Skip to content

Instantly share code, notes, and snippets.

View kinow's full-sized avatar
💭
😬

Bruno P. Kinoshita kinow

💭
😬
View GitHub Profile
@hackermondev
hackermondev / zendesk.md
Last active December 20, 2024 19:49
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:

say hello to zendesk

If you've spent some time online, you’ve probably come across Zendesk.

Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like support@company.com), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.

Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.

your weakest link

"""
Testing on CPython3.13a1+
Requires some recent patches from main.
pip install hypercorn
Have successfully run the following apps:
- fastapi==0.99.0
- Flask
"""
@digitalcampbell
digitalcampbell / daily_temp_anomaly_chart
Created July 6, 2023 15:25
Pull global temperature data from Climate Reanalyzer and create a daily temperature anomaly chart
library(tidyverse)
library(jsonlite)
library(splitstackshape)
library(RColorBrewer)
# pull daily temperature from https://climatereanalyzer.org/clim/t2_daily/
temp_json <- fromJSON("https://climatereanalyzer.org/clim/t2_daily/json/cfsr_world_t2_day.json")
# create dataframe
temp <- as.data.frame(temp_json) %>%

We fit a exponential function for $f$: $f(V) = a \exp(V / s)$ and obtain $a \approx 0.02485702\ \mathrm{A}$ and $s \approx 0.229551831\ \mathrm{V}$. With this the deviation from the measured values from the total model $P(V) = 414\ \mathrm{mW} + V · 130 · f(V)$ is always below $8 \ \mathrm{mW}$, indeed it is atmost $\approx 3.19\ \mathrm{mW}$ and on average $\approx 1.28\ \mathrm{mW}$.

When not taking a fixed offset of $414\ \mathrm{mW}$, but instead also leave this as a variable of the fit, we obtain $\approx 412.3\ \mathrm{mW}$ for the offset, $a \approx 0.0249451511\ \mathrm{A}$ and $s \approx 0.229653915\ \mathrm{V}$ with a maximum error of $\approx 2.28\ \mathrm{mW}$ and a average error of $\approx{0.74}\ \mathrm{mW}$.

@ttesmer
ttesmer / AD.hs
Last active October 29, 2024 15:35
Automatic Differentiation in 38 lines of Haskell using Operator Overloading and Dual Numbers. Inspired by conal.net/papers/beautiful-differentiation
{-# LANGUAGE TypeSynonymInstances #-}
data Dual d = D Float d deriving Show
type Float' = Float
diff :: (Dual Float' -> Dual Float') -> Float -> Float'
diff f x = y'
where D y y' = f (D x 1)
class VectorSpace v where
zero :: v
@smitelli
smitelli / ti250tool.py
Created May 31, 2022 19:51
Klein Tools TI250 image tool
# Klein Tools TI250 image tool by Scott Smitelli. Public domain.
# Requires at least Python 3.6 (developed and tested on 3.9)
# See https://www.scottsmitelli.com/articles/klein-tools-ti250-hidden-worlds
import argparse
import numpy as np
import re
import struct
from PIL import Image, ImageDraw
@sadielbartholomew
sadielbartholomew / generate_spreadsheet_pixel_art.py
Created August 5, 2021 19:28
Generate spreadsheet (Excel) pixel art from an arbitrary image
"""Gist to generate spreadsheet (Excel) pixel art from an arbitrary image.
Gist by Sadie Louise Bartholomew ('sadielbartholomew'), 05.08.21.
Q) Why would I want to do this?
A) Exactly. Programming gives us too much power to do silly and pointless
things.
Requires certain libraries to work: see the `import` list.

TL/DR Not every type hole is harmful.

[Disclaimer: The following code is typed with scriptum, a type validator for dynamically typed Javascript. It has its roots in Haskell's Hindley-Milner based type system.]

It helps to consider mutations to get a better intuition. Mutations are a side effect and thus harmful. However, if we manage to hedge side effects so that we don't lose track of them, then we can benefit from the flexibility they provide without having to suffer the consequences.

For mutations this merely essentially means ensuring they stay local. Local mutations are fine in most cases. The same applies to type holes.

Let's work through some code to see if this claim holds. Gradual typing is a trade-off. Good coding means to find the most promising trade-offs.

Comments on optimizations around string concatenation.

Note: The code links are to CPython 3.8.5, the most recent release when this was written.

I was recently asked about a performance optimization in CPython around using += and + for string objects. As some people may already know, if you use += or + a string, it can sometimes be just as fast as ''.join. The question was to explain when that optimization couldn't be performed.

We will be going through the following example scenarios:

Why do I need 106mb of JS for an empty rails app?

$ cd /tmp
$ rails -v 
Rails 6.0.3.2
$ rails new my-app 
Using -T -d postgresql from /Users/rileytg/.railsrc # use postgres, dont use tests (usually add rspec). this is a fairly common rails stack.
...
Bundle complete! 14 Gemfile dependencies, 65 gems now installed.
...