fhemberger

+ cat /lib/dracut/dracut-053
dracut-053
+ cat /proc/cmdline
+ sed -e 's/\(ftp:\/\/.*\):.*@/\1:*******@/g;s/\(cifs:\/\/.*\):.*@/\1:*******@/g;s/cifspass=[^ ]*/cifspass=*******/g;s/iscsi:.*@/iscsi:******@/g;s/rd.iscsi.password=[^ ]*/rd.iscsi.password=******/g;s/rd.iscsi.in.password=[^ ]*/rd.iscsi.in.password=******/g'
rootflags=rw mount.usrflags=ro BOOT_IMAGE=/flatcar/vmlinuz-a mount.usr=/dev/mapper/usr verity.usr=PARTUUID=7130c94a-213a-4e5a-8e26-6cce9662f132 rootflags=rw mount.usrflags=ro consoleblank=0 root=LABEL=ROOT console=ttyS0,115200n8 console=tty0 flatcar.first_boot=detected flatcar.oem.id=proxmoxve verity.usrhash=16261ecd72c9d30b45c8e9d1e52f6657408bc6ca8b70716dbfd030ea52f39326
+ '[' -f /etc/cmdline ']'
+ for _i in /etc/cmdline.d/*.conf
+ '[' -f /etc/cmdline.d/00-btrfs.conf ']'
+ echo /etc/cmdline.d/00-btrfs.conf
/etc/cmdline.d/00-btrfs.conf

fhemberger

local usbLogger = hs.logger.new('usb', 'debug')

function configureKeyboard(data)
  -- Uncomment the "usbLogger" line below, plug in the USB keyboard and update the USB vendor and product ID
  local isKeyboardAffected = data.vendorID == 9610 and data.productID == 89
  -- usbLogger.df("eventType %s, pname %s, vname %s, vId %s, pId %s, keyboardAffected %s", data.eventType, data.productName, data.vendorName, data.vendorID, data.productID, isKeyboardAffected)
  if isKeyboardAffected and data.eventType == "added" then
    hs.keycodes.setLayout("U.S.")
  end
  if isKeyboardAffected and data.eventType == "removed" then

fhemberger

Node.js: Create checksums for npm's 'postinstall' actions

After watching Patrick Debois' talk from DeliveryConf »How Secure Is Your Build / Server?«, I tried to get at least a rough idea if postinstall steps where running at all and if they do the same things after a package update.

So I wrote a little proof of concept that will:

• Create a Dockerfile, using package.json and package-lock.json from a Node.js project in the current directory
• Install all its dependencies inside the Docker container first, without running any postinstall steps, then do the same with running the scripts.
• Reading the diff of those steps using Docker's image layers
• And calculate a checksum of those changes.

fhemberger

I'm using the git pr command from the git-extras toolset to check out a local copy of a PR.

To rebase the PR again, I wrote a little script, which needs to be run in the PR's branch:

#!/usr/bin/env bash

branch=$(git symbolic-ref HEAD --short)

git rebase master

fhemberger

Robin Böhm, Philipp Tarasiewicz
AngularJS: Overview, Best Practices and Pitfalls
Slides
Twitter (Robin, @roobijn)
Twitter (Philipp, @justphilmusic)

Christian Schaefer
HTTP/2: Die Zukunft beginnt jetzt.
Slides
Twitter (@derSchepp)

fhemberger

Security in General

• Open Web Application Security Project (OWASP)
• OWASP: Top Ten Critical Security Risks 2013
• Secure SSL Configuration for nginx, Apache, etc
• helmet: Security related middlewares for Express

CSRF

• Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet

fhemberger

How to use this list

1. Download a result blocking extension for your browser:

• Google Chrome: Google's "Personal Blocklist"
• Mozilla Firefox: Hide Unwanted Results of Google Search

2. Feed the list to the plugin.
3. Search results from these sites are now blocked in Google.

fhemberger

.gem
.npm
cgi-bin
fcgi-bin
html
lib
man
share
tmp
**/node_modules

fhemberger

<!DOCTYPE html>
<html>
  <head>
    <title>Socket.io Test</title>

    <!-- Dieses Script wird von Socket.io automatisch zu Verfügung gestellt -->
    <script src="/socket.io/socket.io.js"></script>

    <script>
      // Mit dem Socket.io-Server verbinden

fhemberger

var topics = {};

$.Topic = function( id ) {
  if ( !topics[ id ] ) {
    var callbacks = jQuery.Callbacks();
    topics[ id ] = {
      publish: callbacks.fire,
      subscribe: callbacks.add,
      unsubscribe: callbacks.remove
    };