Skip to content

Instantly share code, notes, and snippets.

View mikesorae's full-sized avatar

Jumpei Nishina mikesorae

View GitHub Profile
@azu
azu / git-2.26.1-README.md
Last active January 22, 2022 21:54
Gitの認証情報を奪い取れるGit 2.26.0以下にある脆弱性について

Git 2.26.0以下にある脆弱性

Git 2.26.0以下*1には、細工したリポジトリをgit cloneしたときに、 そのユーザーのCredential(たとえばGitHub.comをcloneするときに使う認証情報)を奪い取れる脆弱性があります。

📝 取得できる認証情報は credential.helper の設定に依存する

既にPoC(検証するためのコード)もあり、結構簡単なので是非Gitを2.26.1以上にアップデートしましょう。 git submoduleを使うと見た目ではわかりにくい攻撃もできるので、「気をつける」では回避は難しいです。

@MisaKondo
MisaKondo / gcp_2016_advent-calendar_1.md
Last active May 29, 2023 00:43
TerraformによるGCP環境の管理

この記事はGoogle Cloud Platform(1) Advent Calendar 2016の3日目となります!

Google Cloud Platform(以下、GCP)のサービスも一部はTokyoにようやくRegionが来たことだし、そろそろ利用してみたいと思った人も多いのではないでしょうか。 今回は、Google Compute Engine(以下、GCE)をTerraformを利用して構成管理をしてみます。

特に意味はないですが、気づいたら文字ばかりだったので、下記に今回利用するサービスのロゴを載せます。

GCP Terraform
gcp terraform
@ChrisXu
ChrisXu / .travis.yml
Last active January 16, 2019 22:14
Deploy an app automatically to Fabric Beta using Travis-CI.
language: objective-c
osx_image: xcode7.2
xcode_sdk: iphonesimulator9.2
env:
global:
- LANG=en_US.UTF-8
- WORKSPACE="YOUR_APP_WORKSPACE/YOUR_APP_PROJECT.xcworkspace"
- SCHEME="YOUR_BUILDSCHEME"
- APP_NAME="YOUR_APP_NAME"
@hashrock
hashrock / diag.md
Last active October 4, 2024 00:50
作図系ツール・ライブラリまとめ

シーケンス図とかフローチャートをしごとで描画することになった場合、 テキストから生成できたら楽なので、それ系のツールまとめ

GraphViz

http://www.graphviz.org/

  • C製
  • Doxygen, Moinmoinなどと連携可能
  • ブロック図、クラス図、ネットワーク図など
@jandudulski
jandudulski / auth.rb
Last active September 14, 2022 12:09
CSRF on Grape
# based on http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html
module Auth
extend ActiveSupport::Concern
included do
helpers do
def session
env['rack.session']
end
//- templated by jade
svg(width=640 height=480 style="background-color:grey;")
circle(
cx=30 cy=30
r=25
stroke="grey" stroke-width=1
fill="wheat")
rect(
width=50 height=50
x=60 y=10
@2no
2no / exsample.js
Created November 24, 2012 12:42
jQuery.timeline.js - アニメーションタイムライン
// jQuery、timeline.js を事前に読み込んでおく必要あり
//
// timeline.js について
// - http://hitsujiwool.tumblr.com/post/31191259501/timeline-js
// - https://github.com/hitsujiwool/timeline
// 使い方1:一括指定して実行
var totalFrames = 200,
tl = $("div").timeline(totalFrames)
@tcmacdonald
tcmacdonald / front_matter.rb
Created October 30, 2012 14:54
Pulling front matter from Rails views template.
require 'active_support/concern'
module FrontMatter
extend ActiveSupport::Concern
included do
helper_method :front_matter
end
def front_matter
@adamgit
adamgit / .gitignore
Last active November 11, 2024 06:14
.gitignore file for Xcode4 / OS X Source projects
#########################
# .gitignore file for Xcode4 and Xcode5 Source projects
#
# Apple bugs, waiting for Apple to fix/respond:
#
# 15564624 - what does the xccheckout file in Xcode5 do? Where's the documentation?
#
# Version 2.6
# For latest version, see: http://stackoverflow.com/questions/49478/git-ignore-file-for-xcode-projects
#
@chitchcock
chitchcock / 20111011_SteveYeggeGooglePlatformRant.md
Created October 12, 2011 15:53
Stevey's Google Platforms Rant

Stevey's Google Platforms Rant

I was at Amazon for about six and a half years, and now I've been at Google for that long. One thing that struck me immediately about the two companies -- an impression that has been reinforced almost daily -- is that Amazon does everything wrong, and Google does everything right. Sure, it's a sweeping generalization, but a surprisingly accurate one. It's pretty crazy. There are probably a hundred or even two hundred different ways you can compare the two companies, and Google is superior in all but three of them, if I recall correctly. I actually did a spreadsheet at one point but Legal wouldn't let me show it to anyone, even though recruiting loved it.

I mean, just to give you a very brief taste: Amazon's recruiting process is fundamentally flawed by having teams hire for themselves, so their hiring bar is incredibly inconsistent across teams, despite various efforts they've made to level it out. And their operations are a mess; they don't real