Impact of a Positive Leap Second Introduced In June
January 5, 2015 | COMMENTS

The International Earth Rotation And Reference Systems Service (IERS) announced that a positive leap second will be introduced on the last day of June 2015 (Official Bulletin C 49) making the day with 86,401 seconds.

In 2012, a similar event created major outages on most of the internet with only few avoiding problems. See this Forbes post from July 2012: +1: Google Aces 'Leap Second' While Reddit, LinkedIn And More Went Down Saturday.

Continue Reading
POODLE SSLv3.0 Vulnerability CVE-2014-3566
October 15, 2014 | COMMENTS

It has been few days that some rumors were talking about a new SSLv3 vulnerability. It's been confirmed yesterday by the Google Security team as they released the details of the vulnerability. See CVE-2014-3566.

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

You must disable SSLv3.0 or CBC-mode ciphers with SSLv3.0 to mitigate the issue. You should make sure to do this for all your services, including third party services like Amazon AWS CloudFront.


Bash Vulnerability: Patch Now! CVE-2014-6271
September 24, 2014 | COMMENTS

A Bash vulnerability has just been announced, rated 10 on a scale of 10. The vulnerability is Network Exploitable. Patch Now.

GNU Bash through 4.3 incorrectly handle trailing strings after function definitions in the values of environment variables. An attacker could use this issue to bypass environment restrictions, such as SSH forced command environments, and execute arbitrary code.

You need to patch your systems now.

Update: If you already patched your system. Check it again. You may have to patch again due to a previous incomplete fixes. See CVE-2014-7169, Incomplete fix for CVE-2014-6271


Debug PHP code with PHP 5.6 and phpdbg
News Programming
September 13, 2014 | COMMENTS

PHP 5.6.0 has been released last month by the PHP Development Team. This new version includes some major changes and many improvements. See the release note.

phpdbg, Interactive PHP debugger

Main features added:

  • Constant scalar expressions.
  • Variadic functions and argument unpacking using the ... operator.
  • Exponentiation using the ** operator.
  • Function and constant importing with the use keyword.
  • phpdbg as an interactive integrated debugger SAPI.
  • php://input is now reusable, and $HTTP_RAW_POST_DATA is deprecated.
  • GMP objects now support operator overloading.
  • File uploads larger than 2 gigabytes in size are now accepted.

You can find the complete features list on the PHP Website.

One of the new features is the integrated phpdbg debugger which provides an interactive environment to debug your PHP code. phpdbg is implemented and distributed as an SAPI module. The phpdbg website has some good documentation, I recommend the Getting started with phpdbg section. This is not a replacement for XDebug.

Let's cover how to get started with PHP 5.6.0 and phpdbg on Mac OS X.

Continue Reading
Markdown is dead. Long live Markdown!
News Programming
September 7, 2014 | COMMENTS

If you haven't been away of the internet for the past few years or if you are an occasional blogger, you must have heard about Markdown. It is a plain text format for writing structured documents. It has been developed in 2004 by John Gruber and widely adopted since then. The problem? A quite ambiguous syntax specification leading to many different implementations.

Continue Reading