When I developed our free mud client, I had wanted to retain full ownership of the software, but allow the source code to be downloaded. I have used Linux for 7 years and was familiar with GPL software, but never looked much into it. After discussing it with other developer, GPL is the license I ended up going with. It gives the end user the ability to modify the source code to their liking and requires them to make public any upgrades.
The only dislike I had with the GPL was that anyone using my software could do so for a fee. In the end though, I figured if they develop it and create features that charge fee's, I would get a copy of the source and create the same features and not charge a fee =)
For those gamers that enjoy the old online text games, I have a java telnet mud client with a packaged proxy server. The proxy server was developed with a focus on the client, but supports a robust area of features.
Initially I was against using IPv6 for the service, yet the developer whom created the proxy for my java applet was using IPv6.
I believe we will begin seeing more IPv6 support throughout the internet. Currently it is still considered a geeks toy, but as more software is released with IPv6 support, it will become common programming practice.
Take a look at this proxy program that is packaged with a java mud applet client for websites at: http://www.mudmagic.com/java-client/
It isn't as supported as Apache, yet has been extensively tested on a high-profile server, and offers: port assignment, set-uid, logging, access control list, daemonizing, and a few other snazzy features.
I'd use it on occassion myself. When looking for a specific type of linux software, or rumaging around for a tidbit of information; the first thing I look at on google are the ads to the right. Being an Ad-Keyword runner myself, I see that the results for keyword placement are pretty good in respect to the search terms.
I appreciate that the plugin developer is operating it in "test" mode though. It gives more credit to the authors intent for the plugin. ( Hopefully his plugin isn't opensource, or we'll be seeing a few spinoffs that arn't against making a dollar )
Has anyone earned anything more than a few bucks on running these ads anycase? I ran them on a few websites in an attempt to compensate for my own ad-keywords campaign. After a few weeks, I gave it up as a lost cause. There were too many of my competitors I was advertising for ( and Google didn't see the merit in my idea to block by 'category' opposed to URL;)
Just to make a quick clarification. I fully understand your issue with "spending countless hours" developing a site, yet not focusing on security concerns. For those whom do not focus on security, their sites will eventually reflect the lack of security concern through any number of common worms, viruses, or just those UBER hacker sites out there. The point of the statement was not to refer that an individual is spending countless hours on code, and none on security. The point of the statment is the individual has spent countless hours on code work (period). Wether they have implemented a good security, or not is fully irrelevant, and should not in any way detract from the fact that the individual put their own time and effort into a project.
I certainly am not one for the "lets all get along" aproach. Yet I do uphold the "do unto others as you would have them do unto you". The focus on 'spending hours on code' and none on security is a parallel which you drew out yourself. This was not the intention or direction of that statement. =)
Re:PHP is as secure as you make it
on
PHP and SQL Security
·
· Score: 2, Insightful
There is a responsible aproach, and an irresponsable aproach. The responsible thing to do is if you are reviewing code, or a website and locate a falacy which could be considered a security concern; you notify the individual or group.
What this site is promoting is the Defacement of a website. They further go to provide script security tips which have no relevance in any way to good program practices. Quite frankly, I am suprised this topic made it to/. It apears to be nothing more than an advertisement for a poorly designed and thought out website.
PHP is as secure as you make it
on
PHP and SQL Security
·
· Score: 4, Insightful
Your scripts are only as secured as you make them. What this "UBERHACK" website is simply doing is sending a flock of young script junkies out to locate sites which have not implemented a good code structure.
PHP documentation clearly states the pitfalls of using variables in a global scope. It is for this reason that PHP changed its GLOBAL array structure to read $_POST and $_GET methods, as well as default setting register_globals to off.
I find it a poor use of a developers time to attempt to see whose site they can deface. It is imoral and shows a lack of respect for those whom put countless hours into their site development.
I would challenge "UBERHACKER" to spend more time developing their website which is showing to be in poor syntatical use of HTML, slow loading and poor in URL design. Why run a php scritp in a/cgi-bin/ do you feel more secure by doing so? The ScriptAlias which you most probably have set for this directory will in no way prevent malicious intent from remote connections if your php is not properly configured for base_directories, register_globals, and safe_mode.
http://uberhacker.com/cgi-bin/index.php?page=fla b Pick up any book on programming and learn proper developmental tactics ( Throw / Catch ) before promoting the attack of others because your 'Uber' site thinks it can't be Hax0r3d.
What's even more concerning is that the exploit affects such an older version of Internet Explorer. This would indicate that the developers have their eyes focused forwards, and do not take into account backwards compatibility or security concerns. MS incorporates their "stuff" too much into their OS to not take into account how it would affect older systems. While you can't even find downloads for Windows 95 or 3.1 these days, I don't doubt that there's an old Win95 box browsing the internet somewhere right now with its 28 baud modem., and most certainly running an IE 5 version.
It was only 15% of the source code which leaked out, yet it will show MS in the weeks to come just how the Open Source community operates. I forsee them working over time to provide updates to the numerious vulnerabilities which will arise due to the leaked code. This here is just one example. There were some what, 3 million lines of code in the leaked source. It is just a matter of time. Hopefully folks will report the vulnerabilities which they find, opposed to exploiting them.
SUN knows exactly what cards they hold in their deck. While the letter does point out that SUN has much to gain, it is filled with nothing more than well wishing and potential profits. SUN already owns the source, and it will take more than a "if we work togeather as friends" to get them to assist in the continued expansion of the Open Source community.
The cards are all in their deck. Open Source needs to provide something more profitable than a "cant we all get along" letter.
Have you looked at online text games? A small site which I have developed over the years focuses on these types of games. I met my wife on one of these games in fact. =)
http://www.mudmagic.com
Online Text Games allows for couples to play a game with basic telnet usage, or they can use a mud client. There are no graphics involved, therefore you needn't have a high speed video card or sound card to play. You don't need to download any special software, or create website only accounts, or even pay for the connection. The only thing you need is an interenet connection. All major OS' come with telnet as a standard feature.
You can telnet into a game and create you an online character. You can even choose your own theme to play. Everything from Harry Potter focused to DBZ, to standard D&D. Online text games have advanced in leaps and bounds over the years, and to this day continue to be a meeting ground for me and my wife when I am deployed.
Check them out. You may just become addicted to them. =) You can try any MUD in our database out by pulling down the PLAY A GAME NOW at the top right of the site and using our java connection client.
I host a domain name which has been rumpled for the past 3 years. I developed a script to detect open relays and block them. This list is currently 25,000+ entries in my fire wall. They don't need to send out emails, just ask for a list of open relays from host providers. Just a basic website with a frontend to a database storage would suffice. This would allow host providers to input lists of open relays which can be verified by automated scripts.
I recently wrote a paper Located Here in regards to this subject. Recording artists would embrace MP3 technology ( in my paper I give a few names whom did just that); yet it is not the artist whom makes the decisions and is against MP3's. It is the recording labels, whom have the music artists over a kettle.
Kyndig
Well someone definately had their thinking cap on when they developed this idea. It'd be interesting to see if Nintendo can port that technology to their current systems sold here in the US. Being able to download a video game onto a blank cartridge for playing might just get me back into gaming. The pricing for the games are outstanding, I'd definately pay $6.00 for a game. These current prices of $40.00+ for just one game though is a definate turn off.
A news post I read recently in regards to this best summed it up: SCO is stating BSD, Linux and IBM are using its code. BSD is just recently been targeted, Linux is saying bring it on, and IBM wants to know what the heck SCO is talking about.
Which brings me to my next point: "Don't smoke crack"
That link is no longer on the site. I'm currently writing a paper on RIAA actions against the MP3 technology. This would be another good tickmark in my paper; showing RIAA's over zelousness in attacking computer technology.
I have reviewed several logs of IRC chat rooms, and have not yet seen a good log format. Reading something like:
klax: So what'd you eat for dinner bryan: Does anyone know how to recompile a kernel? ray: I had french fries and a beer
Provides little to no format. Google currently cache's PDF files in their cache; and should your search term return a pdf file, all your keywords are highlighted. I would imagine that google would use this same approach for their log format system, yet even this does not provide a friendly browsable view. I don't have any recomendation for a proper format, as I have not seen any good formated logs.
I'm not a Net Nazi myself, but when I get more spam mail, then I do regular email..I tend to get abit ticked. The malicious ways spammers send
email to those not subscribed to their lists doesn't do my judgment of them much good either. By taking off 5 kiddie pornsites, do you really
think you will stop them? C'mon now, get realistic. Every day there is some geek sitting behind a box wondering what to do with his l33t cable or DSL line. One click to allthumbs and a spider run later, he has a porno site.
I will say however, that it should be at the end user disgression, rather
than the ISP being forced to put a crimp on things, let the end user put
all them nifty difty Nortan utilities and other "firewalls" for windoze to
use.
If we're going to start attacking ISP's, let's start with the ones that
are doing _nothing_ about net abuse *cough wanado.fr cough..ftp
scripties*.
BBS led the way in online community gaming IMHO. I'm not a follower of Talkers, but I have been an avid MUD addict for shortly over 7 years. MUD first arose
back in 1979. Mud games promote online interaction through a text interface. Now adays, you have client software which makes the playing more enjoyable.Today's MMORPGs such as Everquest offer but a brief glimpse of the imagination and interaction that occurs on your standard text interactive games.
A prior commentor was abit upset, stating that they had 14 years addiction to BBS, this is the same for the text game community. I do not forsee the online text interaction such as BBS, Talkers, Muds and now IRC becoming a thing of the past. When you put your own imagination, against that of a group of developers and artists, your imagination will win every time.
Slashdot Mirror
When I developed our free mud client, I had wanted to retain full ownership of the software, but allow the source code to be downloaded. I have used Linux for 7 years and was familiar with GPL software, but never looked much into it. After discussing it with other developer, GPL is the license I ended up going with. It gives the end user the ability to modify the source code to their liking and requires them to make public any upgrades.
The only dislike I had with the GPL was that anyone using my software could do so for a fee. In the end though, I figured if they develop it and create features that charge fee's, I would get a copy of the source and create the same features and not charge a fee =)
For those gamers that enjoy the old online text games, I have a java telnet mud client with a packaged proxy server. The proxy server was developed with a focus on the client, but supports a robust area of features.
Initially I was against using IPv6 for the service, yet the developer whom created the proxy for my java applet was using IPv6.
I believe we will begin seeing more IPv6 support throughout the internet. Currently it is still considered a geeks toy, but as more software is released with IPv6 support, it will become common programming practice.
Take a look at this proxy program that is packaged with a java mud applet client for websites at:
http://www.mudmagic.com/java-client/
It isn't as supported as Apache, yet has been extensively tested on a high-profile server, and offers: port assignment, set-uid, logging, access control list, daemonizing, and a few other snazzy features.
I'd use it on occassion myself. When looking for a specific type of linux software, or rumaging around for a tidbit of information; the first thing I look at on google are the ads to the right. Being an Ad-Keyword runner myself, I see that the results for keyword placement are pretty good in respect to the search terms.
;)
I appreciate that the plugin developer is operating it in "test" mode though. It gives more credit to the authors intent for the plugin. ( Hopefully his plugin isn't opensource, or we'll be seeing a few spinoffs that arn't against making a dollar )
Has anyone earned anything more than a few bucks on running these ads anycase? I ran them on a few websites in an attempt to compensate for my own ad-keywords campaign. After a few weeks, I gave it up as a lost cause. There were too many of my competitors I was advertising for ( and Google didn't see the merit in my idea to block by 'category' opposed to URL
Just to make a quick clarification. I fully understand your issue with "spending countless hours" developing a site, yet not focusing on security concerns. For those whom do not focus on security, their sites will eventually reflect the lack of security concern through any number of common worms, viruses, or just those UBER hacker sites out there. The point of the statement was not to refer that an individual is spending countless hours on code, and none on security. The point of the statment is the individual has spent countless hours on code work (period). Wether they have implemented a good security, or not is fully irrelevant, and should not in any way detract from the fact that the individual put their own time and effort into a project.
I certainly am not one for the "lets all get along" aproach. Yet I do uphold the "do unto others as you would have them do unto you". The focus on 'spending hours on code' and none on security is a parallel which you drew out yourself. This was not the intention or direction of that statement. =)
There is a responsible aproach, and an irresponsable aproach. The responsible thing to do is if you are reviewing code, or a website and locate a falacy which could be considered a security concern; you notify the individual or group.
/. It apears to be nothing more than an advertisement for a poorly designed and thought out website.
What this site is promoting is the Defacement of a website. They further go to provide script security tips which have no relevance in any way to good program practices. Quite frankly, I am suprised this topic made it to
Your scripts are only as secured as you make them. What this "UBERHACK" website is simply doing is sending a flock of young script junkies out to locate sites which have not implemented a good code structure.
/cgi-bin/ do you feel more secure by doing so? The ScriptAlias which you most probably have set for this directory will in no way prevent malicious intent from remote connections if your php is not properly configured for base_directories, register_globals, and safe_mode.
a b
PHP documentation clearly states the pitfalls of using variables in a global scope. It is for this reason that PHP changed its GLOBAL array structure to read $_POST and $_GET methods, as well as default setting register_globals to off.
I find it a poor use of a developers time to attempt to see whose site they can deface. It is imoral and shows a lack of respect for those whom put countless hours into their site development.
I would challenge "UBERHACKER" to spend more time developing their website which is showing to be in poor syntatical use of HTML, slow loading and poor in URL design. Why run a php scritp in a
http://uberhacker.com/cgi-bin/index.php?page=fl
Pick up any book on programming and learn proper developmental tactics ( Throw / Catch ) before promoting the attack of others because your 'Uber' site thinks it can't be Hax0r3d.
End Rant.
What's even more concerning is that the exploit affects such an older version of Internet Explorer. This would indicate that the developers have their eyes focused forwards, and do not take into account backwards compatibility or security concerns. MS incorporates their "stuff" too much into their OS to not take into account how it would affect older systems. While you can't even find downloads for Windows 95 or 3.1 these days, I don't doubt that there's an old Win95 box browsing the internet somewhere right now with its 28 baud modem., and most certainly running an IE 5 version.
It was only 15% of the source code which leaked out, yet it will show MS in the weeks to come just how the Open Source community operates. I forsee them working over time to provide updates to the numerious vulnerabilities which will arise due to the leaked code. This here is just one example. There were some what, 3 million lines of code in the leaked source. It is just a matter of time. Hopefully folks will report the vulnerabilities which they find, opposed to exploiting them.
SUN knows exactly what cards they hold in their deck. While the letter does point out that SUN has much to gain, it is filled with nothing more than well wishing and potential profits. SUN already owns the source, and it will take more than a "if we work togeather as friends" to get them to assist in the continued expansion of the Open Source community.
The cards are all in their deck. Open Source needs to provide something more profitable than a "cant we all get along" letter.
Money talks...
Have you looked at online text games? A small site which I have developed over the years focuses on these types of games. I met my wife on one of these games in fact. =) http://www.mudmagic.com
Online Text Games allows for couples to play a game with basic telnet usage, or they can use a mud client. There are no graphics involved, therefore you needn't have a high speed video card or sound card to play. You don't need to download any special software, or create website only accounts, or even pay for the connection. The only thing you need is an interenet connection. All major OS' come with telnet as a standard feature.
You can telnet into a game and create you an online character. You can even choose your own theme to play. Everything from Harry Potter focused to DBZ, to standard D&D. Online text games have advanced in leaps and bounds over the years, and to this day continue to be a meeting ground for me and my wife when I am deployed.
Check them out. You may just become addicted to them. =) You can try any MUD in our database out by pulling down the PLAY A GAME NOW at the top right of the site and using our java connection client.
I host a domain name which has been rumpled for the past 3 years. I developed a script to detect open relays and block them. This list is currently 25,000+ entries in my fire wall. They don't need to send out emails, just ask for a list of open relays from host providers. Just a basic website with a frontend to a database storage would suffice. This would allow host providers to input lists of open relays which can be verified by automated scripts.
I recently wrote a paper Located Here in regards to this subject. Recording artists would embrace MP3 technology ( in my paper I give a few names whom did just that); yet it is not the artist whom makes the decisions and is against MP3's. It is the recording labels, whom have the music artists over a kettle. Kyndig
What a great day to be an American
;)
Rock of the Marne! ( Now we'll never live this one down from 4th ID
Charlie's on the warpath Hoo Ha hah
-Marne Soldier from Operation Iraqi Freedom
Well someone definately had their thinking cap on when they developed this idea. It'd be interesting to see if Nintendo can port that technology to their current systems sold here in the US. Being able to download a video game onto a blank cartridge for playing might just get me back into gaming. The pricing for the games are outstanding, I'd definately pay $6.00 for a game. These current prices of $40.00+ for just one game though is a definate turn off.
A news post I read recently in regards to this best summed it up: SCO is stating BSD, Linux and IBM are using its code. BSD is just recently been targeted, Linux is saying bring it on, and IBM wants to know what the heck SCO is talking about.
Which brings me to my next point:
"Don't smoke crack"
That link is no longer on the site. I'm currently writing a paper on RIAA actions against the MP3 technology. This would be another good tickmark in my paper; showing RIAA's over zelousness in attacking computer technology.
Kyndig
I have reviewed several logs of IRC chat rooms, and have not yet seen a good log format. Reading something like:
klax: So what'd you eat for dinner
bryan: Does anyone know how to recompile a kernel?
ray: I had french fries and a beer
Provides little to no format. Google currently cache's PDF files in their cache; and should your search term return a pdf file, all your keywords are highlighted. I would imagine that google would use this same approach for their log format system, yet even this does not provide a friendly browsable view. I don't have any recomendation for a proper format, as I have not seen any good formated logs.
I'm not a Net Nazi myself, but when I get more spam mail, then I do regular email..I tend to get abit ticked. The malicious ways spammers send email to those not subscribed to their lists doesn't do my judgment of them much good either. By taking off 5 kiddie pornsites, do you really think you will stop them? C'mon now, get realistic. Every day there is some geek sitting behind a box wondering what to do with his l33t cable or DSL line. One click to allthumbs and a spider run later, he has a porno site.
I will say however, that it should be at the end user disgression, rather than the ISP being forced to put a crimp on things, let the end user put all them nifty difty Nortan utilities and other "firewalls" for windoze to use.
If we're going to start attacking ISP's, let's start with the ones that are doing _nothing_ about net abuse *cough wanado.fr cough..ftp scripties*.
Leave it to generation Y2K to bring networking to a whole new level.
Nope, Wallace sounds like your usual geek to me. Alice is too 'real-world' to give the [coffee/mountain dew] paranoia appearance of your local gurus.
I'm akin to think the same thing. It's a farse, but they've already sold thousands. ..too bad it's written in chinese