Skip to content

Instantly share code, notes, and snippets.

View BasixKOR's full-sized avatar

Sung Jeon BasixKOR

549 followers · 710 following
View GitHub Profile
@zachlatta
zachlatta / almost_pwned.md
Last active March 6, 2025 15:47

g.co, Google's official URL shortcut (update: or Google Workspace's domain verification, see bottom), is compromised. People are actively having their Google accounts stolen.

Someone just tried the most sophisticated phishing attack I've ever seen. I almost fell for it. My mind is a little blown.

  1. Someone named "Chloe" called me from 650-203-0000 with Caller ID saying "Google". She sounded like a real engineer, the connection was super clear, and she had an American accent. Screenshot.

  2. They said that they were from Google Workspace and someone had recently gained access to my account, which they had blocked. They asked me if I had recently logged in from Frankfurt, Germany and I said no.

  3. I asked if they can confirm this is Google calling by emailing me from a Google email and they said sure and sent me this email and told me to look for a case number in it, which I saw in

@cometkim
cometkim / download-hira.md
Last active January 7, 2025 08:05
보건의료빅데이터개방시스템(opendata.hira.or.kr) 공공데이터 상세 페이지 첨부파일 일괄 다운로드 스크립트

보건의료빅데이터개방시스템(opendata.hira.or.kr) 공공데이터 상세 페이지 첨부파일 일괄 다운로드 스크립트

Usage

bun install

PAGE="https://opendata.hira.or.kr/op/opc/selectOpenData.do?sno=11925&publDataTpCd=&searchCnd=&searchWrd=%EC%A0%84%EA%B5%AD&pageIndex=1"
bun download-hira.ts "$PAGE"
@cometkim
cometkim / early-hints-test.mjs
Last active November 26, 2024 17:02
Do your infra hops respect HTTP 103 Early Hints?
import * as http from 'node:http';
import { Readable } from 'node:stream';
import { setInterval } from 'node:timers/promises';
async function* chunksWhile(ms) {
let count = 0;
for await (const startTime of setInterval(1000, Date.now())) {
yield `<div>Looking for your cat... (n=${++count})</div>`;
if (Date.now() - startTime > ms) {
return;
@cometkim
cometkim / README.md
Last active December 23, 2024 17:19
There are too many LRU implementations in JS...

JavaScript LRU library benchmark

There are too many LRU(Least Recently Used) implementations in JS.

I recommend to use [flru] which is the smallest one and fast enough. Unless you need more rich functionality.

However, it's performance is vary depend on the host environment. For example, flru loses on Bun.

If you need micro-optimization on it, measure it yourself in your environment.

@pilcrowonpaper
pilcrowonpaper / js-encryption.md
Last active November 30, 2024 20:56

Encrypting data with AES128 in JavaScript

Usage

AES128 uses a 16 byte secret key.

const key = new Uint8Array(16);
crypto.getRandomValues(key);
@ellemedit
ellemedit / README.md
Created June 19, 2024 06:45
A ReactDOM hook that allows you to reset form optionally after submitting

Example:

function Form() {
  const [isPending, onSubmit] = useFormActionHandler((formData, reset) => {
    if (formData.get('condition') === 'X') {
      reset();
    }
    // ...
 });
@thesamesam
thesamesam / xz-backdoor.md
Last active March 12, 2025 15:55
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.

Background

@NyanSatan
NyanSatan / t8120-ap_keys-210124.json
Created January 21, 2024 16:47
T8120 AP & SEP keys 21.01.24
[
{
"build": "20A362",
"fw": "iPhone15,2_16.0_20A362_Restore.ipsw",
"file": "LLB.d73.RELEASE.im4p",
"kbag": "985898593B143B130AAEA95C723A342D647ED5F9E0953871E836000A7108E52D75E0BA03A9917E984889DCA1253D3F1C",
"key": "9f58969bb426e99f2dc541bd524f2b5696865560a201a230ee25c89cd2a147d9e5d17779c0b816fd29c5f760a892c5bf"
},
{
"build": "20A362",
@WebReflection
WebReflection / proxy-traps-cheat-sheet.md
Last active February 16, 2025 23:41
Proxy Traps Cheat Sheet

Proxy Traps Cheat Sheet

There are various shenanigans around the Proxy API, including issues with Array.isArray and Object.ownKeys so that this gits purpose is to describe all the undocummented caveats to help anyone dealing with all possibilities this half-doomed API offers.

The 3 + 1 Proxy Types

  • object: any non primitive value can be proxied but apply and construct traps won't work with it. If the object somehow wants to represent an array without being one, it's impossible to survive Array.isArray brand check (it will be false) and with ownKeys the target needs to have a non configurable length property or it will also fails once reached
  • array: it's like object but it survives the `
@cpursley
cpursley / postgresql_is_enough.md
Last active March 11, 2025 10:13
Postgres is Enough