There is a PHPMyAdmin update today for Debian. It fixes XSS bug in the table tracking feature and an XML import plugin vulnerability.  The stable version of Debian (squeeze) and testing (wheezy) are affected.

Package        : phpmyadmin

Vulnerability  : several

Problem type   : remote

Debian-specific: no

CVE ID         : CVE-2011-1940 CVE-2011-3181 CVE-2011-4107

Debian Bug     : 656247

 

Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:

 

CVE-2011-4107

 

The XML import plugin allowed a remote attacker to read arbitrary

files via XML data containing external entity references.

 

CVE-2011-1940, CVE-2011-3181

 

Cross site scripting was possible in the table tracking …

→ Read More...

As of December 21, 2011, the latest version of Google Analytics does not have the PDF Export utility. This is an important feature to have since graphs won’t print out. The graphs are generated in Adobe Flash, which you can only print via a right click within the Flash object. They are planning to add this feature to the new version of Google Analytics.

In order to print graphs/reports, you will need to downgrade to the old version of Google Analytics and use the Export to PDF feature. If you have the following …

If you are running on a server with limited space (e.g. VPS), you might need to manually clear out the Debian apt cache via this command:
apt-get clean

Or, keep the current version of the software:
apt-get autoclean

This will clean the files stored in:
/var/cache/apt/archives/

Debian Lenny EOL in two months. Security support for Debian GNU/Linux 5.0 (code name “lenny”) will end 2/6/2012.  If you are still using Lenny, you should run a distribution update to Squeeze in the next 60 days.

The Debian project released Debian GNU/Linux 6.0 alias “squeeze” on the 6th of February 2011. Users and distributors have been given a one-year timeframe to upgrade their old installations to the current stable release. Hence, the security support for the old release of 5.0 is going to end on the 6th of February 2012 as …

Here’s a quick modification to the awstats file that allows you to add a totals field for the “Viewed – Full List” option. There isn’t a total hits field for matching files in awstats, so I added one to make it more useful. This makes it a lot quicker to total up hits for a specific folder, file type, or specific file in awstats.

I completed an upgrade of Debian Lenny to Squeeze on a production database server over the weekend. It went quite well and I had zero downtime thanks to my secondary database servers running in-place. One of the biggest benefits to running Squeeze is that MySQL runs at version 5.1.49. Lenny only supports up to MySQL 5.0.

Row-based-replication is safer to replicate data to other servers since all changes are replicated. Prior to MySQL 5.1.14, updates to the mySQL database were not replicated. They were updated via statements (e.g. GRANT, REVOKE). This can potentially cause data-consistency between the master and …

Apple has started sending the tracking information on Monday 10/10/2011 for the iPhone 4S preorders via e-mail. If you ordered early Friday from Apple (before 7am), you should be getting your tracking information shortly.

AT&T is starting to update the status of their iPhone 4S orders from backordered to processed. Verizon and Sprint have sent shipping confirmation notices as well for their Apple iPhone 4S preorders.

I’ve looked at a number of cURL PHP tutorials on the web and noticed “curl_setopt($RESTsession, CURLOPT_SSL_VERIFYPEER, false);” is often used for accessing secure websites via cURL. This is often seen when people ask “I cannot connect to HTTPS site using cURL” or have the “SSL certificate problem, verify that the CA cert is OK” error with cURL.

Ideally, you should set the SSL_VERIFYPEER value to true unless the server you are connecting to does not have a signed certificate. If you are sending confidential data, wouldn’t you want to make sure you are connecting to the correct server?

This guide will help you get the CA certificate from the remote server using Mozilla Firefox 6 and then use PHP with cURL to retrieve the information from the remote https server.

With kernel.org being down for the past few weeks, there isn’t a clear indication of when they’ll be back up. In the meantime, its a good time to check if you are using mirrors.kernel.org on your Linux apt sources so you can continue to get the latest updates. As for developers, many are using github or other repositories to host their code. For instance, Linux Torvalds has released the latest build of Linux 3.1 via Github.

After about a month of using NetBeans (www.netbeans.org), I’m making it my main code editor/IDE. I’m writing code on both Mac OSX and Windows, so its nice to have one editor to use for both. The built-in CVS, Subversion, Mercurial, and file transfer tools is really good. The built-in syntax validation works decently as it will catch any missing semi-colons and brackets. Code completion works good with all the PHP functions listed and it will pull all matching functions in your namespace. Performance is a bit slower since its running on Java, but it should run ok on newer computers. Its also free, which is probably the #1 selling point.