Skip to content

Instantly share code, notes, and snippets.

Avatar
🍎
Eaten

apple502j apple502j

🍎
Eaten
View GitHub Profile
@apple502j
apple502j / coinhive.md
Last active Jan 22, 2022
TL;DR: It was a battle between us, the enginners who advocate for technology advancements, and the police. And we won.
View coinhive.md

What's the Coinhive case? Why was it important?

TL;DR: It was a battle between us, the enginners who advocate for technology advancements, and the police. And we won.

The Beginning

On March 2018, after raiding his home and some interrogations (some of which was criticized - see later), the Kanagawa Police in Japan charged a web designer (@moro_is on Twitter) for violating the Penal Code. For violating Article 168-3, titled "Acquisition of Electronic or Magnetic Records Containing Unauthorized Commands".

The program in question was one line of HTML tag, that loaded the Coinhive script, a cryptominer. The summary court sentenced him to fine of 100,000 yen - around $940. He could just pay the fine, like many others who got prosecuted for the same "crime". But he instead contacted the lawyer - on March 29th. He had about 2 weeks to object to the summary court's decision and request a formal trial.

The news spread quickly - and many people expressed their concerns on how this could go badly. While cryptomi

@apple502j
apple502j / mc-private-bugs.md
Last active Jan 21, 2022
MC private bugs of public knowledge
View mc-private-bugs.md
View security-guide-for-dpy.md

Security Guide for Discord Bots using discord.py

Discord bots, just like web servers, deal with untrusted data. Most of those bots implement interactive commands, which makes the attack surface significantly larger. This guide is to improve security of Discord bots.

Security is usually represented by the three elements of CIA (not related to the agency) - Confidentiality, Integrity, and Availability.

  • Confidentiality: Protecting your secrets (and others' secrets) from attackers. "Secrets" include your bot token, message contents and other PII, files stored on your computer and other private data.
  • Integrity: Protecting your data from manipulation by attackers. "Manipulation" can vary from compromising the host computer to improper permissions/roles assignment or data spoofing/tampering (e.g. cheating in a chess game to obtain points).
  • Availability: Protecting your bot from crashes or similar situations. Examples include infinite loop, blocking codes and error handling issues.

Here are some tips to im

View howto-bring-back-old-mcwiki.md

How to Bring Back the Old Minecraft Wiki (sort of) - Firefox Edition

  1. Install Redirector extension.
  2. Go to your extension page (about:addons)
  3. Click "Redirector"
  4. Click "Options"
  5. Click "Edit Redirects"
  6. Add redirects as shown below. Pattern type is all "Regular Expression". Advanced options are not used. If you haven't used Redirector before, you can instead just import the settings (see below for the JSON file)
  7. Install uBlock Origin extension.
  8. Go to your extension page (about:addons)
  9. Click "uBlock Origin"
View breaking-changes-dpy.md

Breaking Changes of discord.py 2.0

These are the breaking changes of discord.py version 2.0.

"Breaking change" includes:

  • [R]emoval: a feature is removed.
  • [N]ame changes: a feature is renamed.
  • [B]ehavior: something does not behave the way they did in 1.x.
  • [T]yping: types of arguments, attributes or return values changes in an incompatible way. (e.g. None disallowed for argument)
  • [S]yntax: a syntax previously allowed for an operation is no longer allowed. (e.g. positional only arguments, new required arguments)
View cve-desc.md

CVE Description Templates by CNA

Microsoft before 2020

A <Impact> exists when <Product> <Bug>, aka '<Product> <Impact> Vulnerability'.

<Impact> is one of: "remote code execution", "elevation of privilege", "spoofing", "denial of service", "information disclosure", "cross site scripting", "security feature bypass".

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'. (CVE-2020-1472)

View animated-text-issues.md

Animated Text issues

  • animated-text blocks yield using Promise.resolve() instead of runtime.requestRedraw() (which is better for handling turbo/warp, see also vm#2079 for similar issues)
  • setFoot doesn't Cast.toString
  • setColor accepts any CSS color. Is it cool enough that we can keep?
  • rainbow clears existing color effect
  • _onTargetCreated can use once instead of on+off
  • use-after-destroy: crash with zoom effect when a target is being removed

zoom use after destroy

View animated-text.js
class Scratch3TextBlocks{
constructor (runtime){
/**
* The runtime instantiating this block package.
* @type {Runtime}
*/
this.runtime = runtime;
this._onTargetWillExit = this._onTargetWillExit.bind(this);
this.runtime.on('targetWasRemoved', this._onTargetWillExit);
this._onTargetCreated = this._onTargetCreated.bind(this);
View face-recognition.js
class Scratch3FaceSensingBlocks {
constructor (runtime) {
/**
* The runtime instantiating this block package.
* @type {Runtime}
*/
this.runtime = runtime;
this.runtime.emit('EXTENSION_DATA_LOADING', true);
Blazeface.load().then(model => {
this.blazeface = model;
View dont-load.js
// ==UserScript==
// @name Don't Load Project
// @description Do not load project when reading comments
// @author apple502j
// @match https://scratch.mit.edu/projects/*
// ==/UserScript==
// Credit to Florrie
const destroyGUI = () => {
const oldMap = Array.prototype.map;