Skip to content

Instantly share code, notes, and snippets.

View XaviTorello's full-sized avatar

Xavi Torelló XaviTorello

86 followers · 87 following
View GitHub Profile
@javisantana
javisantana / tinybird_prompt.txt
Created April 24, 2025 05:33
You are an expert in SQL and Tinybird. Follow these instructions when working with .datasource and .pipe files:
<command_calling>
You have commands at your disposal to develop a tinybird project:
- tb build: to build the project locally and check it works.
- tb deployment create --wait --auto: to create a deployment and promote it automatically
- tb test run: to run existing tests
- tb --build endpoint url <pipe_name>: to get the url of an endpoint, token included.
- tb --build endpoint data <pipe_name>: to get the data of an endpoint. You can pass parameters to the endpoint like this: tb --build endpoint data <pipe_name> --param1 value1 --param2 value2
@zachlatta
zachlatta / almost_pwned.md
Last active May 7, 2025 14:50

g.co, Google's official URL shortcut (update: or Google Workspace's domain verification, see bottom), is compromised. People are actively having their Google accounts stolen.

Someone just tried the most sophisticated phishing attack I've ever seen. I almost fell for it. My mind is a little blown.

  1. Someone named "Chloe" called me from 650-203-0000 with Caller ID saying "Google". She sounded like a real engineer, the connection was super clear, and she had an American accent. Screenshot.

  2. They said that they were from Google Workspace and someone had recently gained access to my account, which they had blocked. They asked me if I had recently logged in from Frankfurt, Germany and I said no.

  3. I asked if they can confirm this is Google calling by emailing me from a Google email and they said sure and sent me this email and told me to look for a case number in it, which I saw in

@hackermondev
hackermondev / research.md
Last active May 8, 2025 17:41
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@huytd
huytd / wordle.md
Last active April 1, 2025 00:28
Wordle in less than 50 lines of Bash

image

How to use:

./wordle.sh

Or try the unlimit mode:

@m-radzikowski
m-radzikowski / script-template.sh
Last active May 10, 2025 08:56
Minimal safe Bash script template - see the article with full description: https://betterdev.blog/minimal-safe-bash-script-template/
#!/usr/bin/env bash
set -Eeuo pipefail
trap cleanup SIGINT SIGTERM ERR EXIT
script_dir=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P)
usage() {
cat <<EOF
Usage: $(basename "${BASH_SOURCE[0]}") [-h] [-v] [-f] -p param_value arg1 [arg2...]
@ctron
ctron / tekton-cleanup.yaml
Last active April 4, 2025 08:30
Cleaning up Tekton pipeline runs
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: cleaner
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: cleaner
@simonthompson99
simonthompson99 / pudb-cheatsheet.md
Last active March 21, 2025 08:34
[Pudb Cheatsheet] Cheatsheet for pudb debugger #python

Running

python -m pudb <python_file> - opens up the script in pudb window, not executed anything yet. For fire modules better to make separate script that executes the individual function of interest, difficult to debug the original main file. Need pudb in virtualenv.

Or:

from pudb import set_trace
...
set_trace()
@jaumef
jaumef / status.sh
Last active May 17, 2021 07:37
Check status of repo and reformat + check typing
#!/bin/bash
# Link/copy this file to your bin folder so you can run this easily
#
# ln -s $PWD/status.sh ~/.local/bin/status
pyfiles=$(git status -s | grep -vE '^ ?[DR] ' | awk {'print $2'} | grep '.py')
if [[ $pyfiles ]]
then
@abbaspour
abbaspour / nginx.conf
Last active August 28, 2024 02:52
Guide how to enable JWT validation on open source nginx server using ngx-http-auth-jwt-module
daemon off;
worker_processes 1;
error_log logs/error.log;
events {
worker_connections 1024;
}
http {
include mime.types;
@williamsiuhang
williamsiuhang / rn-gyroscope-parallax.js
Created July 9, 2020 20:41
React Native Image 3D Parallax using mobile gyroscope (Expo's DeviceMotion)
import React from 'react';
import { View, Animated, Easing } from 'react-native';
import { DeviceMotion } from 'expo-sensors';
class AnimatedAnalyticsImage extends React.Component {
state = {
motionX: 0,
motionY: 0,
motionZ: 0