Skip to content

Instantly share code, notes, and snippets.

View n8henrie's full-sized avatar

Nathan Henrie n8henrie

91 followers · 15 following
View GitHub Profile
@n8henrie
n8henrie / readme.md
Created December 21, 2025 15:50 — forked from singe/readme.md
Quick 'n Dirty seatbelt/sandbox

macOS Seatbelt/Sandbox Trace Script

macOS sandbox profiles used to be able to include a trace command that would write all the denied operations to a sandbox profile, allowing a profile to be iterativley built up. Apple removed that functionality for reasons explained below.

trace.sh examines the kernel log for the denied operations and creates the relevant allow rules in a sandbox profile, just like the sandbox profile trace command used to.

shrink.sh tries to reduce a sandbox profile to the minimum lines necessary.

It's very rough and ready at the moment (check the sed regex'es in the script to see what I mean) and needs more testing with a wider set of use cases.

@n8henrie
n8henrie / .gitignore
Last active April 20, 2025 18:11
/*.json
@n8henrie
n8henrie / exportPlaylists.js
Created March 27, 2025 13:10
Export playlists from Music.app to all available formats
#!/usr/bin/osascript -l JavaScript
'use strict'
ObjC.import("Foundation")
const environment = $.NSProcessInfo.processInfo.environment.js
const DEST = Path(environment.HOME.js + "/Music")
function run(_) {
let music = Application("Music")
@n8henrie
n8henrie / exportSshPassphrases.js
Created February 17, 2025 23:37
JXA script to export SSH passphrases saved in macOS's Keychain Access
#!/usr/bin/osascript -l JavaScript
// 1. Open Keychain Access.app
// 2. Filter by `SSH:`
// 3. Set pw and outfile in this script
// 4. Run
// 5. Transfer the file to the new device
// 5. Use the sloppy script below to then read that file and add to Keychain Access on the new device
/*
@n8henrie
n8henrie / fix_joplin_md_links.py
Created January 10, 2025 18:36
@n8henrie
n8henrie / iphone_cannot_be_played.js
Last active October 17, 2023 22:50
Automatically click "ok" on the dozens of error notifications I get when syncing with MacOS
#!/usr/bin/osascript -l JavaScript
function click_ok() {
const sys = Application('System Events')
const finder = sys.processes["Finder"]
try {
let sheets = finder.windows.whose({name: "NatePhone"}).sheets().flat()
let message = "cannot be played on this iPhone."
let error_sheet = sheets.filter(sheet => {
@n8henrie
n8henrie / nix-darwin-linux-builder-example.nix
Created September 25, 2023 21:33
How to use darwin-builder to build linux nix packages on darwin
{
description = "Example use of nixpkgs#darwin-builder";
# First, read through https://github.com/NixOS/nixpkgs/blob/master/doc/builders/special/darwin-builder.section.md#sec-darwin-builder-example-flake
# and add yourself to `extra-trusted-users`, verify with `nix show-config | grep -i trusted-users`
#
# Copy this flake somewhere and run:
#
# ```console
# $ nix build --builders '' .#packages.aarch64-darwin.default
@n8henrie
n8henrie / pbcopy
Created September 13, 2023 18:35
pbopy: copy over ssh to a MacOS host's clipboard
#!/bin/bash
set -Eeuf -o pipefail
readonly SSH_PORT=1234
readonly USERNAME=me
readonly SSH_KEY=/home/"${USERNAME}"/.ssh/my_key_id_rsa
readonly DEST=my_machine_name
main() {
@n8henrie
n8henrie / activate_browser.js
Last active March 15, 2023 19:55
#!/usr/bin/osascript -l JavaScript
'use strict'
const Safari = Application("Safari")
const Chrome = Application("Google Chrome")
const Brave = Application("Brave Browser")
const SystemEvents = Application("System Events")
const Firefox = Application("firefox")
const DefaultBrowser = Firefox
@n8henrie
n8henrie / search_bad_logins.py
Last active December 27, 2025 05:35
#!/usr/bin/env python3
"""
search_bad_logins.py :: Compares a LastPass export to your Bitwarden vault.
Python >=3.10, no third party Python libraries / dependencies.
Outputs BW logins that may have been compromised in the recent LastPass hack
based on matching domain and password.
It would probably make sense to cast an even wider net by using something like