While this article did kinda make me roll my eyes, it's not quite as simple as that.

The basic idea they're saying is that if a user can create a directory with an arbitrary name (which is normal for a file-server), and that later on an Admin runs a maintenance script which doesn't quote input correctly, arbitrary user commands can be executed with administrative permissions.

So user does:

D:\Users\b\bob123> md "Foo&evil_command"

Days, weeks, months later, an admin decides to run a cleanup/repoting batch file that was written in 1996:

D:\Users> C:\Scripts\cleanup.bat

If the script descends into the filesystem and somewhere in that script is the line: SET CurDir=%CD%, then the effective command SET CurDir=Foo&evil_command is executed.

The end result is that evil_command is invoked by the admin. If the admin is a domain admin and that command happened to be net localgroup "Domain Admins" domain\bob123 /domain, then bob has just been added to the Domain Admins group.

It's an absurdly tiny problem compared to the Bash shell exploit, but it is in fact a violation of security boundaries. Raymond's airtight hatchway stories are when no boundary has been crossed.

He just messed up and made the link relative.

Green Light Drives Leaf Photosynthesis More Efficiently than Red Light in Strong White Light: Revisiting the Enigmatic Question of Why Leaves are Green

IANAB, but I think the crux of this article is on the phrase "in strong white light".

So perhaps green light is more effective outdoors, but in an environment only lit by artificial light, green light is probably not the most effective (unless maybe you use both a powerful white light AND a green light?).

Not only anonymity, but privacy as well.

Try browsing around with your browser's Referer header disabled (or spoofed to be empty/google/etc). You'll run into sites that either (1) won't load at all, only showing a "CloudFlare security page" that totally blocks access, or (2) have content that won't load due to CloudFlare's default referrer blocking settings. I assume (2) is to prevent "hotlinking" (aka - "using the Web"), but it prevents scripts, styles, etc from loading. However the first behavior (blocking anyone without a Referer header) is complete bullshit.

Using NoScript on a CloudFlare site can also be a nightmare. They have their own absolutely batshit absurd scripting thing call Rocket Loader. The only impression I've gotten from it so far is that it makes script whitelisting difficult and user-scripts even worse.

I can appreciate the primary selling points of CloudFlare (CDN, DDoS protection), but they do a lot more to interfere with site web traffic. The default settings for a site are also probably too aggressive.

I miss the CowboyNeal option :(

You should be able to disable Aero Peek, or you can use a fantastic third party tool to customize how the taskbar behaves.

It's nice Apple responded, but the outrage over this whole thing (especially for people who have already bought into the iTunes garden) seems way overblown.

Some perspective might help.

Only because theists have done everything in their power to change the common meaning of the word "atheist". It's so much easier to persecute someone if you can twist their stance into being the exact opposite of your own because this allows you to set up "us versus them" and "attack on our way of life" straw men.

It doesn't help that for many people (in English anyway), the phrase "I do not believe X" has come to be equal to "I believe against X". Declaration of a lack of a thing does not, in any way, declare that you hold to its antithesis. It's this crucial point that theists miss -- some due to ignorance, but most due to an explicit intent to mislead.

Of course, this applies to topics other than (a)theism, and is pretty much the standard MO of most conservative pundits. Why have a rational discussion when you can fabricate a one-sided fight instead?

Ah yes. Everyone should have to set up a second machine, connect it to the other via a serial cable (having remembered to enable serial port debugging on the host prior to the crash), and then fire up their kernel debugger just to get the bugcheck code.

Putting a numeric error code (which usually comes with the symbolic name as well) on a consumer-facing fatal error is absolutely the correct thing to do. Once you've reached the kernel panic failure point there's not much most consumers can do anyway, so providing some diagnostic information can't hurt anything. If you don't then you may as well just restart the machine and not bothering to show an error at all. That sure sounds friendly.

A lot of interesting and infamous material ends up on 4chan, some of which might be illegal in certain jurisdictions for reasons ranging from copyright infringement to child pornography.

Have any of the 4chan staff/admins think they've found a real honeypot on the site created by a government or corporation with the intent to prosecute or harass 4chan users (or the site/owners itself)? If so, what actions did you take?

4chan has been a popular high-trafic site for a while now. I'm curious: how many buyout offers have you received from outside parties? Who were they and how much did they offer?

You should be careful -- you're well on your way (if not there already) of becoming infamous around here. We've already got APK, "Guardian of the Hosts File". We certainly don't need narcc, "Defender of Chromifox".

Firefox 28 (with tabs-on-bottom if you please), Windows 7, and Linux with Gnome 2 (aka MATE).

I'm basically just holding out with old (or "old") software to avoid the current plague of horrible user interface design. The entire "UX designer" movement we're seeing right now is nothing more than a user-hostile circle jerk, doing the perpetuating the same ideas because everyone else is doing it. It's frankly a cancer upon computing, and my only hope is that we eventually see enough pushback from users that the morons at Mozilla, Microsoft, Google and elsewhere realize their mistake, fire all the useless UX blowhards, go back to real usability studies, and let us all get on with a life where we won't always worry that clicking "update" will almost certainly royally fuck everything up.

After the travesty of the first two films, I'm not looking forward to the third movie.

While far from perfect, I felt that Peter Jackson at least made an attempt to stay true to the original story in Lord of the Rings. For the Hobbit he didn't hold anything back as sold out to the suits at Warner Brothers. Both he and the Tolkien family should be ashamed they agreed to this abortion screenplay.

The Turing Test was not passed, and the only people who claim it was are ignorant reporters looking for an easy story with a catchy headline and tech morons who also believe Kevin Warwick is a cyborg.

The test was rigged in every way possible:

- judges told they were talking to a child
- that doesn't speak English as a primary language
- which was programmed with the express intent of misdirection
- and only "fooled" 30% of the judges.

And, even after all that, Cleverbot did a much better job back in 2011 with a 60% success rate.

This Eugene test outcome was a complete farce -- something to remind everyone that Warwick still exists and to separate the ignorant and sensational tech news trash rags from the more legitimate sources of information.

I hadn't heard of Penn's Sunday School, but it looks interesting. Thanks for the suggestion.