Mastodon の API を叩くには以下の手順を踏む必要がある:
- OAuth2 クライアントを登録する
- アクセストークンを取得する
- アクセストークンを
Authorizationヘッダに指定して API にアクセスする
Mastodon の Apps API に登録情報を送ってクライアントを払い出してもらう(一度だけやれば OK).
Seio Inoue sei0o
ftpmorph
/ Details and config tips.txt
Last active
April 22, 2024 19:47
Amazon AWS S3 IAM permissions required for Mastodon
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| When setting up a Mastodon instance I had a very hard time working out the required S3 permissions. | |
| Wasted a day on it. None of the tutorials or even the official documentation gave me this information. | |
| In the end I gave up and just gave it blanket access to all permissions for the Mastodon bucket (S3Administrator). | |
| But this didn't set well with me - I don't like granting unnecessary permissions, especially not when S3 has about 100 of them. | |
| If the server were to become compromised or the keys were to otherwise fall into the wrong hands I'd want a potentially malicious actor to have as limited permissions as possible. | |
| Anyway I finally worked out the permissions required to for Mastodon to function with an S3 bucket as its media storage. | |
| See below for the IAM policy. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import 'dart:async'; | |
| import 'package:flutter/material.dart'; | |
| class InfiniteScroll extends StatefulWidget { | |
| @override | |
| _InfiniteScrollState createState() => new _InfiniteScrollState(); | |
| } | |
| class _InfiniteScrollState extends State<InfiniteScroll> { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script> | |
| function gc() { for (let i = 0; i < 0x10; i++) { new ArrayBuffer(0x1000000); } } | |
| var sc = []; | |
| for (var i=0; i<0x480; i++) { | |
| sc.push(0x90); | |
| } | |
| //sc.push(0xcc); | |
| //sc.push(0xeb); | |
| //sc.push(0xfe); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| OUTDIR=/tmp/ramdisk | |
| FILENAME=foobar | |
| OPTIONS="--synctex=1 -interaction=nonstopmode" | |
| mkdir -p $OUTDIR | |
| lualatex $OPTIONS --output-directory=$OUTDIR $FILENAME.tex |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Advance preparation | |
| echo "source $HOME/.ctf_tool" >> $HOME/.zshrc | |
| # Support 32-bit elf. | |
| sudo apt install -y lib32z1 | |
| # Install other tools. | |
| sudo apt install -y gdb binutils build-essential strace ltrace\ |
jtallant
/ setting-up-sinatra-with-active-record.md
Last active
March 25, 2024 13:26
Setting up Sinatra with Active Record
-
CTRL + A— Move to the beginning of the line -
CTRL + E— Move to the end of the line -
CTRL + [left arrow]— Move one word backward (on some systems this is ALT + B) -
CTRL + [right arrow]— Move one word forward (on some systems this is ALT + F) -
CTRL + U— (bash) Clear the characters on the line before the current cursor position -
CTRL + U—(zsh) If you're using the zsh, this will clear the entire line -
CTRL + K— Clear the characters on the line after the current cursor position -
ESC + [backspace]— Delete the word in front of the cursor
Format String Bugs(以降, FSBとする)とは, sprintf()やfprintf()などのprintf関数群やsyslog()などのFormat Strings(以降, 書式指定子とする)を扱える関数において, ユーザが自由に書式指定子を配置できるバグである. これを利用した攻撃手法をFormat String Attacksと呼び, この攻撃によりターゲットとなるプロセスがアクセス可能な任意のメモリの読み書きが行えるようになる. また, それを利用しプログラムの制御を乗っ取ることも可能である.
実際のプログラムに多く存在するとは到底言えないような脆弱性ではあるが稀に見つかることはある. CVE-2012-0809[1]ではsudoのデバッグ機能にFSBが見つかり, 実際にlocal exploitが公開されたりもした. 前述の通り珍しいものではあるが, 任意のメモリの書き換えができるなど非常に強力なものであることからCTFではよく題材にされる.
この記事ではFSBの検証に以下の環境を使用した.
sh-4.3$ uname -a
Linux Arch_Laptop 4.0.4-1-ARCH #1 SMP PREEMPT Mon May 18 06:43:19 CEST 2015 x86_64 GNU/Linux
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // SIFlatButton.swift | |
| // TwitterClone | |
| // | |
| // Created by Shoya Ishimaru on 2015/05/08. | |
| // Copyright (c) 2015年 shoya140. All rights reserved. | |
| // | |
| import UIKit |
NewerOlder