:::: MENU ::::
Browsing posts in: Rants

A Walkthrough of PSR-6: Caching

There’s been a lot of discussion about PSR-6, the php-fig caching interfaces, so I thought it was time to step in and describe what this system is all about. Be prepared to read far more about caching interfaces than you probably thought possible.

Continue Reading

Upcoming Github Enterprise Vulnerability Disclosure

Earlier today I discovered that, due to a vulnerability with Github Enterprise, I still had access to resources at my former company that I really shouldn’t have. After reporting it to those guys so they could lock it down on their end, I reached out to Github themselves so they could repair it on their end and push out a fix to their own customers.

Their response was that they didn’t care. I received a form letter stating that they were “aware of this and similar issues”, and that they’d be working on improving it in the future.

Sometime this weekend I am going to be writing a blog post describing how former employers of a company can access the repositories and data inside Github Enterprise installations, because apparently Github as a company gives no fucks and it’s public disclosure time.

If anyone knows anyone at Github who might actually take this seriously please feel free to send them my way. I would much rather do this the proper way if possible.

Planning to Go Down, HTTP Edition

Whether it’s from a planned upgrade or a blown RAID, your site is going to go down eventually. This was brought to light for a lot of people by a recent outage on Hacker News- an outage that was made worse by HN responding with 200 Status Codes. During the subsequent discussion I posted a few quick pieces of advice which got a bit of attention, so I thought it was worth writing up a real post about it. Since this all started with a website and a status code it’s only fair to focus the attention on HTTP and how it can be used to help.

Continue Reading