Skip to content

Instantly share code, notes, and snippets.

View atoponce's full-sized avatar
Crypto coffee

Aaron Toponce atoponce

Crypto coffee
107 followers · 16 following
View GitHub Profile
@roycewilliams
roycewilliams / diceware-superset.txt
Last active May 14, 2020 22:06
diceware-superset.txt
# 17020 words.
# Goal: recognizable, unambiguous words for most semi-fluent speakers of English.
# Superset of diceware-improved, the GPG wordlist, and BIP-39:
# * https://github.com/heartsucker/diceware
# * https://en.wikipedia.org/wiki/PGP_word_list
# * https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt
a
aardvark
abacus
abandon
@m8urnett
m8urnett / gist:971a13e92cb98d50e587135c10389d92
Created August 13, 2018 22:40
QAnon "Codes"
PACKET HDQ-7309217392
----
Code: AB-aKd&Egh281Q
282-18-2983821-28172391u721
DISTRESS.
CHECK-IN 00:00+[37209-a271927]-[381937821]
ROUTE T
@roycewilliams
roycewilliams / clientside-software-update-verification-failures.md
Last active December 16, 2021 16:05
Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS).

Client-side software update verification failures

Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS). Contributions welcome. All text taken from the vulnerability descriptions themselves, with additional emphasis mine.

In scope:

  • I consider exploitation or privilege escalation of the package tool/system itself (that would have been mitigated by secure transport) to be in scope.
  • Issues only described as being triggered by malicious mirrors are assumed to also be vulnerable to MITM.
  • Failure to verify the software update at all is currently provisionally in scope if it could have been mitigated by secure transport, but I'm waffling about it. Most of these are actual signature verification failures, and my original purpose was to highlight cases where claims of "It's OK to be HTTP because verification!" seem to me to be specious.
  • Software components regularly used to verify integrity in other software pipelines are
@romkatv
romkatv / srand32.zsh
Last active July 2, 2023 15:56
srand32.zsh
# Returns a random 32-bit number.
# If /dev/urandom is cryptographically secure, so is srand32.
#
# If zsh is compiled with 64-bit number support, the result
# is non-negative. Otherwise it may be negative and the value
# is governed by the rules of unsigned-to-signed conversion in C.
#
# Examples:
#
# % print -r -- $(( srand32() ))
@scottpdawson
scottpdawson / strava.js
Last active October 26, 2023 09:36
Bulk download Strava activities
var maxPage = 25; // calculate this using (activities/20 + 1)
var activityType = "Run"; // change to the workout type you want, or blank for all
var p = 1;
var done = 0;
var url;
var nw = window.open("workouts.html");
nw.document.write("[");
while (p <= maxPage) {
url = "https://www.strava.com/athlete/training_activities" +
"?keywords=&activity_type=" + activityType + "&workout_type=&commute=&private_activities=" +
@PaulCapestany
PaulCapestany / oi.js
Created August 4, 2013 00:43
Dan Kaminsky's DefCon RNG challenge
// TLDR: Oi, Barnes. We'll miss ya. Here's a grimy RNG in your honor.
// node oi.js or paste the below into your favorite browser's JS console.
// DEFCON CHALLENGE: Break this!
function millis() { return Date.now(); }
function flip_coin() { n=0; then = millis()+1; while(millis()<=then) { n=!n; } return n; }
function get_fair_bit() { while(1) { a=flip_coin(); if(a!=flip_coin()) { return(a); } } }
function get_random_byte(){ n=0; bits=8; while(bits--){ n<<=1; n|=get_fair_bit(); } return n; }
report_console = function() { while(1) { console.log(get_random_byte()); }}
@Prof9
Prof9 / Readme.md
Last active February 1, 2024 07:02
THIS SCRIPT NO LONGER WORKS! Twitter has rolled out a fix for the web client hack. (Original text: Force enable cramming (280 character tweets) on Twitter. Use TamperMonkey. NOTE: Stops working when you switch pages, refresh to fix.)

As of 7 November 2017 everyone has access to 280 characters in supported clients, so you no longer need this script!

@joepie91
joepie91 / freenode-faq.md
Last active April 1, 2024 03:22

The Freenode resignation FAQ, or: "what the fuck is going on?"

IMPORTANT NOTE:

It's come to my attention that some people have been spamming issue trackers with a link to this gist. While it's a good idea to inform people of the situation in principle, please do not do this. By all means spread the word in the communities that you are a part of, after verifying that they are not aware yet, but unsolicited spam is not helpful. It will just frustrate people.

Update 3 (May 24, 2021)

A number of things have happened since the last update.

@lydell
lydell / bigrams-to-pairs.js
Created August 23, 2015 08:54
English bigram and letter pair frequencies from the Google Corpus Data in JSON format
// By Simon Lydell 2015.
// This file is in the public domain.
var stdin = require("get-stdin")
var tools = require("text-frequencies-analysis")
var helpers = require("text-frequencies-analysis/lib/helpers")
stdin(function(text) {
process.stdout.write(tools.jsonStringifyRow(convert(JSON.parse(text))))
})
@masak
masak / explanation.md
Last active April 11, 2024 02:50
How is git commit sha1 formed

Ok, I geeked out, and this is probably more information than you need. But it completely answers the question. Sorry. ☺

Locally, I'm at this commit:

$ git show
commit d6cd1e2bd19e03a81132a23b2025920577f84e37
Author: jnthn <jnthn@jnthn.net>
Date:   Sun Apr 15 16:35:03 2012 +0200

When I added FIRST/NEXT/LAST, it was idiomatic but not quite so fast. This makes it faster. Another little bit of masak++'s program.