Skip to content

Instantly share code, notes, and snippets.

View Posandu's full-sized avatar

Posandu Mapa Posandu

97 followers · 16 following
View GitHub Profile
@sindresorhus
sindresorhus / chalk-source-index-with-malware.js
Last active September 25, 2025 17:16
DO NOT EXECUTE. https://github.com/chalk/chalk/issues/656
import ansiStyles from '#ansi-styles';
import supportsColor from '#supports-color';
import { // eslint-disable-line import/order
stringReplaceAll,
stringEncaseCRLFWithFirstIndex,
} from './utilities.js';
@t3dotgg
t3dotgg / try-catch.ts
Last active November 30, 2025 20:25
Theo's preferred way of handling try/catch in TypeScript
// Types for the result object with discriminated union
type Success<T> = {
data: T;
error: null;
};
type Failure<E> = {
data: null;
error: E;
};
@hackermondev
hackermondev / research.md
Last active December 2, 2025 14:11
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

@rain-1
rain-1 / On Llamafile.md
Last active June 25, 2024 14:31
On Llamafile

On Llamafile not making sense

The LLamafile project doesn't make sense.

The claim is that it is "bringing LLMs to the people", but you could already run an LLM - which is a large binary file containing lots of floating point numbers - by using llama.cpp.

Llamafile joins a compiled binary program to run LLMs with a weights binary into a single file. This isn't a useful goal. you could simply distribute a zip containing an .exe and a weights file together. Or better still: Decouple the program that runs these chatbots from the chatbot weights.

Imagine if PNG files were also an executable that could pop open a window that displays a PNG on your computer. There is a reason we don't do this: It's not good engineering.

@VictorTaelin
VictorTaelin / impossible_prompt.txt
Last active October 23, 2025 16:09
GPTs dumb
A::B is a system with 4 tokens: `A#`, `#A`, `B#` and `#B`.
An A::B program is a sequence of tokens. Example:
B# A# #B #A B#
To *compute* a program, we must rewrite neighbor tokens, using the rules:
A# #A ... becomes ... nothing
A# #B ... becomes ... #B A#
@thesamesam
thesamesam / xz-backdoor.md
Last active November 30, 2025 22:27
xz-utils backdoor situation (CVE-2024-3094)

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.

Background

@OrionReed
OrionReed / dom3d.js
Last active November 16, 2025 19:47
3D DOM viewer, copy-paste this into your console to visualise the DOM topographically.
// 3D Dom viewer, copy-paste this into your console to visualise the DOM as a stack of solid blocks.
// You can also minify and save it as a bookmarklet (https://www.freecodecamp.org/news/what-are-bookmarklets/)
(() => {
const SHOW_SIDES = false; // color sides of DOM nodes?
const COLOR_SURFACE = true; // color tops of DOM nodes?
const COLOR_RANDOM = false; // randomise color?
const COLOR_HUE = 190; // hue in HSL (https://hslpicker.com)
const MAX_ROTATION = 180; // set to 360 to rotate all the way round
const THICKNESS = 20; // thickness of layers
const DISTANCE = 10000; // ¯\\_(ツ)_/¯
@eylenburg
eylenburg / msoffice_in_linux.md
Last active December 6, 2025 05:53
Installing Microsoft Office in Linux

Step by step guide: How to install Microsoft Office in any Linux distribution

There are multiple options how to install MS Office on Linux.

VM-based - Integrate Windows apps running in a Windows virtual machine as native-looking in Linux

  1. LinOffice - Microsoft Office Launcher for Linux, my own fork of Winapps which is focused on only running Microsoft Office, with some Office-specific improvements over Winapps and a fully automated setup. Eventually I would like to create a GUI for it. Decribed below
  2. Winapps, based on KVM, QEMU, Docker/Podman and FreeRDP. Still actively maintained (getting Github commits). Decribed below
  3. Cassowary, based on KVM, QEMU, libvirt/virt-manager, and FreeRDP. Last release in Feb 2022 and seems to be abandoned.
@Posandu
Posandu / discord-color-palette.js
Last active August 19, 2022 10:01
Discord colors
const red = {
50: "#ffebee",
100: "#ffcdd2",
200: "#ef9a9a",
300: "#e57373",
400: "#ef5350",
500: "#f44336",
600: "#e53935",
700: "#d32f2f",
800: "#c62828",
@JoeyBurzynski
JoeyBurzynski / 55-bytes-of-css.md
Last active October 28, 2025 06:41
58 bytes of css to look great nearly everywhere

58 bytes of CSS to look great nearly everywhere

When making this website, i wanted a simple, reasonable way to make it look good on most displays. Not counting any minimization techniques, the following 58 bytes worked well for me:

main {
  max-width: 38rem;
  padding: 2rem;
  margin: auto;
}