Skip to content

Instantly share code, notes, and snippets.

View atoponce's full-sized avatar
Crypto coffee

Aaron Toponce atoponce

Crypto coffee
View GitHub Profile
@masak
masak / explanation.md
Last active October 2, 2024 09:32
How is git commit sha1 formed

Ok, I geeked out, and this is probably more information than you need. But it completely answers the question. Sorry. ☺

Locally, I'm at this commit:

$ git show
commit d6cd1e2bd19e03a81132a23b2025920577f84e37
Author: jnthn <jnthn@jnthn.net>
Date:   Sun Apr 15 16:35:03 2012 +0200

When I added FIRST/NEXT/LAST, it was idiomatic but not quite so fast. This makes it faster. Another little bit of masak++'s program.

@PaulCapestany
PaulCapestany / oi.js
Created August 4, 2013 00:43
Dan Kaminsky's DefCon RNG challenge
// TLDR: Oi, Barnes. We'll miss ya. Here's a grimy RNG in your honor.
// node oi.js or paste the below into your favorite browser's JS console.
// DEFCON CHALLENGE: Break this!
function millis() { return Date.now(); }
function flip_coin() { n=0; then = millis()+1; while(millis()<=then) { n=!n; } return n; }
function get_fair_bit() { while(1) { a=flip_coin(); if(a!=flip_coin()) { return(a); } } }
function get_random_byte(){ n=0; bits=8; while(bits--){ n<<=1; n|=get_fair_bit(); } return n; }
report_console = function() { while(1) { console.log(get_random_byte()); }}
@lydell
lydell / bigrams-to-pairs.js
Created August 23, 2015 08:54
English bigram and letter pair frequencies from the Google Corpus Data in JSON format
// By Simon Lydell 2015.
// This file is in the public domain.
var stdin = require("get-stdin")
var tools = require("text-frequencies-analysis")
var helpers = require("text-frequencies-analysis/lib/helpers")
stdin(function(text) {
process.stdout.write(tools.jsonStringifyRow(convert(JSON.parse(text))))
})
@joepie91
joepie91 / vpn.md
Last active October 31, 2024 12:16
Don't use VPN services.

Don't use VPN services.

No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.

Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party "VPN provider" does.

  • A Russian translation of this article can be found here, contributed by Timur Demin.
  • A Turkish translation can be found here, contributed by agyild.
  • There's also this article about VPN services, which is honestly better written (and has more cat pictures!) than my article.
@roycewilliams
roycewilliams / diceware-superset.txt
Last active May 14, 2020 22:06
diceware-superset.txt
# 17020 words.
# Goal: recognizable, unambiguous words for most semi-fluent speakers of English.
# Superset of diceware-improved, the GPG wordlist, and BIP-39:
# * https://github.com/heartsucker/diceware
# * https://en.wikipedia.org/wiki/PGP_word_list
# * https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt
a
aardvark
abacus
abandon
@Prof9
Prof9 / Readme.md
Last active February 1, 2024 07:02
THIS SCRIPT NO LONGER WORKS! Twitter has rolled out a fix for the web client hack. (Original text: Force enable cramming (280 character tweets) on Twitter. Use TamperMonkey. NOTE: Stops working when you switch pages, refresh to fix.)

As of 7 November 2017 everyone has access to 280 characters in supported clients, so you no longer need this script!

PACKET HDQ-7309217392
----
Code: AB-aKd&Egh281Q
282-18-2983821-28172391u721
DISTRESS.
CHECK-IN 00:00+[37209-a271927]-[381937821]
ROUTE T
@roycewilliams
roycewilliams / clientside-software-update-verification-failures.md
Last active August 6, 2024 01:51
Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS).

Client-side software update verification failures

Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS).

Contributions welcome. All text taken from the vulnerability descriptions themselves, with additional emphasis mine.

In scope:

  • I consider exploitation or privilege escalation of the package tool/system itself (that would have been mitigated by secure transport) to be in scope.
  • Issues only described as being triggered by malicious mirrors are assumed to also be vulnerable to MITM.
  • Failure to verify the software update at all is currently provisionally in scope if it could have been mitigated by secure transport, but I'm waffling about it. Most of these are actual signature verification failures, and my original purpose was to highlight cases where claims of "It's OK to be HTTP because verification!" seem to me to be specious.
  • Software components regularly used to verify integrity in other software pipelines a
@scottpdawson
scottpdawson / strava.js
Last active October 31, 2024 14:54
Bulk download Strava activities
var maxPage = 25; // calculate this using (activities/20 + 1)
var activityType = "Run"; // change to the workout type you want, or blank for all
var p = 1;
var done = 0;
var url;
var nw = window.open("workouts.html");
nw.document.write("[");
while (p <= maxPage) {
url = "https://www.strava.com/athlete/training_activities" +
"?keywords=&activity_type=" + activityType + "&workout_type=&commute=&private_activities=" +
@romkatv
romkatv / srand32.zsh
Last active May 4, 2024 05:04
srand32.zsh
# Returns a random 32-bit number.
# If /dev/urandom is cryptographically secure, so is srand32.
#
# If zsh is compiled with 64-bit number support, the result
# is non-negative. Otherwise it may be negative and the value
# is governed by the rules of unsigned-to-signed conversion in C.
#
# Examples:
#
# % print -r -- $(( srand32() ))