SameSite=strict cookies is another layer to help prevent CSRF attacts in newer browsers
(at least 5, no clue about earlier versions)
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -1,3 +1,3 @@
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require "fileutils" | |
| require "tmpdir" | |
| class PGCoreDump | |
| attr_reader :file, :term, :bt, :query, :basename, :sha256 | |
| def initialize(file, basename) | |
| @basename = basename | |
| @file = file | |
| end |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mkdir /asa | |
| cd /asa | |
| curl -L https://github.com/microsoft/AttackSurfaceAnalyzer/releases/download/v2.0.154%2B303aa9fef5/AsaCli-linux-2.0.154.tar.gz -o asa.tgz | |
| tar xvf asa.tgz | |
| cd AsaCli-linux-2.0.154 | |
| ./AsaLaunch.sh collect -a |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Now | |
| irb(main):020:0> Benchmark.measure { User.all.group_by { |u| u.org }; nil } | |
| => #<Benchmark::Tms:0x005609082d33b0 @label="", @real=3.7103141639381647, @cstime=0.0, @cutime=0.0, @stime=0.18999999999999995, @utime=1.5, @total=1.69> | |
| # eager loading orgs | |
| irb(main):022:0> Benchmark.measure { User.eager(:org).all.group_by { |u| u.org }; nil } | |
| => #<Benchmark::Tms:0x0056090a1ccfa0 @label="", @real=1.3611143808811903, @cstime=0.0, @cutime=0.0, @stime=0.040000000000000036, @utime=1.1799999999999997, @total=1.2199999999999998> | |
| # eager loading orgs, not finding deleted users, and only getting needed columns |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // copied from https://github.com/gkaindl/meltdown-poc/blob/master/meltdown.c | |
| // flush_reload from https://github.com/defuse/flush-reload-attacks | |
| // TSX from https://github.com/andikleen/tsx-tools | |
| // dump_hex from https://gist.github.com/ccbrown/9722406 | |
| #include <stdio.h> | |
| #include <stdint.h> | |
| #include <stdlib.h> | |
| #include <unistd.h> | |
| #include <errno.h> |
will
/ spectre.c
Last active
January 5, 2018 22:58
— forked from ErikAugust/spectre.c
Spectre example code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <stdint.h> | |
| #include <string.h> | |
| #include <pthread.h> | |
| #ifdef _MSC_VER | |
| #include <intrin.h> /* for rdtscp and clflush */ | |
| #pragma optimize("gt",on) | |
| #else | |
| #include <x86intrin.h> /* for rdtscp and clflush */ |
will
/ text_vs_binary.rb
Last active
June 30, 2017 08:59
using binary result type for timestamptz and ruby pg
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require "pg" | |
| require "time" | |
| PG_EPOCH = Time.gm(2000,1,1).to_i | |
| conn = PG.connect | |
| tm = PG::TypeMapByOid.new | |
| tm.add_coder PG::BinaryDecoder::Integer.new(oid: 1184) | |
| conn.type_map_for_results = tm | |
| def parse_text(r) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # I wanted to make InsecureRandom.uuid to speed up specs, but | |
| require 'securerandom' | |
| require 'benchmark/ips' | |
| Benchmark.ips do |x| | |
| x.report("sec") { SecureRandom.random_bytes(16) } | |
| x.report("rand") { Random::DEFAULT.bytes(16) } | |
| end if ARGV[0] == '1' |
will
/ adams-heroku-values.md
Created
May 23, 2016 20:13
— forked from adamwiggins/adams-heroku-values.md
My Heroku values
Ideas are cheap. Make a prototype, sketch a CLI session, draw a wireframe. Discuss around concrete examples, not hand-waving abstractions. Don't say you did something, provide a URL that proves it.
Nothing is real until it's being used by a real user. This doesn't mean you make a prototype in the morning and blog about it in the evening. It means you find one person you believe your product will help and try to get them to use it.
- get a separate 512GiB drive to backup all your games and shit to
- it needs to be formatted fat32/exfat and with MBR, not guid parition map
- erase and parition in disk util
- you might need
defaults write com.apple.DiskUtility advanced-image-options 1on el capitan, not sure if the option was always there and just missing it
- you might need
- https://support.us.playstation.com/articles/en_US/KC_Article/Upgrade-PS4-HDD/
- https://www.playstation.com/en-us/support/system-updates/ps4/#newinstallation for the firmware
- the little downlaod now picture in that section is what you need, ~800MiB file not the smaller one at the top of the page
- I put it on the same separate backup drive following the directory naming requirements