KitCAD – Developers blog

Security issues on the webserver host have affected some webpages of this site during April 2010.
FTP services for this site on the 12th of April were affected – and have remained denigrated due to a high level of activity on this site web server host.
On the 24th of April, 2010 at 02:33 (delivered for the weekend) a version of an exploit had affected pages which were redirected to an unmaintained malware attack server 🙁

By the 24th of April, 2010 at 16:29 the affected pages have been restored from backup files; And files on the site have been tested for malware infections but none were found 🙂
Minor Issues found from the affected pages has led to a paranoid level of upgraded security for PHP content management systems used by this site.
Downloads and other functions of the site, or its host have not been affected but will remain under consistent re-testing.

A very special note of THANKS must go to Google, Microsoft, Opera, and Firefox development teams for the security enhancements which in this case prevented distribution of affected pages

More information :-
http://blog.networksolutions.com/2010/we-feel-your-pain-and-are-working-hard-to-fix-this/ (wfypaawhtft)
http://blog.networksolutions.com/2010/network-solutions-addresses-the-issue/ Addresses the issue (ATI)
http://blog.networksolutions.com/series/hosting-issues-apr-2010/ Hosting Issues notice for April 2010 (HI)

wfypaawhtft = “We feel your pain and are working hard to fix this”

Users with Active X enabled web browsers that download from untrusted sites, or Novice Users of this site are advised to scan for security issues: http://onecare.live.com/site/en-US/center/howsafe.htm (RECOMMENDED) and also acquire removal tools from http://www.microsoft.com/security/malwareremove/default.aspx

Past versions of KitCAD software packages have always supported simple Integer numbers (1,2,…,9,0) that are processed with Cutup.exe into Floated numbers (if required 16.5mm, 1.5mm, etc).

KitCAD i3 KGC now includes a basic option to view Decimal Fractions (and provide simple corrections). The Fraction Display unit functions can be enabled from the Options page.
Setting the Display of units to Fraction will convert sizes into Inch”Numerator/Denomator.
Setting the Display of units to Fraction2 will convert sizes into Feet’Inch”Numerator/Denomator.
The default Setting is Decimal will NOT convert sizes provided by a *.kp2 file format.

Script converting of non-Decimal Fractions may take up to 1 minute, longer, or even cause Javascript runtime errors when converting Integer numbers into Fraction or Fraction2. As a work-around:- Use the correct Decimal Fraction sizes – Do not use 500mm, Instead ALWAYS use the size of 500.38mm or 19″7/10 to remove over 50% of converter functions processing time.

No Library System has been developed for Decimal Fractions at this time (As a result the quotation reporting will only show Millimetres). A library system will be developed and deployed at a later date.

Using the Option of Fraction or Fraction2 will also cause the KitCAD i3 KGC exe TEST Setup version to fail – A message relating to JavaScript errors will be displayed during *.kp2 file loads because no Decimal Fraction library has been deployed – there are no 15″, 30″, or 35″ deep cabinets in the library system (The default demo Library System is Integer based for 300mm, and 600mm deep cabinets).

See the Decimal Fraction Scale Maths functions for JavaScript example for more information.

No notice of update to KitCAD i3 will be shown (release date of latest update will be 17th April 2010). Downloaded KitCAD i3 versions after the 22nd of April will include the updated files for Decimal Fraction support.

Images: Testing of JSON array loading (Left), and Active-X warning shows after loading (Right)

The KitCADi3_file_localhost_test_w32_setup.exe (TEST Setup) has been updated to use JSON loading (instead of the 2007 KGC -> Active-X method [2]).  Another change was to move the 3D preview/link page for HTML browsers (XHTML version was not altered).

An affect of these changes for the KitCADi3ie5.exe TEST version is the Active X warnings have moved – allowing a Drawing to be displayed before the Active X prompts; The current known warning dialogs have moved from the inital program startup back into other parts of the program (if required by user).  The only part causing file loads is the library system with interaction that will display Active-X warnings – which will be removed during possible future updates to the Library loading Systems (had to update Kp2html.exe first).

The Current Library loading process that will generate an Active-X warning can be seen while showing the 3D preview webpage from within the KitCAD i3 webform Object editor iframe. And when a user Draws a Selected Object onto the KitCAD plan view. Both these user actions will currently display an Active X warning dialog.

To alter a Drawing users will need to answer YES to the prompt for allowing the Active X to load KPD Object items onto the plan view (as described above).

Updated Kp2html.exe :-
*Added IE=6 meta tags where needed for ACT5.5IECT with file://localhost/ and IE=8 online versions
*removed blacked-out dialogs for file://localhost/ (done using IECT fix above, IE=6)
*Added i3json array support into kp2html.exe
*Updated kp2html.inf with option to turn off this update; pageJSON=1 (1, enabled by default – uses i3*.script files. The pageJSON also requires pageEDITOR=1 [2])
*Added i3json KitCAD EXT 1xx support to kp2html.exe
*Added i3json KitCAD KPT 22x Shapes support to kp2html.exe
*Tested i3json array loads with other browsers
*Improved kp2html.exe speed for converting Kp2 (and Kpt) file types

NOTE: An Active X warning dialog may still be shown to users before they are permitted to run VML webpage content (depending on the users security settings)