How to name CSS classes
Lloyd Kupchanko lloydk
paceaux
/ tinyRules.css.md
Last active
April 10, 2025 21:59
Tiny rules for how to name things in CSS and JS
ageis
/ systemd_service_hardening.md
Last active
May 14, 2025 22:12
Options for hardening systemd service units
sleevi
/ ocsp-stapling.md
Last active
July 24, 2024 14:50
On Twitter the other day, I was lamenting the state of OCSP stapling support on Linux servers, and got asked by several people to write-up what I think the requirements are for OCSP stapling support.
-
Support for keeping a long-lived (disk) cache of OCSP responses.
This should be fairly simple. Any restarting of the service shouldn't blow away previous responses that were obtained. This doesn't need to be disk, just stable - and disk is an easy stable storage for most server
manigandham
/ rich-text-html-editors.md
Last active
April 16, 2025 18:28
Rich text / HTML editors and frameworks
- Mobiledoc - github.com/bustle/mobiledoc-kit - framework to build editors with a standardized JSON structure
- ShareDB - github.com/share/sharedb - framework to sync any JSON document using operational transforms, add real-time collaborative editing to anything else
- Bangle.dev - github.com/bangle-io/bangle.dev - toolkit built for building editors, based on prosemirror
These use separate document structures instead of HTML, some are more modular libraries than full editors
kerrizor
/ bullet_and_minitest.md
Last active
January 31, 2024 00:07
Trigger MiniTest failures in Rails when Bullet detects N+1 query violations
In test/test_helper.rb...
### Bullet (N+1 queries)
if ENV['BULLET']
Bullet.enable = true
require 'minitest/unit'
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Multiple inheritance with Modules as an alternative to injected composition | |
| # from Sandi Metz's talk [Nothing is Something](http://confreaks.tv/videos/bathruby2015-nothing-is-something) | |
| # Like Sandi's 'direct' DI method this has behavior outside of the base class | |
| # that gets composed together. However in this gist I compose modules in class | |
| # definitions instead of injecting collaborators. | |
| # Tradeoffs between this and Sandi's version are that in this case the API consumer doesn't | |
| # have to know how to make a RandomEchoHouse (no `house = House.new(formatter: Whatever.new)`), | |
| # but also the API consumer can't make anything not already accounted for either. |
NOTE I'm trying to find the most optimal fav/touch icon setup for my use-cases. Nothing new here. Read Mathias Bynens' articles on re-shortcut-icon and touch icons, a FAQ or a Cheat Sheet for all the details.
I'd like to hear how you approach this: @valuedstandards or comment on this gist.
You have to include a boatload of link elements pointing to many different images to provide (mobile) devices with a 'favicon' or 'touch icon':
thbar
/ private_buckets_test.rb
Last active
August 29, 2015 14:17
Production sanity test to verify that S3 buckets remain private over time
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def buckets | |
| [ | |
| 'myapp-production-backups', | |
| 'myapp-staging-backups', | |
| 'myapp-s3-logs' | |
| ] | |
| end | |
| def test_buckets_subdomain_private | |
| buckets.each do |bucket_name| |
madrobby
/ gist:c55f39bfdbd60bf14671
Last active
August 23, 2018 17:48
Deny commonly used security-probing things that spam up log files (for a Rails app)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| location ~ ^/(wp-admin|wp-login\.php|priv\.dog|companies\/sidekick) { | |
| deny all; | |
| break; | |
| } | |
| # file extensions that should never be served, this prevents | |
| # potential malicious downloads in case someone manages to manipulate | |
| # a Rails URL or write a file that can be served | |
| # (~* matches case-insensitive) | |
| location ~* \.(?:git|svn|DS_Store|asp|aspx|cgi|pt|pl|idx|php|exe|scpt|AppleScript|dll|dmg|pif|msi|application|msp|com|scr|hta|cpl|gadget|msc|jar|bat|vb|vbs|vbe|ws|wsh|inf|lnk|reg|scf|wsc|wsh|ps1|ps1xml|ps2|ps2xml|psc1|psc2|msh|msh1|msh2|mshxml|msh1xml|msh2xml)$ { | |
| deny all; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is an example of the Stack Exchange Tier 1 HAProxy config | |
| # The only things that have been changed from what we are running are: | |
| # 1. User names have been removed | |
| # 2. All Passwords have been remove | |
| # 3. IPs have been changed to use the example/documentation ranges | |
| # 4. Rate limit numbers have been changed to randome numbers, don't read into them | |
| userlist stats-auth | |
| group admin users $admin_user | |
| user $admin_user insecure-password $some_password |