Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Software > Calibre

Notices

Reply
 
Thread Tools Search this Thread
Old 06-06-2018, 12:22 AM   #16
Terisa de morgan
Wizard
Terisa de morgan ought to be getting tired of karma fortunes by now.Terisa de morgan ought to be getting tired of karma fortunes by now.Terisa de morgan ought to be getting tired of karma fortunes by now.Terisa de morgan ought to be getting tired of karma fortunes by now.Terisa de morgan ought to be getting tired of karma fortunes by now.Terisa de morgan ought to be getting tired of karma fortunes by now.Terisa de morgan ought to be getting tired of karma fortunes by now.Terisa de morgan ought to be getting tired of karma fortunes by now.Terisa de morgan ought to be getting tired of karma fortunes by now.Terisa de morgan ought to be getting tired of karma fortunes by now.Terisa de morgan ought to be getting tired of karma fortunes by now.
 
Terisa de morgan's Avatar
 
Posts: 4,845
Karma: 5429326
Join Date: Jun 2009
Location: Madrid, Spain
Device: Kobo Aura, Kobo Aura One, XiaoMI 5, iPad, Huawei MediaPad, YotaPhone 2
Quote:
Originally Posted by Sarmat89 View Post
It allows third-party code to manipulate the book files, in such a manner that code can access outside resources and hack other programs, such as ADE.
Through that rule of thumb, python interpreter itself allows third-party code to do that (you don't need calibre for hacking other programs like ADE).
Terisa de morgan is offline   Reply With Quote
Advert
Old 06-06-2018, 12:56 AM   #17
kovidgoyal
creator of calibre
kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.
 
kovidgoyal's Avatar
 
Posts: 32,905
Karma: 10034422
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
Quote:
Originally Posted by Sarmat89 View Post
It allows third-party code to manipulate the book files, in such a manner that code can access outside resources and hack other programs, such as ADE.
Seriously?

A computer allows third party code to manipulate all files that exist on it in any manner it sees fit.

An operating system allows third party code to manipulate files in any manner it sees fit.

A programming language interpreter/compiler allows third party code to manipulate files in any manner it sees fit.

And on and on and on.

Surely this tired old trope was exhausted with the decades ago failed attempt to get Xerox copiers banned because they could be used to circumvent copyright. I am amazed there are still people that trot it out.
kovidgoyal is offline   Reply With Quote
Old 06-06-2018, 01:11 AM   #18
sealbeater
Addict
sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.
 
Posts: 332
Karma: 1614956
Join Date: Jan 2008
Device: Sony Reader PRS-505 : Onyx Boox Max : Sony PRS-900 : Onyx Kepler Pro
Quote:
Originally Posted by theducks View Post
The root cause is someone opening a pinhole in their router without taking additional steps to protect their networks resources. NEGLIGENCE
What makes you think it's not a deliberate choice?
sealbeater is offline   Reply With Quote
Old 06-06-2018, 01:15 AM   #19
sealbeater
Addict
sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.
 
Posts: 332
Karma: 1614956
Join Date: Jan 2008
Device: Sony Reader PRS-505 : Onyx Boox Max : Sony PRS-900 : Onyx Kepler Pro
Quote:
Originally Posted by darryl View Post
I suspect this program may breach the criminal law in at least some jurisdictions. The tool is designed to facilitate access to other people's computer systems without their knowledge or permission.
Better ban Google.

Quote:
Originally Posted by darryl View Post
It is of course a huge potential risk to have the content server available on the web with no authentication. Removing DRM from a book removes the encryption. It does not remove other identifying details if any. So if a book you purchased ends up on a pirate site and has identifying details no prizes for guessing who the rights-holders will be seeking to hold responsible.

Just out of curiosity, what sort of identifying details would be present in an ebook?
sealbeater is offline   Reply With Quote
Old 06-06-2018, 01:17 AM   #20
sealbeater
Addict
sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.
 
Posts: 332
Karma: 1614956
Join Date: Jan 2008
Device: Sony Reader PRS-505 : Onyx Boox Max : Sony PRS-900 : Onyx Kepler Pro
Quote:
Originally Posted by BetterRed View Post
The penalties act as a deterrent.
I hate to break it to you but they really don't.

Quote:
Originally Posted by BetterRed View Post
Sites at risk usually have pages on their site for lodgement of DCMA notices. Providing they take prompt action to remove the file, or if its on another host remove the link, the matter is closed, but if they don't then the IPR owner can report it to the FBI. No one wants the FBI or similar knocking on their doors.

BR
We aren't talking about websites with domain names registered to a person. We are talking about dynamic ips with listening ports. Nobody is lodging a DMCA request on a cable modem running Calibre.
sealbeater is offline   Reply With Quote
Advert
Old 06-06-2018, 01:19 AM   #21
sealbeater
Addict
sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.sealbeater ought to be getting tired of karma fortunes by now.
 
Posts: 332
Karma: 1614956
Join Date: Jan 2008
Device: Sony Reader PRS-505 : Onyx Boox Max : Sony PRS-900 : Onyx Kepler Pro
Quote:
Originally Posted by kovidgoyal View Post
Sigh. Why would anyone think doing this kind of thing would be good for their reputation? Unless they are seeking employment with criminal gangs?
Honestly, it sounds like he's a security geek with the mention of SHODAN. Lots of places wouldn't bat an eye at that. He's actually covered a lot of the bases for an interview.
sealbeater is offline   Reply With Quote
Old 06-06-2018, 03:12 AM   #22
darryl
Wizard
darryl ought to be getting tired of karma fortunes by now.darryl ought to be getting tired of karma fortunes by now.darryl ought to be getting tired of karma fortunes by now.darryl ought to be getting tired of karma fortunes by now.darryl ought to be getting tired of karma fortunes by now.darryl ought to be getting tired of karma fortunes by now.darryl ought to be getting tired of karma fortunes by now.darryl ought to be getting tired of karma fortunes by now.darryl ought to be getting tired of karma fortunes by now.darryl ought to be getting tired of karma fortunes by now.darryl ought to be getting tired of karma fortunes by now.
 
darryl's Avatar
 
Posts: 2,282
Karma: 33359110
Join Date: Nov 2011
Location: Australia
Device: Kobo Aura H2O, Kindle Oasis, Huwei Ascend Mate 7
@Sarmat89. I won't say what I would like to say, firstly because I don't want to be banned, and secondly because your reasoning is truly so bad it needs no rebuttal (though some posters have taken the trouble to do so). I'm not going to lie. A lot of people read your ridiculous statement, and you should be truly embarrassed about it.

@sealbeater. There is a real difference between a general search engine and a specialised tool with its only use being finding exposed calibre libraries. As to identifying information in an ebook, I simply don't know. Some purchased ebooks go as far as showing the name and email address of the purchaser on each page. Of more concern to those wanting to pirate books is actual protection schemes which embed identifying information in hidden form within the book. Or which identify each book with some unique combination of different words, sentences etc. The point is that it is impossible to be sure that there is no such scheme in operation. In fact, there are such schemes which are known, and, of course, because they are known there are removal tools available for them. Which still leaves the unknown ones, changes to the existing ones and use of multiple schemes.
darryl is offline   Reply With Quote
Old 06-06-2018, 04:56 AM   #23
Thasaidon
Hedge Wizard
Thasaidon ought to be getting tired of karma fortunes by now.Thasaidon ought to be getting tired of karma fortunes by now.Thasaidon ought to be getting tired of karma fortunes by now.Thasaidon ought to be getting tired of karma fortunes by now.Thasaidon ought to be getting tired of karma fortunes by now.Thasaidon ought to be getting tired of karma fortunes by now.Thasaidon ought to be getting tired of karma fortunes by now.Thasaidon ought to be getting tired of karma fortunes by now.Thasaidon ought to be getting tired of karma fortunes by now.Thasaidon ought to be getting tired of karma fortunes by now.Thasaidon ought to be getting tired of karma fortunes by now.
 
Thasaidon's Avatar
 
Posts: 311
Karma: 2948316
Join Date: May 2011
Location: UK/Philippines
Device: Kobo Touch, Nook Simple
Quote:
Originally Posted by darryl View Post
@Sarmat89. I won't say what I would like to say, firstly because I don't want to be banned, and secondly because your reasoning is truly so bad it needs no rebuttal (though some posters have taken the trouble to do so). I'm not going to lie. A lot of people read your ridiculous statement, and you should be truly embarrassed about it.
When others speak/contribute to the forums and realise afterwards they have said something a bit silly , at least they can console themselves with the thought that it was not as bad as Sarmat89's contribution.
Thasaidon is offline   Reply With Quote
Old 06-06-2018, 09:08 AM   #24
Adoby
Handy Elephant
Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.
 
Adoby's Avatar
 
Posts: 1,255
Karma: 7129816
Join Date: Dec 2009
Location: Southern Sweden, far out in the quiet woods
Device: Ubuntu LTS, Android, Bouye Likebook Plus
Quote:
Originally Posted by kovidgoyal View Post
There is no way to reliably know what "outside the local LAN" is. All the server knows is what IP address is connecting to it, it has no way to know if the IP address belongs to a trusted network or the public internet.
But calibre could check if the IP is on the local network. Or if it is going through a router.
Adoby is offline   Reply With Quote
Old 06-06-2018, 09:19 AM   #25
Adoby
Handy Elephant
Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.
 
Adoby's Avatar
 
Posts: 1,255
Karma: 7129816
Join Date: Dec 2009
Location: Southern Sweden, far out in the quiet woods
Device: Ubuntu LTS, Android, Bouye Likebook Plus
Quote:
Originally Posted by BetterRed View Post
@Adoby - I wonder how many of them are version 2 servers.

BR
I took a small sample. Around 1/3 are version 2. Most are version 3. I didn't access them to check if unprotected were uniformly distributed. Just checked published version numbers...
Adoby is offline   Reply With Quote
Old 06-06-2018, 09:52 AM   #26
kovidgoyal
creator of calibre
kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.
 
kovidgoyal's Avatar
 
Posts: 32,905
Karma: 10034422
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
Quote:
Originally Posted by Adoby View Post
But calibre could check if the IP is on the local network. Or if it is going through a router.
How? There is no such thing as a local network in IP networking. All networks are local or all networks are global. What about if a small institution decides to run a calibre server to serve books to its local network? How is the server to know which subnets are within that network and which outside?
kovidgoyal is offline   Reply With Quote
Old 06-06-2018, 10:16 AM   #27
Adoby
Handy Elephant
Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.Adoby ought to be getting tired of karma fortunes by now.
 
Adoby's Avatar
 
Posts: 1,255
Karma: 7129816
Join Date: Dec 2009
Location: Southern Sweden, far out in the quiet woods
Device: Ubuntu LTS, Android, Bouye Likebook Plus
One method could be to check if a private IP network range is used and if traffic is from outside this private network. And then refuse connection if user name / password is not used. Like in a LAN with a DHCP-server and gateway.

That would cover, I suspect, 98% of the currently wide open calibre libraries.
Adoby is offline   Reply With Quote
Old 06-06-2018, 10:55 AM   #28
kovidgoyal
creator of calibre
kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.
 
kovidgoyal's Avatar
 
Posts: 32,905
Karma: 10034422
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
And it would also lead to false positives a plenty.
kovidgoyal is offline   Reply With Quote
Old 06-06-2018, 10:59 AM   #29
theducks
Well trained by Cats
theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.
 
theducks's Avatar
 
Posts: 21,675
Karma: 20975546
Join Date: Aug 2009
Location: (The original) Silicon Valley, USA
Device: K4NT, Galaxy Tab 2(RIP)
Quote:
Originally Posted by Sarmat89 View Post
It allows third-party code to manipulate the book files, in such a manner that code can access outside resources and hack other programs, such as ADE.
The same way Home Depot sell burglary tools.
Crowbars, drills and hammers are used to break into things.

Dell and HP make hacking tools.
A T&T drove the getaway network

You must be a Lawyer making a Volcano out of a pilot light
theducks is offline   Reply With Quote
Old 06-06-2018, 11:06 AM   #30
theducks
Well trained by Cats
theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.theducks ought to be getting tired of karma fortunes by now.
 
theducks's Avatar
 
Posts: 21,675
Karma: 20975546
Join Date: Aug 2009
Location: (The original) Silicon Valley, USA
Device: K4NT, Galaxy Tab 2(RIP)
Quote:
Originally Posted by sealbeater View Post
What makes you think it's not a deliberate choice?
because: of the basic 'locked door' test used for burglary / unauthorized access.

If the door is left OPEN, it is just trespassing. at the worst (assumes no other activities after entry)

If you Force your way past a locked door, it is B & E
theducks is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
GM, Ford, And Others Want to Make Working on Your Own Car Illegal Apache General Discussions 82 05-18-2015 08:39 PM
Looking for a consultant to assist in migrating from Kindle for PC to calibre kgwdc Calibre 5 02-05-2014 02:43 AM
illegal ebooks how many are there? drewey25 General Discussions 52 01-09-2012 12:54 PM
God to take action on illegal Bible distribution charlieperry Lounge 42 11-20-2008 08:36 AM


All times are GMT -4. The time now is 07:11 PM.


MobileRead.com is a privately owned, operated and funded community.