Skip to content

Instantly share code, notes, and snippets.

View timmc's full-sized avatar

Tim McCormack timmc

View GitHub Profile
@timmc
timmc / gist:cbf503895f08dc39f3bc471aaa5e068a
Last active December 22, 2022 12:36
Code review checklist
View gist:cbf503895f08dc39f3bc471aaa5e068a
Have the following been addressed in the branch, if appropriate?
- Tests (unit, API, integration)
- Docs (both in source and in docs directory, and in public docs if separate)
- Changelog
- Compatibility with previous versions (calls, shared files or DBs, data formats -- backward and forward compatibility)
- Rollback friendly?
- Feature switches?
@timmc
timmc / gist:c0e340a3b339fda71070
Created June 15, 2015 19:51
LastPass support doesn't believe their site can be compromised
View gist:c0e340a3b339fda71070
2014-04-09 14:56 [You]
I would like more information on how the Online Vault is able to manage and expose passwords. Specifically, when I click the "reveal password" icon, is that password text actually present in the page context? If so, I have some security concerns.
My *guess* is that when I am logged into my LastPass extension, it recognizes the Online Vault as the trusted site and responds to requests for data. (I hope it does not simply transmit the master password or any derivative of it down to the page!)
My concern is that under an attack scenario where an attacker can inject javascript into the Online Vault page (via cross-frame vulnerabilities, SSL tampering, etc.) they can request decryptions and then exfiltrate that data. Note that this could all happen without user interaction, e.g. in a hidden iframe on an attack site.
If my assumptions above are true, I would like to see an option that prevents the extension from communicating descrypted sensitive information to lastpass.com.
@timmc
timmc / ramdisk-target.sh
Last active October 12, 2017 19:39
Mount a ramdisk over target
View ramdisk-target.sh
#!/bin/bash
# Overwrite ./target with a tmpfs ramdisk. Prompts for sudo.
function usage() {
echo 'Usage: `ramdisk-target.sh recreate|restore`'
}
if [ ! -f "project.clj" ]; then
echo "Not in Clojure project."
exit 2
@timmc
timmc / debug-compilation.sh
Last active September 7, 2016 18:20
debug-compilation.sh: Emit progress to stdout as your Clojure compiles.
View debug-compilation.sh
#!/bin/bash
# Munge your codebase to add :verbose on all :require and :use forms and insert printlns in front of defns.
# $1: Path to directory you want to munge files in (recursively).
# WARNING: There is not an easy way to reverse this script, so commit your work beforehand
# and undo the munging with `git reset --hard HEAD` or similar.
find "$1" -name '*.clj' -exec sed -i 's/\((defn\? \([a-z0-9<>_*+-]\+\)\)/(println "var \2")\n\1/' '{}' \;
find "$1" -name '*.clj' -exec sed -i 's/:\(require\|use\) /:\1 :verbose /' '{}' \;
@grkvlt
grkvlt / jmxrmi.md
Created June 13, 2013 19:02
JMX and RMI
View jmxrmi.md

Java Management Extensions

I think it is worthwhile providing some information about JMX, since it is very heavily used by all of our Java based entities in Brooklyn. JMX uses the RMI protocol to communicate, this is called JRMP and is implemented by the javax.management.remote.rmi.RMIConnector in the JVM.

Protocol Annoyances

There are a couple of problems with the RMI protocol as used by default in JMX.

  1. It sends the remote address as data inside its protocol messages, causing problems for machines behind NAT or using split DNS.
  2. The random port allocation for RMI means incorrect firewall configurations are generated.
@timmc
timmc / rest.swear.clj
Last active December 15, 2016 15:24
rest in curje [now called swearjure]
View rest.swear.clj
;; An exercise in writing #'rest without [0-9a-zA-Z], by Tim McCormack
;; Note that the input must be a vector, although the code could easily be
;; modified to vector-ify any input coll.
;; Let's take this a step at a time...
(#(((% 1) :main) %) ;; call the main method with the input and fns
[[0 1 2 3 4 5] ;; the input is hardcoded here
;; fns are accessed by static indices into the fn table
{:main #(if (= (% 0) [])
@timmc
timmc / fact.swear.clj
Last active July 5, 2022 13:34
Factorial in Clojure without using alphanumeric characters
View fact.swear.clj
;; It all started here: http://clojure-log.n01se.net/date/2011-04-06.html#19:04
(#((% (+(*))) %) ;; call arg 1 with all args
[;; data
(+ (*)(*)(*)(*)(*)(*)(*))
;; main fn -- simulate 'if' with map lookup and closures
#(({(+) (% (+(*)(*)))} ;; if zero return 'then' clause
(% (+)) ;; dispatch on first arg
(% (+(*)(*)(*)))) ;; call 'else' clause (n not found in map)
%)
@gfredericks
gfredericks / defbean.clj
Created November 9, 2011 20:15
def bean impl
View defbean.clj
(defmacro defbean
[class-name
field-names
& interface-specs]
(let [sym-base (str (gensym)),
prefix-sym #(->> % name (str sym-base) symbol),
setter-name
(fn [field-name]
(->> field-name name inf/capitalize (str sym-base "set") symbol)),
setters