Skip to content

Instantly share code, notes, and snippets.

View lanterndev's full-sized avatar

lanterndev

26 followers · 6 following
View GitHub Profile
@lanterndev
lanterndev / gist:6464226
Created September 6, 2013 14:00 — forked from alex/gist:5760270

Guide to how fucked is SSL?

Thanks to Jacob Kaplan-Moss, Donald Stufft, David Reid, Allen Short, Zain Memon, and Chris Armstrong for review.

This is a guide for technical individuals to understand in what circumstances SSL communications are secure against an observer-in-the-middle (for all intents and purposes: the NSA).

@lanterndev
lanterndev / index.html
Last active December 26, 2015 08:49
AngularJS Issue #4608
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title>AngularJS Plunker</title>
<script src="//ajax.googleapis.com/ajax/libs/angularjs/1.2.9/angular.min.js"></script>
<script>
angular.module('broken', [])
.controller('MainCtrl', function ($scope, $location) { });
@lanterndev
lanterndev / index.html
Last active December 26, 2015 08:49
Comparison for AngularJS Issue #4608
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title>AngularJS Plunker</title>
<script src="//ajax.googleapis.com/ajax/libs/angularjs/1.2.9/angular.min.js"></script>
<script>
angular.module('broken', [])
.controller('MainCtrl', function ($scope) { });
@lanterndev
lanterndev / mailchimp-https.md
Last active December 27, 2015 11:59
MailChimp and https

Dear MailChimp Security Team,

First off, thanks for the great work! The Lantern team has been using MailChimp for a while now and we're very grateful for the service.

We're concerned though that when our users POST their email addresses to https://getlantern.us2.list-manage.com/subscribe/post?u=0ac18298d5d0330dcda8f48aa through the signup form on our site, the page MailChimp serves them over https loads javascript over http (e.g. http://downloads.mailchimp.com/js/jquery.mailcheck.min.js). This makes it possible for a man-in-the-middle attack, where instead of getting the javascript they're supposed to get from your server, users get attacker-controlled code. The malicious code could harvest their email addresses (which get rendered in e.g. the "already subscribed" error), trick them into submitting more information to the attacker, etc. This isn't just a theoretical concern. Our users actually do live in places where attacks like these are unfortunately all too common.

Your ht

@lanterndev
lanterndev / negotiateLocale.js
Created December 18, 2013 01:39
/**
* Translated from: https://github.com/mitsuhiko/babel/blob/e224a7b/babel/core.py
* License: https://github.com/mitsuhiko/babel/blob/e224a7b/LICENSE
*/
var LOCALE_ALIASES = {
'ar': 'ar_SY', 'bg': 'bg_BG', 'bs': 'bs_BA', 'ca': 'ca_ES', 'cs': 'cs_CZ',
'da': 'da_DK', 'de': 'de_DE', 'el': 'el_GR', 'en': 'en_US', 'es': 'es_ES',
'et': 'et_EE', 'fa': 'fa_IR', 'fi': 'fi_FI', 'fr': 'fr_FR', 'gl': 'gl_ES',
'he': 'he_IL', 'hu': 'hu_HU', 'id': 'id_ID', 'is': 'is_IS', 'it': 'it_IT',
@lanterndev
lanterndev / index.html
Last active January 3, 2016 07:39
AngularJS Issue 4608 (with target="_self")
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title>AngularJS Plunker</title>
<script src="//ajax.googleapis.com/ajax/libs/angularjs/1.2.0-rc.3/angular.min.js"></script>
<script>
angular.module('broken', [])
.controller('MainCtrl', function ($scope, $location) { });
@lanterndev
lanterndev / index.html
Last active January 3, 2016 16:49
AngularJS Issue 4608 (with html5Mode = true)
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title>AngularJS Plunker</title>
<script src="//ajax.googleapis.com/ajax/libs/angularjs/1.2.9/angular.min.js"></script>
<script src="//ajax.googleapis.com/ajax/libs/angularjs/1.2.9/angular-route.min.js"></script>
<script>
angular.module('broken', [])
@lanterndev
lanterndev / gist:9541163
Created March 14, 2014 02:34
This file has been truncated, but you can view the full file.
~> brew install -v python3 --quicktest --with-brewed-openssl --with-brewed-tk
==> Downloading http://python.org/ftp/python/3.3.5/Python-3.3.5.tgz
Already downloaded: /Library/Caches/Homebrew/python3-3.3.5.tgz
==> Verifying python3-3.3.5.tgz checksum
tar xf /Library/Caches/Homebrew/python3-3.3.5.tgz
==> Patching
/usr/bin/patch -g 0 -f -p1 -i 000-homebrew.diff
patching file setup.py
Hunk #1 succeeded at 1675 (offset 52 lines).
Hunk #2 succeeded at 1720 (offset 52 lines).
@lanterndev
lanterndev / gist:9700095
Last active August 29, 2015 13:57
This file has been truncated, but you can view the full file.
21:47:33
~> brew info python3
python3: stable 3.4.0, HEAD
http://www.python.org/
Not installed
From: https://github.com/Homebrew/homebrew/commits/master/Library/Formula/python3.rb
==> Dependencies
Build: pkg-config ✔
Required: openssl ✔
Recommended: readline ✔, sqlite ✔, gdbm ✔, xz ✔
@lanterndev
lanterndev / gist:10605343
Created April 13, 2014 22:44
18:39:32 ~> brew install --verbose frescobaldi
==> Installing dependencies for frescobaldi: lilypond, openjpeg, poppler, sip, pyqt
==> Installing frescobaldi dependency: lilypond
==> Downloading http://download.linuxaudio.org/lilypond/sources/v2.18/lilypond-2.18.2.tar.gz
/usr/bin/curl -fLA Homebrew 0.9.5 (Ruby 1.8.7-358; Mac OS X 10.9.2) http://download.linuxaudio.org/lilypond/sources/v2.18/lilypond-2.18.2.tar.gz -C 0 -o /Library/Caches/Homebrew/lilypond-2.18.2.tar.gz.incomplete
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 15.2M 100 15.2M 0 0 2844k 0 0:00:05 0:00:05 --:--:-- 3402k
==> Verifying lilypond-2.18.2.tar.gz checksum
tar xf /Library/Caches/Homebrew/lilypond-2.18.2.tar.gz