Skip to content

Instantly share code, notes, and snippets.

View kirushik's full-sized avatar

Kirill Pimenov kirushik

164 followers · 14 following
View GitHub Profile
@mnesarco
mnesarco / build-installer.py
Created December 27, 2020 13:25
AppImage Auto Installer Builder
#!/usr/bin/python3
#
# Copyright 2020 Frank David Martinez M. (mnesarco at github)
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
@Nemo157
Nemo157 / _Publishing crates to IPFS.md
Last active March 26, 2024 20:46
Publishing crates to IPFS

Publishing crates to IPFS

This was an experiment in seeing how feasible it would be to distribute crates on IPFS using the alternative registries feature combined with a local IPFS web gateway.

There was very little plan for this originally, and I wish I had kept more of the intermediate states as I went through multiple major design changes. My original goal was to publish my CLI utility [bs58-cli][] and its dependency tree.

@typokign
typokign / zoomsucks.md
Last active September 8, 2023 05:06
Zoom Sucks

Zoom Sucks

  • Zoom abuses the installer flow on MacOS to bypass permissions dialogs (source)
  • Zoom sends identifying device info to Facebook, even when users don't have a Facebook account (source) (fixed)
  • A bug in Zoom sent identifying information (including email addresses and profile pictures) of thousands of users to strangers (source)
  • Zoom claims that meetings are end-to-end encrypted in their white paper and marketing materials, but meetings are only encrypted in transit, and are available in plaintext to Zoom servers and employees. (source)
  • zoomAutenticationTool can be used to escalat
@roycewilliams
roycewilliams / clientside-software-update-verification-failures.md
Last active August 6, 2024 01:51
Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS).

Client-side software update verification failures

Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS).

Contributions welcome. All text taken from the vulnerability descriptions themselves, with additional emphasis mine.

In scope:

  • I consider exploitation or privilege escalation of the package tool/system itself (that would have been mitigated by secure transport) to be in scope.
  • Issues only described as being triggered by malicious mirrors are assumed to also be vulnerable to MITM.
  • Failure to verify the software update at all is currently provisionally in scope if it could have been mitigated by secure transport, but I'm waffling about it. Most of these are actual signature verification failures, and my original purpose was to highlight cases where claims of "It's OK to be HTTP because verification!" seem to me to be specious.
  • Software components regularly used to verify integrity in other software pipelines a
@mbakke
mbakke / config.scm
Last active April 26, 2024 23:26
GuixSD with custom kernel
(define-module (my packages)
#:use-module ((guix licenses) #:prefix license:)
#:use-module (gnu packages linux)
#:use-module (guix build-system trivial)
#:use-module (gnu)
#:use-module (guix download)
#:use-module (guix git-download)
#:use-module (guix packages))
(define (linux-nonfree-urls version)
@jFransham
jFransham / Rust Optimization.md
Last active October 29, 2024 10:36
@yossorion
yossorion / what-i-wish-id-known-about-equity-before-joining-a-unicorn.md
Last active November 3, 2024 17:14
What I Wish I'd Known About Equity Before Joining A Unicorn

What I Wish I'd Known About Equity Before Joining A Unicorn

Disclaimer: This piece is written anonymously. The names of a few particular companies are mentioned, but as common examples only.

This is a short write-up on things that I wish I'd known and considered before joining a private company (aka startup, aka unicorn in some cases). I'm not trying to make the case that you should never join a private company, but the power imbalance between founder and employee is extreme, and that potential candidates would

@tomaka
tomaka / postgres_macros.rs
Last active September 28, 2016 12:42
macro_rules! query {
($db:ident, $query:expr, [$($param:expr),*], {$($out_field:ident: $ty:ty),+ }) => ({
#[derive(Debug, Clone)]
#[allow(non_snake_case)]
struct Output {
$(
$out_field: $ty,
)+
}
@alekseykulikov
alekseykulikov / index.md
Last active October 12, 2024 17:02
Principles we use to write CSS for modern browsers

Recently CSS has got a lot of negativity. But I would like to defend it and show, that with good naming convention CSS works pretty well.

My 3 developers team has just developed React.js application with 7668 lines of CSS (and just 2 !important). During one year of development we had 0 issues with CSS. No refactoring typos, no style leaks, no performance problems, possibly, it is the most stable part of our application.

Here are main principles we use to write CSS for modern (IE11+) browsers:

@pbock
pbock / buergerbot.rb
Last active November 11, 2024 00:09
Bürgerbot: Refreshes the Berlin Bürgeramt page until an appointment becomes available, then notifies you.
#!/usr/bin/env ruby
require 'watir-webdriver'
def log (message) puts " #{message}" end
def success (message) puts "+ #{message}" end
def fail (message) puts "- #{message}" end
def notify (message)
success message.upcase
system 'osascript -e \'Display notification "Bürgerbot" with title "%s"\'' % message
rescue StandardError => e