timmc

(defn- ^File path-cat
  "Concatenate a path onto a file, with the same semantics as 'file."
  [f p]
  {:pre [f, p], :post [(cast File %)]}
  (let [f2 (io/file p)]
    (if (.isAbsolute f2) (io/file p) (io/file f p))))

(defn ^File file
  "Concatenate one or more paths. Absolute paths overrule all previous paths.
Concatenating a/b/c with /d/e/f results in /d/e/f."

timmc

Keybase proof

I hereby claim:

• I am timmc on github.
• I am timmc (https://keybase.io/timmc) on keybase.
• I have a public key whose fingerprint is C669 006E D008 22BA 968F 799D 5503 5417 3BBF 4E12

To claim this, I am signing this object:

timmc

(defn bucket-nums
  [width start xs]
  (loop [buckets []
         stream xs 
         threshold (+ start width)]
    (if (empty? stream)
      buckets
      (let [[under beyond] (split-with #(< % threshold) stream)]
        (recur (conj buckets under)
               beyond

timmc

import java.net.*;
import java.io.*;
import java.util.*;
import java.util.regex.*;

/**
 * Keep named hosts' ports at the top of the list (to prevent falling off the end) and update their internal IP.
 */
public class StaticPorts
{

timmc

(defonce timer (atom nil))

(defn start-timer
  []
  (swap! timer
   (fn starter [old]
     (when old (.cancel old))
     (let [period (* 300 1000)]
       (doto (Timer. "updater" true)
         (.schedule

timmc

user=> (use 'org.timmc.handy.repl)
nil
user=> (show java.util.Date)
Date
Bases: (Object Serializable Cloneable Comparable)
Fields:
Constructors:
 pub : 
 pub : long
 pub : int, int, int, int, int

timmc

;;; This fails in the repl of a project that is AOT-compiled. Not sure why.

;;; You can check for both the source and the compiled version of a namespace.
;;; Remember to munge the namespace -- foo.b-ar becomes foo/b_ar.

(.getResource (class #()) "clojure/core.clj")
;; #<URL jar:file:/home/timmc/.m2/repository/org/clojure/clojure/1.6.0/clojure-1.6.0.jar!/clojure/core.clj>
(.getResource (class #()) "clojure/core__init.class")
;; #<URL jar:file:/home/timmc/.m2/repository/org/clojure/clojure/1.6.0/clojure-1.6.0.jar!/clojure/core__init.class>

timmc

2014-04-09 14:56 [You]

I would like more information on how the Online Vault is able to manage and expose passwords. Specifically, when I click the "reveal password" icon, is that password text actually present in the page context? If so, I have some security concerns.

My *guess* is that when I am logged into my LastPass extension, it recognizes the Online Vault as the trusted site and responds to requests for data. (I hope it does not simply transmit the master password or any derivative of it down to the page!)

My concern is that under an attack scenario where an attacker can inject javascript into the Online Vault page (via cross-frame vulnerabilities, SSL tampering, etc.) they can request decryptions and then exfiltrate that data. Note that this could all happen without user interaction, e.g. in a hidden iframe on an attack site.

If my assumptions above are true, I would like to see an option that prevents the extension from communicating descrypted sensitive information to lastpass.com.

timmc

(ns sdfunc.cli-shell
  "AOT barrier for sdfunc.cli."
  (:gen-class))

(defn -main
  "Chain to sdfunc.cli/main."
  [& args]
  (apply (ns-resolve (doto 'sdfunc.cli (require)) 'main) args))

timmc

(defn find-files
  [^java.io.File f re]
  (cond
    (and (.isFile f) (re-matches re (.getName f)))
      [f]
    (.isDirectory f)
      (apply concat (map find-all-clj (.listFiles f)))
    :else
      []))