Client Driven Automation of Schema Evolution

The idea behind my final year project came from the tedium of having to write trivial SQL change scripts during my placement after editing an entity within the system.

Three solution we’re developed, initially a Scala implementation that I struggled to get working, then a C# prototype build in LINQPad, and finally a C# framework that is available on the NuGet package manager.

Source Code

C# Framework: GitHub Repository, NuGet Page

Prototype Repositories: C# PrototypeScala Prototype


Have I been pwned?

There’s a great new web application to check if any of your online accounts have been compromised in any of the major data breaches:

Have I been pwned?

Better yet the developer has extensively published about how he made the site on the Azure platform:

Using PGP/GPG on Windows (and Chrome)

I’ve been looking for the ideal solution for using PGP on Windows that works with both local files and on the internet (for things like Gmail).

As a Chrome user there are no perfect solutions for using PGP within the browser using an extension. I finally came across a tool called WinPT which has solved this problem using the clipboard.

The Tools


This provides the core software for encrypting and decrypting PGP messages and verifying signatures.

I’d actually recommend just download the Gpg4win-Light install as WinPT comes with its own key manager that works very well.


Gpg4win setup.



WinPT is a taskbar front-end for GnuPG which includes key management, encryption via the clipboard, direct file encryption and support for OpenPGP smartcards. It is designed to make life easier for people who want encryption, and to make security less daunting for people who are new to securing data.


The taskbar menu for WinPT.

This is the tool that really allows you to integrate PGP with windows.


The WinPT key manager.

The combinations of these two tools allows for hassle free use of PGP on a Windows system regardless of where the message is stored, be it on the web or in a file.

Why Pirating Premium WordPress Themes is a Bad Idea

Free Themes are Great Right…?

Following on from my limited interaction with the GetMama malware that was infecting PHP sites on shared hosts, I’m going to hopefully show why it’s a bad idea to go looking for pirated copies of premium WordPress themes.

Theme Selection

I picked a popular premium theme called Canvas made by WooThemes that I will attempt to download for free and check for malicious code. The search, as shown below, nicely demonstrates how widely available pirated copies of paid-for WordPress themes are.

I ended up using the download from the third result as it appeared to offer a more recent copy of the theme. The resulting download actually contained many of the themes made by WooThemes, but I stuck to Canvas.

An analysis of the file by VirusTotal can be found here: WooThemes.rar, 20.3MB


After running all the files through a script that looks for uses of eval and base64_decode (what I believe are the most common methods of obfuscation for bad PHP code), I found a couple of uses of base64_decode.

Continue reading