Skip to content

Instantly share code, notes, and snippets.

Avatar
📞
call me on my shell phone

Jess Frazelle jessfraz

📞
call me on my shell phone
View GitHub Profile
@jessfraz
jessfraz / include.toml
Last active Nov 20, 2020
GitHub asciidoc mishaps
View include.toml
[[includes]]
name = "thing"
@jessfraz
jessfraz / Dockerfile
Created Dec 28, 2018
Scrape CIA public PDF files
View Dockerfile
FROM python:2-alpine
RUN apk add --no-cache \
gcc \
libxml2-dev \
libxslt-dev \
musl-dev
ENV LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/include/libxml2
ENV C_INCLUDE_PATH=$C_INCLUDE_PATH:/usr/include/libxml2
@jessfraz
jessfraz / Dockerfile
Created Dec 28, 2018
Scrape best papers site
View Dockerfile
FROM python:2-alpine
RUN pip install \
beautifulsoup4 \
requests
COPY papers.py /usr/local/bin/
RUN chmod +x /usr/local/bin/papers.py
WORKDIR /root
View freeze.md

Freezer cgroup FTW

In a terminal start a server.

$ python -m SimpleHTTPServer 8000

In another terminal set up the cgroups freezer.

@jessfraz
jessfraz / rawaccess-and-img.md
Last active Apr 23, 2018
img and acs-engine
View rawaccess-and-img.md

deploying acs-engine with rawaccess

$ git clone git@github.com:jessfraz/acs-engine
$ git checkout rawaccess
$ make
$ ./bin/acs-engine deploy --subscription-id $SUBSCRIPTION_ID \
	--dns-prefix jessfraz-rawaccess \
	--location eastus --auto-suffix \
	--api-model examples/kubernetes.json 
@jessfraz
jessfraz / boxstarter.ps1
Last active Dec 2, 2020
Boxstarter Commands for a new Windows box.
View boxstarter.ps1
# Description: Boxstarter Script
# Author: Jess Frazelle <jess@linux.com>
# Last Updated: 2017-09-11
#
# Install boxstarter:
# . { iwr -useb http://boxstarter.org/bootstrapper.ps1 } | iex; get-boxstarter -Force
#
# You might need to set: Set-ExecutionPolicy RemoteSigned
#
# Run this boxstarter by calling the following from an **elevated** command-prompt:
@jessfraz
jessfraz / proposal.md
Created Feb 3, 2017
High-Level Security Profile Generator
View proposal.md

High-Level Security Profile Generator

(originally from my proposal on https://github.com/docker/docker/issues/17142#issuecomment-148974642 but generic)

The profile would generate artificats of an apparmor profile and seccomp filters.

Obviously doesn't have to be toml since that's super hipster :p

Assumptions

  • no one is going to sit and write out all the syscalls/capabilities their app needs
  • automatic profiling would be super cool but like aa-genprof it is never
@jessfraz
jessfraz / j3ss.co.conf
Created Oct 1, 2016
nginx go-get vanity urls
View j3ss.co.conf
server {
....
location ~ ^/x/(.*) {
if ($args = "go-get=1") {
add_header Content-Type text/html;
return 200 '<meta name="go-import" content="$host/x/$1 git https://github.com/jessfraz/$1.git">';
}
return 302 https://github.com/jessfraz/$1;
}
View keybase.md

Keybase proof

I hereby claim:

  • I am jessfraz on github.
  • I am jessie (https://keybase.io/jessie) on keybase.
  • I have a public key whose fingerprint is D4C4 DD60 0D66 F65A 8EFC 511E 18F3 685C 0022 BFF3

To claim this, I am signing this object:

View proposal.md

Self isolating binaries

This is a play proposal for a new wrapper around go build that would build your binary but wrap it in code that would prepare isolation around your binary on run.

A concept of this is in https://github.com/jfrazelle/binctr, in that it takes a docker image and embeds the contents into a final binary so you have a self-contained binary.

The binctr example is unnessesarily heavy for go binaries because all you need is a completely static binary.

You can’t perform that action at this time.