Skip to content

Instantly share code, notes, and snippets.

I may be slow to respond.


I may be slow to respond.
View GitHub Profile
paulirish / asciiify-the-canvas.js
Last active Jul 24, 2021
ascii rendering of a canvas
View asciiify-the-canvas.js
// works great on about:dino
// 1. save this file to your snippets.
// 2. load about:dino
// 3. evaluate the snippet
// 4. hit up arrow to trigger the game.
// 5. profit
(function() {
perfnow =;
dieudv / get-facebook-token-console-android.js
Last active Dec 17, 2020
Press F12 -> Console and patse this code for android or for ios. (Cre: dieudv)
View get-facebook-token-console-android.js
var email = "youremail";
var password = "yourpassword";
var BASE_URL = "";
var API_SECRET = "62f8ce9f74b12f84c123cc23437a4a32";
var md5 = function(d){result = M(V(Y(X(d),8*d.length)));return result.toLowerCase()};function M(d){for(var _,m="0123456789ABCDEF",f="",r=0;r<d.length;r++)_=d.charCodeAt(r),f+=m.charAt(_>>>4&15)+m.charAt(15&_);return f}function X(d){for(var _=Array(d.length>>2),m=0;m<_.length;m++)_[m]=0;for(m=0;m<8*d.length;m+=8)_[m>>5]|=(255&d.charCodeAt(m/8))<<m%32;return _}function V(d){for(var _="",m=0;m<32*d.length;m+=8)_+=String.fromCharCode(d[m>>5]>>>m%32&255);return _}function Y(d,_){d[_>>5]|=128<<_%32,d[14+(_+64>>>9<<4)]=_;for(var m=1732584193,f=-271733879,r=-1732584194,i=271733878,n=0;n<d.length;n+=16){var h=m,t=f,g=r,e=i;f=md5_ii(f=md5_ii(f=md5_ii(f=md5_ii(f=md5_hh(f=md5_hh(f=md5_hh(f=md5_hh(f=md5_gg(f=md5_gg(f=md5_gg(f=md5_gg(f=md5_ff(f=md5_ff(f=md5_ff(f=md5_ff(f,r=md5_ff(r,i=md5_ff(i,m=md5_ff(m,f,r,i,d[n+0],7,-680876936),f,r,d[n+1],12,-389564586),m,
View minimal-analytics-snippet.js
(function (context, trackingId, options) {
const history = context.history;
const doc = document;
const nav = navigator || {};
const storage = localStorage;
const encode = encodeURIComponent;
const pushState = history.pushState;
const typeException = 'exception';
const generateId = () => Math.random().toString(36);
const getId = () => {
View gist:fd9820e65b1bafe9834b8b9175ec0fa9
git rm -r --cached .
git add .
git commit -m ".gitignore is now working"
Rich-Harris /
Last active Sep 16, 2021
Top-level `await` is a footgun

Edit — February 2019

This gist had a far larger impact than I imagined it would, and apparently people are still finding it, so a quick update:

  • TC39 is currently moving forward with a slightly different version of TLA, referred to as 'variant B', in which a module with TLA doesn't block sibling execution. This vastly reduces the danger of parallelizable work happening in serial and thereby delaying startup, which was the concern that motivated me to write this gist
  • In the wild, we're seeing (async main(){...}()) as a substitute for TLA. This completely eliminates the blocking problem (yay!) but it's less powerful, and harder to statically analyse (boo). In other words the lack of TLA is causing real problems
  • Therefore, a version of TLA that solves the original issue is a valuable addition to the language, and I'm in full support of the current proposal, which you can read here.

I'll leave the rest of this document unedited, for archaeological

View UACBypass.ps1
function Invoke-UACBypass {
Bypasses UAC on Windows 10 by abusing the SilentCleanup task to win a race condition, allowing for a DLL hijack without a privileged file copy.
Author: Matthew Graeber (@mattifestation), Matt Nelson (@enigma0x3)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
cinoss /
Created Apr 6, 2016
Remove Vietnamese Accents - Xoá dấu tiếng việt in Python
s1 = u'ÀÁÂÃÈÉÊÌÍÒÓÔÕÙÚÝàáâãèéêìíòóôõùúýĂăĐđĨĩŨũƠơƯưẠạẢảẤấẦầẨẩẪẫẬậẮắẰằẲẳẴẵẶặẸẹẺẻẼẽẾếỀềỂểỄễỆệỈỉỊịỌọỎỏỐốỒồỔổỖỗỘộỚớỜờỞởỠỡỢợỤụỦủỨứỪừỬửỮữỰựỲỳỴỵỶỷỸỹ'
s0 = u'AAAAEEEIIOOOOUUYaaaaeeeiioooouuyAaDdIiUuOoUuAaAaAaAaAaAaAaAaAaAaAaAaEeEeEeEeEeEeEeEeIiIiOoOoOoOoOoOoOoOoOoOoOoOoUuUuUuUuUuUuUuYyYyYyYy'
def remove_accents(input_str):
s = ''
print input_str.encode('utf-8')
for c in input_str:
if c in s1:
s += s0[s1.index(c)]
s += c
alirobe / reclaimWindows10.ps1
Last active Sep 23, 2021
This Windows 10 Setup Script turns off a bunch of unnecessary Windows 10 telemetery, bloatware, & privacy things. Not guaranteed to catch everything. Review and tweak before running. Reboot after running. Scripts for reversing are included and commented. Fork of (different defaults). N.…
View reclaimWindows10.ps1
# Tweaked Win10 Initial Setup Script
# Primary Author: Disassembler <>
# Modified by: alirobe <> based on my personal preferences.
# Version: 2.20.2, 2018-09-14
# Primary Author Source:
# Tweaked Source:
# Tweak difference:
# @alirobe's version is a subset focused on safely disabling telemetry, some 'smart' features and 3rd party bloat ...
timruffles /
Last active Nov 21, 2020
Chrome/Gmail attack received 11/03/2016. Not sure if the Chrome meta refresh + data:text,html technique is novel.

The following attack will display a "you've been signed out" page for GMail, and attempt to steal your account credentials.


I received an email in my GMail inbox with a fake attachment image, styled to look like the real GMail attachment UI:


This linked to a page that ended up displaying a fake "you've been signed out" link, via the data:text/html... URL feature of Chrome:

import speech_recognition
import pyttsx
speech_engine = pyttsx.init('sapi5') # see
speech_engine.setProperty('rate', 150)
def speak(text):