Podcasts about PhpMyAdmin

איך להחליף את שם היוזר להתחברות לאתר הוורדפרס שלכם לכל משתמש: https://itayverchik.co.il/change-username/ רוצים לדעת איך לשנות את שם היוזר (שם המשתמש) להתחברות באתר הוורדפרס שלכם עבור כל משתמש? בסרטון הזה, אראה לכם שלב אחר שלב איך לשנות את שם המשתמש של כל יוזר באתר שלכם בצורה קלה ומהירה, וגם אסביר למה זה חשוב לאבטחת האתר שלכם. בדרך כלל וורדפרס לא מאפשרת לשנות שם משתמש ישירות מלוח הבקרה, אבל יש שיטות עוקפות – כולל שימוש בתוסף ייעודי או שינוי ידני דרך מסד הנתונים (phpMyAdmin). בסרטון זה, אראה לכם את שתי הדרכים האלו כדי שתוכלו לבחור את הדרך המתאימה ביותר עבורכם. שינוי שם המשתמש יכול לחזק את האבטחה של האתר שלכם, במיוחד אם אתם משתמשים ביוזר "admin" או שם משתמש אחר שקל לנחש. זהו צעד חשוב למניעת פריצות ולהגנה על הגישה לאתר. אל תשכחו להירשם לערוץ וללחוץ על הפעמון כדי לקבל עדכונים על מדריכים נוספים בנושא וורדפרס ואבטחת אתרים. אם הסרטון עזר לכם, תנו לייק ושתפו עם חברים! בסרטון זה תלמדו: איך לשנות שם משתמש בוורדפרס באמצעות תוסף ייעודי. איך לשנות שם משתמש בצורה ידנית דרך phpMyAdmin. למה חשוב לשנות את שם המשתמש כדי להגן על האתר שלכם. אל תפספסו סרטונים נוספים בערוץ: https://www.youtube.com/c/ItayVerchik?sub_confirmation=1 להרשמה למערכת לקידום אתרים: https://say-v.com/ הצטרפו עכשיו לקהילה של בוני ומקדמי האתרים הטובים בישראל בחינם: https://www.facebook.com/groups/israelwp לרכישת אלמנטור פרו, מעצב העמודים בוורדפרס הטוב בעולם:⁠⁠ https://trk.elementor.com/2500⁠⁠ אין לכם עדיין חשבון אחסון אתרים או שאתם לא מרוצים מהאחסון הקיים שלכם? קבלו הנחה לאחסון אתרים קלאודוויז 25% ל-3 חודשים ראשונים: https://platform.cloudways.com/signup?id=314159&coupon=VERCHIK תודה שצפיתם! אם יש לכם שאלות או רעיונות לנושאים נוספים שתרצו שנדבר עליהם, כתבו לי בתגובות למטה ואני אשמח לעזור.

How To Change The User Name To Connect To Your Wordpress Site For Each User: https://itayverchik.com/change-username/ Want to know how to change the username for connecting to your WordPress site for each user? In this video, I'll show you step-by-step how to easily change the username of any user on your WordPress site, even though WordPress doesn't allow this directly through the dashboard. We'll cover two simple methods: using a dedicated plugin for a quick and easy username change, and how to manually change a username via phpMyAdmin if you prefer not to install additional plugins. Changing the username, especially if it's something common like "admin," can significantly enhance the security of your site and prevent hacking attempts. By following this guide, you'll ensure your site's login details are more secure and less susceptible to brute force attacks. Don't forget to subscribe and hit the bell icon for more WordPress tutorials and website security tips. If this video helped you, give it a thumbs up and share it with others! In this video, you'll learn: How to change a WordPress username using a plugin. How to manually change a username via phpMyAdmin. Why changing usernames is crucial for your site's security. Don't miss more tutorials on the channel: https://www.youtube.com/c/ItayVerchik?sub_confirmation=1 To Sign Up For The Keywords Tracking System: https://say-v.com/ Join now the community of Webmasters and SEO Marketers completely free: https://www.facebook.com/groups/itayverchik To purchase Elementor Pro, the world's best WordPress page designer: https://trk.elementor.com/2500 Don't Have A Web Hosting Account Yet Or Are You Just Not Satisfied With Your Existing Hosting? Get A 25% Discount For Cloudways Web Hosting For The First 3 Months: https://platform.cloudways.com/signup?id=314159&coupon=VERCHIK Thank you for watching! If you have any questions or suggestions for future tutorials, drop a comment below, and I'll be happy to help. Don't forget to subscribe and share this video with anyone managing a WordPress site!

איך לאפס סיסמא בוורדפרס לעצמכם וליוזרים אחרים בקלות: https://itayverchik.co.il/reset-password/ מחפשים דרך קלה לאפס סיסמה בוורדפרס עבור עצמכם או משתמשים אחרים? בסרטון הזה, אראה לכם איך לבצע איפוס סיסמה בוורדפרס בצורה פשוטה, בין אם זה לחשבון שלכם או ליוזרים אחרים באתר. לפעמים שוכחים את הסיסמה או שיש צורך לעזור למשתמשים לשחזר גישה לחשבון שלהם – וורדפרס מספקת פתרונות מהירים ויעילים לכך. נלמד איך להשתמש באפשרות האיפוס המובנית של וורדפרס, איך לאפס סיסמה דרך לוח הבקרה (Admin Dashboard) עבור יוזרים אחרים אך את זה נראה בסרטון אחר, ואפילו איך לעשות זאת בצורה ידנית דרך בסיס הנתונים אם אתם לא יכולים לגשת למערכת הניהול. אם אתם מנהלי אתרים או בעלי וורדפרס, הסרטון הזה יספק לכם את כל הכלים הדרושים לאיפוס סיסמאות בצורה בטוחה ומהירה! אל תשכחו להירשם לערוץ וללחוץ על הפעמון כדי לקבל עדכונים על מדריכים נוספים בוורדפרס ובניהול אתרים. אם הסרטון עזר לכם, תנו לייק ושתפו עם אחרים! בסרטון זה תלמדו: איך לאפס סיסמה לחשבון שלכם בוורדפרס. איך לאפס סיסמה ליוזרים אחרים דרך לוח הבקרה. יש גם דרך לבצע איפוס סיסמה ידני דרך בסיס הנתונים (phpMyAdmin, אך את זה נראה בסרטון אחר. אל תפספסו סרטונים נוספים בערוץ: https://www.youtube.com/c/ItayVerchik?sub_confirmation=1 להרשמה למערכת לקידום אתרים: https://say-v.com/ הצטרפו עכשיו לקהילה של בוני ומקדמי האתרים הטובים בישראל בחינם: https://www.facebook.com/groups/israelwp לרכישת אלמנטור פרו, מעצב העמודים בוורדפרס הטוב בעולם:⁠⁠ https://trk.elementor.com/2500⁠⁠ אין לכם עדיין חשבון אחסון אתרים או שאתם לא מרוצים מהאחסון הקיים שלכם? קבלו הנחה לאחסון אתרים קלאודוויז 25% ל-3 חודשים ראשונים: https://platform.cloudways.com/signup?id=314159&coupon=VERCHIK תודה שצפיתם! אם יש לכם שאלות או רעיונות לנושאים נוספים שתרצו שנדבר עליהם, כתבו לי בתגובות למטה ואני אשמח לעזור.

How To Reset A Wordpress Password For Yourself And Other Users Easily: https://itayverchik.com/reset-password/ Looking for an easy way to reset a WordPress password for yourself or other users? In this video, I'll show you how to quickly and securely reset passwords in WordPress, whether it's for your own account or for other users on your site. Sometimes users forget their password, or as an admin, you might need to assist others with account recovery—WordPress provides built-in solutions for this! We'll cover how to use the WordPress built-in password reset feature, how to reset passwords for other users through the WordPress admin dashboard, and also you have the option to reset a password manually through the database if you don't have access to the dashboard, but we will see that in another video. Whether you're a website owner, admin, or just a WordPress user, this tutorial will give you all the tools you need to manage password resets efficiently! Make sure to subscribe and hit the bell icon for more WordPress tutorials and website management tips. If this video helped you, don't forget to give it a thumbs up and share it with others! In this video, you'll learn: How to reset your own password in WordPress. How to reset a password for other users via the admin dashboard. There is also a way to manually reset the password through the database (phpMyAdmin), but we will see that in another video. Don't miss more tutorials on the channel: https://www.youtube.com/c/ItayVerchik?sub_confirmation=1 To Sign Up For The Keywords Tracking System: https://say-v.com/ Join now the community of Webmasters and SEO Marketers completely free: https://www.facebook.com/groups/itayverchik To purchase Elementor Pro, the world's best WordPress page designer: https://trk.elementor.com/2500 Don't Have A Web Hosting Account Yet Or Are You Just Not Satisfied With Your Existing Hosting? Get A 25% Discount For Cloudways Web Hosting For The First 3 Months: https://platform.cloudways.com/signup?id=314159&coupon=VERCHIK Thank you for watching! If you have any questions or suggestions for future tutorials, drop a comment below, and I'll be happy to help. Don't forget to subscribe and share this video with others who might find it helpful!

איך לשנות את כתובת האתר שלכם מתוך וורדפרס: https://itayverchik.co.il/change-website-address/ רוצים לדעת איך לשנות את כתובת האתר שלכם (URL) מתוך וורדפרס? בסרטון הזה, אני אראה לכם איך לבצע את השינוי בצורה פשוטה ובטוחה, בין אם אתם רוצים לעבור לדומיין חדש, לשדרג מ-HTTP ל-HTTPS או לעדכן את כתובת האתר לצורך קידום SEO או שינוי מיתוג. נלמד איך לעדכן את כתובת האתר (URL) ואת כתובת וורדפרס (WordPress Address) ישירות מתוך לוח הבקרה של וורדפרס, וגם איך לשנות את הכתובת בצורה ידנית באמצעות קובץ wp-config.php או דרך phpMyAdmin, למקרה שאין לכם גישה ללוח הבקרה. נסקור גם מה חשוב לוודא כדי למנוע קישורים שבורים ואיבוד תנועה לאחר השינוי. הסרטון הזה מיועד לבעלי אתרים, בלוגרים, ועסקים קטנים שרוצים לבצע שינוי דומיין או לשפר את הנוכחות שלהם באינטרנט. בסוף הסרטון, תדעו בדיוק איך לשנות את כתובת האתר בצורה מקצועית ולהבטיח שהמעבר יבוצע בצורה חלקה ובטוחה. אל תשכחו להירשם לערוץ, ללחוץ על הפעמון כדי לקבל התראות על סרטונים חדשים, ולתת לייק אם הסרטון עזר לכם! בסרטון זה תלמדו: איך לשנות את כתובת האתר (URL) ישירות מלוח הבקרה של וורדפרס. איך לשדרג את האתר מ-HTTP ל-HTTPS לאבטחה ו-SEO טובים יותר. מה לעשות אם אין לכם גישה ללוח הבקרה. איך למנוע קישורים שבורים ולוודא שהשינוי עובר בצורה חלקה. אל תפספסו סרטונים נוספים בערוץ: https://www.youtube.com/c/ItayVerchik?sub_confirmation=1 להרשמה למערכת לקידום אתרים: https://say-v.com/ הצטרפו עכשיו לקהילה של בוני ומקדמי האתרים הטובים בישראל בחינם: https://www.facebook.com/groups/israelwp לרכישת אלמנטור פרו, מעצב העמודים בוורדפרס הטוב בעולם:⁠⁠ https://trk.elementor.com/2500⁠⁠ אין לכם עדיין חשבון אחסון אתרים או שאתם לא מרוצים מהאחסון הקיים שלכם? קבלו הנחה לאחסון אתרים קלאודוויז 25% ל-3 חודשים ראשונים: https://platform.cloudways.com/signup?id=314159&coupon=VERCHIK תודה שצפיתם! אם יש לכם שאלות, רעיונות או נושאים נוספים שתרצו שנדבר עליהם בסרטונים הבאים, כתבו לי בתגובות למטה ואני אעשה את המיטב לענות ולעזור.

How To Change Your Website Address From Wordpress: https://itayverchik.com/change-website-address/ Are you looking to change your website address (URL) in WordPress but aren't sure where to start? In this video, I'll guide you through the simple steps to change your WordPress site address, whether you're moving to a new domain, switching from HTTP to HTTPS, or updating your WordPress URL for better SEO and branding. We'll cover how to safely update the WordPress Address (URL) and Site Address (URL) from within the WordPress dashboard, as well as additional steps to ensure the transition is smooth and doesn't cause any broken links or issues for your visitors. I'll also show you how to update the URLs directly in the wp-config.php file or the phpMyAdmin panel if you're unable to access the dashboard. This video is perfect for WordPress beginners and anyone looking to make domain changes or optimize their website address for SEO purposes. By the end of this video, you'll be able to confidently update your website URL, keeping your website running smoothly and ensuring it's correctly configured for search engines. Don't forget to subscribe to the channel and click the notification bell to stay updated on more WordPress tips and tricks. Give this video a thumbs up if you found it helpful! In this video, you'll learn: How to change your WordPress site address (URL) from the dashboard. How to safely switch from HTTP to HTTPS for better security and SEO. What to do if you cannot access the WordPress dashboard and need to change the URL manually. Tips to avoid broken links and ensure a smooth transition to your new website address. Don't miss more tutorials on the channel: https://www.youtube.com/c/ItayVerchik?sub_confirmation=1 Thank you for watching! If you have any questions or suggestions for future videos, drop a comment below, and I'll be happy to help. Don't forget to like and share this video if you found it useful! To Sign Up For The Keywords Tracking System: https://say-v.com/ Join now the community of Webmasters and SEO Marketers completely free: https://www.facebook.com/groups/itayverchik To purchase Elementor Pro, the world's best WordPress page designer: https://trk.elementor.com/2500 Don't Have A Web Hosting Account Yet Or Are You Just Not Satisfied With Your Existing Hosting? Get A 25% Discount For Cloudways Web Hosting For The First 3 Months: https://platform.cloudways.com/signup?id=314159&coupon=VERCHIK

Artículo completo con los pasos para acelerar tu web: https://borjagiron.com/como-mejorar-velocidad-web/Muy buenas y bienvenido al podcast “SEO para Google”, soy Borja Girón y cada miércoles aprenderás todo lo necesario para salir en las primeras posiciones de Google y generar más visitas y ventas. Recuerda unirte a la Comunidad Emprendedores desde: https://borjagiron.com/comunidad y podrás acceder a las sesiones de Mastermind cada lunes conmigo y el resto de emprendedores, al podcast secreto, a los retos y las categorías dentro del grupo de Telegram sobre Instagram, RRSS, Finanzas, criptomonedas, salud, Inteligencia Artificial, marketing, podcasting, productividad y todo lo necesario para hacer crecer tu negocio.Y ahora sí…¿Estás preparado? ¿Estás preparada? ¡Comenzamos!Mi web iba lenta. Pensaba que era del servidor, migraciones o de mi plantilla. No.Mejor Hosting WordPress Hostinger: https://borjagiron.com/hostinger

Hey, it's 5:05 on Monday, March 13th, 2023. From the Sourced Podcast Network in New York City, this is your host, Pokie Huang. Stories in today's episode come from Edwin Kwan in Sydney, Australia, Ian Garrett in Arlington, Virginia, Katy Craig in San Diego, California, Marcel Brown in St. Louis, Missouri.Let's get to it.Brute Force Attacks Against Popular Web Services

What follows is the most important news for the week! Linux-y news! Retro computer news! Alternative OS news! You know… the stuff that matters!The Free Software Foundation is 37 years old!On October 4th, 1985, Richard Stallman founded the Free Software Foundation.Weird thought: On October 3rd, 1985, the Free Software Foundation didn't exist.After all these years, it's almost hard to imagine a world where the FSF wasn't around.A physical, retro-Hard-Drive sound simulator: HDD ClickerThis mad genius got tired of the silence of his flash based hard drives. He longed for the days when his bit, magnetic hard drives made all of those awesome “hard drive noises”.So he did something about it: He build a small device that made that noise when his flash drives are accessed..Check out the video demos he gives. Turn the sound up. Just lovely.I want four.Canonical launches Ubuntu Pro as free service for individualsCanonical is now offering an “Ubuntu Pro” service for individuals… for free.“Anyone can use Ubuntu Pro for free on up to 5 machines”And then, naturally, companies and big organizations will need to purchase a subscription plan for the Ubuntu Pro service. Makes sense. And, really, is a model I quite like: Businesses and Enterprise customers are helping fund the development and support… which directly benefits the individuals. Nice.The primary purpose of Ubuntu Pro looks to be “ten years” of security updates for the core OS plus “23,000” other packages:“Ubuntu Pro (currently in public beta) expands our famous ten-year security coverage to an additional 23,000 packages beyond the main operating system.Including Ansible, Apache Tomcat, Apache Zookeeper, Docker, Drupal, Nagios, Node.js, phpMyAdmin, Puppet, PowerDNS, Python 2, Redis, Rust, WordPress, and many more...”Honestly, this seems like the way to go for folks using Ubuntu. Better support, longer lifespan of updates in the repository… if I were running Ubuntu, I'd probably jump on that. Especially considering the fact that it's free. This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit lunduke.substack.com/subscribe

En este episodio conocemos algunos detalles de MySQL Workbench y sus principales ventajas de utilizarlo . Modelar una base de datos, sus tablas, relaciones y administrar los datos son una tarea importante para asegurarnos el rendimiento óptimo de nuestra aplicación. Es importante conocer una de las bases de datos mas populares : #MySQL y una de sus herramientas de administración : #Workbench que junto con PHPMyAdmin nos da posiblidad para gestionar y mucho mas. Analizamos algunas de las características de este cliente de administración de bases de datos y además celebramos los 27 años de PHP y 11 años del framework Laravel, nada mal. Si te gustó este episodio y querés colaborar con CodigoTecno te invito a dejar un comentario, una review en la plataforma que estés escuchando o mejor aun : compartilo en tus redes, con tus amigos así podemos llegar a mas personas con estos contenidos gratuitos. Gracias por estar allí como cada semana y por último, si querés aprender a programar web o si buscas acompañamiento de proyectos principalmente con PHP, Laravel, Codeigniter, no dudes en consultarme. - https://www.facebook.com/codigotecno/ - https://www.instagram.com/codigotecno Sumate a la comunidad en Youtube: https://bit.ly/2JLaKRj En Telegram estamos empezando a armar el canal : https://t.me/codigotecno Envíame un email : codigotecno (arroba) hotmail.com o en Telegram @soleralejandro me encantaría poder ayudarte con tu proyecto o sumarme a tu equipo de desarrollo. Seguinos en las redes de podcast mas populares: * En Spotify : https://spoti.fi/31Dp4Sq * En Ivoox : https://bit.ly/2JoLotl * En Itunes: https://apple.co/2WNKWHV Te espero en los comentarios, animate y buen código para todos. ! Muy buen código para todos y hasta la próxima. !

News WordPress turned 19 this year on May 27th. Sarah Gooding over at WPTavern wrote an article covering the beginning when Matt Mullenweg partnered with Mike Little and released the first version of WordPress based on the b2/cafelog software. The highlight of this year's anniversary celebration was on the wp19.day website which has video blogs from people all over the WordPress community about how WordPress has changed their lives and how much the community has played a part in its growth. Is WordPress getting more difficult? Lesley Sim has many responses over on her Twitter thread. It is weird that many responses do not include WooCommerce - which has a lot of catching up to do. Jetpack announced that it's breaking up…it's modules, anyway. You can now install the most popular Jetpack modules like Backup, Protect, Boost, Social, Search, and CRM. WooCommerce The first release candidate for WooCommerce 6.6 is now available and currently on track for the planned release date of June 14, 2022. If you would like to check out the changes and test the latest go ahead and download the release from wordpress.org. Events WordCamp EU officially starts this week, June 2 - 4. There are many informal updates occurring on Twitter right now. The WPMinute is donating $5 for every selfie with Matt Cromwell (up to $100) with @learnwithmattc. You can share on this thread at #WCEU to @aBigOrangeHeart. From Our Contributors and Producers Last week the WPMinute reported that the new WordPress Starter plan is available for just $5/month on WordPress.com. This interview with a few questions to Dave Martin, CEO of Automattic, covered the refactoring and pricing of the new WordPress.com. Go check out the interview and provide your feedback on Twitter. If you've been using InstaWP to launch sandbox WordPress websites, things are about to heat up for that platform led by Vikas Singhal. In an exclusive interview with WPMinute producer, Daniel Schutzsmith and Vikas shares how he landed a seed funding round from Automattic and how he plans on using the funding for his company.  Are you looking for a WordPress database management plugin or maybe a way to just see what's in your database?  Delicious Brains launched the SQL buddy plugin and it is available in the repository. If you are currently using phpMyAdmin and looking for a lightweight plugin, it may be worth checking out this plugin for database management. Oxygen 4.0 was released with many fundamental changes to the builder. The shortcodes are now converted to json. You can check out the latest update on their YouTube video. Joost de Valk shared this Tweet about a potential new search engine from Apple. @Scobleizer says Apple will introduce a new search engine at WWDC. Joost noticed that there has been increased crawling with applebot over the last few months and it will be interest

It's so easy to get caught up in what we do, be that logo design, vehicle wraps, websites, trade show booths; you name it. We forget that our clients don't live in the same world as we do. Our clients don't see the world through a designer's eye. When they look at a billboard, they see the message. When a designer looks at a billboard, not only do we take in the content and message. But we also take in the layout, the hierarchy, the use of negative space and the colour pallet. We note what fonts are used and what imagery they chose to relay their message. When we see something that isn't kerned correctly, we feel the need to point it out. We feel almost obliged to mention every stock image we recognize out in the wild. "See that photo of that happy family in that car insurance ad? I saw that exact photo on Depositphotos." And we stop to admire displays, posters, cards and everything else we think is well designed. After all, when you see something that you feel is well designed, don't you secretly start cataloging pieces of it away in your mind so you can “borrow” the idea for something you create in the future? As designers, our brains are just wired that way. We see the world through a designer's eye. But sometimes, we forget that non-designers don't see the world the way we do. My wife has perfected the eye roll she uses whenever I start talking design about something I see. Sometimes she'll feign interest, but I know that she doesn't care that the line spacing on the restaurant's menu is too tight. She just doesn't get it because she's not a designer. But neither are our clients. That's why they hire us for their projects. And sometimes, it's easy to forget that they don't have the same knowledge as us, nor the same interests. And they view the world through a different set of lenses than we do. That's why it's a good idea that before you say or present anything to a client, you try to consider it from their point of view. Case in point. A designer shared an intro packet PDF in a design group I belong to, asking for advice. The PDF is to give prospective website clients to explain what a CMS is, a Content Management System. She went into great detail, outlining everything there is to know about CMSs. I how thorough she was. However, I and several others pointed out that it wasn't suitable for clients. She explained how databases work, with columns and rows and entry IDs. and how you can edit a database directly with tools such as phpMyAdmin. Then she explained how she builds a custom portal for each client that allows them to easily add, delete, and edit posts in the database. And finally, she explained how the items in the database end up displaying on the web page. She even showed examples of the PHP code required to make it all happen. Nothing was wrong with anything she presented, except that most of them are redundant to clients. A client doesn't need to know how databases work or how the info from the database ends up on a web page. All the client needs to know is their website will have a CMS with an easy-to-use interface allowing them to add, delete and edit the content of their site. Remember, these are perspective clients. Meaning they haven't committed to working with you yet. You don't want to scare them away before they've had a chance to work with you. Donald Miller, the author of Building a StoryBrand, said it best. “If you confuse, you'll lose.” Consider your marketing message from a design client's perspective. Let's say you specialize in logo design, and you showcase your three-step process on your website. Step 1) I start with a meeting. I have a list of over 50 questions I ask you, covering everything from how your company got started, to your mission, to where you see the future going. This allows me to get to know you and your business. Step 2) I take the answers you gave me and start the research process. I take a close look at what your immediate competition is doing. I examine your industry as a whole to determine if there are any trends we may want to follow. I may conduct focus groups to learn more about what your clients think of you. I then gather all this information and begin the concept stage, where I brainstorm and develop several different ideas. I then narrow it down to the most promising ones and fine-tune them until I'm satisfied. Step 3) I present you with the best ideas. If required, we then enter the revision process, where you are allowed three sets of revisions to tweak your logo until you are satisfied. Once done, I'll create a brand guide that outlines the rules for using your new logo and supply everything you'll need in various file formats. This shows a comprehensive process. And a designer may think this is perfect for showing the client why they're worth the price they're charging. However, it may have an adverse effect from a client's point of view. "50 questions? I just want a logo for my new business. Why does it have to be so complicated? Maybe I should find another designer." Imagine a client's perspective if they saw this on your website. Here is my three-step process. Step 1) I take the time to get to know you and your business. Step 2) This is where the magic happens as I develop the perfect logo for your business. Step 3) I present you with the best concepts for you to choose from. Don't worry. You'll be allowed to suggest minor adjustments to tweak the logo until you're 100$ satisfied. Now, this a client can understand. All the other information is redundant or can be relayed once the person becomes an actual client. Presentation and mockups. If you are not using mockups in your presentation, you are doing yourself and your clients a disservice. I can tell you from experience that mockups make a massive difference in a client's decision-making process. Many clients are not visual thinkers like designers are. Their creativity isn't honed like ours to imagine how things will look in different situations. A logo presented on a white background doesn't have the same effect as a logo shown on a storefront, a shirt or a vehicle. A tri-fold brochure displayed flat may look good. But it doesn't have the same oomph as a mockup showing what it looks like when partially folded. I've had several clients over the years tell me they were hesitant about a logo design I presented until they saw the mockups. Once they saw the logo “in action,” they saw its full potential. That's because clients often can't picture it on their own. Asking them to imagine the logo on the side of a delivery van is nowhere near the same as showing them the logo on a delivery van. When you prepare your presentations, thinking like a client can help you close more deals. Showing confidence, a client's perspective. You know the way you can sometimes tell when a person isn't sure of themself. It's offputting. Try to think about how you come across when dealing with clients. From the client's point of view, do you show confidence? Think about it. As you're pitching yourself to a potential client, They're looking at you and considering whether or not you're someone they want to work with. And that decision may have nothing to do with your actual pitch. From the client's point of view, they want to see someone who shows confidence in themself and their ability to do the work. You want every encounter with a potential client to end with the prospect thinking, “This is someone I want to work with.” Let's talk pricing from a client's perspective. Once again, thinking from a client's point of view. Are your prices too high or too low? Is a client willing to invest in you? There's no right or wrong answer regarding how you price yourself. It comes down to the type of client you want to work with. Think of it this way. Let's say you're in the mood to go out for a steak dinner. You can find a restaurant that serves a $20 steak. Or, you can go somewhere else and get a $200 steak. What's the difference? The difference is how much you're willing to spend on a steak. People who opt for the $20 steak might never consider spending $200 for a similar meal. However, some people regularly go out for $200 steaks and would never consider a $20 cut of meat. Now for all we know, both steaks came from the same cow. But that's beside the point. The person who opts to spend $20 on a steak and the person who opts to pay $200 have two different mindsets. Neither is right or wrong in their decision. It's just the way they are. The same thing applies to design clients. Thinking again from their perspective. Most clients who consider Fiverr a good place to get designs made would probably never consider paying thousands of dollars for a freelancer. And there are just as many clients who are willing to spend thousands of dollars which would never consider ordering from a cheap designer. So who are you marketing to? Do you want low-paying clients to say you're their person? Or do you want high-paying clients to think you're the perfect designer for them? Figure that out, and then target yourself to go after that group of clients. In this case, thinking like a client can help you land the clients you want. I could go on and on about how thinking like a client can benefit you. But I think you get the idea. Most clients are not designers. They don't think like designers, nor do they see the world around us the same way designers do. Don't let that become a gap between you and them. Before everything you do, ask yourself, “How would a client experience this?” And if you're successful at doing this. There's no reason why your design business shouldn't be successful either.

An airhacks.fm conversation with Mark Sailes (@MarkSailes3) about: the BBC micro computer with a cassette, the PRINT 10, 386, 486 and a Pentium with an internet connection, learning Apache, using Mandrake Linux at university, a first web page - a huge experience, PHP, MySQL and "we don't need transactions", the fantastic phpMyAdmin, using Java, C++ and Python at the university, the great JavaDoc, Eclipse and NetBeans, the great Java collection JavaDoc, migrating from java.util.Vector to java.util.List, working as backend junior Java developer, from junior over senior to team lead, 3% improvement with 97% rewrite, working for AWS, "Essentialism: The Disciplined Pursuit of Less" book, the WebLogic build engineer, pre pooling EJBs, Hey Enterprise EJB Developers Now Is The Time To Go Serverless, Lambda with API Gateway is a transition to Event Driven Architectures, Using AWS Lambda with an Application Load Balancer, cloud native, event driven architectures with AWS Lambda and Java, testable, asynchronous AWS Lambda, the serverless Kafka on AWS, archive and replay with Amazon Event Bridge, fast cold starts with AWS Lambda, milliseconds invocations with AWS Lambda, testing asynchronous AWS Lambda with JUnit, the limitations of mocking, AWS Cloud Development Kit (CDK) and AWS SAM CLI, swapping out Lambdas with SAM, describing AWS infrastructure with CDK, no YAML deployments with CDK, shareable infrastructure with compilable Java code, AWS CDK constructs--reusable cloud pieces Mark Sailes on twitter: @MarkSailes3, Mark's blog: mark-sailes.medium.com

Un épisode "explore" dans lequel Alex nous présente l'ORM Prisma Le son de Patrick est pas terrible, toutes nos escuses pour ça. Nous allons améliorer ça dans les prochains épisodes. Prisma ORM "V2, j'oublie la V1 et je reprends depuis le début !" Prisma est un ORM (object-relational mapping) open source écrit en Rust. Il est compatible JavaScript/TypeScript et Go. Au départ, Prisma dans sa version 1, était une sorte de générateur d'API. Vous lui donniez une DB et il vous donnait accès à des routes et une API graphQL pour récupérer les data. Après un virage à 180 degrés, la V2 n'a plus rien a voir avec la V1. Pour la V2, Prisma est désormais un ORM. Un ORM est un système qui vous permet de gérer les data d'une base de données en manipulant des objets. Les objets représentent les data et vous n'écrivez normalement jamais de query vers la base. Par exemple, pour une table "user", vous avez accès à un objet User et vous interrogez la base via cet objet. Il gère plusieurs systèmes de base de données : Postgres / Mysql / SQlite / SQLServer / MongoDB Prisma est présenté sou 4 modules : CLIENT / MIGRATE / STUDIO / DATA PLATFORM ( early stage ) Client Cette partie gère: la connexion avec les DB. le schéma des modèles la récupération des data et des queries Migrate Cette partie gère les migrations. Pour mettre à jour une DB en prod quand vous modifiez les modèles en développement. Studio Cette partie offre une interface de visualisation dans le style PHPMyAdmin, mais en beaucoup mieux ! Data Platform Un service en early stage pour gérer un DB via une interface cloud. Outil recommandé syncinc.so Podcast présenté par : Alexandre Duval @xlanex6 Patrick Faramaz @PatrickFaramaz

PHP Internals News: Episode 91: is_literal London, UK Thursday, July 15th 2021, 09:19 BST In this episode of "PHP Internals News" I chat with Craig Francis (Twitter, GitHub, Website), and Joe Watkins (Twitter, GitHub, Website) about the "is_literal" RFC. The RSS feed for this podcast is https://derickrethans.nl/feed-phpinternalsnews.xml, you can download this episode's MP3 file, and it's available on Spotify and iTunes. There is a dedicated website: https://phpinternals.news Transcript Derick Rethans 0:14 Hi, I'm Derick. Welcome to PHP internals news, a podcast dedicated to explaining the latest developments in the PHP language. This is Episode 91. Today I'm talking with Craig Francis and Joe Watkins, talking about the is_literal RFC that they have been proposing. Craig, would you please introduce yourself? Craig Francis 0:34 Hi, I'm Craig Francis. I've been a PHP developer for about 20 years, doing code auditing, pentesting, training. And I'm also the co-lead for the Bristol chapter of OWASP, which is the open web application security project. Derick Rethans 0:48 Very well. And Joe, will you introduce yourself as well, please? Joe Watkins 0:51 Hi, everyone. I'm Joe, the same Joe from last time. Derick Rethans 0:56 Well, it's good to have you back, Joe, and welcome to the podcast Craig. Let's dive straight in. What is the problem that this proposal's trying to resolve? Craig Francis 1:05 So we try to address the problem where injection vulnerabilities are being introduced by developers. When they use libraries incorrectly, we will have people using the libraries, but they still introduce injection vulnerabilities because they use it incorrectly. Derick Rethans 1:17 What is this RFC proposing? Craig Francis 1:19 We're providing a function for libraries to easily check that certain strings have been written by the developer. It's an idea developed by Christoph Kern in 2016. There is a link in the video, and the Google using this to prevent injection vulnerabilities in their Java and Go libraries. It works because libraries know how to handle these data safely, typically using parameterised queries, or escaping where appropriate, but they still require certain values to be written by the developer. So for example, when using a query a database, the developer might need to write a complex WHERE clause or maybe they're using functions like datediff, round, if null, although obviously, this function could be used by developers themselves if they want to, but the primary purpose is for the library to check these values. Derick Rethans 2:05 That is a method of doing it. What is this RFC adding to PHP itself? Craig Francis 2:09 It just simply provides a function which just returns true or false if the variable is a literal, and that's basically a string that was written by the developer. It's a bit like if you did is_int or is_string, it's just a different way of just sort of saying, has this variable been written by the developer? Derick Rethans 2:28 Is that basically it? Craig Francis 2:30 That's it? Yeah. Joe Watkins 2:32 It would also return true for variables that are the result of concatenation of other variables that would pass the is literal check. Now, this differs from Google, because they introduced that at the language level, but not only at the language level, at the idiom level. So that when you open a file that's got queries in PHP, commonly, if they're long, basic concatenation is used to build the query and format it in the file so that it's readable. So that it wouldn't really be very useful if those queries that you see everywhere in stuff like PHPMyAdmin, and WordPress, and Drupal and just normal code weren't considered literal, just because they're spread over several lines with the concatenation operator. It's strictly not just stuff that's written by the programmer, but also stuff that was written by the programmer or concatenated, with other stuff that was written by the programmer. Derick Rethans 3:33 Now in the past, we have seen something about adding taint supports to PHP, right? How is this different, or perhaps similar, to taint checking? Craig Francis 3:44 At the moment today, there is a taint extension, which is something you need to go out your way to install, and actually learn about and how to use. But the main difference is that taint checking goes on the basis of say, this variable is safe or unsafe. And the problem is that it considers anything that had been through an escaping function like html_entities as safe. But of course, the problem is that escaping is difficult. And it's very easy to make mistakes with that. A classic example is if you take a value from a user, an SSH SSH, their homepage URL, if you use HTML encoding, and then put it into the href attribute of a link, that can also result in HTML injection vulnerability, because the escaping is not aware of the context which is used. Because if the evil user put in a JavaScript URL, that is in inline JavaScript, that has created a problem because taint checking would assume that because you use HTML encoding it is safe, and all I'm saying is that is it creates a false sense of security. And by stripping out all that support for escaping, it means that you can focus on libraries doing that work because they know the context, they understand the domain, and we can just keep it a much simpler, and much safer approach. Derick Rethans 5:02 Would you say that the is_literal feature is mostly aimed at library authors and not individual developers? Craig Francis 5:09 Yeah, exactly. Because the library authors know what they're doing. They're using well tested code, many eyes over it. The problem libraries have at the moment is that they trust the developer to write things themselves. And unfortunately, developers introduce a lot of injection vulnerabilities with those strings before they even get into the library. Derick Rethans 5:30 How would a library deal with with strings that aren't literal then? Craig Francis 5:35 So it really depends on each individual example. And the RFC does include quite a lot of examples of how each one will be dealt with. The classic one is, let's say you're sorting by a column in a database, because if we're dealing with SQL, the field name might come from the user. But that is also quite a risky thing to do if you start including whatever field name the user wrote. So in the RFC, I've created a very simple example where the developer would create an array of fields that you can sort by, and then whatever the user provides, you search through that array, and you pull out the one that you that matches and is fine. And therefore you are pulling out a literal and including into the SQL. To be fair, these ones are quite unique. And each one needs to be dealt with in its own way. But I've yet to find an example where you can't do it with a literal. Having said that, I think Larry Garfield actually gave an example where a content management system changed its database structure. And the way that would work is the library would have to deal with it, they would receive the value for a field, and then that field would be escaped and treated as a field, it understands it as a field, and it will process it as such, then it can include into the SQL, knowing full well that everything else in that SQL is a literal, and then it can just build up SQL in its own way internally. Derick Rethans 6:58 Okay, talking a little bit about the implementation here. Since PHP seven, we have this concept of interned strings, or maybe even before that actually, I don't quite remember. Which is pretty much a flag on each string and PHP that says, this's been created by the engine, or by coconut. Why would strings have to have an extra flag here to remember that it is created by the programmer? Joe Watkins 7:21 Well, interned does not mean literal. It's an optimization in the engine, should we use strings. We're free to do whatever we want with that. At the moment, it by happenstance, most interned strings are those written by the programmer. If you think about the sort of strings that are written by the programmer, like a class name, when those things are declared internally, by an extension, or by core code, those things are interned as if they were written by the programmer. They don't mean literal, we're free to use interned strings for whatever we want. For example, a while ago, someone suggested that we should intern keys while JSON decoding or unserializing. It didn't happen, but it could happen. And then we'd have the problem of, well, how do we separate out all this other input. There is another optimization attached to interned strings, which is one character strings, where if you type only one character, or you call a Class A or B, or whatever, the permanent interned string will be used. That results in when the chr function is called, that results in the return of that function always being marked as interned. So it would show as literal, which is not a very nice side effect. And that's just a side effect that we can see today. We don't want to reuse the string really, it does need to be distinct. Also, if you're going to concatenate, whether you do it with the VM or a specific function, obviously, you need to be able to distinguish between an interned string and a literal string, which interned means it has a specific life cycle and specific value. And we can't break that. Derick Rethans 9:00 So there are really two different concepts, is what you're saying, and hence, they need to have a special flag for that? Joe Watkins 9:06 Yeah, they're very, two very separate concepts. And we don't we don't want to restrict the future of what interned strings may be used for. We don't want to muddy the concept of a literal. Derick Rethans 9:16 Of course, any sort of mechanism that languages built into solve or prevent injections in any sort of form, there's always ways around it. Theoretically, how would you go around the is_literal checks to still get a user inputted value into something that passes the is_literal check? Craig Francis 9:36 Generally speaking, you would never need it because the library should know how to deal with every scenario anyway. And it's not that difficult. We're only talking about things like in the database world, you'll be taking value from field names and therefore it should receive field names or table names. And, you know, we are providing a guardrail as a safety net. And what should happen is that the default way in which programmers work should guide them, to do it the right way. We're not saying that you can't do weird things to intentionally work around this. A really ugly version, which you should never do, but use eval and var_export together, it's horrible. But if you are so desperate, you need to get around this. That's what we're doing it. But in reality, we can't find any examples where you'd actually need to do this. Joe Watkins 10:22 I would say that, hey, there's this idea that most people writing PHP are using libraries, and they're using frameworks. I don't actually find that to be true. I've been working in PHP for a long time. And most of the big projects I've worked on for a long time did not start out using frameworks. And they did not start out using libraries. They look a bit like that today, but their core, they are custom. There may be a framework buried in there. But there is so much code that the framework is a component and is not the main deal. Most code, we actually do write ourselves, because that's what we're paid to do. I think we don't decide how people are going to use it, and we don't decide where they're going to use it. The fact is, like Craig said, it's a guardrail that you can work around easily. And if you find a use case for doing that, then we shouldn't prejudge, and say, well, that's the wrong thing to do. It might not be the wrong thing to do. For example, an earlier version of the idea included support for integers. We considered integers safe, regardless of their source. If you wanted to do that, in your application, you could do that very easily and still retain the integrity of the guardrail is not compromised. I wouldn't focus on this is for libraries, and this is for frameworks, because these things become so small in the scheme of things that they're meaningless. I mean, most of the code we work on is code that we wrote, it is not frameworks. Derick Rethans 11:48 That also nicely answers my next question, which is what's happened to integers, which have now nicely covered. The RFC talks about that as hard to educate people to do the right thing. And that is_literal is more focused, so to say, on libraries, and perhaps query building frameworks as the RFC alludes to. But I would say that most of these query building tools or libraries already deal with escaping from input value. So why would it make sense for them to start using is_literal if you're handling most of these cases already anyway? Craig Francis 12:24 If you look at the intro of the RFC, there's a link to show examples of how libraries currently receive the strings. And you're right about the Query Builder approach is a risky thing, I would still argue it's an important part. That's why libraries still provide them. Doctrine has a nice example of DQL. The doctrine query language is an abstraction that they've created, which is also vulnerable to injection vulnerabilities. And it gives the developer a lot more control over a very basic API. I still think people should try and use the higher level API's because they do provide a nice safe default, but that depends on which library use, they're not always safe by default. So for example, when you're sort of saying: I want to find all records where field parameter one, is equal to value two, a lot of the libraries assumed that the first parameter there is safe and written by the developer. They can't just necessarily simply escape it as though it's a field because that value might be something like date, bracket, field, bracket, and it's sort of relying on the developer to write that correctly, and not make any mistakes. And that hasn't proven to be the case, you know, they do include user values in there. Derick Rethans 13:43 Just going back a little bit about some of the feedback, because feedback to the RFC has happened for quite some time now. And there were lots of different approaches first tried as well, and suggested to add additional functions and stuff like that. So what's been the major pushback to this latest iteration of the RFC? Joe Watkins 14:01 So I think the most pushback has come from an earlier suggestion that we could allow integers to be concatenated and considered literal. We experimented with that, and it is possible, but in order to make it possible, you have to disable an optimization in the engine, that would not be an acceptable implementation detail for Dmitri. It turns out we didn't actually, we don't need to track their source technically, but it made people extremely uncomfortable when we said that, and even when we got an independent security expert to comment on the RFC, and he tried to explain that it was no problem, but it was just not accepted by the general public. I'm not sure why. Derick Rethans 14:45 All right. Do you have anything to add Craig? Craig Francis 14:48 The explanation given by people is they liked the simpler definition of what that was as if it's a string written by the developer. Once you start introducing integers from any source, while it is safe, it made people feel, yeah, what is this. And that's where we also had the slight issue because we had to find a new name for it. And I did the silly thing of sort of asking for suggestions, and then bringing up a vote. And then we had, I think it's 18 to three people saying that it should be called is_trusted, and you have that sinking moment of going, Oh, this is going to cause problems, but hey, democracy. It creates that illusion that it's something more. So that's why we sort of went actually, while I like Scott's idea of having the idea of maybe calling it is_noble. It is a vague concept, which people have to understand. And it's a bit strange. Whereas going back to the simpler, original example, they've all seem to grasp grasp of that one. And we could just keep with the original name of is_literal, which I've not heard any real complaints about. Derick Rethans 15:53 I think some people were equivalenting is_trusted with something that we've had before in PHP called Safe mode, which was anything but of course. Craig Francis 16:02 Yes, no, definitely. Derick Rethans 16:03 We're sort of coming to the end of what to chat about here. Does the introduction of is literal introduce any BC breaks? Craig Francis 16:11 Only if the user land version of is_literal, which I'm fairly sure is going to be unlikely. So on dividing their own function called that. Derick Rethans 16:18 Did you check for it? Craig Francis 16:20 Yes. Derick Rethans 16:21 So if you haven't found it, then it's unlikely to to exist. Craig Francis 16:24 There are still private repositories, we can't shop through all their show, check through all their code. But yeah. Derick Rethans 16:29 Did I miss anything? Craig Francis 16:31 We covered future scope, which is the potential for a first class type, which I think would be useful for IDs and static analysers. But this is very much a secondary discussion, because that could build on things like intersection types, but we still need to focus on what the flag does. And there's also possibility of using this with the native functions themselves, but we do have to be careful with that one, because, you know, we got things like PHPMyAdmin. We have to be able to make the output from libraries as trusted because they're unlikely to still be providing a literal string at the end of it. So that's a discussion for the future. And the only other thing is that, you know, the vote ends on the 19th of July. Derick Rethans 17:08 Which is the upcoming Monday. How is the vote going? Are you confident that it will pass? Craig Francis 17:13 Not at the moment, we're sort of trying to talk to the people who voted against it. And we've not actually had any complaints as such. The only person who sort of mentioned anything was saying that we should rely on documentation and the documentation is already there. And it's not working. I think a lot of people just voted no, because they just sort of going well, that's the safe default. I don't think it's necessary. Or, you know, I'd like the status quo. And we still are trying to sell the idea and say: Look, it's really simple. It's not really having a performance impact. And it can really help libraries solve a problem, which is actually happening. Derick Rethans 17:46 Is this something that came out of the people that write PHP libraries or something that you came up with? Craig Francis 17:52 So I've come gone to the library authors and suggested you know, this is how Google do it. Would you like something similar? And we've certainly had red bean and Propel ORM saw show positive support for that. And I've also talked to Matthew Brown, who works on the Psalm static checking analysis. He's very positive about it, so much so that Psalm now also includes this as well. Obviously, static analysis is not going to be used by everyone. So we would like to bring this back to PHP so that libraries can use it without relying on all developers using static analysis. Derick Rethans 18:25 Thank you very much. Glad that you were both here to explain what this is_literal RFC is about. Craig Francis 18:31 Thank you very much, Derick. Joe Watkins 18:33 Thanks for having us. Derick Rethans 18:37 Thank you for listening to this installment of PHP internals news, a podcast dedicated to demystifying the development of the PHP language. I maintain a Patreon account for supporters of this podcast as well as the Xdebug debugging tool. You can sign up for Patreon at https://drck.me/patreon. If you have comments or suggestions, feel free to email them to derick@phpinternals.news. Thank you for listening and I'll see you next time. Show Notes RFC: is_literal Credits Music: Chipper Doodle v2 — Kevin MacLeod (incompetech.com) — Creative Commons: By Attribution 3.0

Please note: The audio version doesn't include code or commands. Those parts of the post can be seen in the text version. With its ever-growing database and ease of use, Shodan has become one of the most popular tools used by security researchers for gathering IoT intelligence. Shodan provides a great starting point for researchers performing any information gathering task. By being able to filter data by its location, software version, when it was last seen and much more, Shodan can help researchers target specific research points, making their work easier and more efficient. Shodan is great for marketing teams and software vendors too, allowing you to filter out different versions of software running on a server. Furthermore, with the location filters available, one can also find the number of instances running in a certain country, city or district. Shodan employs cybersecurity fingerprinting as a way to find and tag devices, similar to the way human fingerprints identify a person. Various bits of information and services running on an IP address help identify the device running on that IP address. For example, looking up the issuer of an SSL certificate attached to an IP address can often help identify the manufacturer of the device with which the IP is associated. Today we will explore the top Shodan dorks to find sensitive data from IoT connected devices. Most popular Shodan dorks Thanks to its internet scanning capabilities, and with the numerous data points and filters available in Shodan, knowing a few tricks or "dorks"-like the famous Google Dorks can help filter and find relevant results for your IP intelligence research. To begin using Shodan dorks-in a practice known as "Shodan dorking", you'll first need to log in-or create an account and log in to your Shodan account by clicking on the "Login or Register" button on the right-hand side: After which you can log in to or create your Shodan account. Keep in mind this list is presented in random order. There's no Shodan dork more important than any other; they're merely used for different purposes. Let's begin. Databases Databases often hold critical bits of information. When exposed to the public internet, whether for ease of development access or simply due to misconfiguration, can open up a huge security hole. To find MongoDB database servers which have open authentication over the public internet within Shodan, the following search query can be used: MongoDB also has a web management application similar to phpMyAdmin called Mongo Express Web GUI, which we can find with the following query: Similarly, to find My SQ-L-powered databases: To lookup popular Elastic search-powered instances: And to look up Postgre SQ-L databases: Exposed ports Searching for services running on open ports accessible on the public internet, like FTP servers, SS-H servers and others, is possible by using the following queries. For FT-P, querying for pro ftpd, a popular FT-P server: To look for FT-P servers that allow anonymous logins: To query for Open SS-H, a popular SS-H server: For Telnet, querying for port 23: To look up EXIM-powered mail servers on port 25: Memcached, commonly seen on port 11211, has been a major source of UD-P amplification attacks leading to huge DDoS attacks. Services running Memcached available on the public internet are often exploited for these attacks: Jenkins is a popular automated build, deploy and test tool, often the starting point of any software being built for release. It can be found via the following query: DN-S servers DN-S servers with recursion enabled can be a huge source of network threats. To find these servers, one can use the query: Network infrastructure To find devices running a specific version of a Router-OS operating system that powers routers, switches and other networking equipment from the company MikroTik, we use the following search query: This allows us to find those switches, routers and other networking gear running an older an...

Inledning Jocke använder Markdown, det är störigt med saker som försöker formattera ens inklistrade text Jocke e-postar med John Gruber, Microsoft menar allvar med Vista Christian kan hantera barntema. Det har hänt mycket med Wordpress, och det är inte odelat bra Påsken närmar sig, har alla plockat fram sina dymlar? Sveriges bästa kebab Pandemianpassning. Citigroup inför Zoomfria fredagar. Fredrik och Christian lämnar sin backlog bakom sig, funderar över hur distansmöten hackar upp dagen, och börja på ny ticket Uppföljning Intel vill bygga fler kretsar åt Apple, om de får Ämnen Microsoft erbjuder upp till 30 000 dollar för den som hittar buggar (säkerhetshål) i Teams Robotdammsugare - vad är bäst och vad ska man köpa? Pratar de med Homekit? Ljudlimpa eller liknade snygg diskret ljudlösning med Apple TV 4K - vad är bäst och vad ska man köpa? Ett fort av Homepod? Kabel och kaffe - följtips på Instagram Fredrik skriver 17 rader kod, fröjdas över datorers kraft OS X-retrospekt? Nog var Panther tidernas bästa version? Voltswagen - ett otroligt dåligt hanterat aprilskämt. Vid inspelning hade de inte erkänt att det var ett skämt än Länkar Markdown Notion Windows Vista Building a better dinosaur Windows Vista means business Preview-bilder med Jekyll - texten som felsöktes i sändning Kramdown Dymmelonsdag Kebaben i Årsta Sveriges bästa kebab ska finnas i Jönköping Kebabsåsreceptet i Jönköpingsposten Zoomfria fredagar på Citigroup Intel vill ändå gärna bygga kretsar åt Apple Microsoft betalar för att hitta säkerhetshål i Teams Sonos ljudlimpor - Arc och Beam Sonos sub Kabel och kaffe Teknikveckan intervjuar Kabel och kaffe-Erik En podd om teknik om hemautomatisering Cpanel Phpmyadmin CUPS Slå på Cups i Macos Alla John Siracusas Mac OS-recensioner Spotlight Isight-kamerorna Filevault Snow leopard Mac OS X server Ical Xiaomi mi laptop pro Oroligt i FeeBSD-land Xiaomi-klockor Voltswagen - ett extremt misslyckat aprilskämt Fredrik Björeman, Joacim Melin och Christian Åhs. Fullständig avsnittsinformation finns här: https://www.bjoremanmelin.se/podcast/avsnitt-252-stangt-i-hela-jira.html.

Note: The audio version doesn't include code or commands. Those parts of the post can be seen in the text version. We are excited to announce new features for Surfacebrowser. Now you can perform a new range of Http-header-based queries to get information from our port 443 crawled data, and gain quick access to improved tagging for faster asset discovery. Query HTTP-header data With this latest release we've empowered security researchers and IT managers to get critical information present in any Http-header from Ssl-based websites. This is done by running a simple Sql-based query. These are some of the main attributes supported by the table hosts (the complete list of supported attributes is found in Sql-explorer): HTTP.headers.content_type: The content type header pulled out of the index page. HTTP.headers.location_host: The location header of the index page. HTTP.headers.server: Shows the contents of the ServerName Http-header from port 443. HTTP.headers.raw: Shows the contents of the raw crawl data for the Http-headers. Let's dive into a few practical examples: **Sites using GWS web server and self-signed certificates** Let's see who's using the famous GWS web server from Google, and at the same time using self-signed certificates in production. For this first example, we ran the following query: **Searching for phpMyAdmin instances of the U.S. government** With our powerful Sql-explorer interface, you can also pipe this header data with certain domain TLD filters. **Searching for Cisco VPN services of the U.S. government** In this example, we'll explore cookie information searching for this type of VPN. Just modify the previous query, and change the HTTP.headers.raw line to be: **Finding vulnerable Windows-based web servers** Old web servers are still around us, in many websites. One of these is Microsoft IIS, and in the following example we'll query for the vulnerable IIS 7.5 version: **Searching for outdated PHP versions** PHP-based websites still rule a big part of the internet. Here we'll focus on discovering PHP 4.x versions for sites using Ssl-certificates issued in the state of NY: Improved tagging Tags are an easy way to gain access to a bunch of technologies and services. In this February update we've also improved the way we handle these tags, and we have over 1,000 active tags at the time of this writing. These tags let you discover digital assets from any IT platform, as you can see in the following example for Cloudflare: The same can be done with Amazon, Akamai and a thousand other tech-related tags from our database. And for further analysis you can even download any of this data to your local network: The possibilities are endless—and just one Sql-query away. Book your demo now!

PHP webhosting je najobľúbenejším a jedným z najdostupnejších spôsobov, ako vyvíjať a aj prevádzkovať webové stránky a online služby. Čo to obnáša z pohľadu hostingu, ak sú webov desiatky tísíc a v rôznych krajinách? Okrem webov aj databázy, maily a ďaľšie služby? Ako to robiť tak, aby zákazníci mali tieto služby radi? Ako sa vlastne webhosting stavia? Ako funguje IT v najväčšej webhostingovej spoločnosti na Slovensku, sme sa rozprávali s jej CTO, Tomášom Srnkom. Tomáš pôsobí ako Chief Technology Officer v spoločnostiach WebSupport a Active24. Študoval informatiku na ČVUT v Prahe a manažment na UK v Bratislave. Už v 17 rokoch spoluzakladal komunitné združenie vpsFree.cz. V rámci Google Summer of Code sa podieľal na vývoj projektu phpMyAdmin. V diskusii s Tomášom Srnkom sa dozviete: - Ako vyzerá a funguje IT tím vo WebSupporte? - Ako sa webhosting zmenil za posledné roky? - Je PHP jazykom do dnešnej doby? - Dá sa rozumne škálovať infraštruktúra pre skokové nárasty zákazníkov? - Stačia pri webhostingu len open-source nástroje? Diskusiu moderuje Fero Volár, ktorý je Head of server products vo WebSupporte a píše blog alian.info.

This week we look at updates for c-ares, PulseAudio, phpMyAdmin and more, plus we cover security news from the Ubuntu community including planning for 16.04 LTS to transition to ESM, libgcrypt FIPS cerified for 18.04 LTS and a proposal for making home directories more secure for upcoming Ubuntu releases as well.

SQL is the language of databases, and SQL programmers are in high demand. This week, I want to share how to learn SQL for free — and in your spare time — during quarantine. All you need to get started is access to an MYSQL database, as well as some datasets to play around with. 1. Install a Database — If you want to learn SQL, you’re going to need a SQL database. One of the easiest ways to get a database is to register for a shared hosting account. If you go to hostgator.com and enter the code “onemonthcode,″ you’ll gain access to a MYSQL database for only $0.01 (for the first month). Once you’re in the control panel (or cPanel) click the option to create a new database. Then, click on “PHPMyAdmin” for access to your MYSQL database. Watch this video on setting up shared hosting to learn more.  2. Download a (Free) SQL Dataset — In order to learn SQL, you need a dataset. I've included a free SQL dataset (.sql file) that you can download and upload to your MYSQL database.  Open it in Sublime Text, or any text editor, right now, and you can see! Once you’ve completed the MYSQL installation, go to your MYSQL database and click “Import” to import this .sql file. 3. Discover some great resources! My favorite SQL book is Sams Teach Yourself SQL in 10 Minutes by Ben Forta! They say only 10 minutes a day, but you’ll find all the knowledge you need to write SQL statements in this tiny book. One of my favorite free online resources for SQL code is W3Schools. They have some pretty great SQL quizzes you can try out too! Once you’re ready to ramp things up and become a true SQL expert, consider signing up for my 30-day One Month Learn SQL course. During the course, you’ll learn to read, write, query, and analyze data using 20+ of the most popular SQL commands.  

Mes bases données MySQL sont migrées, je veux les consulter. Réagissez à cet épisode et retrouvez plus d'informations sur la page https://www.abonnel.fr/podcasts/tech/36-20200512-installer-php-fpm-phpmyadmin

Mes bases données MySQL sont migrées, je veux les consulter. Réagissez à cet épisode et retrouvez plus d'informations sur la page https://www.abonnel.fr/podcasts/tech/36-20200512-installer-php-fpm-phpmyadmin

In the Security News, how an iOS 13 flaw could provide access to contacts with passcode, Equifax demands more information before making payouts, confidential data of 24.3 million patients were discovered online, and a SIM Flaw that lets hackers hijack any phone by sending SMS! Full Show Notes: https://wiki.securityweekly.com/Episode620 Visit https://www.securityweekly.com/psw for all the latest episodes!

In the Security News, how an iOS 13 flaw could provide access to contacts with passcode, Equifax demands more information before making payouts, confidential data of 24.3 million patients were discovered online, and a SIM Flaw that lets hackers hijack any phone by sending SMS! Full Show Notes: https://wiki.securityweekly.com/Episode620 Visit https://www.securityweekly.com/psw for all the latest episodes!

Google Calendar: https://threatpost.com/google-calendar-settings-gaffes-exposes-users-meetings-company-details/148384/ iOS 13 Bypass https://www.bleepingcomputer.com/news/security/ios-13-passcode-bypass-lets-you-view-contacts-on-locked-devices/ The vulnerability of PHPMyAdmin https://thehackernews.com/2019/09/phpmyadmin-csrf-exploit.html Thai Lion Air https://www.bleepingcomputer.com/news/security/millions-of-lion-air-passenger-records-exposed-and-exchanged-on-forums/ Music by https://www.bensound.com/ --- Support this podcast: https://anchor.fm/chillchillsecurity/support

In this episode, Tim and David talk about How to Get Into a WordPress Website from PHPmyAdmin The post Should Your Website Have an About Page? | EP 582 appeared first on WP Gears.

In this episode, Tim and David talk about How to Get Into a WordPress Website from PHPmyAdmin The post How to Get Into a WordPress Website from PHPmyAdmin | EP 581 appeared first on WP Gears.

Researchers at Guardicore Labs have been tracking an unusual cryptominer that seems to be based in China and is targeting Windows MS-SQL and phpMyAdmin servers. Some elements of the exploit make use of sophisticated components previously associated with nation-state actors. Ophir Harpaz and Daniel Goldberg are members of the Guardicore Labs team, and they join us to explain their findings. The research can be found here -  https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/

Researchers at Guardicore Labs have been tracking an unusual cryptominer that seems to be based in China and is targeting Windows MS-SQL and phpMyAdmin servers. Some elements of the exploit make use of sophisticated components previously associated with nation-state actors. Ophir Harpaz and Daniel Goldberg are members of the Guardicore Labs team, and they join us to explain their findings. The research can be found here -  https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/ The CyberWire's Research Saturday is presented by Juniper Networks. Thanks to our sponsor Enveil, closing the last gap in data security.  

Creación de acceso web para que los usuarios puedan acceder a sus bases de datos MySQL, también un acceso por SFTP para poder ver o cambiar sus archivos. Y además como algunos se pasaron de vivos tuve que limitar la quota por espacio en disco de cada sitio.

stdout.fm 13번째 로그에서는 Read the Docs, Write the Docs, 도커를 사용하는 이유에 대해서 이야기를 나눴습니다. 참가자: @seapy, @raccoonyy, @nacyo_t Home | Read the Docs Read the Docs 2018 Stats — Read the Docs Blog sphinx-doc/sphinx: Main repository for the Sphinx documentation builder reStructuredText Ruby-Doc.org: Documenting the Ruby Language realpython/python-guide: Python best practices guidebook, written for humans. Getting Started with Sphinx — Read the Docs 2.7 documentation ? Welcome to phpMyAdmin’s documentation! — phpMyAdmin 5.0.0-dev documentation The Hitchhiker’s Guide to Python! — The Hitchhiker’s Guide to Python Requests: HTTP for Humans™ — Requests 2.21.0 documentation Welcome to our community! — Write the Docs Write the Docs 2018 Stats — Write the Docs 테크니컬 라이팅 컨퍼런스: Write the Docs Prague 2018 방문기 - LINE ENGINEERING I want to run a Write the Docs conference, now what? — Write the Docs 파이콘 APAC 2016 - Write the Docs Seoul Meetup #1 왜 굳이 도커(컨테이너)를 써야 하나요? - 컨테이너를 사용해야 하는 이유 | 44bits.io Docker (Compose) 활용법 - 개발 환경 구성하기 Docker 1.3: signed images, process injection, security options, Mac shared directories - Docker Blog DEVIEW 2014 - Docker로 보는 클라우드 서버 운영의 미래 DEVIEW 2013 - 이렇게 배포해야 할까? - Lightweight Linux Container Docker 를 활용하여 어플리케이션 배포하기 Production-Grade Container Orchestration - Kubernetes AWS Fargate – 서버 또는 클러스터를 관리할 필요 없이 컨테이너를 실행 Cloud Application Platform | Heroku The Twelve-Factor App Kubernetes가 가져온 분산 시스템의 위협과의 싸움(Wantedly 사례, 일본어) - Speaker Deck Netlify: All-in-one platform for automating modern web projects. vaidik/sherlock: Easy distributed locks for Python with a choice of backends. whining - Ruby evolution is taking TOO long : ruby Rubyのまつもと氏、「気分を害することもある。だからどうか建設的であってほしい」 － Publickey Feature #6284: Add composition for procs - Ruby trunk - Ruby Issue Tracking System Yukihiro Matsumoto on Twitter: “20+ years ago, …” Younggun Kim on Twitter: “이유가 무엇이든 …” Publickey on Twitter: “ありがとうございます。…” Ruby is dead | A totally legit site based on science Is Ruby Dead? Using Ruby in 2019 - Jason Charnes Heartbleed Bug Spyware Disguises as Android Applications on Google Play - TrendLabs Security Intelligence Blog

In Kalenderwoche 50 geht es im CISO Summit um sehr wichtige Updates von Microsoft. Dabei zeigen wir 2 Sicherhehitslücken, die durch die Updates behoben werden. Außerdem sprechen wir über das neue Datenleck bei Google + und zeigen wie wichtig es aktuell ist phpMyAdmin und Kubernetes zu patchen. #Antago #Patchday #GooglePlus Unsere Playlists: ———————————————————————— Ciso Summit: https://www.youtube.com/playlist?list=PL5UPPOVLI7TcNADgzBOpBEIw4y8Pafrju Hackers Talk: https://www.youtube.com/playlist?list=PL5UPPOVLI7TddmJLJg5bfkvtdQKMr1Low Folgen Sie uns auf Social Media: ———————————————————————— YouTube: https://www.youtube.com/channel/UCR5Rbm4v5q7muJfmuknOxrQ Facebook: https://www.facebook.com/antagogmbh/ Twitter: https://twitter.com/AntagoGmbH Xing: https://www.xing.com/companies/antagogmbh LinkedIn: https://www.linkedin.com/company/antago-gmbh Podcast: ———————————————————————— Spotify: https://open.spotify.com/show/04WZqMHD9tNZVLy0MmDR2g?si=sq9GUyGXQNSZUqb6cIAUfQ iTunes: https://itunes.apple.com/us/podcast/antagos-ciso-summit/id1434693160?mt=2 Wichtige Windows Updates ———————————————————————— Quellen: https://www.zerodayinitiative.com/blog/2018/12/11/the-december-2018-security-update-review Tags: #PatchDay Erneut: Datenleck bei Google+ ———————————————————————— Quellen: https://www.blog.google/technology/safety-security/expediting-changes-google-plus/ Tags: #GooglePlus Wichtige Patches phpMyAdmin & Kubernetes ———————————————————————— Quellen: https://github.com/evict/poc_CVE-2018-1002105#unauthenticated-poc Quellen: https://www.phpmyadmin.net/security/PMASA-2018-6/ Tags: #KubernetesExploit Diese Woche wurde das CISO Summit von Alexander Dörsam präsentiert. Besuchen Sie uns auf https://antago.info

'GDPR-Lite', Testing Firefox, refactoring in VS Code, sniff network traffic from our iOS device, Gentoo GitHub organization is hacked, and what does it mean to experience fulfillment? All that and more, here on Application Security Weekly! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode22 Follow us on Twitter: https://www.twitter.com/securityweekly

'GDPR-Lite', Testing Firefox, refactoring in VS Code, sniff network traffic from our iOS device, Gentoo GitHub organization is hacked, and what does it mean to experience fulfillment? All that and more, here on Application Security Weekly!Full Show Notes: https://wiki.securityweekly.com/ASW_Episode22 Follow us on Twitter: https://www.twitter.com/securityweekly

Here is a story about dealing with a website that has been hacked. I got an email from a digital agency I work with who had one of their websites hacked. This podcast walks through the process I followed to find and remove the hacking in relatively simple terms. This is what the website looked like Cpanel access You will need your cpanel login details for the webhosting you have for you website to follow these steps. Usually you can access it via your website addresss/cpanel eg mywebsite.com/cpanel then use the username and password they sent you when you set up your webhosting account. Replace wp-admin and wp-includes (NOT wp-content) Got to wordpress.org and download the latest version of WordPress. Then replace the wp-admin and wp-includes folders on your website with the new ones you downloaded. This is done by unzipping the wordpress file you downloaded from wordpress.org and then zipping just the wp-admin folder and the wp-includes folder as a new zip file. The upload that via the cpanel file manager to your website and extract them to replace the existing wp-admin and wp-includes folders only. **Warning** DO NOT REPLACE wp-content folder that is where all of your images, theme etc files live and you need to leave it alone. Turn on debugging mode Edit the wp-config.php file and change the debug setting to true. This is done by right clicking on the file via your file manage in the cpanel area and selecting edit. Remember to save the setting or it won't actually change the setting. Start renaming folded one by one and change them back in between tests Now check the website and if it still has hacked files try changing the name of the wp-content folder to something else eg offline-wp-contents If the hacking message isn't there anymore you are on the right track. Now rename it back to what it was supposed to be. Rename the next level of folders under wp-content one by one and change them back to the correct name in between. I tried plugins, wp-uploads with no change. Then I renames the themes folder and voila it changed to a white screen. I was getting close now. Gotcha, hacked file found I then saw a debugging message saying that a file called class-mega-menu.php was missing or something like that. When I opened that file to view it there was the actual little daemon figure and the hacking code. I was now able to go and get the original theme files and replace the file in question and it all came back to life. Username and password not working One more issue remained, my login had been compromised via the hacking file. I now had to get my username and password sorted out via the cpanel -> phpmyadmin area. To fix that you then need to go into phpMyAdmin and find the database used for your website. Then click on wp_users which then shows you the users that have access to your website. It was there I could see my username had been changed. How to change the username and password from phpMyAdmin So you click on edit on the username in question and change the username back to yours then you put the new password and you also need to select MD5 s the password format or it won't work. Once you click save by pressing Go and confirming the change your username and password should work again. So all done. Intro music by : www.bensound.com

Mucha gente conoce qué es phpMyAdmin, es más, estoy seguro que muchas personas lo habrán utilizado, pero ¿Realmente la gente sabe el potencial que tiene? En este podcast profundizaremos en phpMyAdmin como lenguaje, empezaremos veremos qué es y cuál es su historia, hasta las opciones ocultas más potentes que tiene. Sin duda, un podcast para todas, tanto para los expertos que pueden sacarle más partido, como para los que todavía no conocen esta genial herramienta.

Mucha gente conoce qué es phpMyAdmin, es más, estoy seguro que muchas personas lo habrán utilizado, pero ¿Realmente la gente sabe el potencial que tiene? En este podcast profundizaremos en phpMyAdmin como lenguaje, empezaremos veremos qué es y cuál es su historia, hasta las opciones ocultas más potentes que tiene. Sin duda, un podcast para todas, tanto para los expertos que pueden sacarle más partido, como para los que todavía no conocen esta genial herramienta.

Antes de nada, es muy importante seguir unos primeros pasos al instalar WordPress para asegurarte empezar con buen pié! Nada más instalar WordPress (o justo antes), lo primero que nos preocupa normalmente es buscar la plantilla más chula y moderna, hacer un logo, los colores de la web… etc. Es algo que considero erróneo ya que son características importantes pero que, a priori , no sirven de nada si no disponemos del objetivo claro de la web y del contenido de valor/calidad que vayamos a integrar en nuestro portal, posterior al realizar las primeras configuraciones esenciales nada más crear tu WordPress. Cuando tienes claro el objetivo de tu web y dispones de contenido suficiente para la creación de esta, te resumo que hacer primero (según mi criterio) en 8 sencillos pasos : - Ir a Ajustes > Enlaces Permanentes > Hacer click en “Nombre de la entrada” ó si tienes conocimientos de como hacerlo, crear “Estructura personalizada” para hacer más “amigable” la estructura de URLs de tu portal. Como recomendaciones para estructuras de URL cuando generes contenido > No utilizar acentos ni simbolismos innecesarios y utilizar barra media (-) para separar palabras siempre. Que los títulos sean breves y directos! - Ir a Ajustes > Lectura > Hacer click en “Disuade a los motores de búsqueda de indexar este sitio” para evitar que los motores de búsqueda indexen tu web ya que en este momento no tienes configurado ningún parámetro de SEO y tampoco cuentas con contenido por lo que no te interesa hasta que tengas la web formada. - Instalar un plugin para copias de seguridad: Importantísimo a tener en cuenta al inicio de estos primeros pasos al instalar WordPress para, si metemos la pata en algún momento, poder ir atrás, o bien, asegurarnos de que nuestro hosting hace estas copias de seguridad desde su servidor de forma paralela a tu web. En muchas ocasiones nos interesará que las copias de seguridad sean más habituales, revisa esto e instala un plugin para ello, si no quieres hacerlo a mano (descarga de archivos por FTP y exportar Base de Datos en phpMyAdmin), puedes utilizar el plugin gratuito Wp Backup > https://wordpress.org/plugins/backupwordpress/ - Instala un plugin de seguridad con Firewall WAF (Web Application Firewall), una herramienta que analiza y bloquea los ataques a nuestra página web en tiempo real. En este caso te recomendamos iThemes Security > https://es.wordpress.org/plugins/better-wp-security/ Nota: activa la herramienta integrada de SSL si tienes un certificado de encriptación Instalado. - Instalar un plugin de SEO: Te recomendamos WordPress SEO by Yoast; Si quieres su versión Premium de WordPress SEO by Yoast, apúntate al club para conseguirlo gratis> https://clubwpress.com/unirse-al-club/. - Elegir e Instalar una plantilla y sustituir el contenido que tenga por contenido original; Asegurarte que no aparezca contenido de ejemplo al publicar tu web, queda muy poco profesional… - Generar el contenido de valor. - Ir a Ajustes > Lectura > Quitar el check de “Disuade a los motores de búsqueda de indexar este sitio”. Muy importante a tener en cuenta en estos primeros pasos al instalar WordPress ya que, en muchas ocasiones se nos puede olvidar quitarlo, google noindesaria la web, y ns volveríamos locos buscando que es lo que sucede hasta que nos damos cuenta del dichoso apartado está activo… pasa y mucho mas de lo que quisiéramos! Otros links comentados: Crear WordPress para pruebas > https://clubwpress.com/tutoriales/crear-wordpress-pruebas/ 50% descuento en hosting Siteground > https://www.siteground.es/go/destaca_hosting Escucha el programa sobre nuestros plugins recomendados > https://clubwpress.com/podcast/2 Recordaremos que, dentro de poco lanzaremos nuestro Primer Curso especial para socios sobre WordPress y Emprendimiento, que ya está en el horno. Por el momento puedes suscribirte para tener tu plaza por solo 6€/mes y, a cambio, tendrás acceso a algunas herramientas con las que trabajaremos, algunos recursos que te serán de ayuda para empezar o mejorar tu web, una pequeña selección interesante para que empieces tu proyecto ya! Accede al club en https://clubwpress.com/unirse-al-club/ Mil gracias por escuchar el programa! Podéis dejar vuestras valoraciones de 5 estrellas en iTunes y vuestros me gusta y comentarios en iVoox. Os esperamos el viernes que viene con una sonrisa. Feliz fin de semana! ¿Quieres APARECER en este podcast o PATROCINAR un episodio? Escríbenos! Música creada por @UbisoundsValencia (FB)

10 things in cybersecurity that you might have missed in 2017, a flaw in major browsers, a critical flaw in phpMyAdmin, beware of a VMWare VDP remote root issue, how to protect your home router, Meltdown and Spectre explain how chip hacks work, and Intel is in the security Hot Seat over a serious CPU design flaw! Full Show Notes: https://wiki.securityweekly.com/Episode542 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

10 things in cybersecurity that you might have missed in 2017, a flaw in major browsers, a critical flaw in phpMyAdmin, beware of a VMWare VDP remote root issue, how to protect your home router, Meltdown and Spectre explain how chip hacks work, and Intel is in the security Hot Seat over a serious CPU design flaw! Full Show Notes: https://wiki.securityweekly.com/Episode542 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Marcello Salvati of Coalfire Labs joins us for our featured interview. John Strand delivers another killer Tech Segment about the new mimikatz event log clearing feature. Then in the security news, 10 things in cybersecurity that you might have missed in 2017, a flaw in major browsers, a critical flaw in phpMyAdmin, beware of a VMWare VDP remote root issue, how to protect your home router, Meltdown and Spectre explain how chip hacks work, and Intel is in the security Hot Seat over a serious CPU design flaw! We also hear from Keith Hoodlet about our brand new show! All that and more on this episode of Paul's Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode542   Visit https://www.securityweekly.com/psw for all the latest episodes!

Marcello Salvati of Coalfire Labs joins us for our featured interview. John Strand delivers another killer Tech Segment about the new mimikatz event log clearing feature. Then in the security news, 10 things in cybersecurity that you might have missed in 2017, a flaw in major browsers, a critical flaw in phpMyAdmin, beware of a VMWare VDP remote root issue, how to protect your home router, Meltdown and Spectre explain how chip hacks work, and Intel is in the security Hot Seat over a serious CPU design flaw! We also hear from Keith Hoodlet about our brand new show! All that and more on this episode of Paul's Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode542 Visit https://www.securityweekly.com/psw for all the latest episodes!

PHPMyAdmin Scans https://isc.sans.edu/forums/diary/Increase+of+phpMyAdmin+scans/22688/ Hotspot Shield Leakes Private User Data https://cdt.org/files/2017/08/FTC-CDT-VPN-complaint-8-7-17.pdf Debian Turning Off Support for TLS 1.0/1.1 https://lists.debian.org/debian-devel-announce/2017/08/msg00004.html Ongoing Phishing Attacks Against Google Chrome Plugin Developers https://www.bleepingcomputer.com/news/security/chrome-extension-developers-under-a-barrage-of-phishing-attacks/

PHPMyAdmin Scans https://isc.sans.edu/forums/diary/Increase+of+phpMyAdmin+scans/22688/ Hotspot Shield Leakes Private User Data https://cdt.org/files/2017/08/FTC-CDT-VPN-complaint-8-7-17.pdf Debian Turning Off Support for TLS 1.0/1.1 https://lists.debian.org/debian-devel-announce/2017/08/msg00004.html Ongoing Phishing Attacks Against Google Chrome Plugin Developers https://www.bleepingcomputer.com/news/security/chrome-extension-developers-under-a-barrage-of-phishing-attacks/

Fredrik, Adam och Kristoffer besöker ett gammalt ämne, våra arbetsstationer. Har det hänt mycket på 4 år då vi senast pratade om ämnet? Vi delar med oss om allt från skärm-setuper till SQL-programvaror. Även om vi skippade eftersnacket så hade så mycket att prata om att avsnittet blev lite längre än vanligt. Detta poddavsnitt sponsras av Websystem Det här poddavsnittet sponsras av Websystem. Länkar till moduler, webbplatser och tjänster vi pratade om i detta avsnitt: Dagens avsnitt Drupalsnack 8: Om allt däromkring Office Ballz Kristoffers 40” 4K skärm Apple extended keyboard Stående mus BBedit Sublime Text PHPstorm Vim Notepad++ VirtualBox Vagrant Ansible Sequel Pro phpMyAdmin Docker Adminer Dash Duckduckgo Trello Things Jira

This week I talk about What phpMyAdmin can do. Upcoming Events WordCamp Lyon, France – June 5   WordCamp Hamilton, Ontario Canada – June 6th   WordCamp Cologne, Germany – June 6 -7 WordCamp OC, CA – June 6-7 Segment 1: In the News WordPress 4.3 due for Aug 18th with BETA 1 — July…

Le PHP5 et sans le langage indispensable à maîtriser dans le monde du Web.  Dans ces tutoriels PHP, vous apprenez à utiliser la console d’administration phpMyAdmin et la console MySQL pour créer des bases de données et des tables et administrer des utilisateurs. Vous apprenez également comment interroger une base de données et modifier son contenu en PHP5. Profitez des conseils d’un pro dans cette formation PHP pour apprendre à organiser votre code selon une architecture MVC (modèle-vue-contrôleur) afin de faciliter sa maintenabilité. Dans cette formation en tutoriels vidéo, vous allez apprendre à écrire du code serveur PHP5 et à interroger des bases de données MySQL, afin de créer des actions dynamiques en fonction des actions des utilisateurs. Après une rapide remise à niveau sur les notions de bases en HTML[...]

Watch VideoGNU General Public License. You can download MAMP from Living-e AG. The download page can be found HERE.Current MAMP versions require Mac OS X 10.4.x. If you're running Mac OS X 10.3.x you can download an earlier version of MAMP 1.4.1 (universal binary), for Intel and PowerPC.Previously this site covered installing Joomla! 1.0x in the MAMP environment on your computer. Now that Joomla! 1.5 is available as a stable release you may want to install version 1.5 site on your Macintosh computer using MAMP. The two versions of Joomla! install methods are very similar but there are changes to Joomla! 1.5 that you can get familiar with here.As of this writing MAMP is a Universal Binary version 1.7.1. The download is a 127 MB disk image. There is also a MAMP Pro version that you can read about HERE. This article will deal with the regular and free version of MAMP.MAMP is installed on your computer in your 'Applications' Folder. In order to work properly the MAMP folder must be located in the Applications folder. You should also have at least 250 MB of free space on your hard drive.Once MAMP is installed on your Mac you are now ready to install Joomla! 1.5. Get the latest full install of Joomla! from joomla.org. On the home page of joomla.org There is usually a banner with a button to download Joomla! When you click that download button you may be taken to a page which offers a couple of compressed install package options. The install packages come compressed as a .zip, .tar.gz, and .tar.bz2 compression. Your Macintosh OSX computer can deal with any of these compressions. Pick the one of your choosing and download that to your computer.Let's say that you chose the .tar.gz package. Your download will likely be called 'Joomla_1.5.8-Stable-Full_Package.tar.gz'. Note that '1.5.8' will change as newer releases of Joomla! are made available. Uncompress this package on your hard drive by double clicking it. Your Mac OS X computer will expand the package into a folder with all the folders and files inside that you require for your install.You can change that expanded folder name into something simpler like Joomla153 for instance. That's what we'll use for this article. Move this entire Joomla153 folder and its contents to the MAMP application and put it inside the folder called 'htdocs'. The path to the 'htdocs' folder will be /Applications/MAMP/htdocs.Now you are ready to install Joomla! 1.5. You can start MAMP, the application is inside the MAMP folder. It's simply called 'MAMP'. When MAMP starts up it should launch your web browser, if it isn't already running, and take you to a start up page with a URL of http://localhost:8888/MAMP/?language=English.Before you navigate to the Joomla! web installation page you are going to need an MySQL database for Joomla!. This can be created using phpMyAdmin which is included with your MAMP install. You can get to phpMyAdmin from the startup page in MAMP. Get to the startup page either by clicking the button 'Open start page' on the MAMP startup interface screen or open by typing the following URL in your web browser:http://localhost:8888/MAMP The page that appears has a navigation toolbar near the top of the page. You will find a button for phpMyAdmin on it. When the page refreshes you will be on the phpMyAdmin screen. About half way down the page on you will see in bold text 'Create new database' and a field for you to type in the name you want to use for your database. For this article we are going to call the database 'joomla153' (without the quotes). The default settings of this page should be fine to use. Once you type in the name of your database click the 'Create' button. When the screen refreshes you will see the results 'Database joomla153 has been created.' There will be no tables for this database and you do not need to create any because your Joomla! install will create the necessary tablesYou still need to create a username and a password for the database.So lets make a username and password for our joomla153 database. Click the home icon button in the left column of the phpMyAdmin screen. When the screen refreshes you should see your database name 'joomla153' with (0) beside it. Turn your attention to the middle of the page near the bottom and look for 'Privileges'. Click the Privileges link.Next screen, about the middle of the page, is a link to 'Add a new user' - click this linkHere is the screen where you will fill in the Username, Host, and Password for your database. You could use 'root' for the username and password but I don't do this. By making a specific username and password for the database you establish good security habits.• In the User name field type a username for your database• In the 'Host' field type in 'localhost' (without the quotes).• In the 'Password' field type a password for your database• In the 'Re-type' field verify your password by typing it again exactly as the field above.A little further down the page is 'Global privileges' You can click the link 'Check All' and checkmarks will appear in the Data, Structure, and Administration boxes.Once you have done this go to the bottom right corner of the screen and click the 'Go' button. After the screen refreshes you should see 'You have added a new user.' results.Now you are ready to complete your Joomla! 1.5 installation. To get to your Joomla! web installation in MAMP use the following URL:http://localhost:8888/Joomla153Note: if you changed the name of your Joomla! folder to something else, put it in the place of 'Joomla153' in the above URL. This URL will take you to Step 1 of the web installation page for Joomla! 1.5. The first page is the language selector. Pick the language of your choice from the list on the right side of this page then click the 'Next' button on the top right of this page. Next screen is Step 2: Pre-installation Check. You'll see a list on the right side of the page with information about the installation environment. You want to be seeing green and not red results to the right of the directives. If there are items marked with a red 'No' would need to correct them. Since this is a MAMP install there shouldn't be anything marked with a red 'No' so you are good to go. Click the 'Next' button on the top right of this screen.Next page is Step 3: License. This is the Joomla! GNU GENERAL PUBLIC LICENSE. You should become familiar with the license. When you are done here click the 'Next' button on the top right of this page. Next screen is Step 4: Database. The right side of the screen is where you need to fill in information about the database.• By default the Database Type is mysql. We will leave it set to this.• Host Name - In this field type in 'localhost' (without the quotes)• Username - Here you will type in the username that you created for the database earlier. I used 'joomla153user' (without the quotes)• Password - this is a password for the database username. Type in the password you used when creating the username and password in phpMyAdmin earlier.• Database Name - This is the name of your database. I used 'joomla153' (without the quotes) when creating the database earlier in phpMyAdmin.Below the Basic Settings are Advanced Settings. In the Advanced Settings you can choose to Drop Existing Tables of an already set up MySQL database you might be using with a Joomla! install. You can also choose the option to Backup Old Tables. Since this is a new Joomla! install with a new database being created we there is no need to make any changes here. When you are done here click the 'Next' button on the top right of this page.So if you have all the information filled in the fields you can click the 'next' button on the top right of this screen to take you to step 5.If the information was filled out correctly on the previous screen you will be presented with Step 5: FTP Configuration. If instead you get a screen telling you there was an error, go back and complete the previous steps correctly.The FTP basic Settings are set by default to 'No'. You can click the radio button and set it to 'Yes' if you like to Enable the FTP file system Layer. I use this in my MAMP environment to enable the use of an ftp program to update the Joomla! install when there is a new version of Joomla! released.Since you set the Enable FTP file system Layer you will need to fill in the FTP User, FTP Password, and FTP Root Path fields.• FTP User - The FTP User for your local computer should be the short name of your computer login name, or the name that appears beside the 'Home' icon in your finder window. If the name of your User account on your Mac is 'Joe Joomla' then your username will likely be 'joejoomla' (without the quotes). This is the name you will put in the FTP User field.• FTP Password - In this field you would put your user login name for your computer. This is the name you type in the login screen when you have logged out of your computer.• FTP Root Path - The root path to your Joomla! install inside MAMP will be:/Applications/MAMP/htdocs/joomla153If you used a different named for your Joomla! install folder then use it instead of joomla153.You should click the 'Verify FTP Settings' button to ensure that the information you filled in is correct. You will get a confirmation message telling you the settings are valid if the information is right.Under the Basic Settings is 'Advanced Settings'. In the fields you will see FTP Host with 127.0.0.1 filled in. You should change this to the IP address of your computer. You can find the IP address of your computer in the Network preferences pane of your System Preferences. The IP address of your computer may change depending on how your computer is set up. If you use DHCP to get an IP address when connecting to the Internet, then you will need to keep an eye on this and change it in the Joomla! admin Global Settings screen when necessary or you can simply leave the Basic Settings for FTP Configuration set to 'No' on this screen. You won't be able to use FTP layer if you do this but you can always enable it later, if needed, in the Joomla! Global Settings.When you are done these steps click the 'Next' button on the top right corner of this screen. If all the information was filled correctly you will go to the next screen: Step 6: Configuration - On the right side of the screen are fields to fill in.• Site Name - Put whatever name you would like to use for your site in here• Your E-mail - Put in your valid email address. Joomla! can send notification emails to you.• Admin Password - Put a password in here. This will be the password that you will need to login to the backend administration screens for Joomla!• Confirm Admin Password - It must be typed in exactly as the Admin Password field above.Below these fields is a radio button to Install Default Sample Data with a 'Install Sample Data' button. It is a really good idea to let Joomla! to install sample content for your new install. It helps you to see how things work in Joomla!. You can unpublish or even delete this content later as you add your own content to your site.We will leave the migration script area alone for this article since this is a new Joomla! install. When you are done on this screen click the 'Next' button on the top right side of the screen to get to: Step 7: Finish - Congratulations! Joomla! is Installed. Before you can click either the 'Site' or 'Admin' buttons on the right top corner of this screen you will need to visit the htdoc folder where your Joomla! folder is and go inside that folder and delete the following from the Joomla! folder:• Folder - installation folder - delete the entire folder from the directory• File - INSTALL.php - delete the file from the directoryOnce those two items are removed from the Joomla! installation folder you can then visit your front page or your Joomla! admin area.

Nous venons de tourner un nouveau SECHebdo en live sur Youtube. Comme d’habitude, si vous avez raté l’enregistrement, vous pouvez le retrouver sur notre chaîne Youtube (vidéo ci-dessus) ou bien au format podcast audio: Au sommaire de cette émission : Todo (00:01:30) { "options": { "theme": "default" }, "extensions": { "ChapterMarks": { "disabled": false }, "EpisodeInfo": {}, "Playlist": { "disabled": true }, "Transcript": { "disabled": true } }, "