Thomas Stockschläder stockime

Native Secure Enclave backed ssh keys on MacOS

It turns out that MacOS Tahoe can generate and use secure-enclave backed SSH keys! This replaces projects like https://github.com/maxgoedjen/secretive

There is a shared library /usr/lib/ssh-keychain.dylib that traditionally has been used to add smartcard support to ssh by implementing PKCS11Provider interface. However since recently it also implements SecurityKeyProivder which supports loading keys directly from the secure enclave! SecurityKeyProvider is what is normally used to talk to FIDO2 devices (e.g. libfido2 can be used to talk to your Yubikey). However you can now use it to talk to your Secure Enclave instead!

You MUST NOT try and generate a Rails app from scratch on your own by generating each file. For a NEW app you MUST use rails new first to generate all of the boilerplate files necessary.
Create an app in the current directory with rails new .
Use Tailwind CSS for styling. Use --css tailwind as an option on the rails new call to do this automatically.
Use Ruby 3.2+ and Rails 8.0+ practices.
Use the default Minitest approach for testing, do not use RSpec.
Default to using SQLite in development. rails new will do this automatically but take care if you write any custom SQL that it is SQLite compatible.
An app can be built with a devcontainer such as rails new myapp --devcontainer but only do this if requested directly.
Rails apps have a lot of directories to consider, such as app, config, db, etc.
Adhere to MVC conventions: singular model names (e.g., Product) map to plural tables (products); controllers are plural.
Guard against incapable browsers accessing controllers with `allo

the-keeper-iteration-2.mp4

	# Create a new worktree and branch from within current git directory.
	ga() {
	if [[ -z "$1" ]]; then
	echo "Usage: ga [branch name]"
	exit 1
	fi

	local branch="$1"
	local base="$(basename "$PWD")"
	local path="../${base}--${branch}"

	variant: flatcar
	version: 1.0.0
	kernel_arguments:
	should_exist:
	- flatcar.autologin
	passwd:
	users:
	- name: core
	ssh_authorized_keys:
	- "ssh-ed25519 T0r5c5h2exdqJOsFgoimZmnNGkOwHse6CkbMcGrW8pi0vxXbkgdmcRDIepuw EXAMPLE SSH KEY"

	#!/bin/bash
	# Script to update a firewall rule in a Hetzner Firewall with your current IP address.
	# Good if you would like to restrict SSH access only for your current IP address (secure).

	#################
	# WARNING: This script will overwrite all rules in the firewall rules, so make sure you
	# added all the required rules.
	# I use a separate firewall rule just for SSH access.
	#################

	# NOTE: partial content required for Gemfile

	gem "rails"
	gem "propshaft"
	gem "importmap-rails"
	gem "stimulus-rails"
	gem "tailwindcss-rails"

	gem "action_policy"

	import { Controller } from '@hotwired/stimulus'

	export default class extends Controller {
	static classes = ['highlight']

	connect () {
	this.element
	.querySelector(`a[name='${window.location.hash.slice(1)}']`)
	?.parentElement?.classList?.add(...this.highlightClasses)
	}

	# frozen_string_literal: true

	###############################################################################################
	# WHAT I SERIALIZE? #
	###############################################################################################

	# This scrip can help you to find what object types you need to witelist after CVE-2022-32224 update
	# AD: If you using StimulusJS then checkout my gem stimulus_tag_helper
	# https://rubygems.org/gems/stimulus_tag_helper
	# https://github.com/crawler/stimulus_tag_helper

	#!/usr/bin/env bash

	set -Eeuo pipefail
	trap cleanup SIGINT SIGTERM ERR EXIT

	script_dir=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P)

	usage() {
	cat <<EOF
	Usage: $(basename "${BASH_SOURCE[0]}") [-h] [-v] [-f] -p param_value arg1 [arg2...]