I hereby claim:
- I am arkadiyt on github.
- I am arkadiyt (https://keybase.io/arkadiyt) on keybase.
- I have a public key whose fingerprint is F5A7 AB36 B8B6 6B9F 77D9 452C B6AE 1E34 2F87 804B
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
Month | Link | |
---|---|---|
August 2017 | https://news.ycombinator.com/item?id=14901313 | |
July 2017 | https://news.ycombinator.com/item?id=14688684 | |
June 2017 | https://news.ycombinator.com/item?id=14460777 | |
May 2017 | https://news.ycombinator.com/item?id=14238005 | |
April 2017 | https://news.ycombinator.com/item?id=14023198 | |
March 2017 | https://news.ycombinator.com/item?id=13764728 | |
February 2017 | https://news.ycombinator.com/item?id=13541679 | |
January 2017 | https://news.ycombinator.com/item?id=13301832 | |
December 2016 | https://news.ycombinator.com/item?id=13080280 |
Rubygems blog post: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
Ruby-lang blog post: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
Description:
Rubygems supports a gem server discovery mechanism, where if you set your gem source as https://example.com
, the gem client will do a SRV dns lookup on _rubygems._tcp.example.com
to determine where it should send requests to.
A MITM can intercept that dns request and return whatever server they want, forcing the gem client to download code from a malicious server.
import boto3 | |
import certbot.main | |
import datetime | |
import os | |
import raven | |
import subprocess | |
def read_and_delete_file(path): | |
with open(path, 'r') as file: | |
contents = file.read() |
Cryptopals is a set of cryptographic challenges, originally published here: https://cryptopals.com
Set 8 of the challenges was never published publicly, until late March 2018. However the cryptopals website was not updated to include the challenges. This gist compiles the 8th set of the Cryptopals challenges.
title | link |
---|---|
57. Diffie-Hellman Revisited: Small Subgroup Confinement | https://toadstyle.org/cryptopals/513b590b41d19eff3a0aa028023349fd.txt |
58. Pollard's Method for Catching Kangaroos | https://toadstyle.org/cryptopals/3e17c7b35fcf491d08c989081ed18c9a.txt |
59. Elliptic Curve Diffie-Hellman and Invalid-Curve Attacks | https://toadstyle.org/cryptopals/a0833e607878a80fdc0808f889c721b1.txt |
#!/usr/bin/env bash | |
set -e | |
# Usage: | |
# ./assume-exec.sh --role-arn=<role-to-assume> \ | |
# --role-session-name=<name-for-session> \ | |
# --external-id=<external-id> -- <command-to-run> | |
while [ $# -gt 0 ]; do | |
case "$1" in |
require 'base64' | |
require 'json' | |
require 'openssl' | |
require 'time' | |
def secure_compare(a, b) | |
return false unless a.bytesize == b.bytesize | |
l = a.unpack "C#{a.bytesize}" |
## Configuration file for a typical Tor user | |
## Last updated 28 February 2019 for Tor 0.3.5.1-alpha. | |
## (may or may not work for much older or much newer versions of Tor.) | |
## | |
## Lines that begin with "## " try to explain what's going on. Lines | |
## that begin with just "#" are disabled commands: you can enable them | |
## by removing the "#" symbol. | |
## | |
## See 'man tor', or https://www.torproject.org/docs/tor-manual.html, | |
## for more options you can use in this file. |
Hello, | |
This message will help you determine if your Amazon SageMaker Canvas App is affected by the issue disclosed in CVE-2021-44228 [1] relating to Apache Log4j, and provide steps you can take to address the issue. Please note that these actions will not delete any of your datasets or model but will only apply the fix in the app needed for remediating the CVE. | |
1) Determine regions in which you have created a Canvas App. | |
2) Search Amazon SageMaker in AWS Console and click on it. This will take you to SageMaker Console Dashboard. | |
3) In the left Navigation, under “SageMaker Domain”, click on “Canvas”. This will take you to the list of domain users you have created. |
Vanguard: | |
- Your new password must have 6–20 characters, with at least 2 letters and 2 numbers. | |
Bank of America: | |
- Contain 8 to 20 characters | |
- Have at least 1 uppercase letter, 1 lowercase letter, and 1 number | |
- Not repeat the same number or letter more than 3 times in a row | |
- Not include spaces, and contain only the following special characters: @ # * ( ) + = { } / ? ~ ; , . - _ | |
Chase: |