In June, 1995, Rasmus Lerdorf made an announcement on a Usenet group. You can still read it.
Today, twenty five years on, PHP is about as ubiquitous as it could possibly have become. I’d be willing to bet that for the majority of readers of this article, their first forays into web programming involved PHP.
Announcing the Personal Home Page Tools (PHP Tools) version 1.0.
These tools are a set of small tight cgi binaries written in C.
But no matter what rich history and wide userbase PHP holds, that’s no justification for its use in a landscape that is rapidly evolving. Whilst PHP will inevitably be around for years to come in existing applications, does it have a future in new sites?
Last Friday, thousands of owners of Samsung Blu Ray players found that their home entertainment devices would no longer boot up. While devices getting stuck in a power-cycling loop is not uncommon, this case stands out as it affected a huge range of devices all at the same time. Samsung’s support forum paints a bleak picture, with one thread on the issue stretching to 177 pages in just a week.
So what is going on, and what can be done to fix the problem? There’s a lot of conflicting information on that. Some people’s gear has started working again, others have not and there are reports of customers being told to seek in-person repair service. Let’s dive in with some wild speculation on the problem and circle back by commiserating about the woes of web-connected appliances.
[Wladimir Palant] seems to be on a one man crusade against security problems in security software. The name may not be immediately recognizable, but among his other infamies is originating Adblock Plus, which we have a love-hate relationship with. (Look, surf the net with an adblocker, but disable it for sites you trust and want to support, like HaD).
This week, he announced a rather serious flaw in the Bitdefender. The disclosure starts off with high praise for the Bitdefender: “security-wise Bitdefender Antivirus is one of the best antivirus products I’ve seen so far….” Even with that said, the vulnerability he found is a serious one. A malicious website can trigger the execution of arbitrary applications. The problem was fixed in an update released on the 22nd.
Image by Wladimir Palant, CC BY-SA 4.0
The vulnerability is interesting. First, Bitdefender uses an API that was added to web browsers specifically to enable security software to work without performing man-in-the-middle decryption of HTTPS connections. When a problem is detected, Bitdefender replaces the potentially malicious page with it’s own error message.
Because of the way this is implemented, the browser sees this error message as being the legitimate contents of the requested site. Were this a static page, it wouldn’t be a problem. However, Bitdefender provides an option to load the requested page anyway, and does this by embedding tokens in that error page. When a user pushes the button to load the page, Bitdefender sees the matching tokens in the outgoing request, and allows the page. Continue reading “This Week In Security: Bitdefender, Ripple20, Starbucks, And Pwned Passwords”→
Who among us didn’t spend some portion of their youth trying in vain to watch a scrambled premium cable TV channel or two? It’s a wonder we didn’t blow out our cones and rods watching those weird colors and wavy lines dance across the screen like a fever dream.
In the early days of national premium television in America, anyone who’d forked over the cash and erected a six-foot satellite dish in the backyard could tune in channels like HBO, Showtime, and the first 24-hour news network, CNN. Fed up with freeloaders, these channels banded together to encrypt their transmissions and force people to buy expensive de-scrambling boxes. On top of that, subscribers had to pay a monthly pittance to keep the de-scrambler working. Continue reading “Grey Gear: French TV Encryption, 1980s Style”→
In its place will be Apple’s own custom silicon, based on 64-bit ARM architecture. Apple are by no means the first to try and bring ARM chips to bear for general purpose computing, but can they succeed where others have failed?
Who would have thought that software packaging software would cause such a hubbub? But such is the case with snap. Developed by Canonical as a faster and easier way to get the latest versions of software installed on Ubuntu systems, the software has ended up starting a fiery debate in the larger Linux community. For the more casual user, snap is just a way to get the software they want as quickly as possible. But for users concerned with the ideology of free and open source software, it’s seen a dangerous step towards the types of proprietary “walled gardens” that may have drove them to Linux in the first place.
Perhaps the most vocal opponent of snap, and certainly the one that’s got the most media attention, is Linux Mint. In a June 1st post on the distribution’s official blog, Mint founder Clement Lefebvre made it very clear that the Ubuntu spin-off does not approve of the new package format and wouldn’t include it on base installs. Further, he announced that Mint 20 would actively block users from installing the snap framework through the package manager. It can still be installed manually, but this move is seen as a way to prevent it from being added to the system without the user’s explicit consent.
The short version of Clement’s complaint is that the snap packager installs from a proprietary Canonical-specific source. If you want to distribute snaps, you have to set up an account with Canonical and host it there. While the underlying software is still open source, the snap packager breaks with long tradition of having the distribution of the software also being open and free. This undoubtedly makes the install simple for naive users, and easier to maintain for Canonical maintainers, but it also takes away freedom of choice and diversity of package sources.
Netbooks are dead, long live the Chromebook. Lewin Day wrote up a proper trip down Netbook Nostalgia Lane earlier this month. That’s required reading, go check it out and come back. You’re back? Good. Today I’m making the case that the Chromebook is the rightful heir to the netbook crown, and to realize its potential I’ll show you how to wring every bit of Linuxy goodness out of your Chromebook.
I too was a netbook connoisseur, starting with an Asus Eee 901 way back in 2009. Since then, I’ve also been the proud owner of an Eee PC 1215B, which still sees occasional use. Only recently did I finally bite the bullet and replace it with an AMD based Dell laptop for work.
For the longest time, I’ve been intrigued by a good friend who went the Chromebook route. He uses a Samsung Chromebook Plus, and is constantly using it to SSH into his development machines. After reading Lewin’s article, I got the netbook bug again, and decided to see if a Chromebook would fill the niche. I ended up with the Acer Chromebook Tab 10, codename Scarlet. The price was right, and the tablet form factor is perfect for referencing PDFs.
Behold, my netbook credentials.
The default ChromeOS experience isn’t terrible. You have the functionality of desktop Chrome, as well as the ability to run virtually any Android app. It’s a good start, but hardly the hacker’s playground that a Linux netbook once was. But we can still get our Linux on with this hardware. There are three separate approaches to making a Chromebook your own virtual hackspace: Crostini, Crouton, and full OS replacement.
