The SSL Heartbleed bug explained in 30 seconds

Another excellent comic by xkcd (a site that publishes dev/op/web-related comics, usually nailing things right to the head): This time explaining one of the worst bugs in IT history, the OpenSSL “Heartbleed Bug” (links to official bug page). For everybody who lived under a rock in the last days: Several weeks ago a bug in the open source OpenSSL library (that is used in, well, nearly everything that uses SSL, from major websites to NAS systems, from Android to routers) was discovered and major websites were informed secretly (to prevent criminals getting notice on that). The bug is basically a broken parameter check that allows the user/attacker to request a “full” memory dump. A full memory dump. With passwords, SSH keys, etc. in it.

A few days ago, TheVerge wrote an article about the bug, reaching mass attention, opening heaven for cyber-criminals. Side-fact: It’s interesting to see the extreme mass of news coverage created by bugs in (open source) software these days: Heartbleed and Apple’s OpenSSL bug (test site) have made it to the #1 article in quality newspapers, tv news and for sure online newspapers all over Europe. Somebody ran a mass test against the top1000/top10.000 pages in the world, checking major websites for vulnerability – and listed the results here on GitHub. This list is unproven, but the names are awesome. Note that this list has been created after the bug went viral, so we don’t talk about a theoretical bug here.

You can make a basic check for the bug on this Heartbleed test site.

The SSL Heartbleed bug explained in 30 seconds

Microsoft announces “holographic” 3D interfaces (promo video)

Beautiful, minimal WordPress theme ZUKI by Elmastudio (with 30% discount)

Which server OS version to choose ? Some EOL lists of Debian, Ubuntu and CentOS

Must-read PHP blog: PHPweekly.com

How to setup a (or multiple) server/LAMP-stack inside a virtual machine for local development with Vagrant and PuPHPet

Free $10 coupon for DigitalOcean SSD cloud VPS hosting

How to install/setup a basic LAMP stack (Linux, Apache, MySQL, PHP) on Ubuntu 12.04 or Debian 7.0/7.1

How to install/setup latest version of PHPMyAdmin on Ubuntu 12.04 LTS (Precise Pangolin)

Need motivation ? Check out these 2 awesome “FORBES 30 under 30” lists (web, UI, games)

appserver.io – A New Way of Magento Enterprise Infrastructure (26min video talk)

How to enable mod_rewrite in Ubuntu 14.04 LTS

Create a fast, perfect and bootable 1:1 Windows backup (full clone of HDD) for SSD migration

Increase your PageSpeed score (10min video with Matt Gaunt)

GitHub rolls out .PSD diff and viewing

Creator of Slim framework and “PHP – The right way” writes book: “Modern PHP”, available 2015

A collection of beautiful ajax loaders / spinners in pure .svg / CSS

[Link] How To Install October CMS on a VPS running Ubuntu 14.04

Extremely simple deployment with PHPloy

PHP’s HipHop outperforms PHP 5.5 with Zend OPCache and Nginx by 15-20 times

How to copy Vagrant boxes (or duplicate them)

Adobe releases Firebug-like developer tools to edit and extract PSDs

A short & simple Composer tutorial

How Instagram.com works

[RePost] Goodbye LAMP: Going Nginx, NoSQL, HHVM (41min conference talk with Arne Blankerts)

Symfony devs: Creator of Symfony framework is hiring (Cologne, Germany)!