After the new version for Linux we are now also able to announce
a fixed version of XAMPP for Windows.
Some vulnerabilities have been reported in OpenSSL, which can be
exploited by malicious people to cause a DoS (Denial of Service)
and compromise a vulnerable system. To fix this problem we
released an upgrade package for the Windows version of
XAMPP.
This upgrade is primary for those people who a using XAMPP in a
public or semi public environment, like a local network or the
Internet.
You can get the upgrade from the usual place (there you also find an explanation
how to install the upgrade). More information about the
vulnerability: here
Oct
06
2006
Oct
06
2006
Looking for code inclusions?
The versatile google cluster has a solution for this, like for
many other tasks.
This search
lang:php \secho\([^)]*_REQUEST[^)]*\);
lets You find various places where some variable from the
superglobal $_REQUEST is printed with echo. By the same
means, you can easily find places where such a variable is
directly included in an SQL query, for instance with lang:php
\smysql_query\([^)]*_REQUEST[^)]*\); .
This alone yields 50 results for each query, but it may be varied
with printf() instead of echo() or just …
Oct
06
2006
Had a support question on the T-SQL to MySQL procedure converter. Seems like the first (current) version crashes when SQL statements are very long. Made a fix, and also improved the printing of long lines. Don't know if I am going to release it as is, or add more pretty-rpinting perheps. Also noticed that my support case uses + for string concatenation, which is not converted by the current version.
Oct
06
2006
Some time ago, I sent an internal message to all the MySQL
employees challenging/pleading for anyone who had coding skills
but was not involved on the development team to jump in and help
fix bugs. Several kind people took me up on that challenge, and
Jay has now blogged about his experience and the steps involved in fixing a
MySQL server bug. It’s an excellent and detailed explanation
of how to set up your linux (or Mac) development environment, and
how to add a test case to our regression test suite to be sure
the bug never comes back. One suggestion - I recommend using
compile-pentium-debug-max instead
compile-pentium-debug, as the max build script turns
on a lot more things in the code which you want to be tested when
you run the regression test suite.
Hmm, I wonder if anyone would …
[Read more]
Oct
06
2006
Slashdot carried a story earlier today entitled "Why Is Commercial OSS So Expensive?" He was referring to embedded software, and his experience is 100% contrary to my own experience. (My background is in open source embedded software.) He says:
Our startup honestly wanted to use OSS products. We do not want to spend time for any OSS bug fixing so our main requirement was -official support for all OSS products-. We thought were prepared to pay the price for OSS products, but then we got a price sticker shock....After all, we have decided that the survival of our business is more important for us then 'do-good' ideas. Except for that embedded Linux (slated for WinCE or VxWorks substitution), we are not OSS shop anymore.Taking the author at his word - that commercial open source is, in fact, expensive (has he tried the alternatives?) - I think he's …
[Read more]
Oct
05
2006
If you're a programmer, you know the difference between a beginner and a master is the ability to write succinct code that does a great deal with very little work. If you can do this, you can easily raise your productivity and the quality of your work by an order of magnitude. Much more importantly, you can have a lot more fun writing code. Read on to learn how.
Oct
05
2006
Stephen de Vries sent an email to SecurityFocus's web application security mailing list earlier today to comment on the new Google Code Search:
Google's code search provides an easy way to find obvious software flaws in open source and example applications.
He provided a few example queries to illustrate his point:
[Read more]
Oct
05
2006
I've written about Hyperic before when they open sourced their stack management and monitoring software. Hyperic's HQ product is the best way to manage a software stack in production, whether it's an open source LAMP stack, a closed source stack or, more likely, a hybrid combination. The HQ product was a spinoff from Covalent and was in development for several years before it was open sourced earlier this year. CEO Javier Soltero had a vision for creating a company around the technology and he's been able to do just that without compromising on the things that have made the technology successful.
HQ is an extensible system and so not only does it monitor all kinds of operating systems, web servers, app servers and database servers, but it can be extended to monitor just about any kind of application, both at a technical level and at a business level. One of …
[Read more]
Oct
05
2006
Today I tried on my database the WITH QUERY EXPANSION clause on a fulltext search.
I manage the website of a famous italian soccer club (www.inter.it), and we
have hundreds of thousands of pictures of actual and former
players, coaches, events and so on.
Every day a back-office tool involve our web editors in finding
pictures based on captions. I developed such a feature using a
simple full-text search.
So, let's try to find all pictures about "goalkeepers"
(unfortunately this word is not mainly used in picture
captions)
mysql> select count(*) from media where match(caption_en)
against('goalkeeper');
+----------+
| count(*) |
+----------+
| 60 |
+----------+
Let's try now the same query using WITH QUERY EXPANSION
mysql> select …
Oct
05
2006
Today I tried on my database the WITH QUERY EXPANSION clause on a fulltext search.
I manage the website of a famous italian soccer club (www.inter.it), and we
have hundreds of thousands of pictures of actual and former
players, coaches, events and so on.
Every day a back-office tool involve our web editors in finding
pictures based on captions. I developed such a feature using a
simple full-text search.
So, let’s try to find all pictures about “goalkeepers”
(unfortunately this word is not mainly used in picture
captions)
mysql> select count(*) from media where match(caption_en)
against('goalkeeper');
+----------+
| count(*) |
+----------+
| 60 |
+----------+
Let’s try now the same query using WITH QUERY EXPANSION
mysql> select …