09/12/2012

Network World tested 6 free databases, MariaDB wins the test

26/11/2012

Installation Manual for SaltOS

Setup

Josep Sanz

SaltOS is distributed in 4 different packages: PHP: This package contains the program SaltOS and includes everything necessary to uncompress and unpack the program online. To use this package, please download the package and leave it in a directory on your hosting visible from the Internet. Access the installation file with a browser and the screen "Welcome to SaltOS setup" appear. Follow these steps to install quickly SaltOS in your server. RPM: This package is aimed at users who…

27/09/2012

The MariaDB site adds SaltOS in their case studies

Published another case studies about SaltOS in the MariaDB site: http://kb.askmonty.org/en/saltos-sees-gains-with-subqueries-in-mariadb/

13/09/2012

I recomend to use MariaDB instead of MySQL

After being developed several applications that use MySQL, I realized that it is very inefficient when tables have a lot of records and queries have various joins and subqueries. More info at: Why use MariaDB instead of MySQL?

24/08/2012

Exploit found...

I have reveived an email with the follow text: "Exploit found. hey fucking script kiddies, write good scripts... god damn it. http://packetstormsecurity.org/files/115855" from "Hans Wurst" using the web contact form.

As I don't know how contact with he because he doesn't add a real email, I want ask to he: are you a programmer?, have you made some contribution to society?, I consider your email as prepotent.

09/08/2012

What is the "error 500: Internal error"?

Error 500

Josep Sanz

The 500 error is an error generated by the server when it encounters an error condition that can not resolve automatically. That is, if a file is not found, the error is 404 (Not found), if you can not lists a directory, the error 403 will be launched (Forbidden). For errors that do not have an explicit definition, will raise the error 500 (Internal error).   This error usually occurs in Apache: when used in the .htaccess file some unsupported directives. in some hostings…

29/07/2012

SaltOS runs without problems on PHP 5.4

Now that I already have a computer with PHP 5.4, I could do the tests, apply the changes and make the necessary improvements in the code to work properly in PHP 5.4. You can download it from the nightly from this night.

15/07/2012

I moved the demonstration environment to my personal server

RaCaMeT had to leave the VPS that he had hired and for that reason, I had to move all the demostration environment to my personal server. Since the SaltSO and RhinOS projects, I want say thanks to RaCaMeT by these months of free hosting.

30/06/2012

Now, you can download the nightly version of SaltOS

As announced a few days ago, you can download the nightly version of SaltOS from sourceforge: http://sourceforge.net/projects/saltos/files/nightly/

14/06/2012

Incredible response of the jsmin library developer

This morning I detect a bug in a library that I use frequently and when I notify it to the author, he responds to me "To paraphrase Mr. Crockford: don't do that.". If you want to see all the thread, go to https://github.com/rgrove/jsmin-php/issues/14

10/06/2012

I am preparing a nightly version of SaltOS

As many people ask me about how can download the last release of SaltOS (ie, I have in development), I will to publish a nightly version every night with all current changes. I will shortly be mounted to the public.

22/05/2012

The ABCustom company has given me a quiet office to work in peace

The ABCustom company, a company that uses SaltOS from a long time in their management, has decided to thank the effort I make to the project with a partial part of an office located in Barcelona. Also I have installed my subversion server that I use for version control, connected to high speed internet. It's really gratifying to see that the wheel turns.

01/05/2012

Problems with CSS generated using PHP and Internet Explorer 9

CSS, PHP, Internet Explorer

Josep Sanz

After a few months to be with us the new Microsoft browser, Mr. Internet Explorer 9, some visitors saltos.net informed me that the web did not look properly using this browser. After watching what was happening, detected from the apache logs that requests for style sheets that make Internet Explorer 9, were answered by the apache server itself with an error HTTP 406 Not acceptable (not acceptable). This portal is developed using the RhinOS technology, which generates PHP style sheets from templates.…

22/03/2012

Detected security vulnerability in RhinOS

Advisory:
- HSV-2012-0005
Time Line:
- Detection Date: 22/03/2012
- Notification Date: 22/03/2012
- Fix Date: 22/03/2012
- Disclosure Date: 22/03/2012
Name:
- Arbitary File Download in RhinOS v3.0
Afected Versions:
- SaltOS v3.0 r1238 and previous
References:
- CVE ID: N/A
- Bugtraq ID: N/A
- OSVDB ID: N/A
Descriptión:
- Authenticated users can download any file from the server where RhinOS is instaled
POC / Exploit:
- http://www.example.com/admin/inicio.php?include=php/download.php&name=passwd.txt&file=/etc/passwd
Solution:
- Update the version of RhinOS v3.0 to r1247 or later

16/03/2012

Detected security vulnerabilities in SaltOS and RhinOS

Advisory:
- HSV-2012-0001
Time Line:
- Detection Date: 14/03/2012
- Notification Date: 15/03/2012
- Fix Date: 16/03/2012
- Disclosure Date: 16/03/2012
Name:
- Information Disclosure in SaltOS v3.1
Afected Versions:
- SaltOS v3.1 r5100 and previous
References:
- CVE ID: CVE-2010-1598
- Bugtraq ID: 39605
- OSVDB ID: 63939
Descriptión:
- is possible to obtain information about the server through the library phpthumb.php
POC / Exploit:
- http://www.example.com/code/lib/phpthumb/phpThumb.php?phpThumbDebug=9
Solution:
- Change the value of "$PHPTHUMB_CONFIG['disable_debug']= false;" to "$PHPTHUMB_CONFIG['disable_debug']= true;" in phpThumb.config.php, or update to the version of SaltOS to r5104 or latter
========================================================================================================================
Advisory:
- HSV-2012-0002
Time Line:
- Detection Date: 14/03/2012
- Notification Date: 15/03/2012
- Fix Date: 16/03/2012
- Disclosure Date: 16/03/2012
Name:
- Command Injection in SaltOS v3.1
Afected Versions:
- SaltOS v3.1 r5100 and previous
References:
- CVE ID: CVE-2010-1598
- Bugtraq ID: 39605
- OSVDB ID: 63939
Descriptión:
- is possible to run commands in the server through the 'fltr' parameter in the library phpthumb.php
POC / Exploit:
- http://racamet.saltos.net/code/lib/phpthumb/phpThumb.php?fltr=blur|9 -quality 75 -interlace line fail.jpg jpeg:fail.jpg ; ls -la ;cat /etc/passwd; & src=file.jpg & phpThumbDebug=9
Solution:
- Change the value of "$PHPTHUMB_CONFIG['disable_debug']= false;" to "$PHPTHUMB_CONFIG['disable_debug']= true;" in phpThumb.config.php, or update to the version of SaltOS to r5104 or latter
========================================================================================================================
Advisory:
- HSV-2012-0003
Time Line:
- Detection Date: 14/03/2012
- Notification Date: 15/03/2012
- Fix Date: 16/03/2012
- Disclosure Date: 16/03/2012
Name:
- Information Disclosure in RhinOS v3.0
Afected Versions:
- SaltOS v3.0 r1238 and previous
References:
- CVE ID: CVE-2010-1598
- Bugtraq ID: 39605
- OSVDB ID: 63939
Descriptión:
- is possible to obtain information about the server through the library phpthumb.php
POC / Exploit:
- http://www.example.com/code/lib/phpthumb/phpThumb.php?phpThumbDebug=9
Solution:
- Change the value of "$PHPTHUMB_CONFIG['disable_debug']= false;" to "$PHPTHUMB_CONFIG['disable_debug']= true;" in phpThumb.config.php, or update to the version of RhinOS to r1241 or latter
========================================================================================================================
Advisory:
- HSV-2012-0004
Time Line:
- Detection Date: 14/03/2012
- Notification Date: 15/03/2012
- Fix Date: 16/03/2012
- Disclosure Date: 16/03/2012
Name:
- Command Injection in RhinOS v3.0
Afected Versions:
- SaltOS v3.0 r1238 and previous
References:
- CVE ID: CVE-2010-1598
- Bugtraq ID: 39605
- OSVDB ID: 63939
Descriptión:
- Is possible to run commands in the server through the 'fltr' parameter in the library phpthumb.php
POC / Exploit:
- http://www.example.com/code/lib/phpthumb/phpThumb.php?fltr=blur|9 -quality 75 -interlace line fail.jpg jpeg:fail.jpg ; ls -la ;cat /etc/passwd; & src=file.jpg & phpThumbDebug=9
Solution:
- Change the value of "$PHPTHUMB_CONFIG['disable_debug']= false;" to "$PHPTHUMB_CONFIG['disable_debug']= true;" in phpThumb.config.php, or update to the version of RhinOS to r1241 or latter

07/02/2012

New environment demos by RaCaMeT

Thanks to RaCaMeT, you can enjoy a VPS with 8 cores, 3Gb of RAM and 100GB of NAS connected to a fast internet connection to test SaltOS and RhinOS.

01/02/2012

Demostration services restored.

After making some improvements in the captcha system, the demostration services were out of service. The error has been detected and fixed, and everything is back to normal. Sorry by the inconvenience, but I am doing improvements to prevent the annoying spam inside the forum.

29/01/2012

What is Cloud Computing?

Cloud computing

Josep Sanz

Introduction:   The Cloud Computing, also called nuve computing is the term used to discuss the concept of having the applications from the Internet.   To understand the difference between Cloud Computing and the traditional model, explain some parts of the brief history of computing: At the beginning of the computer, applications running on servers and users operating terminals (also called dumb terminals) and had no specific functionality. Were connected to the server…

24/01/2012

One year of free hosting for saltos.net by dinahosting

Dinahosting has confirmed today that continue the sponsorship for another year to the SaltOS and RhinOS projects, giving a free linux hosting for the website. As always to all those who collaborate with these projects: Thank you.

By the way, I'm looking for a housing provider to allow me to put a computer tower where run the demos of SaltOS and RhinOS.

13/01/2012

Published new SaltOS and RhinOS releases (r4941)

I just published a new release of SaltOS that update and fix:
  • It has been upgraded to JQuery-UI 1.8.17 release
  • Fixed a bug in the installation wizard (calling an incorrect JQuery file)
  • Fixed some errors that affect the permission system, it prevent the correct access to the search engine and to the user folders.

13/01/2012

New server for the demostration environment of SaltOS and RhinOS

Jordi Company and Andres Diaz, have given me a server to replace old equipment I had in my home for the demostration environment of SaltOS and RhinOS. The specifications of the new machine are:
  • Intel Xeon 5130 (4M Cache, 2.00 GHz)
  • 6Gb DDR2 RAM (2x2GB + 2x1GB)
  • 4 HDD SATA2 (2x1Tb, 1x320Gb, 1x80Gb)
The computer is already connected and running, and the truth, I have noticed an increase in execution speed, which will make the user experience in the demostration area more positive.

02/01/2012

Published new SaltOS and RhinOS releases (r4908)

Good morning to the SaltOS and RhinOS followers. As already announced the past week, I uploaded to sourceforge the new packages with the improvements discussed, as well as some updates from third-party libraries.


XML lines
60,895
PHP lines
18,657
JS lines
11,620
XSLT lines
2,498
CSV lines
1,919
CSS lines
577