Let’s say you have a long-running Python script that should run uninterrupted or perform a graceful shutdown should a user decide to terminate it ahead of completion. By default, sending an interrupt (usually by pressing <Control-C>) to a running Python program will raise a KeyboardInterrupt exception. One way of (gracefully or not) handling interrupts is to catch this specific exception. For example like this: while True: try: do_your_thing() except KeyboardInterrupt: clean_up() sys.exit(0) This generally works fine. However, you can still trigger another KeyboardInterrupt while the clean_up is running and thus interrupt the clean-up process. Also, as interrupts might be sent accidentally (ever cancelled the wrong script because you thought you were in a different pane?), it would be nice to let the user confirm that the script should indeed be interrupted. ...

Currently, there’s a lot of hype around the behavior of Python’s tarfile module for extracting archives. In short: tarfile will not sanitize filenames in archives to prevent directory traversal attacks. For example, creating an archive and adding a file with a leading ../ will make the extract* methods create that file in a directory above the current one. This way (or by using an absolute path starting with /), a file can be written to an arbitrary location (given that the user executing the code has the according write privileges). ...

I recently came across an nginx server that had a vulnerable alias configuration which allowed anyone to read files outside the intended directory. In the following post I will describe the misconfiguration and provide demo files so that you can experiment with it yourself. The general issue was originally highlighted a few years ago in a BlackHat presentation (Breaking Parser Logic!, Orange Tsai) and apparantly first shown even earlier. While the linked presentation only has a couple of slides on this particular issue it’s worth checking out in full. The docker setup Let’s say we have a PHP application that should be served through nginx. To quickly get things running we configure our setup via the following docker-compose.yml file: ...

In this tutorial I want to describe how you can setup immediate notifications whenever your scheduled FileMaker scripts stop running – for example due to a crashed FileMaker scripting engine, an error in your script or just general server downtime. I will be using allgood.systems, a monitoring platform I recently built. Creating a new Job Monitor Once you have registered on allgood.systems you can navigate to the “Job Monitors” tab to create a new monitor for the FileMaker script you would like to get notifications for. ...

When you have set up your infrastructure with Terraform and then do any change to the user_data of a EC2 instance, Terraform will detect the change and generally do a force-replacement of the instance. In the planning stage this could look something like this: # aws_instance.web_backend must be replaced -/+ resource "aws_instance" "web_backend" { [...] ~ user_data = "1c4e236bd5dec74fecc99d3a3d57679b9b12a927" -> "f8d9add08d4ead74d44af35452c6070dbfcb1576" # forces replacement + user_data_base64 = (known after apply) [...] So what can you do when you want to make changes to user_data but don’t want to destroy your instance and create a new one? ...