Maciej suside

## xz-backdoor.md

      
              1 file
            
          
              62 forks
            
          
              568 comments
            
          
              1319 stars
            
          
                thesamesam
                / xz-backdoor.md
            
            
              Last active
              June 27, 2024 15:18
            
              
                xz-utils backdoor situation (CVE-2024-3094)
              
          
    FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good
faith of being accurate, but like I just said; we don't yet know everything
about what's going on.
Background

On March 29th, 2024, a backdoor was discovered in
xz-utils, a suite of software that

  
## libre-link-up-http-dump.md

      
              1 file
            
          
              12 forks
            
          
              40 comments
            
          
              51 stars
            
          
                khskekec
                / libre-link-up-http-dump.md
            
            
              Last active
              June 29, 2024 18:08
            
              
                HTTP dump of Libre Link Up used in combination with FreeStyle Libre 3
              
          
    LibreLinkUp HTTP-Dump

This document describes the HTTP communication of LibreLinkUp which functions as follower app to receive cgm data. Some data in the responses were masked.
Context

This dump was created on an android device with LibreLinkUp app. Capturing was done with HttpToolkit over adb.
API Url


## optional-job-based-on-presence-of-a-secret.yaml
name: Build and publish Docker image + Container Scanning
on: [push]
jobs:

  build:
    name: Build
    runs-on: ubuntu-latest
    outputs:
      dockerimage: ${{ steps.dockerimage.outputs.dockerimage }}
      enablecontainerscanning: ${{ steps.enablecontainerscanning.outputs.enablecontainerscanning }}

## scanner.sh
# use ImageMagick convert
# the order is important. the density argument applies to input.pdf and resize and rotate to output.pdf
convert -density 90 input.pdf -rotate 0.5 -attenuate 0.2 +noise Multiplicative -colorspace Gray output.pdf

## docker-compose.yml
#
# Launches configured Graylog 2.3.1 instance
#
# - Docker-compose 1.16 required
# - Please configure following according to your network:
#     * gelf-address URL (for each container)
#     * GRAYLOG_WEB_ENDPOINT_URI
# - After launch define GELF tcp and GELF udp inputs in graylog web ui
# - Containers send logging to the graylog itself
# - By default tuned to 30 days retention

## Price Breakdown.md

      
              1 file
            
          
              25 forks
            
          
              33 comments
            
          
              269 stars
            
          
                justjanne
                / Price Breakdown.md
            
            
              Last active
              April 11, 2024 22:21
                — forked from kylemanna/price.txt
            
              
                Server Price Breakdown: DigitalOcean, Amazon AWS LightSail, Vultr, Linode, OVH, Hetzner, Scaleway/Online.net:
              
          
    Server Price Breakdown: DigitalOcean, Amazon AWS LightSail, Vultr, Linode, OVH, Hetzner, Scaleway/Online.net:

Permalink: git.io/vps
$5/mo


Provider
Type
RAM
Cores
Storage
Transfer
Network
Price


## ParseRSAKeys.java
import java.io.IOException;
import java.net.URISyntaxException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;

## close_docker_files.sh
#!/bin/bash

export PATH=/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin
docker_pid=$(cat /var/run/docker.pid)
gdb -p $docker_pid <<< "$( ls /proc/$docker_pid/fd -l --time-style=+'%s' | grep -E 'deleted' | awk '{ printf("p close(%s)\n", $7)}')" >/dev/null


#closing evenfds that do not have a corresponding memory.oom_control
eventfds="$(for eventfd in $(ls /proc/$docker_pid/fd -l --time-style=+'%s' | grep -E 'eventfd'| awk '{print $7}'); do
        memory_pid=$((eventfd - 1))

## Results.md

      
              3 files
            
          
              11 forks
            
          
              28 comments
            
          
              92 stars
            
          
                nkt
                / Results.md
            
            
              Last active
              September 27, 2023 08:24
            
              
                ReactPHP vs Node.js
              
          
    wrk -t4 -c400 -d10s http://127.0.0.1:1337/
PHP

Running 10s test @ http://127.0.0.1:1337/
  4 threads and 400 connections
  Thread Stats   Avg      Stdev     Max   +/- Stdev
 Latency 7.02ms 6.94ms 82.86ms 85.27%


## phoenix showdown rackspace onmetal io.md

      
              1 file
            
          
              16 forks
            
          
              10 comments
            
          
              127 stars
            
          
                omnibs
                / phoenix showdown rackspace onmetal io.md
            
            
              Last active
              June 10, 2024 17:47
            
              
                Phoenix Showdown Comparative Benchmarks @ Rackspace
              
          
    Comparative Benchmark Numbers @ Rackspace

I've taken the benchmarks from Matthew Rothenberg's phoenix-showdown, updated Phoenix to 0.13.1 and ran the tests on the most powerful machines available at Rackspace.
Results


Framework
Throughput (req/s)
Latency (ms)
Consistency (σ ms)
	name: Build and publish Docker image + Container Scanning
	on: [push]
	jobs:

	build:
	name: Build
	runs-on: ubuntu-latest
	outputs:
	dockerimage: ${{ steps.dockerimage.outputs.dockerimage }}
	enablecontainerscanning: ${{ steps.enablecontainerscanning.outputs.enablecontainerscanning }}
	# use ImageMagick convert
	# the order is important. the density argument applies to input.pdf and resize and rotate to output.pdf
	convert -density 90 input.pdf -rotate 0.5 -attenuate 0.2 +noise Multiplicative -colorspace Gray output.pdf
	#
	# Launches configured Graylog 2.3.1 instance
	#
	# - Docker-compose 1.16 required
	# - Please configure following according to your network:
	# * gelf-address URL (for each container)
	# * GRAYLOG_WEB_ENDPOINT_URI
	# - After launch define GELF tcp and GELF udp inputs in graylog web ui
	# - Containers send logging to the graylog itself
	# - By default tuned to 30 days retention
	import java.io.IOException;
	import java.net.URISyntaxException;
	import java.nio.file.Files;
	import java.nio.file.Paths;
	import java.security.KeyFactory;
	import java.security.NoSuchAlgorithmException;
	import java.security.PrivateKey;
	import java.security.interfaces.RSAPublicKey;
	import java.security.spec.InvalidKeySpecException;
	import java.security.spec.PKCS8EncodedKeySpec;
	#!/bin/bash

	export PATH=/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin
	docker_pid=$(cat /var/run/docker.pid)
	gdb -p $docker_pid <<< "$( ls /proc/$docker_pid/fd -l --time-style=+'%s' \| grep -E 'deleted' \| awk '{ printf("p close(%s)\n", $7)}')" >/dev/null


	#closing evenfds that do not have a corresponding memory.oom_control
	eventfds="$(for eventfd in $(ls /proc/$docker_pid/fd -l --time-style=+'%s' \| grep -E 'eventfd'\| awk '{print $7}'); do
	memory_pid=$((eventfd - 1))