Today's Question:  What are you most afraid of as a programmer?        GIVE A SHOUT

SEARCH KEYWORD -- Bug report



  A serious security vulnerability found in MySQL/MariaDB


Recently a serious security vulnerability was found in MySQL/MariaDB. It relates to the access to the database. The issue is described below.When a user connects to MariaDB/MySQL, a token (SHA over a password and a random scramble string) is calculated and compared with the expected value. Because of incorrect casting, it might've happened that the token and the expected value were considered equal, even if the memcmp() returned a non-zero value. In this case MySQL/MariaDB would think that the p...

   MySQL,MariaDB,bug,fix,password,memcmp()     2012-06-11 10:28:09


  Linus Torvalds apologizes for Linux 4.8 kernel bug


On Oct 2, Linus Torvalds proudly announced the release of Linux 4.8. But just days after the release, a bug was found in the kernel and Linus came out and apologized for this bug. I'm really sorry I applied that last series from Andrew just before doing the 4.8 release, because they cause problems, and now it is in 4.8 (and that buggy crap is marked for stable too). In particular, I just got this kernel BUG at ./include/linux/swap.h:276 and the end result was a dea...

   LINUX,LINUX KERNEL,NEWS,LINUS TORVALDS,BUG_ON     2016-10-07 03:46:17


  HeartBleed: Should C be blamed for the HeartBleed bug?


There is a discussion about the security of applications written in C on Hacker News recently after the report of HeartBleed bug in OpenSSL. In this discussion, some people are saying that the applications written in C are unsafe. It seems all or most of the faults should be laid on C. I think this is biased. The language itself should not be blamed.Safety is a relative term for programming languages. No language is absolutely safe. We claim some languages like Java and C# are safer than C/C++ b...

   C,HeartBleed,Analysis,Code review     2014-04-14 03:52:55


  Latest PHP patch cannot fix the bug


On Wednesday(2012-05-02), a remote code execution vulnerability in PHP was accidentally exposed to the Web, prompting fears that it may be used to target vulnerable websites on a massive scale. The bug itself was traced back to 2004, and came to light during a recent CTF competition.A CERT advisory on the flaw explains: “When PHP is used in a CGI-based setup (such as Apache's mod_cgid), the php-cgi receives a processed query string parameter as command line arguments which allows command...

   PHP,bug,patch,bypassed     2012-05-08 11:20:56


  HeartBleed: OpenBSD now starts to clean up OpenSSL


Since the disclosure of HeartBleed bug in OpenSSL, some arguments emerge around the safety of OpenSSL, the largest open source SSL/TLS library used by large number of servers, applications. Some people are even starting to create their own version of SSL library. This includes OpenBSD, a famous Unix like open source operating system. Just a few days after the HeartBleed bug, OpenBSD forked a new branch of OpenSSL and started to clean up the forked branch and plans to merge it to its own cod...

   HeartBleed,OpenBSD     2014-04-15 04:21:26


  How to hide PHP Notice & Warning Messages


How to hide PHP Notice & Warning Messages. The PHP notice errors are frustrating and you are tired of seeing them when you are working on your scripts. They are showed at the beggining of your pages and may reveal confidential information to the visitor like the path to the file or the php file name in some cases.// Turn off all error reportingerror_reporting(0);// Report simple running errorserror_reporting(E_ERROR | E_WARNING | E_PARSE);// Reporting E_NOTICE can be good too (to report unin...

   PHP,Error,Warning,Deprecated,Hiding,Method     2011-11-18 12:17:26


  What do programmers like to say usually?


Coding is an very important part of programmer's daily work. But beyond coding, programmers need to do other work as well, they need to fix bugs reported by users, they need to write documents for their codes. Also, they often need to answer questions from customers, bosses and colleagues. What do they often say when they are facing different sort of questions? Today we share some. It's done. I just need to clean up a few things. This is hacky, but I'll fix it soon. This can never happen: It's ...

   Programmer,Execuse,Bug     2013-08-07 07:38:30


  Less Is More


I originally assumed that open source was simply a means of producing technology. But technology is just a lovely byproduct, the real goal is social. Not all open source projects work this way, but perhaps they should. I stumbled upon this realization while maintaining fog as it grew and grew and grew. Leaving issues open seemed unbearable, but over time the volume far exceeded my ability to keep up. Over time I saw the promise of a better way, but my expectations of open source would need to a...

   Open source,Less is more,Mentoring,Bug report     2011-11-28 10:45:47


  China has 591 million netizens now


CNNIC(China Internet Network Information Center() released its 32nd research report on Internet usage in China on July 17 Beijing Time. According to the report, China has 591 million netizens until June 2013, among them 464 million are phone Internet users. Chinese netizens surf the Internet 21.7 hours a week. The report shows that China's netizens reached 591 million as of the end of June 2013,  an increase of 26.56 million people compared to the end of 2012. Internet coverage rate is 44...

   CNNICInternet usage     2013-07-18 02:27:52


  A trap in PDOStatement::bindParam


First, let's check out below codes: <?php $dbh = new PDO('mysql:host=localhost;dbname=test', "test"); $query = <<prepare($query); $bind_params = array(':username' => "laruence", ':password' => "weibo"); foreach( $bind_params as $key => $value ){ $statement->bindParam($key, $value); } $statement->execute(); What is the SQL executed finally? Is there any problem with above codes? Many people may think the query executed is : INSERT INTO `user` (`username`, `password...

   PHP,Trap,bindParam     2013-08-29 10:48:55