I’m pretty sure that in a parallel universe there’s a version of me who’s a metal guitarist. I love music, despite knowing nothing about it technically and I spend most of my waking hours listening to rock and metal. So, in a break from regular programming (haha, there’s nothing regular about my posting), heres’s a post about some delicious dark music I’ve discovered and enjoyed in the last year – in no particular order.
2015 year was an another interesting year for security and some cool utilities appeared. Rather than cover the same old ground and gush about how amazing nmap, masscan and shodan are though (not that they’re not amazing, of course), I’d like to highlight a few lesser known tools I’ve found useful, and discovered in the last year. TLS Prober One of my favourite security projects last year was undoubtedly TLS Prober.
Since finishing my PhD and leaving the world of academia I’ve moved from doing most dev work locally using TextMate to using remote VMs and using vim. I’ve also spent less time hacking outside of work, and so a few of the projects I used to spend a fair amount of time on have fallen by the wayside. One of these poor languishing projects was the Gnuplot TextMate bundle. A lot has happened to TextMate in the six years(!
iTerm2 is the best terminal emulator currently available on Mac OSX, I use it daily for development and sysadmin work and rarely regret running unstable builds. One of my favoute features in iTerm is its tabs. As you’d probably expect, ⌘T opens a tag – with a new shell – and you can drag and detach them just like you would in other applications. Earlier today I was reading its documentation and I came across this page about the proprietary escape codes it supports.
Template Toolkit is an excellent and popular templating language for perl. Here’s a quick tip about how to avoid cross-site scripting vulnerabilities when using it to write web apps. Suppose you have a page in your app which takes some user input and displays it, like this: <input name="user_supplied_input" value='[% input | html %]'> The input could come from POSTing a form, or from a URL parameter, like: https://example.com/app?user_supplied_input=test You could be forgiven for thinking that because you’ve used the HTML filter your user supplied input will be safely encoded, but in this case you’d be wrong!