Skip to content

Instantly share code, notes, and snippets.

Filippo Valsorda FiloSottile

Block or report user

Report or block FiloSottile

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@jasongill
jasongill / gist:2523147
Created Apr 29, 2012
WooThemes WooFramework exploit: Execute any shortcode as an unauthenticated visitor
View gist:2523147

Update: WooThemes has now bumped their version number and fixed the update bug so please click "Update Framework" inside of the WordPress Admin to grab and install the latest version which patches this bug. - April 29, 10:40am EST

Update: WooThemes says that this is fixed in their latest patch, released just prior to their sever hack event this week. However, it appears that their server hack also broke the "Update Framework" function in their themes, so the patch isn't reliably available to existing customers. Additionally, their demo server remains unpatched. See my comments below for more details. - April 29, 10am EST

The latest version (and most likely many previous versions) of the WooThemes WooFramework has a bug that allows any website visitor to run and see the output of any shortcode. This gives unauthenticated visitors the same power to execute code on the server as regular publishers have. WordPress installations with unsecured shortcodes (such as [php] which allows raw PHP code to be

@FiloSottile
FiloSottile / rasterize.js
Created May 12, 2012
PhantomJS rasterize.js with "Retina" output
View rasterize.js
var page = require('webpage').create(),
address, output, size;
if (phantom.args.length < 2 || phantom.args.length > 3) {
console.log('Usage: rasterize.js URL filename');
phantom.exit();
} else {
address = phantom.args[0];
output = phantom.args[1];
page.viewportSize = { width: 1280, height: 1024 };
@FiloSottile
FiloSottile / gist:2667279
Created May 12, 2012
Render only an element with PhantomJS
View gist:2667279
page.clipRect = page.evaluate(function() {
return document.getElementById(ELEMENT_ID).getBoundingClientRect();
});
@jboner
jboner / latency.txt
Last active Nov 14, 2019
Latency Numbers Every Programmer Should Know
View latency.txt
Latency Comparison Numbers (~2012)
----------------------------------
L1 cache reference 0.5 ns
Branch mispredict 5 ns
L2 cache reference 7 ns 14x L1 cache
Mutex lock/unlock 25 ns
Main memory reference 100 ns 20x L2 cache, 200x L1 cache
Compress 1K bytes with Zippy 3,000 ns 3 us
Send 1K bytes over 1 Gbps network 10,000 ns 10 us
Read 4K randomly from SSD* 150,000 ns 150 us ~1GB/sec SSD
@jedschneider
jedschneider / gh-pages-tips.md
Created Jun 7, 2012
github pages tips for jekyll wiki
View gh-pages-tips.md

Working With Github Pages

The FAQ maintained by Github covers most stumbling blocks, some other tips and tricks supplied here.

Gitignore

Add _site to .gitignore. The generated site should not be uploaded to Github since its gets generated by github.

Working With Code Partials

@FiloSottile
FiloSottile / .ArmoryRPi.md
Created Sep 5, 2012
Building the Armory Bitcoin client for the Raspberry Pi
View .ArmoryRPi.md

Armory on the RPi

Building the Armory Bitcoin client for the Raspberry Pi

This is how I got Armory (etotheipi/BitcoinArmory; http://bitcoinarmory.com/) cross-compiled for the Raspberry Pi.

This is a great way to keep an air-gapped offline wallet for only $30 dollars for the RPi (that you can also use for other things; experiment, it's awesome) and $7 for a Class 10 4GB SD card, really easy to keep in a safe and secret place.

Dependencies

View README.md

agnoster.zsh-theme

A ZSH theme optimized for people who use:

  • Solarized
  • Git
  • Unicode-compatible fonts and terminals (I use iTerm2 + Menlo)

For Mac users, I highly recommend iTerm 2 + Solarized Dark

@FiloSottile
FiloSottile / La Coscienza di un Hacker
Last active Jun 27, 2019
Traduzione in italiano dell'Hacker Manifesto
View La Coscienza di un Hacker
Questa è una traduzione in italiano del celebre Hacker Manifesto. Tutte quelle
esistenti contengono grossolani errori, perlopiù dovuti ad una carente
comprensione della materia e del periodo, o in ogni caso sono poco fedeli al
contenuto e allo spirito dell'originale. Mi auguro che questa mia traduzione non
soffra degli stessi problemi. Sail strong.
-- FiloSottile
****
Da: Phrack, Volume Uno, Issue 7, Phile 3 of 10
View glyphicons-halflings
data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAdUAAACfCAQAAAAFBIvCAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAMaFJREFUeNrtfW1sXEW6pleytF7JurZEJHxuHHcn/qA7dn/Rjsc4jW0w+ZhrPGbZONmAsw4TPMtoMySIDCASCAxiLG1u5KDMDaMg0pMRF7jXEr6rMPHeH0wgWWA2cycdPgYUrFECAby/rh237p/9U/u+p7r6nG6fU/VWpzsxS71Hidv2c+rUqfM+VW+9x/VUVZUxY8aWnVl11rzF7GPe+WEm96PCI0MscNiaxBIUuD5r2roMF5+2+pZVg0xXCg8tc8ZuxzNWnXG8635Omv6j72/WGPxj6Mf4Sbt+TMUAGxWje//gLQnG+vFIOCVf6O+dTbLCo3f2Qr/isjZFV7LVLMSicIa8GYKsncVZAv4PMiutKFmz67AC8ECg77Em4fNBuy+atgKkBo61M2tY44Fo4BvfjdgtGWGN76ofs9dBwAfU6Dw+UPiVjCdcwaObSss7KPh9hiMAm1F6hJb/lICHOjTD/SVtP25mom50SyoYwK+y5mzLOUrJ2NoroUTe7kmn/Vl1MVmRqKxaXpygKB5dWVlFrb5mQOydwB7i0J6ubFjh7npdh1XXdKUdEAmoj3W5Db4m4QE1LVCapO1XgH2D/kB08JF83SNM9ZhZf5I9+7Rz8J/I3IIfrMb5LHcjByu+UvGUKxQ/kcaLYdZ40f8JWOkw+A4iEBtlYSmddP1HFw/dKtShd1YQrncW61ZeqsIAcmYleEIEKAhx1ry8ND6aFh/8V9VHtiPdBPGObFcRVTzQgcz40RO7WEpW0ba3k2z3i6zBvlL9xO4ka/1EVnLTSa+uo+mkNzrwWDyPcz4lWOAxAp2+TrKORXoPGvm6d5aKpzt50u4573rAOfhP1CUXfpbjl36l4XWpysmXBCr6PbGqqsTnSRvReJFj4Xl9rvYfHFko/qPrb9
@nikcub
nikcub / README.md
Created Oct 4, 2012
Facebook PHP Source Code from August 2007
View README.md
You can’t perform that action at this time.