I don't know all the details, but it sounds like this is a pretty bad one. I don't have an axe to grind, and this isn't just some oddball tech website reporting the story. This is a really major flaw that's being reported in a lot of major news outlets. This is a big deal.

http://news.bbc.co.uk/2/hi/technology/7784908.stm
http://tech.yahoo.com/blogs/null/111811;_ylt=AqJLQ7r2VhquAHfYFHFXhYAazJV...
http://voices.washingtonpost.com/securityfix/2008/12/microsoft_big_secur...
http://www.abcnews.go.com/Technology/wireStory?id=6478928

If you use IE to do anything at all online (read email, shop, whatever), you really should stop as soon as possible. You are opening yourself to having your computer taken over by crackers, and no anti-virus software will save you. Simply visiting a specially-coded website is all it takes. No other browser is affected by this problem. Only IE. All versions of IE from IE 5 (ancient) to IE 8 (not yet released) are affected.

There are lots of good alternatives. http://www.getfirefox.com is one.

In linux, I'm used to doing something like this to list which shared objects are linked to a binary.

OSX does things a little differently.

http://www.omnigroup.com/mailman/archive/macosx-admin/2002-April/029578....

I've used Mozilla Thunderbird as my email client for years. Overall, I love it. Spam filtering is top-notch, the threaded view is great for reading mailing-list traffic, it's an RSS reader, and the huge range of free extensions allow me to add all sorts of functionality that isn't in the base application.

I helped fix some cross-site scripting vulnerabilities in the Ganglia web frontend application. My code was released as 3.0.6.

http://ganglia.info/?p=60

I chose the name 'Foss' since Ganglia has a convention of naming releases after aviators. Joe Foss was a South Dakotan who flew fighters for the Marine Corps in WWII. http://en.wikipedia.org/wiki/Joe_Foss

UPDATE

Some bugs introduced in 3.0.6 prompted the release of 3.0.7. Of course I hate to say my code has bugs, but I don't feel too badly about this one. The time from problem report to the release of 3.0.6 was about 48 hours. The importance of fixing the XSS problems was deemed far more important than a full test period prior to release.

I did a presentation at last month's AzPHP meeting on how to run both PHP4 and PHP5 at the same time on Apache .  PHP4 runs as an Apache module, and PHP5 runs as a FastCGI program.

You get a lot of the flexibility out of this setup, and avoid most of the performance problems usually associated with CGI.  I put the talk notes up on this website for anyone who's interested.

I have 2 computers at work. One is a PowerMac G5, and one is a Dell running Ubuntu Linux. I switch frequently from one computer to the other, and having 2 keyboards and mice got to be a real nuisance. I've experimented with a few setups which allow just 1 keyboard and mouse to control both computers, and this is a quick report/howto on what I'm using.

Option 1 : KVM Switch

A KVM (keyboard, video, mouse) switch lets you hook up 1 keyboard, monitor, and mouse into both computers. You use either a button on the switch or a keyboard command to tell it which computer you want to control. This is kinda what I wanted, but not really. I have 2 monitors, and I want to be able to zip back and forth between the 2 without having to hit a button.

I improved the setup a little bit by setting the 2 monitors side by side, and only hooking the keyboard and mouse into the KVM switch. The monitors were hooked directly to their respective computers. This way, I could see both monitors at the same time, but switching between the 2 still felt clunky and slow. I wanted the 2 machines to act like one big desktop.

I've been trying out a few different PHP frameworks, and generally getting more familiar with full-blown OO design and development. When they talk about how much time the framework will save you, just about every one makes some kind of claim like 'you never have to write SQL again'! What they usually mean is that the framework includes some object persistence layer that lets you insert/update/delete data via object methods rather than SQL.

I can see the benefit of this in a number of contexts, but I still have concerns.

The typical persistence layer will turn $obj->load() into something like "SELECT * FROM table", and that's a problem in my mind. Every time you load the object, you get EVERYTHING from the row, even if you only actually need the data from 1 column. It gets worse if the object you're loading is spread over multiple tables - you get all data from all tables. The object makes your PHP code nice and neat, but it translates into unnecessarily large queries, and lots of unnecessary data being sent from the database to the application.

Given that database access is often the #1 bottleneck in a web application, this seems like a formula for making performance worse.

As I previously wrote, I took (and passed) the Zend PHP certification exam last fall. I even got an ultra-special logo for being one of the first 1000 people to pass. Neato.

I've been asked a few times since then if I thought it was a good test, would I do it again, should (other person) take the test, etc. I haven't really known how to answer. I mainly took it as a personal challenge. At the time I was self-employed, and I didn't often get to interact with other developers. I wanted to know if my PHP skills measured up in any meaningful way. I was happy with the outcome of my test, but I'm still not sure about its long-term value.

The test I took would establish a base level of familiarity with PHP. It won't identify superstars. Anyone who had programmed for a year or two, and spends a few weeks preparing, can pass this test. It is more of a 'weed out the boneheads' than a badge of genius. (It removes a negative possibility, rather than adding a positive.) This might seem obvious, but when the test is promoted as a way of 'making you stand out among job applicants', I think the implication is a bit off the mark.

Lastly, I'm really underwhelmed by the self-aggrandizing promotion for this test by the people who have created it, and who are making money selling test prep courses. Again, probably no big surprise that this is going on, but it still is a turnoff to me.

Yesterday, I installed the Seagull PHP framework, and ran into an odd problem. I grabbed the latest source, untarred it on my web server, and browsed to the installation script. (seagull/www/setup.php). All went just fine until I hit 'Submit' on Step 4. The 'Step 5' page presented an ugly PHP error message.

This struck me as very odd, because it's an error reported not by the Seagull code, but by the PEAR HTML_QuickForm class, which is used by Seagull. QuickForm is a stable product, has been around for a while, and is widely used. Even stranger, the very method which is reporting an error was used in all previous stages of the Seagull installer. How can it exist on the previous pages, and then 'disappear' at stage 5?

I don't know the precise answer to this question, but I can say I'm pretty sure I know where the problem lies. The APC caching system. I had installed it earlier in the day, as it's recommended by Seagull. I'd heard good things about it previously, so I figured it was worth a try. The APC install went smoothly. After installing, I decided to browse the deanspot.org site to see if I could notice any speedup due to the caching.