Skip to content

Instantly share code, notes, and snippets.

View n0099's full-sized avatar
🏳️‍⚧️
HRT 24-11-01

n0099 n0099

🏳️‍⚧️
HRT 24-11-01
57 followers · 0 following
View GitHub Profile
@avestura
avestura / delete-from-users-where-location-iran.md
Last active September 29, 2025 18:43
DELETE FROM users WHERE location = 'IRAN';

DELETE FROM users WHERE location = 'IRAN';

Hi! I am an Iranian Software Engineer, and in this torn paper note, I want to talk about some funny moments I had online related to the fact that I was spawned in this specific region of the world: Iran.

Microsoft deleted my app, ignored my mails

Back when I was a student, I got access to the Microsoft Imagine, and as a result, I got access to the Microsoft Store as a developer. This inspired me write one of my open-source projects called EyesGuard and publish it on Microsoft Store. However, one day, somebody told me that they can no longer find EyesGuard on the store.

@faustinoaq
faustinoaq / myAngular.html
Last active July 1, 2025 14:07
Front-end libraries (React, Vue, Angular) and the basic principles of how they work, all in a single file using pure JavaScript (VanillaJS).
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>My Angular from Scratch</title>
<style>
.my-component {
font-family: Arial, sans-serif;
@xproot
xproot / IAhijack.md
Last active November 18, 2024 11:40
Internet Archive hijack timeline

Please contribute to this by pointing out missing items of interest in the comments, dates are in UTC.

  • September 2024 -

28 September - The database for the Internet Archive is saved by the hijacker.

30 September - Troy Hunt, the founder of 'Have I been Pwned?' gets sent the database. [1]

  • Oct 6, 2024 -
@adrienne
adrienne / mullenweg-wpe.md
Last active September 14, 2025 13:56
The Mullenweg/WPE Thing
@smx-smx
smx-smx / XZ Backdoor Analysis
Last active June 2, 2025 22:53
[WIP] XZ Backdoor Analysis and symbol mapping
XZ Backdoor symbol deobfuscation. Updated as i make progress
@thesamesam
thesamesam / xz-backdoor.md
Last active September 11, 2025 08:38
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.

Background

@tcaptan-cr
tcaptan-cr / IntersectionObserverScrollMarginExplainer.md
Last active June 8, 2025 22:24
Intersection Observer Scroll Margin Explainer

Intersection Observer Scroll Margin Explainer

Intersection Observer scrollMargin allows developers to observe targets inside nested scroll containers that are currently clipped away by the scroll containers. This is achieved by expanding the container's clipping rect by the scrollMargin when calculating the intersection.

Intersection Observer Scroll Margin Specification

Problem

@osy
osy / tpm-rant.md
Last active September 17, 2025 08:35
TPM provides zero practical security

TPM provides zero practical security

TPM (Trusted Platform Module) is as useful for preventing real attackers as the TSA is at preventing real terrorists. The architecture is fundamentally flawed and most existing implementations are completely broken. I thought this argument was settled decades ago[1] when "trusted computing" was introduced mostly as a way to provide DRM and ownership capabilities to organizations. It has largely failed to impact the consumer market when it was introduced back in the early 2000s. However, recently there seems to be a movement by certain parties to reintroduce this failed product back to the market. Microsoft argues that in order to use Windows 11, you need TPM 2.0 compatible hardware because[2]:

The Trusted Platform Module(TPM) requirement ena

@MaxwellDupre
MaxwellDupre / trim-generations.sh
Last active September 12, 2025 00:48 — forked from Bondrake/trim-generations.sh
NixOS script to keep 30 generations or 30 days, whichever is greater (configurable, profile is selectable)
#!/usr/bin/env bash
set -euo pipefail
## Defaults
keepGensDef=30; keepDaysDef=30
keepGens=$keepGensDef; keepDays=$keepDaysDef
## Usage
usage () {
printf "Usage:\n\t ./trim-generations.sh <keep-gernerations> <keep-days> <profile> \n\n
@chowder
chowder / README.md
Last active September 26, 2025 03:39
Exporting Microsoft Authenticator TOTP secrets

Background

Workplaces may enforce TOTP 2FA to be enabled Office 365 accounts, which require the Microsoft Authenticator app to be installed.

Regular TOTP applications (such as Aegis, Authy, or LastPass) cannot be used as Microsoft uses a proprietary scheme called phonefactor. Furthermore, the application requires Google Services Framework (GSF) to be installed (likely to provide device notifications), and will refuse to work when it is not present on the device.

Forunately, after the registration is complete, the underlying mechanism the app uses to generate TOTP codes is regular otpauth, and its secrets can be exported with a little bit of effort.

Extracting the keys