Skip to content

Instantly share code, notes, and snippets.

View timmc's full-sized avatar

Tim McCormack timmc

View GitHub Profile
timmc /
Last active March 12, 2024 12:24
cannot borrow `stream` as mutable, as it is not declared as mutable
fn outer(data: &mut Vec<u32>) { // unexpected error on this line
inner(&mut data);
inner(&mut data);
fn inner(data: &mut Vec<u32>) {}
// error[E0596]: cannot borrow `data` as mutable, as it is not declared as mutable
// --> src/
// |
timmc /
Last active January 19, 2024 23:56
Checking Pwned Passwords manually
# Get the SHA-1 hash of your password. Here, we use `cat` to enter it securely
# so that it doesn't end up in shell history. (Type the password, then Enter,
# then ctrl-D to finish.)
$ cat | tr -d '\n' | sha1sum
f3bbbd66a63d4bf1747940578ec3d0103530e21d -
# Split the hash digest into the first 5 and last 35 characters. You'll query
# the Pwned Passwords API for the prefix, then check if the suffix is in the
timmc / split
Last active November 16, 2022 03:23
Get HTTP status code and body in separate variables using curl
all_output="$(curl -isS"
status=$(echo "$all_output" | grep -Po '\s[0-9]{3}\s' | head -n1 | tr -dc 0-9)
echo "Status is [$status]"
body="$(echo "$all_output" | sed -ne $'/^\r$/,$p' | tail -n+2)"
echo "Body is [$body]"
timmc /
Last active April 30, 2022 17:47
Delete all Twitter posts and faves without a developer key
  • Request archive, wait for them to generate it, download it
  • Open Network Tab
  • Delete a tweet
  • Find a POST to DeleteTweet
  • "Copy as curl"
  • Save to file and mark as executable
  • Add -sS -o /dev/null -w '%{http_code}\n' to the end
  • Replace the tweet ID (just the numbers) with '$1'

Run this:

timmc /
Last active April 6, 2022 13:54
Avvo reverse attempts
Attempt to reverse-engineer's hash algorithm,
given a leaked record and a known password.
Sample for validation of hash checker:
$ cat ~/tmp/ram/sample-record.txt
$ cat ~/tmp/ram/sample-password.txt
timmc / simantle.js
Last active February 22, 2022 23:02
var ants = [
'<span style="filter: brightness(0%) saturate(0%)">🐜</span>', // black
'<span style="filter: brightness(220%) saturate(600%) hue-rotate(150deg)">🐜</span>', // red
'<span style="filter: brightness(470%) saturate(1000%) hue-rotate(244deg)">🐜</span>', // yellow
function one_ant() {
return ants[Math.floor(Math.random() * 2.2)]; // small chance of yellow
#!/usr/bin/env bash
set -eu -o pipefail
case "$1" in
curl -sS > "$data_path"
var letters = [...document.getElementsByTagName('table')[0].textContent];
var emoji = {'wrong':'❌', 'inexact':'💛', 'exact':'💚'};
var cellClass = 'absurdle__guess-box';
function getEmoji(node) {
var cl = [...node.classList].filter(e => e.startsWith(cellClass + '--'))[0];
return emoji[cl.replace(cellClass + '--', '')];
var icons = [...document.querySelectorAll('td.' + cellClass)].map(getEmoji);
var out = "";
while (letters.length > 0) {

borg history

New command borg history --manifest will list out all segment entries that are PUTs of an all-zeroes key, along with their decrypted values.

If a repo has been maintained strictly in an append-only manner, and no deletions attempted by an adversary with append-only access, then this will provide a listing of all archives that were ever created. If such an adversary attempts to delete an archive, they'll have to add a

timmc / essentially.clj
Last active June 23, 2020 15:25
(defmacro essentially
"Like letfn, but with the bindings at the end. Connotes that the
bindings are not important for the core logic, just for logging,
metrics, debugging etc. Recommend using footnote-looking bindings such
as *0, *1, *2 or even Unicode daggers if you are super-brave.
This is like Haskell's `where`. Thanks to amalloy for the pointer; no
blame attaches to him, though."
[& args]
`(letfn ~(last args)
~@(butlast args)))