Skip to content

Instantly share code, notes, and snippets.

View samsoir's full-sized avatar

Sam de Freyssinet samsoir

171 followers · 46 following
View GitHub Profile
@samsoir
samsoir / gist:3983143
Created October 30, 2012 21:20
Delivered-To: [email protected]
Received: by 10.68.247.138 with SMTP id ye10csp378940pbc;
Tue, 30 Oct 2012 13:55:29 -0700 (PDT)
Received: by 10.60.8.103 with SMTP id q7mr12729574oea.70.1351630529634;
Tue, 30 Oct 2012 13:55:29 -0700 (PDT)
Return-Path: <[email protected]>
Received: from o1.shared.sendgrid.net (o1.shared.sendgrid.net. [74.63.231.244])
by mx.google.com with SMTP id s5si1679836obo.160.2012.10.30.13.55.29;
Tue, 30 Oct 2012 13:55:29 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 74.63.231.244 as permitted sender) client-ip=74.63.231.244;
@samsoir
samsoir / gist:3905932
Created October 17, 2012 14:49
2012-10-17 09:47:23.374 SitteratiInternal[97289:1c03] Reachability Flag Status: -R ------- networkStatusForFlags
2012-10-17 09:47:24:212 SitteratiInternal[97289:7171] ABRecordID: -1
2012-10-17 09:47:24:245 SitteratiInternal[97289:7171] {
address = {
};
createdAt = "2012-10-16 20:10:46 +0000";
email = {
"_$!<Home>!$_" = "[email protected]";
};
firstName = Sam;
@samsoir
samsoir / gist:3823545
Created October 2, 2012 21:52
2012-10-02T21:51:15+00:00 app[web.2]: TypeError - can't convert Symbol into Integer:
2012-10-02T21:51:15+00:00 app[web.2]: /app/vendor/bundle/ruby/1.9.1/bundler/gems/sitterati-core-794fb3f63624/lib/parent/my_sitters_list.rb:22:in `[]'
2012-10-02T21:51:15+00:00 app[web.2]: /app/vendor/bundle/ruby/1.9.1/bundler/gems/sitterati-core-794fb3f63624/lib/parent/my_sitters_list.rb:22:in `add'
2012-10-02T21:51:15+00:00 app[web.2]: /app/vendor/bundle/ruby/1.9.1/bundler/gems/sitterati-core-794fb3f63624/lib/contact/create.rb:25:in `execute'
2012-10-02T21:51:15+00:00 app[web.2]: /app/app/controllers/sitters.rb:30:in `block (2 levels) in <top (required)>'
2012-10-02T21:51:15+00:00 app[web.2]: /app/vendor/bundle/ruby/1.9.1/gems/padrino-core-0.10.7/lib/padrino-core/application/routing.rb:569:in `call'
2012-10-02T21:51:15+00:00 app[web.2]: /app/vendor/bundle/ruby/1.9.1/gems/padrino-core-0.10.7/lib/padrino-core/application/routing.rb:569:in `block in route'
2012-10-02T21:51:15+00:00 app[web.2]: /app/vendor/bundle/ruby/1.9
@samsoir
samsoir / gist:3823098
Created October 2, 2012 20:32
2012-10-02 15:30:27.018 Sitterati[8090:5f13] Response: (null) with JSONDict: {
sitter = {
address = {
};
email = {
"_$!<Home>!$_" = "[email protected]";
};
"first_name" = Sam;
"last_name" = Tester;
organization = Sitterati;
@samsoir
samsoir / gist:3776257
Created September 24, 2012 14:37
NSString *userDictKeys[3] = {
MSARegisterNewUserContextDataKey,
MSARegisterNewUserContextStatusKey,
MSARegisterNewUserContextErrorKey
};
id userDictValues[3] = {
response,
[NSNumber numberWithBool:response.successful],
response.error
@samsoir
samsoir / gist:3743694
Created September 18, 2012 15:16
libSCContactList-1.0.0.a(SCContactPerson.o) (for architecture armv7):
000003e4 t +[SCContactPerson contactPersonWithID:]
0000151c t -[SCContactPerson URL]
0000042c t -[SCContactPerson addressBook:getABRecordWithID:]
0000144c t -[SCContactPerson address]
000013e4 t -[SCContactPerson birthday]
000009b8 t -[SCContactPerson createMultiValueForProperty:withDictionary:]
00000f84 t -[SCContactPerson createRecord:error:]
000015b8 t -[SCContactPerson creationDate]
000005c8 t -[SCContactPerson dealloc]
@samsoir
samsoir / gist:3658150
Created September 6, 2012 16:26
UNIVERSAL_LIBRARY_PRODUCT_NAME="${BUILT_PRODUCTS_DIR}/libSCContactList-ios5.1-1.0.0.a"
PRODUCT_LIBRARY_RESOURCE="${SRCROOT}/lib"
rm -rf $UNIVERSAL_LIBRARY_PRODUCT_NAME
lipo -create "${BUILT_PRODUCTS_DIR}/../${CONFIGURATION}-iphonesimulator/libSCContactListSimulator.a" "${BUILT_PRODUCTS_DIR}/libSCContactList-armv7.a" -output "${UNIVERSAL_LIBRARY_PRODUCT_NAME}"
cp $UNIVERSAL_LIBRARY_PRODUCT_NAME ${PRODUCT_LIBRARY_RESOURCE}
cp -R "${BUILT_PRODUCTS_DIR}/include" "${PRODUCT_LIBRARY_RESOURCE}"
@samsoir
samsoir / gist:3638458
Created September 5, 2012 15:29
//
// NSString+FromCamelCaseToUnderscore.m
// MobileSocialApp
//
// Created by Sam C de Freyssinet on 27/04/2012.
// Copyright (c) 2012 Sittercity, Inc. All rights reserved.
//
#import "NSString+FromCamelCaseToUnderscore.h"
@samsoir
samsoir / gist:3418184
Created August 21, 2012 18:29
Don't Use OAuth for your API

Tuesday, August 21, 2012 10:14 AM Hacker News

Don't Use OAuth for your API

By Ash Furrow (http://ashfurrow.com/)

​Sam Soffes tweeted an interesting link this morning detailing how to use low-level C memory profiling techniques to get at the unencrypted OAuth headers used by OS X apps. It's an interesting approach and, if you're an OS X or iOS developer, should give you some pause to think about the kinds of sensitive information you store in heap memory. Not sensitive to your users, but sensitive to you.

The author of the post details how there isn't really a way to prevent these sorts of attacks, which is true. However, getting an unencrypted OAuth header with your consumer key isn't difficult; it's easily accessible by a malicious user using an HTTPS proxy. You still don't have the consumer secret, the bit of information required to impersonate an app. This secret is still probably floating around your app in non-static memory and will be freed at some point, so this attack can get to it, along wit

@samsoir
samsoir / gist:3341352
Created August 13, 2012 14:43
- (BOOL)loadPersonFromRecord:(ABRecordRef)record
error:(NSError **)error
{
BOOL result = YES;
// Load personal properties
ABPropertyID personalProperties[] = {
kABPersonFirstNameProperty,
kABPersonLastNameProperty,
kABPersonMiddleNameProperty,