Skip to content

Instantly share code, notes, and snippets.

View ottokruse's full-sized avatar

Otto Kruse ottokruse

  • AWS
View GitHub Profile
@shortjared
shortjared / list.txt
Last active November 10, 2024 17:54
List of AWS Service Principals
a4b.amazonaws.com
access-analyzer.amazonaws.com
account.amazonaws.com
acm-pca.amazonaws.com
acm.amazonaws.com
airflow-env.amazonaws.com
airflow.amazonaws.com
alexa-appkit.amazon.com
alexa-connectedhome.amazon.com
amazonmq.amazonaws.com
@joepie91
joepie91 / random.md
Last active November 7, 2024 16:48
Secure random values (in Node.js)

Not all random values are created equal - for security-related code, you need a specific kind of random value.

A summary of this article, if you don't want to read the entire thing:

  • Don't use Math.random(). There are extremely few cases where Math.random() is the right answer. Don't use it, unless you've read this entire article, and determined that it's necessary for your case.
  • Don't use crypto.getRandomBytes directly. While it's a CSPRNG, it's easy to bias the result when 'transforming' it, such that the output becomes more predictable.
  • If you want to generate random tokens or API keys: Use uuid, specifically the uuid.v4() method. Avoid node-uuid - it's not the same package, and doesn't produce reliably secure random values.
  • If you want to generate random numbers in a range: Use random-number-csprng.

You should seriously consider reading the entire article, though - it's

@brunoborges
brunoborges / the_devops_song.md
Last active February 17, 2021 16:23
The DevOps Song, a fork of "Every Breath You Take, The Police"

The DevOps Song

A fork of "Every Breath You Take" from The Police / Sting. Watch on YouTube

Every bug you take
Every pull you make
Every build you break
Every log you erase
I'll be watching you