Skip to content

Instantly share code, notes, and snippets.

View kpmeen's full-sized avatar
👾

Knut Petter Meen kpmeen

👾
View GitHub Profile
@karanlyons
karanlyons / ZoomDaemon.yara
Last active August 5, 2024 23:37
Fixes for Zoom, RingCentral, Zhumu (and additional white labels) RCE vulnerabilities
private rule Macho
{
meta:
description = "private rule to match Mach-O binaries (copied from Apple's XProtect)"
condition:
uint32(0) == 0xfeedface or uint32(0) == 0xcefaedfe or uint32(0) == 0xfeedfacf or uint32(0) == 0xcffaedfe or uint32(0) == 0xcafebabe or uint32(0) == 0xbebafeca
}
rule ZoomDaemon
{
@non
non / seeds.md
Last active July 10, 2024 20:34
Simple example of using seeds with ScalaCheck for deterministic property-based testing.

introduction

ScalaCheck 1.14.0 was just released with support for deterministic testing using seeds. Some folks have asked for examples, so I wanted to produce a Gist to help people use this feature.

simple example

These examples will assume the following imports:

Quick Tips for Fast Code on the JVM

I was talking to a coworker recently about general techniques that almost always form the core of any effort to write very fast, down-to-the-metal hot path code on the JVM, and they pointed out that there really isn't a particularly good place to go for this information. It occurred to me that, really, I had more or less picked up all of it by word of mouth and experience, and there just aren't any good reference sources on the topic. So… here's my word of mouth.

This is by no means a comprehensive gist. It's also important to understand that the techniques that I outline in here are not 100% absolute either. Performance on the JVM is an incredibly complicated subject, and while there are rules that almost always hold true, the "almost" remains very salient. Also, for many or even most applications, there will be other techniques that I'm not mentioning which will have a greater impact. JMH, Java Flight Recorder, and a good profiler are your very best friend! Mea

@tallclair
tallclair / restricted-psp.yaml
Last active April 16, 2024 07:46
Restricted PodSecurityPolicy
apiVersion: extensions/v1beta1
kind: PodSecurityPolicy
metadata:
name: restricted
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
spec:
@lihaoyi
lihaoyi / Test.scala
Created October 30, 2017 13:49
Resolving jars with Coursier and compiling Scala with the Zinc incremental compiler, in a self-contained Ammonite script
import play.api.libs.json.Json
object Main{
def main(args: Array[String]): Unit = {
println(
Json.prettyPrint(
Json.toJson(Seq("Hello", "World", "Cow"))
)
)
}
@mandubian
mandubian / diff-viz.scala
Created October 16, 2017 13:22
Visualizing scala code diff in scala code (result is compiling Scala code with diffs annotated in comments)
// Build Scala source code
val tree = q"""
object Test {
val a = 2 + 5
def f(b: String) = { b + a.toString }
}
"""
val src = List(TreeNode(tree))
// Build Scala target code
import sbt._, Keys._
import scala.xml.{Node => XmlNode, NodeSeq => XmlNodeSeq, _}
import scala.xml.transform.{RewriteRule, RuleTransformer}
import sbt.plugins.JvmPlugin
object PPrintPlugin extends AutoPlugin {
override def requires = JvmPlugin
override def trigger: PluginTrigger = AllRequirements
override def projectSettings: Seq[Def.Setting[_]] = List(
libraryDependencies ++= {
type ∀[F[_]] = scalaz.Forall[F]
/**
* An unpublished arbitrary type. May be viewed as a formulation of
* (∃ α . α). Thus, we encode a rank-1 universal by means of a rank-2
* existential. This encoding is more convenient for our purposes.
*/
sealed trait τ
object τ {

How to GPG as a Scala OSS Maintainer

tl;dr Generate a GPG key pair (exercising appropriate paranoia). Send it to key servers. Create a Keybase account with the public part of that key. Use your keypair to sign git tags and SBT artifacts.

GPG is probably one of the least understood day-to-day pieces of software in the modern developer's toolshed. It's certainly the least understood of the important pieces of software (literally no one cares that you can't remember grep's regex variant), and this is a testament to the mightily terrible user interface it exposes to its otherwise extremely simple functionality. It's almost like cryptographers think that part of the security comes from the fact that bad guys can't figure it out any more than the good guys can.

Anyway, GPG is important for open source in particular because of one specific feature of public/private key cryptography: signing. Any published software should be signed by the developer (or company) who published it. Ideally, consu