Re: I've been 0wned!
The problem is not that this "feature" exists, the problem is that, when any parameters are passed to your code from the outside, they should be checked before they are used. And under NO circumstances should you use an externally passed parameter in an include statement. I don't know what you were running, but PHPNuke just plugged a large security hole because of this. Oh, and BTW, even apache doesn't have permission to write to most of my site :) Rich Cloutier SYSTEM SUPPORT SERVICES President, C*O www.sysupport.com - Original Message - From: "Joseph E. Mainusch" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, May 04, 2002 4:48 PM Subject: I've been 0wned! > How humiliating! > > My website is running php, which I discovered, much to my chagrin, installs by default with its directive "allow_url_fopen" set to "On". From the description in the php.ini file, this directive determines "Wheter to allow trating URLs like http:... or ftp:... like files". The script kiddy who got me apparantly used this security chasm (not just a hole) to execute arbitrary commands on my system, with apache's privileges, the end result of which was the replacement of my index.php file with his own. (http://www.mainusch.net/defaced.html). > > Why on earth would PHP ship with all of its security doors completely open?!?!? Arrrg! > > It appears this was all this particular kiddy was able to do, which was easy enough to fix. I tightened up security in general after this, but now I have that "oh no, I don't want to have to reinstall the whole system just to be on the safe-side" feeling again. > > -- > Joseph E. Mainusch > 43A East Ridge Road > Merrimack, NH 03054 > +1 (603) 560 6317 > > * > To unsubscribe from this list, send mail to [EMAIL PROTECTED] > with the text 'unsubscribe gnhlug' in the message body. > * > * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
RE: home construction/remodeling packages
There's this... it seems more in depth than those off the shelf programs
though, so it might not be what you're looking for. Maybe it'll be of
use.
http://www.cycas.de/
Ben
On Sat, 4 May 2002, Carl Helmers wrote:
> This does not answer your question re a Linux
> home modelling packgages, but what you want sounds
> like a product called "3D Architect, version 4.0
> which I purchased at Compusa in Nashua a couple of
> months ago and finally started using last week...
> (I run it on my Windoze 98 HP Pavillion box...)
>
> I, too would like to have a package with slightly
> more functionality than 3D-Architect v4.0 that
> I could run on my Linux boxes, but alas I have no
> such package in the Linux universe...
>
> ... Carl
>
>
> --=|=-
> Carl Helmers, President, Helmers Publishing, Inc.
>--< Publishers of
> Supply Chain Systems (formerly ID Systems)
> and
> Desktop Engineering
> magazines and related WWW pages >--
> (what else to do after starting the late lamented BYTE magazine?)
> {founder and owner, Sensors magazine, 1984-1999}
> [Favorite open source look and feel:
> Linux running Squeak on a big screen ]
>
> EMAIL: [EMAIL PROTECTED]
> WEB:www.deskeng.com
> www.scs-mag.com
> SNAILMAIL: 174 Concord Street, Peterborough, NH 03458
> PHONE: 603.924.9631-=- FAX: 603.924.7408
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> RESIDENCE: 468 Greenfield Road
>Peterborough, NH 03458
>603.924.9981
>E-MAIL: [EMAIL PROTECTED]
>WEB: www.helmers.com/carl [personal writings, etc.]
> (-|-)
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Sent: 5/4/02 3:53 PM
> Subject: home construction/remodeling packages
>
>
> Are there Linux software packages available
> to help with home construction/remodeling?
> Having never used such software I'm not even
> completely sure what I'm asking for, but I'd
> think such a package would at least (and I'm
> talking about something more than xfig) help
> you lay out a floorplan. Fancier ones might
> provide some CAD assistance, perhaps even
> allowing you to model the entire structure
> right down to the studs and wiring and maybe
> even generating a materials list for the
> project. A *really* cool package might even
> let you model the entire structure in 3D and
> allow you to move individual components on
> a what-if basis, etc, etc, etc...
>
>
> *
> To unsubscribe from this list, send mail to [EMAIL PROTECTED]
> with the text 'unsubscribe gnhlug' in the message body.
> *
>
> *
> To unsubscribe from this list, send mail to [EMAIL PROTECTED]
> with the text 'unsubscribe gnhlug' in the message body.
> *
>
--
"The gene pool could use a little chlorine."
*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*
Re: home construction/remodeling packages
On Sat, 2002-05-04 at 15:53, Michael O'Donnell wrote: > > Are there Linux software packages available > to help with home construction/remodeling? > Having never used such software I'm not even > completely sure what I'm asking for, but I'd > think such a package would at least (and I'm > talking about something more than xfig) help > you lay out a floorplan. Fancier ones might > provide some CAD assistance, Well, since you aren't sure what you're asking, I'm not really sure what to tell you. If you're looking for CAD software, there are several commercial products, the best of which is LinuxCAD. There is also VariCAD. If you are looking for something in the area of free, then there are several of those, too. Check out Freshmeat: http://freshmeat.net/search/?q=CAD§ion=projects . > perhaps even > allowing you to model the entire structure > right down to the studs and wiring and maybe > even generating a materials list for the > project. A *really* cool package might even > let you model the entire structure in 3D and > allow you to move individual components on > a what-if basis, etc, etc, etc... I'm not sure that there are any home designer products for Linux that have libraries of furniture, windows, doors, etc. However, you should be able to create 3D images using a wire frame design tools, and then place them inside of another design representing a house. C-Ya, Kenny * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
RE: home construction/remodeling packages
This does not answer your question re a Linux
home modelling packgages, but what you want sounds
like a product called "3D Architect, version 4.0
which I purchased at Compusa in Nashua a couple of
months ago and finally started using last week...
(I run it on my Windoze 98 HP Pavillion box...)
I, too would like to have a package with slightly
more functionality than 3D-Architect v4.0 that
I could run on my Linux boxes, but alas I have no
such package in the Linux universe...
... Carl
--=|=-
Carl Helmers, President, Helmers Publishing, Inc.
--< Publishers of
Supply Chain Systems (formerly ID Systems)
and
Desktop Engineering
magazines and related WWW pages >--
(what else to do after starting the late lamented BYTE magazine?)
{founder and owner, Sensors magazine, 1984-1999}
[Favorite open source look and feel:
Linux running Squeak on a big screen ]
EMAIL: [EMAIL PROTECTED]
WEB:www.deskeng.com
www.scs-mag.com
SNAILMAIL: 174 Concord Street, Peterborough, NH 03458
PHONE: 603.924.9631-=- FAX: 603.924.7408
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
RESIDENCE: 468 Greenfield Road
Peterborough, NH 03458
603.924.9981
E-MAIL: [EMAIL PROTECTED]
WEB: www.helmers.com/carl [personal writings, etc.]
(-|-)
-Original Message-
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: 5/4/02 3:53 PM
Subject: home construction/remodeling packages
Are there Linux software packages available
to help with home construction/remodeling?
Having never used such software I'm not even
completely sure what I'm asking for, but I'd
think such a package would at least (and I'm
talking about something more than xfig) help
you lay out a floorplan. Fancier ones might
provide some CAD assistance, perhaps even
allowing you to model the entire structure
right down to the studs and wiring and maybe
even generating a materials list for the
project. A *really* cool package might even
let you model the entire structure in 3D and
allow you to move individual components on
a what-if basis, etc, etc, etc...
*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*
*
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*
Re: Where we live
>> Note - these image files are very large. > >It's not so much that the files are large, as that it apparently >takes an enormous amount of memory to undo the JPEG compression... >I downloaded the first one and it crashed Mozilla. My 4.77 version of Netscape makes me *very* angry from time to time but I am obliged to report that it handled these monster images without (too much) complaint. FYI, I'm running a very current Debian "testing" release with a 2.4.18 kernel on an Athlon box w/256Mb RAM and 300Mb swap. I also had no trouble viewing the images with xloadimage or gimp... * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Where we live
New photos from the Hubble telescope. These are not "artists conception" or computer-generated - except for the colorization, these are what the Hubble is actually seeing. Hard to feel important after viewing these... http://hubble.cust.nearlyfreespeech.net/0211af.jpg http://hubble.cust.nearlyfreespeech.net/0211bf.jpg http://hubble.cust.nearlyfreespeech.net/0211cf.jpg http://hubble.cust.nearlyfreespeech.net/0211df.jpg Note - these image files are very large. ObLinux: the amino-acid-precursors on one of the planets orbiting a star in the third galaxy from the left will evolve into (er, I mean, miraculously appear fully-formed as) life-forms that drink djyhnunnd-tahhhnikx and run llyhnnuckx on the dhydgydall-whaaahtschezz... * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
I've been 0wned!
How humiliating! My website is running php, which I discovered, much to my chagrin, installs by default with its directive "allow_url_fopen" set to "On". From the description in the php.ini file, this directive determines "Wheter to allow trating URLs like http:... or ftp:... like files". The script kiddy who got me apparantly used this security chasm (not just a hole) to execute arbitrary commands on my system, with apache's privileges, the end result of which was the replacement of my index.php file with his own. (http://www.mainusch.net/defaced.html). Why on earth would PHP ship with all of its security doors completely open?!?!? Arrrg! It appears this was all this particular kiddy was able to do, which was easy enough to fix. I tightened up security in general after this, but now I have that "oh no, I don't want to have to reinstall the whole system just to be on the safe-side" feeling again. -- Joseph E. Mainusch 43A East Ridge Road Merrimack, NH 03054 +1 (603) 560 6317 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
STRANGE SOUND PROBLEM
I upgraded my laptop to SuSE 8.0 Professional from 7.3 Professional (the laptop is a Sony Vaio PCG-FX140 with 700 MHz Pentium III with speedstep and i upgraded it to 512 MB of RAM and 30 GB hard disk, 7.5 of which is the Linux partition). When I sign into my KDE 3 account, I get (during KDE initialization) a message saying that the resource /dev/dsp is not available or busy, so the sound server will send the output to null. Oddly enough, if I log in my root account (without rebooting) and issue a rcalsasound restart to restart the sound server, sound works like a charm, even better than Windows, but I get back to square one if I reboot! Now, I know that all paradoxical phenomena are not really paradoxes but they look such because the observer misses a key piece of information. Not being a *nix guru, I have to consult the experts in a board like this. What does /dev/dsp do, anyway? At a first glance, the /proc/ files do not reveal anything suspicious, at least not to me. My naive understanding is that services that get initialized trample upon sound module resources and create a conflict (in fact, I hear a click from the speakers after some services are initialized at startup, well after I see the message about the sound server initialization flashing by). Any ideas would be greatly appreciated. CF PS. I also upgraded my aging 200 MHz MMX desktop to the same version and I have no problems with sound (SB16 Vibra card) whatsoever. * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
home construction/remodeling packages
Are there Linux software packages available to help with home construction/remodeling? Having never used such software I'm not even completely sure what I'm asking for, but I'd think such a package would at least (and I'm talking about something more than xfig) help you lay out a floorplan. Fancier ones might provide some CAD assistance, perhaps even allowing you to model the entire structure right down to the studs and wiring and maybe even generating a materials list for the project. A *really* cool package might even let you model the entire structure in 3D and allow you to move individual components on a what-if basis, etc, etc, etc... * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
