Firdaus Safari

  Vulnerabilities in dependencies used in projects The case of 4Chan never updated any dependencies since 2009 one dependency used was publicly-known to have multiple critical vuln Ghostscript - https://security.snyk.io/vuln?search=ghostscript Local File Inclusion - process pdf files but never checked if the pdf is actually pdf Remote code execution - after injecting. can run scripts on the server The modern wake up call - this event reminded everyone to stay up to date with dependencies updates Dependencies we’re using: mPDF - fixed vuln for versions lower than 7.1.8 deserialization of untrusted data - similar with how 4chan got hacked aws/aws-sdk-php - fixed path traversal vuln for versions lower than 3.288.1 can go back and open directories that are not public arbitrary code execution vuln for versions lower than 3.2.1 Best practices: stay up to date with the tech world join forums like reddit and stackoverflow check websites that publish security reports snyk security - https:/...

  🗑️ Clear storage Mac OS 1: Clear system cache: Go to Finder > Go > Go to Folder, then type in "~/Library/Caches" and hit enter. Select all the folders inside the Caches folder and delete them. 2: Clear system logs: Go to Finder > Go > Go to Folder, then type in "/var/log" and hit enter. Select all the files inside the Log folder and delete them. 3: Remove unused language files: Go to Finder > Go > Go to Folder, then type in "/Library/Languages" and hit enter. Delete all the language folders you don't need. 4: Uninstall unused apps: Go to the Applications folder and delete the apps you don't use. 5: Clean up system files: Use a system cleaning tool like CleanMyMac X to scan and remove unnecessary system files. 6: If you have npm installed, clear the caches once in a while with ‘sudo npm cache clean --force’ 7: If you have ionic projects, open the ‘.angular’ folder and delete the ‘cache’ folder inside it.

How to handle big issue on live server that already broke a lot of user data Have you ever caused a big problem on production and panicked, not knowing what to do to remedy the shitty situation you've just caused? Well, I did. So here's what I've found. 1. Find what caused the issue Its probably the most recent changes you've just pushed. If not, then try to remember whatever code you're ever had doubt in, it's usually one of these. If you cant find it, tough luck. Lets move to the next step. Don't spend too much time on finding the rootcause. 2. Stop the function that caused the issue (eg:cron that cancels invoice) In my case, it was a cronjob. Easy fix, just disable the cronjob on both the server and in the codebase. If it was a crucial add/update process, then just disable it in the code, returning an alert 'something went wrong, we're currently fixing it' should suffice. Just make sure to apologize to your support person later. 3. Update curr...

Useful ionic spells Some commands i often forgot: npm install - install npm. literally thats it npm audit - check for dependency issues npm audit fix - fix all dependency issues ionic serve - open in localhost with browser ionic cap add android - for new repos, add android files first ionic cap build android - build the project for android platform ionic cap sync - sync latest changes to make sure its included in the final apk ionic cap open android - open android studio to build apk/test with emulator Basic errors and how to fix: capacitor/core version not compatible with certain dependency - just upgrade/downgrade the capacitor/core version in package lock json cocoapods error - make sure you have cocoapods & xcode installed. ios error - if you’re just trying to generate an apk, delete the whole ios folder and run ionic cap sync again. gradle error in android studio - for me, i just close android studio, reopen it and then when theres an alert to update gradle, just c...

  Laravel Basics & Introduction   How to install & create Laravel projects Run these commands: composer global require laravel/installer composer create-project --prefer-dist laravel/laravel [app-name] cd [app-name] Open the project folder in VSCode, and find the ‘.env’ file. Configure it like so: DB_CONNECTION=mysql DB_HOST=127.0.0.1 DB_PORT=8889 DB_DATABASE=laravel DB_USERNAME=root DB_PASSWORD=root Note that the configurations above works on my mac running mamp. Your machine may vary. Run the project by using this command: php artisan serve (optional) php artisan serve —port 8002 Then go to this link -> http://127.0.0.1:8000 Create a controller php artisan make:controller [controller-name] Create a model php artisan make:model [model-name] API Development with Laravel API - Application Programming Interface How API works: Request - client initiate Receive - the API provider receive your request Response - API returns the requested data, usually in JSON format API ...

Pre-requisites: Setup project info in Google API Console . If you dont have any projects, add a new one. Make sure your OAuth Consent Screen have been configured correctly. If not, then now is the right time.  Choose user type 'External' and click Create. Fill up your project's details. Make sure to use your real project name. You will need to insert a link for your application's terms of service & privacy policy. Fortunately, you can just use google drive links for these files. Unless you know what you're doing, only select these scope. Add test users.  Review your changes and go back to the dashboard. Click Create credentials > OAuth client ID. Select Web application to create a new client ID. Add your server URLs in Authorized JavaScript origins or it wont work. In my case, adding localhost does nothing and I needed to test my project on the server with working URL instead. Go back to the Credentials menu. Click copy client id on the OAuth 2.0 Client IDs ...

Ever feel bored at work and thinking that it would be nice to scroll Reddit without your coworkers noticing? There's a fix to that problem.   Install Reddit Viewer . It does literally what it's name suggests. View Reddit. But there is a catch. After all, nothing comes trouble free, you have to work for it.  Upon opening the command that starts the extension, you will be greeted by a warm and welcoming error. A great scare to an intern and a mild annoyance for a programmer. Just like any other bugs you can find in real life, just try to step around it and hopefully wont fly towards you.  To make it work, just open the extension page. Then click the settings icon besides the uninstall button and click the extension settings. Next, you can either scrolls towards the 'Reddit Viewer: Home Trending' setting like a pleb or you can gloriously search it with the search bar. Untick the checkbox. And now you can open the extension without getting any errors. As of writing this blo...

  HMVC vs HAVC vs MVC MVC lama2 boleh jadi serabut sbb semua module dalam 1 folder sesuai projeck kecil - sederhana contoh: controller Programs Members model program_model member_model view program list form member list form HMVC lawa sikit, satu folder module yg dalam dia ada folder controller, view, model sesuai projek sederhana - besar contoh: modules program model program_model controller Programs view list form member model member_model controller Members view list form HAVC basically HMVC, tapi M tukar A sbb asset instead of model. takde model. segala benda resouce dia letak dalam asset, tak kira model   ke apa unique dkt trongate contoh: modules program asset images js css program_model controller Programs view list form