Skip to content

Instantly share code, notes, and snippets.

View Gerrrr's full-sized avatar

Alex Sorokoumov Gerrrr

36 followers · 7 following
  • Bay Area, California
View GitHub Profile
@yossorion
yossorion / what-i-wish-id-known-about-equity-before-joining-a-unicorn.md
Last active September 4, 2025 01:33
What I Wish I'd Known About Equity Before Joining A Unicorn

What I Wish I'd Known About Equity Before Joining A Unicorn

Disclaimer: This piece is written anonymously. The names of a few particular companies are mentioned, but as common examples only.

This is a short write-up on things that I wish I'd known and considered before joining a private company (aka startup, aka unicorn in some cases). I'm not trying to make the case that you should never join a private company, but the power imbalance between founder and employee is extreme, and that potential candidates would

@si14
si14 / security_checklist.md
Last active November 23, 2020 17:53

webapp/OAuth2/REST API stack security checklist

OAuth2 (implicit flow)

  • response_type is a constant set for particular app on server (1)
  • redirect_uri, too (1)
  • "state" parameter is echoed by server and checked by client (1)
  • hash of "state" parameters is stored in LocalStorage and destroyed on receiving redirect (1)
  • "client_id" parameter is checked (after obtaining token, make a request to server to get "token_id" for this token and compare to existing one) (2, 3)
  • IP is saved for particular token on grant and checked on access