Skip to content

Instantly share code, notes, and snippets.

View hktonylee's full-sized avatar

hktonylee

37 followers · 48 following
View GitHub Profile
@karpathy
karpathy / llm-wiki.md
Created April 4, 2026 16:25
llm-wiki

LLM Wiki

A pattern for building personal knowledge bases using LLMs.

This is an idea file, it is designed to be copy pasted to your own LLM Agent (e.g. OpenAI Codex, Claude Code, OpenCode / Pi, or etc.). Its goal is to communicate the high level idea, but your agent will build out the specifics in collaboration with you.

The core idea

Most people's experience with LLMs and documents looks like RAG: you upload a collection of files, the LLM retrieves relevant chunks at query time, and generates an answer. This works, but the LLM is rediscovering knowledge from scratch on every question. There's no accumulation. Ask a subtle question that requires synthesizing five documents, and the LLM has to find and piece together the relevant fragments every time. Nothing is built up. NotebookLM, ChatGPT file uploads, and most RAG systems work this way.

@sherifkozman
sherifkozman / codex-researcher.md
Last active June 8, 2026 02:01
codex-researcher: A Claude Code sub-agent that uses OpenAI Codex CLI for conducting research

name: codex-researcher description: > Use this agent when you need to conduct research on any topic using OpenAI's Codex CLI. This includes gathering information about technologies, companies, market trends, scientific topics, historical events, or any subject requiring in-depth analysis. The agent leverages the codex exec command with web search to perform comprehensive research. model: inherit color: green

@maple3142
maple3142 / CVE-2025-55182.http
Last active May 30, 2026 20:47
CVE-2025-55182 React Server Components RCE POC
POST / HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36
Next-Action: x
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Length: 459
------WebKitFormBoundaryx8jO2oVc6SWP3Sad
Content-Disposition: form-data; name="0"
@rebane2001
rebane2001 / glass-with-controls.html
Last active April 15, 2026 16:21
glass effect test css/svg thing (messy) - demo: https://codepen.io/rebane2001/details/OPVQXMv
<div style="position:absolute;top:-999px;left:-999px">
<svg
id="effectSvg"
width="200"
height="200"
viewBox="0 0 200 200"
xmlns="http://www.w3.org/2000/svg">
<filter id="displacementFilter4">
@hackermondev
hackermondev / research.md
Last active June 16, 2026 22:05
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@thesamesam
thesamesam / xz-backdoor.md
Last active June 13, 2026 06:42
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.

Background

@adtac
adtac / Dockerfile
Last active December 26, 2025 00:20
#!/usr/bin/env docker run
#!/usr/bin/env -S bash -c "docker run -p 8080:8080 -it --rm \$(docker build --progress plain -f \$0 . 2>&1 | tee /dev/stderr | grep -oP 'sha256:[0-9a-f]*')"
# syntax = docker/dockerfile:1.4.0
FROM node:20
WORKDIR /root
RUN npm install sqlite3
@Nexarian
Nexarian / xrdp-nvidia-setup.sh
Last active June 15, 2026 23:42
Setup for XRDP using Nvidia Acceleration
#!/usr/bin/env bash
set -e
cd ~
sudo -v
# Make sure system is in a good, updated, clean, state.
sudo apt-get -y update
@nateraw
nateraw / stable_diffusion_walk.py
Created August 18, 2022 05:59
Walk between stable diffusion text prompts
"""
Built on top of this gist by @karpathy:
https://gist.github.com/karpathy/00103b0037c5aaea32fe1da1af553355
stable diffusion dreaming over text prompts
creates hypnotic moving videos by smoothly walking randomly through the sample space
example way to run this script:
$ python stable_diffusion_walk.py --prompts "['blueberry spaghetti', 'strawberry spaghetti']" --seeds 243,523 --name berry_good_spaghetti
@ClementNerma
ClementNerma / zsh-cheatsheet.md
Last active June 11, 2026 02:34

ZSH CheatSheet

This is a cheat sheet for how to perform various actions to ZSH, which can be tricky to find on the web as the syntax is not intuitive and it is generally not very well-documented.

Strings

Description Syntax
Get the length of a string ${#VARNAME}
Get a single character ${VARNAME[index]}