Skip to content

Instantly share code, notes, and snippets.

archisgore /
Last active Feb 17, 2021
NPM/Node.js code injection attack

NPM/Node.js recently had a clever, yet simple, code injection attack using "dependency confusion" as the vulnerability. I describe the attack as conducted (simulated, really), and a systemic solution Polyverse has been building for the past two years designed to solve specifically this problem.

A recap of the attack, for baseline:

Node dependencies are specified by name and version but not address/location, i.e., {“sorter”: “1.0”, “binary-search”: “2.0”, “polyverse-billing”: 1.0}.

Notice the last one? It’s intended to be Polyverse internal and contains our proprietary (and sensitive) billing code. Obviously it does not exist on, the public upstream node package repository. It instead comes from a private repository hosted by Polyverse.

In a Sequence Diagram, this is how the flow worked before the attack. Pretty straight-forward.

ityonemo /
Last active Jun 23, 2021
Zig in 30 minutes

A half-hour to learn Zig

This is inspired by


the command zig run my_code.zig will compile and immediately run your Zig program. Each of these cells contains a zig program that you can try to run (some of them contain compile-time errors that you can comment out to play with)

AnttiParaoanu /
Last active Mar 24, 2021
Proving that 1 + 1 = 2 in Rust

Proving that 1 + 1 = 2 in Rust

The fact that 1 + 1 is equal to 2 is one of those things that is so obvious it may be hard to justify why. Fortunately mathematicians have devised a way of formalizing arithmetic and subsequently proving that 1 + 1 = 2. Natural numbers are based on the Peano axioms. They are a set of simple rules that define (along with a formal system) what natural numbers are. So in order to prove 1 + 1 = 2 in Rust we first need a formal system capable of handling logic. The formal system that we'll be using is not some random crate, but Rust's type system itself! We will not have any runtime code, instead the type checker will do all the work for us.

Implementing the Peano axioms

First let's go trough the Peano axioms. The first axiom is that "Zero is a natural number". Basically what it says is that zero exists. In order to express that in the type system, we just write:

View gist:96162bb24c242682dc77f29c16f67dd8
# Host Database
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
## localhost broadcasthost
::1 localhost
Ryanb58 /
Last active Jun 16, 2021
How to install telnet into a alpine docker container. This is useful when using the celery remote debugger in a dev environment.
>>> docker exec -it CONTAINERID /bin/sh
/app # telnet
/bin/sh: telnet: not found

/app # apk update
v3.7.0-243-gf26e75a186 []
v3.7.0-229-g087f28e29d []
Service SSL status Response Type Allowed methods Allowed headers Exposed headers
sam-artuso /
Last active May 18, 2021
Setting up Babel and nodemon

Setting up Babel and nodemon

Inital set-up

Set up project:

mkdir project
cd project
npm init -y
squarism /
Last active Jun 22, 2021
iterm2 cheatsheet

Tabs and Windows

Function Shortcut
New Tab + T
Close Tab or Window + W (same as many mac apps)
Go to Tab + Number Key (ie: ⌘2 is 2nd tab)
Go to Split Pane by Direction + Option + Arrow Key
Cycle iTerm Windows + backtick (true of all mac apps and works with desktops/mission control)
mattlewissf /
Last active Jun 15, 2021
Lightning Talk: Git add -p

git add -p is your friend

git add -p is basically "git add partial (or patch)"

Patch mode allows you to stage parts of a changed file, instead of the entire file. This allows you to make concise, well-crafted commits that make for an easier to read history. This feature can improve the quality of the commits. It also makes it easy to remove parts of the changes in a file that were only there for debugging purposes - prior to the commit without having to go back to the editor.

It allows you to see the changes (delta) to the code that you are trying to add, and lets you add them (or not) separately from each other using an interactive prompt. Here's how to use it:

from the command line, either use

  • git add -p
fperez / ProgrammaticNotebook.ipynb
Last active May 27, 2021
Creating an IPython Notebook programatically
View ProgrammaticNotebook.ipynb
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.