Skip to content

Instantly share code, notes, and snippets.

thesamesam /
Last active March 12, 2025 15:55
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.


gruber / Split Tabs to New Window.scpt
Last active May 5, 2024 16:58
An AppleScript for Safari to move all tabs in the frontmost window, from the current tab to the rightmost (last) tab, to a new window.
use AppleScript version "2.4" -- Yosemite (10.10) or later
use scripting additions
Original script: John Gruber (
Much more elegant version: Leon Cowle (
Even more elegant version:
Worth a warning: "moving" tabs with this script doesn't actually move them like
drag-and-drop does. The tabs "moved" by this script will reload in the new window,
ibireme / kpc_demo.c
Last active February 24, 2025 16:29
A demo shows how to read Intel or Apple M1 CPU performance counter in macOS.
// =============================================================================
// XNU kperf/kpc demo
// Available for 64-bit Intel/Apple Silicon, macOS/iOS, with root privileges
// Demo 1 (profile a function in current thread):
// 1. Open directory '/usr/share/kpep/', find your CPU PMC database.
// M1 (Pro/Max/Ultra): /usr/share/kpep/a14.plist
// M2 (Pro/Max): /usr/share/kpep/a15.plist
// M3: /usr/share/kpep/as1.plist
sindresorhus /
Last active March 13, 2025 12:25
Pure ESM package

Pure ESM package

The package that linked you here is now pure ESM. It cannot be require()'d from CommonJS.

This means you have the following choices:

  1. Use ESM yourself. (preferred)
    Use import foo from 'foo' instead of const foo = require('foo') to import the package. You also need to put "type": "module" in your package.json and more. Follow the below guide.
  2. If the package is used in an async context, you could use await import(…) from CommonJS instead of require(…).
  3. Stay on the existing version of the package until you can move to ESM.
tstarling / make-package-contents.php
Created February 26, 2021 04:44
PECL package <contents> tag generator
define( 'INDENT', ' ' );
$files = shell_exec(
'git -C ' . escapeshellarg( __DIR__ ) .
' ls-tree --name-only -r HEAD'
if ( !$files ) {
al45tair / gist:73be245ab87a66a885742b98be91ac14
Last active April 10, 2024 09:00
Files installed by Zoom for mac OS

The Zoom install package for macOS is mad. Rather than actually using the installer to install things, it does everything in the preinstall script. That's bonkers, and also means that the system won't have a list of the files it installed, because it's doing it using shell script.

The script appears to install two items, namely:

~/Library/Internet Plug-Ins/ZoomUsPlugIn.plugin

If the user opening the package isn't an administrator, it looks like it will install the app in the user's home folder instead. If they are an administrator, Zoom will delete the ZoomUsPlugIn.plugin from /Library if it's there, but it still installs to ~/Library.

It also adds Zoom to your Dock automatically, without asking.

tigt / git-branch-to-favicon.js
Created March 18, 2020 21:10
Creates an SVG string that can be used as a favicon across different Git branches. Actually getting this into the browser is sadly project-specific.
const { execSync } = require('child_process')
const { createHash } = require('crypto')
const invertColor = require('invert-color')
const branchName = execSync('git rev-parse --abbrev-ref HEAD')
const hash = createHash('sha256')
const color = '#' + hash.digest().toString('hex').substring(0, 6)
const invertedColor = invertColor(color, true)
cmod /
Last active March 1, 2025 20:50 — forked from eddiewebb/
Fast, instant client side search for Hugo static site generator
rjhansen /
Last active March 1, 2025 17:59
SKS Keyserver Network Under Attack

SKS Keyserver Network Under Attack

This work is released under a Creative Commons Attribution-NoDerivatives 4.0 International License.

Terminological Note

"OpenPGP" refers to the OpenPGP protocol, in much the same way that HTML refers to the protocol that specifies how to write a web page. "GnuPG", "SequoiaPGP", "OpenPGP.js", and others are implementations of the OpenPGP protocol in the same way that Mozilla Firefox, Google Chromium, and Microsoft Edge refer to software packages that process HTML data.

Who am I? do |spec| = "oc-events-jobs"
spec.version = ""
spec.summary = ""
spec.authors = ""
spec.files = []