/bin/sh is linked to /bin/bash and vulnerable

Not on Debian/Ubuntu. On those, /bin/sh is symlinked to dash, which is not vulnerable to Shellshock.

To test this, I created a small PHP script, as follows:

$ cat > x.php
<?php
system('echo hello there');

I run the php script, and do an strace following children:

$ strace -f -o output php x.php

In the output I find this:

28302 execve("/bin/sh", ["sh", "-c", "echo hello there"], [/* 24 vars */]) = 0

And here is what /bin/sh links to ...

$ ls -l /bin/sh
lrwxrwxrwx 1 root root 4 Mar 29 2012 /bin/sh -> dash

In August 2009, a boy was hit by lightning and later died in hospital. Witnesses said the sky was blue above them, and there was no thunder or rain.

Link

Look, there is a bug, obviously, but to say that it is "remotely exploitable" is a half-truth, and that it is "on level with or worse than heartbleed" is nonsense.

There are a lot of things that need to "line up" in order for this to be remotely exploitable.

It is 2014 and anonymity is a crime, what country are we thinking of ?

Why is systemd bad?

The issues posed by adopting systemd to various distros are listed on the site: Boycott systemd.

Spread it around so people know ...

Mod this up!

I had to deal with a remote customer whose person on site does not speak English, by getting him to enter UNIX shell commands. His native language (and mine) was Arabic.

What I did was to tell him what Arabic key to press so that the English equivalent would be the one sent to the shell.

We were lucky that his Arabic keyboard layout was the same as mine. That was not a given in those days (Late 80s, early 90s), but we lucked out.

He was describing to me the output in English (vertical bar, vertical bar with a circle at the bottom, ...etc).

It worked out and we solved the problem in less than an hour.

Home Depot stores credit cards with the transactions.

I know this because when you go to return something I bought, they don't ask you for the credit card, and sort of highlight that this is a convenience that is unique to Home Depot.

I complained more than once to the cashiers about storing credit card numbers (it is not their fault, it is management and IT). The cashiers would say: "Don't worry, we don't have access to it!"

My response was: it is not you whom I am worried about.

Now we know that storing credit cards is a bad idea, and why ...

There is also the possibility that the project was sabotaged by an external actor.

Maybe it is a coincidence but the one who profits the most from this failure is the same as has been working hard during the last 10 years to get rid of the Galileo program and is also the same nation as is known for being the most technically capable in electronic warfare/hacking.

I work from home, and have been using a recliner as my only "desk" for about 6 years and have the following to share ...

- My recliner is a La-Z-Boy. Can't remember the model since it is has been many years, but it is not something fancy. I tried leather for a little while, but it can be sweaty and sensitive to even your finger nails. So I have been using fabric.

- If you recliner has a wall behind it, then move it away from the wall a bit so it can recline back.

- Your LEGS (calves and feet) will feel better on a recliner.

- Use a pillow or something to support your NECK. It will feel better.

- Watch for your BACK. Put a stiff-ish wide pillow below you if you feel like you bottom is sinking in the chair. Also, put another stiff-ish wide pillow behind your lower back. Experiment with different pillows until you find the right combination.

- Avoid any FANCY back support that curves your spine too much. These are the most common ones on the market in my experience. This includes the wire frame lumbar support mesh thingies (they aerate well, but will hurt your back because of too much spine curvature), or those cylinder shaped hard pillows.

- Use a LAPDESK (those foam filled sacks with a vinyl covered plywood surface).

- Get a table that is level with the arm rests beside you so you can easily sip your beverage of choice, and have some handy items too (pens, paper, mobile phone, ...etc.)

- You will be absorbed in whatever you are doing, so interaction with the wife and kids will be mostly "huh? what did you say?" or "later, I am focusing on something else here" ... Not quality time ...

How timely. I am doing a presentation at the local LUG (KWLUG) on OpenWRT in a couple of days.

There are various options out there that are supported by OpenWRT.

In this day and age, you want the most memory and flash that you can get, gigabit ethernet, Wirless N dual band (2.4GHz and 5GHz), as well as USB.

I use The D-Link DIR-835, which has 128MB RAM, 16MB flash (the most memory and flash that you can get for a reasonable price) and all the above features . It goes for ~ $80 in Canada.

There are other options that support most of the above, but with a bit less RAM or flash sometimes, but perhaps 2 port USB, ...etc.

They are:

TP-Link WDR-4300 ~ $70
TP-Link TL-WDR3600 ~ $55
TP-Link TL-WR1043ND ~ $50

All of the above are supported on OpenWRT development snapshots (soon to be a stable release, Barrier Breaker).

For AF447, wreckage was spotted 2 days after the plane went missing, and bodies of passangers were recovered 4 days after that. That gave a rough area to search for the black boxes.

Not a single piece of wreckage from MH370 was found to give a clue on roughly where it went down.

The area is vast, so it is a mind boggling task.

Reminds me of the Berserkers in Viking stories, who went into battle and fought in a trance like frenzied state.

Another Tiny Tiny RSS user here. I run it on the home server, and never looked back.