Comment Beware (Score 2) 40
The telecoms contributors will play dirty. I promise you.
The telecoms contributors will play dirty. I promise you.
> an attacker will only be able to manipulate the content of some environment variable, but not its name.
How can this be true?
I just tried and successfully passed the variable "_BASH_FUNC_thingy" with the value "my_attack" through my apache web server to a CGI script using a url entered into a browser.
> it has to be prefixed with _BASH_FUNC_ in order to be allowed as a definition)
What's stopping me passing _BASH_FUNC_ in a HTTP request to a BASH CGI script?
Is a re-sizable tile like a window?
>So you're saying it's a case of, "Google, products so good you need to be forced to use them?"
No. I'm saying the other stuff other manufacturers put on phones is a lot worse.
If they can make something lots better, then that alters the equation. Hence Tizen, Meego etc. I'm not holding my breath.
" a man walked past a Sydney Airport security screening while engrossed in his iPad and delayed flights for an hour."
TFA implies he caused the delay, when in fact incompetent airport security staff caused the delay.
That forcing Google apps discourages OEM bloat is simply an assumption.
No. OEM bloat is directly tied to shipping old version of Android. The OEM bloat takes time to build and test and qualify for release. Thus this happens on an earlier version of Android. While the development is taking place, Android is moving on too.
If you take the vanilla Android, you can release a much more up-to-date version, since you don't need 6 months to 1 year to update and requalify your bloatware with the new version of Android. This is pretty much the value proposition of Nexus over any other brand.
Building complex apps without coding doesn't seem like a useful goal. At some point you have to express the program logic and coding has always proven to be the best way.
The dividing line between graphical tool and actual code seems to have been a shifting one over the years. So when you go to a new environment or language where there's a substantial GUI component to building an app, the desire to see it all in code is strong. What actually happens when you add that button? I expect to be able to do it either through code of GUI and if they can't tell me what the GUI did in code, then I'm left clueless as to the underpinnings and so it becomes hard to think through the implications of design decisions.
I tried Swift recently. Swift was easy enough. But Swift+Xcode was impenetrable.
And if Microsoft required something similar, you'd be crying the same thing, right?
What's good for the goose is good for the gander.
No. The problem with Microsoft was the Office lock-in with proprietary file formats.
When a company moves from innovating to abusing its market share, it's usually not a good sign.
Except when you get a phone with an old version of Android and loads of proprietary bloatware 'innovation' the phone sucks in ways it would not suck if it just had the up-to-date integrated Google app suite and android versions.
In this instance, the more Google succeeds, the better the products are.
I'm screwed. I live in one and travel to the other on a fairly regular basis.
>What kind of an admin are you?
The best kind: Grumpy.
Agreed. My primary bitching is about the default state of the gnome screen when you install a system. There isn't anywhere to type. There isn't anything to click on. You have to know arcane things to get it to go away.
I don't get that with KDE, XFCE, FVWM or anything else I've used on and off over the past 30 years.
Hint: The bible is the work of humans. Trying to redefine terms until they fit knowledge that didn't exist at the time of writing doesn't make it more correct. It's still wrong.
Yup. The web server passing input to shell scripts via environment variables is lore that was put in place with the earliest cern web servers and it should have been killed and put to sleep a long time ago.
However the bash shell executing environment variables on the way in is worse.
The equivalent in python would be like putting this at the top of every python CGI script:
untrusted_input = cgi.FieldStorage()
for k in untrusted_input.keys:
eval(untrusted_input[k])
The opposite of a correct statement is a false statement. But the opposite of a profound truth may well be another profound truth. -- Niels Bohr