PHP Security and the Month of PHP Bugs

In this episode is discuss PHP security. Up till this point I have talked about web app sec in general, but I break from this in honor of the Month Of PHP Bugs that is going on through March.

PHP has frequently been blamed for security problems in applications written in PHP which really is no fault of the language and engine itself. It would be like everyone blaming C and C++ as being insecure, and the cause of tons of security problems. Most of the time the problem is the developers who use the languages, not the languages themselves. However, there are security problems in the PHP codebase which need to be fixed and is what is being highlighted by the Month Of PHP Bugs.

So in this episode I discuss these issues, some of my past projects and some various other issues in PHP… Its so good to be back at the mic, even tho I am still recovering from the flu and had my voice start failing me at the end.
Enjoy!

podPress more than one year old

Today I was pondering the success of the podPress project since it started which got me to trying to remember how long its been. So a quick look at the change log shows that I released the first version on Feb 2nd of 2006.

So, its only a year and one month old!

What started as a quick hack to wordpress that I wanted to use to bring attention to my little podcast, has become far more widely appreciated and used than I could have ever guessed.
I want to thank you all for your support and thanks that I get in forum posts, emails and paypal donations. They all matter very much to me, and encourage my development to continue.

A special thanks also to macx who, over the last couple of months has really taking the initial quick little stats feature and turned it into something impressive. Its always great fun when I can chat about code with another developer and enjoy the collaborative artistic effort that software development can be.

Stranger Things Podcast – Wow

As a long time podcasting fan and supporter of the community I have been a fan of many shows, and impressed by a bunch of them. Some of my favorites (and I know I’ll end up forgetting some) have been Slice of Sci/Fi, Escape Pod, Filmspotting, The Signal, The Bitterest Pill, Verge of the Fringe, zeFrank, TikiBarTV and numerous Podiobooks (Sigler, Selznick, JC Hutchins, etc), along with many many more.

So when I say I was blown away by the efforts of Stranger Things (http://www.strangerthings.tv), its not from a lack of experience with the brillance and creativity in this community. Its because its quite an impressive accomplishment. Audio is one thing, and it takes skill and hard work to do it well. Short video clips like those from zeFrank andTikiBarTV are also quite a bit of work and take great talent. But to produce a 30 minute long episode with decent acting, a cool story (from self-pimping Sigler) and very nice special effects… and to make it a free podcast. Wow.

I have a hell of a time just trying to get my show out once a month, and even that is wayyy behind on getting some episodes out (one is coming soon btw).

Anyways, my props to the Stranger Things team, and I hope you are able to continue gaining an audience and some sponsorship/donations to help keep your show going.

A Month of PHP Security Bugs

The folks at the Hardened PHP Project (makers of Suhosin) have started their Month of PHP Bugs initiative. This initiative is an effort to improve the security of PHP by bringing awareness to various security problems in PHP itself. This does not directly impact any PHP applications, but instead the language itself. As far as I understand, the plan is to disclose issues that can be resolved by way of just using Suhosin or theĀ  Hardened PHP Project. Hopefully the PHP core team will finally wake up and start implementing some of the recommendations being suggested.

note: this post is likely to become a podcast if I can finish recording the show.