fhemberger

local usbLogger = hs.logger.new('usb', 'debug')

function configureKeyboard(data)
  -- Uncomment the "usbLogger" line below, plug in the USB keyboard and update the USB vendor and product ID
  local isKeyboardAffected = data.vendorID == 9610 and data.productID == 89
  -- usbLogger.df("eventType %s, pname %s, vname %s, vId %s, pId %s, keyboardAffected %s", data.eventType, data.productName, data.vendorName, data.vendorID, data.productID, isKeyboardAffected)
  if isKeyboardAffected and data.eventType == "added" then
    hs.keycodes.setLayout("U.S.")
  end
  if isKeyboardAffected and data.eventType == "removed" then

fhemberger

Node.js: Create checksums for npm's 'postinstall' actions

After watching Patrick Debois' talk from DeliveryConf »How Secure Is Your Build / Server?«, I tried to get at least a rough idea if postinstall steps where running at all and if they do the same things after a package update.

So I wrote a little proof of concept that will:

• Create a Dockerfile, using package.json and package-lock.json from a Node.js project in the current directory
• Install all its dependencies inside the Docker container first, without running any postinstall steps, then do the same with running the scripts.
• Reading the diff of those steps using Docker's image layers
• And calculate a checksum of those changes.

fhemberger

I'm using the git pr command from the git-extras toolset to check out a local copy of a PR.

To rebase the PR again, I wrote a little script, which needs to be run in the PR's branch:

#!/usr/bin/env bash

branch=$(git symbolic-ref HEAD --short)

git rebase master

fhemberger

Robin Böhm, Philipp Tarasiewicz
AngularJS: Overview, Best Practices and Pitfalls
Slides
Twitter (Robin, @roobijn)
Twitter (Philipp, @justphilmusic)

Christian Schaefer
HTTP/2: Die Zukunft beginnt jetzt.
Slides
Twitter (@derSchepp)

fhemberger

Security in General

• Open Web Application Security Project (OWASP)
• OWASP: Top Ten Critical Security Risks 2013
• Secure SSL Configuration for nginx, Apache, etc
• helmet: Security related middlewares for Express

CSRF

• Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet

fhemberger

How to use this list

1. Download a result blocking extension for your browser:

• Google Chrome: Google's "Personal Blocklist"
• Mozilla Firefox: Hide Unwanted Results of Google Search

2. Feed the list to the plugin.
3. Search results from these sites are now blocked in Google.

fhemberger

.gem
.npm
cgi-bin
fcgi-bin
html
lib
man
share
tmp
**/node_modules

fhemberger

<!DOCTYPE html>
<html>
  <head>
    <title>Socket.io Test</title>

    <!-- Dieses Script wird von Socket.io automatisch zu Verfügung gestellt -->
    <script src="/socket.io/socket.io.js"></script>

    <script>
      // Mit dem Socket.io-Server verbinden

fhemberger

var topics = {};

$.Topic = function( id ) {
  if ( !topics[ id ] ) {
    var callbacks = jQuery.Callbacks();
    topics[ id ] = {
      publish: callbacks.fire,
      subscribe: callbacks.add,
      unsubscribe: callbacks.remove
    };

fhemberger

<!DOCTYPE html>
<html>
    <head>
        <style>
            body { font-family: Arial, sans-serif; }
            th, td {
                text-align: center;
                padding: 10px;
            }
            th { background-color: #f0f0f0; }