I#8217;ve been trying to think of something #8220;big#8221; to write about for so long, I haven#8217;t written anything.? So I#8217;ll write about something #8220;small#8221; that I found out the other day.
It turns out, #8216;NOT IN#8217; and #8216;NULL#8217; can have an odd (to me) effect.
Say you are doing something like
SELECT a FROM table1
WHERE a NOT IN
(SELECT a FROM table2);
If there are any NULLs in the table2#8217;s a column, you will never get any results from this query.
Here#8217;s an example:
#8211; first, here are the two tables I used:
mysqlgt; select * from test1;
+#8212;#8212;+
| a??? |
+#8212;#8212;+
|??? 1 |
|??? 2 |
|??? 3 |
|??? 4 |
|??? 5 |
|??? 6 |
+#8212;#8212;+
6 rows in set (0.02 sec)
mysqlgt; select * from test2;
+#8212;#8212;+
| a??? |
+#8212;#8212;+
|??? 1 |
|??? 2 |
|??? 3 |
| NULL |
+#8212;#8212;+
4 rows in set (0.00 sec)
mysqlgt; select a from test1 where a not in (select a from test2);
Empty set (0.02 sec)
#8211; personally, I expected to get 4,5,6.? For that, you can do the following:
mysqlgt; select a from test1 where a not in (select a from test2 where a is NOT NULL);
+#8212;#8212;+
| a??? |
+#8212;#8212;+
|??? 4 |
|??? 5 |
|??? 6 |
+#8212;#8212;+
3 rows in set (0.00 sec)
Why is this?? It is actually to follow the SQL standards on NULL.? As mentioned at http://dev.mysql.com/doc/refman/5.1/en/comparison-operators.html ,
#8220;To comply with the SQL standard, IN returns NULL not only if the expression on the left hand side is NULL, but also if no match is found in the list and one of the expressions in the list is NULL.#8221;
Just as #8220;1=NULL#8221; is undefined rather than false, and #8220;1lt;gt;NULL#8221; is too, #8220;1 in (null)#8221; is also undefined (or null), and #8220;1 NOT IN (null) is null#8221;.
mysqlgt; select 1 in (null);
+#8212;#8212;#8212;#8212;-+
| 1 in (null) |
+#8212;#8212;#8212;#8212;-+
|??????? NULL |
+#8212;#8212;#8212;#8212;-+
1 row in set (0.00 sec)
mysqlgt; select 1 not in (null);
+#8212;#8212;#8212;#8212;#8212;#8211;+
| 1 not in (null) |
+#8212;#8212;#8212;#8212;#8212;#8211;+
|??????????? NULL |
+#8212;#8212;#8212;#8212;#8212;#8211;+
1 row in set (0.00 sec)
To simplify the examples with tables above, we can do the following, and see similar results.
mysqlgt; select 1 not in (2);
+#8212;#8212;#8212;#8212;#8211;+
| 1 not in (2) |
+#8212;#8212;#8212;#8212;#8211;+
| 1??????????? |
+#8212;#8212;#8212;#8212;#8211;+
1 row in set (0.00 sec)
mysqlgt; select 1 not in (2,null);
+#8212;#8212;#8212;#8212;#8212;#8212;-+
| 1 not in (2,null) |
+#8212;#8212;#8212;#8212;#8212;#8212;-+
| NULL????????????? |
+#8212;#8212;#8212;#8212;#8212;#8212;-+
1 row in set (0.00 sec)
Personally, once I read the reasoning, it made sense to me, but initially I was surprised.? I thought I#8217;d write about it, because it is common to do a #8220;SELECT #8230; WHERE NOT IN (SELECT #8230;)#8221;, as in the example above with table1 and table2, and the results might not be what you expect if you have any NULLs in your table.

Back in April of last year, Matt posted here on the dev blog about the release of BuddyPress 1.0, a plugin that adds a social networking layer to an installation of WordPress MU. Many people were excited about the idea, but were unable to experiment with BuddyPress because they ran single installations of WordPress rather [...]

Together with Geert and Andrew I#8217;ll be teaching the MySQL Cluster tutrial at this year#8217;s MySQL Cluster User Conference #8211; Santa Clara, on April 12th. If you#8217;re interested in using MySQL Cluster but aren#8217;t sure how to get started (or you#8217;ve used it but would like some tips) then this is a great opportunity. Check out the tutorial description.
If you register by 15 March then you get the early-bird price and if you use this #8216;friend of a speaker#8217; code then you get an additional 25% off: mys10fsp
mys10fsp

PHP 5.2.13 has been released. The announcement is here and software is on the downloads page. At the same time, PHP 5.3.2 RC3 is available for testing, see http://news.php.net/php.qa/65489. There are only a few days before the final PHP…

Three years ago the Hardened-PHP project organized the Month of PHP Bugs. During one month I disclosed more than 40 vulnerabilities in the PHP interpreter in order to improve the overall security of PHP. In the history of PHP this event has been one of a kind. But now, three years later, my company SektionEins GmbH will continue in the same spirit and organize the Month of PHP Security. Our preparations are not finished yet, but here is a sneak preview of what it will be.

The Month of PHP Security will take place in May 2010 and will be very different from all the previews ?Month of Bugs? or ?Week of Bugs? events. You can think of the Month of PHP Security as a conference without a conference. This means around the 1st of March we will send out a call for papers in order to collect the best advisories, the best research and the best articles about PHP security. We invite everyone from the PHP and from the security community to take part in this event.

The basic idea will be that during May we are planning to release (at least) one advisory or one research paper or one article about PHP security topics that were submitted to the public. And in the end of May our jury will select the best X submissions and give out prizes. We are still in the process of selecting good prizes and would be happy about more sponsors. Therefore: If you consider this event to be a good idea to improve the security of PHP and want to sponsor prizes, do not hesitate to contact us at info@sektioneins.de.

The accepted topics will be:

• Advisory/Article about new vulnerability in PHP (with or without exploits) (no simple safe_mode, open_basedir bypass vulnerabilities)
• Advisory/Article about vulnerability in PHP related software (popular 3rd party PHP extensions/patches, like Suhosin or Zend tools)
• Detailed article about a single topic of PHP application security
• Article about a complicated vulnerability in/attack against a widespread PHP application
• Article about a complicated topic of attacking PHP (e.g. explain how to exploit heap overflows in PHP?s heap implementation)
• Article about how to attack encrypted PHP applications
• Release of a new PHP security tools
• Other topics related to PHP (application) security

Of course we will accept multiple submissions by the same person/team and there will most probably also be articles/advisories by ourself. (But of course we cannot win the prizes)

We at SektionEins are already very excited about the event and hope it will be a success and once again improve the security of the PHP ecosystem.

Overall the conference was pretty interesting since I don’t have a lot of experience with symfony I learned quite a bunch of things about it’s usage. I also met a lot of nice people, and ended the trip yesterday evening at the github meetup, after going for food with a couple phpBB guys who are really much nicer than the forum software they stand for. They were also very open to us bashing phpBB and seem to be headed towards a brighter future for the next version, which I’m sure nobody will complain about.

I also had my first session at a conference, accompanying Lukas though so I wasn’t really flying by myself yet but it was still a nice and interesting (and stressful) experience that I will try to renew. We didn’t get all that much feedback by the way so feel free to do so (also here if you are too lazy to register on joind.in), the organizers need it and obviously I wonder how the talk was received as well.

As for Symfony 2 (which now comes with a capital S please), I kind of saw the flexibility coming since we already implemented the dependency injection container in our Okapi framework at Liip, but I was still impressed by the jump away from symfony (1) Fabien conceded, many people would have tried to keep more BC at the cost of going forward, and I’m really glad he didn’t, I think it will pay in the long run. The new version of the framework will basically be able to be totally ripped apart to fit your needs better if you have high performance requirements, which was the major pain point of symfony 1 as far as I’m concerned, and one of our reasons to keep working on Okapi which is pretty much a baseline micro-framework you can build upon. We will have to see if adopting Symfony in its place will make sense, but it sounds promising and it would offload some maintenance away from us which is always good.

Obviously Symfony 2 isn’t going to be stable for a while, and there are some rough edges that still need to be discussed and improved, mostly in the way bundles are handled imo, but it looks very good already and I’ll definitely give it a try asap. I would also encourage everyone to do so, especially framework developers, because the dependency injection is a pretty awesome thing to have, both for the testability of code and flexibility of the development process. Although if it’s your only interest in it, checking out the Okapi 2 core (or the liip.to app ported to use it) is probably easier as there is less code to read, and we didn’t add any of the abstraction to the dependency injection layer that Symfony 2 has.

Pertama Lakukan instalasi bind9
# apt-get install bind9

read more

Mesin mirror yang sekitar 10 tahun yang lalu saya pelihara (kini sudah wafat) ternyata masih menyisakan jejaknya di Internet, di Wayback Machine. Mesin tersebut punya banyak alias: mirrors.piksi.itb.ac.id, snowwhite.piksi.itb.ac.id, ftp.itb.web.id, dan beberapa nama alias spesifik koleksi seperti misalnya (debian-mirror|ctan|cpan).piksi.itb.ac.id. Jangan dibandingkan spesifikasinya dengan