DevDocs
DevDocs github

run devdocs in docker

First, build the image

git clone https://github.com/Thibaut/devdocs.git && cd devdocs 
docker build -t thibaut/devdocs . 

Finally, start a DevDocs container (access http://localhost:9292)

docker run --name devdocs -d -p 9292:9292 thibaut/devdocs 

Sinatra：一个优雅地包装了Web开发的DSL

你相信用100行代码可以实现一个博客吗？用Sinatra框架就可以做到。下面就是这样子的一个Web应用：

Reprise - A Minimalistic Blog 

这个应用的代码：点这里查看

一个简单的hello world的web应用要写多少代码？用Sinatra只需5行代码：

require 'rubygems' 
require 'sinatra' 

get '/' do 
'Hello World' 
end 

安装方法：

$ gem install sinatra 
$ ruby -rubygems hi.rb 

Aaron Patterson和Mike Dalessio开发了一个新的Ruby解析HTML/XML的ruby库 － Nokogiri。他的速度比目前应用的最广泛的Hpricot还要快许多。经过Benchmark测试表明，Nokogiri在加载XML文档的速度是Hpricot的7倍，在XPATH搜索的速度是Hpricot的5倍，而在CSS选择器的搜索上面是Hpricot的1.62倍。

因此Nokogiri被认为有可能取代Hpricot的新一代Ruby的解析库，他能够解析HTML/XML文件，能够提供XPATH支持，CSS选择器支持。安装Nokogiri的办法很简单： gem install nokogiri

dash

作为一名死coder，每天最常见的动作就是查看各种API文档，你一定也有过同时打开N个窗口（HTML、PDF、CHM），不停的在编辑器与文档之间切换的感受吧？怎么说呢，其实我很讨厌这种枯燥无味的动作，那么如何才能提高效率，减少无用功呢？下面就给大家介绍一款非常好用的Mac小工具：Dash，相比这个英文名，我跟喜欢叫它“叮当猫”，嘿嘿。

官方用一句话就概括了它的用途：Dash是一个API文档浏览器（ API Documentation Browser），以及代码片段管理工具（Code Snippet Manager）。你没看错，它就只有这两个功能，但确实是程序员（至少对于我来说）最为关心的特性，自己之前也用过了不少类似的工具，可以毫不夸张地说，Dash是它们之中做的最好的一个！
强悍的API文档浏览、搜索功能

想必这个功能是大家最常用的了吧，每天要反复查看、搜索那么多的API细节，没有一个好工具，单靠自己的双手如何应付得来？窗口不停的切来切去，很烦啊！Dash采用集成单一窗口的方式，很好的解决了这个问题

DevDocs

DevDocs combines multiple API documentations in a fast, organized, and searchable interface.

• Created by Thibaut Courouble

Keep track of development news:

• Watch the repository on GitHub
• Follow @DevDocs on Twitter
• Join the mailing list

DevDocs is free and open source. If you like it, please consider supporting my work on Gratipay. Thanks!

Table of Contents: Quick Start · Vision · App · Scraper · Commands · Contributing · License · Questions?

Quick Start

Unless you wish to contribute to the project, I recommend using the hosted version at devdocs.io. It’s up-to-date and works offline out-of-the-box.

DevDocs is made of two pieces: a Ruby scraper that generates the documentation and metadata, and a JavaScript app powered by a small Sinatra app.

DevDocs requires Ruby 2.3.0, libcurl, and a JavaScript runtime supported by ExecJS (included in OS X and Windows; Node.js on Linux). Once you have these installed, run the following commands:

1
2
3
4
5

git clone https://github.com/Thibaut/devdocs.git && cd devdocs
gem install bundler
bundle install
thor docs:download --default
rackup

Finally, point your browser at localhost:9292 (the first request will take a few seconds to compile the assets). You’re all set.

The thor docs:download command is used to download pre-generated documentations from DevDocs’s servers (e.g. thor docs:download html css). You can see the list of available documentations and versions by running thor docs:list. To update all downloaded documentations, run thor docs:download --installed.

Note: there is currently no update mechanism other than git pull origin master to update the code and thor docs:download --installed to download the latest version of the docs. To stay informed about new releases, be sure to watch this repository.

Alternatively, DevDocs may be started as a Docker container:

1
2
3
4
5
6

# First, build the image
git clone https://github.com/Thibaut/devdocs.git && cd devdocs
docker build -t thibaut/devdocs .
# Finally, start a DevDocs container (access http://localhost:9292)
docker run --name devdocs -d -p 9292:9292 thibaut/devdocs

Vision

DevDocs aims to make reading and searching reference documentation fast, easy and enjoyable.

The app’s main goals are to: keep load times as short as possible; improve the quality, speed, and order of search results; maximize the use of caching and other performance optimizations; maintain a clean and readable user interface; be fully functional offline; support full keyboard navigation; reduce “context switch” by using a consistent typography and design across all documentations; reduce clutter by focusing on a specific category of content (API/reference) and indexing only the minimum useful to most developers.

Note: DevDocs is neither a programming guide nor a search engine. All our content is pulled from third-party sources and the project doesn’t intend to compete with full-text search engines. Its backbone is metadata; each piece of content is identified by a unique, “obvious” and short string. Tutorials, guides and other content that don’t meet this requirement are outside the scope of the project.

App

The web app is all client-side JavaScript, written in CoffeeScript, and powered by a small Sinatra/Sprockets application. It relies on files generated by the scraper.

Many of the code’s design decisions were driven by the fact that the app uses XHR to load content directly into the main frame. This includes stripping the original documents of most of their HTML markup (e.g. scripts and stylesheets) to avoid polluting the main frame, and prefixing all CSS class names with an underscore to prevent conflicts.

Another driving factor is performance and the fact that everything happens in the browser. applicationCache (which comes with its own set of constraints) and localStorage are used to speed up the boot time, while memory consumption is kept in check by allowing the user to pick his/her own set of documentations. The search algorithm is kept simple because it needs to be fast even searching through 100,000 strings.

DevDocs being a developer tool, the browser requirements are high:

1. On the desktop:
   • Recent version of Chrome, Firefox, or Opera
   • Safari 8+
   • IE / Edge 10+
2. On mobile:
   • iOS 8+
   • Android 4.1+
   • Windows Phone 8+

This allows the code to take advantage of the latest DOM and HTML5 APIs and make developing DevDocs a lot more fun!

Scraper

The scraper is responsible for generating the documentation and index files (metadata) used by the app. It’s written in Ruby under the Docs module.

There are currently two kinds of scrapers: UrlScraper which downloads files via HTTP and FileScraper which reads them from the local filesystem. They both make copies of HTML documents, recursively following links that match a set of rules and applying all sorts of modifications along the way, in addition to building an index of the files and their metadata. Documents are parsed using Nokogiri.

Modifications made to each document include:

• removing content such as the document structure (<html>, <head>, etc.), comments, empty nodes, etc.
• fixing links (e.g. to remove duplicates)
• replacing all external (not scraped) URLs with their fully qualified counterpart
• replacing all internal (scraped) URLs with their unqualified and relative counterpart
• adding content, such as a title and link to the original document

These modifications are applied via a set of filters using the HTML::Pipeline library. Each scraper includes filters specific to itself, one of which is tasked with figuring out the pages’ metadata.

The end result is a set of normalized HTML partials and two JSON files (index + offline data). Because the index files are loaded separately by the app following the user’s preferences, the scraper also creates a JSON manifest file containing information about the documentations currently available on the system (such as their name, version, update date, etc.).

More information about scrapers and filters is available on the wiki.

Available Commands

The command-line interface uses Thor. To see all commands and options, run thor list from the project’s root.

```

Server

rackup # Start the server (ctrl+c to stop)
rackup –help # List server options

Docs

thor docs:list # List available documentations
thor docs:download # Download one or more documentations
thor docs:manifest # Create the manifest file used by the app
thor docs:generate # Generate/scrape a documentation
thor docs:page # Generate/scrape a documentation page
thor docs:package # Package a documentation for use with docs:download
thor docs:clean # Delete documentation packages

Console

thor console # Start a REPL
thor console:docs # Start a REPL in the “Docs” module
Note: tests can be run quickly from within the console using the “test” command. Run “help test”
for usage instructions.

Tests

thor test:all # Run all tests
thor test:docs # Run “Docs” tests
thor test:app # Run “App” tests

Assets

thor assets:compile # Compile assets (not required in development mode)
thor assets:clean # Clean old assets

ngx_lua_waf是一个基于lua-nginx-module(openresty)的web应用防火墙

###用途：

防止sql注入，本地包含，部分溢出，fuzzing测试，xss,SSRF等web攻击
防止svn/备份之类文件泄漏
防止ApacheBench之类压力测试工具的攻击
屏蔽常见的扫描黑客工具，扫描器
屏蔽异常的网络请求
屏蔽图片附件类目录php执行权限
防止webshell上传

###推荐安装:

推荐使用lujit2.1做lua支持

ngx_lua如果是0.9.2以上版本，建议正则过滤函数改为ngx.re.find，匹配效率会提高三倍左右。

###使用说明：

nginx安装路径假设为:/usr/local/nginx/conf/

把ngx_lua_waf下载到conf目录下,解压命名为waf

在nginx.conf的http段添加

lua_package_path "/usr/local/nginx/conf/waf/?.lua";
lua_shared_dict limit 10m;
init_by_lua_file  /usr/local/nginx/conf/waf/init.lua; 
access_by_lua_file /usr/local/nginx/conf/waf/waf.lua;

配置config.lua里的waf规则目录(一般在waf/conf/目录下)

RulePath = "/usr/local/nginx/conf/waf/wafconf/"

绝对路径如有变动，需对应修改

然后重启nginx即可

###配置文件详细说明：

RulePath = "/usr/local/nginx/conf/waf/wafconf/"
--规则存放目录
attacklog = "off"
--是否开启攻击信息记录，需要配置logdir
logdir = "/usr/local/nginx/logs/hack/"
--log存储目录，该目录需要用户自己新建，切需要nginx用户的可写权限
UrlDeny="on"
--是否拦截url访问
Redirect="on"
--是否拦截后重定向
CookieMatch = "on"
--是否拦截cookie攻击
postMatch = "on" 
--是否拦截post攻击
whiteModule = "on" 
--是否开启URL白名单
black_fileExt={"php","jsp"}
--填写不允许上传文件后缀类型
ipWhitelist={"127.0.0.1"}
--ip白名单，多个ip用逗号分隔
ipBlocklist={"1.0.0.1"}
--ip黑名单，多个ip用逗号分隔
CCDeny="on"
--是否开启拦截cc攻击(需要nginx.conf的http段增加lua_shared_dict limit 10m;)
CCrate = "100/60"
--设置cc攻击频率，单位为秒.
--默认1分钟同一个IP只能请求同一个地址100次
html=[[Please go away~~]]
--警告内容,可在中括号内自定义
备注:不要乱动双引号，区分大小写

###检查规则是否生效

部署完毕可以尝试如下命令：

curl http://xxxx/test.php?id=../etc/passwd
返回"Please go away~~"字样，说明规则生效。

注意:默认，本机在白名单不过滤，可自行调整config.lua配置

###效果图如下：

###规则更新：

考虑到正则的缓存问题，动态规则会影响性能，所以暂没用共享内存字典和redis之类东西做动态管理。

规则更新可以把规则文件放置到其他服务器，通过crontab任务定时下载来更新规则，nginx reload即可生效。以保障ngx lua waf的高性能。

只记录过滤日志，不开启过滤，在代码里在check前面加上–注释即可，如果需要过滤，反之

###一些说明：

过滤规则在wafconf下，可根据需求自行调整，每条规则需换行,或者用|分割

    args里面的规则get参数进行过滤的
    url是只在get请求url过滤的规则        
    post是只在post请求过滤的规则        
    whitelist是白名单，里面的url匹配到不做过滤        
    user-agent是对user-agent的过滤规则


默认开启了get和post过滤，需要开启cookie过滤的，编辑waf.lua取消部分--注释即可

日志文件名称格式如下:虚拟主机名_sec.log

GitLab 是一个用于仓库管理系统的开源项目。

集代码托管，测试，部署于一体。
New integration! Koding + GitLab: one-click to build every project, issue, and merge request in a complete IDE!

GitLab CI Runner

Gitlab 代码持续集成插件

1
2
3

openssl genrsa -des3 -out ca.key 1024
openssl rsa -in ca.key -out ca.key
openssl req -new -x509 -key ca.key -out ca.crt -days 999

https://10.88.1.241:20443/
http://10.88.1.241:20080

建立SSL目录,然后拷贝你的证书到SSL目录:

1
2
3
4

# mkdir /etc/gitlab/ssl
# chmod 700 /etc/gitlab/ssl
# cp ca.crt ca.key /etc/gitlab/ssl/
编辑 /etc/gitlab/gitlab.rb 文件,修改成:

1
2
3
4

external_url "https://www.abc.com"
nginx['redirect_http_to_https']=true
nginx['ssl_certificate']="/etc/gitlab/ssl/luck.crt"
nginx['ssl_certificate_key']="/etc/gitlab/ssl/luck.key"

之后使用gitlab-ctlreconfigure重建配置,再修改Nginx配置文件/var/opt/gitlab/nginx/conf/gitlab-http.conf里的默认设置:

listen *:443 default_server;
ssl on;
ssl_certificate /etc/gitlab/ssl/ca.crt;
ssl_certificate_key /etc/gitlab/ssl/ca.key;

接着再创建一个 /var/opt/gitlab/nginx/conf/index.conf文件用来HTTP跳转HTTPS:

server{
listen *:80;
server_name www.abc.com;

rewrite ^(.*)$ https://$host$1;
}
最后修改/var/opt/gitlab/nginx/conf/nginx.conf配置文件,在其中加入以下内容,来载入index.conf:

include/var/opt/gitlab/nginx/conf/index.conf;
include/var/opt/gitlab/nginx/conf/gitlab-http.conf;

SpyNote 能做什么？

SpyNote 实际上是用来创建 Android 恶意程序的工具，最近在不少恶意程序论坛传得特别火。它有一些相当吸引人的特性

• 不需要获取系统的Root权限；
• 对通话进行监听；
• 窃取联系人和信息数据；
• 通过麦克风记录音；
• 恶意拨打电话；
• 安装恶意应用；
• 获取手机的IMEI码、WiFi MAC地址、无线网络运营商细节；
• 获取设备最新的GPS地理位置信息；
• 控制摄像头
  听起来真是不错啊，都不需要 Android 系统做 Root 操作，真这么神？当然了，还是需要手机用户自己给予 SpyNote 这些权限才行，包括编辑短信、访问通话记录、联系人，以及修改、删除SD内容的权限——其实绝大部分用户看到这些权限请求都会毫不犹豫的点“下一步”或“允许”。
  spynote v2

  用Cerbero profiler查看Dalvik字节码

todo

Security list for fun and profit

My initial idea came from this list : http://www.nothink.org/utilities.php

I wanted to update it with my sources, I will probably continue to update and reorganize it in the future.

• Awesome lists
  
• Cheat sheets
  
• Penetration testing / Tools
  
• Exploits and vulnerabilities
  
• CTF
  
• Exercises
  
• Vulnerable environments
  
• Security challenges / WarGames
  
• Books
  
• Bug bounty
  
• Port scanners
  
• Malicious traffic detection
  
• Search engines
  
• Wide Scans
  
• Honeypots
  
• Malware / Botnet sources
  
• Malware analysis - Sandbox
  
• Online malware analysis - Sandbox
  
• Decoder/Packer/Unpacker
  
• Free shell
  
• Domain reputation
  
• Mail utilities
  
• Passwords list
  
• Generic utilities
  
• Defaced websites / Data leak
  
• Forensic - Network
  
• Wireless
  
• VOIP
  
• IP List
  
• VPN
  
• Web browser test
  
• Fingerprint
  
• SSL
  
• Tor resources
  
• Fun
  

Awesome lists :+1:

Cheat sheets :+1:

Penetration testing :wrench:

Exploits and vulnerabilities :door:

CTF :triangular_flag_on_post:

Exercises :mortar_board:

Security challenges / WarGames :triangular_flag_on_post:

Vulnerable environments :unlock:

Books :books:

Bug bounty :chocolate_bar:

Port scanners :dart:

Search engines :satellite:

Malicious traffic detection :vertical_traffic_light:

Wide Scans :earth_americas:

Honeypots :honey_pot:

Malware / Botnet sources :angel:

Malware analysis - Sandbox :mask:

Online malware analysis - Sandbox :mask:

Decoder/Packer/Unpacker :hurtrealbad:

Forensic - Network :mag:

Wireless :signal_strength:

##VOIP :phone:
Name | URL
——————————————- | ———————————————
Penetration test | http://0daysecurity.com/penetration-testing/VoIP-security.html
Penetration test | http://www.backtrack-linux.org/wiki/index.php/Pentesting_VOIP

Free shell :shell:

Domain reputation :chart_with_downwards_trend:

Mail utilities :mailbox_with_mail:

Passwords list :key:

Generic utilities :file_folder:

Will be reorganized

Defaced websites / Data leak :ambulance:

IP List

VPN

Tor resources

Web browser test

Fingerprint

SSL

Fun :trollface:

University of Virginia CS 1501 Lectures

弗吉尼亚大学（University of Virginia） Haskell课程
Introduction to Haskell
University of Virginia CS 1501 Lectures Spring 2013

Haskell 开发相关的几个 docker 镜像

提供一个完整的 Haskell 开发编译环境

• fpco/stack-build (the default) - GHC (patched), tools (stack, cabal-install, happy, alex, etc.), and system developer libraries required to build all Stackage packages.
• fpco/stack-ghcjs-build - Like stack-build, but adds GHCJS.
• fpco/stack-full - Includes all Stackage packages pre-installed in GHC’s global package database. These images are over 10 GB!
• fpco/stack-ghcjs-full - Like stack-full, but adds GHCJS.
• fpco/stack-run - Runtime environment for binaries built with Stackage. Includes system shared libraries required by all Stackage packages. Does not necessarily include all data required for every use (e.g. has texlive-binaries for HaTeX, but does not include LaTeX fonts), as that would be prohibitively large. Based on phusion/baseimage.
  FP Complete also builds custom variants of these images for their clients.

just a test

Welcome to Hexo! This is your very first post. Check documentation for more info. If you get any problems when using Hexo, you can find the answer in troubleshooting or you can ask me on GitHub.

Quick Start

Create a new post

1

$ hexo new "My New Post"

More info: Writing

Run server

1

$ hexo server

More info: Server

Generate static files

1

$ hexo generate

More info: Generating

Deploy to remote sites

1

$ hexo deploy

More info: Deployment