Skip to content

Instantly share code, notes, and snippets.

View kumavis's full-sized avatar
🐉
!

kumavis kumavis

🐉
!
1.4k followers · 1.7k following
View GitHub Profile
@kriskowal
kriskowal / uber-to-agoric.md
Last active May 10, 2022 22:51
Uber to Agoric

I have a bit of good news and bad news. Friday, April 3, was my last day at Uber. Monday, April 6, was my first day at Agoric.

I started at Uber 5½ years ago, on the dispatch system. I joined Tom Croucher’s team, which focused on common frameworks for marketplace systems, with Jake Verbaten, Russ Frank, and spiritually Matthew Esch. When I arrived, the scaffolding and frameworks were in place. I wrote a tool for verifying that JSON schema evolution remained backward-compatible, did some weird stuff to automatically mix the middleware stack, and wrote a thing to balance load across Node.js processes more fairly than the Linux kernel. I don’t believe any of that work made it to production, really, but for those six months, I learned how to operate global dispatch while I was on-call for 24 hours once a month and developed a bald spot.

I then got on board a new Distributed Systems Group under Matt Ranney’s guidance and many of the folks I’ve been working with to this day. Matt had designed a DHT based on the S

@paulmillr
paulmillr / BLS_Signature.md
Last active February 12, 2025 15:27
BLS Signature for Busy People

BLS Signature for Busy People

Summary

  • BLS stands for

    • Barreto-Lynn-Scott: BLS12, a Pairing Friendly Elliptic Curve.
    • Boneh-Lynn-Shacham: A Signature Scheme.

  • Signature Aggregation

  • It is possible to verify n aggregate signatures on the same message with just 2 pairings instead of n+1.

@kriskowal
kriskowal / async-composition-2020.js
Last active January 19, 2021 06:03
function *count(n) {
for (let i = 0; i < n; i++) {
yield i;
}
}
const delay = ms => new Promise(resolve => setTimeout(resolve, ms));
const asyncForEach = async (values, callback) => {
@wlib
wlib / LICENSE
Last active April 30, 2024 17:07
Run a shell script with bash, line-by-line, prompted on each command. Useful for running unknown scripts or debugging. Not a secure substitute for understanding a script beforehand.
MIT License
Copyright (c) 2021 Daniel Ethridge
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
@hackermondev
hackermondev / research.md
Last active May 5, 2025 03:30
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k