About a week or so ago, I wrote to webappsec in response to Yasuo Ohgaki (書ã‹ãªã„日記) post about some issues with PHP’s security model. For some time, I’ve been worried about the direction of PHP. As many of you know, I helped write XMB Forum and now help write UltimaBB. XMB in particular is an…
Category: Rants
Cars that park over two spots…
I don’t know what it is about Sluggardly Utility Vehicles and parking like you own the road, but within five minutes of each other, I spotted a white Territory covered in an advertising hoarding take up two spots next to the disabled spots at McDonald’s crowded carpark, and a Nissan Patrol taking two spots at…
No succour for murderers
This morning, Singapore, a supposedly civilized first world nation, murdered an Australian citizen, Nguyen Tuong Van. He had smuggled drugs, and for that he deserved a long sentence commensurate to his crime. But not murder at the hands of a state. From this day forth, I will not be supporting any barbaric regime which murders…
Kansas – the laughing stock of the world
From CNN: At the risk of re-igniting the same heated nationwide debate it sparked six years ago, the Kansas Board of Education approved new public school science standards Tuesday that cast doubt on the theory of evolution. Story here If the idiots on the Kansas Board of Education jump off a bridge, they would be…
PHP Insecurity: File handling and remote code execution
One of the reasons that PHP applications feature so prominently on bugtraq is not particularly developer focussed, it is PHP’s fault. Today we look at the top reason: the semi-hidden world of allow_url_fopen, wrappers and pretty much all file orientated functions. The extraordinarily bad decision to make allow_url_fopen the default AND enable a host of functions to automatically “benefit” from these features causes the #1 security defect of 2005 – remote file inclusion. Read on for this rant. Warning – no solutions contained within.
On the failure of genre
On the weekend, I bought two CDs: Goldfrapp – Supernature Ministry of Sound – Sessions I couldn’t find the Goldfrapp. At all. Despite being heavily promoted in store, with a large 10×10 m poster dominating the front window, they did not have any on a display stand, and they didn’t put it in the music…
On DDoS protections
This is an article I wrote a few years ago. It is still relevant today.
Security architecture and document reviews
Reviewing documents is a fine art
Low life scuzz buckets in disabled spots
Nothing makes my blood boil more than selfish pricks. I was at the supermarket today. As per usual, a born to rule fuckhead had parked their oafishly large SUV in the disabled spot whilst not displaying a disabled sticker. I realise that sometimes you might be carting around elderly relatives, so I let it go…
car dealers
I had my new Citroen serviced on Friday. Why do certain types of service industry jobs attract people who hate and loathe their customers? I know that the IT has the Bastard Operator From Hell and the LART (luser attitude re-adjustment tool, aka a baseball bat), but generally we take pride in doing a good…