This explains how to create an Alpine Linux unified kernel image (UKI) with netboot.
For this we need:
- a kernel
- an initramfs image
- a modloop image (a squashfs image with the kernel modules for the kernel)
- the
ukifytool from systemd
arianvp
/ SSH_MACOS_SECURE_ENCLAVES.md
Last active
January 22, 2026 19:55
Native Secure Enclaved backed ssh keys on MacOS
It turns out that MacOS Tahoe can generate and use secure-enclave backed SSH keys! This replaces projects like https://github.com/maxgoedjen/secretive
There is a shared library /usr/lib/ssh-keychain.dylib that traditionally has been used to add smartcard support
to ssh by implementing PKCS11Provider interface. However since recently it also implements SecurityKeyProivder
which supports loading keys directly from the secure enclave! SecurityKeyProvider is what is normally used to talk to FIDO2 devices (e.g. libfido2 can be used to talk to your Yubikey). However you can now use it to talk to your Secure Enclave instead!
arch1t3cht
/ video_noob_guide.md
Last active
January 22, 2026 17:11
What you NEED to know before touching a video file
Hanging out in subtitling and video re-editing communities, I see my fair share of novice video editors and video encoders, and see plenty of them make the classic beginner mistakes when it comes to working with videos. A man can only read "Use Handbrake to convert your mkv to an mp4 :)" so many times before losing it, so I am writing this article to channel the resulting psychic damage into something productive.
If you are new to working with videos (or, let's face it, even if you aren't), please read through this guide to avoid making mistakes that can cost you lots of computing power, storage space, or video quality.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // defer.h | |
| // john@crashoverride.com | |
| // © 2025 Crash Override, Inc. | |
| // Licensed under the BSD 3-Clause license | |
| #pragma once | |
| #include <stdint.h> | |
| typedef struct n00b_defer_ll_t n00b_defer_ll_t; |
This is a list of general-purpose optimizations for C programs, from the most impactful to the tiniest low-level micro-optimizations to squeeze out every last bit of performance. It is meant to be read top-down as a checklist, with each item being a potential optimization to consider. Everything is in order of speed gain.
Choose the best algorithm and data structure for the problem at hand by evaluating:
- time complexity
attractivechaos
/ 2025-02-02_What-is-an-arena-in-memory-allocation.md
Last active
December 8, 2025 19:38
I first leanred about "arena" when I was trying to understand the internal of [glibc malloc][glibc-alloc] around 2010, but I [later realized][trend] the concept is narrowly defined [in][arena1] [other][arena2] [context][arena3]. This blog post explains the difference in definition and the limitations in the so-called "arena allocators" we use today.
kprotty
/ atomics_for_humans.md
Last active
January 7, 2026 17:21
Offering a simpler way to conceptualize https://en.cppreference.com/w/cpp/atomic/memory_order
-
Every atomic object has a timeline (TL) of writes:
- A write is either a store or a read-modify-write (RMW): it read latest write & pushed new one.
- A write is either tagged Relaxed, Release, or SeqCst.
- A read observes some write on the timeline:
- On the same thread, future reads can't go backwards on the timeline.
- A read is either tagged Relaxed, Acquire, or SeqCst.
- RMWs can also be tagged Acquire (or AcqRel). If so, the Acquire refers to the "read" portion of "RMW".
-
Each thread has its own view of the world:
- Shared write timelines but each thread could be reading at different points.
jphsd
/ interprocess.md
Last active
October 13, 2024 16:46
Interprocess channels in Go by using named pipes
A couple of code samples to show how a named pipe can be used to extend Go's channel paradigm for use between different processes running on a system.
- interprocess1.go details a single byte channel.
- interprocess2.go details a channel that passes slices of bytes.
Note that opening a write channel will return two channels -
michaelbeaumont
/ mkosi.build.chroot
Last active
October 19, 2025 06:47
Using mkosi and AUR to install packages
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -ex | |
| PACKAGES=( | |
| neovim-git | |
| ) | |
| # All this is basically to get around makepkg calling pacman with sudo | |
| # Otherwise we could just call `aur sync` and be done with it |
alpominth
/ rt_table123.sh
Last active
July 19, 2024 12:26
rt_table123.sh - Easily create a firewall mark for an additional routing table and expose the IP adress(es) of a network interface to the system
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| FW_MARK="$((RANDOM%2147483646 + 1))" | |
| if [ "$(ip -4 rule show fwmark ${FW_MARK})" ] || [ "$(ip -6 rule show fwmark ${FW_MARK})" ]; then | |
| while [ "$(ip -4 rule show fwmark ${FW_MARK})" ] || [ "$(ip -6 rule show fwmark ${FW_MARK})" ]; do | |
| FW_MARK="$((RANDOM%2147483646 + 1))" | |
| done | |
| fi | |
| TABLE="$((RANDOM%2147483396 + 1))" | |
| if [ ! "$(ip -4 route show table ${TABLE} 2>/dev/null || echo 1)" = "1" ] || [ ! "$(ip -6 route show table ${TABLE} 2>/dev/null || echo 1)" = "1" ]; then |
NewerOlder