Catching Up and Keeping Up

05 Sep 2007

I've been very busy since OSCON, so my blog pipeline is full. Hopefully I can properly catch up on some topics I've been meaning to discuss in the next few weeks. If you've been busy like me, you might be wondering how to catch up and keep up with the things that are most important to you. I've found that having my own planet (blog aggregator) has helped tremendously. If your tastes are similar (PHP, web application security, etc.), you might like mine, cleverly (yeah, right) dubbed Planet Chris. Other planets you might find interesting are Planet PHP, Planet Web Security, and Planet MySQL, although I highly recommend creating your own. I haven't found a feed aggregator that compares to the simplicity and elegance of a planet's river of news style, and no existing one is likely to perfectly match your own tastes.

In my absence, one of the most interesting stories was the Facebook leak that was reported on TechCrunch. The interesting part of the story was how badly the leak was explained:

It seems that the cause was Apache and mod_php sending back uninterpreted source code as opposed to output, due to either a server misconfiguration or high load (this is a known issue).

As you can imagine, the "known issue" remark resulted in more than a few raised eyebrows. The author, Nik Cubrilovic took the time to elaborate on his own blog:

PHP has always been notorious for sometimes not processing requests poorly and sending back the source code for pages to the client.

I've been known to sometimes not write poorly. In fact, I'm notorious for it. I've always been notorious for it.

Joking aside, this comment fueled a number of posts, including Clay Loveless's fact-filled response and Vidyut Luther's humorous recommendations for avoiding PHP leakage. My favorite comments came from Sean Coates during an episode of the Pro PHP Podcast:

Anyone who's ever set up PHP and Apache knows exactly what happened here.

I love how he says it with a tone that a parent might use with a child, the "you know what you did" tone. He also makes another straightforward observation:

PHP by definition is not at fault, because PHP code didn't run.

It's a shame Terry Chay didn't comment.