Subscribe
Bookmark and Share

The End Of Software

Soy 3º Kyu en #Aikido ahora!

anibal-3rd-kyuAyer aprobé mi examen de tercer kyu de #Aikido, en nuestro dojo Misogi Aikikai (villa del parque) (http://www.misogiaikido.com.ar/ ) .

El examen cubre :

  • Yokomen uchi iriminage (uchi y soto)
  • Yokomen uchi kotegaeshi
  • Tsuki kaitennage
  • Ushiro ryo kata dori sankyo (omote y ura)
  • Morote dori iriminage (uchi y soto)
  • Shomen uchi sankyo (omote y ura)
  • Suwari waza:
    • Shomen uchi iriminage
    • Shomen uchi nikkyo (omote y ura)
  • Hanmi handachi waza:
    • Katate dori shihonage
    • Katate dori kaitennage (uchi y soto)

Muchas gracias a Sensei Daniel Fernandez , Fukushidoin Walter Mondarelli , Shodan Marcos Texeira , Shodan Alejandro Cabrera, y el resto de los amigos Aikidokas por su apoyo continuo y paciencia diaria (y a los 50,000 maestros que me tienen paciencia y enseñan en cada momento).

Estoy muy feliz de llegar a 3º Kyu! Ahora en mi camino a 2º Kyu. El viaje es el camino.

PD: Mención especial a Leandro Gutiérrez y Danilo Carnelos, quienes me ayudaron a preparar el examen! Voy a estar ahí para su examen de 3º Kyu!

Patching JomSocial ajaxUploadAvatar Remote code execution

The vulnerability is located in the "photos" controller, "ajaxUploadAvatar" task. The parameters parsed by the "Azrul" plugin are not properly sanitized before being used in a call to the "call_user_func_array" PHP function. This allows an attacker to execute arbitrary static class functions, using any amount of user-provided parameters. This can be leveraged by calling the "escape" method in the "CStringHelper" class to execute arbitrary PHP code.

It affects all JomSocial versions >= 2.6 and < 3.1.0.1 are vulnerable.

Reference: http://permalink.gmane.org/gmane.comp.security.bugtraq/53265

Solution

The recommended solution is to upgrade to JomSocial 3.1.0.1 version.

A patch

A full version update is not very handy. We may not be able to update all sites to the latest version. So, a simple patch:

jomsocial-patch

In components/com_community/controllers/photos.php, around line 2752, we can found ajaxUploadAvatar.

To avoid the vulnerability, you can add a condition to reject the injection:

     if (strpos($custom, 'CStringHelper') !== false)
        {
            throw new Exception('Patch Joomla! JomSocial component < 3.1.0.1 - Remote code execution');
        }

As an alternative stricter option, $custom can be checked to be empty:

     if (!empty($custom))
        {
            throw new Exception('Patch Joomla! JomSocial component < 3.1.0.1 - Remote code execution');
        }

Thank you, Ruth Cheesley for the heads up!

 

IMPORTANTE - Cambios en el Nic.ar

nicar-360Hay que volver a registrar todos los dominios... porque cambiaron el sistema (ay que pais!).... sino los vas a perder.... hoy ya perdiste la capacidad de cambiar los datos.

  1. Tenes que crear un usuario nuevo, con los mismos datos, fundamental el MISMO CUIT/CUIL https://nic.ar/wizard.xhtml
  2. Verificar el mail (SOLO trabajan manualmente, de lunes a viernes 9-18, si se demora, esperar)
  3. Luego de confirmar el mail, esperar a la verificación de datos (OBVIAMENTE solo trabajan manualmente, de lunes a viernes 9-18, si se demora, esperar)
  4. Cuando llega la confirmacion, ingresar a la cuenta, y presionar el boton "OBTENER DOMINIOS"
  5. Luego esperar (y rezar) que vinculen los dominios. (SI, solo trabajan manualmente, de lunes a viernes 9-18, si se demora, esperar)
  6. Cuando llegue la confirmacion, verificar que se pueda acceder a todos los dominios anteriores.
  7. Configuración de la cuenta -> Publicar mis datos = NO (Sino. todos los datos personales son visibles en la Web!)
  8. Por último, la frutilla del postre, recuerden que si el dominio esta asociado con una actividad comercial, debe tener el Data fiscal.

Y como siempre....

Gobierno profundiza control sobre titulares de dominios "com.ar" y beneficia a un empresario "amigo" 

http://www.iprofesional.com/notas/168721-Polmica-nicar-Gobierno-ajusta-controles-sobre-titulares-de-dominios-ayuda-a-la-AFIP-y-beneficia-a-empresario-amigo-

Mi recomendacion es usar de ahora en mas dominios .com, u otros. De aqui en mas, no se puede confiar en los .com.ar.

I'm Aikido 4º Kyu now!

4to-hyuTotally off-topic. The number is 4.

Yesterday, I had and approved my exam for 4th kyu, at our dojo Misogi Aikikai (http://www.misogiaikido.com.ar/).

The exam covered:

  • Shomenuchi Nikkyo (Omote & Ura)
  • Yokomenuchi Shihonage
  • Tsuki Iriminage
  • Ushiro Ryotekubitori Sankyo (Omote & Ura)
  • Ushiro Ryokatatori Kotegaeshi
  • Shomenuchi Yonkyo
  • Suwari Waza - Shomenuchi Ikkyo
  • Suwari Waza - Katatori Nikkyo (Omote & Ura)
  • Suwari Waza - Katatori Sankyo
  • Suwari Waza - Ushiro Ukemi, Shoko Ukemi (thank you, Walter ;-)), and Mae Ukemi

Many thanks to Sensei Daniel Fernandez, Fukushidoin Walter Mondarelli, Shodan Marcos Texeira, Shodan Alejandro Cabrera, and the rest of Aikidoka friends for their ongoing encouragement, and daily patience.

I'm very happy to reach the 4º Kyu! Now on my way to 3º Kyu. The Journey is the Destination.

PD: Special mention to Leandro Gutierrez, who helped me to prepare the exam! All be there in your 4º exam!

Voyager 1, where no man has gone before

voyager133 years ago, Nasa launched a spacecraft "Voyager 1" with the primary mission of visiting celestial bodies. After it completed the primary objective, it's followed a path to reach interstellar space, which is the space between stars.

Voyager 1 has already reached a place where no human device has gone before... but it's flying and the edge of the solar system is still far way

... and it's still discovering new science horizons.

 

 

PD: Check the farthest Earth photo, Pale Blue Dot, inspired by Carl Sagan.

Pale Blue Dot

300px-Voyager

 

 

Yes, the little blue dot.

Jootstrap and Joomla 3.0

525107136Today I'm amazed! We've discovered Joomla 3.0, reading "A First Look at the Mobile-Ready Joomla 3.0" !!!

My surprise is doubled since we've been working in the same subject!!!

In March, we've published Jootstrap. We've merged Joomla 2.5, Bootstrap, and Gantry as Template Framework.

As Bootstrap is based on JQuery, we've also been working to purge Joomla of the mootools native libraries (pls, check JClean JS plugin); and work with a 100% JQuery Joomla.

To show you a demo, you can visit: jbootstrap.prieco.com

Also, as a proof of concept, we tested it with JomSocial. It's a social networking component for Joomla, which mainly works with JQuery. And it works almost right out of the box on Jootstrap (calendars are not working, since they are based on mootools). Check it here!
 
If you want to review and fork Jootstrap, please join us: https://github.com/anibalsanchez/jbootstrap
 
Our Jootstrap's screenshots:
Jootstrap and Joomla 3.0
 
Jootstrap and Joomla 3.0
 
 

From a tradesman

From a tradesmanRecovered from Hacker News for Product Development: How lessons from a tradesman can help out a techie

  1. Measure Twice, Cut Once.
  2. It’s harder to paint it once it’s up.
  3. Always keep your project and your workspace clean.
  4. Always use the right tool for the job (also don’t be cheap with your tools).
  5. If all else fails, get a bigger hammer.

More Articles...

  1. Just a checklist
  2. A Checklist for "How can I forget X?"
  3. IT-ization of consumers
  4. Consumerization of Software Development
  5. No more version numbers
  6. Are we ready for IPv6?
  7. iPad, tablets, e-readers, netbooks, and smartphones ... Palm TX still rules
  8. P != NP ... I can sleep easy now
  9. Now we are talking, OpenStack for open cloud computing
  10. The End of SQL in a Cloudy Landscape
  11. A cloud rationale for application development
  12. OQUMA launches QMS Wiki effort
  13. The Day After Copenhagen
  14. Good Stuff: Laptop Malfunction Rates by Manufacturer
  15. Technologic Deconstruction - What it takes
  16. The cloud, the grid, IaaS, PaaS, and SaaS

Page 1 of 9