Microsoft to have XDA remove all ROMs next week.

[luv2chill]

Not to take away from several good points you made Wizzard, but I think you'll find that the "sticking point" is in the distribution of pre-customized ROMs. Even if federal courts have ruled that users may freely customize their own devices I doubt that includes rights of distributing it to other people over the internet.

Again, don't get me wrong, I think it should be legal, I just don't think it is legal (the distribution).

[helmi_c]

Quote:

Originally Posted by jamesus

Quote:

Can't hurt to stock up!

sure their eyes are on this website also, so please if u guys hv anything regardin wm6 and its port planning stuff be more carefull or better say nothing about it....and yes Can't hurt to stock up just like jamesus said...

btw mike I think md5 hash for any file that upload to ppcgeeks ftp soon will be necessary,... if my info was correct... hopes it just a false alarm...

fyi: before xda-dev ftp files is been attack by virus, most of the rom are replaced with a dangerous virus that will delete ur computer files...

[tbhausen]

Yikes! I'd like to meet that person in a dark alley.

Todd/Indy

[xmind2006]

Speaking of possibly malicious FTP uploads, can't the FTP be set up to allow access to only those with accounts (i.e. a login other than the EZupload)? This would flag the users that would upload either malicious or illegal software. Just a thought as when I had an FTP server set up a couple years ago it was extremely helpful to view the user and file traffic.

[Perasite]

I'd agree, couldn't the FTP login be tied to your forum login? Then any changes (malicious or otherwise) could be tracked to who and when. Proper measures to prevent further errors could then be taken.
Anonymous login could be set to allow download only, while it would take forum credentials to upload.

[Wideawake]

If anyone knows how please inform me but the only method I've found is this way. See on a linux server only user per folder so we have to use the one login.....Anonymous login costs more and well I dunno. That why I said scan everything u download.
~Mike

[bigdoofus]

Quote:

Originally Posted by Wideawake

If anyone knows how please inform me but the only method I've found is this way. See on a linux server only user per folder so we have to use the one login.....Anonymous login costs more and well I dunno. That why I said scan everything u download.
~Mike

You can create subfolders and assign permissions to different users.

[Wideawake]

And just how would I go about doing such a thing....no clue about ftp servers...

[luv2chill]

Hi Mike... here's a solution that is fairly easy to implement (it's what xda-dev does with their FTP).

There are two published login accounts for the ftp:

1. The download account. This account has no upload or file/folder modification privileges whatsoever. It is the account used to download only.

2. The upload account. This account only has access to an "Upload" directory off the root--nothing else. It can be used for uploading, folder creation and file system modification inside the "Upload" directory only. It has no access anywhere else.

Mods (or just you, or whomever) can have an individual login that has full permissions on all directories. They would periodically move files from the upload folder into the applicable download folders--where they will be safe from future deletion.

To make it even more secure, when someone uploads something, we can have a thread where they list the file name and the MD5 hash of the file (there are tools for all OSes that easily calculate this for you). If the FTP mod sees that the file in the upload folder matches the posted hash, then the file is safe to move to its permanent place outside of the Upload folder.

Users should think of the upload folder as a "demilitarized zone". There are no protections on anything put into that folder so use extra caution downloading anything from the Upload folder. Once a file has been moved out of there it has been deemed safe.

Anyway, that's my suggestion. We're no where near as big as xda-dev (yet, anyway!) so keeping up with moving uploads should not be too big a job, especially if several users help out with the task.

And I speak as one of the unfortunate souls who downloaded that malware from xda-dev (neither SAV corporate edtition nor Windows Defender caught it--both up to date with definitions). I watched in horror as it deleted most of my OS files. Luckily I had a USB drive hooked up at the time so I was able to copy over all my stuff immediately. Once I rebooted Windows would no longer load up.

Talk about embarassing. I hadn't been hit by a virus in years. And that thing is MALICIOUS with a captial M. I saved a copy of it intending to analyze it one day (I also need to submit it to the major AV vendors).

So I definitely think we need to implement something to keep people from being able to screw with the FTP structure. Having an Upload folder to be the one unprotected area seems like the best compromise to me.

[bigdoofus]

Quote:

Originally Posted by Wideawake

And just how would I go about doing such a thing....no clue about ftp servers...

Assuming you have shell access to the server, you can create a subdirectory such as say, colonel. Then you can create a user named colonel, set his home directory to that directory. Then you can change the permissions to allow only him to write.

I usually use ProFTPd instead of the normal ftp server since it provides much more capabilities in this regard (creating users with write permission, allowing anonymous people to read) without actually create actual users. If you can install it, I can definitely help you set it up.