Skip to content

web - server and client side remote code execution through a buffer overflow in all git versions before 2.7.1 (unpublished ᴄᴠᴇ-2016-2324 and ᴄᴠᴇ‑2016‑2315)

Someone has released an exploit to execute remote code on each machine (client or server) running git before version 2.7.1.
If you are working under "arch linux", you are pretty save with an "pacman -Syyu"
. I recommend reading the blog post called Remote Code Execution in all git versions (client + server) < 2.7.1: CVE-2016-2324, CVE-2016‑2315. But before reading, update your systems.

Translate to de es fr it pt ja

Meld, my favorite git mergetool

So, I was searching for a git merge tool.
I know, cool kids are using vimdiff and I use it too. But right now, the force is not strong enough for using this four window layout. Because of that, I was searching for an easy to use, free as in freedom, merge tool.
After asking a lot of questions to my favorite search engine, I found meld, or to be precise, the gitguys found it.
Currently, I am really happy with it. But for sure, I will keep on learning the force to master vimdiff in the future.

Translate to de es fr it pt ja

gosh, why is my vendor directory consuming so much diskspace?

"Saving disk space on your composer projects" was a headline for an older entry I made.
I used this project and figured out it has a lot of bugs because of its "outdateness". Thats why I spend some time to create a build script, build a new "compify.phar" and created a pull request to it. Sadly, no response or action has been done by carlos (also no response on any e-mail).
I did the pull request on 28.07.2015, meaning a lot of water is gone down the river since then.
After waiting and waiting, I gave up and simple added my created "compify.phar" in a project called php project maintenance. As given by the name, this project has to goal to easy up maintenance for php projects ;-).
The, currently, best script inside is updateallrepositories which simple tries to find all git repositories from your current working directory. Inside each directory, it is doing some git stuff and also - since today - using compify to clean up the vendor diskspace. If you want to automate that kind of process, feel free to use it and pull some requests if there is something that can be optimized.

Translate to de es fr it pt ja

version 1.0.0 of php component cli argument released

I am happy to annoucen the release of 1.0.0 of bazzlines cli argument component for php.

  • easy up handling of following kinds of arguments
    • flags (command -f|--force)
    • lists (command --foobar=foo | command -f=foo)
    • values values (command )

A simple call to the shipped "run.php" with the following arguments:

php run.php --foo bar --foobar=foo --foobar="bar" -f="foo" -f=bar -b foobar foo -flag
Generates the following output:

arguments provided:
flags provided:
lists provided:
values provided:

Translate to de es fr it pt ja

version 1.1.0 of php component requirement released

I happy to announce the release of 1.1.0 of bazzlines requirement component for php. Important changes are:

  • added example WithDisabledCondition
  • added example WithDisabledItem
  • added getConditions() method to RequirementInterface - this easies up disabling single conditions or single items (by using condition->getItems())
  • added migration howto
  • added version eye and scrutinizer coverage
  • covered AbstractItem and AbstractCondition with unit test
  • created AbstractItem that implements ItemInterface
  • created IsDisabledInterface
  • created ItemInterface
  • created TestCase that is extended by all phpunit tests
  • implemented IsDisabledInterface to AbstractCondition
  • implemented IsDisabledInterface to Requirement
  • refactored ConditionInterface, addItem now only accepts ItemInterface instead of IsMetInterface
  • refactored Condition::getItems() - now returns plain php array
  • renamed ConditionAbstract to AbstractCondition
  • renamed and updated previous WithShutdown example to WithDisabledRequirement
  • updated dependencies
Translate to de es fr it pt ja

version 1.0.1 of process pipeline component for php released

I happy to announce the release of 1.0.1 of bazzlines process pipeline component for php. Important changes are:

  • removed dependecy to apigen
  • add "StopExecutionException"
Translate to de es fr it pt ja

version 1.0.3 of command component for php released

I am happy to announce the release of 1.0.3 of bazzlines command component for php. This component will easy up the usage of system commands.
Major improvement is the public method "validateSystemEnvironment". You should use this (maybe in your factory) to validate if the system environment is valid (e.g. "/usr/bin/ls" exists and is executable). An exception should be thrown, so you can easily track back the source of the validation error.
Enjoy it.

Translate to de es fr it pt ja

version 1.0.2 of command component for php released

I am happy to announce the release of 1.0.2 of bazzlines command component for php. This component will easy up the usage of system commands.
Indeed, I missed to announce 1.0.0, but you know, christmas is hard time and this component is really a small one.
This project aims to deliver a easy to use php command component. It adds a very thin layer but hopefully adds a lot of usage and handling benefits :-).


usage Net\Bazzline\Component\Command\Command;

class Zip extends Command { /** * @param string $archiveName * @param array $items * @return array * @throws RuntimeException * @todo implement parameter validation */ public function zip($archiveName, array $items) {
$command = '/usr/bin/zip -r ' . $archiveName . ' ' . implode(' ' , $items);

    return $this->execute($command);

 * @param string $pathToArchive
 * @param null|string $outputPath
 * @return array
 * @throws RuntimeException
 * @todo implement parameter validation
public function unzip($pathToArchive, $outputPath = null)
    if (!is_null($outputPath)) {
        $command = '/usr/bin/unzip ' . $pathToArchive . ' -d ' . $outputPath;
    } else {
        $command = '/usr/bin/unzip ' . $pathToArchive;

    return $this->execute($command);

 * @param string $pathToArchive
 * @return array
 * @throws RuntimeException
 * @todo implement parameter validation
public function listContent($pathToArchive)
    $command = '/usr/bin/unzip -l ' . $pathToArchive;

    return $this->execute($command);


$zip = new Zip();

$pathToZipArchive = '/tmp/';

echo 'list archive content' . PHPEOL; $lines = $zip->listContent($pathToZipArchive); foreach ($lines as $line) { echo $line . PHPEOL; }

echo 'unzip archive' . PHPEOL; $zip->unzip($pathToZipArchive, '/tmp/mydirectory');

echo 'zip directory' . PHPEOL; $zip->zip($pathToZipArchive, array('/tmp/mydirectory'));

How to install?

By Hand

mkdir -p vendor/netbazzline/phpcomponentcommand
cd vendor/netbazzline/phpcomponentcommand
git clone .

With Packagist

composer require netbazzline/phpcomponent_command:dev-master
Translate to de es fr it pt ja

version 1.0.0 of process pipeline component for php released

I happy to announce the release of 1.0.0 of bazzlines process pipeline component for php. This component will easy up the creation of process pipe.

Indeed, it is a pseudo pipeline (process collection or process batch) since the php process is single threaded so far.

Special thanks to Ralf Westphal and especially for his book the architects napkin.


  • separate complex operations into simpler
  • easy up unit testing for smaller processes
  • separate responsibility (data generator/transformer/validator/flow manipulator)
  • create process chains you can read in the code (separate integration code from operation code)
  • no dependencies (except you want to join the development team)

How to use?

use Net\Bazzline\Component\ProcessPipe\ExecutableException;
use Net\Bazzline\Component\ProcessPipe\InvalidArgumentException;
use Net\Bazzline\Component\ProcessPipe\Pipe;

try { $pipe = new Pipe();

    new ProcessOne(), 
    new ProcessTwo()

$output = $pipe->execute($input);

} catch (ExecutableException) { //handle process exception } catch (InvalidArgumentException) { //handle pipe exception }

How to install?

By Hand

mkdir -p vendor/netbazzline/phpcomponentprocesspipe
cd vendor/netbazzline/phpcomponentprocesspipe
git clone

With Packagist

composer require netbazzline/phpcomponentprocess_pipe:dev-master
Translate to de es fr it pt ja

web - The Git 2.2.0 release candidate 1 is now available as this latest big update to Git stabilizes.

The Git 2.2.0 release candidate 1 is now available as this latest big update to Git stabilizes.

The Git 2.2 version control system is bringing many improvements to its variety of sub-commands, numerous improvements to Git merge tools, a signed option for Git push, performance improvements, and many bug fixes.

More information on Git 2.2.0-rc1 can be found via Friday's release announcement by Junio Hamano.


Translate to de es fr it pt ja

froscon - supercool tool to create user documentation

We were just sitting around, having a chat and waiting for the next talks while a nice guy comes into our view area and asks a mighty question.

Do you want to see something cool?

Well ... I have to think about this for a few seconds, it could be cool cool or ... well, I am a kid from the internet so I figured out early that "cool" not always means "cool" for normal users.
But, we all decided to say "yes" and happily it does not turned out to became like "one night, in new york city".

He gave us a short demonstration on what is all about. It is easy as and cool as hell all in once!
When I am back, I have to show it around in my company (for open source projects, it is free).
What is it all about?
You can records "how tos" and create slideshows out it. Too cool, if you page changes (not the dom ids of course), the slideshow will get updated.

By the way, did I mention the asker was a super nice guy. Go for it, your dream is reachable :-).

Translate to de es fr it pt ja

web - If half the people who get this email do this, we could end censorship forever

Dear Fight for the Future member,

Imagine how awful it would be if your favorite websites were blocked by your government. And if, no matter how tech-savvy you were, every tool or trick you used to escape censorship was blocked in a matter of months.

That's what life is like for China's entire population of 1.3 billion people. In the country that produces 90% of the world's smartphones, you can’t even reach YouTube – and the government shuts down anti-censorship tools as soon as they become popular.

But now, there's a new hope in the fight against censors: Lantern.

Lantern is an app that anyone can run to fight censorship. When you run it, you join a global network: If your Internet is uncensored, you *give* uncensored access to others. If your Internet is censored, you can *get* uncensored access via someone else.

Can you take one step right now that will help thousands break free from Internet censorship? Download and install Lantern!

Lantern’s features make it really hard to block. It disguises its traffic and bounces it through popular, costly-to-censor services. It also builds a giant cloud of volunteer proxies, using a "six degrees of separation" trick to find friends of friends to proxy through, increasing the number of internet addresses involved and making it impractical for censors to block every one. But to make this work, we need thousands of people (you!) to download Lantern and run it.

Sometimes the Internet wins by banding together as a community. Sometimes we win through clever technical tricks. This time, the problem requires both: we need to come together around tools like this to get a victory.

Lantern is free, open source, and just takes a minute. Can you install Lantern and help beat China's censors?

Once you install it, you forget it's there. I've been running Lantern for months now with no issues. Please do install it now!

Holmes Wilson
Fight for the Future


I must admit, it is late on my side and all I did was give it a short try. There is no official package for my current linux distribution and the unofficial is broken. But the source code is available on github so it should be possible to build it.

Translate to de es fr it pt ja

web - Propel 1.7.0 (PHP ORM) released

Just the fixes from the changelog.

2013-10-21: Version 1.7.0 ##

2bb6d2d fix DebugPDOStatement for usage with execute
ceee8a9 fixed a getter function without '$con'
f30aa35 Fixed diff task combined with skipSql
9087851 Fix namespace support
b9a8ad7 Fix small error in the QueryBuilder Doc for TemporalType
a5226c9 fix bug when adding previously removed relations
52d8a76 fix for CASE expression in query with offset in ms sql
0cfa3db Fix accidental type conversion in sluggable behavior.
c1fc85d Fixed issue with migrations and decimal or numeric table size
a6c3218 fix scheduledForDeletion for CrossFK w/ refPhpName
70c18d2 Undefined index fix
2193ba4 Fixed MigrationManager to use queries and charset settings
d37b4cd Fixed object builder toArray withColumn
7e173bc Fixed test assertion
4a5eba2 Fixed Sluggable behavior combining with symfony_i18n
c4b61cc Bugfix for PHP < 5.3.0
f6031de Foreign Keys default behaviors managment (resolves issue #390)
130429f Fix some issues. Closes #684
193f736 Fix a couple of mistakes
3ea2f2d Issue #677: Set back reference when calling add Provided tests for testing if all references are set for crossreferences before saving
4495b9f fixed transaction leak when exception different from PropelException is thrown
3bf0689 fix deleting related objects
8f75133 Fixed #651. Stupid typo.
5b7878a clean
54362ae fixed urls to trac tickets -> 75a15f1 fix generated CS of SoftDelete in forceDelete()
937ff8b fix timing issues in TimestampableBehaviorTest
fbc1b3a fix some introspections, coding style
93c6a0f Fixes JOIN duplication issue when default join type equals given join type (issue #373) dcace44 Bugfix for join equality when default join type is used
644931d Fixed typos
efb83ee fixed __clone() for PropelCollections containing scalar values
366e1df fixed test
288e91d Fixed #603

For more information, take a look to the changelog. Thanks to the propel team and have fun to everyone.

Translate to de es fr it pt ja

Disable your requirement, configuration based - php component requirement 1.0.5 released

I'm happy to announce the new release 1.0.5 of my requirement component for php.

This version resolves a feature request (the first official one by the way :-D). With version 1.0.5, you are now able to shutdown a requirement. This leads to the fact that the requirement is not evaluating its internal collections or items. Instead, it returns "true" immediately.

This version is shipped with an example so take a look into it.

Translate to de es fr it pt ja

Easy Up Migration From Existing Log4Php Applications To Psr Logger Applications

It is a bit mean to put such a headline on top, but thats the current status we have to deal with at our company. I also don't want to bash somebody, Log4Php is doing its job in a great way. But since i developed a proxy logger component, i want to use it. The proxy logger component can work with psr logger interface, so i need to create a adapter to get it used ;-).

The psr and log4php adapter is a easy component and provides only two classes.

  • Log4Php to Psr Logger Bridge
  • Psr Logger to Log4PhP Bridge
  • Log4Php Logger Interface

The usage is simple, depending on the way you either choose the adapter "Log4PhpToPsrLoggerAdapter" or "PsrToLog4PhpAdapter". The only drawback, you are loosing the "trace" log level of log4php and all the fancy stuff of a log4php logger. This component is simple and has just a few lines of code (you are welcome to join), so the main focus is to support the log level methods like "$logger->warn()" and not more.

Translate to de es fr it pt ja

FrOSCon - Database DevOps With Flyway, Git, Maven, MySQL And Jenkins

By Michael Hüttermann.
Thanks for the book again, i will try to write a review about it this year :-).

What Is This Talk About

  • what is a DevOp
  • the goal
  • the problem
  • the solution
  • recipes and pitfalls
  • examples - not in this documentation
  • demo (MySQL, Flyway, Jenkins, Git, Maven, Gradle, Sonar, Vagrant) - not in this documentation

How Is Part Of The Team

  • everybody how is envolved in the process of creating the software

What Is Not A DevOp

  • is already a buzz word
  • it is not a new project role
  • its also not a new tool-suite
  • devOps is not a new department / business unit
  • *

What Is A DevOp

  • development and operations
  • better communication
  • improved collaboration

The Goal

  • shared incentives
  • holistic metrics
  • common processes (like kanban)
  • shared tools (same deployment tools for development and production for example)
  • high automation degree
  • improve and accelerate delivery - downsize the batch size
    • small releases
    • downsize the changesize to keep up the frequency
    • improve the cycle time (from bug finding/feature request to release the patch/feature)

The Problem

  • a lot of completed functions/features facing a slow release cycle
    • release small, release often
  • problem between development (want feature online) against operation (want stable and "relaiable" software)

The Solution

  • value stream map
  • continuous integration
  • continuous delivery (each commit moves system into stable and releaseable version)
  • continuous deployment
  • development and operation is merged together to create a infinie loop of release and feedback (both directions)
  • share knowledge and experience

Define clearly what is a release (new feature, bugfix, and so one). Again DevOps is not a new layer between the two areas. Responsibilites is still clear to reproduce scenarios (automate as much). It is about people, not about tools. Implement culture of communication. Try to find conceptual deficits (also software design problems) as early as possible. Add a version number to your database layout (most likly same release number than code) - flyway, liquibase, self-made

The Area Matrix

  • area 1 - extend development to operations
    • practice
      • use tools like puppet/chef/cfengine to provision environments from versioned code
    • goal
      • fast feedback through automations
      • reuse of code and tools
      • reliability of delivery process and provisioning
  • area 2 - extend operations to development
    • practice
      • provide monitoring and log files to development (or automated database snapshots to reproduce bug on development machine)
    • goal
      • share information about state in production
      • enable development to improve
      • enable development to trace production incidents
  • area 3 - embed development into operations (end user experience is goal to reach)
    • practice
      • set stability and capacity as development goals
    • goal
      • align goals, share incentives
  • area 4 - embed operations into development
    • practice
      • operations gives feedback about the design of the application that is under development, early and often
    • goal
      • avoid not releaseable design

Recipes And Pitfalls

  • automate to ensure repeatability and foster collaboration (build once on a build server and release)
  • consider kanban (scrum is more for development but bad for organisation)
  • consider thorough change and config management - content management
  • track to ensure traceability (which build/release contains which tickets/bugs - artifactory)
  • monitor to support accountability (nagios and everything)
  • dashboard what you are doing (talk to each other what you are doing or what you have done)
  • use version control to ensure reproducibility (no manual tweaking after checkout)
  • consider pipelines/process from "put in feature/bugfix to release"
  • create (executable) documentation to, well, document (try to define goals and what it needs to reach it)
  • align goals and incentives of devs and ops (small cycle time)
  • ask and help, open culture of communication
  • respect your colleagues (stability against features, both leads to great user experience)

Translate to de es fr it pt ja

First Impression Of RaspberryPi


So after a while of borrowing multiply pi's, i've managed to buy one. Of course the shipment was delayed so it arrived at a week full of no time. Finally, i prepared all and started the installation, of course an arch linux (like the guy in the advertisement, "what else?" ;-)). The installation was quite easy, i struggeld a bit with the resizing of my partitions. The magic hint, resizes the extended partition first, then you are able to resize the root partition and everything is fine.

After that, i've browsed through the available packages and started setting up the tiny beast. Writing about window managers is a short one, don't do fancy stuff. Notion is working, openbox and fluxbox also. Of course xbmc is running like a charm. But xfce4 and lxde are a bit to much for the little arm. Kde is working better than expected but like chromium, it is far away from running smooth. A nice howto about installing xfce4 on arm arch linux can be found here. Some general beginner tutorials about different raspberry pi distributions can be found here.

What about using known software? Well, you can but keep in mind, it is an arm cpu under the hood. Midori is currently my first choice for browsing the web. If i need something with a gui, pcmanfm is performing well on the pi. Have some minutes left? Read this nice introduction about the desktop world of the raspberry pi.

Other Operation Systems Then Linux

Talking about the upcomming and possible shooting star firefox os, i can only write that i havn't tried it so far. There is a bunch of tutorials out there, like this, that. A list of possible alternative operation systems for the pi can be found here.

What To Do Now?

Well, first i want to try out the media center suitability of the little pi. I like the idea to control the xbmc via an android mobile. I also want to compare xbmc with openELEC. And for the far away future, i want to build zfs on linux on this little box (why?, of course because i can :-D). A git server is also and always an option, lets see. Privoxy, openVPN, tor, the list is getting longer the more i think about it :-).

List Of Links

Translate to de es fr it pt ja

tool php classmap generator packagist

After a month, i've finished a tool to create a classmap from a php project. The current stable version is v1.4 and can be found on as well as on Why? Well, obviously because i can (and wanted to learn a few things like tokens, or symfony console) ;-). But for real, when you have to deal with legacy projects or code but want to remove the strange and slow existing autoloader (with all its exception), the easiest way to do this is by using a classmap. I also tried to find a classmap generator that can deal with psr-0 and not psr-0 files, all i could find are generators that support psr-0 files. A classmap itself is just a php array. The key is the full qualified classname and the value is the relative path to the file. Creating a classmap on your own is suitable when you have to manage a number of files below 20. But when it comes to more you can not effort the time to maintain that file. So for a lot of files that are not covert by composer, the classmap generator should be well suitable. It is planned to implement a "phar" classmap generation for the upcoming version. When you want to create phar files, this could be a timesaver as well. The classmap generator is build by using symfony\console and yes, it is a joy to work with that component! Shame on me, the current version is not covered by unittests. After i implemented the current features from the todo list, this will be my major task.

The classmap generator can handle all kind of php files like: - Interface - Abstract Class - Class The generator can handle files with or without namespace. Even files with multiple definitions (interface, abstract class and class in one file) is no problem.

Furthermore, you can create multiple configuration files and update this classmaps when needed. Like well known from the composer, the classmap generator is able to create a autoloader file for you. The created autoloader will use the created classmap file and supports psr-0 autoloading.

source/link to the wiki

What is left to write? Of course i'm proud about this. What you see right now is the work of one month and after i finished the core design, i rebuild a lot by replacing my cli application class with the symfony\console component.

I hope you can use the tool. If you need help or found a bug, contact me on

Translate to de es fr it pt ja

howto - php phar - how to create a own phar application.

There are a lot of howto's out there in the web but i recommend the one from

If you just want to build a phar from existing source, i use the box.

Based on that, i created a simple example you can clone.

The first snare could be the phar.readonly php.ini setting. So check if you set it to "Off".

Translate to de es fr it pt ja

web - *ucking git commits

10/12/12 4:43 PM Fucking PHP fixes

10/12/12 2:57 PM Fixing Jonzies Fuckups

10/12/12 2:55 PM Fixing jonzie fuckup again

10/12/12 2:47 PM Deleting some shit

10/12/12 2:31 PM fuck

And even more ucking entries on the ucking page

Translate to de es fr it pt ja

web - Ein Git-Repository für deutsche Gesetze

Der Web-Entwickler und Open-Data-Aktivist Stefan Wehrmeyer hat ein Git-Repository für Bundesgesetze und -verordnungen eingerichtet. Die Sourcecode-Verwaltung Git soll helfen, Änderungen an den Gesetzen nachzuvollziehen. Das auf Github von Stefan Wehrmeyer eingerichtete Git-Repository enthält alle deutschen Bundesgesetze und -verordnungen im Markdown-Format, übernommen und umgewandelt aus den XML-Versionen der offiziellen Website [...]

Eine sehr geniale Idee wie ich find. Auch mit der Ausszeichnungssprache "Markdown" kommt man schnell zurecht (wenn man ein eigenes wiki betreibt, hat man es ehh unbewusst mit gelernt). Nur mit dem forken wird es wohl recht schwer ;-).

Translate to de es fr it pt ja

tool - Bazzline_Controller_Plugin_Auth - Zend Framework Controller Plugin - now on

I just released my first project on As mention in the headline, it is called Bazzline_Controller_Plugin_Auth. It is a simple plugin which tests if the called url is a "logged in user" only url or not. If it is "logged in only", the user is redirected to the login. The previously called url is saved in the session. After a successfull login, the user gets redirected to this saved url. All can be configured in a config file.

This plugin is only for simple access controll by "user is logged in" or "user is not logged in". The ACL stuff is still in the pipeline and should not - to follow the KISS principle - be inside an auth plugin.

While setting up this project on github, i had some problems while getting a valid connection to github.

I followed the howto but not "pressed enter" when asked for a file to store the key.

Thats why:

ssh -T [email protected]

But when i added the -i option like:

ssh -T [email protected] -i path/to/my/private/key
everything runs smoothly.

After a short term of searching, i found the ssh issues page on The simple solution is:

Create or open the file at ~/.ssh/config Add the following lines:
Host User git Hostname PreferredAuthentications publickey IdentityFile /path/to/my/private/key
After that, the
git push -u origin master
runs without any errors.

Translate to de es fr it pt ja