Someone tried to exploit the Shellshock vulnerability in Bash on lodash.com, likely as part of a mass-exploit attempt.
In this case, the exploit attempted to download a modified version of @schierlm’s pseudo-terminal Perl script that would connect to 72.167.37.182 on port 23. The download URL contains the targeted host name (?h=lodash.com) which gives the attacker an indication of which hosts might have the /tmp/a.pl backdoor in place.
To download all of Matthew Bergman’s beautiful #jsconfeu photos in their original resolution, run the following command:
wget -i jsconfeu-2014.txt -P jsconfeu-2014
| var assert = require('assert'); | |
| // The goal is to match lone surrogates, i.e. any high surrogates | |
| // (`[\uD800-\uDBFF]`) that are not directly followed by a low surrogate | |
| // (`[\uDC00-\uDFFF]`), and any low surrogates (`[\uDC00-\uDFFF]`) that are not | |
| // directly preceded by a high surrogate (`[\uD800-\uDBFF]`). | |
| var regex = /[\uD800-\uDBFF](?![\uDC00-\uDFFF])|(?:[^\uD800-\uDBFF]|^)[\uDC00-\uDFFF]/; | |
| assert.equal(regex.test('foo\uDC00bar'), true); |
Below are the white and black card sets published by Cards Against Humanity. Take them and come back with a bot. You have 48 hours, starting from an arbitrary time that I forget.
Black cards with 2 blanks are pick 2. Black cards with 3 blanks are pick 3, draw 2.
The rules are on the official web site.
These cards are taken from this PDF.
Try it on the detail page for U+1F4A9 PILE OF POO, for example.
Screenshot after double-clicking the <h1>:
| package-lock.json | |
| node_modules |
List of features that are supported by Opera 12 but not by Opera 15 due to the switch to Blink/Chromium:
xhr.responseType = 'json'Link HTTP headerLink HTTP header for stylesheets specificallyEnter when an element with tabindex has focus should trigger a clickdata: URIs should be handled correctlyfoo.svg is an SVG file that contains text looks terrible](https://code.google.com/p/chromium/issues/detail?id=33
| // “The URL code points are ASCII alphanumeric, "!", "$", "&", "'", "(", ")", | |
| // "*", "+", ",", "-", ".", "/", ":", ";", "=", "?", "@", "_", "~", and code | |
| // points in the ranges U+00A0 to U+D7FF, U+E000 to U+FDCF, U+FDF0 to U+FFEF, | |
| // U+10000 to U+1FFFD, U+20000 to U+2FFFD, U+30000 to U+3FFFD, U+40000 to | |
| // U+4FFFD, U+50000 to U+5FFFD, U+60000 to U+6FFFD, U+70000 to U+7FFFD, U+80000 | |
| // to U+8FFFD, U+90000 to U+9FFFD, U+A0000 to U+AFFFD, U+B0000 to U+BFFFD, | |
| // U+C0000 to U+CFFFD, U+D0000 to U+DFFFD, U+E1000 to U+EFFFD, U+F0000 to | |
| // U+FFFFD, U+100000 to U+10FFFD.” | |
| // — http://url.spec.whatwg.org/#url-code-points |
| // Here’s a 100% deterministic alternative to `Math.random`. Google’s V8 and | |
| // Octane benchmark suites use this to ensure predictable results. | |
| Math.random = (function() { | |
| var seed = 0x2F6E2B1; | |
| return function() { | |
| // Robert Jenkins’ 32 bit integer hash function | |
| seed = ((seed + 0x7ED55D16) + (seed << 12)) & 0xFFFFFFFF; | |
| seed = ((seed ^ 0xC761C23C) ^ (seed >>> 19)) & 0xFFFFFFFF; | |
| seed = ((seed + 0x165667B1) + (seed << 5)) & 0xFFFFFFFF; |
| <?php | |
| // Prevent content sniffing attacks such as http://mths.be/bst. | |
| header('X-Content-Type-Options: nosniff'); | |
| // Note: The user-provided callback name must be filtered to prevent attack | |
| // vectors. This script simply removes any symbols other than `[a-zA-Z0-9$_]` | |
| // from the input. Sadly, this blocks the use of some valid JavaScript | |
| // identifiers, and also accepts a few invalid ones. See | |
| // http://mathiasbynens.be/notes/javascript-identifiers for details. |