Skip to content

Instantly share code, notes, and snippets.

Building new teams at @Shopify

Francis Gulotta reconbot

Building new teams at @Shopify
View GitHub Profile
View (no subject) 2014-01-28.txt
let's play a game
the board is a mercator projection of planet earth with the equator running thru the middle
everyone has 32 pieces
put 1 on the board, that's your capitol
put 15 more on the board, they are your cities(tribes)
reconbot / my_app_one.html.erb
Created Feb 10, 2014
I want to link to things that have routes that are constrained by a host by using their path helper.
View my_app_one.html.erb
<%= link_to "Second App", my_app_two_path %>
View .bash_profile
alias gh='open `git config --get remote.origin.url | sed "s@.*com.\(.*\)\.git@\1@"`/compare/`git symbolic-ref HEAD | cut -d "/" -f 3`'
View toolness security-adventur

Thoughts and notes

RegExp Denial of Service

I didn't really learn why this was an issue. Don't allow arbituarily large groups in regexes seems to be the message but since we weren't using the group beforehand the message was sort of lost on me.

Maybe we could rely on the group for some reason and then limit the length of the username to gaurd against this?

Reflected Cross Site Scripting && HttpOnly Cookie

I was confused why two lessons were mixed into one. It took a few read throughs to understand that wasn't the case. I'd have an XSS lesson first.

View cross_domain_tracking.js
var idXhr = $.ajax({
url: 'https://primarydomain.tld/tracking/id',
xhrFields: {
withCredentials: true // needed for cookies to work in CORS requests
// Ensure identify is caleld before anything else

Keybase proof

I hereby claim:

  • I am reconbot on github.
  • I am reconbot ( on keybase.
  • I have a public key whose fingerprint is 1D02 25F6 97AE 88D6 46DC 22BA 720D 55FE 66FD 1E8C

To claim this, I am signing this object:

View sparkcorechat.js
var dgram = require('dgram');
// Make a udp socket
var socket = dgram.createSocket('udp4');
// Listen on a port on all addresses.
socket.bind(48879, function () {
socket.setBroadcast(true); // We intend to broadcast
View spark.js
// Wizard Development would like to remind you there is no such thing as magic.
SparkStatus.prototype.buildStatus = function(build) {
if (build.success) {
this.write(build.repo + "/" + build.branch + "\n" + build.commit_msg);
this.write(build.repo + "/" + build.branch + "\n" + build.commit_msg);
View statusbot.ino
oid backlight(unsigned long rgb) {
int r = rgb >> 16 & 0x0000FF;
int g = rgb >> 8 & 0x0000FF;
int b = rgb & 0x0000FF;
r = map(r, 0, 255, 0, brightness);
g = map(g, 0, 255, 0, brightness);
b = map(b, 0, 255, 0, brightness);
// common anode so invert!
View index.js
var circleNotifier = require('./circle');
var SparkStatus = require('./spark');
// later
app.use('/test', function(req,res,next){
var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
spark.write("Testing from:\n" + ip, function(err, retval){
res.end(JSON.stringify({err: err, retval: retval}));