It's very, very tricky (impossible?) to set that up right with the newer suckurity checks in recent version of SuExec, especially now that SELinux has removed *_disable_trans. Previously you could do it with httpd_suexec_disable_trans. Now mostly people resort to running Apache as a permissive context - effectively castrating the mandatory access controls in order to run soemthing that castrates the discretionary access controls (standard permissions).

Also, before the new checks were added, SuExec could be used in a smart way, though few people did. Suppose you have a user named "joe". You could create a script user named "joes_scripts". In that way, Joe's scripts would run as their own user. The new checks won't allow the joes_scripts user to run within a the home directory of "joe", so there goes the proper use of suexec.

On a dedicated server, the you CAN create a user that safely isolates scripts, so scripts run as a separate user from everything else. That user is called "httpd" or "nobody", and that's the default you get by NOT using suexec.

Most of what we see in the wild is caused by improperly written PHP scripts which don't validate their input and then use crud like fopen_url. That provides the crackers the METHOD to put files on the server and execute them. SuExec gives web visitors PERMISSION to ad and modify files.

Unfortunately, the folks at Plesk didn't read the first paragraph of the SuExec documentation before deploying it by default, so hundreds of thousands of DIY web servers are running with SuExec. (SuExec means allow visitors to modify files, but don't allow other clients hosted on the same shared server to do so).

What the Plesk and DirectAdmin folks should have read, from the Apache SuExec page:

        -----
        Used properly, this feature can reduce considerably the security risks involved with allowing users to develop and run
        private CGI or SSI programs. However, if suEXEC is improperly configured, it can cause any number of problems and
      possibly create new holes in your computer's security. If you aren't familiar with managing setuid root programs and the
        security issues they present, we highly recommend that you not consider using suEXEC.
        -----

That last sentence bears repeatings. "If you aren't familiar with managing setuid root programs and the security issues they present, we highly recommend that you not consider using suEXEC." Plesk, and DirectAdmin - your customers are not familiar with managing setuid programs and the security issue, so they should not even CONSIDER running suexec, much less have that foisted on them as the default.

Indeed, I meant westfieldwhip.com

Ps, about desktop market share -
Westwhip.com has a significant market share in their target market too. A 90% share of a segment that's becoming a historical era doesn't mean much.

http://www.forbes.com/global20...

Apple is the #15 largest company in the world. Microsoft is #32.

Apple has $160 billion of CASH on hand. Microsoft's total assets, all of their real estate, etc is $150 billion.

While Democratic Senator Robert Byrd was president pro tempore of the U.S. Senate, and the longest serving Democrat in any national office, he wrote scathing commentary about Obama ignoring the Constitution and legislating from the oval office. Nobody is more democrat than Byrd. More recently, the distinguished Senator from Ohio wrote that Obama's handling of Obamacare is clearly unconstitutional.

I understand you're probably infatuated with the guy, but peek around the blinders once in a while.

He, like all presidential candidates, WAS profoundly egotistical and had a pathological need for approval, but that he seems to have given up on the approval part, going the way of "nobody understands but me". That sometimes happens when somebody becomes "the most powerful man in the world", of course.

His July, 2013 decision to start blatantly rewriting law, unilaterally, is ample evidence of that. Ev Almost everyone, the people who voted for him, congress members from his own party, his largest donors - all say what he's doing is unconstitutional and wrong, but he doesn't seem to care anymore.

For a rough guesstimate, let's say 25 people read your post. At least one of those people (4%) use XQuartz. Is 4% of people "next to no one"?

I use it. Sometimes to run something like Wireshark, sometimes I do:
ray@mymac$ ssh -X -C me@linux.myhouse
 

I can only guess you didn't read even the first sentence of TFS. The attack occurred in 2010, so this is hardly a case of "people panic way to quick".

"or it was just a bug" - we have a copy the malware they used, and they exploited at least two zero-day vulnerabilities, and were accessing the system for months.

This incident was kind of a big deal. Someone with sophisticated exploit capabilities had run of Nasdaq's network for several months.

This has come up before in similar cases and the celebrity loses unless their image is used in a way that misleads consumers by implying endorsement of the product.
For a video game example, see James "Jim" Brown v. Electronic Arts, Inc. Also, Tiger Woods' agent sued regard a painting featuring the golfer, and lost, in ETW Corp. v. Jireh Publishing. Alyssa Milano's mom, Lin Milano, contacted us about her daughter's "right of publicity" 20 years ago and we found we could tell her to take a hike.

Absent defamation, the celebrity's name and image is protected in a way very similar to a trademark. (In common law jurisdictions, almost _exactly_ like a trademark). You can't sell "Britney Spears" brand headphones without permission, because that would imply that the singer endorses the product, misleading consumers. You CAN sell a comic book titled "Britney Spears is a stupid slut" because nobody will think Ms. Spears endorsed that.

Of course there can be other causes of action if someone does something else bad and also happens to be using a celebrity's image as well, but it usually comes down to implied endorsement. Laws do vary from one state to another.

BS on anyone thinking "geek is for boys". Everyone knows geek work is for both pimple-faced, socially awkward boys AND fat girls too.

Which doesn't explain why my boss is so good at it, nor why my mom was an awesome programmer and analyst - neither of them are fat.

I'm reasonably well known, in the computer security field anyway. If you can't find my email address ... well I suppose you're not particularly interested in computer security.

The bill says that your internet bill won't be used to pay for government, not that government can't pay for internet. Concrete examples - you can't tax voting. Governments can and do pay for voting machines. You don't get taxed on sending your kids to school. The government does pay for government schools. You don't pay a tax on researching solar panels, the government does pay for solar panel research.

A processor is a piece of hardware, correct?
TFS says the Verilog source code of the processor is available. "Source code" sounds like software. I bet you can even run that source code on a general purpose CPU, can't you?

So is the processor hardware, software, or are the people who scream about "software patents" utterly clueless about computer engineering?