The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,977 other subscribers

Archive for the ‘PHP’ Category

Google Cloud Shell: tools, languages and “safe mode”

Posted by jpluimers on 2023/01/19

After publishing Free Linux cloud shell for Gmail users – shell in the browser that works in all locations I’ve been so far, the Google Cloud Shell got extended quite a bit.

There is now [Wayback/Archive] Safe Mode (which skips initialisation scripts):

If there’s a problem in your .bashrc or .tmux.conf files, Cloud Shell immediately close after connection. To resolve this, open Cloud Shell in safe mode by appending cloudshellsafemode=true to the URL. This restarts your Cloud Shell instance and logs you in as root, allowing you to fix any issues in the files.

To permanently delete all files in your home directory and restore your Cloud Shell home directory to a clean state, you can reset your Cloud Shell VM.

And there is support for way more [Wayback/Archive] tools and languages:

Read the rest of this entry »

Posted in .NET, C#, Cloud, Development, Go (golang), Google, GoogleCloudShell, Infrastructure, Java, Java Platform, JavaScript/ECMAScript, Node.js, Perl, PHP, Power User, Python, Ruby, Scripting, Software Development | Leave a Comment »

Type safe versus interpreted languages: which ones are safer?

Posted by jpluimers on 2022/10/06

An interesting thread by Kristian Köhntopp last year:

[Archive.is] Kristian Köhntopp on Twitter: “Python: >>> print(1+2+” = “+2+1) Traceback (most recent call last): File “”, line 1, in TypeError: unsupported operand type(s) for +: ‘int’ and ‘str’ Java: System.out.println(1+2+” = “+1+2); 3=12”

The examples from him and others in the thread:

Python:
>>> print(1+2+" = "+2+1)
Traceback (most recent call last):
  File "", line 1, in 
TypeError: unsupported operand type(s) for +: 'int' and 'str'

Java:
System.out.println(1+2+" = "+1+2);
3=12

php8.1  -r 'print 1+2+" = "+2+1;'
PHP Fatal error:  Uncaught TypeError: Unsupported operand types: int + string in Command line code:1
Stack trace:
#0 {main}
  thrown in Command line code on line 1

php7.3  -r 'print 1+2+" = "+2+1;'
PHP Warning:  A non-numeric value encountered in Command line code on line 1

Node?
Chrome & FF dev console:
window.alert(1+2+" = "+1+2)
3 = 12

Sind ja immerhin verschiedene Sprachen.

SELECT Wert1 
FROM table1
WHERE Wert1 < AVG(Wert1);

DB2 vs. Oracle vs. MSSQL vs. ....

The joke is that Python actually does better than Java.

But in practice, this is a problem on many platforms, so it deserves constant attention, that’s why Kristian pointed to [Archive] Anna “Legacy Archaeologist” Filina on Twitter: “My annotated slides “Fantastic Bugs and How to Avoid Them” from @LonghornPHP:  #LonghornPHP”

[Wayback/Archive] Fantastic Bugs and How to Avoid Them – Speaker Deck

I’ve expanded the examples from the thread below. The results are interesting and consistent over versions of the various languages.

–jeroen

Read the rest of this entry »

Posted in Development, Java, Java Platform, JavaScript/ECMAScript, Node.js, PHP, Python, Scripting, Software Development | Leave a Comment »

Remotely controlling most Harman Kardon systems

Posted by jpluimers on 2022/05/03

There is a Harman Kardon Remote app on [Wayback/Archive.is] Android and [Wayback/Archive.is] iOS.

It can control Harman Kardon AVR and BDS devices, and the communication appears to be simple XML over HTTP according to [Wayback/Archive.is] H/K AVR 151 Remote Control API – Adam Parsons.

It got reverse engineered into two libraries, both based on string concatenating XML HTTP requests:

Note:

–jeroen

Posted in Development, PHP, Scripting, Software Development | Leave a Comment »

Making it dead simple to implement @haveibeenpwnd in your applications, including strength warning if found in @troyhunt’s password collection.

Posted by jpluimers on 2020/12/02

I wasn’t aware that Troy Hunt created an API [WayBack] for [WayBack] Have I Been Pwned: Check if your email has been compromised in a data breach.

He did, as I noticed through [WayBack] Michelangelo van Dam on Twitter: “Making it dead simple to implement @haveibeenpwnd in my applications, including strength warning if found in @troyhunt’s password collection. Check out to try it out yourself. #ImproveSecurity #haveibeenpwnd”.

There are in fact plenty of other packages, web-sites and apps using the API as seen on [WayBack] Have I Been Pwned: API consumers.

Many people ask “if it is safe” (often assuming passwords are sent in clear, or hashes are sent in full; my fear is that those people implement security somewhere).

It is safe:

PHP source is at [WayBack] GitHub – DragonBe/hibp: A composer package to verify if a password was previously used in a breach using Have I Been Pwned API.

There is also a [WayBack] composer package at [WayBack] dragonbe/hibp – Packagist.

A really cool thing on it is this:

This project was also the subject of my talk [WayBack] Mutation Testing with Infection where the code base was not only covered by unit tests, but also was subjected to Mutation Testing using [WayBack] Infection to ensure no coding mistakes could slip into the codebase.

Apart from the tests, the most important source is at [WayBack] hibp/Hibp.php at master · DragonBe/hibp · GitHub

Related:

–jeroen

Posted in Development, Mobile Development, PHP, Python, Scripting, Software Development, Web Development | Leave a Comment »

Check your PHP project for known security issues – SensioLabs Security Advisories Checker

Posted by jpluimers on 2020/02/05

If I ever cross a PHP project, this is my first requirement to pass: [WayBack] Check your PHP project for known security issues – SensioLabs Security Advisories Checker

–jeroen

Posted in Development, PHP, Scripting, Software Development | Leave a Comment »

 
%d bloggers like this: