A blog about tech, programming, security, and various other subjects.



Telegram is no longer open source  Tags: software.
Telegram for Android is now a closed source application. According to the repository and the Telegram website, it is covered by the GPL license which states one must publish changes. However, since early October 2016, there have been many releases but no updates of the source code. Everyone involved is pretending there is no issue because they have their fingers in their ears:
  • the original author did not respond to the criticism for months;
  • Telegram's chat support does not respond
Phasing out of this nickname  Tags: me.
TL;DR: New blog posts will be posted in a new place under my legal name. Contact me if you want to know where.

Some followers of this blog have noted that I post less, and it's true. There are several reasons, but one of the main reasons is that this nickname is a dead end for me. I am moving towards using my full name for professional things, and interesting technical content is now a professional thing.
IPv6 addresses weird? It's v4 that's crazy  Tags: networking.
Dots are often used for hierarchy. Domains are backwards, but still hierarchical. Wireshark you can use tcp.port to filter on TCP ports. In many programming languages you specify an object's property as object.property. Does that property have methods you can use? Try another dot: car.wheels.length(). Dots are also commonly used as decimal separator.

Colons are often separ
To curl|bash or not to curl|bash  Tags: software, security.
People have a lot to say about how terrible piping from curl to bash is. These are the reasons people give:

1. It executes arbitrary code on your system!

I'm sure these people never ran a .exe file in their life.

2. The download could cut off mid-file and turn "rm /opt/something" into "rm /opt"!

Valid point! This is why we commonly wrap the installer as a big function, and call it in the end. If you care, you can even inspect the source to see if it does this, and if the software is on Github or something (curl|bash-using software usually is) or has nice developers, you can just let them know or send a pull request.

3. The code is not signed! If it was from the repositories, it would be signed.
Local File Inclusion by one misplaced character  Tags: security, websites.
"Uh-oh," I thought, as a good friend alerted me to a local file inclusion vulnerability in a site that I recently made. It's still in beta, not public yet, but still. How could this happen? I wrote code to prevent this!

The site has a ?page=mypage parameter that you could modify into anything, and it would just include the page instead of restricting it to existing and allowed pages. An absolute beginner's mistake, and I had thought of it, and secured it. Just not tested it.

I went to look at the code.

if (in_array($_GET['page'], array('about', 'contact', true))) {

    require($_GET['page'] . '.php');
}
Can you spot the error?


Next page / Older posts
 
lucb1e.com

Circle on Google+
Follow at Twitter


Tagcloud:
AI apps chat computers databases datetime e-mail hardware keyboard keyboards lol me music my blog my server networking nostalgia other privacy programming randomthought real life school security social networks software spam tutorials webdevelopment webhosting websites Windows writing