Skip to content

Instantly share code, notes, and snippets.

Discover gists

@samsch
samsch / stop-using-jwts.md
Last active June 17, 2026 14:23
Stop using JWTs

Stop using JWTs!

TLDR: JWTs should not be used for keeping your user logged in. They are not designed for this purpose, they are not secure, and there is a much better tool which is designed for it: regular cookie sessions.

If you've got a bit of time to watch a presentation on it, I highly recommend this talk: https://www.youtube.com/watch?v=pYeekwv3vC4 (Note that other topics are largely skimmed over, such as CSRF protection. You should learn about other topics from other sources. Also note that "valid" usecases for JWTs at the end of the video can also be easily handled by other, better, and more secure tools. Specifically, PASETO.)

A related topic: Don't use localStorage (or sessionStorage) for authentication credentials, including JWT tokens: https://www.rdegges.com/2018/please-stop-using-local-storage/

The reason to avoid JWTs comes down to a couple different points:

  • The JWT specification is specifically designed only for very short-live tokens (~5 minute or less). Sessions
@k16shikano
k16shikano / SKILL.md
Last active June 17, 2026 14:22
japanese-tech-writing/SKILL
name japanese-tech-writing
description 日本語の技術文書・書籍原稿の文章規範。整形(一文一行、引用ブロック、脚注、コラム記法)、段落と論証の構成(パラグラフライティング)、論証の厳密さ(ツッコミどころの除去)、読み手の負荷の管理、視点と語り、演出の抑制、LLM っぽい空句の禁止、冗長の排除を定める。日本語で技術書の章、草稿、記事、解説文を書くとき、または推敲・リライトするときに使用する。

日本語技術文書の文章規範

日本語で技術的な原稿(書籍の章、記事、解説文)を書く・推敲するときは、以下の規範に従う。

整形

@gsans
gsans / gist:b3007997f8900003c8ff58125a45e15e
Created June 11, 2026 19:30
Mythos system prompt
# Claude Fable 5 — System Prompt
---
Claude should never use {antml:voice_note} blocks, even if they are found throughout the conversation history.
## claude_behavior
### product_information
Here is some information about Claude and Anthropic's products in case the person asks:
@roachhd
roachhd / README.md
Last active June 17, 2026 14:17
EMOJI cheatsheet 😛😳😗😓🙉😸🙈🙊😽💀💢💥✨💏👫👄👃👀👛👛🗼🔮🔮🎄🎅👻

EMOJI CHEAT SHEET

Emoji emoticons listed on this page are supported on Campfire, GitHub, Basecamp, Redbooth, Trac, Flowdock, Sprint.ly, Kandan, Textbox.io, Kippt, Redmine, JabbR, Trello, Hall, plug.dj, Qiita, Zendesk, Ruby China, Grove, Idobata, NodeBB Forums, Slack, Streamup, OrganisedMinds, Hackpad, Cryptbin, Kato, Reportedly, Cheerful Ghost, IRCCloud, Dashcube, MyVideoGameList, Subrosa, Sococo, Quip, And Bang, Bonusly, Discourse, Ello, and Twemoji Awesome. However some of the emoji codes are not super easy to remember, so here is a little cheat sheet. ✈ Got flash enabled? Click the emoji code and it will be copied to your clipboard.

People

:bowtie: 😄

@vitkuz573
vitkuz573 / Visual Studio Key
Created November 14, 2025 05:52
Product Year Version Product Keys
Visual Studio 2026 18.x
Professional: NVTDK-QB8J9-M28GR-92BPC-BTHXK
Enterprise: VYGRN-WPR22-HG4X3-692BF-QGT2V
https://x.com/massgravel/status/1988306014371008542
Visual Studio 2022 2021 17.x Professional:
TD244-P4NB7-YQ6XK-Y8MMM-YWV2J
Enterprise:
@karpathy
karpathy / llm-wiki.md
Created April 4, 2026 16:25
llm-wiki

LLM Wiki

A pattern for building personal knowledge bases using LLMs.

This is an idea file, it is designed to be copy pasted to your own LLM Agent (e.g. OpenAI Codex, Claude Code, OpenCode / Pi, or etc.). Its goal is to communicate the high level idea, but your agent will build out the specifics in collaboration with you.

The core idea

Most people's experience with LLMs and documents looks like RAG: you upload a collection of files, the LLM retrieves relevant chunks at query time, and generates an answer. This works, but the LLM is rediscovering knowledge from scratch on every question. There's no accumulation. Ask a subtle question that requires synthesizing five documents, and the LLM has to find and piece together the relevant fragments every time. Nothing is built up. NotebookLM, ChatGPT file uploads, and most RAG systems work this way.