Skip to content

Instantly share code, notes, and snippets.

View oreoshake's full-sized avatar
:octocat:
I used to make it easier to develop this site securely

Neil Matatall oreoshake

:octocat:
I used to make it easier to develop this site securely
174 followers · 14 following
View GitHub Profile
@oreoshake
oreoshake / gist:d6936d8ef61ee1cbf42bc836515743e4
Last active July 31, 2017 20:54
2fa flow

Current way:

  1. User starts the flow
  2. sudo challenge (https://github.com/blog/1513-introducing-github-sudo-mode)\*
  3. scan totp seed
  4. confirm totp seed
  5. Download recovery codes / confirm backup number / enroll in delegated recovery (one or more)
  • User "prints recovery codes
  • User copies recovery to clipboard and stores elsewhere
  • User downloads a file containing the recovery codes
@oreoshake
oreoshake / keybase.md
Created July 18, 2017 18:20

Keybase proof

I hereby claim:

  • I am oreoshake on github.
  • I am oreoshake (https://keybase.io/oreoshake) on keybase.
  • I have a public key ASB-IgMwAQdkCZ0QKGX_YjWLn5ABKR5FPf26hoLA1KHOsgo

To claim this, I am signing this object:

@oreoshake
oreoshake / .git-slash-hooks-slash-post-checkout
Created June 15, 2017 22:00
Automatically restore your working state from the last time you pulled a `git commit -am "wip"`
#!/bin/bash
set -e
prevHEAD=$1
newHEAD=$2
checkoutType=$3
[[ $checkoutType == 1 ]] && checkoutType='branch' ||
checkoutType='file' ;
@oreoshake
oreoshake / speed.diff
Created December 15, 2016 08:59
A smarter Dockerfile and more containers when testing. Takes 50% as long to run.
diff --git a/Dockerfile b/Dockerfile
index d63fcbe..22d87cd 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -11,21 +11,22 @@ ENV DISPLAY :99
RUN rm -rf /root/bmp
-# use COPY for local testing, use the RUN command in CI
-COPY . /root/bmp
@oreoshake
oreoshake / ddd
Created July 8, 2016 20:35
As of July 8, 2016 I will be resigning to become the new CEO of GitLob.
@oreoshake
oreoshake / test.md
Last active July 8, 2016 20:24

asdffffff

@oreoshake
oreoshake / gemnasium_support.rb
Created June 21, 2016 01:34
Seeing which GitHub projects can be monitored by Gemnasium
require 'octokit'
require 'parallel'
DEPENDENCY_FILES = %w(
Gemfile
Gemfile.lock
package.json
bower.json
composer.json
requirements.txt
@oreoshake
oreoshake / chatops.rb
Last active June 1, 2016 22:12
HackerOne -> GitHub chatops code
#!/usr/bin/env shell-ruby
#/ Usage: gh-bounty-writeup hackerone_issue_id github_username [issues_repo] [writeup_repo]
#/
require "bounty"
raise("HACKERONE_TOKEN must be set") unless ENV["HACKERONE_TOKEN"]
raise("HACKERONE_TOKEN_NAME must be set") unless ENV["HACKERONE_TOKEN_NAME"]
usage = File.read(__FILE__).lines[1][3..-1]
@oreoshake
oreoshake / output
Last active May 10, 2016 21:15
Using rbenv, I'm trying to use rails 5.1.0-alpha but something is fucked
[Neils-MacBook-Pro rails (master *>)]$ rbenv rehash
[Neils-MacBook-Pro rails (master *>)]$ which rails
/Users/neil/.rbenv/shims/rails
[Neils-MacBook-Pro rails (master *>)]$ which gem
/Users/neil/.rbenv/shims/gem
[Neils-MacBook-Pro rails (master *>)]$ rails -v
Rails 4.2.6
[Neils-MacBook-Pro rails (master *>)]$ gem uninstall rails
Select gem to uninstall:
@oreoshake
oreoshake / paranoidmode.md
Last active April 23, 2016 17:37
An idea for a terrible feature that dreams of becoming a reality (Maybe 5 sites on the internet would work, including GitHub)
  • No inline script
  • no eval
  • no mixed content
  • https required
  • no referrer leaks
  • no tabnabbing
  • no cross origin framing
  • no cross window/tab references
  • no unpinned certs
  • no non-Sri resources