motylwg

def sieve(s: Stream[Int]): Stream[Int] =
  s.head #:: sieve(s.tail filter(_ % s.head != 0))
                                                  
val primes = sieve(Stream.from(2))                     
  
primes.take(100).toList

archisgore

NPM/Node.js recently had a clever, yet simple, code injection attack using "dependency confusion" as the vulnerability. I describe the attack as conducted (simulated, really), and a systemic solution Polyverse has been building for the past two years designed to solve specifically this problem.

A recap of the attack, for baseline:

Node dependencies are specified by name and version but not address/location, i.e., {“sorter”: “1.0”, “binary-search”: “2.0”, “polyverse-billing”: 1.0}.

Notice the last one? It’s intended to be Polyverse internal and contains our proprietary (and sensitive) billing code. Obviously it does not exist on npmjs.com, the public upstream node package repository. It instead comes from a private repository hosted by Polyverse.

In a Sequence Diagram, this is how the flow worked before the attack. Pretty straight-forward.

kawarimidoll

-- https://support.microsoft.com/ja-jp/topic/%E3%83%AD%E3%83%BC%E3%83%9E%E5%AD%97%E5%85%A5%E5%8A%9B%E3%81%AE%E3%81%A4%E3%81%A5%E3%82%8A%E4%B8%80%E8%A6%A7%E8%A1%A8%E3%82%92%E7%A2%BA%E8%AA%8D%E3%81%97%E3%81%A6%E3%81%BF%E3%82%88%E3%81%86-bcc0ad7e-2781-cc9a-e524-7de506d8fdae
local roman_kana_table = {
  -- common symbols in japanese writings
  ['~'] = '～', [','] = '、', ['.'] = '。', ['/'] = '・',
  ['-'] = 'ー', ['['] = '「', [']'] = '」',

  -- other full-space symbols
  -- ['!']='！', ['"']='”', ['#']='＃', ['$']='＄', ['%']='％',
  -- ['&']='＆', [''']='’', ['(']='（', [')']='）', ['*']='＊',
  -- ['+']='＋', [',']='，', ['-']='－', ['.']='．', ['/']='／',

richard-flosi

"""
Example of setting up CORS with Bottle.py.
"""

from bottle import Bottle, request, response, run
app = Bottle()

@app.hook('after_request')
def enable_cors():
    """

p4bl0-

This project is a tiny compiler for a very simple language consisting of boolean expression.

The language has two constants: 1 for true and 0 for false, and 4 logic gates: ! (not), & (and), | (or), and ^ (xor).

It can also use parentheses to manage priorities.

Here is its grammar in BNF format:

expr ::= "0" | "1"

sam-artuso

Setting up Babel and nodemon

Inital set-up

Set up project:

mkdir project
cd project
npm init -y

Neo23x0

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log

moyix

#!/bin/bash

gdb -p "$1" -batch -ex 'set {short}$rip = 0x050f' -ex 'set $rax=231' -ex 'set $rdi=0' -ex 'cont'

RaVbaker

Redirect All Requests To Index.php Using .htaccess

In one of my pet projects, I redirect all requests to index.php, which then decides what to do with it:

Simple Example

This snippet in your .htaccess will ensure that all requests for files and folders that does not exists will be redirected to index.php:

RewriteEngine on

RewriteCond %{REQUEST_FILENAME} !-d

obstschale

Octave CheatSheet

GNU Octave is a high-level interpreted language, primarily intended for numerical computations.
(via GNU Octave)

Hint: I also mad an octave docset for Dash: https://github.com/obstschale/octave-docset

Basics