Skip to content

Instantly share code, notes, and snippets.

Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@MarkLodato
MarkLodato / xz-backdoor.md
Created April 12, 2024 12:43 — forked from thesamesam/xz-backdoor.md
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is still a new situation. There is a lot we don't know. We don't know if there are more possible exploit paths. We only know about this one path. Please update your systems regardless.

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

@MarkLodato
MarkLodato / provenance-snippet.jsonc
Last active February 10, 2023 21:56
Example provenance for building from tag
"externalParameters": {
"configSource": {
"ref": "refs/tags/v1.2.3",
"repository": "https://github.com/GoogleCloudPlatform/cloud-build-samples",
"path": "basic-config/cloudbuild.yaml"
}
},
"resolvedDependencies": {{
"uri": "git+https://github.com/GoogleCloudPlatform/cloud-build-samples@refs/tags/v1.2.3",
"digest": { "sha1": "bb0fe8075f92bb82b679afe400a47b106f0cec4b" }
@MarkLodato
MarkLodato / go-dirhash.sh
Last active May 30, 2023 14:08
Compute "dirhash" of a go module directory.
#!/bin/bash
# Compute "dirhash" of a go module directory.
#
# Original go code: https://cs.opensource.google/go/x/mod/+/master:sumdb/dirhash/hash.go
#
# Author: Mark Lodato <[email protected]>
#
# Copyright 2022 Google LLC.
# SPDX-License-Identifier: Apache-2.0
{
"_type": "https://in-toto.io/Statement/v0.1",
"predicateType": "https://slsa.dev/provenance/v0.2",
"subject": [
{
"name": "binary-linux-amd64",
"digest": {
"sha256": "6292ee2efd5465706969ea671049028e3c275e88a405439a858e9d766b519518"
}
}
{
"_type": "https://in-toto.io/Statement/v0.1",
"subject": [
{
"name": "dist/PyYAML-6.0-cp310-cp310-macosx_10_9_x86_64.whl",
"digest": {
"sha256": "3335d8653eff7ad35fbd29f3573810d525a4b641eacc59b43922c413062d63cc"
}
},
{
#!/usr/bin/python
# Parse a crawl morgue file and print a pretty skill progression table.
# USAGE: python skill_graph.py < ./crawl/morgue/<filename>.txt
# Works best with 'note_all_skill_levels = true' in ~/.crawlrc.
#
# Copyright 2016 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
@MarkLodato
MarkLodato / gist:437a6deec280a6e8c68b
Last active August 29, 2015 14:20
Address sanitizer report
▶ bzr revno
646
▶ make CC=clang CFLAGS='-fsanitize=address -fno-omit-frame-pointer -g -O1'
▶ for x in ~/p/vt100-to-html/test/*.in; bin/unterm $x >/dev/null || echo $x
=================================================================
==7091==ERROR: AddressSanitizer: negative-size-param: (size=-20)
#0 0x4a611d in __asan_memmove (/home/mark/tmp/libvterm/bin/.libs/lt-unterm+0x4a611d)
#1 0x7ff6a1fc9a11 in scroll /home/mark/tmp/libvterm/src/state.c:92:7
#2 0x7ff6a1fc4624 in on_csi /home/mark/tmp/libvterm/src/state.c:1306:5
#3 0x7ff6a1fcc88d in do_string_csi /home/mark/tmp/libvterm/src/parser.c:100:10

Create the repository:

▶ git init

Create the first branch:

▶ echo foo > one
▶ git add one
▶ git commit -m A
@MarkLodato
MarkLodato / .vimrc
Created November 1, 2012 17:52
My .vimrc
set nocompatible
set bs=2
set ai
set viminfo='20,\"500
set history=50
set ruler
set incsearch
filetype plugin indent on
set shiftwidth=4
set softtabstop=4