Skip to content

Instantly share code, notes, and snippets.

Olov Lassus olov

  • Linköping, Sweden
Block or report user

Report or block olov

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View StatefulComponent.tsx
import * as React from "react";
import { nextTick } from "../std/nexttick";
import { updated } from "../std/fridge";
import { shallowObjectEquals } from "../std/u";
const uniqueObject = {};
export class StatefulComponent<T, U> extends React.Component<T> {
protected readonly data: U;
private allowRender: boolean = true;
View app.jsx
import { Router } from 'react-router';
import { Match } from "./matchchildren"
const App = () => (
<Router>
<Match pattern="/"><Hello name="Yoyoma"/></Match>
</Router>
)
const Hello = (props) => {
@olov
olov / react-router-children-api.tsx
Created Sep 13, 2016
what prevents this kind of react-router API?
View react-router-children-api.tsx
// Run this example locally by copy/pasting it into
// `src/App.js` of an app created with `create-react-app`
// https://github.com/facebookincubator/create-react-app
import React from 'react'
import Match from 'react-router/Match'
import Miss from 'react-router/Miss'
import Link from 'react-router/Link'
import Redirect from 'react-router/Redirect'
import Router from 'react-router/BrowserRouter'
View internetbank_http_public_site_problem.md

Background

Major Swedish bank SEB serves their public site HTTP, with no HTTPS version available. The front page http://www.seb.se has a big Login button that then takes the user to the secure HTTPS part of their site, where the user then logs in. I hope to be able to explain why this is bad for users because it gives Attackers more opportunity. I hope to convince SEB to acknowledge this and stop serving their public site over HTTP, going HTTPS only. I started noticing this problem a few years back, contacted them a year ago or so for deaf ears, contacted them again recently and kindly got a person listening to me but I failed to get an acknowledgement of any sort. I proposed that I write something up instead.

Scenario

Victim normally logs onto internet bank by typing www.seb.se into URL bar in web browser, either typing it out fully or just part of it and selecting the auto-completed URL. Alternatively, Victim has put a bookmark on http://www.seb.se, and clicks that bookmark to come to the front

@olov
olov / betterbrowser.md
Last active Aug 29, 2015
better browser experience
View betterbrowser.md

random thoughts

funding: a mix i suppose. volonteer work, i mean we do tons of volonteer work daily in terms of writing open source code, providing documentation and stuff like that. fundraising from persons (like wikimedia) and small and big companies that care about these things. funding should cover operations.

ads: the browser should come with a ad-blocking tech by default. this can happen because the browser does not come from a company/community that relies on ad revenue to pay salaries. the internet, especially the desktop internet, is horrible to use without ad-blocking tech and ads and lack of privacy goes hand-in-hand like nothing else.

privacy: i'm not a cookie expert but my gut-feeling tells me there's more to do in terms of creating a browser that tries to make the end-user as anonymous as possible and prevent the mega-tracking cookie networks that build up massive profiles about people, while still allowing web sites to function. also see search below. also https-only within a reasonable time

@olov
olov / whatever.js
Created Nov 13, 2014
bind-comments
View whatever.js
// yoyoyomamama comment on the file (note blank line after it)
// comment bound to function
function foo() {
// comment bound to if-statement
if (a) {
// comment bound to first block
b(); // comment bound to statement
@olov
olov / gist:eb60ab878eb73a7c5e22
Created Oct 15, 2014
listenandservetls_nossl30.go
View gist:eb60ab878eb73a7c5e22
// You don't want to serve HTTPS supporting for SSL3.0 any longer, see:
// http://googleonlinesecurity.blogspot.de/2014/10/this-poodle-bites-exploiting-ssl-30.html
import (
"crypto/tls"
"net/http"
)
// This code supports SSL3.0, TLS1.0, TLS1.1 and TLS1.2
// Chances are you currently do this but want to stop due to the POODLE
err := http.ListenAndServeTLS(addr, "crtfile", "keyfile", handler)
@olov
olov / gist:40e4bf5181e8a5f7e849
Created Oct 10, 2014
networks sux and browsers may surprise you
View gist:40e4bf5181e8a5f7e849
index.html
...
<script src="a.js"></script>
<script src="b.js"></script>
<script src="c.js"></script>
a.js:
var globalfoo = 42;
b.js:
View ng-annotate_plus_assetgraph.txt
Process (almost) all files with ng-annotate options {add: true, regexp: "^$"}
I say almost because there should be no risk that already minified files (i.e. matching the filename pattern *.min.* or something similar) need processing by ng-annotate. So we're saving the nature and build times by excluding them.
Add means "add annotations but don't remove or rebuild those already existing, if any". That's what you want. The weird-looking regexp-option really just means disable the support for short declaration forms.
This is a short declaration form:
myMod.controller("MyCtrl", function($scope, $timeout) {
});
View autoindent commented out lines
// let's begin with this function. f() was previously commented out using Cmd--
function context() {
if (foo) {
// f();
g();
}
}
// we remove the if-statement and let its block run unconditionally instead.
You can’t perform that action at this time.