Skip to content

Instantly share code, notes, and snippets.

Tim McCormack timmc

Block or report user

Report or block timmc

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View gist:cbf503895f08dc39f3bc471aaa5e068a
Have the following been addressed in the branch, if appropriate?
- Tests (unit, API, integration)
- Docs (both in source and in docs directory, and in public docs if separate)
- Changelog
- Compatibility with previous versions (calls, shared files or DBs, data formats -- backward and forward compatibility)
- Rollback friendly?
- Feature switches?
@timmc
timmc / gist:c0e340a3b339fda71070
Created Jun 15, 2015
LastPass support doesn't believe their site can be compromised
View gist:c0e340a3b339fda71070
2014-04-09 14:56 [You]
I would like more information on how the Online Vault is able to manage and expose passwords. Specifically, when I click the "reveal password" icon, is that password text actually present in the page context? If so, I have some security concerns.
My *guess* is that when I am logged into my LastPass extension, it recognizes the Online Vault as the trusted site and responds to requests for data. (I hope it does not simply transmit the master password or any derivative of it down to the page!)
My concern is that under an attack scenario where an attacker can inject javascript into the Online Vault page (via cross-frame vulnerabilities, SSL tampering, etc.) they can request decryptions and then exfiltrate that data. Note that this could all happen without user interaction, e.g. in a hidden iframe on an attack site.
If my assumptions above are true, I would like to see an option that prevents the extension from communicating descrypted sensitive information to lastpass.com.
@timmc
timmc / ramdisk-target.sh
Last active Oct 12, 2017
Mount a ramdisk over target
View ramdisk-target.sh
#!/bin/bash
# Overwrite ./target with a tmpfs ramdisk. Prompts for sudo.
function usage() {
echo 'Usage: `ramdisk-target.sh recreate|restore`'
}
if [ ! -f "project.clj" ]; then
echo "Not in Clojure project."
exit 2
@timmc
timmc / debug-compilation.sh
Last active Sep 7, 2016
debug-compilation.sh: Emit progress to stdout as your Clojure compiles.
View debug-compilation.sh
#!/bin/bash
# Munge your codebase to add :verbose on all :require and :use forms and insert printlns in front of defns.
# $1: Path to directory you want to munge files in (recursively).
# WARNING: There is not an easy way to reverse this script, so commit your work beforehand
# and undo the munging with `git reset --hard HEAD` or similar.
find "$1" -name '*.clj' -exec sed -i 's/\((defn\? \([a-z0-9<>_*+-]\+\)\)/(println "var \2")\n\1/' '{}' \;
find "$1" -name '*.clj' -exec sed -i 's/:\(require\|use\) /:\1 :verbose /' '{}' \;
View jmxrmi.md

Java Management Extensions

I think it is worthwhile providing some information about JMX, since it is very heavily used by all of our Java based entities in Brooklyn. JMX uses the RMI protocol to communicate, this is called JRMP and is implemented by the javax.management.remote.rmi.RMIConnector in the JVM.

Protocol Annoyances

There are a couple of problems with the RMI protocol as used by default in JMX.

  1. It sends the remote address as data inside its protocol messages, causing problems for machines behind NAT or using split DNS.
  2. The random port allocation for RMI means incorrect firewall configurations are generated.
@timmc
timmc / rest.swear.clj
Last active Dec 15, 2016
rest in curje [now called swearjure]
View rest.swear.clj
;; An exercise in writing #'rest without [0-9a-zA-Z], by Tim McCormack
;; Note that the input must be a vector, although the code could easily be
;; modified to vector-ify any input coll.
;; Let's take this a step at a time...
(#(((% 1) :main) %) ;; call the main method with the input and fns
[[0 1 2 3 4 5] ;; the input is hardcoded here
;; fns are accessed by static indices into the fn table
{:main #(if (= (% 0) [])
@timmc
timmc / fact.swear.clj
Last active Dec 5, 2017
Factorial in Clojure without using alphanumeric characters
View fact.swear.clj
;; It all started here: http://clojure-log.n01se.net/date/2011-04-06.html#19:04
(#((% (+(*))) %) ;; call arg 1 with all args
[;; data
(+ (*)(*)(*)(*)(*)(*)(*))
;; main fn -- simulate 'if' with map lookup and closures
#(({(+) (% (+(*)(*)))} ;; if zero return 'then' clause
(% (+)) ;; dispatch on first arg
(% (+(*)(*)(*)))) ;; call 'else' clause (n not found in map)
%)
View defbean.clj
(defmacro defbean
[class-name
field-names
& interface-specs]
(let [sym-base (str (gensym)),
prefix-sym #(->> % name (str sym-base) symbol),
setter-name
(fn [field-name]
(->> field-name name inf/capitalize (str sym-base "set") symbol)),
setters
You can’t perform that action at this time.