Skip to content

Instantly share code, notes, and snippets.

View moimikey's full-sized avatar
:shipit:
ship it

Michael Scott Hertzberg moimikey

:shipit:
ship it
177 followers · 563 following
View GitHub Profile
@zachlatta
zachlatta / almost_pwned.md
Last active April 16, 2025 11:30

g.co, Google's official URL shortcut (update: or Google Workspace's domain verification, see bottom), is compromised. People are actively having their Google accounts stolen.

Someone just tried the most sophisticated phishing attack I've ever seen. I almost fell for it. My mind is a little blown.

  1. Someone named "Chloe" called me from 650-203-0000 with Caller ID saying "Google". She sounded like a real engineer, the connection was super clear, and she had an American accent. Screenshot.

  2. They said that they were from Google Workspace and someone had recently gained access to my account, which they had blocked. They asked me if I had recently logged in from Frankfurt, Germany and I said no.

  3. I asked if they can confirm this is Google calling by emailing me from a Google email and they said sure and sent me this email and told me to look for a case number in it, which I saw in

@hackermondev
hackermondev / research.md
Last active April 27, 2025 19:28
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@kprotty
kprotty / atomics_for_humans.md
Last active April 23, 2025 13:56
Offering a simpler way to conceptualize https://en.cppreference.com/w/cpp/atomic/memory_order

  1. Every atomic object has a timeline (TL) of writes:

    • A write is either a store or a read-modify-write (RMW): it read latest write & pushed new one.
    • A write is either tagged Relaxed, Release, or SeqCst.
    • A read observes some write on the timeline:
      • On the same thread, future reads can't go backwards on the timeline.
      • A read is either tagged Relaxed, Acquire, or SeqCst.
      • RMWs can also be tagged Acquire (or AcqRel). If so, the Acquire refers to the "read" portion of "RMW".

  2. Each thread has its own view of the world:

  • Shared write timelines but each thread could be reading at different points.
@phatnguyenuit
phatnguyenuit / how-to-compose-react-providers-with-typescript.md
Last active April 11, 2025 07:09
How to compose React Providers with TypeScript

How to compose React Providers with TypeScript

Tree and sunset

Photo by Sergei A on Unsplash

Hi guys 😁! Long time no new articles!

Today, I am going to show you how to compose React providers with TypeScript.

@snej
snej / missing_includes.rb
Created October 2, 2023 16:19
Script to find missing std #includes in C++ headers
#! /usr/bin/env ruby
#
# missing_includes.rb
# By Jens Alfke <[email protected]>
# Version 2.0 -- 2 Oct 2023
# Copyright 2021-Present Couchbase, Inc.
#
# This script scans C++ header files looking for usage of common standard library classes, like
# `std::vector`, without including their corresponding headers, like `<vector>`. It similarly looks
# for standard C functions like `strlen` that are used without including their header (`<cstring>`.)
@mskelton
mskelton / set-package-manager.sh
Created August 29, 2023 02:08
Set the packageManager key in package.json to the latest version of the given package manager
#!/usr/bin/env bash
# Ensure there is a manifest file
if [[ ! -f package.json ]]; then
echo "error: no manifest file found"
exit 1
fi
# Get the repo name for the given package manager
if [[ $1 == 'npm' ]]; then
@moimikey
moimikey / traverseDOMNode.js
Last active June 7, 2023 17:09
Traverse the DOM with cascading predicates
function traverseDOMNodes(node, predicates, cb) {
if (predicates.length === 0) {
// Base case: If there are no more predicates, invoke the callback.
return cb(node);
}
const [currentPredicate, ...remainingPredicates] = predicates;
const children = node.childNodes;
for (let child of children) {
@moimikey
moimikey / web-application-stack.md
Last active September 29, 2021 15:32
web-application-stack.md

Packages

dependencies

  • Apollo
  • Babel
  • Serverless or CDK
  • GraphQL
  • MobX
  • MobX State Tree
  • NextJS
@Raynos
Raynos / mutex.js
Last active June 9, 2020 15:43
PromiseLock or Mutex ?
/**
* A PromiseLock like object.
*
* Used to ensure that we only do one thing at a time on a shared resource.
*
* For example, with async iterator:
*
* this.readLock = new Mutex()
* this.readLock.do(async () => {
* const data = await itr.next();
@moimikey
moimikey / rick-roll.js
Last active October 26, 2023 15:24
rick-roll
var music, musicParse;
musicParse = function(f) {
return eval("for(var t=0,S='RIFF_oO_WAVEfmt " + atob('EAAAAAEAAQBAHwAAQB8AAAEACAA') + "data';++t<3e5;)S+=String.fromCharCode(" + f + ")");
};
music = function() {
var audio, formula;
formula = '(t<<3)*[8/9,1,9/8,6/5,4/3,3/2,0][[0xd2d2c8,0xce4088,0xca32c8,0x8e4009][t>>14&3]>>(0x3dbe4688>>((t>>10&15)>9?18:t>>10&15)*3&7)*3&7]&255';
audio = new Audio("data:audio/wav;base64," + (btoa(musicParse(formula))));