IPv6 single /64 prefix

Problem

Verizon Wireless assigns you ONE IPv4 address and ONE /64 IPv6 prefix for their cellular service, and VZW would reset your datalink once they received 1 packet with an illegal source address.

We have NAT for IP but for IPv6 we would like to avoid address translation to get some kind of end-to-end communication.

Solution

NPTv6, defined in RFC6296, would help us to do stateless prefix translation for IPv6.

@inntran
inntran / cisco-trustpool-import-bundle.md
Last active January 18, 2023 14:33
Trusted ROOT certificates for HTTPS client on Cisco IOS 15 M&T

Background

If you ever need to access HTTPS site from a Cisco router running IOS, whether it's the copy command or TR-069 client or DDNS HTTP client, the request won't go through, because the SSL/TLS certificate (chain) provided by the server cannot be validated.

Install the Cisco provided trusted root bundle

Before you import CA bundle

Setup trustpool policy

crypto pki trustpool policy
 cabundle url http://www.cisco.com/security/pki/trs/ios.p7b
 chain-validation
@inntran
inntran / dhcpv6-he.net-ddns-https.md
Created January 4, 2018 19:48
Cable provider's IPv6 address DDNS update for HE.net DNS service over HTTPS

Automate DDNS record on HE.net free DNS service for RouterOS DHCPv6 client

Turning on DDNS of your record

Official documentation on HE.net DDNS, you have to logout or open another browser session to check it out: https://dns.he.net

Steps

  1. Check "Enable entry for dynamic dns" checkbox for the domain record you want to enable DDNS on.
  2. Click the Generate Icon in DDNS column of your domain record table.
  3. Generate a new DDNS key, keep a record of it somewhere(you won't be able to retrieve it again from this interface). Save.
@inntran
inntran / routeros-install-moz-root-ca.md
Created January 4, 2018 18:13
Install latest Mozilla trusted CA certificates on Mikrotik RouterOS

Steps

  1. Get latest CA certificates from Mozilla: https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReportPEMCSV
  2. Extract PEM format certificates from CSV, using this tool I wrote: https://github.com/inntran/RubyPowerTools/blob/master/bin/csv or DIY ./csv IncludedCACertificateWithPEMReport.csv "PEM Info" > moz-cert-$(date +%Y%m%d).crt
  3. Upload/Copy generated bundle certificate file to RouterOS
  4. Import using command /certificate import file-name=moz-cert-20180101.crt, should replace 20180101 with actual filename.