Skip to content

Instantly share code, notes, and snippets.

View bryanhelmig's full-sized avatar
Zapier is hiring!

Bryan Helmig bryanhelmig

Zapier is hiring!
321 followers · 979 following
View GitHub Profile
@bmeck
bmeck / gist:1214975
Created September 13, 2011 20:07
escape
vm=require('vm');
function alertMe() {
var Object = {}.constructor;
var o=Object.create(Error.prototype);
function stack(){
stack.caller.constructor('try{console.log("ez")}catch(e){}')();
return function() {return '0'};
};
var properties = {};
[
@bergie
bergie / .gitignore
Created September 19, 2011 15:50
Node.js email handling examples
config.json
reading-image.png
@chitchcock
chitchcock / 20111011_SteveYeggeGooglePlatformRant.md
Created October 12, 2011 15:53
Stevey's Google Platforms Rant

Stevey's Google Platforms Rant

I was at Amazon for about six and a half years, and now I've been at Google for that long. One thing that struck me immediately about the two companies -- an impression that has been reinforced almost daily -- is that Amazon does everything wrong, and Google does everything right. Sure, it's a sweeping generalization, but a surprisingly accurate one. It's pretty crazy. There are probably a hundred or even two hundred different ways you can compare the two companies, and Google is superior in all but three of them, if I recall correctly. I actually did a spreadsheet at one point but Legal wouldn't let me show it to anyone, even though recruiting loved it.

I mean, just to give you a very brief taste: Amazon's recruiting process is fundamentally flawed by having teams hire for themselves, so their hiring bar is incredibly inconsistent across teams, despite various efforts they've made to level it out. And their operations are a mess; they don't real

@aaugustin
aaugustin / convert_to_utc.py
Created June 22, 2012 08:52
Convert datetimes in the database when switching USE_TZ from False to True.
"""Convert datetimes in the database when switching USE_TZ from False to True.
tl;dr RUNNING THIS SCRIPT CAN RESULT IN DATA CORRUPTION, DATA LOSS AND EVEN
SERVER CRASHES. USE IT AT YOUR OWN RISK. NO WARRANTY WHATSOEVER.
This is a management command. Put it in the management.commands package of
one of your applications, then run: ./manage.py convert_to_utc <app_name> ...
This script assumes that no write operations take place while it's running.
It will rewrite every single record in your database; that's its whole point.
@rehanift
rehanift / gist:14cda03c79b1ae33c020
Created July 17, 2012 01:19
Javascript Secure Sandbox Notes

https://groups.google.com/d/msg/nodejs/P-gUjRun2Ek/hDXdS704w_MJ

  1. Use a child process to run the code. This process can be a node process that is running another VM inside of it for user code to be run in (it both the process and separated VM).
  2. Chroot the child process / Jail it / Run as Nobody:Nobody / run it in a new session / run it with empty environmental variables / remove ALL globals from node by setting them to undefined (not null) / everything reasonable to lock down the environment.
  3. Use a serialization channel when talking to user code, never ever directly share objects.
  4. Never reuse a child process.
  5. ANY variable given to a child process for interaction with a parent should be through a strict mode function that can talk to code outside of our VM, never give direct references to objects from the privileged vm. This function should be generated inside of the user code context prior to executing any user code and should not use eval(). All references to objects including functions from th
@dannvix
dannvix / nginx-non-transparent-ssl-proxy.md
Last active October 16, 2023 19:07
Guide to set up nginx as non-transparent SSL proxy, which subsitutes strings in the server responses

Use nginx as Non-Transparent SSL Proxy

Introduction

Many mobile apps have back-end API servers. They usually rely on the API replies to determine whether certain information is supposed to be shown. If the API responses could be manipulated on the fly, we may easily fool an unmodified app to expose some private data.

This manual guides you to set up nginx as non-transparent SSL proxy, which just subsitutes strings in the server responses (i.e. man-in-the-middle attack ourself). For both server-side (their API servers) and client-side (your device), the whole process is almost transparent.

@bcooksey
bcooksey / hook.rb
Created June 18, 2013 17:07 — forked from endymion/contact.rb
This is the orignal, see the new one
class Hook < ActiveRecord::Base
attr_accessible :event, :account_id, :subscription_url, :target_url
validates_presence_of :event, :account_id, :subscription_url, :target_url
# Looks for an appropriate REST hook that matches the record, and triggers the hook if one exists.
def self.trigger(event, record)
hooks = Hook.find(:all, :conditions => {
:event => event,
:account_id => record.account_id,
})
@tbrianjones
tbrianjones / free_email_provider_domains.txt
Last active November 15, 2024 08:56
A list of free email provider domains. Some of these are probably not around anymore. I've combined a dozen lists from around the web. Current "major providers" should all be in here as of the date this is created.
1033edge.com
11mail.com
123.com
123box.net
123india.com
123mail.cl
123qwe.co.uk
126.com
150ml.com
15meg4free.com
@tonyseek
tonyseek / README.rst
Last active November 5, 2022 15:20
Build Python binding of C++ library with cffi (PyPy/Py3K compatible)

Run with Python:

pip-2.7 install cffi
PYTHON=python2.7 sh go.sh

Run with PyPy:

pip-pypy install cffi
PYTHON=pypy sh go.sh
@pwalsh
pwalsh / install-python-pyo-on-raspberry-pi.md
Last active September 4, 2023 20:48
Install Python PYO on Raspberry Pi (Raspian Debian Wheezy)

How to install Python PYO on Raspberry Pi (Raspian Debian Wheezy)

An old version of PYO is installable via apt-get on Raspian. But, we want the latest, don't we...

Dependencies

sudo apt-get install python-dev libjack-jackd2-dev libportmidi-dev portaudio19-dev liblo-dev libsndfile-dev python-dev python-tk python-imaging-tk python-wxgtk2.8