The blog of Russ (snake) Michaels - Jibber Jabber

What OS are web developers using?

Tue, 20 Jul 2010 17:58:00 --0100

The open source PHP dynamic language is one of the most widely deployed languages on Web servers today. But what operating systems are PHP developers using to develop and deploy their applications? It's a question that has been asked before and now it's being answered with a new study from Zend, one of the lead commercial backers behind PHP.

The study surveyed 2,000 PHP developers in December and found that 85 percent reported that Linux was their primary operating system as a production environment for PHP.

Windows came in at a distant second at 11 percent while Mac OS X came in third at just 2 percent. However, when Zend drilled down into which platforms respondents prefer for their development, the rankings change dramatically.

According to the study, 42 percent of respondents reported that Windows was their primary operating system for development. Linux came in as No. 2 at 38.5 percent while Mac OS X remained in third place at 19.1 percent.

The findings indicate that while Microsoft Windows remains the top platform for developing in PHP, its lead may be narrowing. Back in 2006, a Microsoft executive reported that 85 percent of PHP developers were developing on Windows, but only 20 percent deployed on a Windows machine. The change comes despite joint work by Zend and Microsoft to improve the capabilities of PHP on Windows servers.

that the new study was based on over 2,000 completed surveys conducted in December 2009, some of which came from Zend customers. The survey was made public through the Zend Framework website, the Zend monthly newsletter, Twitter and DevZone.

I have also noticed recently from reading blogs and lists that the majority of CFML open source developers seem to deploy Railo or Open BlueDragon on Linux, which is a major paradigm shift from ColdFusion developers who primary use Windows.

I don't think this is a matter of preference but rather one of necessity as pretty much all the PHP documentation is for Linux, most PHP apps are written for Linux/Apache and are not supported on windows even if you can get them working.

If you have tried to install Railo then will have discovered this can also be quite a task and a challenge to get working, especially on windows/IIS7, and there are far more blog posts and docs explaining how to get it running on Linux, as well as ready made virtual disk images, which I suspects encourages people to take the path of least resistance and install Linux.

In the case of CFML this does however tend to be done using virtualisation software such as virtualbox or vmware to run a linux development servers on windows, so cfml developers do still seem to be using windows as their primary desktop OS, so I do wonder if Zend took this into consideration with their study and if many of those who listed Linux as their primary development OS may in fact be running it as a virtual machine on windows. This feeling is further extrapolated by the fact that developers are mainly using servers distros like CentOS.

You also need to consider all the obvious facts as well:- While Linux has a lot going for it and plenty of software, most of the best/popular software, especially web dev/design products like Dreamweaver and the rest of the Adobe line is not available on Linux. Sure there are alternatives, but they are certainly not in the same league and you can't walk into PC World and buy any of it. For those who have always been running a Linux desktop this will of course not matter at all, but for the rest this will be a big issue, especially if it is software you have spent a lot of money on, so running a virtual machine makes sense.

Of course it could be the other way round entirely and developers are running a windows VM on linux, but this would seem an off way of doing it if their primary tools are on windows.

Before the Linux fanboys start ranting, let me make it 100% clear that this is not a linux vs windows slanging match and I will delete all churlish comments attempting to turn it into one. If you comment keep it on-topic and professional.

StarWars comes to the TomTom

Mon, 14 Jun 2010 14:08:00 --0100

After discovering my iPhone has no SatNav software, I was just looking on the tomTom web site and came across this. http://starwars.tomtom.com/voices/index-starwars.php?Lid=1

You can now have your directions read toyou in the voices of Darth Vader, C3PO or Yoda, very cool I do have to say, and I bet if Ray Camden doesn't already have a TomTom he will own one very soon :-)

By the way be sure to watch the Darth Vader video, quite entertaining.

Photoshop CS5 demonstrates its stunning new party piece

Wed, 24 Mar 2010 21:36:00 --0100

I just had to share this as it is totally awesome. So many times I could have used this.

The now-familiar release cycle of Adobe's Creative Suite is signalled by two things: the hype and expectation of those who rely on Adobe's applications and prices that, especially for UK users, seem to soar further into the stratosphere with every new version.

A single new feature, though, has awed the PC Pro office and suddenly made CS5 seem like fantastic value for money. It's been dubbed the Content-Aware Fill, and has been shown off in a YouTube video narrated by Bryan O'Neil-Hughes, a product manager on the Photoshop team.

The dull, businesslike name hides a potentially revolutionary feature: if you're not happy with an item in your picture, select it, delete it, and Photoshop will analyse the surrounding area and plug the gap as if it never existed.

It seems easy to use and incredibly proficient: O'Neil-Hughes used it to remove lens flare, turn patchy and litter-strewn grass into a perfectly manicured lawn. He quickly removed entire trees and let Photoshop stitch together the grass and sky that would take their place. It's a testament to the new tool's proficiency that we couldn't tell that the image had been modified.

He didn't stop there: a simple click removed a dusty track and replaced it with desert, and a panoramic image's clumsy borders were filled out within seconds. Best of all, Photoshop handled these modifications without fuss and quickly delivered picture-perfect results.

Without this feature, making these edits could take hours or, in more complicated cases, even days. The Content-Aware Fill, though, took just seconds and has got us even more excited about the impending release of CS5. We'll have a full review available when the software is released but, for now, this demo should be more than enough to whet your appetite.

Electronic Cigarettes rock

Fri, 05 Feb 2010 02:09:00 --0100

In my efforts to give up smoking I decided to investigate these so called electronic cigarettes. To my surprise the reviews all seemed to rave about them and people were claiming they never looked back, what has a lot to do with the smoking bans, so I thought sod it lets buy one. There are so many out there it is damn hard to choose, but in the end I went for the one pictured left from Totally Wicked Eliquid where they call them Electronic Nicotine Inhalers (e-NI) rather than e-cigarettes, which is in fact what they are.

I have to say I am shocked at how good it actually is, not only does it taste very similar to a cigarette, but I actually prefer it and have been smoking it far more than I do cigarettes. You get all the things that keep you hooked on smoking, something to hold in your hand and put in your mouth, the taste, the inhalation of smoke and of course the nicotine high but without any of the nastiness, here are some of the benefits.

They contain no tobacco,Nor do they contain any of the multitudes of harmful, carcinogeous ingredients found in traditional tobacco products
No Smoke (it is actually water vapour)
doesnâ??t make you or your clothes smell
no chance of causing fire as it is not alight
legal to smoke in public places due to above
no where near as bad for your health
no more mouth like a litter tray in the mornings
will not effect those around you
saves you money
wont give you cancer
you donâ??t have to go outside in the cold to smoke

There are many different types, some look like cigarettes and some donâ??t, like mine above, and some look just plain weird, add to that the fact that there are 30+ different flavours of nicotine liquid (or cartridges) to choose from, and you can see the whole smoking experience suddenly has a bit more depth to it.

So far I have only tried regular and cherry flavour nicotine and I like them both. I used to only smoke menthol ciggies and couldnâ??t stand anything else, but this is not an issue with the e-NI as it is far less harsh due to the lack of tobacco. I am a big fan of the flavours too, back in the days of pipe and tobacco shops I used to smoke flavoured pipe tobacco and use liquorice rizla papers, so itsa bit of a blast from the past and I expect I will have a nice selection soon.

So if you are a smoker, I would definitely recommend you give it a try, iâ??m sure those around you wont miss your stinky clothes and smelly breath either. If you are worried about looking like a bit of a ponce, all I can say is â??grow a pairâ?? and stop worrying about what others think, itâ??s your life after all.

PCI Compliance for Dummies

Thu, 28 Jan 2010 14:03:00 --0100

PCI DSS compliance is now a legal requirement for anyone with merchant services, having just had to go through this myself and knowing that our clients are also going to have to do the same, I started searching for a simple guide that I could pass on to clients and came across this book.

Complying with the PCI Data Security Standard may seem like a daunting task for merchants. This book is a quick guide to understanding how to protect cardholder data and comply with the requirements of PCI - from surveying the standard's requirements to detailing steps for verifying compliance.

PCI Compliance for Dummies arms you with the facts, in plain English, and shows you how to achieve PCI Compliance.

And yes my company BlueThunder Internet is fully PCI DSS compliant before you ask :-)

Should you trust web host review sites?

Sun, 24 Jan 2010 15:53:00 --0100

My answer to this would be an emphatic NO, these review sites are all there to make money and simply give the highest rating to the hosts who pay the most. And as far as any reviews go, these can just as easily be made up by either the review site or the host as no real validation takes place on most of these sites other than to maybe send out a verification email to the specified email address, which only goes to prove that the poster did not use a fake address. Many of these sites will also doctor the reviews to favour the paying advertisers, notice that almost all host review sites have the same companies in their top 10. Just take a look at http://hosting-reviews-exposed.com/ for some real dirt.

[More]

Beware of the police, they want your kids to become criminals.

Sun, 15 Nov 2009 14:05:00 --0100

I recently came across this shocking article which made my blood boil.

Mother trailed by policeman and warned by council for telling off son at checkout
Read more: http://www.dailymail.co.uk/news/article-1226056/Mother-trailed-policeman-warned-council-telling-son-checkout.html#ixzz0WvxoDr1b

It beggars belief doesn't it, clearly they are too lazy to investigate all those real crimes and this is exactly the reason why more and more kids are hanging about outside off licenses, swearing and being abusive to the public and generally growing up to be thugs and criminals before they are even teenagers, thus making even more cases for the police and social services to ignore.

Judging by the growing number of incidents like the above one, this is the type of behaviour that the police and social services condone and are encouraging by their actions. Obviously by denying teachers and parents the ability to teach any kind of moral values or boundaries to their children or using any kind of discipline for fear of the repercussions they must have some sick dreams of a future like "escape from new york" rather than the utopian society that most dream of.

It certainly seems that the average social services worker or police officer is completely clueless about children if they think all parents should be calm and collected all the time and that all children will simply do as their told if you just ask them nicely. I think it should be a requirement that anyone who desires to work in this field should have some real world practical experience and I can't believe that isn't the case already. Give them a couple of unruly kids to look after 24\7 for a month and see what happens, or at the very least it should be a requirement that they have had kids of their own. Then perhaps they will realise that most parents lose their temper as a matter of course and make idle threats to their kids just to shut them up. Someone who really does smack the crap out of their kids is hardly likely to shout about it in a public place.

Sure we all see parents losing their rag in the supermarket and initially we may think they are crazy or going way OTT, but then if you are a parent yourself you realise that the kid has probably been winding them up all day and the parent has simply run out of patience, and that is probably exactly what you look like to everyone else when you lose your rag as well.

Sure it is great to think that the police and social services are looking out for the welfare of our kids as we certainly don't like to think of those poor children like baby P out there who are being abused, I know that any stories of that nature in the news always bring a tear to my eye, but I for one do not think that is happening when you take cases like "Baby P" where there was some real and obvious abuse that was totally ignored because they are wasting time victimising innocent people who have clearly done nothing wrong and wont even admit when they have made a mistake and continue to push the matter. One can only presume that it takes up less of their time and requires less paperwork than investigating real crime or abuse cases.

I think these days you need to be more scared of the police or social services than you do of the criminals. At least a burglar is only going to take your stuff and not your kids.

Knight Rider Reboot

Wed, 22 Jul 2009 13:53:00 --0100

Have you been watching the new series of Knight Rider? It is actually rather cool I have to say. I was sorely disappointed after watching the pilot, as were many others judging by the online chatter, Kitt had none of the cool features from the original series other than being bullet proof, and the only new feature was his ability to morph, which was also rather lame in the pilot, and quite frankly the car just didn't look anywhere near as cool as the old trans-am, and I really wasn't feeling at all excited about the new series based on this.

Thankfully it seems the producers have listened to the complaints and things are vastly better in the new series, Kitt can now turbo boost, shoot lasers and rockets, emit emp's, xray and all manner of other scanning and computer wizardry. He can also generate just about anything it seems from a 3D molecular imaging device, has a super pursuit mode (now called attack mode) and the morphing is truly cool even if totally unbelievable allowing Kit to transmogrify into all manner of different vehicles to match the terrain or simply to blend in.

I still do not think the car looks as cool as the original trans-am, but this is far less of an annoyance now that everything else is cool and you can accept the fact that the car is meant to be able to blend in and not stick out like a sore thumb.

The car aside, the cast are also pretty good, the new Michael Knight (it is explained why he has the same name) is a proper ass kicking ex-marine agent type, so the fight scenes are far more exciting and action film like instead of the lack lustre unrealistic fights from the old 80's series that just made Hasslehoff seem like a smooth talking James Bond wannabe.

Back at HQ there are the genius geeks who keep Kitt up and running and help Mike on his missions with all their gadgetry and ability to remotely hack into just about anything, as well us providing us with eye candy as most of them just happen to be extremely hot babes who of course all lust after Michael Knight, lucky guy.

Everything in this new series is totally unbelievable and technically impossible by any stretch of the imagination, but as long as you are not anal about this and are not one of those people that needs to over analyse everything instead of simply enjoying it, it is great fun to watch whether you were a fan of the original series or not and is I think a great reboot of a classic series for the 21st century and is at least for me a must watch programme each week.

1402 Error when installing Microsoft Office

Tue, 14 Jul 2009 15:18:12 --0100

I recently had a total nightmare with Office 2007 Enterprise on windows 2008 server. Some of my office applications stopped working so I tried to repair it, but the setup file would not run off the DVD nor would add/remove programs run, always failing with the error below, as a result I was not able to uninstall office.

"setup has stopped working"

I originally thought it was my DVD player, so I went out and bought a new one, which didn't help.

The solution to get the office installer to work was quite a PITA to say the least

First read this Microsoft KB article
How to manually uninstall the 2007 Office system if you cannot uninstall it by using the "Add or Remove Programs" feature
Also run the Windows Installer Cleanup Utility
http://support.microsoft.com/kb/290301

After doing all this and getting office off my PC I was finally able to run the office setup, but alas this then threw another error during installation.

**************

Microsoft Office Enterprise 2007 encountered an error during setup.

Error 1402. Setup cannot open the registry key

UNKNOWN\Components\3D5095D39455BD341908312EDABA9DD8\00002109F10090400000000000F01FEC. Verify that you have sufficient permissions to access the registry or contact Microsoft Product Support Service (PSS) for assistance.

***********

Now this was especially confusing as that registry key does not actually exist. I tried numerous things to resolve this and ultimately failed, so now I was stumped and thought I was going to have to either re-install windows or stump up Â£250 for Microsoft support. Then I wondered if I could get any free partner support through my Microsoft Action Pack Subscription (MAPS), and discovered these forums. Which surprisingly turned out to be very helpful as I got a reply from a Microsoft Tech who helped me resolve this issue.

As I had already tried everything they suggested, they decided it was in fact a permissions issue, somehow my registry permissions had got screwed, but thankfully they also have a fix for this.

How do I restore security settings to the default settings?

http://support.microsoft.com/Default.aspx?id=313222

After applying this fix I was finally able to re-install Office 2007.

This solutions above should help anyone on XP, Windows Vista, Windows 2003 or 2008 server, it can also be applied to other software you are getting similar errors with.

Recycle for charity

Sat, 11 Jul 2009 11:19:00 --0100

I recently discovered this site that recycles old mobile phones and printer cartridges and donates the money to a charity of your choice. Certainly a very worthwhile cause and a great way to get rid of your old phones and cartridges and do a good deed instead of throwing them in the bin.

They have also decided how beneficial it would be to offer people their own personal recycling sign up page and have created the intelligent link. This means that any person visiting your site is able, quickly and easily, to sign up to donate their waste to your chosen cause!!

Start donating my waste!

Start collecting our waste!

I want to donate my empty inkjets and old mobile phones to a charity, school, club,or community group of my choice

Our charity, school, club, or community group would like to raise funds by starting an inkjet and old mobile collection scheme

Windows Live Writer overwrites images

Thu, 02 Jul 2009 12:27:00 --0100

I have just noticed a very annoying bug in Live Writer, thus why you have have received multiple copies of my last posts. After I had posted those last 2 articles, I noticed they both had the same images, even though they clearly didn't when I posted them. It seems that if you paste in an image from the clipboard Live Writer will name it image.png by default and the thumbnail will be image_thumb.png, it will not create a unique filename, thus will simply overwrite any existing images with the same name, thus messing up all your previous blog posts with images not to mention if you have multiple images in your current post, they will all end up as the same image.

I presume this bug must have been added to the latest release (2009) as I have not noticed it previously.

I have however found the following temporary fix on the Windows Live Writer Blog

Open HKCU\Software\Microsoft\Windows Live\Writer\Weblogs\{blog-id}\UserOptionOverrides\, where {blog-id} is a GUID. You will have several of these, but should be able to tell the right one by looking at the contents of the key.

Add a new String value with name â??fileUploadNameFormatâ?? (case matters!!) and the value e
{WindowsLiveWriter}/{PostTitle}/{Randomizer}/{AsciiFileName}

hopefully they will fix this annoying bug very soon.

The Uncomfortable Definition of an Infidel....

Mon, 13 Apr 2009 11:14:00 --0100

I received this today, supposedly written by John Harrison MBE. MIDSc, I understand this is actually quite old and loads of old balls, but I haven't seen it before and found it quite entertaining. For those politiical correctness nuts, try and see the humour in it instead of jumping to wild conclusions and spouting prejudice insults. Remember there are many relions in the world and none of them agree with each other, this just hilights the ironic humour in that.

Allah or the Lord Jesus Christ? The Muslim religion is by far the fastest growing religion in the UK .
Last month I attended my annual training session that's required for maintaining my prison security clearance. During the training session there was a presentation by three speakers representing the Roman Catholic, Protestant and Muslim faiths, who explained each of their beliefs.

I was particularly interested in what the Islamic Imam had to say. The Imam gave a great presentation of the basics of Islam, complete with a video.

After the presentations, time was provided for questions and answers.
When it was my turn, I directed my question to the Imam and asked:

'Please, correct me if I'm wrong, but I understand that most Imams and clerics of Islam have declared a holy jihad [Holy war] against the infidels of the world and, that by killing an infidel, (which is a command to all Muslims) they are assured of a place in heaven. If that's the case, can you give me the definition of an infidel?'

There was no disagreement with my statements and, without hesitation, he replied, 'Non-believers!'

I responded, 'So, let me make sure I have this straight. All followers of Allah have been commanded to kill everyone who is not of your faith so they can have a place in heaven. Is that correct?'

The expression on his face changed from one of authority and command to that of 'a little boy who had just been caught with his hand in the cookie jar.'
He sheepishly replied, 'Yes.'

I then stated, 'Well, I have a real problem trying to imagine Pope Benedict commanding all Catholics to kill those of your faith or Dr. Stanley ordering all Protestants to do the same in order to guarantee them a place in heaven!'
The Imam was speechless!

I continued, 'I also have a problem with being your 'friend' when you and your brother clerics are telling your followers to kill me! Let me ask you a question. Would you rather have your Allah, who tells you to kill me in order for you to go to heaven, or my Jesus who tells me to love you because I am going to heaven and He wants you to be there with me?'

You could have heard a pin drop as the Imam remained speechless.

Needless to say, the organizers and promoters of the 'Diversification' training seminar were not happy with this way of dealing with the Islamic Imam and exposing the truth about the Muslims' beliefs.

Within twenty years there will be enough Muslim voters in the U.K. to elect a government of their choice, complete with sharia law

I think everyone in the U.K. should be required to read this, but with the Liberal justice system, liberal media and political correctness madness, there is no way this will be widely publicised.

Windows Live Essentials fails to install

Tue, 31 Mar 2009 12:09:00 --0100

My Microsoft messenger popped up an alert yesterday telling me there was a new version and did I want to get it, so I clicked yes.

This time instead of just Messenger being updates I got this new "Windows Live Essentials" installer that wanted to update all my windows live products in one go, which I did find a little annoying, but I let it run its course anyway. At the end all of the updates to all products had failed, showing a message like the one below.

Microsoft Application Error Reporting - Programs were not installed because the program was cancelled. Error: 0X80004004

Now obviously I had not cancelled the install, so presumably one of the updates had failed causing the whole process to cancel, how daft is that Microsoft?

The first thing I did was Google the problem, and I found lots of people with this issue, but no solutions. In fact I saw several so called windows tech's even passing the buck on this one and just sending users to some useless windows live help page to get help that said nothing more than re-install your application.

So I ran the installer again and watched it, it got to the Windows Live Toolbar (WLT) and this is where it failed and rolled back the rest of the installation. If you actually look at the error messages on each component at the end of the failed install it does actually tell you which one failed, all the rest will just say they failed due to being cancelled.

So I thought I would just un-install the WLT, which would solve the problem, if only it were that simple. Every attempt I made to do so had no effect, no uninstaller appeared and nothing happened. A bit more Googling and I discovered that the WLT was linked to another program called â€œWindows Live Toolbar Favouritesâ€?, so I un-installed that first, which then allowed the WLT un-installer to run. But alas this didn't get me much further as the un-installer now wanted me to insert my "Windows Live Toolbar Disc" as it couldn't find the WLToolar.msi. Of course I had no such disc and this now presented another problem because thanks to this new Windows Live Essentials. it is no longer possible to download the individual installers, so where was I going to get this wltoolbar.msi?.

I was not able to get the MSI, but I was able to get the updater component from the windows update site which contains the msi, you can download it <<HERE>>.

To extract the MSI file you will need a Resource Editor. I used ResHack for this.
Open the EXE file that you downloaded in the resource editor
Select the 0 in the MSI tree section then select Action->Save Resource as a binary file and save as wltoolbar.msi
Now you have the MSI which you can run

If You now go to add/remove programs and uninstall the WLT, when it asks you to insert the media, just browse to your new wltoolbar.msi and it should now successfully uninstall.

This same method should work with any of the other Live components if they are the cause of the problem. Try to uninstall them first, if you are unable to uninstall due to the same issue I had above, then download the exe from windows update and perform the above procedure to get the msi.

Here are direct links for all the windows live components

Sign-in Assistant (4.200.520.1)

Windows Live Mail (12.0.1606.1023)

Windows Live Messenger (8.5.1302.1018)

Windows Live Toolbar (03.01.0146)

Windows Live Photo Gallery (12.0.1308.1023)

Windows Live Writer (12.0.1366.1026)

Windows Live OneCare Family Safety (2.0.5817.2)

Windows Live Writer Update (12.0.1367.1128)

Who's the Daddy?

Thu, 19 Feb 2009 19:03:00 --0100

Me it seems, for the 3rd time. Yes on January 5th 2009 my wife gave birth to our 3rd child, a girl this time who we have named "Teyla Rayne". She popped out even faster than our 2 boys, both of whom only took around 2 hours, but Teyla couldn't even wait for me to get to the hospital, just as I arrived I heard a big grunt from my wife and it was over. She was 4 weeks early and was a tiny thing only weighing 5lbs.

Now you are probably wondering why I wasn't with her at the hospital in the first place, well aside from the fact I have 2 small boys that would have made it rather impossible to be there for the birth anyway, as sods law would have it we were actually down in Somerset at my sisters wedding at the time and the baby was not actually due for another 4 weeks anyway. Thankfully it was the day after the wedding, so we didn't ruin it, but we were however in the middle of no-where, 200 miles from home, no birthing bag and no more clothes as we were only supposed to be there for 2 days. The hospital she was taken to "Musgrove Park Hospital" in Taunton was an absolute nightmare, they didn't give my wife anything to eat or drink until she begged, didn't give her a change of clothes or anything to wash with after the birth or bother to tell her there was a bathroom she could have used, so all in all a bit of a farse and not a pleasant experience for her, especially considering we were planning to have another home birth.

Anyway baby is doing well and growing rapidly, her brothers seem to like her and haven't tried to torture her or feed her sweets and crisps yet, so it's going well :-) Of course the already limited amount of sleep we get with a 2 and 4 year old who wont go to bed and yet still get up at 6am has now been decreased further, but all in all she is actually a very quiet baby.

I have also finally had to accept that working from home is just not going to work any more, it had become hard enough with 2 kids, but with 3 no chance, so I have got myself a proper office and will finally be getting some peace and quiet during the day, yippee.

Firefox tops list of 12 most vulnerable windows apps

Tue, 16 Dec 2008 17:05:00 --0100

Mozilla's Firefox browser has earned the undesirable title of the most vulnerable software program running on the Windows platform. Something that will probably dismay most web developers, as it is the browser of choice for most of them due to its superior debugging capabilities. I would imagine this is also a shock to most of you Internet Explorer haters as well, especially as IE is not even on the list.

According to application white-listing vendor Bit9, Firefox topped the list of 12 widely deployed desktop applications that suffered through critical security vulnerabilities in 2008. These flaws exposed millions of Windows users to remote code execution attacks.

The other applications on the list are all well-known and range from browsers to media players, to VOIP chat and anti-virus software programs. Hereâ€™s Bit9â€™s dirty dozen:

Mozilla Firefox: In 2008, Mozilla patched 10 vulnerabilities that could be used by remote attackers to execute arbitrary code via buffer overflow, malformed URI links, documents, JavaScript and third party tools.
Adobe Flash and Adobe Acrobat: Bit9 listed 14 flaws patched this year that exposed desktops of arbitrary remote code execution via buffer overflow,â€œinput validation issuesâ€? and malformed parameters.
EMC VMware Player,Workstation and other products: A total of 10 bugs introduced risks ranging from privilege escalation via directory traversal, ActiveX buffer overflows leading to arbitrary code execution and denial of service.
Sun Java JDK and JRE, Sun Java Runtime Environment (JRE):
Inability to prevent execution of applets on older JRE release could allow remote attackers to exploit vulnerabilities of these older releases. Buffer overflows allowing creation, deletion and execution of arbitrary files via untrusted applications. 10 patched vulnerabilities listed.
Apple QuickTime, Safari and iTunes: In QuickTime, the list includes nine vulnerabilities that allow remote attackers to execute arbitrary code via buffer overflow, or cause a denial of service (heap corruption and application crash) involving malformed media files, media links and third party codecs. The Safari for Windows browser was haunted by three flaws that could be lead to arbitrary code execution and denial of service involving JavaScript arrays that trigger memory corruption. Appleâ€™s iTunes software was susceptible to a remote improper update verification that allowed man-in-the-middle attacks to execute arbitrary code via a Trojan horse update.
Symantec Norton products (all flavors 2006 to 2008): Stack-based buffer overflow in the AutoFix Support Tool ActiveX exposed Windows users to arbitrary code execution.
Trend Micro OfficeScan: A total of four stack-based buffer overflows that opened doors for remote attackers to execute arbitrary code.
Citrix Products: Privilege escalation in DNE via specially crafted interface requests affects Cisco VPN Client, Blue Coat WinProxy, SafeNet SoftRemote and HighAssurance Remote. Search path vulnerability, and buffer overflow lead to arbitrary code execution.
Aurigma Image Uploader, Lycos FileUploader: Remote attackers can perform remote code execution via long extended image information.
Skype: Improper check of dangerous extensions allows user-assisted remote attackers to bypass warning dialogs.Cross-zone scripting vulnerability allows remote attackers to inject script via Internet Explorer web control.
Yahoo Assistant: Remote attackers can execute arbitrary code via memory corruption.
Microsoft Windows Live (MSN) Messenger: Remote attackers are allowed to control the Messenger application, â€œchange state,â€? obtain contact information and establish audio or video connections without notification.

See Bit9â€™s full report (.pdf) for information on how the list was put together, including criteria for inclusion.