vlj91

• The CookieStore uses secret_key_base to store session session data
• Rails 7 introduces a
• When secret_key_base is rotated, all sessions are expired
• A rotation initializer can be added, which allows users to visit the site and have their cookies read with the old configuration, then rewritten with the new secret_key_base
• The rotator can be disabled either after a period of time, or upon audit that no cookies are stored using the previous secret_key_base
• Multiple rotators can exist at once
• Rotators can be used for other things, such as changing the digest used to sign cookies (SHA1 -> SHA256)

A simple rotator to move between two secret_key_base values may look like this:

vlj91

# building qgroundcontrol for raspberry pi 4
# steps:
#   1. compile QT for raspberry Pi:
#       - the version of QT that comes with debian doesn't compile
#         QGC correctly, so we compile a newer version
#       - this can take up to 8 hours even with 4 cores
#   2. compile qtlocation
#   3. compile qgroundcontrol using qt5.12.8

# this assumes a desktop environment is present to actually run qgc once it's compiled

vlj91

#!/usr/bin/env ruby

require 'aws-sdk-ecr'
ecr = Aws::ECR::Client.new

ecr.describe_repositories.repositories.map(&:repository_name).each do |repo|
  # set to scan on image push, this only affects newly pushed images
  ecr.put_image_scanning_configuration(
    repository_name: repo,
    image_scanning_configuration: {

vlj91

Keybase proof

I hereby claim:

• I am vlj91 on github.
• I am vlj91 (https://keybase.io/vlj91) on keybase.
• I have a public key ASDJo6mLMZliNfPYVXlRwxJeyqd2sTn9w2h2gJ2dOTM7uwo

To claim this, I am signing this object:

vlj91

# SCAP Security Guide OSPP/USGCB profile kickstart for Red Hat Enterprise Linux 7 Server
# Version: 0.0.2
# Date: 2015-11-19
#
# Based on:
# http://fedoraproject.org/wiki/Anaconda/Kickstart
# https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Installation_Guide/sect-kickstart-syntax.html
# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
# Text or Graphical
text

vlj91

#!/bin/bash

mirror="http://optus.net/centos/7/os/x86_64"
ks_url="https://gist.githubusercontent.com/vlj91/1e3c367eb14b00e78abad6df52257591/raw/663b5297a46f07329ff170aa4e64e374703fc03b/centos7.ks"

mkdir -pv /boot
curl "${mirror}/isolinux/initrd.img" > /boot/initrd.img
curl "${mirror}/isolinux/vmlinuz" > /boot/vmlinuz
curl "${ks_url}" > /boot/kickstart.ks

vlj91

---
apiVersion: v1
kind: Pod
metadata:
  name: redis
spec:
  containers:
  - name: redis
    image: redis
    env:

vlj91

#!/bin/bash -xe

vlj91

#!/bin/bash

yum install -y -e0 wget
mkdir -pv /opt/vm
pushd /opt/vm
wget http://centos.serverspace.co.uk/centos/7/isos/x86_64/CentOS-7-x86_64-Everything-1708.iso
copycds CentOS-7-x86_64-Everything-1708.iso
genimage centos7.4-x86_64-netboot-compute
packimage centos7.4-x86_64-netboot-compute
popd

vlj91

#!/bin/bash

cat << EOF > /etc/yum.repos.d/xCAT-core.repo
[xcat-2-core]
name=xCAT 2 Core packages
baseurl=http://xcat.org/files/xcat/repos/yum/2.13/xcat-core
enabled=1
gpgcheck=1
gpgkey=http://xcat.org/files/xcat/repos/yum/2.13/xcat-core/repodata/repomd.xml.key
EOF