An Unsafe Version of the PHP Example

This is an unsafe version of the Model PHP Script example. It is more useful for learning PHP. An explanation follows, about what it does, and why it's unsafe.

<?php

/* 
 * Sample PHP form and database example.
 * This is an *unsafe* example, based on the safe example.
 */

// 1. config variables
$dbhost = 'localhost';
$dbuser = 'mysite';
$dbpass = '12JNdie8Ds3';
$dbname = 'mysite';

// 2. get the value from the form
$x = $_POST['x'];

Model PHP Script Example: writing relatively safe web forms

I just whipped this script up to demonstrate some techniques for writing relatively safe web forms with PHP. This example doesn't strive to look nice or even be easy to understand. It should be a jumping off point for learning some PDO, some htmlspecialchars, some filter_var, and a functional style of composing pages. The last thing - not such a great idea, but it works for really short pages.

This script is written to try and avoid SQL injection attacks, and cross site scripting (XSS).

Code is attached, and below.

Doing it Wrong Worked: Replacing a Flaky Disk in Windows RAID 1

I had a disk failing, and had to remove it. The "right" way is to break the mirror or remove the disk from the plex, but it was preventing a boot for the third time, so I shut down and removed it.

The computer booted from the second disk (after selecting it with the F10 boot menu, then the Windows boot menu).

So I added the replacement disk, restarted, and then went to work on rebuilding the mirror.

The new disk was initialized as MBR.

The remaining disk in the RAID plex was working, but the plex was gone. When I tried to reactivate the volume, it said the plex was gone.

North Carolina Judge Expands definition of "Computer Professional" to Include Admins

North Carolina Judge Upholds Employer Classification of Employee as Exempt Computer Professional

This is a big loss for net admins. The exemption was intended for programmers (and even that might be considered a loss).

MicroSIP Phone Audio Setup Weirdness with Different Headsets

Computer sound sucks.

Theory

There are three major contexts for computer-based sound: watching the computer like a TV, using it for video or audio phone, and using the computer as a multitrack recording studio or a multi-channel mixing board for a PA.

The problem is, the designers of Windows (and Linux, and Mac OS somewhat) have chosen to focus on enabling the usage on the right.

A List of SQL Injection Attacks

I was looking at some special logs we keep, and found these attempted SQL injection attacks.

~~~~
admin
'
a'or' 1=1--
'or 1=1--
'or''='
'or'='or'
admin' or 'a'='a
admin'or 1=1#
"or "a"="a
'or 1=1/*
'or'a'='a
'or 1=1\0
"or"="
"or"="a'='a
"or1=1--
"or=or"
''or'='or'
') or ('a'='a
'or' '1'='1
'or''=''or''='
'or'='1'
'or1=1--
a'or' 1=1--
a'or'1=1--
or 'a'='a'
or1=1--
'.).or.('.a.'='.a
'or.'a.'='a
')or('a'='a
1'or'1'='1
aaaa
admin
admin' OR 1=1/*
or 1=1--
"or 1=1--
"or 1=1\0
'xor
1 or '1'='1'=1
1 or '1'='1' or 1=1
' UNION Select 1,1,1 FROM adm
~~~~

How to SSH Tunnel to a Remote MySQL Server with Python

A demo of how to incorporate SSH tunnels into a Python system administration script.

Like all sysadmins, I write scripts to automate routine operations. Lately, though, I have needed to write scripts that automate routine operations on a remote system, and we need the security barriers to be a little higher than in the "old days".

We're accessing our database through an SSH tunnel, rather than via a regular encrypted socket. (The SSH connection will eventually require key pairs, and disallow regular passwords.)

Security Logic Simplified into a Cheatsheet

Came up with this comment to help me think through end-user security.

~~~~ /* * Security logic is based roughly on NTFS style allow and deny. * * The logic is as follows, in order: * 1. If a specific role or user is in the deny list, they are denied. * 2. If a specific role or user is in the allow list, they are allowed. * 3. Otherwise, they are denied. * * There are three special values.

Breaking the Rules: Share Files with Computers not in Your Windows Domain

How to share a folder and its files with computers outside of the Windows domain. This is a generally bad idea, but if you need to do it, it's possible.

AngularJS Directive: Stretchdown - stretches an element to the bottom of the window.

I've made may first directive! OK, not that special, but to me it is. This is one of the more difficult features I've come across in Angular, and I still don't really "get it".

[I didn't "get it" because I used directives as a mixin to implement a UI feature. Directives are really supposed to be for encapsulating HTML into small templates.]

I'm not even going to do a code walkthrough, because I can't really explain it well. The easy part is calculating the height the element should be. The tricky part is implementation.

Chrome Rendering Glitch with Label's Padding in Points (PT), Even Values

I have to learn the Chromium bug reporting system. Found an interesting rendering bug if, on a label, you specify a padding with an even number of points (pt), the rendering is shifted up a little bit, and the border can disappear if it's adjacent to another element.

Why is Markdown Cool? (It might write better HTML than your's.)

I went to the UseR conference, and R-Markdown was all the rage. My boss/coworker/?? asked me what was so cool about it. I've been using plain Markdown around a year, and think it's kind of cool, but my initial impression was that Markdown was kind of lame.

Chinese-American Cantonese Restaurants in Los Angeles

Personally, I prefer the Hong Kong style places in Monterey Park and Alhambra, and got used to them in the past 30 years or so, but it's not true that LA doesn't have old fashioned Chinese-American food anymore. People say it, but that's because they're eating at fusion restaurants or a newer place.

Uncle John's Cafe

Improved Learning with Transcripts of Video Tutorials

I'm learning AngularJS and noticed a few things going on. First is that there's a great tutorial out there called Angular JS in 60 Minutes Ish by Dan Wahlin. It's really good, and it's a little different from most tutorials. It read like the script of a screencast - and I thought it *was* the script of a screencast.

It's actually the inverse. It's the transcript of the screencast, and the images were taken from the screencast.

Small Hack to Send SMDR to Syslog for IP Office and other PBXs

This is a work in progress. I wanted to log all our calls and found out that there's a feature in IP Office called SMDR that sends logs to a server.

There were a few programs that could receive these logs, but I couldn't find one that just logged the lines to a syslog. After initally reading how to do it in Python and looking a the Perl code from SimpleSMDR, it seemed like too much code. This small C program, smdr-syslog, to does what I want.

Syndicate content