Skip to content

Instantly share code, notes, and snippets.

View timmc's full-sized avatar

Tim McCormack timmc

View GitHub Profile

Port-forwarding JMX

Proof of concept:

  • Terminal 1:
    • SSH to remote host
    • Start a Java process with JMX registry port 50004, RMI callback port 50005, and RMI hostname pinned to localhost: java -Dcom.sun.management.jmxremote.port=50004 -Dcom.sun.management.jmxremote.rmi.port=50005 -Djava.rmi.server.hostname=localhost -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -cp /some/jar/file main.class
  • Terminal 2:
@timmc
timmc / double-mut-borrow.rs
Last active March 12, 2024 12:24
cannot borrow `stream` as mutable, as it is not declared as mutable
fn outer(data: &mut Vec<u32>) { // unexpected error on this line
inner(&mut data);
inner(&mut data);
}
fn inner(data: &mut Vec<u32>) {}
// error[E0596]: cannot borrow `data` as mutable, as it is not declared as mutable
// --> src/example.rs:1:10
// |
@timmc
timmc / pwned-passwords.sh
Last active January 19, 2024 23:56
Checking Pwned Passwords manually
# Get the SHA-1 hash of your password. Here, we use `cat` to enter it securely
# so that it doesn't end up in shell history. (Type the password, then Enter,
# then ctrl-D to finish.)
$ cat | tr -d '\n' | sha1sum
hunter2
f3bbbd66a63d4bf1747940578ec3d0103530e21d -
# Split the hash digest into the first 5 and last 35 characters. You'll query
# the Pwned Passwords API for the prefix, then check if the suffix is in the
@timmc
timmc / Deleting reddit comments.js
Last active June 16, 2023 18:20
Script to delete all reddit comments on the *current page* when viewing own comment history. Quick and dirty approach if you don't have more than a few hundred comments.
function deleteAllOnPage(comments, index) {
var id = comments[index]
if (!id) return
console.debug('wiping ' + id)
$.ajax({
type: 'POST',
url: '/api/editusertext',
data: {
thing_id: id,
@timmc
timmc / pwned-passwords-sqlite-build.py
Last active March 29, 2023 15:51
Building a sqlite DB for the Pwned Passwords data
#!/usr/bin/env python3
# Build a SQLite3 DB for looking up SHA-1 hashes of leaked passwords.
#
# This can be fed the txt file from one of Have I Been Pwned's hash
# lists available from https://haveibeenpwned.com/Passwords -- but any
# text file with line format ``hash-hex:count`` will work.
#
# When run on the v5 hash-ordered SHA-1 file, expect the build to take
# about 35 minutes and produce a 15.7 GiB file (~30.5 bytes per record).
#
@timmc
timmc / gist:cbf503895f08dc39f3bc471aaa5e068a
Last active December 22, 2022 12:36
Code review checklist
Have the following been addressed in the branch, if appropriate?
- Tests (unit, API, integration)
- Docs (both in source and in docs directory, and in public docs if separate)
- Changelog
- Compatibility with previous versions (calls, shared files or DBs, data formats -- backward and forward compatibility)
- Rollback friendly?
- Feature switches?
@timmc
timmc / split headers.sh
Last active November 16, 2022 03:23
Get HTTP status code and body in separate variables using curl
#!/bin/bash
all_output="$(curl -isS https://www.spidersge.org/)"
status=$(echo "$all_output" | grep -Po '\s[0-9]{3}\s' | head -n1 | tr -dc 0-9)
echo "Status is [$status]"
body="$(echo "$all_output" | sed -ne $'/^\r$/,$p' | tail -n+2)"
echo "Body is [$body]"
@timmc
timmc / five.log
Created March 13, 2017 21:45
(= 5 2)
freenode/#clojure on 2014-04-21:
amalloy sets 5 to be 2 using reflection, probably in PM with clojurebot:
(let [field (nth (.getDeclaredFields Long) 3)] (.setAccessible field true) (.set field 5 2))
19:10 < amalloy> justin_smith: i think ''lovecraft should contain (alter-var-root #'defmacro (constantly (fn [& args] `(quote ~(rand-nth '#{various lovecraftian horrors|)))))
19:11 < justin_smith> ouch
19:11 < amalloy> or something like it, anyawy
19:11 < justin_smith> yeah
@timmc
timmc / fact.swear.clj
Last active July 5, 2022 13:34
Factorial in Clojure without using alphanumeric characters
;; It all started here: http://clojure-log.n01se.net/date/2011-04-06.html#19:04
(#((% (+(*))) %) ;; call arg 1 with all args
[;; data
(+ (*)(*)(*)(*)(*)(*)(*))
;; main fn -- simulate 'if' with map lookup and closures
#(({(+) (% (+(*)(*)))} ;; if zero return 'then' clause
(% (+)) ;; dispatch on first arg
(% (+(*)(*)(*)))) ;; call 'else' clause (n not found in map)
%)
@timmc
timmc / delete-tweets.md
Last active April 30, 2022 17:47
Delete all Twitter posts and faves without a developer key
  • Request archive, wait for them to generate it, download it
  • Open Network Tab
  • Delete a tweet
  • Find a POST to DeleteTweet
  • "Copy as curl"
  • Save to file deltw.sh and mark as executable
  • Add -sS -o /dev/null -w '%{http_code}\n' to the end
  • Replace the tweet ID (just the numbers) with '$1'

Run this: