09/12/2012

Network World tested 6 free databases, MariaDB wins the test

27/09/2012

The MariaDB site adds SaltOS in their case studies

Published another case studies about SaltOS in the MariaDB site: http://kb.askmonty.org/en/saltos-sees-gains-with-subqueries-in-mariadb/

13/09/2012

I recomend to use MariaDB instead of MySQL

After being developed several applications that use MySQL, I realized that it is very inefficient when tables have a lot of records and queries have various joins and subqueries. More info at: Why use MariaDB instead of MySQL?

24/08/2012

Exploit found...

I have reveived an email with the follow text: "Exploit found. hey fucking script kiddies, write good scripts... god damn it. http://packetstormsecurity.org/files/115855" from "Hans Wurst" using the web contact form.

As I don't know how contact with he because he doesn't add a real email, I want ask to he: are you a programmer?, have you made some contribution to society?, I consider your email as prepotent.

29/07/2012

SaltOS runs without problems on PHP 5.4

Now that I already have a computer with PHP 5.4, I could do the tests, apply the changes and make the necessary improvements in the code to work properly in PHP 5.4. You can download it from the nightly from this night.

15/07/2012

I moved the demonstration environment to my personal server

RaCaMeT had to leave the VPS that he had hired and for that reason, I had to move all the demostration environment to my personal server. Since the SaltSO and RhinOS projects, I want say thanks to RaCaMeT by these months of free hosting.

30/06/2012

Now, you can download the nightly version of SaltOS

As announced a few days ago, you can download the nightly version of SaltOS from sourceforge: http://sourceforge.net/projects/saltos/files/nightly/

14/06/2012

Incredible response of the jsmin library developer

This morning I detect a bug in a library that I use frequently and when I notify it to the author, he responds to me "To paraphrase Mr. Crockford: don't do that.". If you want to see all the thread, go to https://github.com/rgrove/jsmin-php/issues/14

10/06/2012

I am preparing a nightly version of SaltOS

As many people ask me about how can download the last release of SaltOS (ie, I have in development), I will to publish a nightly version every night with all current changes. I will shortly be mounted to the public.

22/05/2012

The ABCustom company has given me a quiet office to work in peace

The ABCustom company, a company that uses SaltOS from a long time in their management, has decided to thank the effort I make to the project with a partial part of an office located in Barcelona. Also I have installed my subversion server that I use for version control, connected to high speed internet. It's really gratifying to see that the wheel turns.

22/03/2012

Detected security vulnerability in RhinOS

Advisory:
- HSV-2012-0005
Time Line:
- Detection Date: 22/03/2012
- Notification Date: 22/03/2012
- Fix Date: 22/03/2012
- Disclosure Date: 22/03/2012
Name:
- Arbitary File Download in RhinOS v3.0
Afected Versions:
- SaltOS v3.0 r1238 and previous
References:
- CVE ID: N/A
- Bugtraq ID: N/A
- OSVDB ID: N/A
Descriptión:
- Authenticated users can download any file from the server where RhinOS is instaled
POC / Exploit:
- http://www.example.com/admin/inicio.php?include=php/download.php&name=passwd.txt&file=/etc/passwd
Solution:
- Update the version of RhinOS v3.0 to r1247 or later

16/03/2012

Detected security vulnerabilities in SaltOS and RhinOS

Advisory:
- HSV-2012-0001
Time Line:
- Detection Date: 14/03/2012
- Notification Date: 15/03/2012
- Fix Date: 16/03/2012
- Disclosure Date: 16/03/2012
Name:
- Information Disclosure in SaltOS v3.1
Afected Versions:
- SaltOS v3.1 r5100 and previous
References:
- CVE ID: CVE-2010-1598
- Bugtraq ID: 39605
- OSVDB ID: 63939
Descriptión:
- is possible to obtain information about the server through the library phpthumb.php
POC / Exploit:
- http://www.example.com/code/lib/phpthumb/phpThumb.php?phpThumbDebug=9
Solution:
- Change the value of "$PHPTHUMB_CONFIG['disable_debug']= false;" to "$PHPTHUMB_CONFIG['disable_debug']= true;" in phpThumb.config.php, or update to the version of SaltOS to r5104 or latter
========================================================================================================================
Advisory:
- HSV-2012-0002
Time Line:
- Detection Date: 14/03/2012
- Notification Date: 15/03/2012
- Fix Date: 16/03/2012
- Disclosure Date: 16/03/2012
Name:
- Command Injection in SaltOS v3.1
Afected Versions:
- SaltOS v3.1 r5100 and previous
References:
- CVE ID: CVE-2010-1598
- Bugtraq ID: 39605
- OSVDB ID: 63939
Descriptión:
- is possible to run commands in the server through the 'fltr' parameter in the library phpthumb.php
POC / Exploit:
- http://racamet.saltos.net/code/lib/phpthumb/phpThumb.php?fltr=blur|9 -quality 75 -interlace line fail.jpg jpeg:fail.jpg ; ls -la ;cat /etc/passwd; & src=file.jpg & phpThumbDebug=9
Solution:
- Change the value of "$PHPTHUMB_CONFIG['disable_debug']= false;" to "$PHPTHUMB_CONFIG['disable_debug']= true;" in phpThumb.config.php, or update to the version of SaltOS to r5104 or latter
========================================================================================================================
Advisory:
- HSV-2012-0003
Time Line:
- Detection Date: 14/03/2012
- Notification Date: 15/03/2012
- Fix Date: 16/03/2012
- Disclosure Date: 16/03/2012
Name:
- Information Disclosure in RhinOS v3.0
Afected Versions:
- SaltOS v3.0 r1238 and previous
References:
- CVE ID: CVE-2010-1598
- Bugtraq ID: 39605
- OSVDB ID: 63939
Descriptión:
- is possible to obtain information about the server through the library phpthumb.php
POC / Exploit:
- http://www.example.com/code/lib/phpthumb/phpThumb.php?phpThumbDebug=9
Solution:
- Change the value of "$PHPTHUMB_CONFIG['disable_debug']= false;" to "$PHPTHUMB_CONFIG['disable_debug']= true;" in phpThumb.config.php, or update to the version of RhinOS to r1241 or latter
========================================================================================================================
Advisory:
- HSV-2012-0004
Time Line:
- Detection Date: 14/03/2012
- Notification Date: 15/03/2012
- Fix Date: 16/03/2012
- Disclosure Date: 16/03/2012
Name:
- Command Injection in RhinOS v3.0
Afected Versions:
- SaltOS v3.0 r1238 and previous
References:
- CVE ID: CVE-2010-1598
- Bugtraq ID: 39605
- OSVDB ID: 63939
Descriptión:
- Is possible to run commands in the server through the 'fltr' parameter in the library phpthumb.php
POC / Exploit:
- http://www.example.com/code/lib/phpthumb/phpThumb.php?fltr=blur|9 -quality 75 -interlace line fail.jpg jpeg:fail.jpg ; ls -la ;cat /etc/passwd; & src=file.jpg & phpThumbDebug=9
Solution:
- Change the value of "$PHPTHUMB_CONFIG['disable_debug']= false;" to "$PHPTHUMB_CONFIG['disable_debug']= true;" in phpThumb.config.php, or update to the version of RhinOS to r1241 or latter

07/02/2012

New environment demos by RaCaMeT

Thanks to RaCaMeT, you can enjoy a VPS with 8 cores, 3Gb of RAM and 100GB of NAS connected to a fast internet connection to test SaltOS and RhinOS.

01/02/2012

Demostration services restored.

After making some improvements in the captcha system, the demostration services were out of service. The error has been detected and fixed, and everything is back to normal. Sorry by the inconvenience, but I am doing improvements to prevent the annoying spam inside the forum.

24/01/2012

One year of free hosting for saltos.net by dinahosting

Dinahosting has confirmed today that continue the sponsorship for another year to the SaltOS and RhinOS projects, giving a free linux hosting for the website. As always to all those who collaborate with these projects: Thank you.

By the way, I'm looking for a housing provider to allow me to put a computer tower where run the demos of SaltOS and RhinOS.

13/01/2012

Published new SaltOS and RhinOS releases (r4941)

I just published a new release of SaltOS that update and fix:
  • It has been upgraded to JQuery-UI 1.8.17 release
  • Fixed a bug in the installation wizard (calling an incorrect JQuery file)
  • Fixed some errors that affect the permission system, it prevent the correct access to the search engine and to the user folders.

13/01/2012

New server for the demostration environment of SaltOS and RhinOS

Jordi Company and Andres Diaz, have given me a server to replace old equipment I had in my home for the demostration environment of SaltOS and RhinOS. The specifications of the new machine are:
  • Intel Xeon 5130 (4M Cache, 2.00 GHz)
  • 6Gb DDR2 RAM (2x2GB + 2x1GB)
  • 4 HDD SATA2 (2x1Tb, 1x320Gb, 1x80Gb)
The computer is already connected and running, and the truth, I have noticed an increase in execution speed, which will make the user experience in the demostration area more positive.

02/01/2012

Published new SaltOS and RhinOS releases (r4908)

Good morning to the SaltOS and RhinOS followers. As already announced the past week, I uploaded to sourceforge the new packages with the improvements discussed, as well as some updates from third-party libraries.


XML lines
52,636
PHP lines
14,192
JS lines
6,294
T2T lines
3,499
XSLT lines
2,654
SQL lines
1,675