Articles Archives - felipe.lavin.blog

It’s time for Debian

Jonathan Carter, Debian Project Leader, writes about the end of CentOS as we know it — their recent decission to base newer releases on CentOS Stream instead of a more stable branch now makes it a less-than-ideal choice for servers. Earlier this year, I switched away from Ubuntu after close to 10 years of using… Continue reading It’s time for Debian

Javascript para programadores impacientes

JavaScript for impatient programmers — a pesar del título, explica con harto detalle incluso los aspectos más básicos del lenguaje. Está actualizado hasta ES 2019 por lo que es especialmente útil para refrescar cosas de sintaxis y nuevas funcionalidades que se han ido incorporando al lenguaje. El libro está prácticamente entero, sólo hay un par… Continue reading Javascript para programadores impacientes

Registering custom URLs with custom templates in WordPress (without using page templates)

It’s fairly common to find yourself on a situation where you want to use a specific URL to show a custom content (perhaps something an archive page with two different custom post types), and think: “well, that’s easy. I’ll just create a page to register the URL and a custom page template where I’ll query… Continue reading Registering custom URLs with custom templates in WordPress (without using page templates)

Mitigating CVE-2018-6389 WordPress DoS attack with lighttpd

Early in 2018, Barak Tawily published a possible DoS attack for WordPress, that basically works by requesting all possible scripts on the /wp-admin/load-scripts.php, a script that fetches and concatenates javascript files — there’s also a load-styles.php file that does the same for styles. His vulnerability report was rejected by the WordPress team, on the account… Continue reading Mitigating CVE-2018-6389 WordPress DoS attack with lighttpd

When using a navigation menu on WordPress, you’ve probably seen the various HTML classes that are added on active elements, such as current-menu-item, current-menu-parent, current-menu-ancestor…

While that kind of classes are fine if you must fully reflect the navigation hierarchy on the menu element, there are some times that you just need a more simple approach, such as just knowing when a certain menu element must look like the active item —for instance, when using Bootstrap.

For these kind of situations, you can use a simple filter to add such a class; something like:

<?php

add_filter('nav_menu_css_class', function ($classes, $item, $args, $depth) {
    // filter by some condition... for instance, only on the "main" menu
    if ( $args->theme_location !== 'main' ) {
        return $classes;
    }
    // all the different "active" classes added by WordPress
    $active = [
        'current-menu-item', 
        'current-menu-parent', 
        'current-menu-ancestor', 
        'current_page_item'
    ];
    // if anything matches, add the "active" class
    if ( array_intersect( $active, $classes ) ) {
        $classes[] = 'active';
    }
    return $classes;
}, 10, 4);

Let’s talk about usernames

Usernames are a much, much harder problem than what you might think at first glance… even if you can get away with a really simple and naive implementation on a prototype, a large, global and secure service must consider lots of not-so-obvious details and possible attack vectors.

Let’s talk about usernames deals with the problem with uniqueness, homograph attacks, confusables and other security concerns that you might need to consider.

In Praise of Theory in Design Research: How Levi-Strauss Redefined Workflow

It is now well known that people use technology in unexpected ways (at least, in ways that software engineering and product teams had not intended) […] Our original charge was to find ways to improve and optimize users’ browser workflows following software and design-oriented assumptions. Instead, we saw that users were doing just fine with the tools they were already using.

In Praise of Theory in Design Research: How Levi-Strauss Redefined Workflow

Understanding Ethereum Smart Contracts

I've always heard that "Ethereum has better technology" than Bitcoin, and that's mostly because of Smart Contracts… which I'm still struggling to understand, if only a little less thanks to this excellent article by Gjermund Bjaanes

Simulation, Consciousness, Existence

Simulation, Consciousness, Existence it’s a lengthy article by Hans Moravec about the theory of reality as simulation, its moral and ethical implications, and ultimately, a discussion of the very notion of reality through the lens of quantum physics… a really perfect way to mess up your mind for the weekend.

Control HTTP 301 redirects caching

HTTP redirects should be your tool of choice when you’re reorganizing or renaming key sections of your site on order to keep visitors from hitting a not found page and make search engines update their location and keep their ranking. However, sometimes you might run into a situation when you need to update a redirect,… Continue reading Control HTTP 301 redirects caching