Legacy

All my old content

This section houses most of my blog posts from 2000 through to September 2014. There’s quite a lot of technical information and some personal opinion, I also spent a period of time blogging about working with wood.


Half-time Q & A Session

So we’re 15 days into the challenge.

15 posts written, including today.

I didn’t think I’d get this far and I’m still not sure I can keep the pace up to the end. It definitely feels like an endurance event!

Anyway, Marc came up with the idea for today’s post on the 30DWC Slack channel; I think to give us a rest maybe.

We’re copying some of Tim Ferris’ stock questions that he asks the guests to his podcast.

Continue reading

Email Course – rough draft

Today I’m starting to re-purpose old content into an email course aimed at designers and front-end developers. I’ll work on this in the coming days, for instance they need top and tailing, and all content is draft, but I wanted to get the majority of the structure down.

I’ll also likely merge some sections and make the content more friendly.

Continue reading

Sketching out product ideas

Today I’m writing with a work hat on and am sketching out some product ideas. From these I may then expand them out into one or more long-form service offering pages for my website.

Premise

My company Siftware specialises in providing maintenance & support services to the owners and managers of complex PHP applications. We have been building and maintaining custom PHP applications for 10 years and I started writing PHP applications in 1998. We currently employ a team of eight, including five PHP developers (not including me).

We are looking to productise some of our service offerings with a view to helping our friends and colleagues that are designers or frontend developers who may not have core backend development skills in-house.

We want to help them win more work, keep their existing clients happy or to streamline their workflows.

Continue reading

Serious Bash exploit & fix

There’s a bash exploit doing the rounds that is drop-everything serious.

The short version is that it is:

related to how environment variables are processed: trailing code in function definitions was executed, independent of the variable name

So, a correctly formed command can be used to execute arbitrary code on an affected system; anything running bash.

The problem is that Bash is probably called by your webserver or scripting language of choice, as this post on Redhat puts it:

CGI scripts are likely affected by this issue: when a CGI script is run by the web server, it uses environment variables to pass data to the script. These environment variables can be controlled by the attacker. If the CGI script calls Bash, the script could execute arbitrary code as the httpd user. mod_php, mod_perl, and mod_python do not use environment variables and we believe they are not affected.

Test this

bealers@server:~$ env x='() { :;}; echo vulnerable' bash -c "test"

Get this output?

vulnerable

Bad.

Fix this (on Debian/Ubuntu a patch is out)

apt-get update && apt-get install --only-upgrade bash

Test this

bealers@server:~$ env x='() { :;}; echo vulnerable' bash -c "test"

Get this output?

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'

Good.

Notes

This is a moving target, as you can see here, new patches keep coming out. So keep checking to see if there are other proof of concepts or keep checking for new patches by re-running the update & install.

For older versions of debian you may need to do more work, for example on some squeeze servers I had to change my apt-sources to squeeze-lts:

deb http://http.debian.net/debian/ squeeze-lts main contrib non-free
deb-src http://http.debian.net/debian/ squeeze-lts main contrib non-free

Finally a few useful background threads on HN:

Tip: keep Vagrant guest additions up to date

I found a handy plugin this weekend for keeping my PHP development Vagrant VM VirtualBox guest additions in sync: vagrant-vbguest

`vagrant plugin install vagrant-vbguest`

Every time you do a `vagrant up` it’ll do a check, which might occasionally get annoying if you’re in a hurry, so there’s a config option to disable it on a per-vm basis:

`# set auto_update to false, if you do NOT want to check the correct
# additions version when booting this machine
config.vbguest.auto_update = false`

Halt all Vagrant/VirtualBox VMs one-liner

If you’re using Vagrant to control your dev VMs on a headless server it’s easy to lose track of the number of running machines.

Here’s a one-liner to gracefully shut-down all of them to free up some resources.

for VM in `VBoxManage list runningvms | awk ‘{ print $2; }’`; do VBoxManage controlvm $VM poweroff; done

Phonegap Android development environment for Windows

Assuming you want to develop HTML5 apps to run on mobile devices using Phonegap/Cordova then the easiest place to start is Android if you’re a Windows user as you don’t need a separate Mac, you don’t even need a device to test on as there’s an emulator.

Anyway, I’ve had to do this three times on various machines now, so here’s a step by step guide for next time!

Continue reading