Category Archives: General

Merging Raw Source Trees With git

Today I had the “pleasure” to manually merge two versions of the same application that was maintained in two different instances by three different programmers without any version control whatsoever.

The versions were quite different, with directory names changed (for now apparent reason) and all sorts of other funky stuff. Manual merging seemed like the only way to go and I chose git branches as my merging headquarters.

Continue reading



Timing Attacks in Web Applications

When code is executed by a machine it takes some time to do so. Execution time ranges from nanoseconds to months and years and even more (think bruteforcing). Web applications construct output producing, in most cases, very short delays (think the time it takes to show Google search results after typing in the query). Depending on what output is request, how it is requested and what the input is web applications can vary their execution time.

Timing Attacks in Web Applications

In this article we’re going to exploit some of the open-source content management systems available using delays in its execution under differing conditions to evoke distinct differences in execution time, which allow us, as attackers, to make some useful conclusions.

Continue reading



Cross-server deployment with servermattic

About a week ago I did a post on Tiny Projects Inspired by WordPress. Readers who actually visited the Code.WordPress Trac would have noticed a tool called servermattic, which is described modestly as “install files and applications to many servers according to their role“.

What is servermattic?

servermattic is a template configuration that allows for deployment of code and configurations across multiple servers – write once, deploy on many machines, update as much as you want with revisions.

Continue reading



ack-grep vs. grep

Following Daniel Bachhuber – The Zen of WordPress Development talk, I’ve started to explore this magical ack tool, a replacement for the native grep.

ack vs. grep

ack can be downloaded from the official and quite modest website called BetterThanGrep.com. ack is also available in all sorts of software repositories, and can be named ack-grep instead (due to a naming conflict).

ack is written in Perl, while grep is written is C. So why the heck does ack appear to be faster? Here are some test with the latest WordPress package.

Continue reading



Ready-to-paste HTML-escaped Code in Vim

I’ve seen countless of websites that paste code and do not escape the <, > and & characters, resulting in broken HTML and missing code. I have been using online HTML entity encoders when pasting code, but today I decided to code a little Vimscript for my Vim.

Escape HTML Entities in VIM

Continue reading



Bitfun: Popcount, Sideways sum, Hamming weight

Bitcount, popcount, sideway sum, Hamming weight

I was going through some simple coding puzzles yesterday night and became fascinated by this seemingly interesting function:

int CountBits (unsigned int x ) {
  static unsigned int mask[] = {
    0x55555555,
    0x33333333,
    0x0F0F0F0F,
    0x00FF00FF,
    0x0000FFFF
  };

  int i ;
  int shift ; /* Number of positions to shift to right*/
  for (i = 0, shift = 1; i < 5; i++, shift *= 2)
    x = (x & mask[i]) + ((x >> shift) & mask[i]);
  return x;
}

Continue reading



Surviving An Internet Blackout

When The Internet Goes Down

On the 12th of February an Anonymous posted the following pastebin: Operation Global Blackout. In case the pastebin disappears here’s the plaintext: Operation Global Blackout Anonymous.

To protest SOPA, Wallstreet, our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun, On March 31, the Internet will go Black.

Continue reading