[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [security-discuss] gnuradio project DoS attacks GNU wget users
From: |
Alfred M. Szmidt |
Subject: |
Re: [security-discuss] gnuradio project DoS attacks GNU wget users |
Date: |
Sat, 04 Mar 2017 02:54:14 -0500 |
> even any browser more advanced than curl or wget), you would
> have noticed that those links are part of the dropbox which
> itself is part of the search field.
The use of Dropbox is a possible concern. What job is Dropbox
being used for, here? Can you tell me where in the pages to find
that?
It is a GUI element dropbox -- then one annoying ones where you click
and they expand.
> There is absolutely no way to make that functionality without
> javascript,
Nothing can justify sending users nonfree JS code, but it is
acceptable for a GNU package web site to send Javascript code
provided that code is free. It is best if the site does function
with JS disabled (it's ok if that is ugly; ugly is better than
malfunctioning).
Can someone please tell me precisely where in the site this
Javascript code appears?
I attached the full main page for GNU radio's manual (and the input
file for that). It uses jquery, which is free software, but Doxygen
(GNU radio is only using Doxygen to generate the pages) is doing
something and no license is added. The other files (dynsections.js,
resize.js, navtree.js, ...) are from Doxygen as well, but also do not
carry proper license notifications.
Does it visibly carry a free license?
No.
Is it distributed as true source code?
>From the looks, no.
The searchbox is the standard doxygen's searchbox which
implements documentation search in javascript to avoid having
to have a search engine on the server. So, if you don't like
that searchbox, go to doxygen.org and tell them.
You're saying that this Javascript code has somehing to do with
doxygen.org. What is the relationship between this Javascript code
and doxygen.org? Those words suggest multiple possibilities.
Doxygen is used to generated the web page manual for GNU Radio. For
the web page to get dynamic GUI elements (dropdowns, search boxes,
collapsable navigation tree, ...) it uses Javascript.
So Doxygen is generating output without license headers for their
Javascript. I think one can contact the Doxygen maintainers at
address@hidden
The GNU Radio manual also does not carry any license, or a copy of a
license from what I could see.
===File ~/index.html========================================
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=9"/>
<meta name="generator" content="Doxygen 1.8.8"/>
<title>GNU Radio Manual and C++ API Reference: Main Page</title>
<script type="text/javascript">
//<![CDATA[
try{if (!window.CloudFlare) {var
CloudFlare=[{verbose:0,p:0,byc:0,owlid:"cf",bag2:1,mirage2:0,oracle:0,paths:{cloudflare:"/cdn-cgi/nexp/dok3v=1613a3a185/"},atok:"04ed2f8d793d27d7a270e9b100cc19f9",petok:"addc01398e0f27dc7d0efff5df61220729dab2cd-1488612990-1800",zone:"gnuradio.org",rocket:"m",apps:{"ga_key":{"ua":"UA-40259801-1","ga_bs":"2"}}}];document.write('<script
type="text/javascript"
src="//ajax.cloudflare.com/cdn-cgi/nexp/dok3v=f2befc48d1/cloudflare.min.js"><'+'\/script>');}}catch(e){};
//]]>
</script>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="dynsections.js"></script>
<link href="navtree.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="resize.js"></script>
<script type="text/javascript" src="navtree.js"></script>
<script type="text/javascript">
$(document).ready(initResizable);
$(window).load(resizeHeight);
</script>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="search/search.js"></script>
<script type="text/javascript">
$(document).ready(function() { searchBox.OnSelectItem(0); });
</script>
<link href="doxygen.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript">
/* <![CDATA[ */
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-40259801-1']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript';
ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' :
'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0];
s.parentNode.insertBefore(ga, s);
})();
(function(b){(function(a){"__CF"in b&&"DJS"in
b.__CF?b.__CF.DJS.push(a):"addEventListener"in
b?b.addEventListener("load",a,!1):b.attachEvent("onload",a)})(function(){"FB"in
b&&"Event"in FB&&"subscribe"in
FB.Event&&(FB.Event.subscribe("edge.create",function(a){_gaq.push(["_trackSocial","facebook","like",a])}),FB.Event.subscribe("edge.remove",function(a){_gaq.push(["_trackSocial","facebook","unlike",a])}),FB.Event.subscribe("message.send",function(a){_gaq.push(["_trackSocial","facebook","send",a])}));"twttr"in
b&&"events"in twttr&&"bind"in
twttr.events&&twttr.events.bind("tweet",function(a){if(a){var
b;if(a.target&&a.target.nodeName=="IFRAME")a:{if(a=a.target.src){a=a.split("#")[0].match(/[^?=&]+=([^&]*)?/g);b=0;for(var
c;c=a[b];++b)if(c.indexOf("url")===0){b=unescape(c.split("=")[1]);break
a}}b=void 0}_gaq.push(["_trackSocial","twitter","tweet",b])}})})})(window);
/* ]]> */
</script>
</head>
<body>
<div id="top">
<div id="titlearea">
<table cellspacing="0" cellpadding="0">
<tbody>
<tr style="height: 56px;">
<td id="projectlogo"><img alt="Logo" src="gnuradio_logo_icon.png"/></td>
<td style="padding-left: 0.5em;">
<div id="projectname">GNU Radio Manual and C++ API Reference
 <span id="projectnumber">3.7.10.1</span>
</div>
<div id="projectbrief">The Free & Open Software Radio Ecosystem</div>
</td>
<td> <div id="MSearchBox" class="MSearchBoxInactive">
<span class="left">
<img id="MSearchSelect" src="search/mag_sel.png" onmouseover="return
searchBox.OnSearchSelectShow()" onmouseout="return
searchBox.OnSearchSelectHide()" alt=""/>
<input type="text" id="MSearchField" value="Search" accesskey="S"
onfocus="searchBox.OnSearchFieldFocus(true)"
onblur="searchBox.OnSearchFieldFocus(false)"
onkeyup="searchBox.OnSearchFieldChange(event)"/>
</span><span class="right">
<a id="MSearchClose" href="javascript:searchBox.CloseResultsWindow()"><img
id="MSearchCloseImg" border="0" src="search/close.png" alt=""/></a>
</span>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<script type="text/javascript">
var searchBox = new SearchBox("searchBox", "search",false,'Search');
</script>
</div>
<div id="side-nav" class="ui-resizable side-nav-resizable">
<div id="nav-tree">
<div id="nav-tree-contents">
<div id="nav-sync" class="sync"></div>
</div>
</div>
<div id="splitbar" style="-moz-user-select:none;" class="ui-resizable-handle">
</div>
</div>
<script type="text/javascript">
$(document).ready(function(){initNavTree('index.html','');});
</script>
<div id="doc-content">
<div id="MSearchSelectWindow" onmouseover="return
searchBox.OnSearchSelectShow()" onmouseout="return
searchBox.OnSearchSelectHide()" onkeydown="return
searchBox.OnSearchSelectKey(event)">
<a class="SelectItem" href="javascript:void(0)"
onclick="searchBox.OnSelectItem(0)"><span
class="SelectionMark"> </span>All</a><a class="SelectItem"
href="javascript:void(0)" onclick="searchBox.OnSelectItem(1)"><span
class="SelectionMark"> </span>Classes</a><a class="SelectItem"
href="javascript:void(0)" onclick="searchBox.OnSelectItem(2)"><span
class="SelectionMark"> </span>Namespaces</a><a class="SelectItem"
href="javascript:void(0)" onclick="searchBox.OnSelectItem(3)"><span
class="SelectionMark"> </span>Files</a><a class="SelectItem"
href="javascript:void(0)" onclick="searchBox.OnSelectItem(4)"><span
class="SelectionMark"> </span>Functions</a><a class="SelectItem"
href="javascript:void(0)" onclick="searchBox.OnSelectItem(5)"><span
class="SelectionMark"> </span>Variables</a><a class="SelectItem"
href="javascript:void(0)" onclick="searchBox.OnSelectItem(6)"><span
class="SelectionMark"> </span>Typedefs</a><a class="SelectItem"
href="javascript:void(0)" onclick="searchBox.OnSelectItem(7)"><span
class="SelectionMark"> </span>Enumerations</a><a class="SelectItem"
href="javascript:void(0)" onclick="searchBox.OnSelectItem(8)"><span
class="SelectionMark"> </span>Enumerator</a><a class="SelectItem"
href="javascript:void(0)" onclick="searchBox.OnSelectItem(9)"><span
class="SelectionMark"> </span>Friends</a><a class="SelectItem"
href="javascript:void(0)" onclick="searchBox.OnSelectItem(10)"><span
class="SelectionMark"> </span>Macros</a><a class="SelectItem"
href="javascript:void(0)" onclick="searchBox.OnSelectItem(11)"><span
class="SelectionMark"> </span>Modules</a><a class="SelectItem"
href="javascript:void(0)" onclick="searchBox.OnSelectItem(12)"><span
class="SelectionMark"> </span>Pages</a></div>
<div id="MSearchResultsWindow">
<iframe src="javascript:void(0)" frameborder="0" name="MSearchResults"
id="MSearchResults">
</iframe>
</div>
<div class="header">
<div class="headertitle">
<div class="title">GNU Radio Manual and C++ API Reference Documentation</div>
</div>
</div>
<div class="contents">
<div class="textblock"><div class="image">
<img src="gnuradio-logo.svg" alt="gnuradio-logo.svg"/>
</div>
<p>Welcome to GNU Radio!</p>
<p>For details about GNU Radio and using it, please see the <a
href="http://gnuradio.org" target="_blank"><b>main project page</b></a>.</p>
<p>Other information about the project and discussion about GNU Radio, software
radio, and communication theory in general can be found at the <a
href="http://www.trondeau.com" target="_blank"><b>GNU Radio blog</b></a>.</p>
<p>This manual is split into two parts: A usage manual and a reference. The
usage manual deals with concepts of GNU Radio, introductions, how to build GNU
Radio etc. The reference contains a list of all GNU Radio components, sorted by
in-tree components, modules, files, namespaces and classes.</p>
<p>To access these parts, follow these links or use the tree browser in the
left sidebar. A search function is also available at the top right.</p>
<ul>
<li><a class="el" href="page_usage.html">Part I - GNU Radio Usage</a> </li>
<li><a class="el" href="page_components.html">Part II - Reference</a> </li>
</ul>
</div></div>
</div>
<div id="nav-path" class="navpath">
<ul>
<li class="footer">Generated on Thu Aug 18 2016 11:37:34 for GNU Radio Manual
and C++ API Reference by
<a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.8.8 </li>
</ul>
</div>
</body>
</html>
============================================================
===File ~/GNU/gnuradio/docs/doxygen/other/main_page.dox===
/*! \mainpage
\image html gnuradio-logo.svg
Welcome to GNU Radio!
For details about GNU Radio and using it, please see the
<a href="http://gnuradio.org" target="_blank"><b>main project page</b></a>.
Other information about the project and discussion about GNU Radio,
software radio, and communication theory in general can be found at
the <a href="http://www.trondeau.com" target="_blank"><b>GNU Radio blog</b></a>.
This manual is split into two parts: A usage manual and a reference. The usage
manual
deals with concepts of GNU Radio, introductions, how to build GNU Radio etc.
The reference contains a list of all GNU Radio components, sorted by in-tree
components,
modules, files, namespaces and classes.
To access these parts, follow these links or use the tree browser in the left
sidebar.
A search function is also available at the top right.
\li \subpage page_usage "Part I - GNU Radio Usage"
\li \subpage page_components "Part II - Reference"
*/
============================================================
- Re: [security-discuss] GFDL holds the answer about fancy javascript (was: gnuradio project..), (continued)
- Re: [security-discuss] GFDL holds the answer about fancy javascript (was: gnuradio project..), Alfred M. Szmidt, 2017/03/07
- Re: [security-discuss] GFDL holds the answer about fancy javascript (was: gnuradio project..), Richard Stallman, 2017/03/05
- Re: [security-discuss] GFDL holds the answer about fancy javascript (was: gnuradio project..), Jean Louis, 2017/03/06
- Re: [security-discuss] GFDL holds the answer about fancy javascript, Paolo Bonzini, 2017/03/03
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Richard Stallman, 2017/03/03
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Filip Brcic, 2017/03/03
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Richard Stallman, 2017/03/04
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users,
Alfred M. Szmidt <=
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Richard Stallman, 2017/03/05
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Richard Stallman, 2017/03/05
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Alfred M. Szmidt, 2017/03/05
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Alfred M. Szmidt, 2017/03/03
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Anonymous, 2017/03/03
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Alfred M. Szmidt, 2017/03/03
Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Nomen Nescio, 2017/03/02