Skip to content

Instantly share code, notes, and snippets.

Avatar

Filippo Valsorda FiloSottile

View GitHub Profile
@Wack0
Wack0 / gist:17c56b77a90073be81d3
Last active Jul 23, 2021
It's not just superfish that's the problem.
View gist:17c56b77a90073be81d3
Superfish uses an SDK from Komodia to do SSL MITM. That's probably known by now.
Superfish isn't the only product to use that sdk. there's others too.
Each product that uses the Komodia SDK to MITM, has its OWN CA cert and private
key pair. Seems a lot of people think they all use the superfish cert. That is
NOT the case.
First thing I checked was komodia's own parental control software,
Keep My Family Secure. (mentioned on komodia's own website).
@Drakulix
Drakulix / mingw-w64-3.10-osx10.9.sh
Last active Jan 9, 2020
Script to install a Mingw-w64 Cross-Compiler Suite on Mac OS X 10.9
View mingw-w64-3.10-osx10.9.sh
#!/bin/sh
# dependencies
echo "Installing dependencies via Homebrew (http://brew.sh)"
ruby -e "$(curl -fsSL https://raw.github.com/Homebrew/homebrew/go/install)"
brew update
brew install gcc48
View bounty.txt
GitHub RCE by Environment variable injection Bug Bounty writeup
Disclaimer: I'll keep this really short but I hope you'll get the key points.
GitHub blogged a while ago about some internal tool called gerve:
https://github.com/blog/530-how-we-made-github-fast
Upon git+sshing to github.com gerve basically looks up your permission
on the repo you want to interact with. Then it bounces you further in
another forced SSH session to the back end where the repo actually is.
@alexkingorg
alexkingorg / spam-comment-script.txt
Created Dec 22, 2013
A spam comment script with replacement clauses intact - accidentally submitted in it's entirety to my site.
View spam-comment-script.txt
{
{I have|I've} been {surfing|browsing} online more than {three|3|2|4} hours today, yet I never found any interesting article like yours. {It's|It is} pretty worth enough for me. {In my opinion|Personally|In my view}, if all {webmasters|site owners|website owners|web owners} and bloggers made good content as you did, the {internet|net|web} will be {much more|a lot more} useful than ever before.|
I {couldn't|could not} {resist|refrain from} commenting. {Very well|Perfectly|Well|Exceptionally well} written!|
{I will|I'll} {right away|immediately} {take hold of|grab|clutch|grasp|seize|snatch} your {rss|rss feed} as I {can not|can't} {in finding|find|to find} your {email|e-mail} subscription {link|hyperlink} or {newsletter|e-newsletter} service. Do {you have|you've} any? {Please|Kindly} {allow|permit|let} me {realize|recognize|understand|recognise|know} {so that|in order that} I {may just|may|could} subscribe. Thanks.|
{It is|It's} {appropriate|perfect|the best} time to make some plans for the future and {it is|i
View phiharmonics.md

Dear Phiharmonics,

There are a lot of wireless devices in my home and at my workplace and I believe they sometimes interfere with my research. I have some questions about whether your wi-fi energy dots could help me out in harmonizing my living spaces.

1.) What is the effective range of the harmonizing? Do they ever need to be replaced? If so, does more wifi wear them out faster?

2.) Is the harmonizing compatible with all of the IEEE 802.11 wireless standards or only b/g? And Bluetooth?

3.) They look like they're made of copper but you don't specify what, exactly, they are or what's in them. Do they still work if adhered to a conductive surface? Is it okay if they get wet?

@grantslatton
grantslatton / hngen.py
Last active May 15, 2021
A program that uses Markov chains to generate probabilistic Hacker News titles.
View hngen.py
import urllib2
import re
import sys
from collections import defaultdict
from random import random
"""
PLEASE DO NOT RUN THIS QUOTED CODE FOR THE SAKE OF daemonology's SERVER, IT IS
NOT MY SERVER AND I FEEL BAD FOR ABUSING IT. JUST GET THE RESULTS OF THE
CRAWL HERE: http://pastebin.com/raw.php?i=nqpsnTtW AND SAVE THEM TO "archive.txt"
@philfreo
philfreo / gist:7257723
Created Oct 31, 2013
Facebook Perl source code from 2005. When browsing around thefacebook.com in 2005 the server spit out some server-side source code rather than running it. I believe this was for their old graph feature that let you visualize the graph between all your friends. The filename is `mygraph.svgz` and contains some gems such as a commented out "zuck" d…
View gist:7257723
#!/usr/bin/perl
use Mysql;
use strict;
use vars qw($school_name);
use vars qw($pass);
require "./cgi-lib.pl";
View gist:5760270

Guide to how fucked is SSL?

Thanks to Jacob Kaplan-Moss, Donald Stufft, David Reid, Allen Short, Zain Memon, and Chris Armstrong for review.

This is a guide for technical individuals to understand in what circumstances SSL communications are secure against an observer-in-the-middle (for all intents and purposes: the NSA).

@shanselman
shanselman / gist:5422230
Last active Jul 31, 2021
Evil Blog Comment Spammer just exposed his template through some error and the whole thing showed up in my comments.
View gist:5422230
{
{I have|I've} been {surfing|browsing} online more than {three|3|2|4} hours today, yet I never found any interesting article like yours. {It's|It
is} pretty worth enough for me. {In my opinion|Personally|In my view}, if all {webmasters|site owners|website owners|web owners} and bloggers made good content as
you did, the {internet|net|web} will be {much more|a lot more}
useful than ever before.|
I {couldn't|could not} {resist|refrain from} commenting. {Very well|Perfectly|Well|Exceptionally well} written!|
{I will|I'll} {right away|immediately} {take hold of|grab|clutch|grasp|seize|snatch}
your {rss|rss feed} as I {can not|can't} {in finding|find|to find} your {email|e-mail} subscription {link|hyperlink} or {newsletter|e-newsletter} service. Do {you have|you've} any?
{Please|Kindly} {allow|permit|let} me {realize|recognize|understand|recognise|know} {so that|in order that} I {may just|may|could} subscribe.
Thanks.|
@joyrexus
joyrexus / demo.txt
Last active Oct 19, 2018
Demonstrate how to extract and run code blocks from *.lang.md* files.
View demo.txt
% marko.coffee -x try.python.md > try.py
% python try.py
hello world!
yes!
% marko.coffee -x try.python.md | python -s
hello world!
yes!