Skip to content

Instantly share code, notes, and snippets.

View chrisportela's full-sized avatar

Chris Portela chrisportela

25 followers · 13 following
View GitHub Profile
@DavidBuchanan314
DavidBuchanan314 / stegflate_decode.py
Last active May 17, 2022 02:50
import zlib
import io
import sys
PNG_MAGIC = b"\x89PNG\r\n\x1a\n"
def parse_png_chunk(stream):
size = int.from_bytes(stream.read(4), "big")
ctype = stream.read(4)
body = stream.read(size)
@IanColdwater
IanColdwater / twittermute.txt
Last active April 22, 2024 17:26
Here are some terms to mute on Twitter to clean your timeline up a bit.
Mute these words in your settings here: https://twitter.com/settings/muted_keywords
ActivityTweet
generic_activity_highlights
generic_activity_momentsbreaking
RankedOrganicTweet
suggest_activity
suggest_activity_feed
suggest_activity_highlights
suggest_activity_tweet
@hxmuller
hxmuller / program-spi-nor-with-raspi.md
Last active July 25, 2023 06:47
Program the SPI NOR flash on a Pinebook Pro using a Raspberry Pi

Program SPI NOR Flash on Pinebook Pro with a Raspberry Pi

TL;DR: This describes the process, hardware, and software used to perform in-circuit programming of the 128Mbit SPI NOR flash in the Pinebook Pro using a Raspberry Pi.

Warning

You, the user of this information bear ALL responsibility for ANY outcome of its use, whether negative or positive. My success in this operation can be attributed to the following factors:

  • Attention to detail
  • Curiousity
@rauschma
rauschma / ts-cjs.md
Last active June 29, 2019 01:54

TypeScript bug when compiling to CommonJS?

tsconfig.json:

{
  "compilerOptions": {
    "rootDir": "ts",
    "outDir": "dist",
    "target": "es2018",
@roycewilliams
roycewilliams / clientside-software-update-verification-failures.md
Last active December 16, 2021 16:05
Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS).

Client-side software update verification failures

Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS). Contributions welcome. All text taken from the vulnerability descriptions themselves, with additional emphasis mine.

In scope:

  • I consider exploitation or privilege escalation of the package tool/system itself (that would have been mitigated by secure transport) to be in scope.
  • Issues only described as being triggered by malicious mirrors are assumed to also be vulnerable to MITM.
  • Failure to verify the software update at all is currently provisionally in scope if it could have been mitigated by secure transport, but I'm waffling about it. Most of these are actual signature verification failures, and my original purpose was to highlight cases where claims of "It's OK to be HTTP because verification!" seem to me to be specious.
  • Software components regularly used to verify integrity in other software pipelines are
@technion
technion / Password References.md
Last active February 13, 2024 16:47
A set of references on modern password policies

References on modern password policies

Below links provide source, reference link and relevant quote

Standards

NIST

https://github.com/usnistgov/800-63-3/blob/nist-pages/sp800-63b/sec5_authenticators.md

Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.

Major organisations

@vidia
vidia / nginx-unificontroller.conf
Last active January 1, 2024 18:08
Example, working, NGINX config for proxying to Unifi Controller software and using letsencrypt. Includes websocket fix.
# I had a bit of trouble getting my unifi controller (hosted offsite) to use a proxy/letsencrypt. So here are the fruits of my labor.
# The unifi default port is 8443 running on localhost.
# License: CC0 (Public Domain)
server {
# SSL configuration
#
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
@fxthomas
fxthomas / gnome-inhibit
Last active March 16, 2024 12:51
Inhibit gnome screensaver for a given program
#!/bin/bash
# Note: Doesn't work anymore (at least for Gnome 3.34, possibly later; see Python script instead)
# Usage: gnome-inhibit <command-line>
# Example: gnome-inhibit mpv video.mp4
cookie=$(dbus-send \
--session \
--dest=org.freedesktop.ScreenSaver \
--type=method_call \
--print-reply=literal \
@Rich-Harris
Rich-Harris / footgun.md
Last active April 19, 2024 07:47
Top-level `await` is a footgun

Edit — February 2019

This gist had a far larger impact than I imagined it would, and apparently people are still finding it, so a quick update:

  • TC39 is currently moving forward with a slightly different version of TLA, referred to as 'variant B', in which a module with TLA doesn't block sibling execution. This vastly reduces the danger of parallelizable work happening in serial and thereby delaying startup, which was the concern that motivated me to write this gist
  • In the wild, we're seeing (async main(){...}()) as a substitute for TLA. This completely eliminates the blocking problem (yay!) but it's less powerful, and harder to statically analyse (boo). In other words the lack of TLA is causing real problems
  • Therefore, a version of TLA that solves the original issue is a valuable addition to the language, and I'm in full support of the current proposal, which you can read here.

I'll leave the rest of this document unedited, for archaeological

@nathan-osman
nathan-osman / win32.go
Last active August 31, 2023 22:01
Simple Windows GUI application written in Go
package main
import (
"log"
"syscall"
"unsafe"
)
var (
kernel32 = syscall.NewLazyDLL("kernel32.dll")