Skip to content

Instantly share code, notes, and snippets.

View hmage's full-sized avatar

HMage hmage

72 followers · 76 following
View GitHub Profile
@sk22
sk22 / lastfm-remove-duplicates.js
Last active September 28, 2025 21:33
Last.fm duplicate scrobble deleter
var elements = Array.from(document.querySelectorAll('.js-link-block'))
elements.map(function (element) {
var nameElement = element.querySelector('.chartlist-name')
return nameElement && nameElement.textContent.replace(/\s+/g, ' ').trim()
}).forEach(function (name, i, names) {
if (name !== names[i + 1]) return
var deleteButton = elements[i].querySelector('[data-ajax-form-sets-state="deleted"]')
if (deleteButton) deleteButton.click()
location.reload()
})
@HybridDog
HybridDog / ssim_perceptual_downscaling.c
Last active March 25, 2025 21:43
SSIM-based perceptual image downscaling for PNG images
// SPDX-License-Identifier: MIT
//
// This program contains an implementation of SSIM-based perceptual image
// downscaling for PNG images.
// The program can be twice as fast when compiled with -Ofast.
// The program behaviour can be adjusted with predefined preprocessor macros:
// * -DTILEABLE: Assume images wrap around at corners. This should be enabled
// when downscaling tileable textures.
// * -DGAMMA_INCORRECT: Downscale without applying the sRGB EOTF and OETF.
// When downscaling images with symbolic meaning, e.g. screenshots of text or
@jefmathiot
jefmathiot / telegram-dns
Created April 17, 2018 13:40
Telegram DNS
#!/usr/bin/env ruby
require 'base64'
require 'openssl'
require 'net/http'
require 'ipaddr'
require 'json'
def handle_response(body)
raw = Base64.decode64(body)
rsa_key = OpenSSL::PKey::RSA.new(File.read('public_key.pem'))
@hackermondev
hackermondev / research.md
Last active April 30, 2026 19:12
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k