Your right I think, it is my understanding that using GPL code for inhouse tools without releasing source is acceptable, but using GPL base code as part of a project sold to a customer is where the problems start.
Could people continue using the existing version, if it actually fits the bill better than the newer, possibly incompatible version?
Or would compatibility be required, and infact, all projects listed under the existing versions will be automatically updated?
If there are incompatibilities with the spec, will dual licensing with old/new GPL be acceptible, especially since not all original developers could be contacted to get permission?
The NASP is still in pre-production, and will be ready soon. Right now, if you purchase a flying car, you get a voucher for a ticket on one of them, and also a preview beta version of Duke Nukem as well:)
I routinely install computers of many many people who use computers daily.
I'm not talking about some complicated gentoo compilation, I'm talking generic windows xp.
For most people, installing an OS is equivilent to stripping and rebuilding a car engine, most folks get the OS with their computer, and need hand holding by dell support or whoever to use the recovery cd.
As long as the installation is logical, then it passes my tests.
The MS Office open XML file format consists of an XML branch, followed by an Office branch. Unfortunately, due to the complexities of parsing this branch, it should be passed directly as a parameter into our improved Office ActiveX object. We are currently developing an addin for firefox as well.
Thank you for looking at this documentation, that will be all.
thx:) Looks like I'm going down the SSH route, or may just completely remove all remote access and use the nice 256MB usb stick I picked up. However, using a memory key isn't best, because theres always that one file you left at home that you absolutely need.
The need for vnc and usefulness it brings has up until now outweighed the danger of being rooted.
I didn't see my machine as insecure, I was using the maximum built in security I could use (complex password, abnormal port and firewall). Its similar to buying a house, the locks are normally pretty secure to all but the most determined attacker.
My system was locked down enough, and I wouldn't be sat here discussing this if I had re-removed the root account from mysql, which I had reactivated recently to show how insecure it would be...
The difference here is that in the old web and ftp server days, it took actual detective work to track the l33t crackers and distributors, most of the files were stored in chunks on innocent public ftp servers, or transfered using sneaker net.
Nowadays, with BT especially, the user walks right into the trap and connects directly to the RIAA controlled machine to download a chunk of the latest blockbuster.
I would gladly give up my monthly cable subscription and replace it with a monthly media download charge.
I only watch a few shows, and all of them are available on the tv downstairs at some point during the month. However, with 2 kids around and unfortunate scheduling by the cable company, I cannot sit down and watch when I feel comfortable. I also do not like vhs recording, and do not have the inclination to purchase a dvr at this time.
I assume that I am compromised every time I sit at a machine.
Granted, I couldn't check everything, but I have a very good feel for my machine and the timings of things. I always assume things are worse than they actually are, some would say paranoid...
I'm comfortable with the applications running on my machine, steer clear of novelty items, and generally run a tight ship. If I have been rooted without my knowledge, then I dread to think how others cope. Remember, I identified and removed this within a couple of minutes of returning to my machine, noone was there to hold my hand and talk me through it, I saw that "something" was wrong and dealt with it. If I have been rooted previously without my knowledge, then so have a LOT of other very intelligent people.
For the future, I have removed ALL remote access from mysql, and won't be re-enabling it again. When I return to work on monday, I will setup a local install of mysql for testing.
There was never a real need for it, it was simply convenience rather than necessity.
However, I *do* have a vnc port wide open, and whilst today there isn't an exploit, there may be tomorrow. I guess I should setup the SSH tunnel for that as well.
The biggest bitch about this is that I had discussed all this with my boss a few weeks ago, and had the live machine locked down correctly (not our server, but noticed it was wide open). I think it was when I was explaining the problem to my boss that I re-enabled root access (as at the time the live server had) to show him how exploitable it was...
It sux to talk about it like this, especially considering I normally think in very logical secure steps. I've never been rooted before, and feel violated.
If I locked the port down, I couldn't connect to it...
I have 2 ports open for remote access, and both were supposedly locked with complex passwords (mysql and vnc) It was running as a dev server for access from work. The work account is a dynamic IP, so I couldn't lock access directly to that one ip. I had removed the root account from remote access, but must have restored it. Look at my other comments in this article for extra info.
I already know I cocked up, and my sig is very appropriate.
I was exposed to 30minutes before detecting it and locking it out, many others are still active.
I had *thought* I had removed root@% account. I had granted remote privs to one single user with a lengthy password. Obviously my sig is useful today. *hangs head in shame*
Windows DOES have a firewall, I have everything locked down, and only 2 remote ports exist. One is for VNC, and the other is for the mysql test server.
Both were protected by strong passwords, and I thought I had done everything possible to prevent these kind of intrusions.
I connect remotely from a dynamic adsl line with varying IPs, so cannot tie the connection to a specific remote IP, the best I could do is lock it to my works' ISP range, and even then there are thousands of possible computers able to exploit it.
I see the rights escalation as a problem with windows, but the initial exploit is not microsofts fault.
My test server was compromised at 18:50 yesterday. When I got back to my machine at 19:20, I cleaned it down and found out what was happening.
All firewall logs etc and have archived the executable and dll files dropped.
One into the mysql data folder (app_result.dll), and the executable spoolcll.exe was dropped into windows. Only now that I've gone into the archive folder has Norton picked it up and archived it (it had shutdown/ran the QConsole.exe NAV application to ensure Norton didn't find it, or it just wasn't in the definitions yesterday). Its been detected as a href='http://securityresponse.symantec.com/avcente r/venc/data/w32.spybot.worm.html'>w32.Spybot.worm.
Not much point in upstream if no servers are allowed. NTL cable are just in the process of boosting download speeds for their cable, taking people upto 3mbit. However, theres no mention of a change from the current 128k upload limit.
Slashdot Mirror
Your right I think, it is my understanding that using GPL code for inhouse tools without releasing source is acceptable, but using GPL base code as part of a project sold to a customer is where the problems start.
no it doesnt....
GPL = General Public License (GNU)
and
GNU = Gnu's Not Unix
Could people continue using the existing version, if it actually fits the bill better than the newer, possibly incompatible version?
Or would compatibility be required, and infact, all projects listed under the existing versions will be automatically updated?
If there are incompatibilities with the spec, will dual licensing with old/new GPL be acceptible, especially since not all original developers could be contacted to get permission?
*head explodes*
The NASP is still in pre-production, and will be ready soon. :)
Right now, if you purchase a flying car, you get a voucher for a ticket on one of them, and also a preview beta version of Duke Nukem as well
I routinely install computers of many many people who use computers daily.
I'm not talking about some complicated gentoo compilation, I'm talking generic windows xp.
For most people, installing an OS is equivilent to stripping and rebuilding a car engine, most folks get the OS with their computer, and need hand holding by dell support or whoever to use the recovery cd.
As long as the installation is logical, then it passes my tests.
Search in both "fonew"
MSN: * Were you looking for fone
Google: Did you mean: phone
so, it does have corrective facilities, but google works better.
Now, the ultimate, searching for "par hiltn"
MSN: * Were you looking for par hilton
Google: Did you mean: paris hilton
Mind you, google does have a special affinity with the woman, so we will let them off.
I just did a search for
:)
ShellExecute microsoft
and a number of variations, and on the MS search, I didn't get any MS sites in the top few entries.
the same search in google brings up the correct msdn documentation as #1
Still unsure of the quality of other searches, but competition is good
<office>??????????????</office>
</xml>
The MS Office open XML file format consists of an XML branch, followed by an Office branch.
Unfortunately, due to the complexities of parsing this branch, it should be passed directly as a parameter into our improved Office ActiveX object.
We are currently developing an addin for firefox as well.
Thank you for looking at this documentation, that will be all.
Hello sir,
do you have problems at the worst times? if so press 1 to buy viagra, press 2 to for all other ailments
</steven_hawking>
Isn't this the same kind of concept as freenet.
Except because its audio it doesn't have the stigma.
Somebody could be using your computer bandwidth to plot a crime.
thx :)
Looks like I'm going down the SSH route, or may just completely remove all remote access and use the nice 256MB usb stick I picked up.
However, using a memory key isn't best, because theres always that one file you left at home that you absolutely need.
The need for vnc and usefulness it brings has up until now outweighed the danger of being rooted.
I didn't see my machine as insecure, I was using the maximum built in security I could use (complex password, abnormal port and firewall). Its similar to buying a house, the locks are normally pretty secure to all but the most determined attacker.
My system was locked down enough, and I wouldn't be sat here discussing this if I had re-removed the root account from mysql, which I had reactivated recently to show how insecure it would be...
In other news, Linksys employees were seen dancing in the streets.
The difference here is that in the old web and ftp server days, it took actual detective work to track the l33t crackers and distributors, most of the files were stored in chunks on innocent public ftp servers, or transfered using sneaker net.
Nowadays, with BT especially, the user walks right into the trap and connects directly to the RIAA controlled machine to download a chunk of the latest blockbuster.
I think I'll buy a winnebago.
Thats good for NTL customers then.
we only have 128k upstream.
I don't think anyone has managed to upload a whole movie from a single user.
I wholeheartedly agree.
I would gladly give up my monthly cable subscription and replace it with a monthly media download charge.
I only watch a few shows, and all of them are available on the tv downstairs at some point during the month. However, with 2 kids around and unfortunate scheduling by the cable company, I cannot sit down and watch when I feel comfortable.
I also do not like vhs recording, and do not have the inclination to purchase a dvr at this time.
I assume that I am compromised every time I sit at a machine.
Granted, I couldn't check everything, but I have a very good feel for my machine and the timings of things. I always assume things are worse than they actually are, some would say paranoid...
I'm comfortable with the applications running on my machine, steer clear of novelty items, and generally run a tight ship. If I have been rooted without my knowledge, then I dread to think how others cope.
Remember, I identified and removed this within a couple of minutes of returning to my machine, noone was there to hold my hand and talk me through it, I saw that "something" was wrong and dealt with it.
If I have been rooted previously without my knowledge, then so have a LOT of other very intelligent people.
For the future, I have removed ALL remote access from mysql, and won't be re-enabling it again.
When I return to work on monday, I will setup a local install of mysql for testing.
There was never a real need for it, it was simply convenience rather than necessity.
However, I *do* have a vnc port wide open, and whilst today there isn't an exploit, there may be tomorrow.
I guess I should setup the SSH tunnel for that as well.
The biggest bitch about this is that I had discussed all this with my boss a few weeks ago, and had the live machine locked down correctly (not our server, but noticed it was wide open). I think it was when I was explaining the problem to my boss that I re-enabled root access (as at the time the live server had) to show him how exploitable it was...
It sux to talk about it like this, especially considering I normally think in very logical secure steps. I've never been rooted before, and feel violated.
If I locked the port down, I couldn't connect to it...
I have 2 ports open for remote access, and both were supposedly locked with complex passwords (mysql and vnc)
It was running as a dev server for access from work. The work account is a dynamic IP, so I couldn't lock access directly to that one ip.
I had removed the root account from remote access, but must have restored it.
Look at my other comments in this article for extra info.
I already know I cocked up, and my sig is very appropriate.
I was exposed to 30minutes before detecting it and locking it out, many others are still active.
I had *thought* I had removed root@% account.
I had granted remote privs to one single user with a lengthy password.
Obviously my sig is useful today.
*hangs head in shame*
Windows DOES have a firewall, I have everything locked down, and only 2 remote ports exist.
One is for VNC, and the other is for the mysql test server.
Both were protected by strong passwords, and I thought I had done everything possible to prevent these kind of intrusions.
I connect remotely from a dynamic adsl line with varying IPs, so cannot tie the connection to a specific remote IP, the best I could do is lock it to my works' ISP range, and even then there are thousands of possible computers able to exploit it.
I see the rights escalation as a problem with windows, but the initial exploit is not microsofts fault.
My test server was compromised at 18:50 yesterday.
e r/venc/data/w32.spybot.worm.html'>w32.Spybot.worm.
When I got back to my machine at 19:20, I cleaned it down and found out what was happening.
All firewall logs etc and have archived the executable and dll files dropped.
One into the mysql data folder (app_result.dll), and the executable spoolcll.exe was dropped into windows.
Only now that I've gone into the archive folder has Norton picked it up and archived it (it had shutdown/ran the QConsole.exe NAV application to ensure Norton didn't find it, or it just wasn't in the definitions yesterday).
Its been detected as a href='http://securityresponse.symantec.com/avcent
To start, press the any key.
Homer: "urg wheres the any key"
I think goatse must be deaf.
He misheard his calling as elastic.
Could we not just have the front page update delayed for 10seconds to completely avoid this additional server load when a new story is posted?
Not much point in upstream if no servers are allowed.
:(
NTL cable are just in the process of boosting download speeds for their cable, taking people upto 3mbit.
However, theres no mention of a change from the current 128k upload limit.
sux 2 leech