Skip to content

Instantly share code, notes, and snippets.

Paul Buonopane Zenexer

Block or report user

Report or block Zenexer

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@Zenexer
Zenexer / Firefox config.txt
Created Nov 15, 2019
Fix Firefox's smooth scrolling to have the same snappy feel as Chrome.
View Firefox config.txt
# Fix Firefox's smooth scrolling to have the same snappy feel as Chrome.
# Apply these in about:config.
general.smoothScroll.mouseWheel.durationMaxMS = 200
general.smoothScroll.mouseWheel.durationMinMS = 100
mousewheel.min_line_scroll_amount = 60
View 2018-02-12 CoreText crash fix.regex
{
(?#
# Adapted for PHP by Paul Buonopane of NamePros https://www.namepros.com/
# Based heavily on the following works:
# - https://manishearth.github.io/blog/2018/02/15/picking-apart-the-crashing-ios-string/
# - https://github.com/hackbunny/viramarama
#
# This PHP regex will match any string that contains Indic character
# combinations known to crash many iOS applications as of 11.2.5 and certain
# macOS combinations as of 10.13.3.
View Fix for Ubuntu 17.10 on WSL.md

Upgrading to Ubuntu 17.10 on WSL

Note: This workaround is no longer necessary in Windows 10 Insider build 17046 and later. As of 2018-02-07, the patch hasn't yet made it to stable.

  1. Upgrade with do-release-upgrade, as you normally would. It will error out and leave your system in a partially upgraded state.
  2. Close all WSL terminals and ensure that all WSL processes have terminated
  3. Run as a normal user (not root): wget -O - https://gist.githubusercontent.com/Zenexer/10bc12fa5c99848b4b2150184f6beee5/raw/ubuntu-fix.sh | sh -s
  4. Answer any prompts (sudo password, version disambiguation)
  5. If there are errors, resolve them and re-run the script. It is idempotent, meaning that it is safe to run any number of times, even if it only partially completes.
View bash.preinst.sh
#!/bin/sh
set -e
backup() {
if exists "$1"; then
cp -dp "$1" "$2" || return $?
fi
return 0
}
@Zenexer
Zenexer / Parsec vuln 140-1 CSRF.md
Last active Feb 15, 2018
Parsec CSRF vulnerability in version 140-1 and prior
View Parsec vuln 140-1 CSRF.md
@Zenexer
Zenexer / shadowbrokers.aREADME.md
Last active Apr 15, 2017
Technical observations from the Shadow Brokers leak
View shadowbrokers.aREADME.md

What is this?

These are portions of JSON responses from Yandex while browsing the latest Shadow Brokers leak. They include information about the uploads that isn't necessarily visible or easy to access from the web interface.

Observations

  1. The leak was released shortly after a Patch Tuesday and at the start of a holiday weekend.
  2. Uploader's account name: yurishitova
    1. The account doesn't show up anywhere else; it was likely created specifically for this purpose.
    2. My guess is that the name can be broken up into two words:
@Zenexer
Zenexer / 2016-04-27.md
Last active Mar 31, 2017
Log of GitLab security alerts
View 2016-04-27.md

Email pre-notice

We have discovered a critical security issue in all GitLab CE and EE versions from 8.2 to 8.7.

On Monday May 2, 2016 at 4:59pm PDT (23:59 GMT), we will publish new GitLab patch releases for all affected versions. We strongly recommend that all installations running a version mentioned above be upgraded as soon as possible after the release. Please forward this alert to the appropriate person at your organization and have them subscribe to Security Notices

The following versions are affected:

  • 8.7.0
@Zenexer
Zenexer / escapeshellrce.md
Last active Sep 10, 2019
Security Advisory: PHP's escapeshellcmd and escapeshellarg are insecure
View escapeshellrce.md

Paul Buonopane paul@namepros.com at NamePros
PGP: https://keybase.io/zenexer

I'm working on cleaning up this advisory so that it's more informative at a glance. Suggestions are welcome.

This advisory addresses the underlying PHP vulnerabilities behind Dawid Golunski's [CVE-2016-10033][CVE-2016-10033], [CVE-2016-10045][CVE-2016-10045], and [CVE-2016-10074][CVE-2016-10074]. It assumes prior understanding of these vulnerabilities.

This advisory does not yet have associated CVE identifiers.

Summary

View escapetest.c
// Compile with -std=c11
#include <stdlib.h>
#include <stdarg.h>
#include <stdio.h>
#include <inttypes.h>
#include <string.h>
#include <limits.h>
#define MAX_STR_LEN 4095
You can’t perform that action at this time.