Deltik : news
https://www.deltik.net/
en-gb2024-03-19T03:30:21-05:00webmaster@nospam.comhourly12000-01-01T12:00+00:00Deltik.net
https://www.deltik.net/news/view/46/deltik-net
2024-03-19T03:30:21-05:00DeltikSite ChangesDeltik.org is now Deltik.net, and every web resource should be redirecting to the new domain.<br />Why?<br />.org was originally intended as a top-level domain for organizations that didn't fit under other categories, and Deltik was supposed to be such an organization. Today, .org is often registered by non-profits and open-source projects. Although Deltik is still primarily focused on open-source contributions, it's not much of an "organization" anymore, as it's run by just me.<br />The deciding factor for the move was a nice sale on .net domains that I found by chance. I registered 10 years of deltik.net for $69.78, which I believe is quite a bargain!<br />I intend to keep deltik.org around indefinitely, though, since I've had it for over 13 years now, and there will continue to be backlinks outside my control pointing to the old domain.<br />Trivia<br />The previous time Deltik changed its domain name was on 11 July 2008, when the community raised enough money to buy deltik.org. At the time, Deltik had no financial backing, so it took advantage of free hosting services for its early years.Download Hyper-V Integration Services for Legacy Operating Systems
https://www.deltik.net/news/view/45/download-hyper-v-integration-services-for-legacy-operating-systems
2024-03-19T03:30:21-05:00DeltikMiscellaneousMicrosoft Windows 10 and Microsoft Windows Server 2016 no longer include the Hyper-V Integration Services ISO, vmguest.iso. The rationale behind this change is that the latest supported Windows and Linux operating systems provide their own Hyper-V integration.<br /> <br />This means that there is no built-in way to install Hyper-V Integration Services into legacy operating systems such as Windows XP (Windows Embedded POSReady 2009).<br /> <br />Fortunately, there is a direct download link mirror to the Hyper-V Integration Services 6.3.9300.16384 ISO, which came from Windows 8.1 / Windows Server 2012 R2. You can download this file and mount it as a CD in your legacy Hyper-V guest to install Hyper-V Integration Services.<br /> <br /><br /> <br />Downloads<br /><br /><br />Direct from Internet Archive: vmguest.iso<br />Direct from Internet Archive Wayback Machine: vmguest.iso<br /><br /> <br />Checksums<br /><br /><br /><br />vmguest.iso, size: 27590656 bytes (27 MiB)<br />vmguest.iso, MD5: e36d4976a4fa8b38726670eb332c4fea<br />vmguest.iso, SHA1: 415d62038cf28c39af2ca63076a7df91a4524314<br />vmguest.iso, SHA256: d1037fd8e788ce8ed0df16ec21f057e74512d5b3d551cc9396c7ae95dccba10f<br /><br />Legacy Deltik Products
https://www.deltik.net/news/view/44/legacy-deltik-products
2024-03-19T03:30:21-05:00DeltikProjects Update<br />In the past, Deltik's products site, products.deltik.org, provided demos of the products published by Deltik from 2008 to 2011. Some of these products have serious security or performance flaws that made them unsuitable for demoing on Deltik.<br /> <br />As a result, the old products, now collectively called the "Legacy Deltik Products", have been taken off of the demo site and published as an unsupported archive.<br /> <br />Installation<br />The Legacy Deltik Products can be copied to any web server running PHP 5, and they should run roughly as they did on Deltik. Note that some paths were hard-coded and may break on your web server if you aren’t pretending to use the virtual host products.deltik.org.<br /> <br />You can find the products on the Legacy Deltik Products GitHub repo and clone them with this command: <br /><br />git clone https://github.com/Deltik/products-legacy.git<br /><br />A .tar.xz archive containing only the products folder can be downloaded directly from GitHub or from Deltik.<br /> <br />Either of these commands performs the download and extraction into the current directory:<br />curl -L 'https://github.com/Deltik/products-legacy/raw/master/products.tar.xz' | tar -xJvf -<br />curl -L 'https://content.deltik.net/products/legacy/products.tar.xz' | tar -xJvf -<br /><br /> <br />What's Included<br />The GitHub repo contains a README.md file that explains what's included.<br /> <br />What's Happening to products.deltik.org<br />Currently, https://products.deltik.org/ just contains a static page explaining what happened to the Legacy Deltik Products. If I choose to make something of the subdomain, I'll replace it with whatever succeeds the Legacy Deltik Products.<br /> <br />Problems with the Demos<br />The demos ran on the same unprivileged user as the main Deltik website, which means that compromising one of the demos would allow an attacker to take control of Deltik. I provide an example of a partial exploit in the extended version of this news post. (I figured that it would be pointless to demonstrate a full exploit, since the demos are no longer running here.)<br /> <br />It was also possible to do some denial of service attacks and proxy some attacks through this server. I present a high-level overview of some attack examples in the extended version of this news post.<br /><br />Security<br />Kweshuner<br />Kweshuner had a really useful feature that let you display the contents of any file accessible to the site's unprivileged user, including my emails and the configuration file that contains the database password to this website. To get the database password, all you had to do was go to this URL:<br /> <br />https://products.deltik.net/kweshuner/kweshuner_old/?page=admindebug&file=/home/deltik/public_html/e107_config.php<br /> <br />The code that made this laughably easy was line 470 of products/kweshuner/kweshuner_old/index.php.<br /><br /> <br />Deltik Products Portal<br />The portal itself at https://products.deltik.net/ was vulnerable to SQL injection because SQL inputs were not sanitized. This was the vulnerable string:<br />"SELECT * FROM `nodes` WHERE `id` = ".$_REQUEST['id']<br />And the URL in which you could put an injection was:<br /> <br />https://products.deltik.net/?action=status&id=YOUR_INJECTION_HERE<br /> <br />Even though the script was expecting an integer value, the input wasn't even cast as int. See line 31 of core.php.<br /><br /> <br />Performance<br />MuSeSPinger<br />It is easy to conduct a denial of service attack on MuSeSPinger by specifying many slow hosts to check and repeatedly requesting them until the hosting account running MuSeSPinger exhausts its resources. Generated images are not cached and take as long to respond as the slowest host checked.<br /><br /> <br />Log2Log PHP The implementation is very CPU- and RAM-intensive. It loads up all provided chat logs into RAM and keeps eating up RAM during the conversion process. The conversion process takes up a lot of time and makes the server busy, as can be seen in this earlier blog post. I really should have written a proper apology for the rampant abuse caused by Log2Log PHP, but it's been over five years. Matt, if you're reading this, I'm sorry.<br />Throwback Thursday: Old Posts Republished
https://www.deltik.net/news/view/43/throwback-thursday-old-posts-republished
2024-03-19T03:30:21-05:00DeltikSite Changes<br />The Deltik news feed just got a lot more content. Having found some old backups of this website, I performed a manual merge of the salvageable news articles and comments from all of Deltik's history dating back to 2008.<br /> <br />For historical preservation, I republished these old articles and comments. Most of the posts don't have a user assigned to them anymore, so they show up as user ID 2, "Legacy User".<br /> <br />You're welcome to browse them by going back to the earliest pages, They're probably not all that relevant anymore, but it could be interesting to see how different things were back then.<br />HTTPS Rollout
https://www.deltik.net/news/view/42/https-rollout
2024-03-19T03:30:21-05:00DeltikSite Changes<br />Hey, look!<br /><br /> <br />Deltik.org is running on HTTPS now, finally.<br /> <br />When people ask me about this website and why it looks so lame, I tell them that it's trapped in the past. Deltik.org looks almost the same as it did in 2008.<br /> <br />Well, I'm not changing how this site looks, except for the new lock icon in the address bar. I've gone through the internal workings of this site and changed many of the deltik.org hyperlinks to use HTTPS. Not everything on deltik.org is configured properly for HTTPS, though.<br /> <br />What's Not Covered by HTTPS<br />The only notable thing is that the domain is configured with wildcard subdomains (*.deltik.org), but I didn't buy a wildcard site certificate, which means that wildcard subdomains such as http://csrf.deltik.org/ will only be valid over HTTP, though they do have an invalid HTTPS certificate installed.<br /> <br />What's Covered by HTTPS<br /><br /><br />deltik.org – Redirects to www.deltik.org<br />www.deltik.org – This website<br />content.deltik.org – My kind-of content distribution network (CDN) that I would actually turn into a CDN if I hosted sufficiently popular files<br />products.deltik.org – I never finished this dumb-looking page showcasing Deltik products.<br />my.deltik.org – A stalled/failed project for community-driven material on Deltik<br />man.deltik.org – MediaWiki used to be running on here, but I never took care of it, and it got overrun by spam robots. I haven't bothered to delete this site yet.<br /><br /><br />Log2Log v1.0.4 Released
https://www.deltik.net/news/view/41/log2log-v1-0-4-released
2024-03-19T03:30:21-05:00DeltikProjects Update<br />Log2Log v1.0.4 has been released, and here is a screenshot showcasing the new format converter:<br /> <br /><br /> <br />(I know my French isn't perfect…)<br /> <br />New Features<br /><br /><br />Ability to convert to Windows Live Messenger chat logs<br />A slightly more readable incompatibility description box<br /><br /> <br />Bugfixes<br /><br /><br /><br />The Pidgin source converter malfunctioned and gave zeroed timestamps due to poor programming practices combined with Qt framework updates.<br />The Windows Live Messenger default log path has been corrected.<br /><br /> <br /><br />Links<br /><br /><br />Download: https://sourceforge.net/projects/log2log/files/<br />Project Site: http://log2log.sourceforge.net/<br /><br /><br /> <br />Credits<br />Thank you Jennifer! Jennifer contacted me requesting a converter from her Pidgin so that she could use them with Windows Live Messenger.<br /> <br />To make this possible, I needed to know the formula to generate Microsoft Passport numbers. Thanks to Harry Parsonage's .NET application (Deltik mirror), this was possible.<br /> <br />Windows Live Messenger was discontinued a few years ago, and its usage is disabled by default, but there exists a significant community that wants to keep Windows Live Messenger alive. At the time of writing, people can use Messenger Reviver to continue using Windows Live Messenger.<br /> <br />Though a new version of Log2Log v1.x has been released, it is running on limited support. New format converters are being created only on demand.<br />Dead Links
https://www.deltik.net/news/view/40/dead-links
2024-03-19T03:30:21-05:00DeltikWebsite Update<br />If you browse this site… well, I'm surprised, since the activity on this site is as dead as some of the links on it.<br /> <br />In all seriousness, if you browse this site, you might notice some dead links. Some of them are images.<br /> <br />New Links <br />One of the things I like the least about the Internet is dead links, and I will begin my part to prevent them. Starting today, all new content will be hosted in-house at Deltik, especially now that we have much larger server resources than when we first started out on 31 March 2008. Content may be served by a third-party content distribution network, but it will all originate from right here, at content.deltik.net.<br /> <br />Existing Links<br />The main reason that I'm not replacing links that are currently on the site, especially the dead ones, is that I don't have their original sources. Many of them might be on some scattered backups that I can't find, or they might have been lost forever (which is difficult to believe on the Internet, isn't it?). Over time, I intend to replace all current media that I've uploaded with sources hosted here at Deltik.<br />Log2Log v1.0.3 Released
https://www.deltik.net/news/view/39/log2log-v1-0-3-released
2024-03-19T03:30:21-05:00DeltikProjects Update<br />Announcing…<br /> <br /><br /> <br /> <br />New Features<br /><br /><br />Ability to convert from Digsby chat logs<br />Ability to convert to Pidgin chat logs<br /><br /> <br />Bugfixes<br /><br /><br /><br />Update checker is now compatible with the SourceForge web server by sending a user agent.<br /><br /> <br /><br />Links<br /><br /><br />Download: https://sourceforge.net/projects/log2log/files/<br />Project Site: http://log2log.sourceforge.net/<br /><br /><br /> <br />Credits<br />Thank you Steve! Steve contacted me requesting a converter from his 2200 Digsby logs with AIM, Google Talk, MSN, and Yahoo!, and I delivered. Though a new version of Log2Log v1.x has been released, it is running on limited support. New format converters are being created only on demand.<br />Farewell to Meebo Messenger and Log2Log v1.x
https://www.deltik.net/news/view/37/farewell-to-meebo-messenger-and-log2log-v1-x
2024-03-19T03:30:21-05:00DeltikProjects Update<br />Meebo Messenger is going away, and so is theLog2Log<br />Chat Log Converter v1.x branch.<br />Whaaa...?Google has acquired Meebo, so Meebo Messenger is closing down. On 23 June 2012, Deltik pushed out an update, Log2Log v1.0.1—the last in the v1.x branch. Log2Log v1.x has succeeded in it's original goal to convert Meebo chat logs, but due to very poor programming practices, Log2Log v1.x can no longer be supported.<br /> <br />The Log2Log v1.x branch has been deprecated. This is the final release of Log2Log v1.x (v1.0.1) as of 23 June 2012. You may ask for a custom-built release; Deltik will help you support new format converters if you ask.<br /> <br /> <br />What Went Wrong<br />Unfortunately, the only active developer on the Log2Log team (Deltik) is a really bad computer programmer, and he ruined the v1.x branch. The program is:<br /><br /><br />ugly (poor coding practices),<br />inflexible (no foreign language support),<br />inextensible (no plugin support),<br />bulky (unoptimized), and<br />leaky (no memory management).<br /><br /><br /><br />Log2Log v2.x?<br />A Log2Log v2.x branch is planned, but there are not enough human resources to make the project possible.<br /><br />Version 2 shall:<br /><br /><br />improve memory management drastically,<br />take advantage of multiple threads (GUI, reading source data, converting to destination format, saving converted data),<br />have multilingual support, and<br />have format converters in a modular plug-in design. <br /><br /> <br /><br /> <br />Loguntu<br />I've talked about Loguntu before...<br /> <br />The Loguntu project might also be started along with Log2Log v2.x. Loguntu is planned to be the ultimate digital life interface for all personal data. It looks really awesome on paper, but guess what? Nobody cares.<br /><br />Hello?<br /><br />Nobody even noticed that Deltik turned 4 years old on 31 March 2012... and the post from Deltik's 3rd birthday is not many posts away from this one... :(<br /><br /><br />Supporting Loguntu and Log2Log v2.x<br />If you're interested in the Loguntu project or seeing the Log2Log project go further, just let us know at http://loguntu.com/. (The link works as of 23 June 2012. I'll try to keep it up for a while.) UPDATE 04 July 2012: I bought the domain name LOGUNTU.COM, mm-kay? :P<br /><br /><br />