This is still a new situation. There is a lot we don't know. We don't know if there are more possible exploit paths. We only know about this one path. Please update your systems regardless.
This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.
| /* The world's smallest Brainfuck interpreter in C, by Kang Seonghoon | |
| * http://j.mearie.org/post/1181041789/brainfuck-interpreter-in-2-lines-of-c */ | |
| s[99],*r=s,*d,c;main(a,b){char*v=1[d=b];for(;c=*v++%93;)for(b=c&2,b=c%7?a&&(c&17 | |
| ?c&1?(*r+=b-1):(r+=b-1):syscall(4-!b,b,r,1),0):v;b&&c|a**r;v=d)main(!c,&a);d=v;} |
${...} is the property placeholder syntax. It can only be used to dereference properties.
#{...} is SpEL syntax, which is far more capable and complex. It can also handle property placeholders, and a lot more besides.
Both are valid, and neither is deprecated.
| # https://stackoverflow.com/questions/6543519/undoing-accidental-git-stash-pop | |
| # https://stackoverflow.com/questions/89332/how-to-recover-a-dropped-stash-in-git | |
| accepted | |
| If you have only just popped it and the terminal is still open, you will still have the hash value printed by git stash pop on screen (thanks, Dolda). | |
| Otherwise, you can find it using this for Linux and Unix: | |
| git fsck --no-reflog | awk '/dangling commit/ {print $3}' | |
| and for Windows: |
It happens that there are many standards for storing cryptography materials (key, certificate, ...) and it isn't always obvious to know which standard is used by just looking at file name extension or file content. There are bunch of questions on stackoverflow asking about how to convert from PEM to PKCS#8 or PKCS#12, while many tried to answer the questions, those answers may not help because the correct answer depends on the content inside the PEM file. That is, a PEM file can contain many different things, such as an X509 certificate, a PKCS#1 or PKCS#8 private key. The worst-case scenario is that someone just store a non-PEM content in "something.pem" file.
This is a small tool using Tinyscript and pypdf or pikepdf to bruteforce the password of a PDF given an alphabet (defaults to printables) and a length (default is 8).
$ pip install pypdf tinyscript
$ wget https://gist.githubusercontent.com/dhondta/efe84a92e4dfae3b6c14932c73ab2577/raw/pdf-password-bruteforcer.py && chmod +x pdf-password-bruteforcer.py && sudo mv pdf-password-bruteforcer.py /usr/bin/pdf-password-bruteforcer
| # Copyright (c) 2019 Will Bender. All rights reserved. | |
| # This work is licensed under the terms of the MIT license. | |
| # For a copy, see <https://opensource.org/licenses/MIT>. | |
| # Very fast __git_ps1 implementation | |
| # Inspired by https://gist.github.com/wolever/6525437 | |
| # Mainly this is useful for Windows users stuck on msys, cygwin, or slower wsl 1.0 because git/fs operations are just slower | |
| # Caching can be added by using export but PROMPT_COMMAND is necessary since $() is a subshell and cannot modify parent state. | |
| # Linux: time __ps1_ps1 (~7ms) |
| ;;; Startup | |
| ;;; PACKAGE LIST | |
| (setq package-archives | |
| '(("melpa" . "https://melpa.org/packages/") | |
| ("elpa" . "https://elpa.gnu.org/packages/"))) | |
| ;;; BOOTSTRAP USE-PACKAGE | |
| (package-initialize) | |
| (setq use-package-always-ensure t) | |
| (unless (package-installed-p 'use-package) |
| public interface Debuggable { | |
| default String debug() { | |
| StringBuilder sb = new StringBuilder(this.getClass().getName()); | |
| sb.append(" [ "); | |
| Field[] fields = this.getClass().getDeclaredFields(); | |
| for(Field f: fields) { | |
| f.setAccessible(true); | |
| try { | |
| sb.append(f.getName() + " = " + f.get(this)); | |
| sb.append(", "); |
Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228)