httpoxy is a set of vulnerabilities that affect application code running in CGI, or CGI-like environments.
It comes down to a simple namespace conflict:
- RFC 3875 (CGI) puts the HTTP Proxy header from a request into the environment variables as HTTP_PROXY
- HTTP_PROXY is a popular environment variable used to configure an outgoing proxy
This leads to a remotely exploitable vulnerability. If you’re running PHP or CGI, you should block the Proxy header now.
If one your New Year’s resolutions was learning Python programming language, I’ve got a resource for you – “Python Introduction, Resources and FAQs” – an excellent list of resources from online tutorials and tools to books and videos.
Nick Coghlan writes:
One of the things we do as part of the Python core development process is to look at features we appreciate having available in other languages we have experience with, and see whether or not there is a way to adapt them to be useful in making Python code easier to both read and write. This means that learning another programming language that focuses more specifically on a given style of software development can help improve anyone’s understanding of that style of programming in the context of Python.
To aid in such efforts, I’ve provided a list below of some possible areas for exploration, and other languages which may provide additional insight into those areas.
The languages and areas are:
- Procedural programming: C, Rust, Cython
- Object-oriented data modelling: Java, C#, Eiffel
- Object-oriented C derivatives: C++, D
- Array-oriented data processing: MATLAB/Octave, Julia
- Statistical data analysis: R
- Computational pipeline modelling: Haskell, Scala, Clojure, F#
- Gradual typing: TypeScript
- Dynamic metaprogramming: Hy, Ruby
- Pragmatic problem solving: Lua, PHP, Perl
- Computational thinking: Scratch, Logo
ftfy – fixes text for you
ftfy makes Unicode text less broken and more consistent. It works in Python 2.7, Python 3.2, or later.
The most interesting kind of brokenness that this resolves is when someone has encoded Unicode with one standard and decoded it with a different one. This often shows up as characters that turn into nonsense sequences
textract – extract text from any document. Currently supports .doc, .docx, .eml, .json, .html, .pptx, .pdf, and .txt.
Remember all those links to awesome PHP, Python, and Sysadmin? Well, it was only a matter of time until the Awesome Awesomeness would be done by someone. Awesome Awesomeness is a curated list of curated awesome lists. Now you can follow a single list for all the awesomeness you can find.
Sentry – an event logging platform focused on capturing and aggregating exceptions. Most of the code is Open Source (except for a few proprietary plugins), in case you want to run your own hosted version.
Awesome Python – a curated list of awesome Python frameworks, libraries and software. Inspired by Awesome PHP.
List of minimalist web frameworks
- Framework for CSS
- Web Framework for C
- Frameworks for Front-end JS
- Web framework for Go
- Web framework for Haskell
- Web framework for Java
- Web framework for Lua
- Web framework for Node.js
- Web framework for Perl
- Web framework for PHP
- Web framework for Python
- Web framework for Ruby
- Web framework for Scala
- Web framework for .NET (C#)