So I discovered a vulnerability recently (see the previous article) in APC and disclosed it, and it's sat there for a few days without feedback... so I went ahead and wrote a proof of concept exploit for it.

UPDATE: CVE-2008-1488 has been opened for this vulnerability

So I was noticing apache segfaulting today when I was accidentally attempting to include() a Savant3 Error object. Attached strace, and saw that it was trying to stat the string representation of Savant3 (woops!) and was getting back -1 and name too long as the errorno, but then shortly after it was segfaulting.

I wanted to express my excitement about plainTemplates today.

The plainTemplates approach for template generation is to have the template be plain HTML, and then to have a PHP processor fill certain parts of the document with dynamic content. It's familiar territory for anyone who has written an AJA[X?] application in recent times.

It makes a lot of sense for anyone who is used to adding javascript entirely at the head of a page instead of by adding javascript throughout the HTML, and I suspect that, properly implemented, it could not only save time, but increase the hardiness of web applications.

Found an XSS vulnerability on a website that I won't mention last week. Before the day was out, I was threatened with legal action.