About Cornel

Chief Web Engineer and co-founder of 3PRIME, LLC.

I'm always happy to discuss your project's goals. Interested in working together? Get in touch to see if 3PRIME is a fit for your organization.

Learning ES6 (FINALLY)

Posted on April 19, 2016 by Cornel

Some amazingly great changes are in ES6, but I wanted to start out simple by highlighting a very useful syntax introduction: the let command.

In a nutshell, let introduces block-level scoping to variables.

What does that mean? I’ll show you:

<script>

var x = 10;

if(x) {
    var x = 92;
}

console.log(x);

</script>

What will happen when you run this snippet? The console will display something similar (literally) to “92”

> 92

Now, if you run this snippet using let like so:

<script>

var x = 10;

if(x) {
    let x = 92;
}

console.log(x);

</script>

console.log will display “10”.

> 10

So, block-level scoping means we can isolate scope within control structure blocks in the same way as we can control scope within functions!

(also, if you haven’t opened up your devtools, now is a good time to do so. then you can copy/paste the code between the <script> tags to run it)

I love this feature. I’m super late to the ES6 party, but better late then never!

Laugh of the day: EPIC LAMP Stack Trolling

Posted on October 3, 2014 by Cornel

Enjoy, peeps:

Add support for the new Launch Screen xib files by gfontenot · Pull Request #178 · thoughtbot/liftoff · GitHub.

1 Minute fix for WordPress XML-RPC Pingback Vulnerability to Quadratic Attack

Posted on August 19, 2014 by Cornel

At 3PRIME, we are stewards for quite a few hosting customers, many of whom love wordpress. As such, we support that platform so that we may support the efforts of our disparate clientele.

By now everyone has heard of XML Quadratic Blowup Attack vulnerability in wordpress.

The WordPress Core Team has done there due diligence and have submitted a patch for the vulnerability. You can implement it readily by updating your wordpress runtime to the latest greatest version (or the latest greatest patch build of your current installation). If you haven’t already, you should absolutely update your installation the next chance you get.

XML-RPC is a Problem

Something that bears mentioning here is the WordPress XML-RPC itself.

Unless you are using a plugin that requires using this now nearly ancient form of site access and control, XML-RPC is otherwise extra baggage that you need not carry around.

Given the utter lack of usage of XML-RPC throughout our client sites, the best fix for the current vulnerability, a great preventative measure against similar attack vectors, is to simply disable XML-RPC altogether.

In our case, we did this server-wide. Setting up a directive for Apache couldn’t be easier.

In your configuration file (httpd.conf or, preferably, a pre-VirtualHost Include file), simply include the following snippet:

Apache – Disable xmlrpc.php

<Files xmlrpc.php>
    Order Deny,Allow
    Deny from all
</Files>

For the Nginx crowd out there, you can use the following:

Nginx – Disable xmlrpc.php

server {
    # stuff
    location = /xmlrpc.php {
        deny all;
    }
}

If your site (or your clients’ sites) are not coupled to WordPress XML-RPC, disabling XML-RPC altogether is a great way to reduce one attack vector that is often overlooked, exposed, and effectively exploited.

Introducing the Web Encabulator 2.0a Web API

Posted on June 28, 2013 by Cornel

We at 3PRIME are committed to the best possible retro-fitting of disparate hardware minutia into highly viable web componentry that achieves unsurpassed accessibly and productivity. Building on the amazing work “The Turbo-Encabulator in Industry” by “J.H. Quick, Student”, we are proud to introduce to the world the first internet-backported Web Encabulator 2.0a!
Continue »

Technote: Chocolately NuGet and Windows PowerShell

Posted on June 20, 2013 by Cornel

As a means of standardizing platform packages that mirrors a *Nix look/feel while still supporting a windows desktop experience, we are happy to have discovered the delicious Chocolately NuGet!. We are beginning Continue »

Asana: Add Google Drive attachments to any task

Posted on June 19, 2013 by Cornel

Just logging on this morning and was prompted with some really cool news: Asana has integrated Google Drive!
Continue »

PiCloud Is A Model Cloud Made Of Raspberry Pi & LEGO For Teaching Students About Web Platforms | TechCrunch

Posted on June 14, 2013 by Cornel

Here’s another interesting implementation of the $35 microcromputer — or rather a stack of 56 Pis, linked together to form what its creators have called PiCloud, using LEGO bricks as bespoke racks for the Pi stacks. (Not the first time we’ve seen Pi paired with LEGO either.)
Continue »

Git Tip: Removing .gitignore’d Files after adding to .gitignore

Posted on April 24, 2013 by Cornel

Very handy trick for removing .gitignore’d files from a repo AFTER those files previously had been included in the repo:
Continue »

Asana introduces OAuth workflow for better 3rd party app integration

Posted on April 11, 2013 by Cornel

FINALLY!

Asana, the task management suite we at 3PRIME use religiously, has rolled out the early stages of OAuth support for app integration via Asana Connect.

Check out Asana Connect.

Very basic introduction, but in a nutshell, Asana Connect leverages the OAuth 2.0 specification, providing the Authorization Code Grant flow and Implicit Grant flow.