Skip to content

Instantly share code, notes, and snippets.

View nickmalcolm's full-sized avatar

Nick Malcolm nickmalcolm

View GitHub Profile

Code for a Facebook Like Button

Since you have to log in to Facebook to get the html for a share / like / recommend button, here is the code. More options are at


Include the JavaScript SDK on your page once, ideally right after the opening tag.

<div id="fb-root"></div>

Keybase proof

I hereby claim:

  • I am nickmalcolm on github.
  • I am nickmalcolm ( on keybase.
  • I have a public key whose fingerprint is 0345 8E14 05AE CE7B 5E32 70D2 96BD ED27 0C64 9667

To claim this, I am signing this object:

nickmalcolm / gdrive_files_sample.rb
Created April 15, 2015 21:02
The code we use to paginate through results.
result = @client.execute api_method:, parameters: {
q: "trashed=false and mimeType != 'application/'",
pageToken: page_token,
fields: "etag,items(etag,sharingUser,writersCanShare,thumbnailLink,lastModifyingUser,alternateLink,indexableText,owners,id,modifiedByMeDate,description,embedLink,folderColorRgb,thumbnail,downloadUrl,originalFilename,iconLink,editable,exportLinks,mimeType,createdDate,modifiedDate,headRevisionId,lastViewedByMeDate,webViewLink,fileExtension,webContentLink,labels,fileSize,quotaBytesUsed,markedViewedByMeDate,userPermission,defaultOpenWithLink,videoMediaMetadata,appDataContents,imageMediaMetadata,permissions,kind,version,ownerNames,copyable,parents,title,properties,selfLink,shared,lastModifyingUserName,openWithLinks,sharedWithMeDate,md5Checksum,explicitlyTrashed),kind,nextLink,nextPageToken,selfLink"
nickmalcolm / variables.rb
Last active August 29, 2015 14:22
Ruby Instance Variables vs Local Variables, and overriding getters / setters
# Shows the diffference of calling methods different ways
class Foo
# attr_accessor defines def bar;end and def bar=(val);end
attr_accessor :bar
def initialize = "hello"
def method_one
nickmalcolm / Becoming a Security
Last active March 6, 2016 09:40
Becoming a Security Champion: A presentation idea

Following the RedDot Ruby 2016 CFP Format


What is your talk about?

What the 💁 is a Security Champion? You are! Or, you will be after this talk. You know that security is no longer a nice-to-have, it's a requirement, and one of the biggest risks in our industry. By learning the current threats we face, and getting some practical steps to mitigate them, you'll develop a security mindset. More than just writing better code, you'll be inspired and equipped to encourage your bosses, co-workers, and customers to adopt secure best-practices too! You'll be a champion for better security.

##Details Explain the theme and flow of your talk. What are the intended audience takeaways? Include any pertinent details such as outlines, outcomes or intended audience.

nickmalcolm / Bridging the security-gap between you and your
Last active March 7, 2016 08:03
Bridging the security-gap between you and your users: a presentation idea for developer conferences


What is your talk about?

We build apps. We build them as secure as we can. But no matter what we do behind the scenes, the weakest link is often our end users. Bad passwords, phishing attacks, leaving credentials on post-it notes - is there anything we can do?! Yes! During this talk you will learn how to turn your app in to a powerful re-enforcer of good, secure, user behaviour. You'll have gained empathy for the risks your customers face. You'll have begun building a stronger bridge between you and your users.


Explain the theme and flow of your talk. What are the intended audience takeaways? Include any pertinent details such as outlines, outcomes or intended audience.

The theme of this talk is how to help us help our users. When our users get hacked their lives can be massively impacted, financially and emotionally. Even if it wasn't through the websites we've made. The intended takeaway is that anyone can, and needs to, help in the role of education. The threat is growing, a

String equality is something we check all the time when writing code. Are all_systems == "nominal"? Most of the time using your programming language's default equality operator is fine. However when performing equality checks in sensitive areas of your app, like authentication, you need to be extra careful.

What is a Timing Attack?

Timing attacks are a way of learning information about something by measuring the time it takes to respond to different queries. When a response is faster or slower based on what you send it, the algorithm is leaking information about what two values are being compared.

Don't do this!

Shorter version

Security Together is dedicated to providing a harassment-free experience for everyone, regardless of gender, gender identity and expression, sexual orientation, disability, physical appearance, body size, age, race, or religion. We do not tolerate harassment of participants in any form.

This code of conduct applies to all Security Together spaces, including our Slack group and associated events, both online and off. Anyone who violates this code of conduct may be sanctioned or expelled from these spaces at the discretion of the Security Together administrators.

Some Security Together spaces may have additional rules in place, which will be made clearly available to participants. Participants are responsible for knowing and abiding by these rules.

Longer version

nickmalcolm / thisdata_php_curl.php
Last active May 20, 2016 00:14
Use ThisData's API using PHP curl
$user = array("id" => "1234", "email" => "");
$data = array("verb" => "log-in", "ip" => "", "user_agent" => "Chrome", "user" => $user);
$data_string = json_encode($data);
$url = '';
$api_key = 'ABC123'; // Use your real API key here
$ch = curl_init($url. "?api_key=". $api_key);
nickmalcolm / okta.rb
Created August 10, 2016 01:48
Simple ruby script to pull events from Okta's API, and push them to ThisData
require 'this_data'
require 'httparty'
# A simple proof of concept which will pull a page of events from Okta, and push
# them to ThisData. This enables ThisData to detect behavioural anomalies, and
# keep a third-party access log.
# Requires the ThisData and HTTParty ruby gems.
# Usage: