Skip to content

Instantly share code, notes, and snippets.

View claui's full-sized avatar
:octocat:
High-maintenance maintainer

Claudia Pellegrino claui

:octocat:
High-maintenance maintainer
475 followers · 77 following
View GitHub Profile
@thesamesam
thesamesam / xz-backdoor.md
Last active April 25, 2024 23:45
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Background

On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that

@theevilbit
theevilbit / download_apple_tarballs.sh
Last active July 2, 2021 02:38
Download tarballs from https://opensource.apple.com/
wget --no-check-certificate --recursive --domains=opensource.apple.com --no-clobber --accept "*.gz" --no-parent -l2 https://opensource.apple.com/tarballs
wget --no-check-certificate --recursive --domains=opensource.apple.com --no-clobber --accept "*.gz" -l2 https://opensource.apple.com/
wget --no-check-certificate --recursive --domains=opensource.apple.com --no-clobber --accept "*.gz" --no-parent -l3 https://opensource.apple.com/darwinbuild/
@jstewmon
jstewmon / aws-iam-poilcy-schema.json
Last active April 15, 2024 18:03
AWS IAM Policy JSON Schema
{
"type": "object",
"required": ["Statement"],
"additionalProperties": false,
"properties": {
"Version": {
"type": "string",
"enum": ["2008-10-17", "2012-10-17"]
},
"Id": {
@F21
F21 / signing-gpg-keys.md
Last active April 17, 2024 14:37
Signing someone's GPG key

This is a quick guide of the commands we use to sign someone's GPG key in a virtual key signing party.

Note: The steps cover only the technical aspects of signing someone's key. Before signing someone's key, you must verify their identity. This is usually done by showing government-issued ID and confirming the key's fingerprint

The commands will work for both GPG and GPG2.

I use Julian's key for the examples. His key id is 2AD3FAE3. You should substitute with the appropriate key id when running the commands.

Signing the key

  1. List the keys currently in your keyring: gpg --list-keys.
@ladinu
ladinu / encryptedNixos.md
Last active March 1, 2024 07:19
NixOS install with encrypted /boot /root with single password unlock

Requirements

  1. Encrypt everthing including /boot and /root
  2. Enter password once
  3. Support UEFI

Installation media setup

Download NixOS minimal iso and copy to USB stick. For example on Mac OSX

$ diskutil list
$ diskutil unmountDisk /dev/disk1 # Make sure you got right device
@ralphschindler
ralphschindler / node_mate.rb
Created October 6, 2013 01:31
Running unsaved JavaScript though Node.js with TextMate 2 Notes: It's basically 2 files, one created with the bundle editor (See the tmCommand), and the actual node runner. This also requires an environment variable to be setup pointing to the node command line utility: TM_NODE=/usr/local/bin/node for node installed via homebrew
require "#{ENV["TM_SUPPORT_PATH"]}/lib/scriptmate"
class NodeScript < UserScript
def lang; "JavaScript" end
def default_extension; ".js" end
def args
[]
end
def executable; @hashbang || ENV['TM_NODE'] || 'node' end
def version_string
@scoop
scoop / amazon-suggest-germany.php
Created April 6, 2013 07:59
Modified example Gist for Alfred 2 to use Amazon Suggest for Amazon.de (instead of the default Amazon.com). Note: Remove `<?php .. ?>`, which I only added for syntax highlighting purposes.
<?php
require('workflows.php');
$w = new Workflows();
// Grab input and build query url string
$in = "{query}";
$url = "http://completion.amazon.co.uk/search/complete?method=completion&q=".urlencode( $in )."&search-alias=aps&mkt=4&x=updateISSCompletion&noCacheIE=1295031912518";
// Grab the data from Amazon
$str = $w->request( $url );