Security Advisories / Bulletins / vendors Responses linked to Log4Shell (CVE-2021-44228)
| /** | |
| * Recursive depth-first search to find all shadow roots within a webpage. | |
| * | |
| * Example usage: let's imagine you come across a page that has a bunch of | |
| * expandable information sections, and you would like to expand all of those | |
| * info sections for the sake of printing to a PDF or for the ease of | |
| * performing a simple `CTRL+F` search across the information. Let's assume | |
| * those expanding buttons are buried within Shadow DOM. (Perhaps the site is | |
| * using Angular or something of the sort & the buttons are separate | |
| * components, thus by default they end up in a Shadow DOM whenever included.) |
This gist describes how to set up standalone kubelet + CRI-O + CNI on Fedora Core 31. The goal is to place a Kubernetes Pod manifest on an single node and access the application from the network. This guide has been tested on x86-64 and armv7 deployments.
Make sure the system is up to date:
dnf -y update
PlantUML is a really awesome way to create diagrams by writing code instead of drawing and dragging visual elements. Markdown is a really nice documentation tool.
Here's how I combine the two, to create docs with embedded diagrams.
Get the command-line PlantUML from the download page or your relevant package manager.
Instructions to hack up WSL2 on Windows 10 Build 18917 to run k3s (Kubernetes) and rio
https://docs.microsoft.com/en-us/windows/wsl/wsl2-install
I already had Ubuntu-18.04 installed in wsl 1. So I just did wsl --set-version Ubuntu-18.04 2
Using Ubuntu 18.04 (I'm sure any distro will work), inside WSL2 download https://thirdpartysource.microsoft.com/download/Windows%20Subsystem%20for%20Linux%20v2/May%202019/WSLv2-Linux-Kernel-master.zip and extract to a folder. The latest version of the kernel source is available at (https://github.com/microsoft/WSL2-Linux-Kernel)
| #!/bin/sh | |
| # Launch a Pod ab-using a hostPath mount to land on a Kubernetes node cluster as root | |
| # without requiring `privileged: true`, in particular can abuse `DenyExecOnPrivileged` | |
| # admission controller. | |
| # Pod command in turn runs a privileged container using node's /var/run/docker.sock. | |
| node=${1} | |
| case "${node}" in | |
| "") | |
| nodeSelector='' | |
| podName=${USER+${USER}-}docker-any |
| #!/usr/bin/env bash | |
| set -e | |
| for full_name in $(kubectl get all -o name | grep -vE replicaset\|pod); do | |
| name="$(echo "$full_name" | sed -e "s/.*\///g")"; | |
| type="$(echo "$full_name" | sed -e "s/\/.*//g")"; | |
| case "${type}" in | |
| deployment*) | |
| type=Deployment | |
| ;; | |
| "service") |
| // GM_download | |
| function Download(url, name, opt={}) { | |
| Object.assign(opt, { url, name }) | |
| return new Promise((resolve, reject) => { | |
| opt.onerror = reject | |
| opt.onload = resolve | |
| GM_download(opt) | |
| }) |
| param($AccountName) | |
| # Reset a pwd, requires reset pwd rights on the obj: | |
| Set-AdAccountPassword -Identity $AccountName -Reset -NewPassword (Read-Host -asSecureString "Enter the new password") | |
| # Change a pwd, knowing the current password | |
| Set-AdAccountPassword -Identity $AccountName -OldPassword (Read-Host -asSecureString "Enter the current password") -NewPassword (Read-Host -asSecureString "Enter the new password") |
| #!/bin/bash | |
| rm *.jks 2> /dev/null | |
| rm *.pem 2> /dev/null | |
| echo "====================================================" | |
| echo "Creating fake third-party chain root -> ca" | |
| echo "====================================================" | |
| # generate private keys (for root and ca) |
