Skip to content

Instantly share code, notes, and snippets.

View hkoba's full-sized avatar

Kobayasi, Hiroaki hkoba

32 followers · 12 following
View GitHub Profile
@mhiramat
mhiramat / gen-insn-dic.awk
Last active February 20, 2022 23:17
#!/bin/awk -f
# gen-insn-dic.awk: x86 Instruction dictionary generator
#
# Usage: awk -f gen-insn-dic.awk arch/x86/lib/x86-opcode-map.txt > x86-dic.tsv
# Awk implementation sanity check
function check_awk_implement() {
if (sprintf("%x", 0) != "0")
return "Your awk has a printf-format problem."
return ""
@miyagawa
miyagawa / text.md
Last active August 29, 2015 14:05
Plack::Middleware::Session::Cookie vulnerability

Aug 11, 2014

Plack::Middleware::Session::Cookie 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server, when the middleware is enabled without a secret.

If you use Plack::Middleware::Session::Cookie, you're required to pass a secret option to the middleware. The value of the secret key must obviously be kept private.

  • Version 0.22 is released today, which gives you a big WARNING when it is enabled without a secret set.
  • Version 0.23 TRIAL is released, which refuses to run without a secret set, giving an error message on the startup. This will become a non-trial release in a few days.

Solution

@jashkenas
jashkenas / semantic-pedantic.md
Last active May 7, 2025 01:36
Why Semantic Versioning Isn't

Spurred by recent events (https://news.ycombinator.com/item?id=8244700), this is a quick set of jotted-down thoughts about the state of "Semantic" Versioning, and why we should be fighting the good fight against it.

For a long time in the history of software, version numbers indicated the relative progress and change in a given piece of software. A major release (1.x.x) was major, a minor release (x.1.x) was minor, and a patch release was just a small patch. You could evaluate a given piece of software by name + version, and get a feeling for how far away version 2.0.1 was from version 2.8.0.

But Semantic Versioning (henceforth, SemVer), as specified at http://semver.org/, changes this to prioritize a mechanistic understanding of a codebase over a human one. Any "breaking" change to the software must be accompanied with a new major version number. It's alright for robots, but bad for us.

SemVer tries to compress a huge amount of information — the nature of the change, the percentage of users that wil

@Constellation
Constellation / t2.js
Created August 30, 2014 19:39
/*
Copyright (C) 2014 Yusuke Suzuki <[email protected]>
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
@hyuki0000
hyuki0000 / README
Last active August 29, 2015 14:06
AutoGetter - Twitterで自分のツイートから自分へのリプライをまとめるRubyスクリプト(連ツイまとめ作成用)
## AutoGetter - Twitterで自分のツイートから自分へのリプライをまとめるRubyスクリプト(連ツイまとめ作成用)
https://gist.github.com/hyuki0000/85989bcf78d1476d74d3
1. config.yamlを自分用に作成する。
2. ruby autogetter.rb を実行する。
3. 自分へのリプライ(リプライ連鎖)ごとに 1.html, 2.html, 3.html, ... とファイルにまとめる(既存ファイル上書き)。
4. HTMLが直接書けるサイトに貼り付ける。
@todesking
todesking / bash.patch
Created September 25, 2014 15:03
This patch introduces very cool feature and no more vulnerability!!!
diff --git a/variables.c b/variables.c
index 92a5a10..b485dab 100644
--- a/variables.c
+++ b/variables.c
@@ -347,39 +347,6 @@ initialize_shell_variables (env, privmode)
temp_var = (SHELL_VAR *)NULL;
- /* If exported function, define it now. Don't import functions from
- the environment in privileged mode. */
@summerwind
summerwind / client.js
Last active August 29, 2015 14:08
Sample code for HTTP/2 Conference
var net = require('net'),
hpack = require('./hpack');
var FRAME_HEADER_LEN = 9;
function createSettingsFrame(ack) {
var flag = ack ? 0x1 : 0x0;
var frameHeader = new Buffer(FRAME_HEADER_LEN);
frameHeader.writeUInt32BE(0x0, 0);
@methane
methane / ReadRequest.txt
Created November 1, 2014 12:56
ROUTINE ====================== net/http.ReadRequest
11 403 samples (flat, cumulative) 27.2% of total
-------------------- /home/ec2-user/local/go/src/net/http/request.go
2 2 591: func ReadRequest(b *bufio.Reader) (req *Request, err error) {
. . 447b70: FS MOVQ FS:0xfffffff0, CX
2 2 447b79: LEAQ 0xffffff30(SP), AX
. . 447b81: CMPQ 0x10(CX), AX
. . 447b85: JA 0x447b8e
. . 447b87: CALL runtime.morestack_noctxt(SB)
. . 447b8c: JMP net/http.ReadRequest(SB)
@mikkun
mikkun / Fork_bomb.svg
Created November 10, 2014 09:00
SVG file for printing "Fork bomb" stickers. This file is under the public domain.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
@adukot
adukot / Intel_Edison_lspci-v
Last active August 29, 2015 14:09
00:00.0 Host bridge: Intel Corporation Device 1170 (rev 01)
Flags: bus master, fast devsel, latency 0
00:01.0 SD Host controller: Intel Corporation Device 1190 (rev 01) (prog-if 01)
Flags: bus master, fast devsel, latency 64
Memory at ff3fc000 (32-bit, non-prefetchable) [size=256]
Capabilities: [b0] Power Management version 3
Capabilities: [b8] Vendor Specific Information: Len=08 <?>
Capabilities: [c0] PCI-X non-bridge device