Comments for xiphux http://www.xiphux.com Mon, 04 Jan 2010 23:22:16 +0000 hourly 1 Comment on GitPHP internationalization by Sophie Brooke http://www.xiphux.com/2009/07/05/gitphp-internationalization/comment-page-1/#comment-837 Sophie Brooke Mon, 04 Jan 2010 23:22:16 +0000 http://www.xiphux.com/?p=642#comment-837 I like this blog - oh and I like the design of this as well, what theme are you using? I like this blog – oh and I like the design of this as well, what theme are you using?

]]> Comment on GitPHP 0.0.9 by xiphux http://www.xiphux.com/2009/10/24/gitphp-0-0-9/comment-page-1/#comment-663 xiphux Wed, 11 Nov 2009 02:53:21 +0000 http://www.xiphux.com/?p=659#comment-663 Thanks for reporting this. I use suhosin / hardened php on my development server so I never caught this. The new release fixes this. Thanks for reporting this. I use suhosin / hardened php on my development server so I never caught this. The new release fixes this.

]]> Comment on GitPHP 0.0.9 by Some[One] http://www.xiphux.com/2009/10/24/gitphp-0-0-9/comment-page-1/#comment-661 Some[One] Tue, 10 Nov 2009 16:35:24 +0000 http://www.xiphux.com/?p=659#comment-661 Hello ... I'm not sure of what i've seen in your demo (http://www.xiphux.com/gitphp/index.php?p=php/gitphp.git&a=summary), but i think that your webapp can be exploited to lead to a file injection exploitation : Like http://www.xiphux.com/gitphp/index.php?p=[put any path of your server here]&a=summary to remove the search of path+"/description" just add %00 : http://www.xiphux.com/gitphp/index.php?p=[any path]%00&a=summary and it will read your files directly On your server it's seems that's your using ModSecurity (return Metho Not Implemented when we put some path to files like passwd but without ModSecurity it can lead to a compromission of the server that host it) So use regular expression to clean/reject wrong url. Sorry for reporting the bug here (I don't wan't to create an account in mantis ^^) Hello …
I’m not sure of what i’ve seen in your demo (http://www.xiphux.com/gitphp/index.php?p=php/gitphp.git&a=summary), but i think that your webapp can be exploited to lead to a file injection exploitation :

Like http://www.xiphux.com/gitphp/index.php?p=put any path of your server here]&a=summary

to remove the search of path+”/description” just add %00 :
http://www.xiphux.com/gitphp/index.php?p=any path]%00&a=summary
and it will read your files directly

On your server it’s seems that’s your using ModSecurity (return Metho Not Implemented when we put some path to files like passwd but without ModSecurity it can lead to a compromission of the server that host it)

So use regular expression to clean/reject wrong url.

Sorry for reporting the bug here (I don’t wan’t to create an account in mantis ^^)

]]> Comment on GitPHP by Running Git on WebFaction in a contained and secretive way... - [k.m.] Wallio http://www.xiphux.com/programming/php/gitphp/comment-page-1/#comment-625 Running Git on WebFaction in a contained and secretive way... - [k.m.] Wallio Sat, 03 Oct 2009 15:03:18 +0000 http://www.thelightofthesoul.com/programming/php/gitphp/#comment-625 [...] part is optional. If you want to display the content of your repositories online in some way (via GitPHP or something), then it's better to run this under your main account (where your "webapps" and [...] [...] part is optional. If you want to display the content of your repositories online in some way (via GitPHP or something), then it's better to run this under your main account (where your "webapps" and [...]

]]> Comment on Gears of War 2 Fail by farts http://www.xiphux.com/2009/02/24/gears-of-war-2-fail/comment-page-1/#comment-515 farts Tue, 04 Aug 2009 19:34:34 +0000 http://www.xiphux.com/?p=585#comment-515 Gears 2 = FAAAAAAIIIIIILLLLLLL -melee through walls(lag? or just stupid? probly a little of both) -any weapon with shield(glitch), crabwalk, kungfu flip, and many many more glitches to gay up the game even more ***shotgun shoots at ground when your aiming right in front of you(the game just basically decides to make the shotgun 10X shittier in gears 2) -due to the above, you almost always have to 2 piece with the shotgun to guarantee a kill with it, blind firing RARELY works -can get stunned multiple times(if chainsaw = revd) from the same shot -no more shooting while running, have to stop then shoot(making the shotgun even shittier) -cant run or roll right after melee anymore -chainsaw battles arent just decided from how much b is pressed, can also be instigated towards a player who doesnt even have the chainsaw revd, great for lag :D -in matchmaking, i was lvl(?) 1 and got demoted...to lvl 1...even though i was never promoted in the first place... -The whole host system is shit since theyre near impossible to kill, esp if they have a shotgun and like you said if the host leaves then the whole match ends and everyone gets booted, no host swap/switch -the host can boot you for killing them once after theyve active snipered you the entire match -so what does all this mean? it means i am thankful for all the ppl that realize all this and play gears 1. granted, some of these affect both games, theres just more of a shit pile to deal with while playing gears 2. Gears 2 = FAAAAAAIIIIIILLLLLLL
-melee through walls(lag? or just stupid? probly a little of both)
-any weapon with shield(glitch), crabwalk, kungfu flip, and many many more glitches to gay up the game even more
***shotgun shoots at ground when your aiming right in front of you(the game just basically decides to make the shotgun 10X shittier in gears 2)
-due to the above, you almost always have to 2 piece with the shotgun to guarantee a kill with it, blind firing RARELY works
-can get stunned multiple times(if chainsaw = revd) from the same shot
-no more shooting while running, have to stop then shoot(making the shotgun even shittier)
-cant run or roll right after melee anymore
-chainsaw battles arent just decided from how much b is pressed, can also be instigated towards a player who doesnt even have the chainsaw revd, great for lag :D
-in matchmaking, i was lvl(?) 1 and got demoted…to lvl 1…even though i was never promoted in the first place…
-The whole host system is shit since theyre near impossible to kill, esp if they have a shotgun and like you said if the host leaves then the whole match ends and everyone gets booted, no host swap/switch
-the host can boot you for killing them once after theyve active snipered you the entire match
-so what does all this mean? it means i am thankful for all the ppl that realize all this and play gears 1. granted, some of these affect both games, theres just more of a shit pile to deal with while playing gears 2.

]]> Comment on GitPHP by KevBurnsJr.com » Packing up my GitHub Acct. http://www.xiphux.com/programming/php/gitphp/comment-page-1/#comment-485 KevBurnsJr.com » Packing up my GitHub Acct. Thu, 04 Jun 2009 03:37:09 +0000 http://www.thelightofthesoul.com/programming/php/gitphp/#comment-485 [...] had a paid account for the last 10 months to host my private repos.  After playing around with gitphp, I’m beginning to see that there’s a lot of potential that I’ve yet to tap [...] [...] had a paid account for the last 10 months to host my private repos.  After playing around with gitphp, I’m beginning to see that there’s a lot of potential that I’ve yet to tap [...]

]]> Comment on New GitPHP features by axold http://www.xiphux.com/2009/05/06/new-gitphp-features/comment-page-1/#comment-479 axold Sun, 17 May 2009 19:19:47 +0000 http://www.xiphux.com/?p=604#comment-479 Hi, I just wanna to say I have modified your code, now there is a favicon, you can change the name of projects and the description. I didn't have much time to see the whole code, but did you enabled the cache with smarty? It would be great to have pre-created package feature because if you have a big project when you click snapshot you need to wait some secs. In kernel/git I saw that they have the packages instantly. If you wanna talk with me, send me an email to my address! Bye! :D Hi, I just wanna to say I have modified your code, now there is a favicon, you can change the name of projects and the description. I didn’t have much time to see the whole code, but did you enabled the cache with smarty?

It would be great to have pre-created package feature because if you have a big project when you click snapshot you need to wait some secs.
In kernel/git I saw that they have the packages instantly.

If you wanna talk with me, send me an email to my address!

Bye! :D

]]> Comment on shady business practices by stalemate http://www.xiphux.com/2008/09/28/shady-business-practices/comment-page-1/#comment-433 stalemate Fri, 10 Oct 2008 21:16:44 +0000 http://www.xiphux.com/?p=456#comment-433 z0mg WTF PWNIES!!!!!!!!!!!!11111!!one!eleven!!! z0mg WTF PWNIES!!!!!!!!!!!!11111!!one!eleven!!!

]]> Comment on if (("$Linux" > "$Windows")) { return true; } by anonymous http://www.xiphux.com/2004/05/02/if-linux-windows-return-true/comment-page-1/#comment-22 anonymous Wed, 19 May 2004 00:36:00 +0000 http://www.thelightofthesoul.com/wordpress/?p=176#comment-22 a somewhat random question: I though gcc was gnu c compiler, although I know they have all sorts of other gcc compilers. Was it originally that and renamed or what? This is the best comparison i have seen so far of the two, I use linux a little, am still on the learning stage, and use windows (which needs to die) primarily. its been like 4 months and the system already needs to be reinstalled. OS rot at its worst... You should write more, whether about this kind of stuff or about what you used to write about. You write well. a somewhat random question: I though gcc was gnu c compiler, although I know they have all sorts of other gcc compilers. Was it originally that and renamed or what?

This is the best comparison i have seen so far of the two, I use linux a little, am still on the learning stage, and use windows (which needs to die) primarily. its been like 4 months and the system already needs to be reinstalled. OS rot at its worst…

You should write more, whether about this kind of stuff or about what you used to write about. You write well.

]]> Comment on if (("$Linux" > "$Windows")) { return true; } by anonymous http://www.xiphux.com/2004/05/02/if-linux-windows-return-true/comment-page-1/#comment-21 anonymous Wed, 05 May 2004 01:34:00 +0000 http://www.thelightofthesoul.com/wordpress/?p=176#comment-21 tnx tnx

]]>