Old software is the topic that we are going to discuss today (or have a monolog)
Well what is the definition old with Open Source
- Something that not maintained by a developer
- Something that has not been updated by user
- (SA14880)DC++ Unspecified Manipulation of Arbitrary Files
- (SA5183)DC++ and its mods remote DoS in bzip2 decompression routine
- (SA13325)Open DC hub Buffer Overflow ($RedirectAll)
- (SA29924)DC++ NULL Pointer Remote Denial of Service Vulnerability
- (SA21640)VerliAdmin Index.PHP Remote File Include Vulnerability
- (SA32889)Verlihub Insecure Temporary File Creation Vulnerability
- (SA25968)Verlihub Control Panel Page Parameter Local File Include Vulnerability
- 1. Start paying attention to the community (DC Community)
2. Talk to other developers about standards for hubsofts, hublists, clients
3. Dont choose old hublists that still allow CTM exploited hubs to be listed.
4. Try to keep yourself involved in protocol development.
5. Ask other developers for ideas on improvments.
How can a user benefit from all of this well lets work out the details.
A user wants his or hers stuff fast a smooth without any problems or hassle from hubowners/ops (sometimes OPs and Hubowners can be the most horrible problem there is), most ops and hubowners for some odd reason stay with older versions since they cant seem to manage getting active in new clients (i know this is partial but you can always discuss this in this thread) so they recommends older stuff that they can manage this causes heps of problems for the rest of the community since there are flaws in older clients that are known that can be exploited for malicious use.
So how do we go about with the Operators and the hubowners since they are the ones that need to pass down the information given to them and if they don't understand the changes how can so explain them to them.
Well with sites like this is one good start but its not a total solution, we could make annoying announcements or include popups everytime a new version is released in the software.
Since hubowners wants their hubs to become big etc. they are dependent on hublists to provide them with users now a hublist should have one thing if its nmdc only and thats a CTM checker that checks if the is the same as the ip of the CTM requester this is the minimal requirement at least in my view and if it doesn't, it doesn't appear in hublist.
However there are plenty of hublist that dont have this implemented so i do hope that some example code will appear for any hublist owner so they can implement it.
Well i think ill make this a series of articles so consider this article 1 in a series of many..
The conclusion is that why add to the problems that are already there and why not just give new stuff a chance instead.
if you are more interested in the bugs over the years i recommend that you go to this site
http://www.securityfocus.com/