Skip to content

Instantly share code, notes, and snippets.

View atoponce's full-sized avatar
Crypto coffee

Aaron Toponce atoponce

Crypto coffee
107 followers · 16 following
View GitHub Profile
@masak
masak / explanation.md
Last active April 11, 2024 02:50
How is git commit sha1 formed

Ok, I geeked out, and this is probably more information than you need. But it completely answers the question. Sorry. ☺

Locally, I'm at this commit:

$ git show
commit d6cd1e2bd19e03a81132a23b2025920577f84e37
Author: jnthn <jnthn@jnthn.net>
Date:   Sun Apr 15 16:35:03 2012 +0200

When I added FIRST/NEXT/LAST, it was idiomatic but not quite so fast. This makes it faster. Another little bit of masak++'s program.

@PaulCapestany
PaulCapestany / oi.js
Created August 4, 2013 00:43
Dan Kaminsky's DefCon RNG challenge
// TLDR: Oi, Barnes. We'll miss ya. Here's a grimy RNG in your honor.
// node oi.js or paste the below into your favorite browser's JS console.
// DEFCON CHALLENGE: Break this!
function millis() { return Date.now(); }
function flip_coin() { n=0; then = millis()+1; while(millis()<=then) { n=!n; } return n; }
function get_fair_bit() { while(1) { a=flip_coin(); if(a!=flip_coin()) { return(a); } } }
function get_random_byte(){ n=0; bits=8; while(bits--){ n<<=1; n|=get_fair_bit(); } return n; }
report_console = function() { while(1) { console.log(get_random_byte()); }}
@lydell
lydell / bigrams-to-pairs.js
Created August 23, 2015 08:54
English bigram and letter pair frequencies from the Google Corpus Data in JSON format
// By Simon Lydell 2015.
// This file is in the public domain.
var stdin = require("get-stdin")
var tools = require("text-frequencies-analysis")
var helpers = require("text-frequencies-analysis/lib/helpers")
stdin(function(text) {
process.stdout.write(tools.jsonStringifyRow(convert(JSON.parse(text))))
})
@joepie91
joepie91 / vpn.md
Last active April 20, 2024 21:15
Don't use VPN services.

Don't use VPN services.

No, seriously, don't. You're probably reading this because you've asked what VPN service to use, and this is the answer.

Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party "VPN provider" does.

  • A Russian translation of this article can be found here, contributed by Timur Demin.
  • A Turkish translation can be found here, contributed by agyild.
  • There's also this article about VPN services, which is honestly better written (and has more cat pictures!) than my article.
@roycewilliams
roycewilliams / diceware-superset.txt
Last active May 14, 2020 22:06
diceware-superset.txt
# 17020 words.
# Goal: recognizable, unambiguous words for most semi-fluent speakers of English.
# Superset of diceware-improved, the GPG wordlist, and BIP-39:
# * https://github.com/heartsucker/diceware
# * https://en.wikipedia.org/wiki/PGP_word_list
# * https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt
a
aardvark
abacus
abandon
@Prof9
Prof9 / Readme.md
Last active February 1, 2024 07:02
THIS SCRIPT NO LONGER WORKS! Twitter has rolled out a fix for the web client hack. (Original text: Force enable cramming (280 character tweets) on Twitter. Use TamperMonkey. NOTE: Stops working when you switch pages, refresh to fix.)

As of 7 November 2017 everyone has access to 280 characters in supported clients, so you no longer need this script!

@m8urnett
m8urnett / gist:971a13e92cb98d50e587135c10389d92
Created August 13, 2018 22:40
QAnon "Codes"
PACKET HDQ-7309217392
----
Code: AB-aKd&Egh281Q
282-18-2983821-28172391u721
DISTRESS.
CHECK-IN 00:00+[37209-a271927]-[381937821]
ROUTE T
@roycewilliams
roycewilliams / clientside-software-update-verification-failures.md
Last active December 16, 2021 16:05
Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS).

Client-side software update verification failures

Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS). Contributions welcome. All text taken from the vulnerability descriptions themselves, with additional emphasis mine.

In scope:

  • I consider exploitation or privilege escalation of the package tool/system itself (that would have been mitigated by secure transport) to be in scope.
  • Issues only described as being triggered by malicious mirrors are assumed to also be vulnerable to MITM.
  • Failure to verify the software update at all is currently provisionally in scope if it could have been mitigated by secure transport, but I'm waffling about it. Most of these are actual signature verification failures, and my original purpose was to highlight cases where claims of "It's OK to be HTTP because verification!" seem to me to be specious.
  • Software components regularly used to verify integrity in other software pipelines are
@scottpdawson
scottpdawson / strava.js
Last active October 26, 2023 09:36
Bulk download Strava activities
var maxPage = 25; // calculate this using (activities/20 + 1)
var activityType = "Run"; // change to the workout type you want, or blank for all
var p = 1;
var done = 0;
var url;
var nw = window.open("workouts.html");
nw.document.write("[");
while (p <= maxPage) {
url = "https://www.strava.com/athlete/training_activities" +
"?keywords=&activity_type=" + activityType + "&workout_type=&commute=&private_activities=" +
@romkatv
romkatv / srand32.zsh
Last active July 2, 2023 15:56
srand32.zsh
# Returns a random 32-bit number.
# If /dev/urandom is cryptographically secure, so is srand32.
#
# If zsh is compiled with 64-bit number support, the result
# is non-negative. Otherwise it may be negative and the value
# is governed by the rules of unsigned-to-signed conversion in C.
#
# Examples:
#
# % print -r -- $(( srand32() ))