Blog
Pixy a XSS and SQL-Injection Scanner for PHP
LWN mentioned Pixy a XSS and SQL-Injection Scanner for PHP which looks quite interesting.
From a quick overview over the project page, it seems that it uses data flow analyze to mark potential insecure section where external variables are used without care and prior data validation.
Didn't really test it though and therefore don't know about false positive and so on. But it is certainly worth a closer look, unfortunately i currently don't have time but who knows maybe someday when PHP5 is supported it will become handy.
Marc
Creating a new GPG-Key
Today i created a new gpg-key, here is a short description of this procedure, just in case i have to do it again.
Run
gpg --gen-keyand answer the questions should be fairly straight forward. At the end your key-id which uniquely identifys your key will be printed. Use it to cerate a revoke certificate, just in case your key will be compromised.
gpg --output [email].revoke.asc --gen-revoke [key-id]Then export your public key which you can distribute to your friends.
gpg --armor --output [email].pub.asc --export [key-id]I would also advice you to export the private key and store it in a secure place.
gpg --armor --output [email].sec.asc --export-secret-key [key-id]As a final step send your public to one of the many keyservers so others can fetch it and encrypt documents with it.
gpg --keyserver wwwkeys.ch.pgp.net --send-key [key-id]The keyserver are constantly synchronising under each other so after some time your key should be available to others. Do a quick search to check this.
gpg --keyserver wwwkeys.de.pgp.net --search-keys [email]Marc
Last exams of my apprenticeship and debconf7 video talks are online
Today i had the last series of exams for my apprenticeship, shouldn't be that bad. On a side note debconf7 recordings of the various talks are already online. I am currently in no way associated with debian but i am reading the devel lists and attending a development camp would certainly be fun. As i will hopefully have a bit more free time in the next few months i already played with the though to actually participate actively. So congratulates to them, i for one know what i will watch the upcoming evenings.
Marc
VBA hurts - a lot
Today i had to make some changes to an in house macro and it just reminded me of the fact that VBA causes brain damage. I really dislike this language and try to avoid it as much as i can. An example of it's stupidity is the fact that it uses the same operator for both assignment and comparison. Then the standard VBA standard library is just too poor, there doesn't seem to be a method to remove all objects from a given collection which results in selfmade solution like the following.
Do While mycollection.Count > 0
mycollection.Remove (1)
Loop
Enough ranting for today, hope you don't have to use this crap, too bad that i am not working in the *nix world.
Marc
Disabling the Macbook Startup Sound
When you start a macbook you hear a kind of control sound (beep) which means the hardware check was ok. This sound is pretty annoying even more when you start your laptop in a public room and suddenly everybody is looking at you.
After some research i found out that Psst (a Mac application) allows you to disable this startup sound. So happy booting, without disturbing everybody around you.
Marc
