Ive been hearing alot of “splunk this” and “splunk that” from a colleague of mine, so i finally decided to check it out myself. Though it is a neat tool that make syslog log-analysis easier, it does come at a price in more than one way.

First of, its extremely expensive. Second of, you sign away your soul in their EULA.

Heres a few things i find horrific (a few copy&paste from their EULA, emphasis added by me):

“You agree not to (i) use the Software except as expressly authorized in this Agreement and your Order Confirmation;”

Right, so if its not expressively authorized in the agreement to, say, have splunk analyze your calendar instead of a log, youre in violation? Dont be creative, is the message. Dont worry, it gets worse:

“[You agree not to] (vi) disclose to any third party the results of any benchmark tests or other evaluation of the Software,..”

You are not allowed to publish a benchmark!?? How f*cking DARE they?? Even worse, you’re not allowed tell ANYBODY what you think of (or how you “evaluate”) the software. Microsoft had the same benchmark clause many many years ago for their SQL-Server product, but grew up.

“At Splunk’s written request, you will furnish Splunk with a certification signed by an officer of your company verifying that the Software is being used in accordance with the terms and conditions of this Agreement and the applicable Order Confirmations.”

A bit excessive, but all good and well. If they ask if youre cheating, you should at least give them the guarantee that you’re not. But hold on to your horses:

Upon at least ten (10) days prior written notice, Splunk may audit your use” …. ” Any such audit will be conducted during regular business hours at your facilities“ … “You will provide Splunk with access to the relevant records and facilities“

Riiight. So all Gestapo like, they’ll show up at your door, demanding access to “records and facilities”. And according to the agreement, you MUST find time for them and they dont have to pay for all the time they waste. This is very extreme and not something you’d expect be possible anywhere in the western world, but here it is.

“You agree that Splunk may identify you as a Splunk customer on Splunk websites, client lists, press releases, and/or other marketing. You also agrees that Splunk may publish a brief description highlighting your deployment of the Software.”

Lastly, once you give them all your money for their tool, they can use your name, for free, in commercials and on their website.

They can even tell the world the exact details of your installation. So no confidentiality agreement there. And if youre running a sensitive facility, like a bank or like me, internet payments (adhering to the PCI standard), you may actually be prohibited from disclosing details of your setup publicly.

So you cannot agree to this (piece of garbage) EULA.

Shame on you Splunk! This is the WORST EULA i’ve EVER read, and i’ve read a few in my life time. Any Linux/Unix/Freedom lover should reject this promptly!. And if you’ve already bought Splunk, write them, demanding an explanation for these digital-rights atrocities. (even better; ask for your money back or sue them ;))

The Problem

When i first discovered this, my world shattered for a couple of hours. Ive been working with Unix & Linux for more than 15 years and my brain was firmly wired with the notion that “A file owned by root, cannot be touched by any other user” (unless, of course, the user is giving explicit permissions to do so via chmod 777 or the likes).

So when i discovered that a file, owned by root, with nothing but read permissions, had been deleted by an FTP user, i started hunting for exploits in the FTP daemon. In this case it was vsftpd.

I quickly saw in the source code of vsftpd, that all it did was leave the permission decision up to the filesystem/linux kernel. So i started googling. Apparently i wasn’t the only one with this issue and i found posts relating to ProFTPD as well. And the answer was almost always “thats just the way it is, get used to it” without the actual explanation.

So is this an FTP server issue? A lot of answers i found on the net would suggest yes. But actually this is not true. And actually its not even a bug.

Heres a test that may surprise a lot of people (it sure surprised me):

As root:

(back as normal user)

The file is successfully deleted. Whoa.. Brainfreeze!.

Let me explain in detail and then give you a “fix”.

Read the rest of this entry »

Holland beware. Several thousand hackers & nerds from all over the world are marching towards your country.

At last, at last. Time to crawl outside our dungeons,
defy the Evil Daystar (even though it is trying to kill us) and make our way towards the “Hacking-At-Random” camp in Holland.

Its almost here!..  August 13-16.
We have moved all “camp” related stuff to our new blog on http://camp.hacker.dk. If you wish to follow our exploits (so-to-speak) while we’re there, camp.hacker.dk is the place to look. It will most likely be in Danish, but there will be photos (and cake!) so come on over anyway.

Dropbox (dropbox.com) has been getting a lot of attention in the open source community lately, mainly due to the fact that people think the client is open source.

Before i start, id like to say that i do think Dropbox is pretty neat and i also think close source has its place in the world, though i would always personally choose the open alternative.

Anyway… “Dropbox is not open?!?” you say, “But the source is available on their webpage?”. This is correct and very very wrong at the same time. The Nautilus plugin is open, but contrary to common belief, it is NOT the dropbox client. Once you’ve installed the Nautilus plugin (which is 66k) it will download 35megs of closed souce in the background into the folder ~/.dropbox-dist. Without asking permission.

The Nautilus plugin only does a few things like enabling the dropbox right-click menu, handling the icon-overlay in nautilus and so forth. Basically the Nautilus plugin only handles the “visual stuff”:

All the “real stuff”, network- and filewise, happens in a “small” 7.8meg (closed-source) daemon called “Dropboxd”.
The plugin talks to the daemon through a named pipe (fifo pipe) located in ~/.dropbox/. Dropboxd itself is made in python and compiled into a binary.

It uses a lot of well known libraries like rsync, zlib, the bz2-lib, SDL, libfreetype, openssl, sqllite ect.ect, all downloaded in binary form through the before mentioned background process and saved to ~/.dropbox-dist.I havent checked the licenses of the libs used, but i assume they all allow for closed source distribution.

It doesnt bother me that people make closed source software using open source libraries* (except when Microsoft does it), but what does bother me, is the feeling of being tricked into installing a closed-source app on my open source system.

* when they give a little code back to the community. Imagine how fast open source would move if all proprietery projects gave back 5-10% code.