Skip to content

Instantly share code, notes, and snippets.

View yuna0x0's full-sized avatar
🍥
:3

yuna0x0 yuna0x0

🍥
:3
386 followers · 273 following
View GitHub Profile
@negoro26
negoro26 / README.md
Last active October 22, 2025 10:29
Waybar DDC/CI brightness control script

Control external monitor brightness using ddcutil with Waybar integration.

Features

  • Left click: Set brightness to 100%
  • Right click: Set brightness to 0%
  • Scroll: Fine adjustment (optional)
  • Instant updates via signals

Requirements

  • ddcutil installed
@mattppal
mattppal / security-checklist.md
Last active October 20, 2025 13:43
A simple security checklist for your vibe coded apps

Frontend Security

Security Measure Description
Use HTTPS everywhere Prevents basic eavesdropping and man-in-the-middle attacks
Input validation and sanitization Prevents XSS attacks by validating all user inputs
Don't store sensitive data in the browser No secrets in localStorage or client-side code
CSRF protection Implement anti-CSRF tokens for forms and state-changing requests
Never expose API keys in frontend API credentials should always remain server-side
@yuna0x0
yuna0x0 / harden-ssh.sh
Last active April 9, 2025 14:29
Harden SSH (Force public key auth and deny root login)
#!/bin/bash
# Force public key authentication
cat > /etc/ssh/sshd_config.d/20-force_publickey_auth.conf <<EOF
PasswordAuthentication no
AuthenticationMethods publickey
EOF
# Deny root login
echo "PermitRootLogin no" > /etc/ssh/sshd_config.d/20-deny_root.conf
@hackermondev
hackermondev / research.md
Last active October 21, 2025 09:20
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@ngocdangrby
ngocdangrby / AuthyIntegrity.md
Created August 30, 2024 12:40
Bypass Authy integrity with Rooted Android phone

It took me 3 days to pass the error The device does not meet the minimum integrity requirements.

Finally, I exported my Authy from my Android 14 phone on custom ROM.

  • Phone: Realme GT2
  • ROM: custom ROM PixelOS
  • State: Root already
  • Android: 14
  • Integrity: MEETS_DEVICE_INTEGRITY
@OrionReed
OrionReed / dom3d.js
Last active September 28, 2025 08:09
3D DOM viewer, copy-paste this into your console to visualise the DOM topographically.
// 3D Dom viewer, copy-paste this into your console to visualise the DOM as a stack of solid blocks.
// You can also minify and save it as a bookmarklet (https://www.freecodecamp.org/news/what-are-bookmarklets/)
(() => {
const SHOW_SIDES = false; // color sides of DOM nodes?
const COLOR_SURFACE = true; // color tops of DOM nodes?
const COLOR_RANDOM = false; // randomise color?
const COLOR_HUE = 190; // hue in HSL (https://hslpicker.com)
const MAX_ROTATION = 180; // set to 360 to rotate all the way round
const THICKNESS = 20; // thickness of layers
const DISTANCE = 10000; // ¯\\_(ツ)_/¯
@bazhenovc
bazhenovc / the_sane_rendering_manifesto.md
Last active September 30, 2025 18:19
The Sane Rendering Manifesto

The Sane Rendering Manifesto

The goal of this manifesto is to provide an easy to follow and reasonable rules that realtime and video game renderers can follow.

These rules highly prioritize image clarity/stability and pleasant gameplay experience over photorealism and excess graphics fidelity.

Keep in mind that shipping a game has priority over everything else and it is allowed to break the rules of the manifesto when there are no other good options in order to ship the game.

Do not use dynamic resolution.

@Artefact2
Artefact2 / README.md
Last active October 21, 2025 02:42
GGUF quantizations overview
@SUPERCHIEFYT
SUPERCHIEFYT / loggingbots.md
Last active August 30, 2025 08:11
Breakdown of all of the known logging bots. (If I missed any let me know and I'll add it)

Logger: https://github.com/curtisf/logger

  • You can still selfhost the bot (view selfhosting-guide in the support server)

Selfhosted Loggers:

WARNING: It's unlikely any public instances of Logger will be added here, Discord failed to verify and grant intents needed to another public selfhosted instance and the user had to shutdown their instance.

INFO The only selfhosted Loggers listed here will be from trusted members of the Logger support server. If you're selfhosting and a trusted member and want your selfhosted Logger to be listed then we'll reach out to you directly, don't ask to be listed here.
@Bluefissure
Bluefissure / fix.py
Last active July 18, 2025 03:25
Fix broken palworld save caused by existing guild & too many capture logs
# author: Bluefissure
# License: MIT License
# Description: Fixes Palworld brokwn save files corrupted by someone existing the guild
# Based on the work of https://github.com/cheahjs/palworld-save-tools/releases/tag/v0.13.0
import argparse
import codecs
import os
import json
from lib.gvas import GvasFile