Skip to content

Instantly share code, notes, and snippets.

Discover gists

@arch1t3cht
arch1t3cht / video_noob_guide.md
Last active June 12, 2026 19:10
What you NEED to know before touching a video file

What you NEED to Know Before Touching a Video File

Hanging out in subtitling and video re-editing communities, I see my fair share of novice video editors and video encoders, and see plenty of them make the classic beginner mistakes when it comes to working with videos. A man can only read "Use Handbrake to convert your mkv to an mp4 :)" so many times before losing it, so I am writing this article to channel the resulting psychic damage into something productive.

If you are new to working with videos (or, let's face it, even if you aren't), please read through this guide to avoid making mistakes that can cost you lots of time, computing power, storage space, or video quality.

@arbaes
arbaes / atomic-arch-check.sh
Last active June 12, 2026 19:04
Atomic Arch vulnerability scan (atomic-lockfile injection checker)
#!/usr/bin/env bash
# Atomic Arch / atomic-lockfile AUR campaign check
# Sources:
# - https://lists.archlinux.org/archives/list/aur-general@lists.archlinux.org/thread/FGXPCB3ZVCJIV7FX323SBAX2JHYB7ZS4/
# - https://www.sonatype.com/blog/atomic-arch-npm-campaign-adds-malicious-dependency
# - https://ioctl.fail/preliminary-analysis-of-aur-malware/
set -uo pipefail
# Known IOC strings: the malicious npm dep names this campaign rotates through,
# plus the payload's path inside the npm package ("preinstall": "./src/hooks/deps").
@ruvnet
ruvnet / witness-sota.md
Last active June 12, 2026 19:39
Tamper-Evident Witness Logs: SOTA survey and gap analysis for RVM's witness chain (keyed-BLAKE3 + Merkle sealing) vs transparency logs, verifiable DBs, and secure-logging literature

Tamper-Evident Witness Logs: State of the Art and Where RVM Stands

Update (2026-06-12, same day): Recommendations R1, R2, R4, and R6 from Part 6 are now implemented, tested, and merged (PR #558): chained seal digests with keyless whole-history verification (verify_seal_chain_binding), the new rvm-checkpoint crate emitting C2SP tlog-checkpoint / signed-note output (the Go sumdb/note reference vector reproduces byte-identically), per-segment forward-secure key ratcheting with in-critical-section key erasure, and CoveragePolicy::Strict backpressure invariants wired into the security gate ("no witness, no mutation" fails closed). Combined suite: 926 tests, 0 failures; the append hot path is unchanged (all new state is seal-time-only; control-normalized bench). The post-compromise property now has a test: an attacker holding the current chain key who rewrites sealed history and recomputes the entire downstream MAC chain is detected via ratchet

@huihut
huihut / Windows10-professional-activation.md
Created August 2, 2018 09:32
Windows10 专业版 激活方法
  1. 以管理员身份运行CMD
  2. slmgr.vbs /upk
  3. slmgr /ipk W269N-WFGWX-YVC9B-4J6C9-T83GX
  4. slmgr /skms zh.us.to
  5. slmgr /ato
@BoberSdoh
BoberSdoh / vpn-billing-data-investigation.md
Created June 12, 2026 18:59
A 36-month audit of VPN data breaches: 11 incidents, 3.4M+ identity records exposed. Why "no-logs" audits don't cover the database where your name and card number actually live, and what a structurally anonymous provider looks like. Investigation, ledger, and a way out.

Your VPN Doesn't Log Your Traffic. It Logs You. — And That's a Bigger Problem.

Investigation Breaches reviewed Records exposed Reading time

In the last 36 months, eleven separate VPN providers have either leaked or been forced to disclose their billing databases. Across those incidents, somewhere north of 3.4 million customer records are now in third-party hands — emails, names, billing addresses, partial card numbers, and in four cases, full card BINs with countries of issuance. Every single one of those records belongs to someone who chose that service specifically for privacy. This is not a story about traffic logs. It's a story about the much larger logging problem nobody is selling you a solution to.

@intenzemotion
intenzemotion / hide-edge-rounded-corners.ps1
Last active June 12, 2026 18:58
Hide Edge v149 forced rounded corners. Additionally hide red dot on profile icon too.
# This script must be run as Administrator to update some shortcut paths. Checking it first...
$IsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(
[Security.Principal.WindowsBuiltInRole]::Administrator
)
if (-not $IsAdmin) {
Write-Host "Not running as Administrator. Some shortcuts may fail to update." -ForegroundColor Yellow
Write-Host ""
}
# This is your Edge path, it should be installed here (if you're on Stable channel).
@tid-kijyun
tid-kijyun / tally-counter.lua
Last active June 12, 2026 18:57
[OBS Script]Sets a text source to act as a tally counter when the source is active.
obs = obslua
source_name = ""
format_text = ""
start_number = 0
step_number = 0
now_count = 0
last_text = ""
activated = false
@LiquidFenrir
LiquidFenrir / gist:d110f3e7755ffbe82672eda49ae21af2
Last active June 12, 2026 18:53
gdb 101 for 3ds, credits to Stary
1. enable debugger in rosalina menu
go to process list
select a process
2. launch arm-none-eabi-gdb <path to elf>
command "target remote ip:port"
3. command "continue" or "c" to resume execution
4.
@tiago-peres
tiago-peres / Import CSV Weight data into Garmin.md
Last active June 12, 2026 18:45
Import CSV Weight data into Garmin

I've used a Smart Scale since 2020 with its own app which eventually became Zepp Life.

Having acquired a Garmin a while ago, would be a pity to lose all that data.

The good news is that we can pull data from other accounts or activity trackers into Garmin Connect in the import page

https://connect.garmin.com/modern/import-data

So, I exported the Body data as CSV from Zepp Life.

@cnemri
cnemri / prompt.md
Created June 10, 2026 10:57
Claude Fable 5: Sidi Bousaid 3D prompt

Write a complete, production-ready, single-file HTML/JavaScript application that renders a highly detailed, photo-realistic, navigable 3D scene of the iconic cliffside village of Sidi Bou Said, Tunisia using Three.js.

CRITICAL INSTRUCTIONS — NO LAZY CODE

  • Do NOT use any external asset URLs (no external .gltf, .obj, .jpg, or .png files) as they can break or fail CORS. All textures, heights, and models must be generated dynamically and procedurally within the script (e.g., using HTML Canvas to draw textures, procedural noise algorithms for plaster and stone, or mathematical structures for 3D meshes).
  • Do NOT write placeholder comments, truncated code blocks, "// TODO" markers, or "left as an exercise" shorthand. Every single function, shader, loop, and variable must be written out in its entirety.
  • The output must be a single, copy-pasteable HTML file that runs perfectly immediately when opened in a browser.

TECHNICAL REQUIREMENTS & FEATURES

  1. Libraries: Load Three.js and OrbitControls vi