The SSL Heartbleed bug explained in 30 seconds

Another excellent comic by xkcd (a site that publishes dev/op/web-related comics, usually nailing things right to the head): This time explaining one of the worst bugs in IT history, the OpenSSL “Heartbleed Bug” (links to official bug page). For everybody who lived under a rock in the last days: Several weeks ago a bug in the open source OpenSSL library (that is used in, well, nearly everything that uses SSL, from major websites to NAS systems, from Android to routers) was discovered and major websites were informed secretly (to prevent criminals getting notice on that). The bug is basically a broken parameter check that allows the user/attacker to request a “full” memory dump. A full memory dump. With passwords, SSH keys, etc. in it.

A few days ago, TheVerge wrote an article about the bug, reaching mass attention, opening heaven for cyber-criminals. Side-fact: It’s interesting to see the extreme mass of news coverage created by bugs in (open source) software these days: Heartbleed and Apple’s OpenSSL bug (test site) have made it to the #1 article in quality newspapers, tv news and for sure online newspapers all over Europe. Somebody ran a mass test against the top1000/top10.000 pages in the world, checking major websites for vulnerability – and listed the results here on GitHub. This list is unproven, but the names are awesome. Note that this list has been created after the bug went viral, so we don’t talk about a theoretical bug here.

You can make a basic check for the bug on this Heartbleed test site.

The SSL Heartbleed bug explained in 30 seconds

Joshua Davis – my hero of Flash – in two excellent interviews (audio, video)

What’s new in PHPStorm 10 (Official promo video)

Somebody is writing a compiler for PHP, compiles down to machine code, outperforms HHVM

“Belt” adds very clever everyday functions to PHP, comes with JavaScript naming styles and eventually solves the needle/haystack problem

Is there a JSFiddle for PHP ? Yes !

Which PHP-framework to learn in 2014 ? PHALCON, by far the fastest ever!

Hacked french TV channel exposed passwords in TV interview (video, screenshots, links)

(Links) How to fix an extremely slow Symfony inside a Vagrant box

O’Reilly sells EVERY ebook for -50% right now!

Europeans: Get ready for OFFF conference / festival in Barcelona, May 2014

October CMS, built on top of Laravel, is beautiful, clever and on the way to be the new #1 CMS

Profiling PHP Applications by Bastian Hofmann (video from PHP UK Conference 2014)

First view on Zend Framework 3 by Matthew O’Phinney

Quick fix for 404 error in WordPress category / tag page

How to copy Vagrant boxes (or duplicate them)

HipHop VM reaches 100% green Unit Tests in Laravel, Drupal, Slim, CodeIgniter etc.

Extremely simple deployment with PHPloy

The New Era of JavaScript (28min conference talk, Jack Franklin, 2013)

Adobe offers Photoshop for $9.99 per month (limited deal)

Material Design – How Google designed Android L (7min video)

A super-simple pre-configured Vagrant box with HipHop, Hack and Hack code examples

Electronic Arts / Origin offers Battlefield 3 for free (limited promo action) !

[Link] Redesigning SoundCloud by Evan Simoni

A 6min video introduction into Twig, the PHP templating engine