Freelance Software Architect
software development
Drop-in XCache emulation with memcached
Recently we had to migrate a project from a server that had XCache installed (like all our servers) to a very different environment. So, I coded up a quick solution to use the same PHP software without any modification, but using a memcached server. I figured it may be useful for other people out there, so here it is.
Exploiting web development worst practices: file upload
If I can upload a file to your website, like, for example, an avatar, a picture, or a document for review, do you protect your website from that file?
Exploiting web development worst practices: file inclusion
And then PHP code that he has written will get executed on your server. It could do almost anything. Download any file you store on the server. Change other users’ sessions, changing their preferences, putting things into their shopping cart, etc. Access the database, stealing passwords (you do store passwords encrypted, I hope?), stealing e-mail addresses, residential addresses, whatever you store on the database. It can create new files, uploading viruses or phishing websites.
Exploiting web development worst practices: SQL injection
Nobody likes to be the guy who coded the “simple” website that later compromised a whole server and was used to leech ten-thousands of dollars out of unsuspecting citizens, and thus dragged an innocent company in trouble. Or the explaining that inevitably follows. Having security audited a few custom websites lately, I got the feeling that there is a need for a resource that in a few simple lessons helps web developers make more secure sites and avoid trouble.
Cloud power!
We all know in theory the advantages of load-balanced high availability clusters, but we often forget that they are also fun to build and operate.
Yes, I’m at fault of calling it a cloud when it’s rather a cluster, but who can resist the siren call of buzzwords? :) Cloud usually implies virtualization besides using multiple [...]
The Tao of Programming
The text was clearly written in an era when mainframes was just being replaced by personal computers. But from the sayings of “the master programmer”, and other invaluable gems, it’s clear that the human side of our beloved computing, and especially the management of programmers, have not changed much at all.
What can you learn from a prototype?
I’m having an idea for a Twitter mesh-up. It’s based on the idea that some tweets are worth more than others, and maybe there is a criteria to determine it.
Last week I had one free evening to work a little on this side project, and since it’s mine alone, I’m free to blog about it. [...]
The best features of the coming Drupal 7
Yesterday I have read through Dries’ State of Drupal presentation, and I have to say I’m impressed both by the thinking he put into the release engineering (something I have only seen at OpenBSD), and by the features Drupal 7 will bring to the table.
Cherry-picking from his presentation, I think the most promising new features [...]
How to get screwed on the Internet
A few weeks ago I had a chat about the state of Internet security with a friend who runs a hosting company, and he told me that the majority of the websites they host are cracked. This is because people just install just a forum/blog/gallery/etc software, but most have no idea that such installations have to be constantly “security patched”. Then, sooner or later someone finds an exploitable bug in that particular engine, and then their website is used to send spam, facilitate phishing attacks, host viruses, or worse.
How much open source saves for you
Lately I was thinking about quantities of code.
More specifically, how the codebase of a typical web application relates to the open-source code used in it?
For an example, let’s use a mutual-fund search web application we developed for a brokerage about a year ago. (Disclaimer about the design: they wanted feng-shui compatible, ok? We deliver.) It’s [...]
More posts about...
Keep in touch!
