RealTime IT News

Blog Archives

PHP 5.5.13 Updated for Two Security Vulnerabilities

By Sean Michael Kerner   |    May 30, 2014

From the 'time to patch' files:

The open-source PHP programming language project has phpreleased the PHP 5.5.13 and 5.4.29 updates, each providing numerous bug fixes and both providing fixes for a pair of security vulnerabilities.

The two security vulnerabilities are identified as:

  • Bug #67327 (fileinfo: CDF infinite loop in nelements DoS). (CVE-2014-0238)
  • Bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation). (CVE-2014-0237)

Neither of these bugs look to be highly critical to me, but both could lead to Denial of Service conditions which always need to be mitigated. Server admins and php developer should get updated packages from their respective Linux distros or from php.net

Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist

    PHP Next Taking a Page from Facebook HipHop

    By Sean Michael Kerner   |    May 29, 2014

    From the 'Still Waiting for PHP 6' files:

    Three and a half years ago in December of 2011, I wrote about Facebook's new HipHop Virtual phpmachine for improving PHP. Now it looks like mainline PHP developers are going to soon go the same route.

    The Hip Hop Virtual Machine (hhvm) makes PHP faster by providing Just-In-Time (JIT) compilation and it's now something being baked into the PHP next gen branch.

    "When we aren't looking for pictures of kittens on the internet, internals developers are nearly always looking for ways to improve PHP, a few developers have a focus on performance," a post on PHP.net states. "By making these improvements, the phpng branch gives us a considerable performance gain in real world applications, for example a 20 percent increase in throughput for Wordpress."

    This is a great idea of PHP which has been evolving really nicely over the last two years. The PHP 5.5 release for example got the Zend Optimizer+ Opcode cache system, which I personally see a huge improvement from for running PHP applications.

    PHP 5.6 is currently at its Beta 3 stage and is already feature frozen, so I wouldn't expect the next gen branch stuff to land until a future PHP 5.7 (or PHP 6?!)

    Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist

    No Steam Machines For You (Until 2015)

    By Sean Michael Kerner   |    May 28, 2014

    steamFrom the 'Run Steam OS Linux Today' files:

    The ultimate Linux gaming machine - aka Valve's Steam Machine won't be available until 2015. That's not good news.

    The Steam Machines effort is a Linux powered gaming machine that could revolutionize console gaming and take on Sony's PlayStation and Microsoft's Xbox, if it ever gets out the door. Valve will have multiple hardware vendors partners building Steam Machines, but that's not the problem behind the latest delay.

    The problem is with the controller.

    In a post on the Steam Community site, Valve wrote:

    We’re now using wireless prototype controllers to conduct live playtests, with everyone from industry professionals to die-hard gamers to casual gamers. It's generating a ton of useful feedback, and it means we'll be able to make the controller a lot better. Of course, it's also keeping us pretty busy making all those improvements. Realistically, we're now looking at a release window of 2015, not 2014.


    That said, Valve is running Steam OS as a (mostly) Open-Source project, so Linux users can download the system and run it on their own hardware with the Steam client today. The Steam Machine will 'just' be a packaged/hardware optimized offering and hey that controller will be a big piece of the whole story too.


    Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist

    When Apache Projects Die. Click.

    By Sean Michael Kerner   |    May 27, 2014

    apache clickFrom the 'Nothing Lasts Forever...' files:

    Open-source projects come and go all the time. In the Apache world though there is a prescribed process by which the 'going' happens that is somewhat unique in the world of open-source software development.

    Apache has an archived place for 'dead' projects known as the Attic and the latest project to move there is Apache Click. Click is a project that literally never really 'clicked' with users/developers and was an effort to build (yet another) JavaEE web application framework.

    "The user mailing list, website, downloads and issue tracker all remain open, though the issue tracker is read-only. See the website at http://click.apache.org for more information on Click," the Apache Click site states. "As with any project in the Attic - if you should choose to fork Click outside of Apache, please let us know so we can link to your project."

    Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist

    #OpenStack Project Staypuft Fuels Red Hat

    By Sean Michael Kerner   |    May 13, 2014

    project staypuft From the 'It's Not the Marshmallow Man' files:

    ATLANTA. There seems to be no shortage of interesting OpenStack installer projects and at that OpenStack Summit this week I learned about another one.

    Currently known as Project Staypuft - in homage to the Ghostbusters movie monster - Staypuft is essentially an installer for an installer (Foreman).

    During an OpenStack Summit session, Red Hat staffers explained that Staypuft lets Foreman do installation and help to manage the lifecycle as well. There is a strong Puppet tie-in with Staypuft, but for reasons I don't quite understand, Red Hat isn't using PuppetDB for the data.

    There were a lot of questions during the session, but the most often asked one was:

    Why another installer? Why not leverage from other projects?

    In particular, the question was asked why not just use the open-source FUEL components from Mirantis. The answer that I heard was somewhat interesting.

    You see, Red Hat can't directly integrate Mirantis' FUEL with the Red Hat Satellite service. So even though there are other open-source efforts out there that kinda /sorta do the same things that Staypuft aims to do, Red Hat is out building its own.

    Whatever becomes of Staypuft, one thing is for sure, the name will likely change and Red hat will continue its efforts to make OpenStack easy to install and manage.

    You can find the Github repo for staypuft at: https://github.com/theforeman/staypuft

    Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist