| /** | |
| * Fancy ID generator that creates 20-character string identifiers with the following properties: | |
| * | |
| * 1. They're based on timestamp so that they sort *after* any existing ids. | |
| * 2. They contain 72-bits of random data after the timestamp so that IDs won't collide with other clients' IDs. | |
| * 3. They sort *lexicographically* (so the timestamp is converted to characters that will sort properly). | |
| * 4. They're monotonically increasing. Even if you generate more than one in the same timestamp, the | |
| * latter ones will sort after the former ones. We do this by using the previous random bits | |
| * but "incrementing" them by 1 (only in the case of a timestamp collision). | |
| */ |
This document contains excerpts from my web server logs collected over a period of 7 years that shows various kinds of recon and attack vectors.
There were a total of 37.2 million lines of logs out of which 1.1 million unique HTTP requests (Method + URI) were found.
$ sed 's/^.* - - \[.*\] "\(.*\) HTTP\/.*" .*/\1/' access.log > requests.txt
| ### Keybase proof | |
| I hereby claim: | |
| * I am arnabc on github. | |
| * I am arnab (https://keybase.io/arnab) on keybase. | |
| * I have a public key whose fingerprint is D271 DDFB 305C 2FAD 495B BA62 23E4 CF96 6923 562F | |
| To claim this, I am signing this object: |
Disclaimer: This piece is written anonymously. The names of a few particular companies are mentioned, but as common examples only.
This is a short write-up on things that I wish I'd known and considered before joining a private company (aka startup, aka unicorn in some cases). I'm not trying to make the case that you should never join a private company, but the power imbalance between founder and employee is extreme, and that potential candidates would
I use Namecheap.com as a registrar, and they resale SSL Certs from a number of other companies, including Comodo.
These are the steps I went through to set up an SSL cert.
| Beginner Resources for JavaScript | |
| ================================ | |
| - Eloquent JS (learn the language) http://eloquentjavascript.net/ | |
| - https://github.com/ericelliott/essential-javascript-links |
| var Busboy = require('busboy'); //A streaming parser for HTML form data: https://github.com/mscdex/busboy | |
| var generateId = require('time-uuid'); | |
| //** Handler to recive file uploads via stream | |
| module.exports.boUpload = { | |
| method: 'POST', | |
| path: '/upload/', | |
| config:{ | |
| payload: 'stream' | |
| }, | |
| handler: function (request) { |
I hereby claim:
To claim this, I am signing this object:
| #don't send the nginx version number in error pages and Server header | |
| server_tokens off; | |
| # config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security | |
| # to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_stripping | |
| add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; | |
| # config to don't allow the browser to render the page inside an frame or iframe | |
| # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking | |
| # if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri |
An implementation of Conway's Game of Life in 140 characters of Ruby.
Created by Simon Ernst (@sier).