Terminal Scrollbacks Write Data to Local Disk; Even Over SSH


I had always taken for granted that my SSH sessions were, well, secure. I just assumed that the contents of the scrollback buffer in a terminal would not be saved anywhere locally for something like this. My assumption was that it was stored in memory and flushed when the session was over. This allowed me… Read more »

No, PHP Errors and Notices Do Not Need to be Encoded


Programmers giving other programmers questionable advice is never a good thing. Because of this, I was sort of surprised when I finished reading a post from Neal Poole that hit the front page of Hacker News. Appearing on Hacker News as “Cross-Site Scripting? In PHP Notices? It’s more likely than you think,” his blog post… Read more »

Security Anyone?


Being that I am a web developer, you would think I would have looked into this sooner. The default installation of WordPress is very, extremely, embarrassingly insecure. I would think that, given the commonality of Apache installations for web servers these days that WordPress would come with some basic .htaccess installation options. However, this is… Read more »