|
Tuesday, May 24. 2005FUDforum 2.6.13 Released
Finally got around to releasing the next stable release of FUDforum, 2.6.13. For the most part it is the same as RC2, with just a few note worthy changes. The Japanese and Romanian translations were updated, Win32 finally has proper timezone support through a custom subset of timezone values and some more adjustments to the nested category display. The latter seems to have been an ongoing problem throughout the .13 release cycle and I sincerely hope we've finally hammered out all of the possible problems with it.
The upgrade and installation scripts are available at the usual location: http://fudforum.org/download.php. On a related note, I am now working on a PDO database driver for the forum. This will allow FUDforum to expand it's database support beyond MySQL and PostgreSQL as well as benefit from an improved API offered by PDO. Many of PDO's convenience functions would significantly simplify the process of retrieving data for certain operations. Tuesday, May 17. 2005OSCON
One conference is over and another one is already in the works. I've been invited to speak about PHP & Performance at OSCON on August 3rd, 2005. This is my first visit to a non-PHP specific conference as a speaker and I very much look forward to it.
Tuesday, May 17. 2005Gallery Up
Finally got of my ass and installed phpMyGallery, so my amazing photography can be shared with the world
 .The first "vicitim" is the PHP|Tropics conference. Tuesday, May 17. 2005PHP|Tropics Recap
The PHP|Tropics conference was a great deal of fun and an excellent break from the monotony of work, sleep, work... I would like to thank the organizers (Marco & Arbi) for taking the time to organize this event and have it go without a hitch.
To those who decided to skip the sandy beaches and the inviting pool to hear the talks, my sympathies  .The slides from both of my talks are now available online at: Starting PHP Performance Talk: PDF PowerPoint Flash Aside from the PHP related matters a new term was coined during the conference; shifted - To be left drunk and penniless at night in down town Cancun. Friday, April 22. 2005FUDforum 2.6.13RC1 Released
Here goes the 1st pre-release of FUDforum 2.6.13. The focus of this release has been stabilization of the code and fine tuning of the previously added features.
Changes: 1. If .htaccess is to be obeyed, make sure $_SERVER is created. 2. When merging topics port the read statuses and notifications from source topics. 3. Don't raise notices during charset conversion. 4. Fixed decoding of messages to plain text for NNTP/Mailing list post backs. 5. Many fixes to nested category display on the front page. 6. Improvements to the captcha code generation. 7. Fixed adding users to primary groups during consistency check. 8. Fixed changing of user logins via admin interface. 9. Corrected building of FUDforum zip archives (install/upgrade). 10. Better handling of SQL server version detection (PostgreSQL 8.0). 11. Fixes to pager generation in PATH_INFO theme. 12. Fixed rebuild of primary PATH_INFO theme during upgrading. 13. Fixed bugs that caused HTML entities to appear in bookmark titles in the PDFs. 14. Added missing URL session id to PDF generation links. 15. Added explanation to message/attachment pruning admin control panel, that better explain the operation. 16. Added option to allow disabling of welcome emails sent on registration. 17. Make SMTP errors be more verbose. 18. Fixed poll displaying in HTML emails. 19. IPB conversion script fixes to prevent query failures on invalid data. 20. Workaround for bug on win32 with temporary file names, this caused problems for avatar uploads in user profiles. 21. Added "how do post messages' FAQ entry. 22. Improved text of "invalid reset key" to mention the possibility of email client automatically opening the URL internally. The upgrade script can be found here: http://fudforum.org/download.php?di=108&u=1 Wednesday, April 6. 2005Wednesday, March 23. 2005FUDforum 2.6.12 Released
This release is the culmination of the RC1-RC3 changes in addition to few small bug fixes added post RC3. These include updates to the Russian translation, better post login redirection logic and splitting of existing topics into new forums.
The install and upgrade scripts are available from: http://fudforum.org/download.php 2.6.12 also addresses a minor security issue inside the error logging code on certain installations running on Apache. Full details of the problem can be found here. Friday, March 18. 2005FUDforum 2.6.12RC3 Released
Another small bug fix RC that hopefully brings us yet another step closer to the stable release.
Major Changes Include the following:
This release can be downloaded here. Monday, March 7. 2005FUDforum 2.6.12RC1 Released
Here goes the first release candidate of the 2.6.12 release, this release includes a fair number of changes and improvements so much testing is needed to ensure everything is working correctly. Among the changes are massive updates and revisions to the Italian translation. Addition of support for non-ascii (htmlencoded) characters in login/alias names. Support for mass topic deletion/moving for administrators and moderators. Several performance improvements and various bug fixes.
The full scope of the changes can be found here. The new release is available for download at: http://fudforum.org/download.php Friday, February 18. 2005Free SSL Certs for OSS Projects
GoDaddy has announced that they will be giving away 1 year Turbo SSL certificates to qualifying Open Source projects. To find if you are applicable visit their request form at:
https://www.godaddy.com/gdshop/ssl/ssl_opensource.asp Seems like a neat idea that should give all OSS developers an opportunity to test their web applications with genuine SSL certificates and ensure that their applications work properly over https. Wednesday, February 16. 2005FUDforum 2.6.10 Released
A new stable release of FUDforum, 2.6.10 has been released today and is now available download. This release primarily is a a bug fix release with a number of low/medium priority fixes. All existing users of the forum are encouraged to upgrade to this release whenever possible. Full details of the changes can be found in the RC1 - RC3 release announcements on the support forum.
Wednesday, January 26. 2005More Conference I am happy to announce that I will be speaking at the annual PHP Quebec Conference on March 31st and April 1st. I will be giving a talk on Web services and a workshop on the same topic. The conference includes talks by many great speakers on variety of topics and should be of interest to all PHP users. Thursday, January 6. 20052005 Conference Schedule
I've been fortunate to be invited to speak at two conference so far this year.
 The first of those two conferences, PHP West will be happening in about a week in Vancouver on January, 14th 2005. I will, be giving a talk on XML support in PHP 5. While the conference lasts only a single day it costs merely $40 to attend and given an impressive list of speakers Rasmus, John, Terry, etc... it is certainly worth attending.  The second conference, PHP|Tropics, is still a few month away will be happening at the all-inclusive (alcoholic drinks are included, WOOHOO!) Moon Palace Resort near Cancun, Mexico between May 11th and 15th, 2005. Which should give you plenty of time to convince your boss and/or spouse to let you attend. I will be giving a talk on making PHP run a whole lot faster as well as an introductory tutorial on PHP 5. Marco has been working hard at giving reason for people to stay away from the beach by inviting many other great speakers such as Wez, Derick, Marcus and many others. So aside from getting a nice suntan you'll definitely have a chance to learn about some of the neat things PHP can do. For even more reasons to attend visit the conference's website. Thursday, December 23. 2004Monday, December 20. 2004phpBB & unserialize bug
As most of you hopefully know, a few days ago PHP 4.3.10 and 5.0.3 were released in response to several vulnerabilities that were discovered. Two of those involved bugs in unserialize function that is used to re-create PHP variables based on an encoded string normally generated by serialize() function. This functionality allows storage & retrieval of PHP variables from outside PHP.
While these two problems are quite serious, they can normally only be exploited locally, meaning that you'd need an account with access to PHP on the server. However, several applications such as phpBB store serialized data inside cookies meaning that anyone accessing those applications will be able to supply their own serialized string. By tinkering with this string it is possible to make an exploit capable of doing things like theft of passwords. In response to this development phpBB developers decided to put the following statement out "This is not a phpBB exploit or problem, it's a PHP issue and thus can affect any PHP script which uses the noted functions". First of all this is not a correct analysis of the situation, the only applications vulnerable are the ones that expose serialized data to the user allowing them to modify it, like phpBB does. Even if the bug in serialized code did not exist, there are still issues with exposing serialized data to the user without validation. There is nothing to prevent someone from generating a very complex data structure that would take long time to parse and use it as a means of launching a resource depletion attack. It also means that by modifying the serialized string it is possible to inject all manner of data into the script which may lead to exploits due to uninitialized variables, etc... Ultimately it comes down to blindly trusting the user with your data and expecting not to get penalized for it. While unserialize is certainly a bug in PHP, the fact it is remotely exploitable is the fault of script writers who do not take the time to properly validate user input. |
|
|||||||||||||||||||||||||||||||||||||||||||||||||
