A horrible PHP denial of service vulnerability fix in 5.3.5 and 5.2.17

Please make sure you upgrade your PHP version to the latest version as soon as possible as it has a major security flaw which makes websites subject to the following DOS attack.

All you have to do is make PHP interpreter (older than 5.3.5 or 5.2.17) to convert string "2.2250738585072011e-308" to be casted into a numeric type. So if you have a form that accepts numbers which are then cast from strings into numeric values on server side you are probably affected.

Insert performance comparison of NoSQL vs SQL servers

I have played around with CouchDB half year ago and it's performance was just horrible. I have heard a lot of good about mongodb recently so i thought i will have a look at it.

I think that NoSQL can have really good use cases in web. The problem is that you need a really performant and stable system if you want to use it in production. I ran just a few simple tests so its not a real benchmark or anything. It is just a simple test trying to figure out how far behind are nosql solutions (performancewise).

Review - Design Patterns: Elements of Reusable Software

After many years of reading references to it, i finally read Design Patterns by the famous Gang Of Four (GOF). Book is probably one of the most quoted and refereed IT books ever :-). Many of the articles I have read, that referred to the book, were really badly written. In most cases I had a feeling that authors did not understand design patterns at all. As a result my impression was that book has to be poor as well and does not do good job explaining patterns. This made me think that book has to be horrible if so many people write these vague and confusing articles referring to the GOF book itself.

How to keep your Linux time synchronized on virtual machines

If you do a lot of funky stuff you may need to have a few virtual machines running different images of debian. Well at least i do that. It works great but once you suspend the image it looses the current time. It is not a big deal but causes nasty errors during software updates (timestamp in the future).

The bigger problem is that if your time is not synchronized you wont be able to use Web Services Security (WS-S) extension in JAX-WS as it will complain about requests from the future as well!

Wiki does matter, why should you write documentation

I know it is obvious but i guess people still ignore the fact that documentation and knowledge sharing is important. Through my career as developer (so far 8 years) i have not joined a single project nor company that would have a proper up to date documentation. As a result it takes half year to catch up, instead of 3 months, for every new person joining the team and it causes constant headaches. I believe that could be improved if there was proper high / mid level documentation.

I know, I know, all the 'lazy developers' will jump and scream "but you should not waste time on documentation! code should document itself!". Well great, should IP addresses, web services, database schemas also document themselves? Being lazy is not a virtue, even that it seems to be cool.

UTF-8 BOM (Byte Order Mark) strikes again!

I can not believe it how many times did i stumble upon these stupid UTF-8 BOMs. At work we actually have a script which is part of the build cycle and makes sure we do not have any UTF-8 BOMs in our files.

First of all Byte Order Mark is a set of bytes at the beginning of a file that is added to indicate what unicode encoding is inside of the file. The only problem is that it does not matter for UTF-8 because UTF-8 does not have problem of byte order issues! Some editors and tools keep on adding UTF-8 BOM and it takes time to figure it out! oh man does it!?

Review - The art of application performance testing

Personally i think it is a good book but it lacks details, tools and practical solutions. Reading the book is quite enjoyable and it definitely contains a lot of useful tips and tricks.

What i liked the most is the fact that the book is meaty and condensed down to less than 150 pages. I really like books that are focused so i was not disappointed here.

The thing that author covers really well is the analysis and preparations of the testing plan and processes around it. You will read a lot about what to consider, how to prepare your self, what to check etc. There are also some useful checklists.

Q: What is a rainbow table? A: The reason why salting matters

Its not a new thing that passwords have to be kept safe. Unfortunately you cant protect every part of every system and you have to face the fact that some day your system may be hacked. Up till recently it would be safe enough to hash passwords using MD5 or SHA1 and put in some relatively safe place.

Unfortunately times have changed :-)

Syndicate content

About the author

Artur Ejsmont

Hi, my name is Artur Ejsmont,
welcome to my blog. I am a passionate software engineer living in Sydney and working for Yahoo!

Web Scalability for Startup Engineers

If you are into technology, you can order my book Web Scalability for Startup Engineers on Amazon. I would love to hear what are your thoughts so please feel free to drop me a line or leave a comment.

Follow my RSS