A blog about tech, programming, security, and various other subjects.



To curl|bash or not to curl|bash  Tags: software, security.
People have a lot to say about how terrible piping from curl to bash is. These are the reasons people give:

1. It executes arbitrary code on your system!

I'm sure these people never ran a .exe file in their life.

2. The download could cut off mid-file and turn "rm /opt/something" into "rm /opt"!

Valid point! This is why we commonly wrap the installer as a big function, and call it in the end. If you care, you can even inspect the source to see if it does this, and if the software is on Github or something (curl|bash-using software usually is) or has nice developers, you can just let them know or send a pull request.

3. The code is not signed! If it was from the repositories, it would be signed.
Local File Inclusion by one misplaced character  Tags: security, websites.
"Uh-oh," I thought, as a good friend alerted me to a local file inclusion vulnerability in a site that I recently made. It's still in beta, not public yet, but still. How could this happen? I wrote code to prevent this!

The site has a ?page=mypage parameter that you could modify into anything, and it would just include the page instead of restricting it to existing and allowed pages. An absolute beginner's mistake, and I had thought of it, and secured it. Just not tested it.

I went to look at the code.

if (in_array($_GET['page'], array('about', 'contact', true))) {

    require($_GET['page'] . '.php');
}
Can you spot the error?
From a Nokia to a Note and back again: experiences  Tags: hardware, keyboards, computers.
About 22 months ago I got my first touchscreen phone and my first Android. I was pretty excited about this Galaxy Note II and it fully lived up to my expectations. Last week it broke down.

I'm back to my good old Nokia E75. Officially called a smartphone, it runs Symbian which is as powerful as your average shoebox. It has a numeric keyboard and a slide-qwerty, which means that you can touch-type and blindly navigate even inside your pocket. It is so small it actually fits in the palm of
Self-driving cars  Tags: randomthought, other, real life.
How much would you pay for a self-driving car? I'll let you think about that for a minute. Myself, I'd pay about all the money I could spend on it. The idea fascinates me and it really seems like an awesome future.

Not only will self-driving cars get you from A to B without having to drive, it will also prevent about a million deaths every year due to car crashes. It will likely solve all our traffic jam problems. It will make traveling by car faster because we no longer need speed limits for our slow human reflexes.
SSH tips (and GNU screen)  Tags: tutorials, software, networking.
Just a quick blogpost about some things for ssh that make my life easier. No more password typing, hostname, user and port remembering, or even losing your session when a connection drops. The latter didn't seem easy to find and I had to piece some things together, but I'll explain how to use ssh with gnu screen from step three onwards.

One

Configure an ssh host config if you haven't already. This is not necessary, but boy does it make things easier. Do you want to remember that you're supposed to connect as user vhost89103 to ssh.pcextreme.nl, as user oa to the gameserver on port 222, as user ...


Previous page / Newer posts
Next page / Older posts
 
lucb1e.com

Circle on Google+
Follow at Twitter


Tagcloud:
AI apps chat computers databases datetime e-mail hardware keyboard keyboards lol me music my blog my server networking nostalgia other privacy programming randomthought real life school security social networks software spam tutorials webdevelopment webhosting websites Windows writing
Contact Me (test)