Skip to content

Instantly share code, notes, and snippets.

Avatar

Yana Timoshenko alpakido

View GitHub Profile
View trans.md

I'm writing this post to publicly come out as trans (specifically: I wish to transition to become a woman).

This post won't be as polished or edited as my usual posts, because that's kind of the point: I'm tired of having to edit myself to make myself acceptable to others.

I'm a bit scared to let people know that I'm trans, especially because I'm not yet in a position where I can transition (for reasons I don't want to share, at least not in public) and it's really shameful. However, I'm getting really

@soatok
soatok / README.md
Last active Dec 11, 2021
Proctorio .7z deobfuscation script
View README.md
@raysan5
raysan5 / custom_game_engines_small_study.md
Last active Jan 14, 2022
A small state-of-the-art study on custom engines
View custom_game_engines_small_study.md

CUSTOM GAME ENGINES: A Small Study

a_plague_tale

A couple of weeks ago I played (and finished) A Plague Tale, a game by Asobo Studio. I was really captivated by the game, not only by the beautiful graphics but also by the story and the locations in the game. I decided to investigate a bit about the game tech and I was surprised to see it was developed with a custom engine by a relatively small studio. I know there are some companies using custom engines but it's very difficult to find a detailed market study with that kind of information curated and updated. So this article.

Nowadays lots of companies choose engines like Unreal or Unity for their games (or that's what lot of people think) because d

@jneen
jneen / audio.sh
Created Apr 16, 2020
THE ONE TRUE SETUP
View audio.sh
#!/bin/bash
export AUDIO_DEFAULT_CAPTURE=hw:PCH
export AUDIO_DEFAULT_PLAYBACK=hw:PCH
execd() {
echo "$@" >&2
"$@"
}
@nstarke
nstarke / netgear-private-key-disclosure.md
Last active Sep 8, 2021
Netgear TLS Private Key Disclosure through Device Firmware Images
View netgear-private-key-disclosure.md

Netgear Signed TLS Cert Private Key Disclosure

Overview

There are at least two valid, signed TLS certificates that are bundled with publicly available Netgear device firmware.

These certificates are trusted by browsers on all platforms, but will surely be added to revocation lists shortly.

The firmware images that contained these certificates along with their private keys were publicly available for download through Netgear's support website, without authentication; thus anyone in the world could have retrieved these keys.

@maxidorius
maxidorius / notes.md
Last active Dec 8, 2021
Notes on privacy and data collection of Matrix.org
View notes.md

Notes on privacy and data collection of Matrix.org


This version of the document is no longer canonical. You can find the canonical version hosted at Gitlab and Github.

PART 2 IS OUT, INCLUDING THE DISCLOSURE OF A GLOBAL FEDERATION DATA LEAK, AND THE ANATOMY OF A GDPR DATA REQUEST HANDLED BY MATRIX.ORG. SEE THE REPOS ABOVE.

@atoponce
atoponce / examples.md
Last active Apr 16, 2021
Best practices for examples in documentation
View examples.md

Reserved Examples

Below are examples for best practices that have been set aside specifically for writing documentation, fictional stories, source code, or anything else where an example needs to be given without the fear of resolving to an actual phone number, domain, website, etc.

Domain Names

In 1999, the "example.com" domains have been set aside by the IETF in RFC 2606 specifically for documentation and source code. They include example.com, example.net, and example.org. The example.edu domain was added by ICANN in 2000. Later, the ".example" top-level domain name has since been added explicitly for documentation purposes.

While the pseudo-top-level domain ".local" carries no meaning, it is commonly deployed in multicast DNS, local DNS, and private networks. While it too could be used for documentation, it's better left alone, and to use the "example.com" and ".example" domains.

Example

If you wanted to document getting a specific resource via a REST API

@thestinger
thestinger / Linux ASLR comparison.md
Last active Nov 8, 2021
Comparing ASLR between mainline Linux, grsecurity and linux-hardened
View Linux ASLR comparison.md

These results are with glibc malloc on x86_64. The last public PaX and grsecurity patches don't support arm64 which is one of the two architectures (x86_64 kernels including x32/x86_32 and arm64 kernels including armv7 userspace) focused on by linux-hardened. There isn't anything other than x86_64 to compare across all 3 kernels although linux-hardened has the same end result for both x86_64 and arm64 (with slightly different starting points) and there are few mainline differences. The linux-hardened implementation of ASLR is a very minimal modification of the mainline implementation to fix the weaknesses compared to grsecurity. The intention is to upstream all of these changes, although care needs to be taken to properly justify them to avoid getting anything rejected unnecessarily.

Explanation of differences between kernels:

  • Mainline and linux-hardened base randomization entropy for the mmap base and executable to the vm.mmap_rnd_bits sysctl for 64-bit and
@ageis
ageis / systemd_service_hardening.md
Last active Jan 17, 2022
Options for hardening systemd service units
View systemd_service_hardening.md

security and hardening options for systemd service units

A common and reliable pattern in service unit files is thus:

NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
ProtectSystem=strict
@ericclemmons
ericclemmons / example.md
Last active Jan 16, 2022
HTML5 <details> in GitHub
View example.md

Using <details> in GitHub

Suppose you're opening an issue and there's a lot noisey logs that may be useful.

Rather than wrecking readability, wrap it in a <details> tag!

<details>
 <summary>Summary Goes Here</summary>