Stack overflow vulnerability in glibc, a library used by most Linux installations

So you may have read on the BBC and others of a vulnerability in the glibc library used by most Linux installatinos. glibc is the runtime library that implements the standard set of functions available in the C and C++ programming languages. There other versions of the libc than the GNU version. Android, OS X and Microsoft Windows all use other implementations, the GNU variant glibc is however the most prevalent and the defect is in all the versions currently released. I initially wanted to provide a method of determining your libc version (ls /lib*/*libc* /lib/*/llibc* or ldd –version) but in reality all versions from 2.9 include the defect and it is only fixed in the yet to be release 2.23 so all UNIX versions currently out there have the defect.
The defect in getaddrinfo() which attempts to copy with larger than normal DNS responses by loading the response into an allocated space on the heap in stead of the more usual space on the stack used for responses of less than 2K. Unfortunately it then proceeds to reference the wrong address when loading the data into memory causing a stack overflow situation allowing a malicious DNS server to respond with a larger message which can in specific circumstances cause maliciously provided code to be executed.
There is a patch available which is built into glibc 2.23 as well as a workaround which prevents use of AF_UNSPEC. This would prevent longer responses from being processed by forcing the caller to specify if they are requesting an IPv4 or IPv6 response. For most of us it will however, be a matter of waiting for platform specific patches to be released, something which is not yet available, and to update through our usual update mechanism. The same goes for all the linux based devices you have from a Raspberry Pi to your router and printer, as and when manufacturers make those available. Until then a utility segmentation fault during a DNS lookup could be a response from a malicious server returning malicious code which you have just executed.

Setting a MacBook serial number from OS X

This procedure is for those who have reformatted their firmware probably following the instructions from Apple on what to do prior to selling or transferring your computer. Possibly you replaced your mother board and the technician did not set the serial number. Subsequently you find that you are unable to create apple IDs (With a claim that the maximum limit have been created) login to your apple ID account, or icloud account because OS X El Capitan and later are checking your system serial number which should be stored in the firmware. If under the Apple menu about dialog you find that your serial number is ‘Unavailable’ then this procedure is for you.

You can find your serial number with a loupe or good magnifying glass (If your eyes are still those of an under 40) in micro print on the back of your device. See the list of links lower in the page here for the location by model. Preferably take a snapshot of your about dialog before reformatting the machine, but that would take some foresight. Don’t spend time chasing down your receipt or invoice as only later sales have this on the paperwork. Look for the number physically on the back of the machine. Any circular letters are zero characters. Write the number down in clear unambiguous print.

Download an apple tool called the “Blank Board Serializer” from the non apple link here. It is a zip file which will expand automatically as a folder. Is the dmg image from this folder which you will use to create a USB thumb drive that can be used to boot your machine into a utility.

Based on a method posted on MacRumors here and updated for El Capitan below create a USB thumb drive which was able to boot by holding down the option key during OS X El Capitan reboot. There are many sets of instructions online which use dd, but this process is simpler and doesn’t require use of the command line. The diskutil burn option is no longer in the graphical user interface of OS X El Capitan making the solution below preferable.

  • Open Applications Folder/Utilities/Disk Utility
  • Plug in a blank USB, or at least one you are willing to wipe
  • Format USB to Mac Extended (Journaled)
  • This will create a default partition on the USB of GUID
  • Unmount created Partition (Do not eject it. Use the Unmount button at the top of the screen.)
  • Open the disk image from the File menu of the disk utility.
  • Select the blank USB on the external list. By default called ‘Untitled’.
  • Select Restore.. from the Edit menu of the disk utility.
  • Select restore from: Blank Board Serializer
  • Once the above is completed
One the above is complete shutdown the machine and boot while holding down the option key.
If successful you will see three drive symbols presented on of which is clearly labelled as being a utility to set the serial number.
Carefully enter the new serial number. You have only one chance to get this correct. Once a serial number is saved you CAN NOT UPDATE THE SERIAL NUMBER. The onscreen buttons are a bit clumsy and there are many confirmations but you can follow the onscreen instructions and the typing of the serial number is direct keyboard input into a field.
You may then allow the machine to boot. Once it is booted you may remove the thumb drive.
If you look at your Apple menu about dialog you should now see your serial number and find that you are able to create apple IDs, login to accounts using your apple ID etc.

Creating a OS X USB drive from El Capitan

Based on a method posted on MacRumors here I have been able to create a USB thumb drive which was able to bootable by holding down the option key during OS X El Capitan reboot. There are many sets of instructions online which use dd, but the process below is simpler and doesn’t require use of the command line. The diskutil burn option used by some methods is no longer in the graphical user interface of the disk utility under OS X El Capitan making the solution below preferable.

  • Open Applications Folder/Utilities/Disk Utility
  • Plug in a blank USB, or at least one you are willing to wipe
  • Format USB to Mac Extended (Journaled)
  • This will create a default partition on the USB  of GUID
  • Unmount created Partition (Do not eject it. Use the Unmount button at the top of the screen.)
  • Open the disk image from the File menu of the disk utility.
  • Select the blank USB on the external list. By default called ‘Untitled’.
  • Select Restore.. from the Edit menu of the disk utility.
  • Select restore from: the name of your .dmg or .iso image.

Debug and Integrated Development Environments (IDEs) for PHP


There are three popular cross platform Integrated Development Environments (IDEs) which support PHP and include a debugger. Two open source options PHPEclipse and Netbeans and a purchased product phpStorm (Personal: $99, Corporate: $199) each from their respective companies. All three have similar functionality: The ability to edit and debug code as well as to track tasks. PHPEclipse and Netbeans both are written in Java. PHPEclipse is somewhat more developed than Netbeans and includes a marketplace for plugins. PhpStorm and PHPEclipse have slightly more features (Coding style configuration and a more polished aesthetic) than Netbeans but PHPStorm has a more involved configuration and isn’t necessarily better as a result. Komodo IDE ($99 to $295) and Zend Studio ($89 to $328) are two further options.

PHP development does not require an IDE at all. It is possible to edit files in a text editor such as vi/vim and to use scripts for automation of operations such as the updating of files if and when necessary. One feature that is built into the above IDEs which can at times be extremely useful is support of xdebug. xdebug is a way of monitoring the execution of your PHP and inspecting variables at run time. Xdebugclient is a simple stand alone Windows based xdebug client ( Under OS X, which is itself UNIX based, there are robust text editors and scripting tools available and a stand alone OS X only tool, Codebug, can be used to provide the xdebug functionality visually (, $60).

In order to work with xdebug your php binary needs to be compiled with xdebug. This can be confirmed with php -m to list the modules compiled into your binary.

Another type of environment used is for the management of git interactions. Atlassian offer SourceTreee at no charge for Windows and OS X ( This may be appropriate if you are regularly integrating code.



Eclipse’s design originated with a Smalltalk development environment purchased by IBM who developed it into a multi-language development environment. This was later released under a public license and has maintained an annual release cycle.


PHPEclipse is a long established open source IDE / edit tool which supports PHP debug.

GitHub support is available from the Eclipse marketplace built into the application though the support is not as extensive as with SourceTree mentioned above.


It can be installed from:

For OS X installation use the current (luna+) 64 bit version and OS X 10.10 or greater.



NetBeans was developed by a Czech company acquired by Sun in 1999, whom were themselves acquired by Oracle. The acquisition by Sun was motivated by NetBeans product being an IDE for Java and being itself Java based. Since the acquisition by Sun the product has been available at no charge and supports Java, PHP and HTML development. It has limited git support.


Downloads are available from


There is a two file plugin for vi which should work on any platform and which can be downloaded from:



PhpStorm is available from at $100 for a personal version and $200 for a corporate version if you are a corporation. There is also a free 30-day trial for evaluation.

PhpStorm requires PHP to be built with fast-cgi (–enable-fastcgi). Under OS X this is a complex process as the default xcode binaries are not and neither are those built by brew. See the comments at the top of cms/installOSX for details.

Much of the PhpStorm configuration process is poorly labelled. There are several options that need to be highlighted or selected in order for functionality to work.


Phpdbg is a command line debugger (from which is built into PHP 5.6.

It will work with PHP 5.4+ and is a simple and effective long term option once PHP 5.4+ becomes the standard.


The value of using an IDE and the time required to configure and get familiar with it result in a trade-off which may make different solutions appropriate depending on your existing familiarity with other text editors, the type of work being undertaken and the time and resources you have available. The development environment has to save more time during use than it takes to install, configure and become productive in it. The other factor is that the effort required means that you can only add at most a couple of new tools, environments or methodologies for each project you undertake and you may have more application specific issues that you are taking on.

Using a UNIX / Linux shell for PHP programming.

There are many people with years of experience of PHP but who are not so familiar with UNIX, and now, Linux environments that many web projects. For PHP developers wanting to take part in LAMP projects I have compiled the following list of free tutorials.

If you are looking for paid content there are video courses on aimed at specific needs such as PHP and the books available online by subscription or for purchase from O’Reily.

A Balanced Coding Philosophy

Trying to get the philosophy behind a software development culture, or around IT in general, right can be a balancing act between developers and business owners or in the case of service between support staff and users. There are such different priorities for the different stakeholders and work often has to be done to get the different communities to understand each other as much as to focus on the culture on one side or the other of the divide.

I recently wrote up the Coding Philosophy for SwarmPoint LLC, our IT management and project consulting and thought I would share it here too.

My general feeling is that UML focussed on the benefits of iteration which was the battle of the day and fortunately one that is now largely won, but it has the drawback of often using complex visual tools for the description of the software and as a result implies a heavy analysis and communication of the design. This is sometimes necessary but not always. In practice business owners, product managers and subject matter experts rarely got much benefit from even the most minimally technical looking diagrams. Which isn’t to say that they are not sometimes useful but it isn’t the basis of progress. Use cases seem to have wider benefits.

The Agile methodology suffers culturally from the same slant towards the interests of the technologist, even to a greater extent than ITIL does for IT service management. ITIL is a great reference model, but is often a description of an organization as if the IT service department ran the company, which it doesn’t, and shouldn’t. In the same way Agile is software development philosophy written as if software developers ruled the world. While we could probably debate to what extent they actually do, the ideal philosophy in practice is something that better balances the needs of business owners, and investors with those of the developer.

A balanced coding philosophy needs to be able to create great products which delight end customers as well as realizing that innovations during the design and development process can lead to unanticipated user benefits. The aim is to facilitate communication to achieve the common goal and deliver the best possible product rather than being driven by the battle for control of the project.

I have added the coding philosophy to a separate page here so that comments can be left below it.

How to update a mysql database which has a schema name other than the one in the workbench model

It’s a convoluted situation to describe. Mysql has a great graphical entity relationship diagram modeller called workbench. One problem that it has always had is that the designers assumed that you had control of the schema names on your physical databases. In a variety of hosting situations schema names are unique and determined by the environment so maintaining the database form a constantly modifying model was always a very manual process.

I have written a script map-schema for mysql-proxy so that the proxy can sit between workbench and a physical database (Or set of physical databases) and map the schma names backwords and forwards. It isn’t actually necessary to do the mapping for all situations and it isn’t necessary for the workbench to see the correct schema name back in all queries for it to be able to create and execute valid alter statements on the physical database in order to bring it into sync. Alarmingly the workbench has a passion for deleting the foreign schema from the physical database so the proxy ignores all drop schema statements.

In the simplest configuration a mysql-proxy is run on the mysql server machine, listening on port 4040 for mysql workbench. The mysql workbench uses a connection profile with a default database schema of the physical database it normally connects to. The port number in the connection profile is modified to 4040. The proxy is started and the databse synchronization is performed.

I have put the script itself on GitHub so you can install it from there. For a UNIX environment:

mkdir local
cd local
git clone


The schema name known to the workbench model is placed in the configuration of the proxy by editing the ‘start’ script

Replace my_model_schema in the line


with the name you gave to your model schema.

If you don’t know your model’s name for the physical schema open your model in workbench. Go to the tab labelled ‘MySQL Model’ and look at the grey word under the Physical Schemata tab on the right of the page. This is the name of the physical schema known to your model. By default it is ‘mydb’.

mysql-proxy needs to be installed either as root or in a user directory if that is what you need to do in your environment. If you are able to install the package as root or have an administrator install it then follow the instructions from Oracle. Then come back and install the script as above.


Which Laptop Should I Buy?

So here are my recommendations agnostic of the platform used but trying to recommended the best available user experience at a range of price points.

Chromebook 16GB WiFi Flash 2GB Cache 11.6″   $250* (Samsung Wifi and 3G Version $330)
ThinkPad Edge E530 15.6″ 750GB 6GB (Install Thunderbird + LibreOffice) $669
Macbook Air 11″ 128GB 4GB               $1099
Macbook Air 13″ 256GB 8GB               $1599*
Macbook Pro 15″ 2.6GHz 750GB 5400 ATA, HiRes Antiglare $2299
Macbook Pro 15″ Retina 512GB Flash, 16GB 2.6GHz $2999

* Best Options

If you are looking specifically for a Windows based machine read my post here. And for tablets here.

Which Windows Computer Should I buy?

Many people specifically want a Windows machine because of the comfort of knowing that the version of Microsoft Office that they have is exactly the same as that of their colleagues.

I do recommend buying the ThinkPad directly from Lenovo. There is little support advantage to be gained by purchasing through the dealer network and dealing directly with Lenovo makes sure that you are getting fresh equipment rather than a model stuck in the distribution chain. Purchasing directly may also minimize the pre-installed trialware that gets added in the supply chain. It also give you visibility into the distribution process (Direct shipment of the package from Shanghai) which is quite thought provoking.

There are now a number of viable options to Windows which are worthy of consideration as running a Windows machine tends to greatly increase your software costs. Microsoft Office costs five times that of the Apple equivalent. It is, after all, the software provider that drives the Windows platform. The software provided on Chrome OS as an alternative to Windows is free, though less functional. While the Apple software is optimal for most users it is less widely used in corporate environments and Apple users can find themselves having to purchase Microsoft Office for OSX. LibreOffice, which  is free and Pages from Apple both provide import and export to Word but some layout features including fonts and change tracking may not port so if you are doing a lot of collaborative layout work with Windows users you will have to purchase Microsoft Office if you use Windows or not.

Software wise I recommend the following purchased with a Windows machine:

  • Microsoft Office Home and Student $149*

or if you need Outlook instead of Thunderbird or webmail/gmail then:

  •  Microsoft Office Business $229

* Best Options

If you are able to choose your operating environment then check out my list of best laptops at different price points regardless of operating system.

Which Computer Should I Buy?

One of the questions any of us working in technology frequently get asked by everybody from our mother to the person standing inline at the cinema is “Which computer should I buy?”. In reality most of us don’t spend our time scanning the functionality and price points every day and the answer depends on the usage the individual expects as well as how much access they have to advice, and how independent of that advice they aim to be. I’m going to post a simple set of posts that attempt to give an answer to the question for a variety of scenarios. I’m limiting myself to the price points in the US market and the wireless availability in the US. Not all wireless devices have service agreements negotiated in all countries and the prices in many markets are inflated well above the price in larger more competitive markets so you will have to take my advice and map it onto what you find locally.

Firstly if we are answering this question for everybody we can’t assume that they have internet access at home. While 93% of US households are passed by at least 1 high speed internet provider however only 38% subscribe. Actually only 43.7% of homes passed subscribe to cable TV so it is unlikely that the subscription rate for high speed internet is going to increase much. 93% x 38% gives only 35% of homes having high speed internet access. This makes devices with cellular network access particularly attractive for most purchasers.

So for those people, like most, who don’t have access to WiFi internet connections at both home and work my recommended options are:

* Best Option

For those with access to high speed internet (DSL, Cable or FIOS) at home see my posts on Tablets or Laptops.