Skip to content

Instantly share code, notes, and snippets.

View olov's full-sized avatar

Olov Lassus olov

94 followers · 0 following
  • Linköping, Sweden
View GitHub Profile
@olov
olov / StatefulComponent.tsx
Created September 27, 2017 20:58
import * as React from "react";
import { nextTick } from "../std/nexttick";
import { updated } from "../std/fridge";
import { shallowObjectEquals } from "../std/u";
const uniqueObject = {};
export class StatefulComponent<T, U> extends React.Component<T> {
protected readonly data: U;
private allowRender: boolean = true;
@olov
olov / app.jsx
Last active September 13, 2016 20:53
import { Router } from 'react-router';
import { Match } from "./matchchildren"
const App = () => (
<Router>
<Match pattern="/"><Hello name="Yoyoma"/></Match>
</Router>
)
const Hello = (props) => {
@olov
olov / react-router-children-api.tsx
Created September 13, 2016 18:07
what prevents this kind of react-router API?
// Run this example locally by copy/pasting it into
// `src/App.js` of an app created with `create-react-app`
// https://github.com/facebookincubator/create-react-app
import React from 'react'
import Match from 'react-router/Match'
import Miss from 'react-router/Miss'
import Link from 'react-router/Link'
import Redirect from 'react-router/Redirect'
import Router from 'react-router/BrowserRouter'
@olov
olov / internetbank_http_public_site_problem.md
Last active August 27, 2015 05:46

Background

Major Swedish bank SEB serves their public site HTTP, with no HTTPS version available. The front page http://www.seb.se has a big Login button that then takes the user to the secure HTTPS part of their site, where the user then logs in. I hope to be able to explain why this is bad for users because it gives Attackers more opportunity. I hope to convince SEB to acknowledge this and stop serving their public site over HTTP, going HTTPS only. I started noticing this problem a few years back, contacted them a year ago or so for deaf ears, contacted them again recently and kindly got a person listening to me but I failed to get an acknowledgement of any sort. I proposed that I write something up instead.

Scenario

Victim normally logs onto internet bank by typing www.seb.se into URL bar in web browser, either typing it out fully or just part of it and selecting the auto-completed URL. Alternatively, Victim has put a bookmark on http://www.seb.se, and clicks that bookmark to come to the front

@olov
olov / betterbrowser.md
Last active August 29, 2015 14:20
better browser experience

random thoughts

funding: a mix i suppose. volonteer work, i mean we do tons of volonteer work daily in terms of writing open source code, providing documentation and stuff like that. fundraising from persons (like wikimedia) and small and big companies that care about these things. funding should cover operations.

ads: the browser should come with a ad-blocking tech by default. this can happen because the browser does not come from a company/community that relies on ad revenue to pay salaries. the internet, especially the desktop internet, is horrible to use without ad-blocking tech and ads and lack of privacy goes hand-in-hand like nothing else.

privacy: i'm not a cookie expert but my gut-feeling tells me there's more to do in terms of creating a browser that tries to make the end-user as anonymous as possible and prevent the mega-tracking cookie networks that build up massive profiles about people, while still allowing web sites to function. also see search below. also https-only within a reasonable time

@olov
olov / whatever.js
Created November 13, 2014 07:33
bind-comments
// yoyoyomamama comment on the file (note blank line after it)
// comment bound to function
function foo() {
// comment bound to if-statement
if (a) {
// comment bound to first block
b(); // comment bound to statement
@olov
olov / gist:eb60ab878eb73a7c5e22
Created October 15, 2014 08:55
listenandservetls_nossl30.go
// You don't want to serve HTTPS supporting for SSL3.0 any longer, see:
// http://googleonlinesecurity.blogspot.de/2014/10/this-poodle-bites-exploiting-ssl-30.html
import (
"crypto/tls"
"net/http"
)
// This code supports SSL3.0, TLS1.0, TLS1.1 and TLS1.2
// Chances are you currently do this but want to stop due to the POODLE
err := http.ListenAndServeTLS(addr, "crtfile", "keyfile", handler)
@olov
olov / gist:40e4bf5181e8a5f7e849
Created October 10, 2014 19:58
networks sux and browsers may surprise you
index.html
...
<script src="a.js"></script>
<script src="b.js"></script>
<script src="c.js"></script>
a.js:
var globalfoo = 42;
b.js:
@olov
olov / ng-annotate_plus_assetgraph.txt
Created May 19, 2014 12:49
ng-annotate + assetgraph
Process (almost) all files with ng-annotate options {add: true, regexp: "^$"}
I say almost because there should be no risk that already minified files (i.e. matching the filename pattern *.min.* or something similar) need processing by ng-annotate. So we're saving the nature and build times by excluding them.
Add means "add annotations but don't remove or rebuild those already existing, if any". That's what you want. The weird-looking regexp-option really just means disable the support for short declaration forms.
This is a short declaration form:
myMod.controller("MyCtrl", function($scope, $timeout) {
});
@olov
olov / autoindent commented out lines
Last active August 29, 2015 13:56
// let's begin with this function. f() was previously commented out using Cmd--
function context() {
if (foo) {
// f();
g();
}
}
// we remove the if-statement and let its block run unconditionally instead.