[ Ø ] Harsh Prakash – GIS Blog

Quiet Musings On Applied Spatial (Health, Disaster, Technology, Planning et al.)

Archive for the ‘OSGeo’ Category

How We Balanced Proprietary With Opensource Software And Saved Tax Dollars, And You Can Too

without comments

It all began with a question – “Can we do with out?”.

GIS@NIH

Enterprise Architecture > Technology Architecture > Geographic Information System (GIS):
* Geographic Information System (GIS) Pattern
* GIS Desktop Brick
* GIS Virtual Globe Brick
* GIS IMS Brick
* GIS Web Service Brick

Related:
* GIS Market Study of Internet Mapping Server (IMS) – Summary – Requirements and Comparison Matrix (2006)

Why Contribute

without comments

Paul Ramsey points to Danny de Vries‘s take on Free and Open Source Software for Geospatial [FOSS4G] 2007:

“What we saw was a young and passionate movement not-so-subtly showcasing their dedication for open-source as a tool by which to challenge corporate, or closed-source, IT monopolies in the geospatial domain.”

I want to underline the ‘showcasing’ part. It is important to not ignore why that is significant for contribution to opensource, which as some would like you to believe is often lacking direction and profit and not the best use of your time. And it can be summarized like so:

                        +—[IN]—> LEARN
CONTRIBUTE —|
                        +—[OUT]—> SHOWCASE —> GET WORK

–π

Related:
• My Pick of FOSS4G 2007 Presentation Submissions
• Contribute

Written by Harsh

November 22nd, 2007 at 12:07 am

Posted in OSGeo,Programming

Tagged with ,

MapServer’s Claim to Fame?

with one comment

I was a little surprised to find MapServer listed on Nessus– the network vulnerability scanner website chugging along on Apache/PHP: Its mention points to greater usage than earlier anticipated. So if even AGG– its Google-esque 5.0 rendering backend is not enough, here‘s another reason for –4.10.3 users to upgrade:

Synopsis:
The remote web server contains CGI scripts that are prone to arbitrary remote command execution and cross-site scripting attacks.

Description:
The remote host is running MapServer, an opensource internet map server.

The installed version of MapServer is vulnerable to multiple cross-site scripting vulnerabilities and to a buffer overflow vulnerability. To exploit those flaws an attacker needs to send specially crafted requests to the mapserv CGI.

By exploiting the buffer overflow vulnerability an attacker would be able to execute code on the remote host with the privileges of the web server.

Solution:
Upgrade to MapServer 4.10.3.

Notice how their solutions are always short and sweet. Savvy programmers/developers would know of a couple of other ways to fail such automatic scanning.

On Nessus, MapServer shares the company of the spatial heavy-weight: Google Earth– ‘heap overflow in the KML engine [FreeBSD]‘. Given Nessus’s reputation in the enterprise class, ESRI’s ArcGIS Server and ArcIMS are both conspicuous by their absence- impossibly secure? less likely; less widespread and not sufficient to warrant a mention, atleast in the enterprise community? quite possible.

–π

Related:
US-CERT Vulnerability Notes Database

Written by Harsh

November 10th, 2007 at 10:46 pm

Posted in IMS,OSGeo

Tagged with , ,

My Pick of FOSS4G 2007 Presentation Submissions

with one comment

An impressive summary of presentations, but my professional favorite would be ‘IBM DB2 Express-C: A Free Database for Open Source Spatial and XML Development’. Although something tells me that something else might be the crowd favorite.

Pi: Quiet Musing

On DB2 Express-C: It went free soon after its counter-weights Oracle XE and SQL Server XE last year, but its press “news” release has not found its way into major SIS publications. DB2’s continued advancements in the free spatial database market could only make things tighter for PostgreSQL+PostGIS.

–π

Related:
• Free and Open Source Software for Geospatial [FOSS4G] 2007
• ‘DB2 Express-C, the developer-friendly alternative’
• ‘Oracle XE and Geospatial Information Systems: An Interview with
Dennis Wuthrich of Farallon Geographics’

Written by Harsh

May 5th, 2007 at 11:12 am

Posted in GIS,OSGeo

Tagged with ,