Skip to content

Instantly share code, notes, and snippets.

View captn3m0's full-sized avatar

Nemo captn3m0

2.1k followers · 818 following
View GitHub Profile
@mikeal
mikeal / gist:9242748
Last active June 23, 2020 05:17
Response to Nodejitsu NPM Trademark

I've known people at nodejitsu for years, since before the company even existed. I still consider many of them friends. That said, somebody over there has lost their mind.

Trademarks are an important part of open source. They protect the integrity of the trust that is built by any project. A classic example of why this is the case is Firefox. Suppose that a malware producer takes the Firefox codebase, which is free and open source, packages up their malware with it and then releases it as "Firefox". Then they buy search advertising and suddenly their bad and malicious version of Firefox is the first result on search engines across the web. This is clearly a bad thing for Firefox and open source everywhere, but what can Mozilla do to protect their community of users?

They can't enforce a software license since the use is permitted under the Mozilla Public License. They can, however, enforce on these hypothetical bad actors using their trademark on the word "Fi

@joernchen
joernchen / bounty.txt
Created February 22, 2014 16:17
Bounty writeup
GitHub RCE by Environment variable injection Bug Bounty writeup
Disclaimer: I'll keep this really short but I hope you'll get the key points.
GitHub blogged a while ago about some internal tool called gerve:
https://github.com/blog/530-how-we-made-github-fast
Upon git+sshing to github.com gerve basically looks up your permission
on the repo you want to interact with. Then it bounces you further in
another forced SSH session to the back end where the repo actually is.
@mscdex
mscdex / gist:8493112
Created January 18, 2014 16:55
Use npm API from system copy of npm
function loadNpm(cb) {
require('child_process').exec('npm', function(err, stdout, stderr) {
if (err) return cb(err);
var m = /npm@[^ ]+ (.+)\n/i.exec(stdout);
if (!m)
return cb(new Error('Unable to find path in npm help message'));
cb(undefined, require(m[1]));
});
}
@dergachev
dergachev / backup-services.md
Last active October 12, 2023 06:14
Results of my backup services research

backup services research

I googled around, especially with site:news.ycombinator.com for backup recommendations. Here are notes on the top hits.

tarsnap

http://www.tarsnap.com/

  • by prolific HN member; focus on encryption and deduplication
@jed
jed / how-to-set-up-stress-free-ssl-on-os-x.md
Last active February 24, 2026 02:07
How to set up stress-free SSL on an OS X development machine

How to set up stress-free SSL on an OS X development machine

One of the best ways to reduce complexity (read: stress) in web development is to minimize the differences between your development and production environments. After being frustrated by attempts to unify the approach to SSL on my local machine and in production, I searched for a workflow that would make the protocol invisible to me between all environments.

Most workflows make the following compromises:

  • Use HTTPS in production but HTTP locally. This is annoying because it makes the environments inconsistent, and the protocol choices leak up into the stack. For example, your web application needs to understand the underlying protocol when using the secure flag for cookies. If you don't get this right, your HTTP development server won't be able to read the cookies it writes, or worse, your HTTPS production server could pass sensitive cookies over an insecure connection.

  • Use production SSL certificates locally. This is annoying

@autarch
autarch / gist:5856172
Created June 25, 2013 05:38
Make insane website colors sane - I can't remember where I first found this.
javascript:(function(){function R(w){try{var d=w.document,j,i,t,T,N,b,r=1,C;for(j=0;t=["object","embed","applet","iframe"][j];++j){T=d.getElementsByTagName(t);for(i=T.length-1;(i+1)&&(N=T[i]);--i)if(j!=3||!R((C=N.contentWindow)?C:N.contentDocument.defaultView)){b=d.createElement("div");b.style.width=N.width; b.style.height=N.height;b.innerHTML="<del>"+(j==3?"third-party "+t:t)+"</del>";N.parentNode.replaceChild(b,N);}}}catch(E){r=0}return r}R(self);var i,x;for(i=0;x=frames[i];++i)R(x)})(); javascript:(function(){var newSS, styles='* { background: white ! important; color: black !important; text-shadow: none !important } :link, :link * { color: #0000EE !important } :visited, :visited * { color: #551A8B !important }'; if(document.createStyleSheet) { document.createStyleSheet("javascript:'"+styles+"'"); } else { newSS=document.createElement('link'); newSS.rel='stylesheet'; newSS.href='data:text/css,'+escape(styles); document.getElementsByTagName("head")[0].appendChild(newSS); } })(); javascript:(function(){var d
@ragingwind
ragingwind / Backend Architectures Keywords and References.md
Last active February 24, 2026 02:06
Backend Architectures Keywords and References
@willurd
willurd / web-servers.md
Last active April 1, 2026 17:50
Big list of http static server one-liners

Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.

Discussion on reddit.

Python 2.x

$ python -m SimpleHTTPServer 8000
@shanselman
shanselman / gist:5422230
Last active September 30, 2025 08:47
Evil Blog Comment Spammer just exposed his template through some error and the whole thing showed up in my comments.
{
{I have|I've} been {surfing|browsing} online more than {three|3|2|4} hours today, yet I never found any interesting article like yours. {It's|It
is} pretty worth enough for me. {In my opinion|Personally|In my view}, if all {webmasters|site owners|website owners|web owners} and bloggers made good content as
you did, the {internet|net|web} will be {much more|a lot more}
useful than ever before.|
I {couldn't|could not} {resist|refrain from} commenting. {Very well|Perfectly|Well|Exceptionally well} written!|
{I will|I'll} {right away|immediately} {take hold of|grab|clutch|grasp|seize|snatch}
your {rss|rss feed} as I {can not|can't} {in finding|find|to find} your {email|e-mail} subscription {link|hyperlink} or {newsletter|e-newsletter} service. Do {you have|you've} any?
{Please|Kindly} {allow|permit|let} me {realize|recognize|understand|recognise|know} {so that|in order that} I {may just|may|could} subscribe.
Thanks.|
@desandro
desandro / require-js-discussion.md
Created January 31, 2013 20:26
Can you help me understand the benefit of require.js?

I'm having trouble understanding the benefit of require.js. Can you help me out? I imagine other developers have a similar interest.

From Require.js - Why AMD:

The AMD format comes from wanting a module format that was better than today's "write a bunch of script tags with implicit dependencies that you have to manually order"

I don't quite understand why this methodology is so bad. The difficult part is that you have to manually order dependencies. But the benefit is that you don't have an additional layer of abstraction.