Skip to content

Instantly share code, notes, and snippets.

View ejcx's full-sized avatar

Evan J Johnson ejcx

191 followers · 41 following
View GitHub Profile
@ejcx
ejcx / company-ownership.md
Created July 5, 2016 17:25 — forked from jdmaturen/company-ownership.md
Who pays when startup employees keep their equity?

Who pays when startup employees keep their equity?

JD Maturen, 2016/07/05, San Francisco, CA

As has been much discussed, stock options as used today are not a practical or reliable way of compensating employees of fast growing startups. With an often high strike price, a large tax burden on execution due to AMT, and a 90 day execution window after leaving the company many share options are left unexecuted.

There have been a variety of proposed modifications to how equity is distributed to address these issues for individual employees. However, there hasn't been much discussion of how these modifications will change overall ownership dynamics of startups. In this post we'll dive into the situation as it stands today where there is very near 100% equity loss when employees leave companies pre-exit and then we'll look at what would happen if there were instead a 0% loss rate.

What we'll see is that employees gain nearly 3-fold, while both founders and investors – particularly early investors – get dilute

@ejcx
ejcx / sam-questions.js
Created April 17, 2016 12:57
this.ycQuestions = [
"So what are you working on?",
"Have you raised funding?",
"What makes new users try you?",
"What competition do you fear most?",
"What’s the worst thing that has happened?",
"Will you reincorporate as a US company?",
"What’s an impressive thing you have done?",
"Where is the rocket science here?",
"Why did you pick this idea to work on?",
@ejcx
ejcx / webappsecirc
Last active March 24, 2016 03:32
15:59 < mkwst> present+ mkwst
15:59 * mkwst might need to do that again if Zakim doesn't actually recognize the call?
15:59 < bhill2_> present+ bhill2
15:59 < bhill2_> Meeting: WebAppSec Teleconference, 23-Mar-2016
16:00 < bhill2_> Agenda: https://lists.w3.org/Archives/Public/public-webappsec/2016Mar/0073.html
16:00 < bhill2_> Chairs: bhill2, dveditz
16:00 < freddyb> present+ freddyb
16:00 -!- bhill2 [~bhill2@public.cloak] has quit [Ping timeout: 180 seconds]
16:00 -!- gmaone [~chatzilla@public.cloak] has joined #webappsec
16:01 -!- teddink [~teddink@public.cloak] has joined #webappsec
@ejcx
ejcx / curl.ingvar
Created February 24, 2016 17:44
root@ejjio:/var/www/breaking-sop# curl ej.cx -sI | grep Report-Only
Content-Security-Policy-Report-Only: default-src cf://*; report-uri https://ejj.io/report-uri
Content-Security-Policy-Report-Only : default-src df://*; report-uri https://test.io/report-uri
@ejcx
ejcx / top-700k.json
Created February 24, 2016 09:37
Alexa Top 700k Survey
{"":"","HTTP/1.1 200 OK":"","access-control-allow-credentials":"true","access-control-allow-origin":"http://evil.com.ej.cx","cache-control":"no-store, no-cache, must-revalidate, post-check=0, pre-check=0","content-type":"text/html","date":"wed, 24 feb 2016 01:17:21 gmt","expires":"thu, 19 nov 1981 08:52:00 gmt","pragma":"no-cache","server":"apache/2.2.22 (ubuntu)","set-cookie":"phpsessid=2phdir1nkjt822p5lelc2vtf65; path=/","vary":"accept-encoding","x-hostname":"http://.ej.cx","x-powered-by":"php/5.3.10-1ubuntu3.21"}
{"":"","HTTP/1.1 302 Found":"","access-control-allow-credentials":"true","access-control-allow-methods":"get, head, post, put, patch, delete, options","access-control-allow-origin":"https://wetransfer.com.evil.com","access-control-expose-headers":"","access-control-max-age":"60","cache-control":"no-cache","connection":"keep-alive","content-type":"text/html; charset=utf-8","date":"wed, 24 feb 2016 01:17:55 gmt","location":"https://www.wetransfer.com/","server":"nginx","status":"302 found","vary":"o
@ejcx
ejcx / cors-scanner.sh
Last active July 15, 2020 08:20
#!/bin/sh
while read -r domain
do
# Remember. Account for the fact that some sites don't exist on HTTP
# And others don't exist on HTTPS. Prune later.
curl -I "https://$domain" --max-time 3 -H "Origin: https://$domain.evil.com" | ./respirator&
curl -I "http://$domain" --max-time 3 -H "Origin: http://$domain.evil.com" | ./respirator&
done < "top1mdomains"
@ejcx
ejcx / respirator.go
Last active April 27, 2019 07:10
package main
import (
"bufio"
"encoding/json"
"fmt"
"log"
"os"
"strings"
)
@ejcx
ejcx / trickery.sh
Last active April 27, 2019 06:52
root@ejjio:/var/www/misconfigured-cors# curl -H "Origin: https://ejj.io.evil.com" https://ejj.io -I
HTTP/1.1 200 OK
Server: cloudflare-nginx
Date: Wed, 24 Feb 2016 06:47:21 GMT
Content-Type: text/html
Set-Cookie: PHPSESSID=sd7ejaf2lufukhq7se49lmsg76; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Access-Control-Allow-Origin: https://ejj.io.evil.com
Access-Control-Allow-Credentials: true
@ejcx
ejcx / nottrue.jpg
Created February 23, 2016 23:05
~ vagrant :) curl ruben.verborgh.org -I -H "Origin: http://ej.cx"
HTTP/1.1 200 OK
Server: nginx/1.2.0
Date: Tue, 23 Feb 2016 23:04:16 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 14887
Last-Modified: Tue, 16 Feb 2016 13:23:48 GMT
Connection: keep-alive
Vary: Accept-Encoding
Expires: Wed, 24 Feb 2016 00:04:16 GMT
@ejcx
ejcx / abcnews.go.com
Created February 23, 2016 06:35
root@ejjio:/var/www/breaking-sop# curl abcnews.go.com -H "Origin: http://abcnews.go.com.ej.cx" -I
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-UA-Compatible: IE=edge,chrome=1
Content-Type: text/html;charset=utf-8
X-VG-WebCache: 164
Cache-Control: max-age=60
Content-Length: 151796
Accept-Ranges: bytes
Date: Tue, 23 Feb 2016 06:34:49 GMT