Eric Mann's Blog

  • System76 Oryx Pro – First Impressions

    The past few weeks have been exciting! I recently purchased the new Oryx Pro by System76 and have been absolutely loving the new machine. Here are some photos and first thoughts from my setup experience. Unboxing First and foremost, it took a bit longer for my machine to arrive than I’d expected. I was one of […]

    ,

  • Configuring Yubikeys, GPG, and Keybase

    Rather than use GPG and SSH keys housed on individual machines, I embed my GPG private keys on Yubikeys by default. This allows me to keep my keys somewhat portable (i.e. I can use them on multiple devices) while preventing my keys from leaking if anyone accesses my machine without my permission. This is the same workflow I […]

  • Disclosure: SQL Injection in Cart66 Pro

    Last month I discovered a critical SQL injection vulnerability in the no-longer-developed yet still actively used Cart66 Pro plugin for WordPress. Here are the details …

  • Introducing Secure Updates for WordPress

    Today I introduce the a new plugin that provides secure updates for WordPress: DGXPCO.

  • Open Letter to the Democratic Party of Washington County

    I hereby resign my position as a precinct committee person of the Democratic Party of Washington County.

  • The Value of Repetition

    Repetition is the key to memorizing and becoming an expert in almost anything.

  • The Value of Fiction

    There’s inherent value in stories that are entirely made up. Part of the magic is that they can be subtle wrappers around tricky issues – it’s easier to discuss a sensitive topic when done within the context of an alien civilization.

  • Software Vulnerabilities, Disclosure, and Marketing

    Consumers have a certain amount of upgrade fatigue. It’s not uncommon for end users to ignore an update notification for months to avoid the frustration that comes with trying to fix something that worked before the update.

  • Private Variables in JavaScript

    ES6 gave us classes and object inheritance in JavaScript. However, it’s still missing any concept of “privacy” in OO terms. Here’s a hacky workaround to, maybe, make things work.

  • Deterministic Random Numbers in PHP

    Testing code that leverages random numbers can be tricky. It’s useful to have a way to subvert the random number generator during tests to yield a deterministic state.