sscotth

# Why?
# To paste text into windows that normally don't allow it or have access to the clipboard.
# Examples: Virtual machines that do not yet have tools installed, websites that hijack paste
#
# Extended vs Simple?
# * Includes an initial delay to allow you to change active windows
# * Adds small delay between keypresses for slower responding windows like SSH sessions
# * Better handling of numbers
# * VMWare bug fix
#

jnovack

Proxy SSL Client Certificate through NGINX Load-Balancer

The frontend stream proxy_pass can be used for load-balancing without SSL off-loading. All SSL connections will be terminated on the backend and client certificate information can be properly authenticated.

This should be used in cases:

• you have enough CPU to decrypt SSL on the backend servers
• you require direct client AUTHENTICATION on the backend servers

Backend

rain-1

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

• Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
• Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
• Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
• Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
• Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

developit

An Alias to run Chrome with tracing enabled

For Chrome Canary:

alias hydra='/Applications/Google\ Chrome\ Canary.app/Contents/MacOS/Google\ Chrome\ Canary --no-sandbox --js-flags="--user-data-dir=/tmp/profile --trace-hydrogen --trace-phase=Z --trace-deopt --code-comments --hydrogen-track-positions --redirect-code-traces"'

For regular ol' Chrome:

markerikson

Cheng Lou - On the Spectrum of Abstraction

Cheng Lou, a former member of the React team, gave an incredible talk at React Europe 2016 entitled "On the Spectrum of Abstraction". That talk is available for viewing here: https://www.youtube.com/watch?v=mVVNJKv9esE

It's only a half-hour, but it is mind-blowing. It's worth re-watching two or three times, to let the ideas sink in.

I just rewatched the talk for some research, and wrote down a summary that's semi-transcript-ish. I didn't see any other transcripts for this talk, other than the auto-generated closed captions, so I wanted to share for reference.

Summary

varhub

Android - Enable ADB from recovery

Credits to @TheOnlyAnil-@Firelord[^stackoverflow]

• Requirements: a) stock recovery + rooted phone b) custom recovery

• Files changed:

ethack

It "types" the contents of the clipboard.

Why can't you just paste the contents you ask? Sometimes pasting just doesn't work.

• One example is in system password fields on OSX.
• Sometimes you're working in a VM and the clipboard isn't shared.
• Other times you're working via Remote Desktop and again, the clipboard doesn't work in password boxes such as the system login prompts.
• Connected via RDP and clipboard sharing is disabled and so is mounting of local drives. If the system doesn't have internet access there's no easy way to get things like payloads or Powershell scripts onto it... until now.

Windows

The Windows version is written in AutoHotKey and easily compiles to an executable. It's a single line script that maps Ctrl-Shift-V to type the clipboard.

DmitrySoshnikov

"Everything is an expression"... since ES1?

Many languages support "expression-only" semantics, allowing to use any construct in an expression position.

NOTE: the difference between expressions and statements is that the former produce a value, while the later don't.

For example, Ruby's if-expression:

x = 10

ivan-loh

# Plain Ol' Node
node --max-old-space-size=1024 app.js                     # increase to 1gb
node --max-old-space-size=2048 app.js                     # increase to 2gb
node --max-old-space-size=3072 app.js                     # increase to 3gb
node --max-old-space-size=4096 app.js                     # increase to 4gb
node --max-old-space-size=5120 app.js                     # increase to 5gb
node --max-old-space-size=6144 app.js                     # increase to 6gb

# For pm2
pm2 start app.js --node-args="--max-old-space-size=1024" # increase to 1gb

paulirish

What forces layout / reflow

All of the below properties or methods, when requested/called in JavaScript, will trigger the browser to synchronously calculate the style and layout*. This is also called reflow or layout thrashing, and is common performance bottleneck.

Generally, all APIs that synchronously provide layout metrics will trigger forced reflow / layout. Read on for additional cases and details.

Element APIs

Getting box metrics

• elem.offsetLeft, elem.offsetTop, elem.offsetWidth, elem.offsetHeight, elem.offsetParent