Socheat socheatsok78

brew is a bad neighbor

This isn't a guide about locking down homebrew so that it can't touch the rest of your system security-wise.

This guide doesn't fix the inherent security issues of a package management system that will literally yell at you if you try to do something about "huh, maybe it's not great my executables are writeable by my account without requiring authorization first".

But it absolutely is a guide about shoving it into its own little corner so that you can take it or leave it as you see fit, instead of just letting the project do what it likes like completely taking over permissions and ownership of a directory that might be in use by other software on your Mac and stomping all over their contents.

By following this guide you will:

Never have to run sudo to forcefully change permissions of some directory to be owned by your account

Pure ESM package

The package that linked you here is now pure ESM. It cannot be require()'d from CommonJS.

This means you have the following choices:

Use ESM yourself. (preferred)
Use import foo from 'foo' instead of const foo = require('foo') to import the package. You also need to put "type": "module" in your package.json and more. Follow the below guide.
If the package is used in an async context, you could use await import(…) from CommonJS instead of require(…).
Stay on the existing version of the package until you can move to ESM.

Nginx TLS SNI routing, based on subdomain pattern

Nginx can be configured to route to a backend, based on the server's domain name, which is included in the SSL/TLS handshake (Server Name Indication, SNI).
This works for http upstream servers, but also for other protocols, that can be secured with TLS.

prerequisites

at least nginx 1.15.9 to use variables in ssl_certificate and ssl_certificate_key.
check nginx -V for the following:
```
...
TLS SNI support enabled
```

Vue: Pass Slots through from Parent to Child Components

The Situation

We've got some components A, B and C which provide different slots.

const A = {
  template: `<div><slot name="a">Default A Content</slot></div>`
}

const B = {

How to create an HTTPS certificate for localhost domains

This focuses on generating the certificates for loading local virtual hosts hosted on your computer, for development only.

Do not use self-signed certificates in production ! For online certificates, use Let's Encrypt instead (tutorial).

Google Public NTP [AS15169]:

time.google.com

time1.google.com

time2.google.com

time3.google.com

Installing cloud-init on a fresh Raspbian Lite image

This is a work in Progress!

Purpose

This mainly demonstrates my goal of preparing a Raspberry Pi to be provisioned prior to its first boot. To do this I have chosen to use the same cloud-init that is the standard for provisioning servers at Amazon EC2, Microsoft Azure, OpenStack, etc.

I found this to be quite challenging because there is little information available for using cloud-init without a cloud. So, this project also servers as a demonstration for anyone on any version of Linux who may want to install from source, and/or use without a cloud. If you fall into that later group, you probably just want to read the code. It's bash so everything I do, you could also do at the command line. (Even the for loop.)

	const LOOKUP =
	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";

	export function encodeBase64(buffer) {
	const view = new Uint8Array(buffer);
	let out = [];
	for (let i = 0; i < view.length; i += 3) {
	const [b1, b2 = 0x10000, b3 = 0x10000] = view.subarray(i, i + 3);
	out.push(
	b1 >> 2,

	#!/bin/bash

	# Script is needed because my default firewall rules are messed up and after
	# every restart, docker containers can't make connections to the host, notably
	# preventing debuggers like xdebug from attaching.

	# If networking fails in your containers but works in others, rm and re-create the
	# docker network that container is bound to.

	set -euo pipefail