Jaslabs: High performance Software

By Justin Silverton

After all the hype, Delphi for PHP is finally available.

Announcement from codegear here

“CodeGear, a leader in developer tools, today announced that Delphi® for PHP – an integrated visual Rapid Application Development (RAD) environment for the popular PHP Web development language – is now shipping worldwide.
Delphi for PHP brings the RAD productivity benefits that Delphi users have enjoyed for years to PHP Web developers. PHP, designed to allow Web developers to write dynamically generated pages quickly, is the most prominent dynamic Web language today and has become one of the top 10 programming languages overall.”

Features

• VCL for PHP,an open-source PHP 5 visual component library with more than 50 reusable components and seamless AJAX integration
• out-of-the-box integration with InterBase®, MySQL, Oracle®, Microsoft SQL Server, and other popular databases
• an integrated PHP debugger; drag-and-drop database application development using the Data Explorer for InterBase and MySQL
• a code editor with Code Insight, Code Explorer, and Code Templates. Deployment options include Windows, Linux, Solaris and other platforms

Pricing

The product is available for an introductory price of $249.

Download Trial

A one-day trial can be downloaded here

By Justin Silverton

March is the month of PHP bugs. The following are five of the latest bugs found within PHP.

• PHP header() Space Trimming Buffer Underflow Vulnerability When the header() function is called with an all whitespace string a buffer underflow can be triggered that allows code execution on big endian systems (e.g. MacOS X on PPC, Solaris on SPARC) MOPB-25-2007.php




• PHP array_user_key_compare() Double DTOR Vulnerability (U) When the userspace key comparison function returns its parameters are destructed even if there are references left. Therefore an exploitable double DTOR can be triggered. MOPB-24-2007.php




• PHP 5 Rejected Session Identifier Double Free Vulnerability (U) When a session storage module rejects a session id the session code fails to clear an already freed pointer before calling an interruptible function. This can lead to an exploitable double free. MOPB-23-2007.php




• PHP session_regenerate_id() Double Free Vulnerability (U) session_regenerate_id() fails to clear an already freed pointer before calling an interruptible function. This can lead to an exploitable double free. MOPB-22-2007.php




• PHP compress.bzip2:// URL Wrapper safemode and open_basedir Bypass Vulnerability (U) The compress.bzip2:// URL Wrapper does not perform safemode or open_basedir checks and therefore allows access to archives outside the allowed area Not needed.

More security issues can be found here

It is important to update your PHP installation when new versions and bug fixes are released. There is also a project called Suhosin (which is part of hardened PHP), which can help against known and unknown security risks.

More about suhosin:

it is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.

Information and download of this can be found here

By Justin Silverton

Sun Microsystems recently announced a new open-source development platform for servers designed to help massive multiplayer online game developers bring their creations to market faster.

Project Darkstar, the Java-based software lets developers create a variety of games that can be accessed through a single-server framework. Sun has been a supporter of online and mobile gaming, chief gaming officer, Chris Melissinos said. And Project Darkstar will be an “important technology foundation in the exploding multiplayer online game marketplace.”

Features

• Significantly lessens the time, effort, monetary investment and risk involved in developing online games.
• Provides a simple programming model that hides the complexities of multithreading and server replication.
• Enables games to scale to handle large numbers of clients while providing low-latency response times, even for the write-heavy workloads of MMOGs.
• “Shardless” MMOGs are now a reality by removing the need to preallocate servers with fixed assignments to specific game regions.
• Automatically handles persistence of game state and recovery of game state in the event of server failure.
• Presents a common, underlying platform that can be reused from one game to another.
• Provides plug-in APIs to allow the system to be extended with 3rd-party components.
• Platform and game agnostic architecture allows you develop online games in any genre that target a wide variety of devices.

More information and downloads can be found here

by Justin Silverton

New features

• Freeldr was improved
• HAL’s key areas have been significantly improved (irql-related, bus support, kd-functions
• The Kernel experienced a massive rewrite of incompatible parts (and is still in the process of improvement)
• Run-time library (Rtl) got a lot of improvements and bugfixes
• Bugs were fixed in kernel-mode drivers and a better USB driver was added
• Registry-support has been greatly improved thanks to addition of “cmlib”, a library shared by the boot loader and the kernel to handle binary registry hives; it even supports binary registry hives created by Windows
• More fixes in the Win32 subsystem and user-mode DLLs
• Boot video driver (and a splash screen) was added

What is reactOS?

ReactOS is a free and open-sourced operating system based on the Windows architecture, providing support for existing applications and drivers, and an alternative to the current dominant consumer operating system.

It would be perhaps important to start by saying what ReactOS -isn’t-. It is not another wrapper built on Linux, like WINE. It does not attempt or plan to compete with WINE; in fact, the user-mode part of ReactOS is almost entirely WINE-based and our two teams have close ties. ReactOS is also not “yet another OS”. It does not attempt to be a third player, like SkyOS or any other alternative OS out there. People are not meant to uninstall Linux and use ReactOS instead; ReactOS is a replacement for Windows users. As such, this has created a lot of misunderstanding from both sides. Linux users often wonder why create dilution in the free OS space by creating a Windows-alike OS; wouldn’t that keep some people from switching to Mac/Linux? Windows developers, on the other hand, don’t understand the need to reinvent the wheel by an OS that doesn’t have the high quality and support that Windows has.

screenshots

more information on reactOS can be found here

By Justin Silverton

FVNC is an open source VNC client for flash.

From the author:

“I’ve updated the code to compile with the release version of Flex 2. Previously, the application was only functional in beta versions and stopped working when Flash Player 9 was officially released. I’ve also started to do some refactoring, but decided it was better to get the code out there as-is than keep it locked up while I tweak it. I’ve been beyond busy lately, and I don’t see myself finishing this round of refactoring any time soon, so better to release now than wait a few weeks…”

Screenshots

Login Screen

Actual screenshot

How to use/install

Download and run from your browswer.

Important notes:

Because of Flash Player security restrictions in connecting to remote addresses, you have to run the .swf file from your local file system. This means either launching it with the standalone Flash Player, or dropping the .swf file inside IE or FireFox.

More about the client:

The following encodings are implemented: CopyRect and HexTile. The Flash Player itself is fully capable of rendering the screen without slowdown.. any choppiness seems to be due to the amount of data coming over the wire, so switching to a compressed encoding format should improve speed.

This has only been tested using TightVNC server

Download

The VNC flash client can be download here

Link to project: Here