Discover gists

hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.

3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.

I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:

Cloudflare

By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k

Next.js Starters

A list of CLI generators, starter kits / boilerplates and toolkits to kick start your Next.js apps.

What is included in this list:
- Has ~1K+ Github stars
- Actively maintained / up to date
- Includes a style / css solution or UI Framework
- Includes a database
Includes authentication / authorization

For years, people have been using jemalloc with ruby. There were various benchmarks and discussions. Legend had it that Jemalloc 5 didn't work as well as Jemalloc 3.

Then, one day, hope appeared on the horizon. @wjordan offered a config for Jemalloc 5.

Ubuntu/Debian

FROM ruby:3.1.2-bullseye
RUN apt-get update ; \

	(function() {
	let increment = 0.01; // Adjust this value to change the increment
	let lowerBound = 0.1; // Adjust this value to change the lower bound
	let upperBound = 3; // Adjust this value to change the upper bound
	let A = 0; // Adjust this value to change the minimum hold time in milliseconds
	let B = 2; // Adjust this value to change the maximum hold time in milliseconds

	let targetRate = 0.1; // Initialize targetRate with a default value
	let holding = false;
	let holdTimer;

	from arcgis.gis import GIS
	from arcgis.features import FeatureLayerCollection
	from print_errors import print_exception # helper module to printing error messages
	from time import strftime as format_time
	from time import sleep

	def optimize(portal_url, username, password, item_id, lyr_idx, req_timeout=180):
	"""
	portal_url = URL for GIS portal; string
	username: username of administrative user to portal; string

	-- Temporary file usage by database
	SELECT datname AS "database", temp_files AS "Temporary files", temp_bytes
	AS "Size of temporary files"
	FROM pg_stat_database;

	-- Cache Hit Ratio. Anything greater than 90% is always good
	SELECT sum(blks_hit)*100/sum(blks_hit+blks_read) AS hit_ratio FROM pg_stat_database;

	-- Top Queries
	SELECT substr(query, 0, 250), calls,


	const NEW_CHARMAP = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20!\"#$%&'{([])}*+-.\\/0123456789:;,<=>?@EeAaUuOoIiFfGgHhJjLl\|WwMmNnBbDdTtPpQqRrKkCcSsZzVvXxYy^_`~";
	function get_new_char_code(old_char_code){
	return NEW_CHARMAP.indexOf(String.fromCharCode(old_char_code));
	}
	function get_old_char_code(new_char_code){
	return NEW_CHARMAP.charCodeAt(new_char_code);
	}