The Sucuri Blog has a good dissection of the recent critical WordPress REST API vulnerability. I won’t rehash the details here, but I did want to point out that this is why developers should remember to follow these two rules of defensive programming:
- Sanitize inputs as early as possible
- Sanitize outputs as late as possible
In this case, there was a failure to follow the first rule. There are a couple of different places where this could have been handled better.
I’ve been tinkering a little bit with my electronics stuff again. Now I’m trying to decide on a project to do, and which hardware platform to use… I have a ton of different microcontrollers — Digispark (ATtiny85), Digispark Pro (ATtiny167), Digistump Oaks (ESP8266, wifi), Adafruit Trinket Pro (ATmega328), PunchThrough Bean (BLE), Particle Core (wifi) / Photon (wifi) / Electron (3G cell), NodeUSB (ESP8266, wifi), ESP201 wifi modules, some Arduino Pro Mini clones, a Tessel2 (wifi, … Continue reading
TL;DR: If you use the php-ssh2 extension for your WordPress core / theme / plugin updates, you might want to wait a little longer before upgrading to PHP 7.
My Halloween Blinky Eyes project got mentioned on Hackaday in a Halloween project roundup post. Cool! Hacklet 82 – Halloween Hacks 2015
Glowing eyes appear from the darkness, blink, then fade away. What are these creatures? Why are they watching us…? Continue reading
Once upon a time, before the Facebooks and Twitters and Reddits and MySpaces, there was Usenet. And on Usenet, flaming and trolling was an art form. It wasn’t just a bunch of angry, shocking, monkeys on keyboards. Trolls were subtle. Flames were eloquent and surgically precise. Then in the early 90s, they opened the internet up to the general public, and it became Amateur Hour. Newcomers, with no knowledge of the existing culture, nor the … Continue reading
I recently used the 3M Lens Renewal System to clean up a foggy, hazy headlight on our van. Continue reading
We moved into our new house at the end of December. But we’re still doing fix-ups and clean-up at the old house to get it ready for market. One thing our realtor recommended was to remove the popcorn ceiling in the kitchen and master bath. My wife, Susan, did all the popcorn ceiling removal, I sanded them, and we shared the painting work. So, we started with something like this: ? Then got to this: … Continue reading
Once again, Talk Like a Pirate Day is almost here. Yes, this Friday, September 19 is Talk Like A Pirate Day, and all good citizens of the Interwebs are expected to participate! To make it easy for all of my WordPress friends, I created the Text Filter Suite plugin, which will automagically piratify your web site for TLaPD. Just go to ‘Add New Plugin’ in your Dashboard, and search for ‘talk like a pirate’. And … Continue reading
Paula and Susan posing with the Gwinnett Gladiators mascot, Maximus. #hockey Published via Pressgram