🌐 US-Proxy
class="logged-out env-production page-responsive" style="word-wrap: break-word;" >
Skip to content

Instantly share code, notes, and snippets.

Discover gists

@vitalyford
vitalyford / cpent_notes.md
Created January 11, 2023 23:20
CPENT pentesting notes
@greymd
greymd / sudo新一.md
Last active June 29, 2026 06:12
sudo新一

 オレは高校生シェル芸人 sudo 新一。幼馴染で同級生の more 利蘭と遊園地に遊びに行って、黒ずくめの男の怪しげな rm -rf / 現場を目撃した。端末をみるのに夢中になっていた俺は、背後から近づいてきたもう1人の --no-preserve-root オプションに気づかなかった。 俺はその男に毒薬を飲まされ、目が覚めたら・・・ OS のプリインストールから除かれてしまっていた!

sudo がまだ $PATH に残っていると奴らにバレたら、また命を狙われ、他のコマンドにも危害が及ぶ』

 上田博士の助言で正体を隠すことにした俺は、 which に名前を聞かれて、とっさに『gnuplot』と名乗り、奴らの情報をつかむために、父親がシェル芸人をやっている蘭の $HOME に転がり込んだ。ところが、このおっちゃん・・・とんだヘボシェル芸人で、見かねた俺はおっちゃんになりかわり、持ち前の権限昇格能力で、次々と難タスクを解決してきた。おかげで、おっちゃんは今や世間に名を知られた名エンジニア、俺はといえばシェル芸 bot のおもちゃに逆戻り。クラスメートの convertojichattextimg にお絵かきコマンドと誤解され少年ワンライナーお絵かき団を結成させられる始末。

 ではここで、博士が作ってくれたメカを紹介しよう。最初は時計型麻酔 kill 。ふたについた照準器にあわせてエンターを押せば、麻酔シグナルが飛び出し、プロセスを瞬時に sleep させることができる。 次に、蝶ネクタイ型 banner 。裏についているダイヤルを調整すれば、ありとあらゆる大きさのメッセージを標準出力できる。必殺のアイテムなら fork 力増強シューズ。電気と磁力で足を刺激し、 :(){ :|:& };: でプロセステーブ

@karpathy
karpathy / llm-wiki.md
Created April 4, 2026 16:25
llm-wiki

LLM Wiki

A pattern for building personal knowledge bases using LLMs.

This is an idea file, it is designed to be copy pasted to your own LLM Agent (e.g. OpenAI Codex, Claude Code, OpenCode / Pi, or etc.). Its goal is to communicate the high level idea, but your agent will build out the specifics in collaboration with you.

The core idea

Most people's experience with LLMs and documents looks like RAG: you upload a collection of files, the LLM retrieves relevant chunks at query time, and generates an answer. This works, but the LLM is rediscovering knowledge from scratch on every question. There's no accumulation. Ask a subtle question that requires synthesizing five documents, and the LLM has to find and piece together the relevant fragments every time. Nothing is built up. NotebookLM, ChatGPT file uploads, and most RAG systems work this way.

@LimaniBhavik
LimaniBhavik / Git & Github CLI Commands.md
Created April 16, 2021 05:54

Git Commands

A list of Git commands

Tell Git who you are

@GerHobbelt
GerHobbelt / emoji-list.md
Last active June 29, 2026 06:08 — forked from rxaviers/gist:7360908
Complete list of github markdown emoji markup

A list of GitHub emoji markup, adapted from rxavier's Complete list of github markdown emoji markup, generated with a Grunt script for maintainability (see repository).

Additional original source material: http://unicode.org/emoji/charts/full-emoji-list.html

This table is available as a gist at https://gist.github.com/GerHobbelt/b9b87a2257ddd5251a45628d61385717 and as part of the build repo at https://github.com/GerHobbelt/emoji-list/blob/master/dist/emoji-list.md

Table of Contents

@skorasaurus
skorasaurus / localconfig.json
Last active June 29, 2026 06:06
[
{
"where": "Layer",
"if": {
"Datasource.type": "postgis"
},
"then": {
"Datasource.dbname": "hdmht",
"Datasource.user": "skors",
"Datasource.host": "localhost"
@aamiaa
aamiaa / WidgetCreator.md
Last active June 29, 2026 06:06

Widget Creator Script

This script does most of the widget creating work for you if you've found the manual tutorials too hard to follow.

How to use:

  1. Navigate to the Discord Developer Portal
  2. Press Ctrl+Shift+I to open DevTools
  3. Go to the Console tab
  4. Paste the following code and hit enter:
Details
@samsch
samsch / stateless-is-a-lie.md
Created May 14, 2019 18:50
Stateless is a lie

There is no such thing as stateless authentication

The big "make everything stateless" hype is just that: hype. Your server-side application code, should usually be stateless, because this makes your application more resilient to errors, easier to scale, and easier to reason about. But there are exceptions to even that, especially for stuff like video game servers.

Your services are almost always going to be stateful, and should be. If you have a database, files, or literally anything that affects the responses the server sends, then the service is not stateless.

So building "stateless" services is a lie. You shouldn't strive to make your services stateless, you should make sure you're putting your state in the correct place.

Where does my state go?

@samsch
samsch / stop-using-jwts.md
Last active June 29, 2026 06:00
Stop using JWTs

Stop using JWTs!

TLDR: JWTs should not be used for keeping your user logged in. They are not designed for this purpose, they are not secure, and there is a much better tool which is designed for it: regular cookie sessions.

If you've got a bit of time to watch a presentation on it, I highly recommend this talk: https://www.youtube.com/watch?v=pYeekwv3vC4 (Note that other topics are largely skimmed over, such as CSRF protection. You should learn about other topics from other sources. Also note that "valid" usecases for JWTs at the end of the video can also be easily handled by other, better, and more secure tools. Specifically, PASETO.)

A related topic: Don't use localStorage (or sessionStorage) for authentication credentials, including JWT tokens: https://www.rdegges.com/2018/please-stop-using-local-storage/

The reason to avoid JWTs comes down to a couple different points:

  • The JWT specification is specifically designed only for very short-live tokens (~5 minute or less). Sessions