I recently had to use hashcat to verify some user credentials. Here are the commands I used: # Salted md5 passwords (all the same salt in salt+password format): hashcat -o found-passwords.pot -e salt.txt -m 20 -a 0 input-passwords.txt hashkiller.dic Input file is just hashes from the database, one hash per line. I think you can put a :salt after each hash and omit the -e salt.txt from the command to use unique salts.

Recently, the instant messaging app “WhatsApp” announced that it is using end to end encryption. While this is generally seen as a good thing, what most people seem to have forgotten is that we have absolutely no reason to trust WhatsApp. Just because you’re told WhatsApp is using end to end encryption doesn’t really mean anything.. what algorithms are they using, how can we verify this. Most importantly, if the NSA (or someone else, perhaps with lots of money) asks WhatsApp to disable end to end encryption for a specific user - what’s to stop them?

Most of the time I don’t want a local install of composer, I want it installed system-wide. Here’s how to do it: curl -sS https://getcomposer.org/installer | php -d "allow_url_fopen = 1" -d "open_basedir =" -- --install-dir=/usr/local/bin --filename=composer

For some time now I have been keeping myself abreast of the Oculus Rift project - a brand new virtual reality kit which is due for release this year. Normally I wouldn’t be interested in things like this but I believe this new VR headset will change the face of not only gaming but many aspects of our lives, and not always for the better. Back in the 90’s I had a go with a VR headset in London and it really put me off the idea.

If you’re not already familiar with the heartbleed bug, have a look at this website: http://heartbleed.com/ - I don’t want to talk about what it is exactly as lots of people have done that.. just why you should be more worried than you are. If you were (or still are?!) running an affected version of openssl: You almost certainly have NO way of telling whether someone attacked your server You may have been attacked through any service using SSL.

So you’ve updated your .gitignore, yet some files (log files?) have changed and git still thinks you might want to commit them. Try this: git update-index --assume-unchanged directory/ or git update-index --assume-unchanged blah/file.log Thanks to SO: https://stackoverflow.com/questions/655243/ignore-modified-but-not-committed-files-in-git

We recently took on a horrible code base at work, with lots of open tags in the code like this: <? calculateVat(123.. As far as I know this way of opening PHP code is deprecated and soon won’t be supported at all so I thought I’d just use sed to fix this but it wasn’t quite that simple. Sed has no way of doing look-aheads with regular expressions meaning we can’t tell it to not turn <?

This article was originally written in 2013 and applies to a fairly old model of the WD Mybook Live. The procedure here may well not work for you, please just use it for ideas. Also, check the comments as a lot of other people have tips! When the WD Mybook Live 3TB NAS was released, I went out and bought one and promptly put all my stuff on it. I have never kept anything *really* important on there as I didn’t have anything to back up all that data on to.

No doubt many others have thought of this already, but today I had a brainwave.. You have forms that use the dreaded captcha, which just sucks. Better forms use a honey pot trap but it’s still a bit weird. What if we checked to see how long a user had spent filling out a form - a bot will take (not much time) to complete the form where as a human being will take slightly longer, say anything over 5s.

Several years ago a new framework called CakePHP was released and I was quick to jump on the band wagon. The promise of having base code that does 90% of the work for you was too tempting and we quickly got burned trying to perform more complex SQL queries - hitting the boundaries of what was possible and having to hack our way around it. Ugh. Still, when you go back to writing an MVC style web app from the ground up you quickly realise that life would be much easier with a framework.