Author Archives: joonas

Continuous file ranges with bash

After the downtime and later recovery, DAS is finally back with a changed business model. Previous subscribers like me have access to content until some deadline, after which seasons must be purchased.

Having learned quite a bit from grb’s excellent screencasts, I wanted to archive them so that I could revisit and even discover anything I’d missed. I already had some of the files downloaded so I wanted to download only the ones that were missing.

Continue reading

Advertisements

I read a DDD book

It didn’t take me long to read Implementing Domain-Driven Design (“IDDD book”) by Vaughn Vernon. This was the first book I’ve ever read on Domain-Driven Design. Perhaps this was not meant to be your first book on the subject, but I found it rather easy to follow either way. I did however need to skip ahead or go back from time to time, especially with Aggregates.

Continue reading

Why not MySQL

I’ve been a happy postgresql user for some years now. Just a quick reminder why I prefer PostgreSQL way of doing things (the proper way):

$ psql -c "select ''::text - ''::text"
ERROR:  operator is not unique: text - text
LINE 1: select '' - ''
                  ^
HINT:  Could not choose a best candidate operator. You might need to add explicit type casts.

Sounds about right, minus operator isn’t defined for two strings in general. I was horrified when going through my rss reader and stumbled upon Abusing MySQL string arithmetic for tiny SQL injections by Krzysztof Kotowicz:

mysql> select ''-'';
+-------+
| ''-'' |
+-------+
|     0 |
+-------+

The above works because when faced with minus operator, MySQL thinks that you are, by mistake passing it two doubles in strings and that an empty string defaults to zero.

PostgreSQL’s solution for above is superior as it let’s you know, hey, this is undefined. MySQL’s solution thinking it can/should fix this for you leads to security (or at least lingering hard to find bugs) problems, as shown in the article.

Working around problems with xargs

Having access to sites that provide books as pdf per chapter, I often just want to download all of the pdf files and concatenate them with pdftk. All the sites I’ve come across have had rather obscure naming strategies for the pdf files; you cannot just pdftk *.pdf concat output ready.pdf.

Continue reading

t2’12

Just a quickpress on my t2’12 experience. It was the first infosec conference I’ve ever attended, and I’m still in awe on the actual contents.

Basically there was everything I would had hoped for from current-ish events (Huawei, Flame), interesting targets (EMV payment devices, USB, browsers) to actual enterpise protection tips. At least these are the topics on top of my mind right now.

Almost surprisingly there was a talk by Rick Falkvinge, the founder of Pirate Partiet (of Sweden). His keynote was very inspiring and thought-provoking. Looking at the conference schedule as a whole, it was a great kickoff for the talks to come. (Mentioning this in it’s own paragraph as Rick requested mentioning his unique name near the end of his talk. :)

I’ll be most likely writing much more on this topic.

sed -Ee

Just quickly writing this down: Not sure why it isn’t on sed(1) but from now on I’ll be using sed -Ee ‘…’ for all my stream edits. For example listing host ssh keys somewhat prettied up:

(for i in /etc/ssh/ssh_host*pub; do ssh-keygen -lf $i; done) \
  | sed -e 's/\([0-9]\+\)\s\+\(\S\+\)\s*\S\+\s*(\(\S\+\))/\2 (\3-\1)/'

Same with -E:

(for i in /etc/ssh/ssh_host*pub; do ssh-keygen -lf $i; done) \
  | sed -Ee 's/([0-9]+)\s+(\S+)\s*\S+\s*\((\S+)\)/\2 (\3-\1)/'

It’s so convinient that it makes you want to write even more sed expressions!

Reading JAX Magazine #1

Not too long ago I managed to read the previous issue of jaxenter.com’s magazine. The magazine was called Java Tech Journal but it has now been re-branded as JAX Magazine. Next after a few opinions I’ll be taking a peek at the contents of this issue and writing this as I scroll.

Continue reading

Funny PHP article headline

Aaw cannot resist myself writing about this: DZone RSS just served me with an article about getting [the] latest PHP source without having to wait for the official releases. After spending a whole lot of time reading about PHP being a fractal of bad design the headline is just funny. It makes me think of the people who will now try to run php binaries straight from the git repo on their production servers without allowing the devs to mark code ready for production use (release).

Continue reading

A lot of stuff that just makes sense

While writing my yesterday’s post I (again) came across destroyallsoftware.com. After (again) watching the free material on that site I (finally) decided to subscribe his screencasts. I was mostly interested in the bash stuff.

Continue reading

Ranting about a rant

First I stumble upon a rant. I often read these, write a long comment about all their faults or misunderstandings leading to their outburst of hatred, but this time it turned out that the site hosting the article has a botched comment form. It tries to load WYSIWYG editor which in turn hides the original <textarea>. Sigh.

Continue reading