|
Threads
View context
You need to block people from rezzing objects. Go set the land so this can't happen. Bans are trivial to get around. Mac address bans, IP bans, Disk Id bans are a click to route around.
like(2)
View context
This is a false alarm. It is the hashed MAC address of a loopback adapter. Note that on the Mantis, they have different hashed disk ID's.
All Loopback adapters on Linux and PC's use the same Mac address. I found this out when I banned myself.
like(5)
All Loopback adapters on Linux and PC's use the same Mac address. I found this out when I banned myself.
View context
I don't see that GDPR applies here. Perhaps German law says otherwise. I see no legitimate reason we must keep this private, when we have an obligation to minimize the monetary damages she is causing. According to Recital 50...."which constitutes a necessary and proportionate measure in a democratic society to safeguard, in particular, important objectives of general public interest, the controller should be allowed to further process the personal data irrespective of the compatibility of the purposes".
Also, "Indicating possible criminal acts or threats to public security by the controller and transmitting the relevant personal data in individual cases or in several cases relating to the same criminal act or threats to public security to a competent authority should be regarded as being in the legitimate interest pursued by the controller."
like(2)
Also, "Indicating possible criminal acts or threats to public security by the controller and transmitting the relevant personal data in individual cases or in several cases relating to the same criminal act or threats to public security to a competent authority should be regarded as being in the legitimate interest pursued by the controller."
View context
Grid owners using DreamGrid have a button to disable rez and script rights in all sims. You need to be aware of a problem - loading an OAR can and will reset those rights. ABout half the free OARS at Outworldz.com have this issue. DreamGrid V5.26 has a patch that prevents that from happening after any load OAR.
For other grid users, a simple bit of SQL can be used to remove such rights.
like(1)
For other grid users, a simple bit of SQL can be used to remove such rights.
View context
This may be fixed in core. Ubit has patched a hole.
Try to get your gid updates to help prevent it.
like(0)
Try to get your gid updates to help prevent it.
View context
Pretty much none of it is true. 8002 is not what is claimed nor is 8003. Those are http Session and Region udp ports and are not mysql. 9000 may be a standalone or a grid. It could be ice cast. It could be anything they want
8003 can be open or closed because it's a choice. Osgrid leaves it open and they don't get hacked. It's what make osgrid a GRID.
Not using mysql and sqllite at the same time? Nonsense. Its standard to run both and is core functionality. Stats uses it.
Rdp is encrypted with kerborous and is as secure as ssh.
File the above post as misinformation.
like(2)
8003 can be open or closed because it's a choice. Osgrid leaves it open and they don't get hacked. It's what make osgrid a GRID.
Not using mysql and sqllite at the same time? Nonsense. Its standard to run both and is core functionality. Stats uses it.
Rdp is encrypted with kerborous and is as secure as ssh.
File the above post as misinformation.
View context
Everything I produce is digitally signed by Microsoft Authenticode and will not run if a single bit changes. No other Opensim system takes security this seriously.
Just to clear up some misconceptions here: A fork is not someone adding anything to someone else's code. It's someone copying it. Adding would be a "push". Only Ubit Umarov (our #1 core dev) and I have permissions to push to DreamGrid.
There are no changes to this code since it was originally added last January. Anyone who understands git can see this. Or just look at https://github.com/Outworldz/DreamWorld/tree/V4/MSFT_Runti... The code inside is easily examined and scanneable by just extracting the EXE using any zip tool.
The version we run is from Jan 13, 2021. It has not been changed since then. Nothing else about anyone else's code is relevant.
The only time it was installed on any machine was shortly after that, when you first updated. It runs once, and never runs again, so you can delete it.
like(3)
Just to clear up some misconceptions here: A fork is not someone adding anything to someone else's code. It's someone copying it. Adding would be a "push". Only Ubit Umarov (our #1 core dev) and I have permissions to push to DreamGrid.
There are no changes to this code since it was originally added last January. Anyone who understands git can see this. Or just look at https://github.com/Outworldz/DreamWorld/tree/V4/MSFT_Runti... The code inside is easily examined and scanneable by just extracting the EXE using any zip tool.
The version we run is from Jan 13, 2021. It has not been changed since then. Nothing else about anyone else's code is relevant.
The only time it was installed on any machine was shortly after that, when you first updated. It runs once, and never runs again, so you can delete it.
Thank you Fred, I deleted it, and everything is fine now. Peculiar behavior, but it's the truth. Also it is true that clamwin av did mark it as being infected with a trojan. Very easy to fix, please do not panic people.
like(0)
View context
Edited: No one uses XP as Opensim does not run on Windows XP, and has not for about 3 years. Its not secure and was deprecated as part of a security push I initiated. And most of the grids I log into (which is a lot), run on very modern hardware. In 5 years I have seen a single A1 processor ( at 1 GHZ) with 4 GB of RAM. Dreamgrid and a region ran fine on it. The viewer, well, it booted, lets put it that way.
like(2)
View context
I'll report it to ClamAV. The hash of my version is 123468e5b29d797a0f7e09fe6736d26df8c9c13007aa3f579913726228bb2990. This is digitally signed by Authenticode so has a different signature than the original. Poorly written virus scanners may flag this as potentially malicious.
In the recent past, scanners from Microsoft, Norton and one have reported various bits of DreamGrid and Opensim as malicious based on behaviour rules. After all, Opensim downloads all kinds of unknown data stuff from hundreds of suspicious locations. DreamGrid does too.
All my code is protected from malicious people changing it by encrypted digital signature using the Outworldz Authenticode certificate.
On another note, anyone running an AV on Opensim\bin in real time needs to add an exclusion to the files in certain folders, or Opensim\bin. If you do not, you may end up with corrupted assets due to record locking. Opensim needs exclusing access to its assets and caches.
A bigger problem is older versions of Opensim, which directly allow anyone to read the hard disk and network shares. 0.8.2.1 grids and early 0.9.0 grids should be avoided.
https://www.virustotal.com/gui/file/123468e5b29d797a0f7e09...
like(3)
In the recent past, scanners from Microsoft, Norton and one have reported various bits of DreamGrid and Opensim as malicious based on behaviour rules. After all, Opensim downloads all kinds of unknown data stuff from hundreds of suspicious locations. DreamGrid does too.
All my code is protected from malicious people changing it by encrypted digital signature using the Outworldz Authenticode certificate.
On another note, anyone running an AV on Opensim\bin in real time needs to add an exclusion to the files in certain folders, or Opensim\bin. If you do not, you may end up with corrupted assets due to record locking. Opensim needs exclusing access to its assets and caches.
A bigger problem is older versions of Opensim, which directly allow anyone to read the hard disk and network shares. 0.8.2.1 grids and early 0.9.0 grids should be avoided.
https://www.virustotal.com/gui/file/123468e5b29d797a0f7e09...
So essentially it's a false alert on the side of malware scanners ranging from MSE to subscription-based commercial scanners to ClamAV, and there's no need for DreamGrid admins to have sleepless nights.
Also, I'd like to put an emphasis on the last paragraph. Those of you who are running very old installations of DreamGrid and have never updated, please do so. I know that the typical Windows user doesn't like to update things and prefers to leave everything as-is after installation, but this is a security issue.
liked(1)
Also, I'd like to put an emphasis on the last paragraph. Those of you who are running very old installations of DreamGrid and have never updated, please do so. I know that the typical Windows user doesn't like to update things and prefers to leave everything as-is after installation, but this is a security issue.
View context
Make a copy of your region folder, and mysql data. Done. With that you can restore any grid. OARs and IARS are not enough. You can recreate a grid with them, sort of, but will be missing friends, landmarks will not work, and your Firestorm outfits will be gone. Or learn to use use mysqldump.
like(0)
View context
Good way to fill an asset server with never again to be used textures unless its scripted to only make a new texture when someone is near to actually see it.
like(0)
View context
A Free Cross-Grid Database For LSL
A simple to use, dedicated, shareable database for all to use to save and persist data across scripts, regions, and grids. The URL is at http://outworldz.appspot.com/ where you will find the basic instructions. You use LSL to fetch a web page with a 'store' field, and it will save a name and a value. Here is an example to save the key AnimalName = bunny.
http://outworldz.appspot.com/store?service=2b307c02-2133-4...
To get back the AnimalName, you change the directive to 'load' and ask for AnimalName: http://outworldz.appspot.com/load?service=2b307c02-2133-4d...
The 'service' is any UUID. These can be used for security, or to identify a grid, region, person, prim, a project or whatever. If this UUID is set to the llGetOwner(), the then data would be stored where prims owned by that avatar can easily get it back.
Lots more help from Maria at Hypergrid Business is at https://www.hypergridbusiness.com/2012/12/free-database-fo...
like(1)
A simple to use, dedicated, shareable database for all to use to save and persist data across scripts, regions, and grids. The URL is at http://outworldz.appspot.com/ where you will find the basic instructions. You use LSL to fetch a web page with a 'store' field, and it will save a name and a value. Here is an example to save the key AnimalName = bunny.
http://outworldz.appspot.com/store?service=2b307c02-2133-4...
To get back the AnimalName, you change the directive to 'load' and ask for AnimalName: http://outworldz.appspot.com/load?service=2b307c02-2133-4d...
The 'service' is any UUID. These can be used for security, or to identify a grid, region, person, prim, a project or whatever. If this UUID is set to the llGetOwner(), the then data would be stored where prims owned by that avatar can easily get it back.
Lots more help from Maria at Hypergrid Business is at https://www.hypergridbusiness.com/2012/12/free-database-fo...