Here's a quick summary of the security analysis (8M pdf, in English) of the ES3B voting computer, manufactured by Nedap/Groendendaal. This type of apparatus is used to collect about 90% of all the votes for local and federal elections held in the Netherlands. (A slightly modified version of this type of voting computer is also used in Germany and France.)

The analysis is performed by a Dutch Citizens' Movement, whose name can be roughly translated into the We Don't Trust Voting Computers …

Ronald Bradford has published the thirteenth edition of Log Buffer, the weekly review of the database blogosphere. You can learn about Log Buffer and how to get in on the act, on the Log Buffer homepage. It’s good fun, and a fantastic platform for your perspective on the database scene. The schedule is quite open, however [...]

Received the final papers about my MySQL 5.0 Developers certification. Seems we are only two certified in Sweden so far, feels strange to be one of the few. But probably most people working with MySQL don't bother about certifying.

Ross McFarland recently posted to the Cluster mailing list about a Perl binding that he’s been working on for the NDB API. Ross says that it’s just a proof of concept, and at this point nowhere near complete, but is inviting folks to download it and take it for a spin. I’m not a Perl hacker myself, but I’d be interested in hearing your reaction or if you’re doing something interesting with this.

Of course, if you’re working on your own port of the NDB API to some other language - say, PHP, Python, or (heh) even JavaScript - I’d love to hear about it.

After the new version for Linux we are now also able to announce a fixed version of XAMPP for Windows.

Some vulnerabilities have been reported in OpenSSL, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. To fix this problem we released an upgrade package for the Windows version of XAMPP.

This upgrade is primary for those people who a using XAMPP in a public or semi public environment, like a local network or the Internet.

You can get the upgrade from the usual place (there you also find an explanation how to install the upgrade). More information about the vulnerability: here

Looking for code inclusions?
The versatile google cluster has a solution for this, like for many other tasks.
This search

lang:php \secho\([^)]*_REQUEST[^)]*\); lets You find various places where some variable from the superglobal $_REQUEST is printed with echo. By the same means, you can easily find places where such a variable is directly included in an SQL query, for instance with lang:php \smysql_query\([^)]*_REQUEST[^)]*\); .
This alone yields 50 results for each query, but it may be varied with printf() instead of echo() or just …

Had a support question on the T-SQL to MySQL procedure converter. Seems like the first (current) version crashes when SQL statements are very long. Made a fix, and also improved the printing of long lines. Don't know if I am going to release it as is, or add more pretty-rpinting perheps. Also noticed that my support case uses + for string concatenation, which is not converted by the current version.

Some time ago, I sent an internal message to all the MySQL employees challenging/pleading for anyone who had coding skills but was not involved on the development team to jump in and help fix bugs. Several kind people took me up on that challenge, and Jay has now blogged about his experience and the steps involved in fixing a MySQL server bug. It’s an excellent and detailed explanation of how to set up your linux (or Mac) development environment, and how to add a test case to our regression test suite to be sure the bug never comes back. One suggestion - I recommend using compile-pentium-debug-max instead compile-pentium-debug, as the max build script turns on a lot more things in the code which you want to be tested when you run the regression test suite.

Hmm, I wonder if anyone would …

Slashdot carried a story earlier today entitled "Why Is Commercial OSS So Expensive?" He was referring to embedded software, and his experience is 100% contrary to my own experience. (My background is in open source embedded software.) He says:

Our startup honestly wanted to use OSS products. We do not want to spend time for any OSS bug fixing so our main requirement was -official support for all OSS products-. We thought were prepared to pay the price for OSS products, but then we got a price sticker shock....After all, we have decided that the survival of our business is more important for us then 'do-good' ideas. Except for that embedded Linux (slated for WinCE or VxWorks substitution), we are not OSS shop anymore.Taking the author at his word - that commercial open source is, in fact, expensive (has he tried the alternatives?) - I think he's …

If you're a programmer, you know the difference between a beginner and a master is the ability to write succinct code that does a great deal with very little work. If you can do this, you can easily raise your productivity and the quality of your work by an order of magnitude. Much more importantly, you can have a lot more fun writing code. Read on to learn how.