BXTra.net

Two months after the release of the milestone v24 we are happy to give a refined release to the public, v24 SP1. Besides the official support of new hardware platforms and the addition of some new features we did enhance the usability and stability of many functions inside DD-WRT. We did also incorporate the patches for the recently published dns exploit issue. We'd like to make clear that the DD-WRT default configuration in v23 / v24 is not vulnerable, so there was and is no risk for dd-wrt users. There was also a security issue in the site survey that is not published yet and is fixed in the v24 SP1.

Thanks to all the people out there that give us reports and did help us identify issues, we are glad that there are so many people that support this project.

(Almost) Complete list of enhancements in v24 SP1:

Special enhancements

* ZeroIP in Services->Hotspot added (mini,std special only)
* UP/DOWN shaping for ip and mac finally working

Overall enhancements

* DNS security fix for dnsmasq
* Site Survey security fix (http://www.mwrinfosecurity.com/publications/mwri_dd-wrt-ssid-script-inje...)
* Passwords longer chan 8 characters are now supported
* forced password change on first installation
* support for swedish language
* enhanced italian language
* mac address correction for DIR-400 devices
* decrease memory footprint for micro distribution
* reintroduce sputnik in micro
* sputnik fix for server type
* VAP bssid fix for Broadcom devices (fixes various wpa issues)
* chillispot key server update to key.chillispot.info
(changed on request by chillispot.info since chillispot.org is not available anymore)
* more flexible openvpn configuration
* work around for chillispot crashes, caused by a mikrotik bug
* allow more flexible vlan configurations
* support for vlan trunking on broadcom switches (except gigabit)

New Hardware supported

* support for WRT300 v1.1
* support for WRT310N
* support for WRT600N v1.1
* support for new Netgear, Belkin and USR devices
* support for Tonze AP42X (Xscale)
* support for Pronghorn SBC (Xscale)
* support for Ubiquiti LSX devices

Special enhancaments for atheros based radios

* Noise Immunity configuration for atheros cards
* RTS/CTS configuration for atheros based cards
* performance increase and fixes for atheros cards
* TX PA detection for some atheros cards (to adjust displayed output power and to correct power setting)

...and some other hidden, invisible, forgotten enhancements.

- Source
- DD-WRT Homepage
- Supported Hardware
- Download

Drupal 5.9 released, fixing security issues

Drupal 5.9 has been released to correct a vulnerability that was inadvertantly left in Drupal 5.8

Drupal 5.9 Release Note

The ninth maintenance and security release of the Drupal 5 series. Only fixes for security vulnerabilities and other bugs have been committed. New features are only being added to the forthcoming Drupal 7.0 release.

This release fixes a security vulnerability. Sites are urged to upgrade immediately after reading the security announcement:

* SA-2008-046 - Drupal core - Session fixation

In addition to this security vulnerability, the following bugs have been fixed in the 5.9 release:

* #281042 by schuyler1d. Render blocks before CSS and JS header generation.
* #232433 by Damien Tournoud. Use non-localized date for RSS.
* #281494 by beeradb. Code style.
* #252580 by Robert Douglass, Gerhard Killesreiter, flobruit: avoid division by zero, when all search weights are set to 0.
* #252921 by David_Rothstein and agentrickard: remove unused join, which caused column type compatibility problems with postgresql; improves postgresql compatibility.
* #128846 by takashi, chx, bdragon, wedge, salvis, Shiny: rewritten queries on PostreSQL need to have matching DISTINCT ON and ORDER BY expressions
* #280934. Make sure session is always regenerated.

Drupal 6.3 and 5.8 released, fixing security issues

More information can be found -> HERE

Drupal 6.3 and Drupal 5.8, maintenance releases fixing problems reported using the bug tracking system, as well as security vulnerabilities, are now available for download. Drupal 6.3 also includes some changes to the installer to prevent file ownership issues on shared hosts; upgrades jQuery to version 1.2.6; improves PostreSQL compatibility; fixes performance issues in search, menu and form API and contains a variety of other small improvements. It should also be noted that the Views for Drupal 6 release candidate requires Drupal 6.3 to run properly.

Mozilla will release the next version of its Firefox browser on Tuesday and attempt to set a Guinness World Record for software downloads.

The company has deemed June 17 "Download Day," part of a campaign unveiled on May 28 asking users to download Firefox 3 on the first day it is released to set what very well may be the geekiest world record ever-- the largest number of software downloads in 24 hours.

To help its cause, Mozilla is hosting a Download Day event, the Camp Firefox BBQ, at its offices in Mountain View, California, on Tuesday. The company also has asked Firefox fans to host parties to encourage friends to download with them, and place "Download Day" buttons on their Web sites as reminders of the big day.

Currently, there is no world record for software downloads; Mozilla is trying to create one.

Release Candidate 3 of Firefox 3 is currently available online for free download. A list of the browser's new features also is available online.

In case you don't know what is DD-WRT. It's a firmware to use with many routers to get more features that original firmware doesn't provided. If I remember correctly, it was originally for Linksys WRT54G router. Later, the firmware can be used with many other brands and devices.

We are very proud to release the final DD-WRT v24 to the public. After months of development and bug fixing we are sure this release is as stable and reliable people expect a DD-WRT major release to be. The v24 binaries are now available in the download section (click here).

DD-WRT v24 offers many new features, on of the most important is support of Atheros wlan chipsets and SOC designs. By supporting special features of the Atheros wireless designs like half- and quarter channels and extended channel support DD-WRT is now perfectly suited for long range wireless links. With this DD-WRT is now also supporting the whole Ubiquity line of wireless products using all available features the hardware offers.

Highlights of DD-WRT v24:
- Virtual SSIDs, Virtual DHCP-Servers, PPTP over WAN enhencements, Bridging + VLAN support, VDSL Support, OLSR-Routing / Freifunk, My Ad Network (powered by AnchorFree), Quaqqa instead of Bird (in X86 + Xscale default), PPPOE-Server, EOIP-Tunnel, Network configuration enhencements, UP-Downstream (QOS), New Packet Scheduler HFSC, Save & Apply, extended DDNS options, extended status information, New Languages, Sipwerk integrated Milkfish into the new release, turning every DD-WRT router into a SIP-aware firewall.

New hardware platforms:
- X86, Avila Gateworks, Cambria Gateworks, Atheros Soc (for a list, please look into the Download Section), Compex,Senao, Fonera, Ubiquiti

Thanks for all the help and response we got.

- DD-WRT Homepage
- Supported Hardware
- Download

Today Microsoft announced the release of Windows XP Service Pack 3 (SP3) to Windows Update and Microsoft Download Center. We also resumed automatic distribution of Windows Vista SP1. We will begin automatically distributing Windows XP SP3 in early summer.

As mentioned last week, we uncovered a compatibility issue between Microsoft Dynamics Retail Management System (RMS) and both Windows XP SP3 and Windows Vista Service Pack 1 (SP1). To help protect customers, we put filtering in place to prevent Windows Update from offering both service packs to systems running Microsoft Dynamics RMS. We are still testing a fix and are working to make it publicly available via Microsoft Download Center this month.

Until then, we advise Microsoft Dynamics RMS customers to not install either service pack. Microsoft Dynamics RMS customers running Windows XP SP3 or Windows Vista SP1 should contact Microsoft Customer Support Services for additional information.

As mentioned in my RTM post, Microsoft will monitor this forum for the next few weeks in case you have additional feedback about the release of Windows XP SP3.

The Windows XP Support Forum has pointers to standard information about Windows XP Service Pack 3. Also, the Windows XP SP3 TechNet portal is now updated as well.

Many thanks,

Chris Keroack
Release Manager, Windows XP Service Pack 3
Windows Serviceability

Source : Technet Forum
Download Location :
- Windows Update
- Windows XP Service Pack 3 Network Installation Package for IT Professionals and Developers (316.4 MB)
- Windows XP Service Pack 3 Checked Build Network Installation Package (342.9 MB)
- Windows XP Service Pack 3 MUI Pack Update (9.1 MB)
- Windows XP Service Pack 3 - ISO-9660 CD Image File (544.9 MB)
- SMS Template Files for Windows XP Service Pack 3 Deployment

Other Resources :
- Windows XP Service Pack 3: What is new and how to deploy
- Release notes for Windows XP Service Pack 3
- List of fixes that are included in Windows XP Service Pack 3

Drupal 6.2 is now available HERE

Drupal 6.2 Release Note

This release fixes security vulnerabilities and also changes APIs. Sites are urged to upgrade immediately after reading the security announcement:

* SA-2008-026 - Drupal core - Drupal core - Access bypass

In addition to this security vulnerability, the following bugs have been fixed since the 6.0 release:

* #228120 by jvandyk: typo in documentation in comment.tpl.php
* #226480 by gpk: fix wording on when node access rebuild button is displayed in node_configure()
* #229817 by mcarrera: l() attributes were not properly specified in theme.inc's theme_username()
* #234403 by alienbrain: PHP.net documents we should use CRLF in mail headers, so do that
* #226555 by jvandyk, Rok Zlender: fix notice level error in xmlrpc.inc
* #204415 by chx: actually use 'administer content types' permission for node type editing instead of 'administer nodes'
* #234699 by hass: theme_link() did not mark frontpage links active properly
* #237717 by hass: missing t() in system_clear_cache_submit()
* #232037 by pwolanin: (performance) block regions should only be populated when called for, not in all cases (fixes performance expectation on 403/404 pages)
* #226728 by chx: (performance) temporary cache table entries were not flushed, causing cache_menu and cache_form to grow big
* #231587 by pwolanin, killes: (performance) use two level cache in menus, instead of storing very large amounts of data multiple times
* #239196 by jvandyk and myself: missing status check on nodes in search indexing counter
* rolling back #234403 by Bevan and damz: we should keep using LF in mail headers, without CR, CRLF causes problems
* #238564 by scor: two missing t() calls in update.module
* #241629 by solotandem: dblog module left one more row in, when cleaning up in cron
* #244597 by kbahey: remove cruft from user_login(), that added extra message to the form was never used or displayed

Australia’s first WiMAX operator, Hervey Bay’s Buzz Broadband, has closed its network, with the CEO labeling the technology as a “disaster” that “failed miserably.”

In an astonishing tirade to an international WiMAX conference audience in Bangkok yesterday afternoon, CEO Garth Freeman slammed the technology, saying its non-line of sight performance was “non-existent” beyond just 2 kilometres from the base station, indoor performance decayed at just 400m and that latency rates reached as high as 1000 milliseconds. Poor latency and jitter made it unacceptable for many Internet applications and specifically VoIP, which Buzz has employed as the main selling point to induce people to shed their use of incumbent services.

Freeman highlighted his presentation with a warning to delegates, saying “WiMAX may not work.” He said that the technology was still “mired in opportunistic hype,” pointing to the fact most deployments were still in trials, that it was largely used by start-up carriers and was supported by “second-tier vendors”, which he contrasted with HSPA with 154 commercial networks already in operation and support from top tier vendors.

What made Freeman’s presentation most extraordinary was that just 12 months ago he fronted the same event with a generally positive appraisal of the platform which at that stage he had deployed just a few months before. At the time, Freeman said that his company had signed 10% of its 55,000 user target market in just two months, a market share that rose to 25%, on the back of an advertising campaign that highlighted value VoIP prices.

I just ran into a document stating that RAID 10 is not equal to RAID1+0 . Below is what she said :

There is little documentation on Linux's RAID 10, or how it differs from RAID 1+0. Fortunately, some readers passed on some good information on what RAID 10 is, and what sets Linux's implentation apart. First of all, never mind that everyone says that RAID 10 and 1+0 are the same thing and that even man md says this — they're not the same. RAID 10 is a new type of array; it is a single array, it can have an odd number of drives, and the minimum required are two. RAID 1+0 is a combination of multiple arrays, it requires at least four disks, and must always have an even number.

Below is the comparison:

I got Promise Technology SmartStor NS4300N Network Attached Storage (NAS) for many months ago but didn't really use it until I found out that there is a permission problem with it. Since I got it, I just moved all of my files and folders inside one folder on NAS. (Let's say "Temp") A few days later, I created some other blank folders at the same level as “Temp” folder and set some permission for different people. My plan is to organized all files and folder under “Temp” sometime soon.

Last month, I started to organize my files and folder. Before that, I found that there was a new firmware came out. So, I just upgraded firmware from 01.02.0000.05 to 1.03.0000.06. Started to move files from “Temp” folder to other folders but I ran into permission problem on many files and folders. This is strange but I found that the problem is about Owner of those files and folders were different. I had to change owner under FTP program. (CHOWN) Since there were a lot of files and folders I had to go through, I finally gave up.

I've contacted Promise Support and they answered me that there was no known problem about permission with this new firmware. I also asked him if it’s possible to get into SSH but he said there was no way to do that. (But I found a way later on this website and this one but I never tried that though.) They asked if I can try to refresh permission under web interface and see if it is solved or not. I replied back to ask if he can tell me step by step how to do that. Never get answer back from them ever since.

I, then, found this link -> http://forums.dpreview.com/forums/read.asp?forum=1023&message=25115423 - Here is what creaturejbl said :

Their answer - Yes, this is a well know bug on permission control. They suggest me just return the product to store.