Nathan Youngman nathany

## two-factor.md

      
              1 file
            
          
              0 forks
            
          
              1 comment
            
          
              1 star
            
          
                nathany
                / two-factor.md
            
            
              Last active
              December 23, 2015 02:38
            
              
                Two factor-auth all the things
              
          
Google Apps


Twitter (docs)


App.net


Facebook Login Approvals


GitHub


Basecamp


Dropbox


DNSimple


## Drone.io
go get -d -v ./...

# get test dependencies
# go get -t will make this unnecessary in go 1.2 <https://codereview.appspot.com/12566046>

# go get launchpad.net/gocheck

# go get github.com/axw/gocov/gocov
# go get github.com/mattn/goveralls

## Gemfile
source 'https://rubygems.org'

ruby '1.8.7'

# server
gem 'rails', '2.3.18'
gem 'thin'

group :production do
  gem 'rack-ssl'            # included in Rails 3 (config.force_ssl = true)

## ruby2.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              1 star
            
          
                nathany
                / ruby2.md
            
            
              Last active
              December 20, 2015 00:59
            
              
                Ruby 2.0 backwards incompatible changes
              
          
    Ruby 2.0 backwards incompatible changes

From Peter Cooper's Walkthrough:


lines, bytes, chars, codepoints returned an Enumerator in 1.9 -> use each_lines, each_bytes, each_chars, each_codepoints instead for an Enumerator
# encoding: utf-8 is the default (which impacts regular expressions that expect it to be us-ascii, eg. vpim)
respond_to? on a protected method returns false (was true)
inspect doesn't use the redefined to_s
Array#values_at returns nil for each number outside of the array
CSV.dump & CSV.load are gone (object serialization)


## gist:5145088
sass -c -I app/assets/stylesheets/ app/assets/stylesheets/**/*.scss

## config.ru
# add something like this to config.ru
# see https://github.com/kzk/unicorn-worker-killer

if Integer(ENV['UNICORN_KILLER'] || 0) != 0
  require 'unicorn/worker_killer'
  # Max memory size (RSS) per worker
  use Unicorn::WorkerKiller::Oom, (350*(1024**2)), (400*(1024**2)), 30, true
end

## app.rb
require 'redcarpet'
require 'pygments'

class Syntactical < Redcarpet::Render::HTML
  include Redcarpet::Render::SmartyPants

  def block_code(code, language)
    Pygments.highlight(code, lexer: language)
  end
end

## CVE-2013-0156.rb
# There are multiple weaknesses in the parameter parsing code for Ruby on Rails
# which allows attackers to bypass authentication systems, inject arbitrary SQL,
# inject and execute arbitrary code, or perform a DoS attack on a Rails application.
# This vulnerability has been assigned the CVE identifier CVE-2013-0156.
#
# https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/61bkgvnSGTQ

ActiveSupport::XmlMini::PARSING.delete("symbol")
ActiveSupport::XmlMini::PARSING.delete("yaml")

## Default (OSX).sublime-keymap
[
	/* GoSublime */
	{
		"keys": ["super+s"],
		"command": "gs_fmt_save",
		"context": [{ "key": "selector", "operator": "equal", "operand": "source.go" }]
	},
	{
		"keys": ["super+shift+s"],
		"command": "gs_fmt_prompt_save_as",

## checkers.go
type withinChecker struct {
  *CheckerInfo
}

var Within Checker = &withinChecker{
  &CheckerInfo{Name: "Within", Params: []string{"obtained", "delta", "expected"}},
}

func (c *withinChecker) Check(params []interface{}, names []string) (result bool, error string) {
  obtained, ok := params[0].(float64)
	go get -d -v ./...

	# get test dependencies
	# go get -t will make this unnecessary in go 1.2 <https://codereview.appspot.com/12566046>

	# go get launchpad.net/gocheck

	# go get github.com/axw/gocov/gocov
	# go get github.com/mattn/goveralls
	source 'https://rubygems.org'

	ruby '1.8.7'

	# server
	gem 'rails', '2.3.18'
	gem 'thin'

	group :production do
	gem 'rack-ssl' # included in Rails 3 (config.force_ssl = true)
	# add something like this to config.ru
	# see https://github.com/kzk/unicorn-worker-killer

	if Integer(ENV['UNICORN_KILLER'] \|\| 0) != 0
	require 'unicorn/worker_killer'
	# Max memory size (RSS) per worker
	use Unicorn::WorkerKiller::Oom, (350(10242)), (400(1024**2)), 30, true
	end
	require 'redcarpet'
	require 'pygments'

	class Syntactical < Redcarpet::Render::HTML
	include Redcarpet::Render::SmartyPants

	def block_code(code, language)
	Pygments.highlight(code, lexer: language)
	end
	end
	# There are multiple weaknesses in the parameter parsing code for Ruby on Rails
	# which allows attackers to bypass authentication systems, inject arbitrary SQL,
	# inject and execute arbitrary code, or perform a DoS attack on a Rails application.
	# This vulnerability has been assigned the CVE identifier CVE-2013-0156.
	#
	# https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/61bkgvnSGTQ

	ActiveSupport::XmlMini::PARSING.delete("symbol")
	ActiveSupport::XmlMini::PARSING.delete("yaml")
	[
	/* GoSublime */
	{
	"keys": ["super+s"],
	"command": "gs_fmt_save",
	"context": [{ "key": "selector", "operator": "equal", "operand": "source.go" }]
	},
	{
	"keys": ["super+shift+s"],
	"command": "gs_fmt_prompt_save_as",
	type withinChecker struct {
	*CheckerInfo
	}

	var Within Checker = &withinChecker{
	&CheckerInfo{Name: "Within", Params: []string{"obtained", "delta", "expected"}},
	}

	func (c *withinChecker) Check(params []interface{}, names []string) (result bool, error string) {
	obtained, ok := params[0].(float64)