Michal Čihař - Blog Archives for English

Security in phpMyAdmin?

There was recently bug in our bug tracker that we compete with Microsoft to achieve highest number of security bugs. We definitely do not compete! However there always be security issues in such big application.

Majority of them are XSS issues, which are hard to detect automatically, so you either have to test various inputs or deeply analyze the code. Most attackers choose testing method and it sometimes bring them fruit. We try to fix any found issue as soon as possible, but it is not in our possibilities to fix it for all past releases that might have been included in some distribution.

Anyway I'd like to improve phpMyAdmin in this area and I think nobody would object if somebody would help us with code audit. I'm not enough experienced to see all possible flaws in code.

Wammu 0.17

Wammu 0.17 has been just released. New features:

  • Fix searching.
  • Remember column sorting.

As you can see there is not much to mention, because this is mostly bug fix release. Hopefully I didn't make much new bugs :-).

Make your software scalable!

Okay, I finally give up with SubStats. It is software that might be useful for repository with few commits, but definitely not suitable for phpMyAdmin:

  1. You can not make graph for more than 1000 revisions of phpMyAdmin, it crashes because "stack is too low".
  2. Generated SVG make most browsers really busy as it contains too much points and they usually render it few minutes.
  3. I managed to analyse about 5000 revisions, but it now requires about 800 MiB of memory.

So I have unusable graphs of 1/10 of repository and analysed data for 1/2 of repository where I can not continue.

Howto upset developer?

Just set priority to highest and when developer decreases it, just tell him to stay **** off . Okay I will stay off your fucking issue, no problem.

(Side note: I have nothing against the issue itself, but this attitude won't make me to do anything about it.)

Google Ads and money transfer in Czechia

As I already wrote, I randomly found that I can receive direct payments from Google Ads. Today I received testing payment, so I enabled it instantly.

So finally I can receive my money without giving 1% to my bank.

Is it random that both Paypal and Google Ads offer this service in same time? Paypal has already updated their website, but on Google Ads help you won't find mention about this possibility in Czech Republic. Maybe they're using same provider for money transfers? I definitely don't know :-).

PayPal enabled

As they send me today update of policy, where the change is officially mentioned, I decided to enable PayPal option for donation (on my site as well as on SourceForge). I hope this won't cause troubles to anyone, it's just another option.

Donations are welcome :-).

Gammu talk on LinuxAlt

If you will be first weekend in November near Brno, you might be interested in LinuxAlt, where I will have a talk about Gammu and generally mobile phones under Linux.

The talk will be in Czech language as most of audience is expected to be Czech speaking.

PayPal improved?

It looks like PayPal has recently allowed accepting of payments in many EU countries, maybe they finally realised that EU has grown few years ago :-).

Anyway I'm still not convinced whether to enable this option for donations, but you're free to use it, my account is same as email - michal@cihar.com.

Thanks to Marcin who wrote about availability in Polland, this way I found I have now also full featured account. I don't have idea why they didn't announce it to me...