Skip to content

Instantly share code, notes, and snippets.

thesamesam /
Last active September 17, 2024 08:32
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.


On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that

# separated IN + OUT to one stereo
ffmpeg -i $filename-in.mp3 -i $filename-out.mp3 -filter_complex "[0]apad[a];[a][1]amerge[aout]" -map "[aout]" $filename.mp3
# Mono to stereo
ffmpeg -i mono.wav -ac 2 stereo.wav
# Stereo to mono
ffmpeg -i stereo.wav -ac 1 mono.flac
superseb /
Last active August 13, 2024 07:31
Cleanup host added as custom to Rancher 2.0
# OUTDATED: please refer to the link below for the latest version:
docker rm -f $(docker ps -qa)
docker volume rm $(docker volume ls -q)
cleanupdirs="/var/lib/etcd /etc/kubernetes /etc/cni /opt/cni /var/lib/cni /var/run/calico /opt/rke"
for dir in $cleanupdirs; do
echo "Removing $dir"
rm -rf $dir
exAspArk /
Last active September 5, 2024 13:35
Test CORS with cURL
curl -I -X OPTIONS \
-H "Origin: http://EXAMPLE.COM" \
-H 'Access-Control-Request-Method: GET' \
http://EXAMPLE.COM/SOMETHING 2>&1 | grep 'Access-Control-Allow-Origin'
DarrenN / get-npm-package-version
Last active September 14, 2024 15:36 — forked from yvele/
Extract version from package.json (NPM) using bash / shell
# Version key/value should be on his own line
PACKAGE_VERSION=$(cat package.json \
| grep version \
| head -1 \
| awk -F: '{ print $2 }' \
| sed 's/[",]//g')
# My take on Mike's source_for method.
# (see
# (1) I named it 'src' rather than source_for (ok, I'm a lazy typer).
# (2) The edit function was broken out as a separate function.
# (3) The edit function is for emacs
# (4) If the method is not defined on the object, and the object
# is a class, then see if it is an instance method on the class.
# The fourth point allows my to say:
uris77 /
Last active May 8, 2024 14:20
Example of Repository Pattern with SQLAlchemy
# This is a very crud example of using the Repository Pattern with SQLAlchemy. It allows me to completely ignore interactions with
# the database. This is only pulled in whenever I require to persist or retrieve an object from the database. The domain/business
# logic is entirely separated from persistence and I can have true unit tests for those.
# The tests for persistence are then limited to very specific cases of persistence and retrieving instances, and I can do those
# independent of the business logic. They also tend to be less tests since I only need to test them once.
bf4 /
Last active July 17, 2021 08:06
Some Ruby Learning Resources
# I don't really see any services here. What I see is:
# - Normal HTTP boundary stuff (params flash, redirect).
# - Model creation and retrieval.
# - Warden manipulation, which is an odd done but smells like boundary.
# I left all of the HTTP boundary stuff in the controller (and only the
# controller). I moved the model creation/retrieval into simple class methods
# in the models. I moved the warden manipulation stuff into
# ApplicationController (with caveats that I'll discuss inline).
jbtule / AESGCM.cs
Last active September 17, 2024 21:30
I have two code examples that I wrote for best practices encrypting a string in c#. They are both using authenticated encryption.
* This work (Modern Encryption of a String C#, by James Tuley),
* identified by James Tuley, is free of known copyright restrictions.
using System;
using System.IO;
using System.Text;