Skip to content

Instantly share code, notes, and snippets.

View mcollina's full-sized avatar

Matteo Collina mcollina

9k followers · 450 following
View GitHub Profile
@thesamesam
thesamesam / xz-backdoor.md
Last active May 4, 2024 09:26
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Background

On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that

@cjihrig
cjihrig / go.js
Created August 18, 2023 15:02
Parse Node Download Data
'use strict';
const assert = require('node:assert');
const fs = require('node:fs/promises');
const DATA_HOME_URL = 'https://storage.googleapis.com/access-logs-summaries-nodejs/index.html';
const DATA_FILE_PATH = 'data.json';
const DATA_CSV_PATH = 'data.csv';
const DATA_CSV_SEVEN_DAY_PATH = 'data-seven-day-avg.csv';
const LINES = ['14', '16', '18', '19', '20'];
async function main() {
@mcollina
mcollina / exhaust.mjs
Last active May 19, 2021 21:48
merge ensuring that all generators are fully consumed
import { setTimeout } from 'timers/promises'
import { strictEqual } from 'assert'
let called = 0
async function * merge (a, b) {
try {
yield *a
yield *b
} finally {
@jasnell
jasnell / index.ts
Created February 12, 2021 14:40
HTTP(S) import bomb vulnerability in Deno
import * as foo from 'http://localhost:3001/foo.ts'
@levelsio
levelsio / Better Stripe Invoice Generator by @levelsio
Last active May 5, 2024 20:30
<?
# MIT license, do whatever you want with it
#
# This is my invoice.php page which I use to make invoices that customers want,
# with their address on it and which are easily printable. I love Stripe but
# their invoices and receipts were too wild for my customers on Remote OK
#
require_once(__DIR__.'/../vendor/autoload.php');
@mcollina
mcollina / settuning.sh
Last active April 16, 2024 17:12
m3medium config
#!/bin/bash
sysctl net.core.rmem_default=268435456
sysctl net.core.wmem_default=268435456
sysctl net.core.rmem_max=268435456
sysctl net.core.wmem_max=268435456
sysctl net.core.netdev_max_backlog=100000
sysctl "net.ipv4.tcp_rmem=4096 16384 134217728"
sysctl "net.ipv4.tcp_wmem=4096 16384 134217728"
sysctl "net.ipv4.tcp_mem=786432 1048576 268435456"
@trevnorris
trevnorris / node-event-loop.md
Last active June 23, 2019 04:23

Notes:

  • Text in [[ ]] are the internal libuv function call.
  • Text in {{ }} are the Node functions that are affected.
  • Text in ( ) are notes about what is happening.
  • While the Windows event loop has minor variations, I don't believe any of those affect Node.

On process.nextTick():

@totherik
totherik / gist:3a4432f26eea1224ceeb
Last active April 9, 2024 00:46
v8 --allow-natives-syntax RuntimeFunctions
Per https://code.google.com/p/v8/codesearch#v8/trunk/src/runtime.cc
%CreateSymbol
%CreatePrivateSymbol
%CreateGlobalPrivateSymbol
%NewSymbolWrapper
%SymbolDescription
%SymbolRegistry
%SymbolIsPrivate
@jasonkuhrt
jasonkuhrt / index.js
Last active August 29, 2015 13:57
Inspecting net.Socket instance properties as related to connection state
'use strict';
var tcp = require('net');
var s1 = tcp.createServer().listen(9000);
var s2 = tcp.createServer().listen(9001);
var s3 = tcp.createServer().listen(9002);
@trevnorris
trevnorris / perf-crib-sheet.md
Last active April 9, 2016 16:24

build

Clone and build Node for analysis:

$ git clone https://github.com/joyent/node.git
$ cd node
$ export GYP_DEFINES="v8_enable_disassembler=1"
$ ./configure
$ make -j4