Skip to content

Instantly share code, notes, and snippets.

View olegsu's full-sized avatar

Oleg Sucharevich olegsu

View GitHub Profile
@jdolitsky
jdolitsky / new_private_list_with_all_followed_users.go
Created February 12, 2020 20:56
Script to add everyone you follow on Twitter to a new private list
/*
new_private_list_with_all_followed_users.go
Script to add everyone you follow on Twitter to a new private list
Usage (requires Go 1.13+):
// Name of the Twitter list (should not exist yet, will be created)
export TW_LIST_NAME="<new_list_name>"
@orcaman
orcaman / wikipedia_learner.py
Last active May 9, 2023 16:23
LangChain Retrieval Question/Answering
import os
import sys
from langchain.text_splitter import CharacterTextSplitter
from langchain.utilities import WikipediaAPIWrapper
import dotenv
from langchain.embeddings import OpenAIEmbeddings
from langchain.vectorstores import Chroma
from langchain import OpenAI
from langchain.chains import RetrievalQA
import langchain
@itaysk
itaysk / prepull.yaml
Last active January 26, 2024 17:37
Kubernetes: Pre-pull images into node (moved to: https://github.com/itaysk/kube-imagepuller )
###
# There's a newer version available here:
# https://github.com/itaysk/kube-imagepuller
# All future updates will be made there.
# Please also post you questions as issues on that repo instead of commenting here
###
apiVersion: apps/v1beta2
kind: DaemonSet
@samsch
samsch / stop-using-jwts.md
Last active July 15, 2024 09:26
Stop using JWTs

Stop using JWTs!

TLDR: JWTs should not be used for keeping your user logged in. They are not designed for this purpose, they are not secure, and there is a much better tool which is designed for it: regular cookie sessions.

If you've got a bit of time to watch a presentation on it, I highly recommend this talk: https://www.youtube.com/watch?v=pYeekwv3vC4 (Note that other topics are largely skimmed over, such as CSRF protection. You should learn about other topics from other sources. Also note that "valid" usecases for JWTs at the end of the video can also be easily handled by other, better, and more secure tools. Specifically, PASETO.)

A related topic: Don't use localStorage (or sessionStorage) for authentication credentials, including JWT tokens: https://www.rdegges.com/2018/please-stop-using-local-storage/

The reason to avoid JWTs comes down to a couple different points:

  • The JWT specification is specifically designed only for very short-live tokens (~5 minute or less). Sessions