Local File Inclusion by one misplaced character Tags: security, websites."Uh-oh," I thought, as a good friend alerted me to a local file inclusion vulnerability in a site that I recently made. It's still in beta, not public yet, but still. How could this happen? I wrote code to prevent this!
The site has a
?page=mypage parameter that you could modify into anything, and it would just include the page instead of restricting it to existing and allowed pages. An absolute beginner's mistake, and I had thought of it, and secured it. Just not tested it.
I went to look at the code.
if (in_array($_GET['page'], array('about', 'contact', true))) {
require($_GET['page'] . '.php');
}
Can you spot the error?
From a Nokia to a Note and back again: experiences Tags: hardware, keyboards, computers.About 22 months ago I got my first touchscreen phone and my first Android. I was pretty excited about this Galaxy Note II and it fully lived up to my expectations. Last week it broke down.
I'm back to my good old Nokia E75. Officially called a smartphone, it runs Symbian which is as powerful as your average shoebox. It has a numeric keyboard and a slide-qwerty, which means that you can touch-type and blindly navigate even inside your pocket. It is so small it actually fits in the palm of
Self-driving cars Tags: randomthought, other, real life.How much would you pay for a self-driving car? I'll let you think about that for a minute. Myself, I'd pay about all the money I could spend on it. The idea fascinates me and it really seems like an awesome future.
Not only will self-driving cars get you from A to B without having to drive, it will also prevent about a million deaths every year due to car crashes. It will likely solve all our traffic jam problems. It will make traveling by car faster because we no longer need speed limits for our slow human reflexes.
SSH tips (and GNU screen) Tags: tutorials, software, networking.Just a quick blogpost about some things for ssh that make my life easier. No more password typing, hostname, user and port remembering, or even losing your session when a connection drops. The latter didn't seem easy to find and I had to piece some things together, but I'll explain how to use ssh with gnu screen from step three onwards.
One
Configure an ssh host config if you haven't already. This is not necessary, but boy does it make things easier. Do you want to remember that you're supposed to connect as user vhost89103 to ssh.pcextreme.nl, as user oa to the gameserver on port 222, as user ...
Do something Tags: programming, software.I'm running GNU/Linux right now. For free. I can do pretty much everything Windows users can, and it's all free of charge and open source. According to Wikipedia, the kernel alone is worth billions of euros in development costs, let alone the three thousand other packages I have installed. Or the hosting costs of providing me with all these packages plus updates.
Every time I pause to look at what I'm running and realize it's all done by others for free, I feel like I'm in their debt. They wrote millions upon millions of lines of code and everyone can use it for free.