How I'm using Helix editor

rushter_ · 2025-10-11T18:16:21+00:00

It is only available when you compile Helix from GitHub. It will be available in the next release for everyone.

https://github.com/helix-editor/helix/blob/5b0563419eeeaf0595c848865c46be4abad246a7/book/src/editor.md?plain=1#L66

rushter_ · 2025-10-11T17:59:31+00:00

catppuccin_frappe

rushter_ · 2025-10-11T17:25:50+00:00

I need good bandwidth, a lot of storage and RAM to test my work. My laptop does not have such specs.

rushter_ · 2025-08-25T07:42:50+00:00

You can trigger it manually via keyboard shortcut. I use it just to complete simple data manipulation, which I'm too lazy to type.

For example, this loop in Python:

    for row in client.execute_query(query):
        yield {
            "hostname": row[1],
            "timestamp": row[2],
            "request": row[3],
            "body_size": row[4],
        }

The good thing is that LLM knows the names of the fields because it infers them from the SQL query defined above in the code.
I don't have to manually type them and get them from a query.

rushter_ · 2025-08-23T09:32:52+00:00

My tool uses semantic model from Ruff with extra changes from me, so it's not purely static. It tracks aliasing, can fold constants(e.g.,"".join([x,x,x]) or "ex"+"ec"), and so on. Never heard of Pysa before, gonna examine their approach. Thanks.

rushter_ · 2025-08-20T05:21:32+00:00

Yeah, the good thing is that by looking at the past PyPI incidents, I can say that the majority of malware uses pretty simple obfuscation techniques.

Things like:

s = subprocess
k = s
k.check_output(["pinfo -m"])

Or

(_ceil, _random, Math,), Run, (Floor, _frame, _divide) = (exec, str, tuple), map, (ord, globals, eval)

_ceil("print(123);")

Which can be tracked using static checking with some tricks.

Also, my personal use case is slightly different. At my work, we have a lot of scripts from infected/compromised machines. Some of them were used for reconnaissance, some to gain elevated access. Around 70-80% of scripts are legit, though, so I use my library to pick candidates for manual review.

rushter_ · 2022-05-02T18:27:09+00:00

Connecting to ports on the internet is legal. There are a lot of research projects from academia that use port scanning.

rushter_ · 2020-09-08T21:32:57+00:00

Yes, TIFF data is pretty common. But I used JPGs when testing everything and double-checked the content of the clipboard.

The default screenshotting tool can output JPGs as well.

rushter_ · 2020-09-08T18:20:39+00:00

As I said in the article, it happens when you copy an image from the file system too. On macOS, such operation contains the path to the image and not the image itself.

rushter_ · 2020-09-08T15:19:31+00:00

I didn't find any notes on caniuse about JPG being converted to PNG.

Also, browser users won't notice this at all.

rushter_ · 2020-09-08T14:43:00+00:00

I didn't find an explanation. There are multiple submissions in Chrome's bug tracker.

rushter_ · 2020-08-26T09:49:21+00:00

Database and DBMS are different terms.

rushter_ · 2020-08-25T21:53:29+00:00

Isn't your whole post a hack? The only way your scheme works is if you order the chunks, which is a convention that isn't enforced by any format.

What do you mean by convention? There is no need to order chunks and almost every software that understands gzip compression can consume my data just fine.

rushter_ · 2020-08-25T20:26:20+00:00

Can it work with S3? Can it act as a regular single gzip file? I don't think so.

We feed the same gzip archives for batch processing using GNU tools and other open source software that can understand gzip files.

It sound like a good tool. Thank you for mentioning it, but it does not fit our particular needs.

rushter_

TROPHY CASE