What did you do this past week?
Last week, I watched 3 episodes of Narcos. Melanie wouldn’t let me touch the show without her consent, so I am stuck on an artificial cliffhanger. Anyways, I did a bit of work on side projects and class assignments (mostly right before the deadline like this one). I went to Houston at the start of the week and I went to Dallas to finish the week.
What’s in your way?
Mostly shuffling through the two jobs. This will be resolved within the next 2 weeks.
What will you do next week?
Start working on the project Collatz. And try my best to do classwork on time.
What’s my experience of the class?
Last week, I got called on for the first time this semester by Downing. It was a close call since I wasn’t planning on showing up that day.
What’s my pick-of-the-week or tip-of-the-week?
I read an article last night on how dangerous XML can be. The summary of the article is as follows. If you are using an up-to-date XML parser, and your use-case only involves using xml as a way to transfer data, you should be fine. Otherwise, don’t allow custom entities in your parser settings. There are multiple exploits that target vulnerabilities in how XML is structured.
An example the author gave involved the use of nested custom entities to generate a billion instances of the word “lol” dynamically on the target machine, wasting many cycles and consuming a lot of memory.
An even scarier example involved the use of custom entities with values being pulled from the server’s file system.