Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Microsoft Announces Windows 10

OneAhead I came here to say just that (638 comments)

It would be a tribute to the much-beloved X Windows, which was obviously their inspiration for introducing workspaces aka. virtual desktops.(*)

(*) Yeah, yeah, I know that this is a feature that is implemented in (most FOSS) window managers, and that X has nothing to do with it. The joke works better like this, OK? O yeah, and the part about X Windows being beloved was sarcasm.

2 days ago
top

Apple Yet To Push Patch For "Shellshock" Bug

OneAhead Re:Not to praise Apple, but... (208 comments)

OSX is not as stable as Windows 7

That one's new to me, actually, though I haven't used either for appreciable periods of time so I cannot really know.

3 days ago
top

Apple Yet To Push Patch For "Shellshock" Bug

OneAhead Re:Arstechnica = fail (208 comments)

You might want to read my post again. Slowly. Note that in my last paragraph, I was not talking about CVE-2014-6271, but about the other thing Norihiro Tanaka tried. Also note the presence of the word "unlike" in my post. Either you missed that, or you misunderstood the information in your link. If so, to clarify: the old by-design behavior for passing a function to a subshell was by itself not remotely exploitable; it merely forced the shell to parse each and every env variable, making any bugs in the parser (we're counting 6 so far if I'm still keeping track) remotely exploitable. What Florian Weiner did is essentially limit the parsing of env variables to the ones that start with "BASH_FUNC_", which ordinarily cannot be set remotely (unless the daemon or client is criminally insecure). This is more a "defense in depth" style security enhancement than an actual bug fix, and it does have the potential of breaking bash scripts that are too tricky for their own good. It's also a must-have, long overdue, and has the beneficial side effect of eliminating potential namespace collisions between shell functions and other variables, so the "too tricky for their own good" script authors will have to suck it up.

3 days ago
top

Ask Slashdot: Software Issue Tracking Transparency - Good Or Bad?

OneAhead Re:Use an anology (158 comments)

Wait, wait, what? Surely you don't mean to suggest hamburgers are living organisms and not made synthetically in a factory?!

3 days ago
top

Apple Yet To Push Patch For "Shellshock" Bug

OneAhead Re:Not to praise Apple, but... (208 comments)

It pains me to defend the Apple fanboi, but what you say is not entirely true. The DHCP client in question explicitly calls "/bin/bash"; bash is a dependency for it. Of course, there do presumably exist Linux distros that use a different DHCP client, but in my understanding, the vulnerable one is quite widespread. The only saving grace (for a short time) is that remotely exploiting the DHCP client flaw is substantially more complex than remotely exploiting the web server flaw, and that the major distros already released full patches by yesterday morning.

3 days ago
top

Apple Yet To Push Patch For "Shellshock" Bug

OneAhead Re:Shellshock a result of inappropriate use of bas (208 comments)

You have a lot of good and true points, but there are couple of huge mistakes in your post that I cannot let stand uncorrected.

AFAIK, the original Bourne shell hasn't been maintained since 1989 or so; if you were to distribute it today as /bin/sh , your distro would doubdlessly be plagued by the most embarrasing buffer overflow and other vulnerabilities. What Debian and its derivatives do is link /bin/sh to dash , the Debian Almquist Shell, which is a modern and well-maintained project aimed at providing a lightweight shell that throws out all interactive features yet has a rich set of non-interactive scripting features that far surpasses the original Bourne shell - not as rich as bash, but good enough for present-day shell scripting. I remember when they took the jump (which required months of preparation consisting of purging bashisms from common shell scripts), boot times were suddenly slashed in half because repeatedly initializing dash processes is so much lighter on the system than doing the same with bash. And as you said, as a side effect, security also benefits.

Redhat aside many third party shell scripts are written in bash that use no bash features

This is factually incorrect; when was the last time you installed something that didn't come out of a Debian repository? Red Hat is incredibly popular in corporate environments, and almost all 3rd party "#!/bin/sh" scripts are actually shock full of bashisms because their customers ask them to target Red Hat and their programmers are Red Hat inbreds who wouldn't know a bashism if it hit them in the head. And remember that a lot of FOSS development is being done within corporations... The pervasive bashisms are why it took Debian so much effort to switch and why Red Hat never did.

3 days ago
top

Apple Yet To Push Patch For "Shellshock" Bug

OneAhead Arstechnica = fail (208 comments)

The Arstechnica journalist Sean Gallagher really dropped the ball on this one:
- His information was behind even when it was published. On the 25th of September around 22:00 EST (depending on the version you're running), Debian issued a patch that fixes the new vulnerabilitys CVE-2014-7186 and CVE-2014-7187 AND implements the Florian Weimer suggestion, strongly mitigating the exploitability of any future parser bugs. Red Had and Ubuntu took their sweet time validating this patch suite, but eventually followed suit the evening of the 26th and the morning of the 27th, respectively.
- The Norihiro Tanaka "bug" is documented and intended behavior, which Sean Gallagher could have known simply by clicking next in thread! Specifically, it's how bash passes shell functions to a subshell. Unlike shellshock, it could only be exploited remotely when allowing a remote attacker to set variables with arbitrary names, which is not the case for any widespread software package. If it was, you'd be lost regardless of which shell you're using and it would have been exploited ages ago. Even the Florian Weimer improvement doesn't change this.

3 days ago
top

Extent of Antarctic Sea Ice Reaches Record Levels

OneAhead Re:Warmists never bother debating anymore (635 comments)

Ooooh! It's the biggest conspiracy in human history! By the sheer scale of it, I wager it must have been perpetrated by the Illuminati, the Masons, the Elders of Zion and the New World Order all at once, because each of these organizations hate the fossil fuel industry as they're handsomely funded by the scary-powerful alternative energy lobby. Luckily, it has now been exposed by a handful of diligent bloggers, with no connection to any polluting industry at all. Because everyone knows blog posts have more weight than peer-reviewed scientific papers. </sarcasm>

Seriously, knock it off with regurgitating debunked climate myths. Yours is #9 on the list. Also related.

about two weeks ago
top

Why Atheists Need Captain Kirk

OneAhead Re:Caricature of modernism (937 comments)

Hmmm, on second look, not a really good example of what I was saying. I can't quickly find a good source anywhere on modernist philosophy. There's of course this, but that's not the same; one could say modernist philosophy is a subset of modern philosophy. So I'm willing to concede the point by lack of time to dig up a good reference. Still, my assertion stands that TFA is one big strawman argument, and part of the problem.

about two weeks ago
top

Why Atheists Need Captain Kirk

OneAhead Re:Hollywood Logic (937 comments)

Wow, it's even on TV tropes. This Alva Noë guy is even more unoriginal than I initially thought.

about three weeks ago
top

Why Atheists Need Captain Kirk

OneAhead Caricature of modernism (937 comments)

Dear Alva Noë, the word you're looking for is "modernism", or rather, a caricature thereof. You're basically railing against a strawman on whom you put the label "Spock". I'm a scientists and I'm surrounded by scientists and atheists, yet I know few people who fit your description. Admittedly, some of the folks here on /. come close, but /. is a bit of a freak show in that respect. Either way, it sounds like you're trying very hard to paint modernists, atheists and adherents of science as sticks-in-the mud, which would make you part of the problem.

about three weeks ago
top

Surprise! More Than Twice As Much Mercury In Environment As Thought

OneAhead Re:Enlighten me (173 comments)

Fortunately, the biosphere can separate elements far, far faster. Unfortunately, it's still far, far slower that the average historic lifetime of human civilizations.

about three weeks ago
top

Surprise! More Than Twice As Much Mercury In Environment As Thought

OneAhead Re:Most mercruy is from natural sources-not power (173 comments)

You missed the best part....

The Heartland Institute published Watts' preliminary report on weather station data, titled Is the U.S. Surface Temperature Record Reliable?.[12] Watts has been featured as a speaker at Heartland Institute's International Conference on Climate Change, for which he acknowledges receiving payment.[55]

Documents obtained from the Heartland Institute and made public in February 2012 reveal that the Institute had agreed to help Watts raise $88,000 to set up a website,(...)

So, paid for by a fine organization that, apart from the climate change thing, is also known for denying the health effects of second-hand tobacco smoke, promoting franking, and openly advocating free-market environmentalism? A likely story!

about three weeks ago
top

Fedora To Get a New Partition Manager

OneAhead Re:Damn the GUI! (170 comments)

So, not invented here rarely makes sense with RedHat

NIH rarely makes sense anywhere, yet people are doing it everywhere. It's just that much more fun to create one's own code base and fix one's own bugs than to learn someone else's and do their homework for them. Own farts smell better...

about three weeks ago
top

3 Recent Flights Make Unscheduled Landings, After Disputes Over Knee Room

OneAhead Re:Customers going postal (819 comments)

On a American flight the passenger next to me went ballistic and very loudly demanded to be reseated, because I was wearing perfume.

This can actually be a pretty serious issue for people with asthma - just sayin'...

about three weeks ago
top

3 Recent Flights Make Unscheduled Landings, After Disputes Over Knee Room

OneAhead Re:Why do they bother to divert at all? (819 comments)

This puzzles me too. It would make some sense if the airliners were trying to push politicians to intervene in some way, or to sway public opinion, but all I can see them getting out of this is fingers pointing at them (aside for the direct financial loss, of course)...

about three weeks ago
top

Bill Gates Wants To Remake the Way History Is Taught. Should We Let Him?

OneAhead Re:I don't like to trust people who write "Gates's (363 comments)

Roughly a millennium later, in an alternative time line where Sauron won the war:
OMFG THAT'S'SSSS BOSSSSSS55S55555five555fifty-five

about three weeks ago

Submissions

OneAhead hasn't submitted any stories.

Journals

OneAhead has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?