Skip to content

Instantly share code, notes, and snippets.

View olov's full-sized avatar

Olov Lassus olov

89 followers · 0 following
  • Linköping, Sweden
View GitHub Profile
@olov
olov / smallsort.c
Last active December 30, 2015 05:58
sorting algorithms for small arrays
#include <stdio.h>
#include <sys/types.h>
#include <stdlib.h>
#include <unistd.h>
#include <time.h>
#include <string.h>
#include <sys/time.h>
long long gettime_ms(void)
{
@olov
olov / lossy_dropbox.txt
Created January 5, 2014 19:19
Dropbox, you're handling >260 long paths wrong on Windows
Hello there,
I'm supporting DELETED and DELETED with IT. Both of them are paying customers of yours. I was pretty shocked when I learned today that when you encounter a path longer than 260 characters (on a Windows system), you do no sync it, and you do not inform the end user about it. In a shared folder setup, this is pretty disastrous.
I can think of two sensible ways to handle the limitation of 260 character long paths in Windows.
1. Detect them, and inform the user prominently that he/she has files that will not be synced.
2. Detect and sync as usual (this is certainly possible from a technical standpoint).
Your current way of handling this causes lots of frustration to end-users and at the end of the day, may cause them to lose data quite easily.
@olov
olov / autoindent commented out lines
Last active August 29, 2015 13:56
// let's begin with this function. f() was previously commented out using Cmd--
function context() {
if (foo) {
// f();
g();
}
}
// we remove the if-statement and let its block run unconditionally instead.
@olov
olov / ng-annotate_plus_assetgraph.txt
Created May 19, 2014 12:49
ng-annotate + assetgraph
Process (almost) all files with ng-annotate options {add: true, regexp: "^$"}
I say almost because there should be no risk that already minified files (i.e. matching the filename pattern *.min.* or something similar) need processing by ng-annotate. So we're saving the nature and build times by excluding them.
Add means "add annotations but don't remove or rebuild those already existing, if any". That's what you want. The weird-looking regexp-option really just means disable the support for short declaration forms.
This is a short declaration form:
myMod.controller("MyCtrl", function($scope, $timeout) {
});
@olov
olov / gist:40e4bf5181e8a5f7e849
Created October 10, 2014 19:58
networks sux and browsers may surprise you
index.html
...
<script src="a.js"></script>
<script src="b.js"></script>
<script src="c.js"></script>
a.js:
var globalfoo = 42;
b.js:
@olov
olov / gist:eb60ab878eb73a7c5e22
Created October 15, 2014 08:55
listenandservetls_nossl30.go
// You don't want to serve HTTPS supporting for SSL3.0 any longer, see:
// http://googleonlinesecurity.blogspot.de/2014/10/this-poodle-bites-exploiting-ssl-30.html
import (
"crypto/tls"
"net/http"
)
// This code supports SSL3.0, TLS1.0, TLS1.1 and TLS1.2
// Chances are you currently do this but want to stop due to the POODLE
err := http.ListenAndServeTLS(addr, "crtfile", "keyfile", handler)
@olov
olov / whatever.js
Created November 13, 2014 07:33
bind-comments
// yoyoyomamama comment on the file (note blank line after it)
// comment bound to function
function foo() {
// comment bound to if-statement
if (a) {
// comment bound to first block
b(); // comment bound to statement
@olov
olov / betterbrowser.md
Last active August 29, 2015 14:20
better browser experience

random thoughts

funding: a mix i suppose. volonteer work, i mean we do tons of volonteer work daily in terms of writing open source code, providing documentation and stuff like that. fundraising from persons (like wikimedia) and small and big companies that care about these things. funding should cover operations.

ads: the browser should come with a ad-blocking tech by default. this can happen because the browser does not come from a company/community that relies on ad revenue to pay salaries. the internet, especially the desktop internet, is horrible to use without ad-blocking tech and ads and lack of privacy goes hand-in-hand like nothing else.

privacy: i'm not a cookie expert but my gut-feeling tells me there's more to do in terms of creating a browser that tries to make the end-user as anonymous as possible and prevent the mega-tracking cookie networks that build up massive profiles about people, while still allowing web sites to function. also see search below. also https-only within a reasonable time

@olov
olov / internetbank_http_public_site_problem.md
Last active August 27, 2015 05:46

Background

Major Swedish bank SEB serves their public site HTTP, with no HTTPS version available. The front page http://www.seb.se has a big Login button that then takes the user to the secure HTTPS part of their site, where the user then logs in. I hope to be able to explain why this is bad for users because it gives Attackers more opportunity. I hope to convince SEB to acknowledge this and stop serving their public site over HTTP, going HTTPS only. I started noticing this problem a few years back, contacted them a year ago or so for deaf ears, contacted them again recently and kindly got a person listening to me but I failed to get an acknowledgement of any sort. I proposed that I write something up instead.

Scenario

Victim normally logs onto internet bank by typing www.seb.se into URL bar in web browser, either typing it out fully or just part of it and selecting the auto-completed URL. Alternatively, Victim has put a bookmark on http://www.seb.se, and clicks that bookmark to come to the front

@olov
olov / react-router-children-api.tsx
Created September 13, 2016 18:07
what prevents this kind of react-router API?
// Run this example locally by copy/pasting it into
// `src/App.js` of an app created with `create-react-app`
// https://github.com/facebookincubator/create-react-app
import React from 'react'
import Match from 'react-router/Match'
import Miss from 'react-router/Miss'
import Link from 'react-router/Link'
import Redirect from 'react-router/Redirect'
import Router from 'react-router/BrowserRouter'