Thursday, December 8, 2016

Identifying specific vulnerabilities in WordPress, by version

Exactly how vulnerable is your WordPress version? Ask the good folks over at the WordPress vulnerability database who have not only assembled a vulnerability list by version, but also provided a nice API for querying.

# WordPress 4.4.2 vulnerabilities, by type
$ curl -sS |\
  jq -r '.["4.4.2"]|.["vulnerabilities"]|.[].vuln_type' |\
  sort | uniq -c
      1 BYPASS
      1 CSRF
      1 LFI
      1 SSRF
      1 UNKNOWN
      5 XSS

Wednesday, November 30, 2016

Pasting a remote file into your local clipboard (* mouse not required)

So, I'm updating a configuration file on a remote server (using MobaXterm), and I need to copy the contents into some Trello documentation running in a browser on my local Windows machine.

The old fashioned way to do it is to select it with the mouse (which MobaXterm interprets as copying to my Windows clipboard), then Shift+Insert it into the browser. Well, turns out you can use the command line:

[Bishop@Cygwin]$ ssh user@host "< /path/to/file" | clip

On Windows, clip is a program to read from standard in and put into the Windows clipboard. On Mac OSX, replace clip with pbcopy for the same effect.

You could extend this approach: instead returning the whole file, return the result of a pipe line. Neat. Like magic, no more mouse needed.

Friday, November 11, 2016

Bypassing private and protected visibility in PHP

Members declared protected can be accessed only within the class itself and by inherited classes. Members declared as private may only be accessed by the class that defines the member.

This is true only in an academic sense: code outside the object can still get and set private and protected members. As usual in PHP, all it takes is a little magic.

Wednesday, March 23, 2016

The end of the mouse era

Doug Englebart invented the computer mouse nearly 50 years ago. Before HD, before GPU, before UX, the mouse let people interact with an information rich virtual space with ease.

The generation whose work productivity preceded the mouse are retiring. Today's work force learned young or grew up with computer mice. We are comfortable with them. But the plunging cost of touch screen, the integration of draw-capable technologies in underlying OS, and the rise of hand-held form factor computing all spell the end of the mouse age.

Our generation may find it difficult to imagine a world without mice. But consider, if price were not an object, would you rather have a mouse or a touch screen?

Fundamentally, a mouse is the wrong tool for the job. If you want to select, move, shrink or otherwise manipulate windows, keyboard chords provide the necessary precision and do not change your locus of attention. If you want to scroll, page and cursor keys provide two resolutions of movement. If you want to draw a freehand shape, a touch screen or a digitizing tablet offers measurably better precision.

In the future, we'll see a world without mice. A world with keyboards and touch screens. When economic factors allow cheap, ubiquitous touch input, mice commodity will become a novelty. Good riddance I say.

I was just asked how I navigate web pages without a mouse. The answer: vimium. Since I use vi, this is a natural move more me. Props to mjmccull for introducing this extension to me years ago. Read up on vimium in this quick guide.

Did you know that Windows+B+Enter opens the Windows system tray? Here's a running list of Windows 10 keyboard shortcuts to help you cut your mouse cord.
Shortcut Key CombinationAction or Effect
Windows+B+EnterRaise the Windows system tray. Use your cursor keys to navigate the tray icons
Windows+Shift+RightMove the active window right. Try also with the left cursor key.