Archive for the ‘OSGeo’ Category
Webinar Series: TECH 101 – Mashups For Planning
Related:
* Mash-ups as Planning Tools
* GISP and AICP
* Technology Division of the American Planning Association (APA) Webinar Series – TECH 101: Mashups for Planning
* APA Technology Division: Education
* APA Technology Division Webinar Series: Event
Why Contribute
Paul Ramsey points to Danny de Vries‘s take on Free and Open Source Software for Geospatial [FOSS4G] 2007:
“What we saw was a young and passionate movement not-so-subtly showcasing their dedication for open-source as a tool by which to challenge corporate, or closed-source, IT monopolies in the geospatial domain.”
I want to underline the ‘showcasing’ part. It is important to not ignore why that is significant for contribution to opensource, which as some would like you to believe is often lacking direction and profit and not the best use of your time. And it can be summarized like so:
+—[IN]—> LEARN
CONTRIBUTE —|
+—[OUT]—> SHOWCASE —> GET WORK
–π
Related:
My Pick of FOSS4G 2007 Presentation Submissions
Contribute
MapServer’s Claim to Fame?
I was a little surprised to find MapServer listed on Nessus- the network vulnerability scanner website chugging along on Apache/PHP: Its mention points to greater usage than earlier anticipated. So if even AGG- its Google-esque 5.0 rendering backend is not enough, here‘s another reason for -4.10.3 users to upgrade:
Synopsis:
The remote web server contains CGI scripts that are prone to arbitrary remote command execution and cross-site scripting attacks.Description:
The remote host is running MapServer, an opensource internet map server.The installed version of MapServer is vulnerable to multiple cross-site scripting vulnerabilities and to a buffer overflow vulnerability. To exploit those flaws an attacker needs to send specially crafted requests to the mapserv CGI.
By exploiting the buffer overflow vulnerability an attacker would be able to execute code on the remote host with the privileges of the web server.
Solution:
Upgrade to MapServer 4.10.3.
Notice how their solutions are always short and sweet. Savvy programmers/developers would know of a couple of other ways to fail such automatic scanning.
On Nessus, MapServer shares the company of the spatial heavy-weight: Google Earth- ‘heap overflow in the KML engine [FreeBSD]‘. Given Nessus’s reputation in the enterprise class, ESRI’s ArcGIS Server and ArcIMS are both conspicuous by their absence- impossibly secure? less likely; less widespread and not sufficient to warrant a mention, atleast in the enterprise community? quite possible.
–π
Related:
US-CERT Vulnerability Notes Database
My Pick of FOSS4G 2007 Presentation Submissions
An impressive summary of presentations, but my professional favorite would be ‘IBM DB2 Express-C: A Free Database for Open Source Spatial and XML Development’. Although something tells me that something else might be the crowd favorite.
On DB2 Express-C: It went free soon after its counter-weights Oracle XE and SQL Server XE last year, but its press “news” release has not found its way into major SIS publications. DB2′s continued advancements in the free spatial database market could only make things tighter for PostgreSQL+PostGIS.
–π
Related:
Free and Open Source Software for Geospatial [FOSS4G] 2007
‘DB2 Express-C, the developer-friendly alternative’
‘Oracle XE and Geospatial Information Systems: An Interview with
Dennis Wuthrich of Farallon Geographics’