How to get vi keybindings in bash and the MySQL client

11 Dec 2016 19:22 | vim | bash | mysql | linux

The vim keybindings are wonderful once you get used to them.

What some people don't know is that the same keybindings are available in other
programs, for example bash has a "vi mode" which can be enabled with:

set -o vi
[read more...]

How to create a bootable FileVault2-encrypted SuperDuper! clone

11 Dec 2016 13:11 | macOS

SuperDuper! from ShirtPocket software is fantastic backup utility.  It lets you
create a full bootable clone of your mac that you can boot from any machine.

Not only is this a great way to backup your data but if your main machine dies
you can plug the backup drive into any mac, boot from it using the option key
at startup and be straight back into your environment.
[read more...]

linux/vim lifehack: sourcing a temporary local environment

10 Dec 2016 17:18 | vim

If you're a vim fanboy like me you may often find it frustrating when logging into
another machine that the default vim config isn't very nice to use.  Sometimes the
remote machine has a shared user account so changing it to your liking isn't really
practical.

To work around this and make my life easier I created this:
[read more...]

Ruby gems can execute code as root while they're being installed

29 May 2016 18:07 | ruby | security

Another hilarious and trivial rubygems exploit.  The file ext/<ext>/extconf.rb
gets executed as root during installation.  A malicious gem could put code in
there that installs a backdoor.

Demonstration PoC: https://github.com/m4rkw/rubygems-poc2
[read more...]

Abusing rubygems for fun and profit

29 May 2016 12:18 | ruby | security

RubyGems is a nice system, very easy to use and also easy to abuse.  Anyone can push
a gem straight into the global namespace, even if the gem has the same name as a core
library.

This can be trivially abused to break into systems of anyone who isn't very careful
what gems they use (and let's be honest, that's probably a lot of developers :).
[read more...]