The proponents of this scheme have given it names such as "trusted computing" and "palladium". We call it "treacherous computing", because the effect is to make your computer obey companies instead of you. This was implemented in 2007 as part of Windows Vista; we expect Apple to do something similar. In this scheme, it is the manufacturer that keeps the secret code, but the FBI would have little trouble getting it.
While playing around with the Nmap Scripting Engine (NSE) we discovered an amazing number of open embedded devices on the Internet. Many of them are based on Linux and allow login to standard BusyBox with empty or default credentials. We used these devices to build a distributed port scanner to scan all IPv4 addresses. These scans include service probes for the most common ports, ICMP ping, reverse DNS and SYN scans. We analyzed some of the data to get an estimation of the IP address usage.
As a security nut myself, and also a Linux admin, one of my biggest pet peeves is when I've taken the time and care to segment all the users on a server into separate home directories, and then some developer comes along, logs in as root, and changes the ownership of files. Other things can cause this, like Apache, PHP, Mutt, etc.. So I've always used a cron job that executes daily (and on demand) which automatically fixes all the permissions back to what they should be.
Nifty SEO tip to get Search Engine Bots to check your site every hour until you finish working on it and tell them you are finished.
.htaccess is a very ancient configuration file for web servers, and is one of the most powerful configuration files most webmasters will ever come across. This htaccess guide shows off the very best of the best htaccess tricks and code snippets from hackers and server administrators.
You've come to the right place if you are looking to acquire mad skills for using .htaccess files!
Learning about charset's and file types maybe pretty boring, but using .htaccess it can be fun! Here's a quicklist htaccess cheatsheet for adding the correct Charset to a web document.
Part deux of Want to know how to really hack? Originally Posted: 12/28/2003
A pure bash alternative to the python reflector, using curl, xargs, and sort for ranking Arch Linux mirrors.
Nice and simple. Short and sweet.
What if you'd like to send a 200 OK response instead of the default 404 Not Found response using Apache .htaccess files or httpd.conf? One use would be to make sure upstream caches cache any request on an api server, as 404's are not cached.
strace+ is an improved version of strace that collects stack traces associated with each system call. Since system calls require an expensive user-kernel context switch, they are often sources of performance bottlenecks. strace+ allows programmers to do more detailed system call profiling and determine, say, which call sites led to costly syscalls and thus have potential for optimization.
After many years of using any and all terminal emulators out there, from xterm to the Gnome terminal, to KDE Konsole to xfce4-terminal, lxterminal, vte, yakuake, rote, roxterm, sakura, terminator, and putty I finally I settled in for the long-haul with rxvt (rxvt-unicode).
My BOX: Slim -> Ratpoison -> URxvt -> Tmux -> Bash
The collusion add-on for Firefox is super-legit. Just navigate to any website normally, then just click the little collusion icon in the status bar and a full detailed report pops up in a new tab describing all the sites that the current site shared your data with (shared as in connected).
View the full introduction to Collusion on mozilla.org, or view my Firefox Add-on Collection: AskApache Web Development (Advanced)
Get the monthly newsletter —
the Free Software Supporter
Become a member of the Free Software Foundation today to help us reach our goal of $450,000 by January 31st.
If you remove the Last-Modified and ETag header, you will totally eliminate If-Modified-Since and If-None-Match requests and their 304 Not Modified Responses.
Ever wanted to execute commands on your server through php? Now you can. I'm calling this file (see below) shell.php and it allows you to run commands on your web server with the same permissions that your php executable has.
Let me show you an example that works so well I am using it right now on my site. Every page in fact. If you are a young or up and coming web developer with skills to pay the bills, lets make the future Net fast, learn about optimization and refactoring while you still have the chance.
Learn how to setup, configure, secure, optimize, and create a low-maintenance website the AskApache way. I'm piecing together all the hacks, tricks, methods, and ideas discussed throughout this blog and all across Netdom and glueing them all together to show you how to have the most optimized, crazy fastest, and best website setup I can think of.
Oh ya lets get it on! short but sweet
This article shows how to save and modify php session data, cookies, do anything really... without using ajax or iframes or forcing the user make a request.
Host Google Analytics ga.js file locally for increased speed! Makes web pages load faster.
Learn how to log and debug usernames and passwords used to login to a htaccess basic authorization protected website using php. This article is BOSS and will show you how to fully take control of this aspect of security using php and .htaccess, I don't believe you will find instructions to do this anywhere else on the net.
So, here's what I hacked together last night, that is being used today. It's essentially 2 files.
Fresh .htaccess code for you! Check out the Cookie Manipulation and environment variable usage with mod_rewrite! I also included a couple Mod_Security .htaccess examples. Enjoy!
Originally Posted: 3/29/2008
Yes, it's true! I'm the author of ping for UNIX. Ping is a little thousand-line hack that I wrote in an evening which practically everyone seems to know about. :-)
Problem: WordPress shows pages, categories, author pages, etc. without an ending '/'.
/about instead of /about/.
/category/htaccess instead of /category/htaccess/.
Solution: Either hook into the user_trailingslashit filter, or use some htaccess RedirectMatch
Learn how to make YOUR DreamHost promo codes work much better for YOU! This is not about promo-codes, this is about a simple method you should implement.