top Bash To Require Further Patching, As More Shellshock Holes Found
Why does bash have to worry about security?
Because if it is installed as
/bin/sh (fairly common), it gets called in a great many places because of the OS APIs system() and popen(), which are both defined to use /bin/sh on Unix. Much of the reporting about it has been more than a little breathless, but that's journalists for you.
Not everything is vulnerable. CGI is not inherently vulnerable (it could use
execve() directly) and the called code need not use bash ever. But it's still a serious problem as anything that explicitly requires bash is also definitely broken: we want it fixed ASAP. (A start would be to never process environment variables for function definitions during startup, especially when running as /bin/sh...)
top Mobile Phone Use Soon To Be Allowed On European Flights
That's prohibited for everyone. Airlines' experience, and that of their insurers, shows that it's just too much of a hazard. (Not that I mind; I think the smell of smoke is awful at the best of times.) Nicotine addict? Remember those patches on longhaul flights!
top Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild
Outside of malicious HTTP headers landing in environment variable in CGI land, I'm hard pressed to think of another reasonable vector for this bug to be a problem...
To be fair, with a moderately competent CGI implementation, the subprocess will start just fine. The problem comes with whatever that subprocess calls, since environment variables are inherited by default. The deeper you go, the greater the likelihood that some programmer will have used
system() or popen(), or even flat-out implemented the process as a shell script.
top It's Banned Books Week; I recommend ...
The American Library Association maintains lists of the most frequently challenged books (i.e. the ones people try to ban). Although 1984 shows up on the list of
challenged classics, there is only one challenge listed -- someone in Jackson County, Florida in 1981 thought that it was "pro-communist and contained explicit sexual matter". The first part shows a massive failure of reading comprehension, not actual hostility towards the content. 1984 doesn't show up in the top 100 challenged books lists for 1990-1999 or 2000-2009.
However, the US isn't the only country that bans (or tries to ban) books. Works like
1984 are much more likely to be banned by totalitarian regimes precisely because they encourage people to think about the ways in which the regime is trying to restrict them. Banning books is basically wrong anywhere, not just in one country in one part of the planet.
top 'Reactive' Development Turns 2.0
Now I'm building an app with Scala/Play framework and we don't have user sesssions or the web servers so scaling and server failures are not a problem.
If you don't have user state or session state, scaling is no problem. You just throw more hardware at it so you can have replicated servers with a simple load balancer in front. Job done.
It's scaling in the presence of (mutable) state that is hard. It's also what a lot of use cases need. Sometimes you even have to give up on scaling (boo!) in order to achieve other objectives, or think very hard to come up with an alternative approach such as spinning out processing to cloud-based slaves, which also doesn't truly scale, but can often go pretty large despite that (if you get the finances/business-model right).
top Data Archiving Standards Need To Be Future-Proofed
Get the acid-free paper. Will last forever
Or until it gets wet.
top 3 Recent Flights Make Unscheduled Landings, After Disputes Over Knee Room
The solution is simple: load them up with tranquilizers/sedatives and stack 'em in like cordwood.
A seemingly good idea that will fall apart as soon as someone overdoses on sedatives and their next-of-kin sue. Good luck with persuading a judge that some getout clause in a 3pt font prevents any liability attaching...
top Mozilla 1024-Bit Cert Deprecation Leaves 107,000 Sites Untrusted
You're confusing the cost of legitimate operations with the cost of searching the key space. You don't want legit users to bear too much cost since everyone ends up paying that over and over, but you do want the cost of searching to be high since that's not something that people should be doing.
top Two Explorers Descend Into An Active Volcano, and Live to Tell About It
The trek itself was trivial compared to summiting Everest but the visuals were just a lot more impressive.
You don't need such fancy protective gear when doing Everest, which is just cold and lacking in oxygen, not outright chemically hostile and hot as hell. (Some volcanoes are even worse. The ones that spew fluorine gas (or hydrofluoric acid) are just awful...)
top New HTML Picture Element To Make Future Web Faster
It's called JPEG2000, uses wavelet transformations instead of discrete cosine transformations that JPEG uses and has been around since over a decade ago. No one uses it.
You're wrong there. It's used quite a lot in high-capacity digital image storage. Libraries, that sort of thing. You might have the space and time to waste on using standard JPEG and you might not care too much about the compression artefacts, but libraries really do care. (A billion high-resolution images is only a medium-sized library...)
top Islamic State "Laptop of Doom" Hints At Plots Including Bubonic Plague
Is d) going to be "Profit!"?
top How the World's Fastest Electric Car Is Pushing Wireless Charging Tech
How about if could charge your car wireleslly a bit at a time at each stop light.
If you think that's viable, you're spending too much of your life waiting at stop lights.
top How many devices are connected to your home Wi-Fi?
I've heard of power line adapters. They seem to work well if you're wiring us if the right type. Otherwise speeds can degrade quickly.
They still beat wireless through a 2' load-bearing stone (or brick) wall. Which is the GP's point.
top UK Prisons Ministry Fined For Lack of Encryption At Prisons
All built and supported by one of the most predatory firms in the UK, affectionately known as Twatos.
Don't worry. They're just as bad in many other european countries too.
Terry Gilliam must be laughing in his grave.
Fortunately for him, Terry Gilliam appears to be still alive. Terribly selfish that, not dying on you just so that you could lazily use a cliché like that.
top Net Neutrality Is 'Marxist,' According To a Koch-Backed Astroturf Group
Net neutrality isn't about what tier of service you have. It is about ensuring that you aren't getting purposefully manipulated speed for the tier you have.
Technically, it's about ensuring that you get what you think you have paid for and ensuring that you can use what you have paid for for whatever you want to. These things are absolutely fundamental to a free market even being possible.
top Oregon Sues Oracle For "Abysmal" Healthcare Website
Worst piece of enterprise software I've ever seen. I have physical pain any time I have to use it.
I know it's enterprise software, but you're really not supposed to shove it up your ass each time you use it.
top Finding an ISIS Training Camp Using Google Earth
I did and they have another hostage ready to chop his head off.
The way to deal with these people is to ignore whether they have the second hostage (assume he's already dead, even if that's technically premature) and to bomb the area, preferably with something like white phosphorous incendiaries. It also needs to be done soon, because people regard such actions less favourably when it is longer from the event which the punishment is being meted out for. Make it
very clear that once someone starts killing hostages, reprisals will come. If you don't, the next damn terrorist group will think they can get away with this sort of thing too; you're not protecting those already captured, you're protecting everyone else.
It's a shame, but being this nasty is the only way of hammering home to idiots that fucking with is a seriously bad idea (unless you can act with more precision and kill just the terrorists). And it does work: it's been proved to work over and over throughout history. It probably needs to be accompanied with a full apology to any innocents caught up in the crossfire to mitigate incidental downstream trouble.
top Is Storage Necessary For Renewable Energy?
Gravitational potential energy cannot be used as an energy source.
But you can use it to store energy, and this has indeed been done and it is an important part of how the Grid works. Look up pumped storage hydroelectricity some time.
about a month and a half ago
top Are Altcoins Undermining Bitcoin's Credibility?
Really ? you are kidding right ? It's clearly not backed by gold anymore. So what's it backed by ?
It's backed by the fact that the government can shoot people until everyone agrees that it is valid. We could beat around the bush a lot more, but the threat of force (together with the ability to pay taxes that follows from that) is a key thing in making a currency valid.
about a month and a half ago
top The Technologies Changing What It Means To Be a Programmer
There is no table, that I know of, that lists all the features versus all the paradigms versus all the languages.
That would be a very large table indeed, as there are a lot of critical nuances and a lot of languages (even if we exclude the ones without the ability to do a useful subset of all system calls).
about a month and a half ago
dkf has no journal entries.