Denis Brodbeck denisbrodbeck
| <?php | |
| use PhpCsFixer\Config; | |
| use PhpCsFixer\Finder; | |
| $rules = [ | |
| 'array_indentation' => true, | |
| 'array_syntax' => ['syntax' => 'short'], | |
| 'binary_operator_spaces' => [ | |
| 'default' => 'single_space', |
| import { useState, useEffect } from 'react'; | |
| // Usage | |
| function App() { | |
| // Call our hook for each key that we'd like to monitor | |
| const happyPress = useKeyPress('h'); | |
| const sadPress = useKeyPress('s'); | |
| const robotPress = useKeyPress('r'); | |
| const foxPress = useKeyPress('f'); |
| package main | |
| import ( | |
| "context" | |
| "flag" | |
| "fmt" | |
| "log" | |
| "net/http" | |
| "os" | |
| "os/signal" |
| # Generate a BaseSystem.dmg with 10.13 Install Packages | |
| hdiutil attach /Applications/Install\ macOS\ 10.13\ Beta.app/Contents/SharedSupport/InstallESD.dmg -noverify -mountpoint /Volumes/highsierra | |
| hdiutil create -o /tmp/HighSierraBase.cdr -size 7316m -layout SPUD -fs HFS+J | |
| hdiutil attach /tmp/HighSierraBase.cdr.dmg -noverify -mountpoint /Volumes/install_build | |
| asr restore -source /Applications/Install\ macOS\ 10.13\ Beta.app/Contents/SharedSupport/BaseSystem.dmg -target /Volumes/install_build -noprompt -noverify -erase | |
| cp -R /Volumes/highsierra/Packages /Volumes/OS\ X\ Base\ System/System/Installation | |
| hdiutil detach /Volumes/OS\ X\ Base\ System/ | |
| hdiutil detach /Volumes/highsierra/ | |
| mv /tmp/HighSierraBase.cdr.dmg /tmp/BaseSystem.dmg |
| <?php | |
| declare(strict_types=1); | |
| use ParagonIE\ConstantTime\Base64UrlSafe; | |
| class JWTKiller | |
| { | |
| public static function sign(string $message, Key $key): string | |
| { | |
| $mac = sodium_crypto_auth($message, $key->getRaw()); |
FWIW: I (@rondy) am not the creator of the content shared here, which is an excerpt from Edmond Lau's book. I simply copied and pasted it from another location and saved it as a personal note, before it gained popularity on news.ycombinator.com. Unfortunately, I cannot recall the exact origin of the original source, nor was I able to find the author's name, so I am can't provide the appropriate credits.
- By Edmond Lau
- Highly Recommended 👍
- http://www.theeffectiveengineer.com/
Not all random values are created equal - for security-related code, you need a specific kind of random value.
A summary of this article, if you don't want to read the entire thing:
- Don't use
Math.random(). There are extremely few cases whereMath.random()is the right answer. Don't use it, unless you've read this entire article, and determined that it's necessary for your case. - Don't use
crypto.getRandomBytesdirectly. While it's a CSPRNG, it's easy to bias the result when 'transforming' it, such that the output becomes more predictable. - If you want to generate random tokens or API keys: Use
uuid, specifically theuuid.v4()method. Avoidnode-uuid- it's not the same package, and doesn't produce reliably secure random values. - If you want to generate random numbers in a range: Use
random-number-csprng.
You should seriously consider reading the entire article, though - it's
Currently, there is an explosion of tools that aim to manage secrets for automated, cloud native infrastructure management. Daniel Somerfield did some work classifying the various approaches, but (as far as I know) no one has made a recent effort to summarize the various tools.
This is an attempt to give a quick overview of what can be found out there. The list is alphabetical. There will be tools that are missing, and some of the facts might be wrong--I welcome your corrections. For the purpose, I can be reached via @maxvt on Twitter, or just leave me a comment here.
There is a companion feature matrix of various tools. Comments are welcome in the same manner.
| package sri | |
| import ( | |
| "crypto/sha256" | |
| "encoding/base64" | |
| "fmt" | |
| "io/ioutil" | |
| ) | |
| func Generate256(file string) (string, error) { |