Skip to content

Instantly share code, notes, and snippets.

View atoponce's full-sized avatar
Crypto coffee

Aaron Toponce atoponce

Crypto coffee
View GitHub Profile
@sts10
sts10 / rust-command-line-utilities.markdown
Last active March 28, 2024 08:47
A curated list of command-line utilities written in Rust

A curated list of command-line utilities written in Rust

Note: I have moved this list to a proper repository. I'll leave this gist up, but it won't be updated. To submit an idea, open a PR on the repo.

Note that I have not tried all of these personally, and cannot and do not vouch for all of the tools listed here. In most cases, the descriptions here are copied directly from their code repos. Some may have been abandoned. Investigate before installing/using.

The ones I use regularly include: bat, dust, fd, fend, hyperfine, miniserve, ripgrep, just, cargo-audit and cargo-wipe.

  • atuin: "Magical shell history"
  • bandwhich: Terminal bandwidth utilization tool

The Freenode resignation FAQ, or: "what the fuck is going on?"

IMPORTANT NOTE:

It's come to my attention that some people have been spamming issue trackers with a link to this gist. While it's a good idea to inform people of the situation in principle, please do not do this. By all means spread the word in the communities that you are a part of, after verifying that they are not aware yet, but unsolicited spam is not helpful. It will just frustrate people.

Update 3 (May 24, 2021)

A number of things have happened since the last update.

@romkatv
romkatv / srand32.zsh
Last active July 2, 2023 15:56
srand32.zsh
# Returns a random 32-bit number.
# If /dev/urandom is cryptographically secure, so is srand32.
#
# If zsh is compiled with 64-bit number support, the result
# is non-negative. Otherwise it may be negative and the value
# is governed by the rules of unsigned-to-signed conversion in C.
#
# Examples:
#
# % print -r -- $(( srand32() ))
@scottpdawson
scottpdawson / strava.js
Last active October 26, 2023 09:36
Bulk download Strava activities
var maxPage = 25; // calculate this using (activities/20 + 1)
var activityType = "Run"; // change to the workout type you want, or blank for all
var p = 1;
var done = 0;
var url;
var nw = window.open("workouts.html");
nw.document.write("[");
while (p <= maxPage) {
url = "https://www.strava.com/athlete/training_activities" +
"?keywords=&activity_type=" + activityType + "&workout_type=&commute=&private_activities=" +
@roycewilliams
roycewilliams / clientside-software-update-verification-failures.md
Last active December 16, 2021 16:05
Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS).

Client-side software update verification failures

Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS). Contributions welcome. All text taken from the vulnerability descriptions themselves, with additional emphasis mine.

In scope:

  • I consider exploitation or privilege escalation of the package tool/system itself (that would have been mitigated by secure transport) to be in scope.
  • Issues only described as being triggered by malicious mirrors are assumed to also be vulnerable to MITM.
  • Failure to verify the software update at all is currently provisionally in scope if it could have been mitigated by secure transport, but I'm waffling about it. Most of these are actual signature verification failures, and my original purpose was to highlight cases where claims of "It's OK to be HTTP because verification!" seem to me to be specious.
  • Software components regularly used to verify integrity in other software pipelines are
PACKET HDQ-7309217392
----
Code: AB-aKd&Egh281Q
282-18-2983821-28172391u721
DISTRESS.
CHECK-IN 00:00+[37209-a271927]-[381937821]
ROUTE T
@Prof9
Prof9 / Readme.md
Last active February 1, 2024 07:02
THIS SCRIPT NO LONGER WORKS! Twitter has rolled out a fix for the web client hack. (Original text: Force enable cramming (280 character tweets) on Twitter. Use TamperMonkey. NOTE: Stops working when you switch pages, refresh to fix.)

As of 7 November 2017 everyone has access to 280 characters in supported clients, so you no longer need this script!

@roycewilliams
roycewilliams / diceware-superset.txt
Last active May 14, 2020 22:06
diceware-superset.txt
# 17020 words.
# Goal: recognizable, unambiguous words for most semi-fluent speakers of English.
# Superset of diceware-improved, the GPG wordlist, and BIP-39:
# * https://github.com/heartsucker/diceware
# * https://en.wikipedia.org/wiki/PGP_word_list
# * https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt
a
aardvark
abacus
abandon
@joepie91
joepie91 / vpn.md
Last active March 26, 2024 20:19
Don't use VPN services.

Don't use VPN services.

No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.

Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party "VPN provider" does.

  • A Russian translation of this article can be found here, contributed by Timur Demin.
  • A Turkish translation can be found here, contributed by agyild.
  • There's also this article about VPN services, which is honestly better written (and has more cat pictures!) than my article.
@lydell
lydell / bigrams-to-pairs.js
Created August 23, 2015 08:54
English bigram and letter pair frequencies from the Google Corpus Data in JSON format
// By Simon Lydell 2015.
// This file is in the public domain.
var stdin = require("get-stdin")
var tools = require("text-frequencies-analysis")
var helpers = require("text-frequencies-analysis/lib/helpers")
stdin(function(text) {
process.stdout.write(tools.jsonStringifyRow(convert(JSON.parse(text))))
})