Skip to content

Instantly share code, notes, and snippets.


Tim Ruffles timruffles

View GitHub Profile
timruffles /
Last active Nov 21, 2020
Chrome/Gmail attack received 11/03/2016. Not sure if the Chrome meta refresh + data:text,html technique is novel.

The following attack will display a "you've been signed out" page for GMail, and attempt to steal your account credentials.


I received an email in my GMail inbox with a fake attachment image, styled to look like the real GMail attachment UI:


This linked to a page that ended up displaying a fake "you've been signed out" link, via the data:text/html... URL feature of Chrome:

timruffles /
Last active Jul 22, 2020
Next.js page request handling

How Next.js responds to a page request with HTML

We create the next request handler function via app.getRequestHandler(). This returns a standard express handler, so we use it like expressApp.get('*', middlewareA(), middlewareB(), nextApp.getRequestHandler()).

When the handler is invoked:

  • Server#handleRequest (next-server/server/lib/next-server.js)
    • Parses URL + query string if not already done
  • Server#run
    • Searches for matching route
timruffles /
Created Jun 12, 2020
A bash script that counts go function and method lines of code (including whitespace and comments)
# Usage: bash some/directory
set -euo pipefail
main() {
for f in $(find $1 -name '*.go' -not -name 'test_*.go'); do
count_funcs < "$f" | awk "{ print \"$f\", \$1, \$2 }"
timruffles /
Last active Jun 11, 2020
Approaches to dependency-injection/dynamic dispatch in elixir

In many production systems you'll want to have one module capable of talking to many potential implementations of a collaborator module (e.g a in memory cache, a redis-based cache etc). While testing it's useful to control which module the module under test is talking to.

Here are the approaches I can see. The two points that seem to divide the approaches are their tool-ability (dialyzer) and their ability to handle stateful implementations (which need a pid).

Passing modules

Modules are first class, so you can pass them in. Used in EEx, where passed module must implement a behaviour.

timruffles / google-sheets-formula.vb
Last active Jun 2, 2020
google sheets - uk stamp duty calculator, new rate (2015)
View google-sheets-formula.vb
// put this into a cell and then name a range 'housePrice'
=MIN(MAX(0,housePrice-250000),250000-125000)*0.02 + MIN(MAX(0,housePrice - 250000), 925000-250000) * 0.05 + MIN(MAX(0,housePrice - 9250000), 1500000-925000) * 0.1
timruffles / snake_camel_camel_snake.js
Last active May 21, 2020
snake to camel & visa-versa for JS
View snake_camel_camel_snake.js
(function() {
var _e = {};
_e.isPlainObject = function(obj) {
return obj && obj.constructor === Object;
_e.camelToSnakeCase = function(string) {
return string.replace(/\B[A-Z]/g,function(word) {
return "_" + word.toLowerCase();
timruffles /
Last active Apr 17, 2020
fix for tmux not starting up due to permissions issues

If you try to run tmux and get:

$ tmux
create session failed: : No such file or directory
$ strace -f -e trace=file tmux
[pid 15852] open("/dev/ptyp0", O_RDWR)  = -1 EACCES (Permission denied)

You don't have perms for the pseudoterminals. Add your user to the tty group

timruffles / go-quiz.go
Last active Aug 19, 2019
What does this program output, and why? Reason it out gophers! Answers in a spoiler block -
View go-quiz.go
package main
import "fmt"
func main() {
type person struct {
nickname string
ppl := []person{
timruffles /
Created Jul 11, 2019
A bad way to generate a random init in a range using only bash built-ins. Useful in a pinch when you aren't sure what external programs are available.
# Gets an int between min max inclusive very inefficiently, but
# only using bash built-ins. More inefficient the smaller the gap
# usage: n=$( bad_random_int 1000 2000 )
bad_random_int() {
local min=$1
local max=$2
local n=0
while [[ "$n" -lt "$min" ]] || [[ "$n" -gt "$max" ]]; do
View deps.js
function Container() { =,this);
this._deps = {};
Container.prototype = {
get: function(dep) {
return this._deps[dep];
put: function(name,thing) {
if(typeof name === "object") {
You can’t perform that action at this time.