Today's Question:  What's your opinion about Alibaba mooncake incident?        GIVE A SHOUT

SEARCH KEYWORD -- Bug report



  A serious security vulnerability found in MySQL/MariaDB


Recently a serious security vulnerability was found in MySQL/MariaDB. It relates to the access to the database. The issue is described below.When a user connects to MariaDB/MySQL, a token (SHA over a password and a random scramble string) is calculated and compared with the expected value. Because of incorrect casting, it might've happened that the token and the expected value were considered equal, even if the memcmp() returned a non-zero value. In this case MySQL/MariaDB would think that the p...

   MySQL,MariaDB,bug,fix,password,memcmp()     2012-06-11 10:28:09


  HeartBleed: Should C be blamed for the HeartBleed bug?


There is a discussion about the security of applications written in C on Hacker News recently after the report of HeartBleed bug in OpenSSL. In this discussion, some people are saying that the applications written in C are unsafe. It seems all or most of the faults should be laid on C. I think this is biased. The language itself should not be blamed.Safety is a relative term for programming languages. No language is absolutely safe. We claim some languages like Java and C# are safer than C/C++ b...

   C,HeartBleed,Analysis,Code review     2014-04-14 03:52:55


  Latest PHP patch cannot fix the bug


On Wednesday(2012-05-02), a remote code execution vulnerability in PHP was accidentally exposed to the Web, prompting fears that it may be used to target vulnerable websites on a massive scale. The bug itself was traced back to 2004, and came to light during a recent CTF competition.A CERT advisory on the flaw explains: “When PHP is used in a CGI-based setup (such as Apache's mod_cgid), the php-cgi receives a processed query string parameter as command line arguments which allows command...

   PHP,bug,patch,bypassed     2012-05-08 11:20:56


  HeartBleed: OpenBSD now starts to clean up OpenSSL


Since the disclosure of HeartBleed bug in OpenSSL, some arguments emerge around the safety of OpenSSL, the largest open source SSL/TLS library used by large number of servers, applications. Some people are even starting to create their own version of SSL library. This includes OpenBSD, a famous Unix like open source operating system. Just a few days after the HeartBleed bug, OpenBSD forked a new branch of OpenSSL and started to clean up the forked branch and plans to merge it to its own cod...

   HeartBleed,OpenBSD     2014-04-15 04:21:26


  How to hide PHP Notice & Warning Messages


How to hide PHP Notice & Warning Messages. The PHP notice errors are frustrating and you are tired of seeing them when you are working on your scripts. They are showed at the beggining of your pages and may reveal confidential information to the visitor like the path to the file or the php file name in some cases.// Turn off all error reportingerror_reporting(0);// Report simple running errorserror_reporting(E_ERROR | E_WARNING | E_PARSE);// Reporting E_NOTICE can be good too (to report unin...

   PHP,Error,Warning,Deprecated,Hiding,Method     2011-11-18 12:17:26


  What do programmers like to say usually?


Coding is an very important part of programmer's daily work. But beyond coding, programmers need to do other work as well, they need to fix bugs reported by users, they need to write documents for their codes. Also, they often need to answer questions from customers, bosses and colleagues. What do they often say when they are facing different sort of questions? Today we share some. It's done. I just need to clean up a few things. This is hacky, but I'll fix it soon. This can never happen: It's ...

   Programmer,Execuse,Bug     2013-08-07 07:38:30


  Less Is More


I originally assumed that open source was simply a means of producing technology. But technology is just a lovely byproduct, the real goal is social. Not all open source projects work this way, but perhaps they should. I stumbled upon this realization while maintaining fog as it grew and grew and grew. Leaving issues open seemed unbearable, but over time the volume far exceeded my ability to keep up. Over time I saw the promise of a better way, but my expectations of open source would need to a...

   Open source,Less is more,Mentoring,Bug report     2011-11-28 10:45:47


  China has 591 million netizens now


CNNIC(China Internet Network Information Center() released its 32nd research report on Internet usage in China on July 17 Beijing Time. According to the report, China has 591 million netizens until June 2013, among them 464 million are phone Internet users. Chinese netizens surf the Internet 21.7 hours a week. The report shows that China's netizens reached 591 million as of the end of June 2013,  an increase of 26.56 million people compared to the end of 2012. Internet coverage rate is 44...

   CNNICInternet usage     2013-07-18 02:27:52


  A trap in PDOStatement::bindParam


First, let's check out below codes: <?php $dbh = new PDO('mysql:host=localhost;dbname=test', "test"); $query = <<prepare($query); $bind_params = array(':username' => "laruence", ':password' => "weibo"); foreach( $bind_params as $key => $value ){ $statement->bindParam($key, $value); } $statement->execute(); What is the SQL executed finally? Is there any problem with above codes? Many people may think the query executed is : INSERT INTO `user` (`username`, `password...

   PHP,Trap,bindParam     2013-08-29 10:48:55


  How many programmers does it take to screw in a lightbulb?


There seem to be a lot of “How many programmers does it take to screw in a lightbulb?” jokes floating around the Internet, but none aimed specifically for us SQA folk.  I have decided (perhaps mistakenly) that this is no longer acceptable.  If this decision is a mistake, I'm sure that someone else in QA will report it up as a bug and assign it to me.  For better or worse, there is now an SQA set of these jokes, thanks to me.  Now, without further ado, let the pun...

       2016-05-08 12:43:34