×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Bill Gates: Piketty's Attack on Income Inequality Is Right

OneAhead Re:Taxing consumption is archaic. (839 comments)

You could just as well say that wind energy is a relic form times before the steam engine was invented, or that the electric car is a relic from times before the internal combustion engine became mature. Sometimes old ideas regain their relevance in the face of new developments, deal with it.

As for consumption tax being regressive, that would have been a good point, except that TFA quite explicitly talked about progressive tax on consumption (i.e. don't tax basic goods but do tax luxury items).

about 2 months ago
top

Pentagon Unveils Plan For Military's Response To Climate Change

OneAhead Re:Climate change is degrading the military (228 comments)

Let's get this straight: you're so rabidly anti-public-spending that you're willing to trample all over article 23 of the Universal Declaration of Human Rights for it? (And no, the USA is not exempt.) It makes me sad that a supposedly intelligent person can seriously suggest things like this, and makes me fear for the future of American democracy. What ever happened to "freedom"? Does that only count when it comes to guns?

about 2 months ago
top

Password Security: Why the Horse Battery Staple Is Not Correct

OneAhead Re:symbols, caps, numbers (549 comments)

Yup, and that's exactly why they keep these in plain text.

I have always questioned the wisdom of using these kind of security questions at all. If they are used as an extra factor in authentication, then there is some rationale to it, though there are far stronger multi-factor schemes. The real scary part is that a lot of places (fortunately not banks) allow users to reset their password with little more than a correct answer to a security question, which can often be found on Facebook etc...

about 2 months ago
top

Pentagon Unveils Plan For Military's Response To Climate Change

OneAhead Re:Climate change is degrading the military (228 comments)

*facepalm* Wow, looks like you succeeded to submit a 31-words post before your brain had the chance to spend a single cycle thinking about what you were writing. You must either be a very fast typer, or a very slow thinker.

about 2 months ago
top

Will New European Commission Leaders Welcome Open Source and Open Standards?

OneAhead Re:No (21 comments)

Not to mention that the European Commission consists of more than 2 people and historically has been acting very pro-business as a whole (from a European perspective anyway), with the European Parliament providing a counterweight.

about 2 months ago
top

Will New European Commission Leaders Welcome Open Source and Open Standards?

OneAhead Re:No (21 comments)

Whoosh.

about 2 months ago
top

The flying car I'd like in my garage first:

OneAhead Missing option (151 comments)

I'm gonna walk! (Proclaimed in the style of Mel Brooks in Spaceballs.)

about 2 months ago
top

Microsoft Announces Windows 10

OneAhead I came here to say just that (644 comments)

It would be a tribute to the much-beloved X Windows, which was obviously their inspiration for introducing workspaces aka. virtual desktops.(*)

(*) Yeah, yeah, I know that this is a feature that is implemented in (most FOSS) window managers, and that X has nothing to do with it. The joke works better like this, OK? O yeah, and the part about X Windows being beloved was sarcasm.

about 3 months ago
top

Apple Yet To Push Patch For "Shellshock" Bug

OneAhead Re:Not to praise Apple, but... (208 comments)

OSX is not as stable as Windows 7

That one's new to me, actually, though I haven't used either for appreciable periods of time so I cannot really know.

about 3 months ago
top

Apple Yet To Push Patch For "Shellshock" Bug

OneAhead Re:Arstechnica = fail (208 comments)

You might want to read my post again. Slowly. Note that in my last paragraph, I was not talking about CVE-2014-6271, but about the other thing Norihiro Tanaka tried. Also note the presence of the word "unlike" in my post. Either you missed that, or you misunderstood the information in your link. If so, to clarify: the old by-design behavior for passing a function to a subshell was by itself not remotely exploitable; it merely forced the shell to parse each and every env variable, making any bugs in the parser (we're counting 6 so far if I'm still keeping track) remotely exploitable. What Florian Weiner did is essentially limit the parsing of env variables to the ones that start with "BASH_FUNC_", which ordinarily cannot be set remotely (unless the daemon or client is criminally insecure). This is more a "defense in depth" style security enhancement than an actual bug fix, and it does have the potential of breaking bash scripts that are too tricky for their own good. It's also a must-have, long overdue, and has the beneficial side effect of eliminating potential namespace collisions between shell functions and other variables, so the "too tricky for their own good" script authors will have to suck it up.

about 3 months ago
top

Ask Slashdot: Software Issue Tracking Transparency - Good Or Bad?

OneAhead Re:Use an anology (159 comments)

Wait, wait, what? Surely you don't mean to suggest hamburgers are living organisms and not made synthetically in a factory?!

about 3 months ago
top

Apple Yet To Push Patch For "Shellshock" Bug

OneAhead Re:Not to praise Apple, but... (208 comments)

It pains me to defend the Apple fanboi, but what you say is not entirely true. The DHCP client in question explicitly calls "/bin/bash"; bash is a dependency for it. Of course, there do presumably exist Linux distros that use a different DHCP client, but in my understanding, the vulnerable one is quite widespread. The only saving grace (for a short time) is that remotely exploiting the DHCP client flaw is substantially more complex than remotely exploiting the web server flaw, and that the major distros already released full patches by yesterday morning.

about 3 months ago
top

Apple Yet To Push Patch For "Shellshock" Bug

OneAhead Re:Shellshock a result of inappropriate use of bas (208 comments)

You have a lot of good and true points, but there are couple of huge mistakes in your post that I cannot let stand uncorrected.

AFAIK, the original Bourne shell hasn't been maintained since 1989 or so; if you were to distribute it today as /bin/sh , your distro would doubdlessly be plagued by the most embarrasing buffer overflow and other vulnerabilities. What Debian and its derivatives do is link /bin/sh to dash , the Debian Almquist Shell, which is a modern and well-maintained project aimed at providing a lightweight shell that throws out all interactive features yet has a rich set of non-interactive scripting features that far surpasses the original Bourne shell - not as rich as bash, but good enough for present-day shell scripting. I remember when they took the jump (which required months of preparation consisting of purging bashisms from common shell scripts), boot times were suddenly slashed in half because repeatedly initializing dash processes is so much lighter on the system than doing the same with bash. And as you said, as a side effect, security also benefits.

Redhat aside many third party shell scripts are written in bash that use no bash features

This is factually incorrect; when was the last time you installed something that didn't come out of a Debian repository? Red Hat is incredibly popular in corporate environments, and almost all 3rd party "#!/bin/sh" scripts are actually shock full of bashisms because their customers ask them to target Red Hat and their programmers are Red Hat inbreds who wouldn't know a bashism if it hit them in the head. And remember that a lot of FOSS development is being done within corporations... The pervasive bashisms are why it took Debian so much effort to switch and why Red Hat never did.

about 3 months ago
top

Apple Yet To Push Patch For "Shellshock" Bug

OneAhead Arstechnica = fail (208 comments)

The Arstechnica journalist Sean Gallagher really dropped the ball on this one:
- His information was behind even when it was published. On the 25th of September around 22:00 EST (depending on the version you're running), Debian issued a patch that fixes the new vulnerabilitys CVE-2014-7186 and CVE-2014-7187 AND implements the Florian Weimer suggestion, strongly mitigating the exploitability of any future parser bugs. Red Had and Ubuntu took their sweet time validating this patch suite, but eventually followed suit the evening of the 26th and the morning of the 27th, respectively.
- The Norihiro Tanaka "bug" is documented and intended behavior, which Sean Gallagher could have known simply by clicking next in thread! Specifically, it's how bash passes shell functions to a subshell. Unlike shellshock, it could only be exploited remotely when allowing a remote attacker to set variables with arbitrary names, which is not the case for any widespread software package. If it was, you'd be lost regardless of which shell you're using and it would have been exploited ages ago. Even the Florian Weimer improvement doesn't change this.

about 3 months ago
top

Extent of Antarctic Sea Ice Reaches Record Levels

OneAhead Re:Warmists never bother debating anymore (635 comments)

Ooooh! It's the biggest conspiracy in human history! By the sheer scale of it, I wager it must have been perpetrated by the Illuminati, the Masons, the Elders of Zion and the New World Order all at once, because each of these organizations hate the fossil fuel industry as they're handsomely funded by the scary-powerful alternative energy lobby. Luckily, it has now been exposed by a handful of diligent bloggers, with no connection to any polluting industry at all. Because everyone knows blog posts have more weight than peer-reviewed scientific papers. </sarcasm>

Seriously, knock it off with regurgitating debunked climate myths. Yours is #9 on the list. Also related.

about 3 months ago
top

Why Atheists Need Captain Kirk

OneAhead Re:Caricature of modernism (937 comments)

Hmmm, on second look, not a really good example of what I was saying. I can't quickly find a good source anywhere on modernist philosophy. There's of course this, but that's not the same; one could say modernist philosophy is a subset of modern philosophy. So I'm willing to concede the point by lack of time to dig up a good reference. Still, my assertion stands that TFA is one big strawman argument, and part of the problem.

about 3 months ago
top

Why Atheists Need Captain Kirk

OneAhead Re:Hollywood Logic (937 comments)

Wow, it's even on TV tropes. This Alva Noë guy is even more unoriginal than I initially thought.

about 3 months ago
top

Why Atheists Need Captain Kirk

OneAhead Caricature of modernism (937 comments)

Dear Alva Noë, the word you're looking for is "modernism", or rather, a caricature thereof. You're basically railing against a strawman on whom you put the label "Spock". I'm a scientists and I'm surrounded by scientists and atheists, yet I know few people who fit your description. Admittedly, some of the folks here on /. come close, but /. is a bit of a freak show in that respect. Either way, it sounds like you're trying very hard to paint modernists, atheists and adherents of science as sticks-in-the mud, which would make you part of the problem.

about 3 months ago

Submissions

OneAhead hasn't submitted any stories.

Journals

OneAhead has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?