Simon Schürg schuerg

How to keep using adblockers on chrome and chromium

google's manifest v3 has no analouge to the webRequestBlocking API, which is neccesary for (effective) adblockers to work
starting in chrome version 127, the transition to mv3 will start cutting off the use of mv2 extensions alltogether
this will inevitably piss of enterprises when their extensions don't work, so the ExtensionManifestV2Availability key was added and will presumably stay forever after enterprises complain enough

You can use this as a regular user, which will let you keep your mv2 extensions even after they're supposed to stop working

Linux

In a terminal, run:

luks-tpm2-dracut-systemd-cryptenroll.md

This documents how to add a TPM2-backed key to an existing LUKS root partition, first done with EndeavourOS in June 2023. In particular, it covers the dracut (instead of mkinitcpio) and systemd-cryptenroll (instead of clevis). Previously, we used clevis but this was slow to act while booting.

Have a LUKS partition using LUKS2. If you're using LUKS1, this can be upgraded with sudo cryptsetup convert --type luks2 /dev/nvme. If you've previously used clevis, this may leave metadata which breaks the upgrade. This can be removed with sudo luksmeta nuke -d /dev/nvme.
Add the tpm2-tss module to dracut by creating /etc/drcaut.conf.d/tpm.conf with the following content:

Sandbox Escape in [email protected] via `Promise[@@species]`

Summary

In vm2 for versions up to 3.9.19, Promise handler sanitization can be bypassed with @@species accessor property allowing attackers to escape the sandbox and run arbitrary code.

Proof of Concept

Pure ESM package

The package that linked you here is now pure ESM. It cannot be require()'d from CommonJS.

This means you have the following choices:

Use ESM yourself. (preferred)
Use import foo from 'foo' instead of const foo = require('foo') to import the package. You also need to put "type": "module" in your package.json and more. Follow the below guide.
If the package is used in an async context, you could use await import(…) from CommonJS instead of require(…).
Stay on the existing version of the package until you can move to ESM.

Intro

This note describes how to connect two networks/devices/VMs over public network using Wireguard with Layer 2 support (ARP, IPv6 link-local, etc).

This can also be achieved using SSH and its "tap" tunnel, however, it does not provide the same level of latency and bandwidth as full-blown VPN such as Wireguard.

In addition, this note describes how to tunnel Wireguard over TCP connection. This may be of use if you encounter firewall in-between so, for instance, you can use TCP port 443 only.

Objective

Encrypted Btrfs storage setup and maintenance guide

Initial setup with LUKS/dm-crypt

This exemplary initial setup uses two devices /dev/sdb and /dev/sdc but can be applied to any amount of devices by following the steps with additional devices.

Create keyfile:

dd bs=64 count=1 if=/dev/urandom of=/etc/cryptkey iflag=fullblock
chmod 600 /etc/cryptkey

	openapi: 3.0.2
	info:
	title: Keycloak Account API
	version: 20.0.3
	description: \|
	Derived from the code at https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/services/resources/account/AccountRestService.java
	components:
	securitySchemes:
	access_token:
	type: http

	#!/usr/bin/env bash
	set -euo pipefail
	IFS=$'\n\t'

	PVCS=(
	"src-kubeconfig1/src-ctx1/src-ns1/src-pvc1:dest-kubeconfig1/dest-ctx1/dest-ns1/dest-pvc1"
	"src-kubeconfig2/src-ctx2/src-ns2/src-pvc2:dest-kubeconfig2/dest-ctx2/dest-ns2/dest-pvc2"
	"src-kubeconfig3/src-ctx3/src-ns3/src-pvc3:dest-kubeconfig3/dest-ctx3/dest-ns3/dest-pvc3"
	)

	#!/usr/bin/env bash

	set -e
	set -u
	set -o pipefail

	show_help() {
	cat << EOF
	Usage: $(basename "$0") <options>
	-h, --help Display help

	#!/usr/bin/env bash
	#
	# Author: Markus (MawKKe) [email protected]
	# Date: 2018-03-19
	#
	#
	# What?
	#
	# Linux dm-crypt + dm-integrity + dm-raid (RAID1)
	#