Jorge Saldívar

Category: General

  • The principle of least privilege

    The principle of least privilege is a key concept in computer security and information security. It refers to the practice of limiting access rights for users to the bare minimum necessary to perform their job functions. This principle is applied to every part of a system, including systems, processes, users, and programs.

    Here are the key aspects of the principle of least privilege:

    1. Access Control: Users are granted only those permissions they need to complete their tasks. For example, a user who needs to read data from a database does not need permissions to modify it.
    2. Minimizing Risk: By limiting the access rights of users and programs, the potential damage from accidents, errors, or unauthorized use is minimized. This reduces the risk of a security breach.
    3. Segmentation of Privileges: Privileges are often segmented and managed separately. For instance, an administrator might have different levels of access depending on the task, rather than having blanket administrative privileges across the entire system.
    4. Regular Review and Adjustment: Privileges should be regularly reviewed and adjusted based on changes in user roles or system configurations. This ensures that the principle remains effective over time.
    5. Application in Software Development: In software development, this principle means giving a program or process only the permissions it needs to operate, thus limiting the potential impact of a security vulnerability in that program.
    6. Defense in Depth: The principle of least privilege is part of a broader security strategy known as defense in depth, where multiple layers of security controls are deployed to protect information and systems.

    Overall, the principle of least privilege is about granting the minimum level of access necessary, reducing the attack surface, and mitigating the potential impact of security breaches.

    The principle of least privilege

  • Crontab

    Issue:

    How to setup cron jobs in Ubuntu (and Linux)?

    Solution:

    Setting up cron jobs on a Linux system like Ubuntu is a straightforward process. Cron jobs are scheduled tasks that your system runs at specified times or intervals. Here’s how you can set them up:

    Accessing the Cron Table:

    1. Open the Terminal: Launch your terminal application.
    2. Edit Cron Jobs for Your User: To edit the cron jobs for your current user, use the following command: crontab -e This command opens your user’s cron file in the default text editor. If it’s your first time using crontab, it may ask you to select an editor (like nano, vi, etc.).
    3. Add a New Cron Job: In the text editor, you can add a new cron job in the following format: * * * * * command-to-execute This is broken down as:
      • Minute (0 - 59)
      • Hour (0 - 23)
      • Day of the month (1 - 31)
      • Month (1 - 12)
      • Day of the week (0 - 6) (Sunday = 0)
      For example, to run a script every day at 5 AM, you would write: 0 5 * * * /path/to/script.sh Make sure your script (script.sh in this example) is executable. You can make it executable with chmod +x /path/to/script.sh.
    4. Save and Exit: After adding your cron job, save and exit the editor. This will install the new cron job.
    5. Verify Your Cron Jobs: To ensure your cron job is listed, use: crontab -l

    Special Syntax:

    Instead of the asterisks, you can use special strings for common intervals:

    • @reboot: Run once, at startup.
    • @yearly or @annually: Run once a year, “0 0 1 1 *”.
    • @monthly: Run once a month, “0 0 1 * *”.
    • @weekly: Run once a week, “0 0 * * 0”.
    • @daily: Run once a day, “0 0 * * *”.
    • @hourly: Run once an hour, “0 * * * *”.

    Common Examples:

    • Backup Every Day at Midnight:
      0 0 * * * /path/to/backup/script.sh
    • Run a PHP Script Every Hour:
      0 * * * * /usr/bin/php /path/to/your/script.php

    Tips:

    • Environment Variables: Cron jobs run in a minimal environment, so you might need to define environment variables that your task requires.
    • Output Handling: By default, cron sends the output of the job to the user’s mail (local mail, not internet email). You can redirect the output to a file or to /dev/null if you don’t need it.
    • Logging: To log the output of a cron job, redirect the output to a file:
      * * * * * command-to-execute >> /path/to/logfile 2>&1
    • Script Permissions: Ensure that any scripts you’re calling are executable and have the appropriate permissions.

    Cron jobs are particularly useful for automating routine tasks like backups, system updates, or periodic cleanup of temporary files.

    Crontab

  • WordPress: How to manually create a user in the database

    Manually creating a WordPress user in the database involves adding a new entry to the wp_users table and assigning the necessary user capabilities. Here are the steps to do this:

    Please exercise caution when making direct changes to your WordPress database, as incorrect changes can break your site. Make sure to back up your database before proceeding.

    1. Access Your Database:
      Log in to your server or hosting provider’s control panel and access the phpMyAdmin or a similar tool to manage your WordPress database.
    2. Find the wp_users Table:
      In phpMyAdmin, look for your WordPress database on the left-hand side and click to select it. Then, find and click on the wp_users table.
    3. Insert a New User:
      Click the “Insert” or “Add” tab (the exact label may vary depending on your phpMyAdmin version). This will open a form for adding a new row to the wp_users table.
    4. Fill in User Information:
      Fill in the following fields for the new user:
    • user_login: Enter the desired username for the new user.
    • user_pass: Generate a secure password hash. You can use online tools to create password hashes or use WordPress’s built-in wp_hash_password function. Make sure to select the MD5 option when entering the password hash.
    • user_nicename: This can be the same as the user_login.
    • user_email: Enter the email address for the new user.
    • user_registered: Set the registration date in the format “YYYY-MM-DD HH:MM:SS”.
    • display_name: The display name for the user.
    1. Insert the User:
      Click the “Go” or “Insert” button to insert the new user into the wp_users table.
    2. Assign Capabilities:
      To assign capabilities to the user, you’ll need to find the user’s ID in the wp_users table (it’s typically an auto-incremented number) and then add an entry in the wp_usermeta table.
    • Go to the wp_usermeta table.
    • Insert a new row with the following values:
      • user_id: The ID of the new user from the wp_users table.
      • meta_key: Enter wp_capabilities.
      • meta_value: Insert a serialized array with the user’s capabilities. For example, to make the user an administrator, you can use a:1:{s:13:"administrator";b:1;}.
    1. Login to WordPress:
      You should now be able to log in to your WordPress site using the credentials you provided.

    Please be extremely careful when making changes directly to the database, and ensure that you have a backup in case anything goes wrong. It’s recommended to use the WordPress admin interface to create and manage users whenever possible to avoid potential issues.

    WordPress: How to manually create a user in the database

  • Credit Card Testing

    PayPal sandbox testing guide

    The PayPal sandbox is a self-contained, virtual testing environment that simulates the live PayPal production environment. The sandbox provides a shielded space where you can initiate and watch while your apps process PayPal API requests without touching any live PayPal accounts.

    Credit Card Testing

  • iOS 17 is out and a couple of things stick out

    The first thing, the battery life took a hit (hopefully, there’s a fix for this asap). The second is the announcement of the upcoming Journal app. I’m curious if this can be synced to WordPress… hopefully there will be an app for that.

    iOS 17 is out and a couple of things stick out

  • Update WordPress MySQL tables from old domain name to new domain name

    This code is typically used when migrating a WordPress site from one domain to another, ensuring that all references to the old domain are updated to the new domain.

    /*
This SQL code block updates various tables in a WordPress database to replace occurrences of the 'Old_Domain_Name' with the 'New_Domain_Name'. The specific tables being updated are:
- wp_options: Updates the option_value column for rows where the option_name is 'home' or 'siteurl'.
- wp_posts: Updates the post_content column.
- wp_postmeta: Updates the meta_value column.
- wp_usermeta: Updates the meta_value column.
- wp_links: Updates the link_url column.
- wp_comments: Updates the comment_content column.
*/

UPDATE wp_options SET option_value = replace(option_value, 'Old_Domain_Name','New_Domain_Name') WHERE option_name = 'home' OR option_name = 'siteurl';

UPDATE wp_posts SET post_content = replace(post_content, 'Old_Domain_Name','New_Domain_Name');

UPDATE wp_postmeta SET meta_value = replace(meta_value,'Old_Domain_Name','New_Domain_Name');

UPDATE wp_usermeta SET meta_value = replace(meta_value, 'Old_Domain_Name','New_Domain_Name');

UPDATE wp_links SET link_url = replace(link_url, 'Old_Domain_Name','New_Domain_Name');

UPDATE wp_comments SET comment_content = replace(comment_content , 'Old_Domain_Name','New_Domain_Name');
    Update WordPress MySQL tables from old domain name to new domain name

  • Image Tag Cheat Sheet

    Basic Usage

    <img src="path/to/image.jpg" alt="Image description" />

    Attributes

    AttributeDescription
    srcThe path to the image file.
    altThe text to display if the image fails to load.
    widthThe width of the image in pixels.
    heightThe height of the image in pixels.
    titleThe text to display when the user hovers over the image.

    Example

    <img src="path/to/image.jpg" alt="Image description" width="200" height="200" title="Image title" />

    Notes

    • The alt attribute is required for accessibility. It is used by screen readers to describe the image to visually impaired users.
    • The width and height attributes are optional. If you do not specify them, the image will be displayed at its original size.
    • The title attribute is optional. It is used to provide additional information about the image when the user hovers over it.
    Image Tag Cheat Sheet

  • Omegle has shut down

    As the title states, Omegle has shut down.

    Omegle has shut down

  • Updated website to TT4

    I’m vibing on the updated default theme, Twenty Twenty-Four. Great job to the contributors!

    winding road photography
    Photo by Johannes Plenio on Pexels.com
    Updated website to TT4

  • Regex Cheat Sheet

    Simple Examples

    • hello: Matches the string “hello” exactly.
    • 123: Matches the string “123” exactly.
    • .: Matches any single character.
    • \d: Matches any digit character (0-9).
    • \w: Matches any word character (a-z, A-Z, 0-9, _).
    • \s: Matches any whitespace character (space, tab, newline).

    Examples

    • hello world: Matches the string “hello world” exactly.
    • hello|world: Matches either “hello” or “world”.
    • hello.*: Matches “hello” followed by zero or more characters.
    • hello\s: Matches “hello” followed by a whitespace character.
    • hello\d: Matches “hello” followed by a digit character.
    • hello\w: Matches “hello” followed by a word character.
    • hello\s\d: Matches “hello” followed by a whitespace character and a digit character.

    Quantifiers

    • a+: Matches one or more “a” characters.
    • a*: Matches zero or more “a” characters.
    • a?: Matches zero or one “a” character.
    • a{3}: Matches exactly three “a” characters.
    • a{3,}: Matches three or more “a” characters.
    • a{3,5}: Matches between three and five “a” characters.

    Character Classes

    • [abc]: Matches any of the characters “a”, “b”, or “c”.
    • [^abc]: Matches any character that is not “a”, “b”, or “c”.
    • [a-z]: Matches any lowercase letter.
    • [A-Z]: Matches any uppercase letter.
    • [0-9]: Matches any digit character.
    • [\w]: Matches any word character.
    • [\W]: Matches any non-word character.
    • [\s]: Matches any whitespace character.
    • [\S]: Matches any non-whitespace character.

    Anchors

    • ^hello: Matches “hello” at the beginning of a line.
    • world$: Matches “world” at the end of a line.
    • \bhello\b: Matches “hello” as a whole word.
    • \Bhello\B: Matches “hello” not as a whole word.

    Groups

    • (hello): Matches “hello” and captures it as a group.
    • (hello|world): Matches either “hello” or “world”.
    • (?:hello): Matches “hello” but does not capture it as a group.
    • (?=hello): Matches any string that is followed by “hello”.
    • (?!hello): Matches any string that is not followed by “hello”.

    Flags

    • /hello/i: Matches “hello” case-insensitively.
    • /hello/g: Matches all occurrences of “hello”.
    • /hello/m: Matches “hello” across multiple lines.
    • /hello/s: Matches “hello” across multiple lines and allows “.” to match newline characters.

    Special Characters

    • \: Escapes a special character.
    • .: Matches any single character except newline characters.
    • ^: Matches the beginning of a line.
    • $: Matches the end of a line.
    • *: Matches zero or more of the preceding character.
    • +: Matches one or more of the preceding character.
    • ?: Matches zero or one of the preceding character.
    • (: Begins a capturing group.
    • ): Ends a capturing group.
    • [: Begins a character class.
    • ]: Ends a character class.
    • {: Begins a quantifier.
    • }: Ends a quantifier.
    • |: Matches either the expression before or after the operator.
    • /: Begins and ends a regular expression.
    • i: Makes the regex case-insensitive.
    • g: Matches all occurrences of the pattern.
    • m: Makes the ^ and $ anchors match the beginning and end of lines.
    • s: Allows . to match newline characters.
    • \n: Matches a newline character.
    • \r: Matches a carriage return character.
    • \t: Matches a tab character.
    • \v: Matches a vertical tab character.
    • \0: Matches a null character (U+0000 NULL).
    • \xhh: Matches a character with the given hex code (e.g. \x0A matches a newline character).
    • \uhhhh: Matches a character with the given Unicode code point (e.g. \u0009 matches a tab character).
    • \cX: Matches a control character using caret notation (e.g. \cJ matches a newline character).
    • \u{hhhh}: Matches a character with the given Unicode code point (e.g. \u{0009} matches a tab character).

    Lookarounds

    • (?=hello): Positive lookahead. Matches any string that is followed by “hello”.
    • (?!hello): Negative lookahead. Matches any string that is not followed by “hello”.
    • (?<=hello): Positive lookbehind. Matches any string that is preceded by “hello”.
    • (?<!hello): Negative lookbehind. Matches any string that is not preceded by “hello”.

    Unicode Categories

    • \p{L}: Matches any letter character.
    • \p{M}: Matches any combining mark character.
    • \p{Z}: Matches any separator character.
    • \p{S}: Matches any symbol character.
    • \p{N}: Matches any number character.
    • \p{P}: Matches any punctuation character.
    • \p{C}: Matches any control character.
    • \p{Ll}: Matches any lowercase letter.
    • \p{Lu}: Matches any uppercase letter.
    • \p{Lt}: Matches any titlecase letter.
    • \p{L&}: Matches any letter character.
    • \p{Lm}: Matches any modifier letter.
    • \p{Lo}: Matches any other letter character.
    • \p{Mn}: Matches any non-spacing mark character.
    • \p{Mc}: Matches any spacing combining mark character.
    • \p{Me}: Matches any enclosing mark character.
    • \p{Zs}: Matches any space separator character.
    • \p{Zl}: Matches any line separator character.
    • \p{Zp}: Matches any paragraph separator character.
    • \p{Sm}: Matches any mathematical symbol character.
    • \p{Sc}: Matches any currency symbol character.
    • \p{Sk}: Matches any modifier symbol character.
    • \p{So}: Matches any other symbol character.
    • \p{Nd}: Matches any decimal digit character.
    • \p{Nl}: Matches any letter number character.
    • \p{No}: Matches any other number character.
    • \p{Pc}: Matches any connector punctuation character.
    • \p{Pd}: Matches any dash punctuation character.
    • \p{Ps}: Matches any open punctuation character.
    • \p{Pe}: Matches any close punctuation character.
    • \p{Pi}: Matches any initial punctuation character.
    • \p{Pf}: Matches any final punctuation character.
    • \p{Po}: Matches any other punctuation character.
    • \p{Cc}: Matches any control character.
    • \p{Cf}: Matches any format character.
    • \p{Cs}: Matches any surrogate character.
    • \p{Co}: Matches any private-use character.
    • \p{Cn}: Matches any unassigned code point.

    POSIX Classes

    • [:alnum:]: Matches any alphanumeric character.
    • [:alpha:]: Matches any alphabetic character.
    • [:ascii:]: Matches any ASCII character.
    • [:blank:]: Matches any whitespace character.
    • [:cntrl:]: Matches any control character.
    • [:digit:]: Matches any digit character.
    • [:graph:]: Matches any visible character.
    • [:lower:]: Matches any lowercase character.
    • [:print:]: Matches any printable character.
    • [:punct:]: Matches any punctuation character.
    • [:space:]: Matches any whitespace character.
    • [:upper:]: Matches any uppercase character.
    • [:word:]: Matches any word character.
    • [:xdigit:]: Matches any hexadecimal digit character.
    Regex Cheat Sheet