Archis archisgore

## Shore-accessible wrecks
[
{
  "id": "LW107",
  "name": "Dowell",
  "lat": "47.630226",
  "lng": "-122.270691",
  "explored": "YES",
  "depth": "-59.20",
  "desc": "Wreck",
  "documented": "YES",

## forproc

function filter_pids() {
    oifs="$IFS"
    IFS=$'\n'
    for stuff in $1; do
        if [[ -f $stuff/cmdline ]]; then
            echo "$stuff"
        fi
    done
    IFS="$oifs"

## alice-vs-bob-benefit-matrix
+----------+---------------------+-----------------------------+
|          |      Dr. Alice      |           Dr. Bob           |
+==========+=====================+=============================+
| Benefits | Will cure Influenza | Strives to cure in 24 hours |
|          | Might take 8 days   | Has success references      |
|          | No rules to follow  | Some rules to follow        |
|          | Plans for failure   | Does not want to fail       |
+----------+---------------------+-----------------------------+

## alice-vs-bob-payoff-matrix
+-----------------------+---------------------+-----------------------------+
|                       |      Dr. Alice      |           Dr. Bob           |
+-----------------------+---------------------+-----------------------------+
| When done correctly   |                     | Strives to cure in 24 hours |
|                       |                     | Has success references      |
|                       |                     | Some rules to follow        |
|                       |                     | Does not want to fail       |
| --------------------- | ------------------- | --------------------------- |
| When done Incorrectly | Will cure Influenza |                             |
|                       | Might take 8 days   |                             |

## applyTagAt
function applyTagAt(text, start, end, startTag, endTag) {
    var text2 = "";

    var counter = 0;
    var intag = false;
    var inescape = false;
    var tagstarted = false;
    for (var i = 0; i < text.length; i++) {

        if (text.charAt(i) == '<') {

## aws-cdk-s3-notification-from-existing-bucket.ts
import * as cr from '@aws-cdk/custom-resources';
import * as logs from '@aws-cdk/aws-logs';
import * as s3 from '@aws-cdk/aws-s3';
import * as sqs from '@aws-cdk/aws-sqs';
import * as iam from '@aws-cdk/aws-iam';
import {Construct} from '@aws-cdk/core';

// You can drop this construct anywhere, and in your stack, invoke it like this:
// const s3ToSQSNotification = new S3NotificationToSQSCustomResource(this, 's3ToSQSNotification', existingBucket, queue);

## gist:d1dda9965db63342546501689fa3f309
import request from 'sync-request';
import * as glue from '@aws-cdk/aws-glue';

export function polytectJsonSchemaToGlue(): glue.Type {
    console.log("Getting Polytect reference schema...")
    const res = request('GET', 'https://raw.githubusercontent.com/polyverse/polytect/master/reference/schema.json');
    const body = res.getBody();
    const schema = JSON.parse(body.toString());
    return recursiveGlueColumns(schema, schema.definitions);
}

## gist:ed301e6e674218f24d6930f4367b61c2
ssh 107.180.100.242

## ffbuilds
SOURCE:
https://polyverse-downloads.s3.amazonaws.com/firefox/mozilla-unified.tar.bz2


BUILDS:
https://polyverse-downloads.s3.amazonaws.com/firefox/plain-firefox-85.0a1.en-US.linux-x86_64.tar.bz2

https://polyverse-downloads.s3.amazonaws.com/firefox/gcc-firefox-85.0a1.en-US.linux-x86_64.tar.bz2

https://polyverse-downloads.s3.amazonaws.com/firefox/debug-new-static-firefox-85.0a1.en-US.linux-x86_64.tar.bz2

## npm_dependency_confusion.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              3 stars
            
          
                archisgore
                / npm_dependency_confusion.md
            
            
              Last active
              February 17, 2021 05:52
            
              
                NPM/Node.js code injection attack
              
          
    NPM/Node.js recently had a clever, yet simple, code injection attack using "dependency confusion" as the vulnerability. I describe the attack as conducted (simulated, really), and a systemic solution Polyverse has been building for the past two years designed to solve specifically this problem.
A recap of the attack, for baseline:
Node dependencies are specified by name and version but not address/location, i.e., {“sorter”: “1.0”, “binary-search”: “2.0”, “polyverse-billing”: 1.0}.
Notice the last one? It’s intended to be Polyverse internal and contains our proprietary (and sensitive) billing code. Obviously it does not exist on npmjs.com, the public upstream node package repository. It instead comes from a private repository hosted by Polyverse.
In a Sequence Diagram, this is how the flow worked before the attack. Pretty straight-forward.
	[
	{
	"id": "LW107",
	"name": "Dowell",
	"lat": "47.630226",
	"lng": "-122.270691",
	"explored": "YES",
	"depth": "-59.20",
	"desc": "Wreck",
	"documented": "YES",

	function filter_pids() {
	oifs="$IFS"
	IFS=$'\n'
	for stuff in $1; do
	if [[ -f $stuff/cmdline ]]; then
	echo "$stuff"
	fi
	done
	IFS="$oifs"
	+----------+---------------------+-----------------------------+
	\| \| Dr. Alice \| Dr. Bob \|
	+==========+=====================+=============================+
	\| Benefits \| Will cure Influenza \| Strives to cure in 24 hours \|
	\| \| Might take 8 days \| Has success references \|
	\| \| No rules to follow \| Some rules to follow \|
	\| \| Plans for failure \| Does not want to fail \|
	+----------+---------------------+-----------------------------+
	+-----------------------+---------------------+-----------------------------+
	\| \| Dr. Alice \| Dr. Bob \|
	+-----------------------+---------------------+-----------------------------+
	\| When done correctly \| \| Strives to cure in 24 hours \|
	\| \| \| Has success references \|
	\| \| \| Some rules to follow \|
	\| \| \| Does not want to fail \|
	\| --------------------- \| ------------------- \| --------------------------- \|
	\| When done Incorrectly \| Will cure Influenza \| \|
	\| \| Might take 8 days \| \|
	function applyTagAt(text, start, end, startTag, endTag) {
	var text2 = "";

	var counter = 0;
	var intag = false;
	var inescape = false;
	var tagstarted = false;
	for (var i = 0; i < text.length; i++) {

	if (text.charAt(i) == '<') {
	import * as cr from '@aws-cdk/custom-resources';
	import * as logs from '@aws-cdk/aws-logs';
	import * as s3 from '@aws-cdk/aws-s3';
	import * as sqs from '@aws-cdk/aws-sqs';
	import * as iam from '@aws-cdk/aws-iam';
	import {Construct} from '@aws-cdk/core';

	// You can drop this construct anywhere, and in your stack, invoke it like this:
	// const s3ToSQSNotification = new S3NotificationToSQSCustomResource(this, 's3ToSQSNotification', existingBucket, queue);
	import request from 'sync-request';
	import * as glue from '@aws-cdk/aws-glue';

	export function polytectJsonSchemaToGlue(): glue.Type {
	console.log("Getting Polytect reference schema...")
	const res = request('GET', 'https://raw.githubusercontent.com/polyverse/polytect/master/reference/schema.json');
	const body = res.getBody();
	const schema = JSON.parse(body.toString());
	return recursiveGlueColumns(schema, schema.definitions);
	}
	SOURCE:
	https://polyverse-downloads.s3.amazonaws.com/firefox/mozilla-unified.tar.bz2


	BUILDS:
	https://polyverse-downloads.s3.amazonaws.com/firefox/plain-firefox-85.0a1.en-US.linux-x86_64.tar.bz2

	https://polyverse-downloads.s3.amazonaws.com/firefox/gcc-firefox-85.0a1.en-US.linux-x86_64.tar.bz2

	https://polyverse-downloads.s3.amazonaws.com/firefox/debug-new-static-firefox-85.0a1.en-US.linux-x86_64.tar.bz2