Skip to content

Instantly share code, notes, and snippets.

View jroes's full-sized avatar

Jon Roes jroes

  • Streamlit
  • Charlotte, NC
  • X @jroes
View GitHub Profile
@adamwiggins
adamwiggins / adams-heroku-values.md
Last active October 3, 2024 14:07
My Heroku values

Make it real

Ideas are cheap. Make a prototype, sketch a CLI session, draw a wireframe. Discuss around concrete examples, not hand-waving abstractions. Don't say you did something, provide a URL that proves it.

Ship it

Nothing is real until it's being used by a real user. This doesn't mean you make a prototype in the morning and blog about it in the evening. It means you find one person you believe your product will help and try to get them to use it.

Do it with style

@nelhage
nelhage / make_yaml_safe.rb
Last active December 10, 2015 23:08
Neuter YAML to help mitigate CVE-2013-0156-style attacks.
# The fact that YAML.load will instantiate arbitrary ruby objects
# means that calling `YAML.load` on untrusted data is virtually always
# equivalent to executing arbitrary code in a complex app.
# This code fragment globally neuters YAML to disable this behavior,
# which should (hopefully) cut off all such attacks from the start.
# I don't promise this closes all possible attacks, but this closes
# off the trivial case. You should audit and upgrade all your
# dependencies, as well.