Skip to content

Instantly share code, notes, and snippets.

@balsoft
balsoft / crd.nix
Last active October 3, 2021 15:23
chrome-remote-desktop on nixos/nix
{ config, lib, pkgs, ...}:
with lib;
let
cfg = config.services.crd;
in {
options = {
services.crd = {
enable = mkEnableOption ''
chrome remote desktop, a service which allows for remote control of your desktop from anywhere.
'';
@brettscott
brettscott / aes-256-cbc-test.js
Last active January 26, 2024 08:01
AES 256 CBC encryption between Golang and Node JS
// Node v6.9.0
//
// TEST FILE (cut down for simplicity)
// To ensure Golang encrypted string can be decrypted in NodeJS.
//
let crypto;
try {
crypto = require('crypto');

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

@domenkozar
domenkozar / nixos-on-dell-9560.org
Last active August 25, 2023 17:07 — forked from grahamc/nixos-on-dell-9560.org
NixOS on a Dell 15" 9560 with the 4K screen.
@atoponce
atoponce / gist:07d8d4c833873be2f68c34f9afc5a78a
Last active March 7, 2024 12:10 — forked from tqbf/gist:be58d2d39690c3b366ad
Cryptographic Best Practices

Cryptographic Best Practices

Putting cryptographic primitives together is a lot like putting a jigsaw puzzle together, where all the pieces are cut exactly the same way, but there is only one correct solution. Thankfully, there are some projects out there that are working hard to make sure developers are getting it right.

The following advice comes from years of research from leading security researchers, developers, and cryptographers. This Gist was [forked from Thomas Ptacek's Gist][1] to be more readable. Additions have been added from

@cvan
cvan / set-up-chromium-keys.md
Last active March 15, 2024 21:11
Launch Chromium with API Keys on Mac OS X and Windows

Last Updated: March 2023

IMPORTANT: Ignore the out-of-date steps below for getting Chromium keys.

Instead, read this up-to-date guide (Jan 2023) written by @LearningToPi.

P.S. Thank you to every contributor below who provided tips over the years on what should be a straightforward process: setting up Chromium for local development.

Long live the web!

@edolstra
edolstra / nix-ui.md
Last active February 2, 2024 23:31
Nix UI

General notes

  • nix-channel and ~/.nix-defexpr are gone. We'll use $NIX_PATH (or user environment specific overrides configured via nix set-path) to look up packages. Since $NIX_PATH supports URLs nowadays, this removes the need for channels: you can just set $NIX_PATH to e.g. https://nixos.org/channels/nixos-15.09/nixexprs.tar.xz and stay up to date automatically.

  • By default, packages are selected by attribute name, rather than the name attribute. Thus nix install hello is basically equivalent to nix-env -iA hello. The attribute name is recorded in the user environment manifest and used in upgrades. Thus (at least by default) hello won't be upgraded to helloVariant.

    @vcunat suggested making this an arbitrary Nix expression rather than an attrpath, e.g. firefox.override { enableFoo = true; }. However, such an expression would not have a key in the user environment, unlike an attrpath. Better to require an explicit flag for this.

TBD: How to deal with search path clashes.

{ lib, config, pkgs, ... }:
{
imports = [ ./iscsi-boot.nix ];
fileSystems = {
"/" = { device = "UUID=132e7c5b-b4a9-4154-8105-4479e17f4f5b"; fsType = "ext4"; };
"/boot/" = { device = "UUID=fdac080d-d111-455c-a890-bc3e5e08c2d5"; fsType = "ext4"; };
};
boot = {
loader = {

Problems & Solutions for Interaction Between C and Go

At Vimeo, on the transcoding team, we work a lot with Go, and a lot with C, for various tasks such as media ingest. This means we use CGO quite extensively, and consequently, have run into bits that are perhaps not very well documented, if at all. Below is my effort to document some of the problems we've run into, and how we fixed or worked around them.

Many of these are obviously wrong in retrospect, but hindsight is 20/20, and these problems do exist in many codebases currently.

Some are definitely ugly, and I much welcome better solutions! Tweet me at @daemon404 if you have any, or have your own CGO story/tips, please! I'd love to learn of them.

Table of Contents

@acdvorak
acdvorak / tmux-all-panes.sh
Last active August 6, 2021 17:09 — forked from yubink/inall.sh
tmux: run a command in all panes
#!/bin/bash
# Runs the specified command (provided by the first argument) in all tmux panes
# in every window. If an application is currently running in a given pane
# (e.g., vim), it is suspended and then resumed so the command can be run.
all-panes()
{
all-panes-bg_ "$1" &
}