Skip to content

Instantly share code, notes, and snippets.

View uasi's full-sized avatar

Tomoki Aonuma uasi

135 followers · 0 following
View GitHub Profile
@hackermondev
hackermondev / writeup.md
Last active December 29, 2025 18:34
How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack

hi, i'm daniel. i'm a 16-year-old high school senior. in my free time, i hack billion dollar companies and build cool stuff.

about a month ago, a couple of friends and I found serious critical vulnerabilities on Mintlify, an AI documentation platform used by some of the top companies in the world.

i found a critical cross-site scripting vulnerability that, if abused, would let an attacker to inject malicious scripts into the documentation of numerous companies and steal credentials from users with a single link open.

(go read my friends' writeups (after this one))
how to hack discord, vercel, and more with one easy trick (eva)
Redacted by Counsel: A supply chain postmortem (MDL)

@simi
simi / rc-wtf.md
Last active December 25, 2025 23:23
@sindresorhus
sindresorhus / esm-package.md
Last active December 25, 2025 12:39
Pure ESM package

Pure ESM package

The package that linked you here is now pure ESM. It cannot be require()'d from CommonJS.

This means you have the following choices:

  1. Use ESM yourself. (preferred)
    Use import foo from 'foo' instead of const foo = require('foo') to import the package. You also need to put "type": "module" in your package.json and more. Follow the below guide.
  2. If the package is used in an async context, you could use await import(…) from CommonJS instead of require(…).
  3. Stay on the existing version of the package until you can move to ESM.
@masklinn
masklinn / cheatsheet.md
Last active December 24, 2025 22:07
launchctl/launchd cheat sheet

I've never had great understanding of launchctl but the deprecation of the old commands with launchctl 2 (10.10) has been terrible as all resources only cover the old commands, and documentation for Apple utilities is generally disgracefully bad, with launchctl not dissembling.

Mad props to https://babodee.wordpress.com/2016/04/09/launchctl-2-0-syntax/ which contains most details

domains

Internally, launchd has several domains, but launchctl 1 would only ask for service names,

@shunirr
shunirr / criminal_jc.md
Last active June 21, 2025 08:07
女子中学生チケット詐欺事件

criminal_jc

@voluntas
voluntas / naze_erlang.rst
Last active June 15, 2025 07:38
なぜ Erlang/OTP を使い続けるのか
@voluntas
voluntas / webrtc.rst
Last active December 22, 2025 11:51
WebRTC コトハジメ
@yudai
yudai / gist:6f8f44ac878c41eaf7dc
Last active November 7, 2023 08:35
Google v. Oracle API著作権裁判

Oracle v. GoogleのAPI著作権裁判の話

OracleとGoogleの判決文を斜め読む」を読んで裁判の経緯は理解できたものの、判決の詳細があまり理解できなかったので判決文を自分で読んだ。法律的な難しさはあまりなく、技術的な論点と関係する条文および過去の判例などが非常にわかりやすく解説されており、判決の根拠もたとえ話を交えて書かれているなど非常に読みやすい印象を受けた。

全体の内容としては比較的単純で「あらゆるプログラムのコードは著作権で保護される。ただしFair Useによる合法的な利用に関しては差し戻し審で審議せよ」という事のようだ。実は「API」という言葉は一切判決文には出てこないため、内容を良く読む必要がある。

17 U.S.C. 102(b)を巡るGoogleの主張

@imjasonh
imjasonh / markdown.css
Last active September 3, 2025 22:12
Render Markdown as unrendered Markdown (see http://jsbin.com/huwosomawo)
* {
font-size: 12pt;
font-family: monospace;
font-weight: normal;
font-style: normal;
text-decoration: none;
color: black;
cursor: default;
}
@mala
mala / gist:fad5e0bc8a82a9c0fc9d
Last active December 29, 2016 18:02
AFNetworking 2.5.2 以下の脆弱性について

未修正のアプリが数多く残っている状態なので、パブリックな場所での言及には注意して下さい

未修正のアプリが数多く残っている状況ですが、すでに広く情報が公開されており、2.5.2で修正されたという情報が広まると混乱が生じるため広く周知する次第です。

問題と経緯

AFNetworking 2.5.1 にMITM攻撃を許す脆弱性があり、2.5.2で修正された、 と報道されていますが、これは誤りです。