Skip to content

Instantly share code, notes, and snippets.

View laughinghan's full-sized avatar

Han Seoul-Oh laughinghan

146 followers · 33 following
View GitHub Profile
@laughinghan
laughinghan / double-blind_redeem.md
Last active July 18, 2020 01:04

Two Ways to do Interactive Double-Blind Trust Token Redemption

By "double-blind" I mean that not only does the issuer not know who the client is, but the server doesn't know exactly which issuers the client redeemed trust tokens from.

Summary: Two ways for an untrusted client to prove to an untrusted server that the client is trusted by X out of Y trust token issuers, without revealing exactly which issuers:

  • One way uses hash functions as its only crypto primitive, but requires revealing some of the issuers to the server, which is a leak of fingerprintable info. It's also probabilistic, and the chances of a malicious client's lie being caught depends on the degree of the lie as well as how many issuers are revealed to the server, which is an undesirable tradeoff.
  • The other way, if it works, reveals none of the issuers to the server, and the client cannot lie at all. But this assumes I understand elliptic curve cryptography, which I learned entirely
@laughinghan
laughinghan / findRepeats.js
Last active April 15, 2020 07:42
// use case: password strength checking
// zxcvbn has a "bug" where "passwordpassword" gets a low score, but "password password" gets a really high score
// https://github.com/dropbox/zxcvbn/issues/276
// note: this only searches for repetitions in a 256-character window for repetitions.
// Normally this has no effect because most systems should have a max password length
// less than that anyway. But if we didn't have this, the algorithm would have quadratic
// runtime, so if someone ran this server-side and failed to properly limit password
// length, they'd be vulnerable to a Denial-of-Service attack.
@laughinghan
laughinghan / asdf.md
Created March 12, 2020 20:38

A state machine-oriented language for webapps and more.

Mechanical programs are:

  • ...as easy to understand as finite-state machine (like [The Elm Architecture])
  • ...in a readable imperative-like syntax (unlike Elm)
  • ...statically typed, but with no type annotations
  • ...X% faster and Y% smaller than with React—because there's no virtual DOM diffing, they compile to imperative, mutative JavaScript
  • ...fully interoperable with the rest of the JavaScript ecosystem
@laughinghan
laughinghan / Every possible TypeScript type.md
Last active February 21, 2025 18:00
Diagram of every possible TypeScript type

Hasse diagram of every possible TypeScript type

  • any: magic, ill-behaved type that acts like a combination of never (the proper [bottom type]) and unknown (the proper [top type])
    • Anything except never is assignable to any, and any is assignable to anything at all.
    • Identities: any & AnyTypeExpression = any, any | AnyTypeExpression = any
    • Key TypeScript feature that allows for [gradual typing].
  • unknown: proper, well-behaved [top type]
    • Anything at all is assignable to unknown. unknown is only assignable to itself (unknown) and any.
    • Identities: unknown & AnyTypeExpression = AnyTypeExpression, unknown | AnyTypeExpression = unknown
  • Prefer over any whenever possible. Anywhere in well-typed code you're tempted to use any, you probably want unknown.
@laughinghan
laughinghan / sharedbclient.js
Last active May 10, 2018 16:20
(function () {
var global$1 = (typeof global !== "undefined" ? global :
typeof self !== "undefined" ? self :
typeof window !== "undefined" ? window : {});
// shim for using process in browser
// based off https://github.com/defunctzombie/node-process/blob/master/browser.js
function defaultSetTimout() {
throw new Error('setTimeout has not been defined');
@laughinghan
laughinghan / jquery_bug.html
Last active April 20, 2018 23:12
<p>Expected behavior: in your console you should see "hello" was logged</p>
<p>Observed behavior: in your console you see <code>Uncaught SyntaxError: Unexpected end of input</code> and the corresponding JavaScript that the browser is throwing a syntax error on is <code>console.log('hello')?_=1524265570945</code></p>
<script src="https://code.jquery.com/jquery-2.2.4.js"></script>
<script>
$('body').append('<script src="data:application/javascript,console.log(\'hello\')"></scr'+'ipt>');
</script>
@laughinghan
laughinghan / TypeScript Examples.md
Created August 8, 2017 19:09
@laughinghan
laughinghan / gist:f130f065c624f23e1efc03041e944a99
Created July 19, 2017 19:38
// see this in the TypeScript Playground: https://goo.gl/pmNV6U
// foo: (x: string) => IterableIterator<Promise<Response> | Promise<string>>
const foo = function* (x: string) {
const page: Response = yield fetch(x); // :( can't propagate type to yield https://github.com/Microsoft/TypeScript/issues/2983
return page.text();
};
// TYPE ERROR HERE:
// expected bar: (a: string) => Promise<Response | String>
@laughinghan
laughinghan / README.md
Last active June 7, 2017 21:10
@laughinghan
laughinghan / gist:9423798081ceb898f33268445a199ea3
Created May 5, 2017 21:59
<script>
window.parent.postMessage('Wassuuuup?', '*');
window.parent.postMessage('What, no answer?!', '*');
</script>