Skip to content

Instantly share code, notes, and snippets.

@thesamesam
thesamesam / xz-backdoor.md
Last active November 17, 2024 13:13
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Background

On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that

# separated IN + OUT to one stereo
filename="my_audio"
ffmpeg -i $filename-in.mp3 -i $filename-out.mp3 -filter_complex "[0]apad[a];[a][1]amerge[aout]" -map "[aout]" $filename.mp3
# Mono to stereo
ffmpeg -i mono.wav -ac 2 stereo.wav
# Stereo to mono
ffmpeg -i stereo.wav -ac 1 mono.flac
@superseb
superseb / cleanup.sh
Last active August 13, 2024 07:31
Cleanup host added as custom to Rancher 2.0
#!/bin/sh
# OUTDATED: please refer to the link below for the latest version:
# https://github.com/rancherlabs/support-tools/blob/master/extended-rancher-2-cleanup/extended-cleanup-rancher2.sh
docker rm -f $(docker ps -qa)
docker volume rm $(docker volume ls -q)
cleanupdirs="/var/lib/etcd /etc/kubernetes /etc/cni /opt/cni /var/lib/cni /var/run/calico /opt/rke"
for dir in $cleanupdirs; do
echo "Removing $dir"
rm -rf $dir
done
@exAspArk
exAspArk / curl.sh
Last active November 5, 2024 16:07
Test CORS with cURL
curl -I -X OPTIONS \
-H "Origin: http://EXAMPLE.COM" \
-H 'Access-Control-Request-Method: GET' \
http://EXAMPLE.COM/SOMETHING 2>&1 | grep 'Access-Control-Allow-Origin'
@DarrenN
DarrenN / get-npm-package-version
Last active October 25, 2024 17:37 — forked from yvele/get-npm-package-version.sh
Extract version from package.json (NPM) using bash / shell
# Version key/value should be on his own line
PACKAGE_VERSION=$(cat package.json \
| grep version \
| head -1 \
| awk -F: '{ print $2 }' \
| sed 's/[",]//g')
echo $PACKAGE_VERSION
# My take on Mike's source_for method.
# (see http://pragmaticstudio.com/blog/2013/2/13/view-source-ruby-methods)
#
# (1) I named it 'src' rather than source_for (ok, I'm a lazy typer).
# (2) The edit function was broken out as a separate function.
# (3) The edit function is for emacs
# (4) If the method is not defined on the object, and the object
# is a class, then see if it is an instance method on the class.
#
# The fourth point allows my to say:
@uris77
uris77 / repo_pattern.py
Last active May 8, 2024 14:20
Example of Repository Pattern with SQLAlchemy
# This is a very crud example of using the Repository Pattern with SQLAlchemy. It allows me to completely ignore interactions with
# the database. This is only pulled in whenever I require to persist or retrieve an object from the database. The domain/business
# logic is entirely separated from persistence and I can have true unit tests for those.
# The tests for persistence are then limited to very specific cases of persistence and retrieving instances, and I can do those
# independent of the business logic. They also tend to be less tests since I only need to test them once.
@bf4
bf4 / ruby_learning.md
Last active July 17, 2021 08:06
Some Ruby Learning Resources
# I don't really see any services here. What I see is:
# - Normal HTTP boundary stuff (params flash, redirect).
# - Model creation and retrieval.
# - Warden manipulation, which is an odd done but smells like boundary.
#
# I left all of the HTTP boundary stuff in the controller (and only the
# controller). I moved the model creation/retrieval into simple class methods
# in the models. I moved the warden manipulation stuff into
# ApplicationController (with caveats that I'll discuss inline).
#
@jbtule
jbtule / AESGCM.cs
Last active October 21, 2024 22:04
I have two code examples that I wrote for best practices encrypting a string in c#. They are both using authenticated encryption. http://stackoverflow.com/a/10366194/637783
/*
* This work (Modern Encryption of a String C#, by James Tuley),
* identified by James Tuley, is free of known copyright restrictions.
* https://gist.github.com/4336842
* http://creativecommons.org/publicdomain/mark/1.0/
*/
using System;
using System.IO;
using System.Text;