As iam very active in the English speaking part of the web i decided to make this site dual-lingual. So now I have an English and a German Blog. But i do only write things in both languages which were explicit requested for the other language. And don't be shy to message me, if you want to request something for your language.

Da ich im Englisch sprechenden Bereich des Internets recht aktiv bin, betreibe ich diese Seite nun zweisprachig. Daher habe ich nun einen englischen und einen deutschen Blog. Ich verfasse Artikel jedoch nur auf Nachfrage hin in der jeweils anderen Sprache.

Why you should add @todo annotations to your code

A few months ago I was part of a meeting where we had a big and long dicussion about @todo annotations. (and also the similar ones like @fix, @fixme and so on) The argument was, that they will not be solved, are there for years and nobody cares. Therefore they could also just get deleted. And if there really is something which needs to be done, there is a Ticketsystem for this.

In a perfect company/world I would say yes, thats a complete valid Point.

Read more...

Composer Cache Injection vulnerability - CVE-2015-8371

End of last year I analyzed composer for a few attack vectors, which make use of Packagist to target Projects with own Repositories.

Surprisingly I found one Vector, which still produces a danger, even if you disable the default packagist repository for your project.

Read more...

Why Security holes appear in masses

A lot of people know the annoyed feeling, when they need to push the third security fix to the same stuff in just a few months. Thats also around the same time, when news portals start with topics about how many security holes this software has, which results in people thinking it is insecure as a whole.

This comes from a increased awareness and has also some positive effects on the project. With every found vulnerability the interest of some people gets stronger, leading them to look more or in different ways over the code of the project.

Read more...

Magento - Why goodwill is not enough

Since the MeetMagento in New York everyone again discuss about the Community, the role of the company behind Magento, how they should do more for the Community and so on. A lot of words, partly initiated from persons who want to defend their leading positions in the area of paid Modules, Hosting or similar Magento related business. Then spread by a lot of frustrated community members who have barely knowledge what it means to lead an (open) Software Project/Product.

And when we talk about community, most people only include the english speaking and experienced magento developers.

Read more...

Magento and the question html5 vs. native app

Today @elena_a_leonova asked about the magento mobile app feature and why merchants use them or dont use them.

a bit later she tweeted about an article which thematised HTML5 vs native mobile apps. And, one the one side, it does not really target the usecase online shop, on the other side its not this objective it could be. So I now write some thoughts about this article and the whole mobile App thing.

Read more...