Amiga.org
Amiga News and Community Announcements => Amiga News and Community Announcements => Amiga Programming and Development => Topic started by: orb85750 on January 31, 2011, 01:11:57 AM
-
WTH??
I google for Amiga UtilityBase, it comes up with the main site.
I click it, and my Avast Antivirus starts screaming about some javascript malware?????
:angry:
desiv
That is exactly what happened to me previously. I posted it, but nobody confirmed it. Now I know it's not just my computer acting strangely.
-
But what is wrong with it? You could just turn off JavaScript if there is JS-based malware, JS isn't useful for much anyway.
-
Well, apart from the fact that it's infected (which does happen to sites from time to time, but as orb says he mentioned it before) it makes me question how well it's monitored..
But apart from that, I just went there with AWeb..
It renders OK.. Better than some sites...
Still a bit slow..
I really don't see a problem with wanting a site that has fewer features / bells & whistles that works well on Classic Amigas..
It's pretty clear, and I agree, that trying to keep a site modern and still maintaining good backwards compatibility isn't worth the work.
You're not going to get the site admins here or other places spending a lot of time making sure their pages render well and fast on iBrowse and AWeb.
And that's OK. Their main audience are people who prefer more modern browsers.
But at the same time, I think its perfectly fine for someone to want a site that does cater to that crowd..
And as for the "fragmenting the user base" argument.. Really? This is the internet...
That's what it's all about.. ;-)
I only wish I was better with PHP, as I'd love a "classic Amiga" site without Javascript, CSS, and built for speed...
desiv
-
Well, apart from the fact that it's infected (which does happen to sites from time to time, but as orb says he mentioned it before) it makes me question how well it's monitored..
It's updated often enough with developer file links to Aminet. Making a site virus and hack proof isn't easy. Some anti-virus software gives virus warnings long after the virus is removed, too. The Amiga is immune to the viruses.
But apart from that, I just went there with AWeb..
It renders OK.. Better than some sites...
Still a bit slow..
Turn off background loading to speed rendering. If you have to have the background then consider a patch for exec.library/CopyMem() as that is what is used to copy the background to the window before rendering over it. My CopyMem patch for the 68060 and 68040 gives about a 35% and 40% speedup over AmigaOS 3.9 respectfully...
http://aminet.net/util/boot/CopyMem.lha
Sorry, I don't have a 68020/68030 version but there are older patches that probably give an acceptable speed up.
I really don't see a problem with wanting a site that has fewer features / bells & whistles that works well on Classic Amigas..
I thought UtilityBase already lacked most of the bells and whistles and worked well on old browsers. UtilityBase seems to be a nice cross Amiga platform developer site without the red vs blue wars. It could be a little more used though. There is also the EAB developer forum that is pretty active and works ok with old browsers. Nice atmosphere but maybe geared more for retro classic programming.
-
Well, if you refuse to explain why this new site is needed and what is wrong with UtilityBase, then I refuse to help with this project. Because I see it as splittism of the Amiga community.
Is the problem then that AWeb has issues with UtilityBase? This would indeed be a valid reason, I will confirm whether there is an issue.
I stopped visiting utilitybase because it has been infected with malware for about a year, and still isn't fixed. It's not the first time that it has been infected with malware for months either. Sure, it hasn't done any damage to my machine, and I could use an Amiga browser, but I don't trust a site that has been infected, and not fixed.
Added to that, submitted news articles tend to take days/weeks to get approved.
Hans
-
The malware in UtilityBase is a script src reference to a site that no longer exists. (It's not accessible from my ISP, anyway.)
I'd be happy with any forum with a PRE-compatible format tag. Syntax highlighting and standarized indenting would be cool, too.
-
>Added to that, submitted news articles tend to take days/weeks to get approved.
That they are only ever about OS4.0 is an even worse problem. But the forums are good, I have been given help there on obscure matters many times.
-
The malware in UtilityBase is a script src reference to a site that no longer exists. (It's not accessible from my ISP, anyway.)
It was taken down because of hosting Neosploit Toolkit (http://labs.m86security.com/2011/01/shedding-light-on-the-neosploit-exploit-kit/) content. However, it is only the 2nd URL that is broken, the actual script src URL works. Thus the attack could easily be made functional again...
Even more worrying is the fact that someone is able to modify the site content at will.
-
First, any site can be made to be secure. When you have a large hosting environment run by a huge corporation which hires trained monkeys, the servers typically do not get the kind of personal attention they should and things like security become less of a priority than they should be.
What's more distressing, though, is that the exploit was added AND NEVER REMOVED. I'm not sure which is worse - a site which has an admin who is simply not capable of fixing the issue and preventing future intrusion or a site which has an admin who just doesn't care.
Rewriting parts of sites to render functionally on older browsers is neither rare nor difficult. Lots of people are having their sites redesigned to work properly on iPhones and other small devices, and the sites are offering smaller page loads, too. This part isn't insurmountable. Heck, I still use links (which is like lynx) from time to time, and I think because of iPhones and the like MORE sites are working just fine. Only a neophyte makes a site which only has Flash content or which won't work without Java these days.
What really matters, though, is having an environment which is cared for and run by people who care. A typical hosting company isn't going to really care much beyond the possibility that they'd look bad if they don't make things run properly. They're certainly not going to care about the $10 a month they'd lose should a problem customer leave when they've got 10,000 other customers.
I'm not sure I understand the rationale behind the suggestion that people should use a site which isn't cared for and which has security issues - why would anyone want to do that when Cammy is putting in the effort to set something up properly?
-
@Hans
The very very first time I ever visited UtilityBase Safari told me the page was infected with Malware - not that I am bothered no-one writes viruses for MacOS X either lmao
But joking aside, I highly recommend OS4 Coding (http://os4coding.net/) as its nature successor. Still new, slowly zzzzz gathering pace. UB looks old, but at the end of the day its activity that matters and well UB fails there as well. There have been only 10 thread updates since 9th January.
-
@Piru
It was taken down because of hosting Neosploit Toolkit content. However, it is only the 2nd URL that is broken, the actual script src URL works. Thus the attack could easily be made functional again...
Yes, and I'm sure the authors are waiting for a fresh, undocumented exploit to abuse.
Even more worrying is the fact that someone is able to modify the site content at will.
What makes you sure it wasn't placed there by the site or hosting administrators in the first place? Buffy said it best: "... there's definitely something unnatural going on here. And that doesn't usually lead to hugs and puppies."
@johnklos
First, any site can be made to be secure.
No. All any developer or administrator can do is manage risk.
-
What makes you sure it wasn't placed there by the site or hosting administrators in the first place?
Of course I can't be sure. But it is far more likely that some automated bot using google and/or brute force scanning found the vulnerable forum software/cms and exploited it. The exploited site may have been sold to highest bidder on bulk pwned sites market even.
-
Perhaps, but it's not of much value to anyone who doesn't hold a grudge against the ten or so developers that still use it.
-
>I highly recommend OS4 Coding as its nature successor.
No, that won't do, as it is OS4-specific.
-
Regarding utilitybase.com I visited it today and Firefox is constantly redirecting it to another site (some pub thing...). I fear I got infected as using a free proxy (i.e. http://www.freesslproxy.com) doesn't get it redirected.
Can anyone confirm the redirection ?
And then people say x86 should be the only way, I still see a huge advantage to using another processor which is security, I'm allways a bit nervous when I use paypal on an x86 machine, specially windows of course (using xp64 here).
I miss the days when there were some dev discussions here on A.Org but it turned out to be so few of us I felt I was almost the last one posting my doubts in here.
-
Varning! This site is still infected!
The site was linked in another thread that i read earlier today (can't remember which one :/ ). Anyway, I went to the site and "Antivirus Antispyware 2011" started installing, windows popping up and other crap. My antivirus(Panda) was about 50% succesful in preventing this, but i managed to clean it out.
So beware ppl!
Btw, perhaps it's a "dead" site that nobody visits anymore? but i think it was linked today... ooh if i only could find the thread again :/
Ps. I feel so secure with windows....
-
Seems that Exploit.PDF-TTF.Gen is trying to remotely access or attack a program, computer or server.
-
And still the same problems. Nobody there cares?