Archive | General RSS for this section
Apr 1, 2013 

Protecting your configuration files on Project web

Disclaimer: despite the date, this is *not* a joke.

Over the weekend, we started noticing a number of projects had a message added to their Project web pages that stated:

“This is a project whose homepage has been hacked with the SourceForge backdoor by a 1337 hacker…”

Upon investigating we found that the affected projects had configuration files (which contained database usernames and passwords) that were world readable. In other words, anyone looking in the right place could get these usernames and passwords and have direct access to the database.

Setting proper permissions

To protect these passwords, we need to make sure that the permissions are set correctly. There’s already a ton of information around the web on basic UNIX style permissions, so in short, the web server uses the “group” permission, so that needs to have read permissions for the configuration file (g+r), but nobody else should (0-r). Generally speaking, for most config files, value you want is “rw-r—–” (or 640).

For further reading, see our Project web filesystem permissions doc.

Filezilla

You can change the filesystem permissions in a variety of ways. Using the graphical sftp client FileZilla for example, you can navigate to the file, right click it and select “File Permissions”.

filezille-permissions-1 filezilla-permissions-2

Shell or sftp command line

Or you can use “chmod” over command line sftp or the Shell Service:

sftp> chmod 640 /home/project-web/strawhat/htdocs/myawesomeapp/passwords.php
Changing mode on /home/project-web/strawhat/htdocs/myawesomeapp/passwords.php
sftp>

Resetting DB passwords

Once the file permissions are set correctly, you should reset your project database passwords and update your config files accordingly.

To update your passwords on the New SourceForge (aka Allura) system, go to Admin -> Tools, on MySQL card, “Admin MySQL Databases”

admin_db_pass_allura

On the Classic SourceForge system, go to Project Admin -> Feature Settings, in “Project Database (MySQL)” row, select “Manage”

admin_db_pass_classic

Other ways to protect yourself

  • Keep your SourceForge site credentials secure. Following standard best practices, ie., using secure passwords and don’t reuse passwords on multiple sites
  • Only add trusted users to Project Administrators
  • Keep your application up to date, especially for security fixes
  • Maintain regular backups

If you need further help with this, please let us know.

Mar 25, 2013 

Featured projects, March 25, 2013

  • x264vfw

    x264vfw is the VfW (Video for Windows) version of well known x264 encoder + ffh264 decoder (from FFmpeg/Libav project).

  • Battle for Wesnoth

    The Battle for Wesnoth is a Free, turn-based tactical strategy game with a high fantasy theme, featuring both single-player, and online/hotseat multiplayer combat. Fight a desperate battle to reclaim the throne of Wesnoth, or take hand in any number of other adventures.

  • Tcl

    Tool Command Language (Tcl) is an interpreted language and very portable interpreter for that language. Tcl is embeddable and extensible, and has been widely used since its creation in 1988 by John Ousterhout. See http://www.tcl.tk/ for more info.

  • SphinUX OS

    Know about Sphinux / Why Sphinux is not just another Linux distribution? 1- New hybrid optimized minimal kernel with AI capabilities . 2- XOR++ encryption technology for more security. 3- Optimized small memory footprint and CPU usage. 4- Tons of integrated applications with almost zero configuration out of the box. 5- The possibilities for Sphinux cutting edge OS platform technology are endless. See more information on Sphinux website http://www.sphinux.org/page.php?9

  • DropIt

    When you need to organize files, DropIt can eliminate much of the drudgery of searching and manually opening folders and moving files around. You can configure DropIt to perform 15 different actions on your files and folders (Move, Copy, Compress, Extract, Rename, Delete, Open With, Upload, Send by Mail, Create List, Create Playlist, Create Shortcut, Copy to Clipboard, Change Properties, Ignore), filtering files by name, directory, size, date, properties, content or regular expressions. You can even save sets of associations in profiles and associate a profile to each desired folder, to scan monitored folders at a defined time interval. Drop a group of different files and folders on the floating DropIt image and it sorts them to defined destination folders, compresses or extracts them, opens them with associated programs or performs other defined actions.

  • Gallery

    A slick, intuitive web based photo gallery. Gallery is easy to install, configure and use. Gallery photo management includes automatic thumbnails, resizing, rotation, and more. Authenticated users and privileged albums make this great for communities

  • GeoServer

    GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Designed for interoperability, it publishes data from any major spatial data source using open standards: WMS, WFS, WCS, WPS and REST

  • gretl

    GNU Regression, Econometrics and Time-series Library

  • Freeplane

    Application for Mind Mapping, Knowledge Management, Project Management. Develop, organize and communicate your ideas and knowledge in the most effective way.

Mar 16, 2013 

Live from PyCon 2013

We’ve had a great time already meeting lots of SourceForge users at our booth at PyCon.  It’s great to meet developers using SourceForge, and telling people about all the new features at SourceForge.

SourceForge / Allura booth

We’re giving away SourceForge mugs, so if you’re here at PyCon come by today to get one!

mugs

If you’re not at PyCon, you can still watch all the talks streaming live at http://timvideos.us/ today and tomorrow (Mar 16 & 17, PST daytime hours).  Slides are also being posted at https://speakerdeck.com/pyconslides  Learn something new about Python today!

Jan 29, 2013 

January 2013 Community newsletter: DOSBox is project of the month; Platform Updates; New Year’s Resolutions; Help Wanted;

If you missed the community newsletter, you can sign up for it on our website.

Happy New Year! Here’s hoping that your 2013 is prosperous and productive, and that time for Open Source finds its way into your new year’s resolutions.

DOSBox is Project of the Month

We’re proud to announce that DOSBox is the January 2013 Project of the Month. It also has the distinction of being the first project ever to receive this honor twice, winning it in May 2009 as well.

DOSBox emulates a full x86 pc with sound and DOS. Its main use is to run old DOS games on platforms which don’t have DOS (Windows, Linux, FreeBSD and Mac OS X).

We spoke with two of the development team on IRC, and that entire interview can be seen on our blog, at http://sourceforge.net/blog/potm-201301/ and you can see all past POTM recipents at http://sf.net/potm

Please also take a moment to vote for the February project of the month, at http://sourceforge.net/blog/vote-potm-201302/ (Note: vote is now closed.)

Site Updates

We’ve had a great month for updates to the developer platform. Since the last mailing, we’ve added a number of important features, or improved existing ones. Of course, you’ll only have access to these improvements if your project is using the new Sourceforge. If you haven’t upgraded already, now’s the time. Go to https://sourceforge.net/p/upgrade and press the upgrade button to get on board.

Linking your project to your Twitter stream – http://sourceforge.net/blog/your-projects-twitter-stream/ This is the first in a series of updates the platform that will let you more easily publicize your work via Twitter and other social media channels.

Side-by-side diffs – http://sourceforge.net/blog/platform-updates-side-by-side-diffs/ We’ve added a side-by-side view to the diff tool when reviewing changes in your SCM. This makes it really easy to tell at a glance what changed and where.

SVN was upgraded to 1.7.7 – http://sourceforge.net/blog/svn-upgraded-to-1-7-7/

Menu cleanup for projects with lots of tools – http://sourceforge.net/blog/platform-update-menu-cleanup/ Projects with large numbers of code repositories, ticket trackers, or other tools can now consolidate tools of the same type into a single menu item, and thus avoid navigation menu clutter.

Ticket tracker reporting customization – http://sourceforge.net/blog/platform-update-tracker-columns Project admins can now customize what columns are shown in their ticket tracker list view, adding (or removing) several columns that were not available in this view before.

As always, we encourage you to vote on tickets in the tracker – https://sourceforge.net/p/allura/tickets/ – to influence what will be worked on next.

New Year’s Resolutions

It’s not too late to make some New Year’s resolutions, and maybe SourceForge can help you with some of them. You can update your resumé with some great templates (http://templates.openoffice.org/en/taxonomy/term/158) and Apache Open Office (https://sourceforge.net/projects/openofficeorg.mirror/), automate your home lights with MisterHouse (http://sourceforge.net/projects/misterhouse/) or rearrange your living room with SweetHome3D (https://sourceforge.net/projects/sweethome3d/).

And getting involved in an Open Source project is a great New Year’s resolution. Use TortoiseSVN (https://sourceforge.net/projects/tortoisesvn/) to ease the learning curve into participation, and check out our Help Wanted forum (https://sourceforge.net/p/forge/helpwanted/) for ideas of where you might be able to plug in.

For more ideas of using Open Source in 2013, see some of our resolutions on our blog at http://sourceforge.net/blog/new-years-resolutions/

Help Wanted

With over 300,000 projects and almost 3.5 million users, it can be a little difficult to match up a developer with a project. The Help Wanted forum (https://sourceforge.net/p/forge/helpwanted/) is one attempt to get projects in touch with developers and vice versa.

If you want to work on something, have a look to see what projects are looking for help. Or, if your project needs something, posting there should be part of your search process.

The EasyObject project is looking for people to help them with testing. EasyObjects is a PHP5 and jQuery web application framework. You can engage with the community at https://sourceforge.net/p/easyobject/discussion/testing/

The superbios project (https://sourceforge.net/projects/superbios) is looking for developers. You can respond to their posting at https://sourceforge.net/p/forge/helpwanted/programmers/thread/e664c976/

And numerous developers are looking for projects that need their particular skills. (https://sourceforge.net/p/forge/helpwanted/developers/) If your project needs help, start there, and be sure to check back often to follow up.

Top Growth Projects

Here’s the projects that have seen the fastest growth in the last month. There’s some familiar ones, and a few we haven’t seen before. Thanks to all of them for being part of the SourceForge community.

Media Player Classic – Home Cinema: Home of Media Player Classic – Home Cinema. This project is based on the original Guliverkli project, and contains additional features and bug fixes (see complete list on the project’s Website). http://sourceforge.net/projects/mpc-hc

Classic Shell: Classic Shell adds some missing features to Windows 7 and Vista like a classic start menu, toolbar for Explorer and others. http://sourceforge.net/projects/classicshell

Whited00r: A custom iOS firmware for older devices. http://sourceforge.net/projects/whited00r

Megacubo: Megacubo is a IPTV tuner application written in PHP + Winbinder. It has a catalogue of links of TV streams which are available for free in the web. At the moment it only runs on Windows (2000, XP, Vista and Seven). http://sourceforge.net/projects/megacubo-br

avidemux-mswin: Avidemux builds for Microsoft Windows http://sourceforge.net/projects/avidemux-mswin

InstagramDownloader: Instagram Downloader ( Public Accounts) http://sourceforge.net/projects/instagramdownlo

Open Broadcaster Software: Free and open source software for media streaming. http://sourceforge.net/projects/obsproject

Linux-on-android: Working to getting a range of Linux distros running on android http://sourceforge.net/projects/linuxonandroid

DVDStyler: DVDStyler is a cross-platform free DVD authoring application for the creation of professional-looking DVDs. It allows not only burning of video files on DVD that can be played on standalone DVD player, but also creation of individually designed DVD menus http://sourceforge.net/projects/dvdstyler

calibre: calibre – Ebook management http://sourceforge.net/projects/calibre

MediaPortal: Turn your PC into a very advanced MediaCenter/HTPC http://sourceforge.net/projects/mediaportal

WinDS PRO: Pack de Emuladores de Game Boy (Color) (Advance) y Nintendo DS. http://sourceforge.net/projects/windspro

UltraStar Deluxe: singing game http://sourceforge.net/projects/ultrastardx

aMSN: MSN compatible messenger application http://sourceforge.net/projects/amsn

Bodhi Linux: Bodhi is a minimalistic, enlightened, Linux desktop. http://sourceforge.net/projects/bodhilinux

StrongDC++: This project allows connecting, file sharing and chatting in Direct Connect and ADC networks. http://sourceforge.net/projects/strongdc

FreePOPs: FreePOPs is a webmail to pop3 conversion daemon. It is extensible to support other webmail using the scripting language LUA. See the homepage for supported webmails. http://sourceforge.net/projects/freepops

Lightweight Java Game Library: The Lightweight Java Game Library (LWJGL) is a solution aimed directly at professional and amateur Java programmers alike to enable commercial quality games to be written in Java. LWJGL provides developers access to high performance crossplatform libraries such as OpenGL (Open Graphics Library), OpenCL (Open Computing Language) and OpenAL (Open Audio Library) allowing for state of the art 3D games and 3D sound. Additionally LWJGL provides access to controllers such as Gamepads, Steering wheel and Joysticks. All in a simple and straight forward API. http://sourceforge.net/projects/java-game-lib

Open Nautical Charts: Open Nautical Charts produce seacharts for everybody. This charts are usable (offline) with several ship-plotters and Navigation-equipement on board. kap. KMZ WCI. Png Jpr png-cal For example with Open CPN. http://sourceforge.net/projects/opennautical

gpw: Guv’nor Portable Workspace aims to bring many of your favourite applications in a ‘portable’ format, so you can use them anytime, anywhere… directly running from a USB removable device. http://sourceforge.net/projects/gpw

In Closing …

Thanks for being part of the SourceForge community!

If you want more frequent updates than this newsletter, there’s several places where we make those updates. We’re on Twitter – http://twitter.com/sourceforge. We’re on Facebook – https://www.facebook.com/sourceforgenet. We’re on Google+ – https://plus.google.com/u/1/102470258162390195749/posts. And if you follow the opensource and software Reddits, http://www.reddit.com/r/opensource and http://www.reddit.com/r/software respectively, you’ll see the occasional post from us there, too.

And our blog – http://sf.net/blog – is where we post longer articles about our projects and our platform.

Keep hacking!

The SourceForge Community Team
communityteam@sourceforge.net

Jan 24, 2013 

Github Projects Downloads are Welcome

As you might have heard few weeks ago Github has disabled their file upload feature. Of course projects hosted on Github can still serve source code downloads, but they can no longer upload files that are separate from versioned files.

Since Github is deprecating the Downloads tab, Github recommends few options to projects that need to host binary files. We are happy to see our name among those suggestions, and we thank Github for the mention.

SourceForge as a trusted partner for open source welcomes you to distribute your releases via SourceForge even if your code is developed elsewhere. By distributing your releases at SourceForge, you’ll get the following advantages.

Free Unlimited Bandwidth

Reduce overhead and provide a better experience by using the largest free managed global mirror network. We serve 4.8 million downloads per day, and we move over 2 PB data monthly.

Analytics

Follow the trends that enable you to create better software. Learn more about where your project is popular, and what operating system your users use.

Premier Visibility

Reach more users and gain market share in the open source landscape. 41.8 Million unique visitors come to us every month, your chance to improve your project outreach.

A Trusted Name in Open Source

Since 1999, thousands of projects have chosen SourceForge to host not just their source code, but also their project communities. You’ll be in great company.

Get Started

If you want to provide downloads for your Github project, you’ll need to follow these steps:

1) If you don’t already have one, create a SourceForge account.

2) Create a project. You’ll want to uncheck the Git tool, since you’ve already got that, but you can add whatever tools you don’t already have elsewhere.

3) On your new project page, click the Files link and upload your release.

4) Link to your files page from your Github wiki, so that folks know where to go to get releases.

Feel free to contact us if you have any new release in the pipe, we are here to help you through our blog and our newsletter. Drop us an email at communityteam@sourceforge.net

Older Entries »