Git: track a remote branch

Here is the point: you have a git repository a random guy forked your repo and made a pull request You want to rework his contribution locally before merging it On your local repo, add the random guy forked repository address and name it random-guy: git remote add random-guy [email protected]:random-guy/your-project.git You can see the remote repo you added with this command: git remote show Add the remote branch where the random guy did the pull request and name this branch pr-rework (for Pull Request rework)....

<span title='2022-06-07 00:00:00 +0000 UTC'>June 7, 2022</span>&nbsp;·&nbsp;1 min&nbsp;·&nbsp;JC

Check Debian installed packages integrity with debsums

Hey ! You inherited the maintenance of a Debian or Ubuntu server and you wonder if the previous admin has modified some sensitive files ? Is your system safe ? Can you trust it ? debsums to the rescue ! TL;DR sudo apt install debsums sudo debsums -as --no-prelink --no-locale-purge Explain me how it works As you may know, when you install a Debian package, you can find their postinst, postrm, preinst or prerm scripts on /var/lib/dpkg/info folder....

<span title='2022-04-28 00:00:00 +0000 UTC'>April 28, 2022</span>&nbsp;·&nbsp;2 min&nbsp;·&nbsp;JC

Check TLS versions required by a host

Simple and easy: $ nmap --script ssl-enum-ciphers -p 443 www.google.com Will returns: Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-03 15:48 UTC Nmap scan report for www.google.com (142.251.39.100) Host is up (0.020s latency). Other addresses for www.google.com (not scanned): 2a00:1450:400e:811::2004 rDNS record for 142.251.39.100: ams15s48-in-f4.1e100.net PORT STATE SERVICE 443/tcp open https | ssl-enum-ciphers: | TLSv1.0: | ciphers: | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C | compressors: | NULL | cipher preference: server | warnings: | 64-bit block cipher 3DES vulnerable to SWEET32 attack | TLSv1....

<span title='2022-03-03 00:00:00 +0000 UTC'>March 3, 2022</span>&nbsp;·&nbsp;2 min&nbsp;·&nbsp;JC

How to disable CPU mitigations (Danger zone)

CPU vulnerabilities and mitigations Yesterday, a co-worker pointed out to me than lscpu reported CPU vulnerabilities. $ lscpu (...) Vulnerability Itlb multihit: Not affected Vulnerability L1tf: Mitigation; PTE Inversion; VMX conditional cache flushes, SMT disabled Vulnerability Mds: Mitigation; Clear CPU buffers; SMT Host state unknown Vulnerability Meltdown: Mitigation; PTI Vulnerability Spec store bypass: Mitigation; Speculative Store Bypass disabled via prctl and seccomp Vulnerability Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization Vulnerability Spectre v2: Mitigation; Full generic retpoline, IBPB conditional, IBRS_FW, STIBP disabled, RSB filling Vulnerability Srbds: Unknown: Dependent on hypervisor status Vulnerability Tsx async abort: Not affected No problem, all these vulnerabilities are mitigated by my Linux kernel....

<span title='2022-02-23 00:00:00 +0000 UTC'>February 23, 2022</span>&nbsp;·&nbsp;3 min&nbsp;·&nbsp;JC

How to build an alpine distroless docker image with buildah

TL;DR If you don’t care about distroless bla-bla and just want to know how to create distroless alpine images, click here Distroless ? In a distroless docker image, you won’t find any shell, package manager or utilities such as grep, sed, awk, … It runs only your application and nothing else. Don’t expect to launch commands like docker run -it my-distroless-image something, it will fail with a message like this one:...

<span title='2022-02-13 00:00:00 +0000 UTC'>February 13, 2022</span>&nbsp;·&nbsp;4 min&nbsp;·&nbsp;JC