Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Apple Pay Competitor CurrentC Breached

spitzak Re:I call BS (238 comments)

I believe you are correct.

I think the reason no store charges a credit card more than the cash price is because it will reduce sales. If you go to the store and see an object for $100 you might say "I don't have $100 cash on me right now, and if I use the credit card it will cost $105. So I will go away and come back tomorrow with $100 in cash." Then what happens is you either forget about it, purchase somewhere else, or realize you probably did not need the object anyway. The store has now lost an entire sale, which is a much bigger loss than paying the credit card companies cut.

People looking to buy gas probably will factor in the fact that they may run out of gas before they can acquire the cash, and thus will buy the gas anyway.

I think some other items like utilities where you pretty much have to buy from them will also offer discounts for cash.

13 hours ago
top

Taking the Census, With Cellphones

spitzak Re:Unconstitutional for redistricting (57 comments)

He was talking about the CENSUS, not press freedom, you idiot.

And I think there were more advanced weapons than flintlocks in 1968.

2 days ago
top

Creationism Conference at Michigan State University Stirs Unease

spitzak Re:Opinion are wortheless (970 comments)

The best scientific minds, in their times said the world was flat and that everything revolved around the earth.

Sorry you are wrong. The earth was known to be a sphere long long ago. It way predates the knowledge that the center of mass of the system was not inside it.

Showing your complete ignorance of history and science does not help your argument one bit.

2 days ago
top

The Classic Control Panel In Windows May Be Gone

spitzak Re:Alphabetical order across columns (347 comments)

"ls" on Unix used to do that (alphabetize across columns). I think it was fixed mid-80's.

about a week ago
top

How Lobby Groups Rejected the Canadian Government's Plan To Combat Patent Trolls

spitzak Re:Probably the wrong way to fight it anyway (57 comments)

The patent was not on aspirin, it was on combining aspirin with another drug.

about two weeks ago
top

OS X 10.10 Yosemite Review

spitzak Re:First taste of Mac OS X (305 comments)

It's an issue with their file system (HFS+), which has been made semi-case-sensitive. For example, you can do "mkdir tEsT\ dIrEcToRy" and you'll get a directory called "tEsT dIrEcToRy", maintaining the case that you types in. However, if you then type "rmdir 'Test Directory'" then it will delete it. Essentially, it's case-sensitive when writing but not case-sensitive when reading.

What it is doing is called "case-preserving". That's what Windows does too. It is always "case insensitive".

The problem with this is that the rule for whether two strings identify the same file is obscenely complex if you want full Unicode support (plus it will change as Unicode is updated). Most systems give up and only are "case insensitive" for a subset of possible case matches, such as only the ASCII letters. Not using the same rules in different places causes further problems. OS/X has a lot of problems by insisting on "normalization" of filenames, resulting in completely unexpected collisions and renames for files from Unix and Windows.

I think Unix has the best system: if the strings of bytes are different then they are different files. This moves all problems out of file system support and up to the application level where it is much easier to deal with.

about two weeks ago
top

OS X 10.10 Yosemite Review

spitzak Re:First taste of Mac OS X (305 comments)

Since it considers different numbers of spaces to be different filenames, and considers greek and russian letters that look identical to latin ones to be different filenames, and lots of other things that are much easier to confuse, yes this is a good idea. At least it is consistent.

about two weeks ago
top

Lead Mir Developer: 'Mir More Relevant Than Wayland In Two Years'

spitzak Re:Not Invented Here (226 comments)

I agree that development on Wayland is at a glacial pace. I think Mir is serving a purpose: it actually got the Wayland developers to speed up considerably. But then they slowed down over the last year, so bringing up Mir again may be a good idea.

about two weeks ago
top

Confidence Shaken In Open Source Security Idealism

spitzak Re:Open Source in commercial products (265 comments)

No, bash was NOT working as expected.

The expectation was that a bash shell function could be defined by starting an environment variable value with "() {". The purpose of the code was to do exactly that, no more and no less. Yes it did assume the string came from a trusted source and the idea is questionable, but that was not the hole.

The fact that the code could cause arbitrary commands in the value to be executed at startup was certainly not intended.

I think it is interesting that this bug was visible in source code for 20 years and until now nobody found it. This includes the black-hats. Not sure what this means...

about two weeks ago
top

FBI Says It Will Hire No One Who Lies About Illegal Downloading

spitzak Re:Ok, but (580 comments)

Burn in hell, you copyright violating scum!

about three weeks ago
top

Antiperspirants Could Contribute to Particulate Pollution

spitzak Re:Let's just ahead, shall we? (70 comments)

I know you are trying to be funny, but human beings breathing does not contribute to global warming. This is because the CO2 produced is from combining O2 with biologic sources, which are produced by systems that remove the same or more CO2 from the air.

about three weeks ago
top

NVIDIA Presents Plans To Support Mir and Wayland On Linux

spitzak Re:Seems incorrect (80 comments)

I think this is more or less what is happening.

As opposed to how X works now, new drivers will pretty much support "use EGL to draw all over the screen". The window system is *atop* that, it uses EGL to take texturemaps of window contents and draw and compose them into the right places on the screen.

The application making those texturemaps uses EGL as well, to draw into the texture maps. This means the texture map is already in the correct graphics memory for the window system to use it and everything syncs up and you will get results that are close or equal to the speed you would get if you wrote a single program that drew an entire display of overlapping windows.

In X it was more like the window system was the bottom level and EGL would draw into a window. Compositing window managers that want to use EGL have to create a big fake window that covers the entire screen, and had to add a lot of other kludges to work around the millions of assumptions that a window and any changes to it's pixels was instantly visible on the screen.

about three weeks ago
top

NASA Eyes Crew Deep Sleep Option For Mars Mission

spitzak Re:What was it (236 comments)

The awake guy is useful if HAL has to be disconnected.

about a month ago
top

Apple Yet To Push Patch For "Shellshock" Bug

spitzak Re:The whole function exporting mechanism is a bug (208 comments)

That is an excellent idea. Somebody should mod this up!

The way bash is doing this is a ridculous hack and it is not suprising it is also a huge security hole.

You can set an envoronment variable in bash to a value that will cause recursively-called bash to think it is a function, white it is not a function in the bash that defined it. That is just stupid.

about a month ago
top

Nearly 2,000 Chicago Flights Canceled After Worker Sets Fire At Radar Center

spitzak Re:what a difference a day makes (223 comments)

No, everybody should carry matches! They would surely have stopped this maniac that way! It's the damn gubiment saying we can't carry matches...

about a month ago
top

Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

spitzak Re:"could be worse than Heartbleed" (318 comments)

Sorry you are right. It is with any program that calls anything that eventually calls system recursively.

The problem is a lot of people are saying "this program calls system() and is therefore vulnerable". That is false. That program, or something calling it, must also set an environment variable to unchecked user input. Therefore it is not quite as bad as this knee-jerk reaction is. It is pretty bad, but all actual holes found involve an outermost program that sets environment variables.

I fully agree that 100% of the bug is in bash, not anywhere else. Though programmers and libraries could be blamed some for encouraging use of system() when other methods would not only be safer but faster too, but those methods have too complex an api. Certainly I have seen even python code use system to do things such as run rm, when python has a library method to remove files. There is a serious problem that it is nearly impossible to locate how to do something easily other than doing system().

about a month ago
top

Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

spitzak Re:It's been in bash a while. (318 comments)

Yuck, that's pretty bad, especially because web servers are not so easy to update.

about a month ago
top

Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

spitzak Re:So flog the bash developer who checked this in. (318 comments)

Apparently it also concatenates the -c argument and parses the whole thing at once. Unbelievable.

This is the still-existing exploit. Try this in the patched version (or the one for that matter):

    env X='() { (a)=>\' bash -c "file echo vulnerable; cat file"

My guess is because it pasted the -c onto the end of the command with a newline. The >\ somehow caused a > sign and an escaped newline to be parsed, resulting in the command ">file echo vulnerable" to be executed.

This looks a lot harder to exploit as there is less control over the -c argument, and it has to be the last environment variable.

about a month ago
top

Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

spitzak Re:This exposes systemic insecurities (318 comments)

No I think you are confusing it a bit. Yes it would be really bad if something calling system() had a defect such that an attacker could set $PATH beforehand. But that would be an obvious bug and fixed long ago.

This bug just requires a piece of text crafted by the user to be in *any* environment variable. For instance if the calling code put the arguments to the function it wanted into $ARG1, $ARG2, etc.

about a month ago

Submissions

spitzak hasn't submitted any stories.

Journals

spitzak has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?