About Cornel

Chief Web Engineer and co-founder of 3PRIME, LLC.

I'm always happy to discuss your project's goals. Interested in working together? Get in touch to see if 3PRIME is a fit for your organization.

Learning ES6 (FINALLY)

Some amazingly great changes are in ES6, but I wanted to start out simple by highlighting a very useful syntax introduction: the let command.

In a nutshell, let introduces block-level scoping to variables.

What does that mean? I’ll show you:

<script>

var x = 10;

if(x) {
    var x = 92;
}

console.log(x);

</script>

What will happen when you run this snippet? The console will display something similar (literally) to “92”

> 92

Now, if you run this snippet using let like so:

<script>

var x = 10;

if(x) {
    let x = 92;
}

console.log(x);

</script>

console.log will display “10”.

> 10

So, block-level scoping means we can isolate scope within control structure blocks in the same way as we can control scope within functions!

(also, if you haven’t opened up your devtools, now is a good time to do so. then you can copy/paste the code between the <script> tags to run it)

I love this feature. I’m super late to the ES6 party, but better late then never!

1 Minute fix for WordPress XML-RPC Pingback Vulnerability to Quadratic Attack

At 3PRIME, we are stewards for quite a few hosting customers, many of whom love wordpress. As such, we support that platform so that we may support the efforts of our disparate clientele.

By now everyone has heard of XML Quadratic Blowup Attack vulnerability in wordpress.

The WordPress Core Team has done there due diligence and have submitted a patch for the vulnerability. You can implement it readily by updating your wordpress runtime to the latest greatest version (or the latest greatest patch build of your current installation). If you haven’t already, you should absolutely update your installation the next chance you get.

XML-RPC is a Problem

Something that bears mentioning here is the WordPress XML-RPC itself.

Unless you are using a plugin that requires using this now nearly ancient form of site access and control, XML-RPC is otherwise extra baggage that you need not carry around.

Given the utter lack of usage of XML-RPC throughout our client sites, the best fix for the current vulnerability, a great preventative measure against similar attack vectors, is to simply disable XML-RPC altogether.

In our case, we did this server-wide. Setting up a directive for Apache couldn’t be easier.

In your configuration file (httpd.conf or, preferably, a pre-VirtualHost Include file), simply include the following snippet:

Apache – Disable xmlrpc.php

<Files xmlrpc.php>
    Order Deny,Allow
    Deny from all
</Files>

For the Nginx crowd out there, you can use the following:

Nginx – Disable xmlrpc.php

server {
    # stuff
    location = /xmlrpc.php {
        deny all;
    }
}

If your site (or your clients’ sites) are not coupled to WordPress XML-RPC, disabling XML-RPC altogether is a great way to reduce one attack vector that is often overlooked, exposed, and effectively exploited.

Introducing the Web Encabulator 2.0a Web API

We at 3PRIME are committed to the best possible retro-fitting of disparate hardware minutia into highly viable web componentry that achieves unsurpassed accessibly and productivity. Building on the amazing work “The Turbo-Encabulator in Industry” by “J.H. Quick, Student”, we are proud to introduce to the world the first internet-backported Web Encabulator 2.0a!
Continue »

PiCloud Is A Model Cloud Made Of Raspberry Pi & LEGO For Teaching Students About Web Platforms | TechCrunch

Here’s another interesting implementation of the $35 microcromputer — or rather a stack of 56 Pis, linked together to form what its creators have called PiCloud, using LEGO bricks as bespoke racks for the Pi stacks. (Not the first time we’ve seen Pi paired with LEGO either.)
Continue »

Asana introduces OAuth workflow for better 3rd party app integration

FINALLY!

Asana, the task management suite we at 3PRIME use religiously, has rolled out the early stages of OAuth support for app integration via Asana Connect.

Check out Asana Connect.

Very basic introduction, but in a nutshell, Asana Connect leverages the OAuth 2.0 specification, providing the Authorization Code Grant flow and Implicit Grant flow.