While this article did kinda make me roll my eyes, it's not quite as simple as that.
The basic idea they're saying is that if a user can create a directory with an arbitrary name (which is normal for a file-server), and that later on an Admin runs a maintenance script which doesn't quote input correctly, arbitrary user commands can be executed with administrative permissions.
So user does:
D:\Users\b\bob123> md "Foo&evil_command"
Days, weeks, months later, an admin decides to run a cleanup/repoting batch file that was written in 1996:
D:\Users> C:\Scripts\cleanup.bat
If the script descends into the filesystem and somewhere in that script is the line: SET CurDir=%CD%, then the effective command SET CurDir=Foo&evil_command is executed.
The end result is that evil_command is invoked by the admin. If the admin is a domain admin and that command happened to be net localgroup "Domain Admins" domain\bob123
It's an absurdly tiny problem compared to the Bash shell exploit, but it is in fact a violation of security boundaries. Raymond's airtight hatchway stories are when no boundary has been crossed.
Any particular reason you linked back to this very article
He just messed up and made the link relative.
IANAB, but I think the crux of this article is on the phrase "in strong white light".
Because green light can penetrate further into the leaf than red or blue light, in strong white light,
any additional green light absorbed by the lower chloroplasts would increase leaf photosynthesis to a
greater extent than would additional red or blue light.
So perhaps green light is more effective outdoors, but in an environment only lit by artificial light, green light is probably not the most effective (unless maybe you use both a powerful white light AND a green light?).
CloudFlare is a f.ing nightmare for anonymity
Not only anonymity, but privacy as well.
Try browsing around with your browser's Referer header disabled (or spoofed to be empty/google/etc). You'll run into sites that either (1) won't load at all, only showing a "CloudFlare security page" that totally blocks access, or (2) have content that won't load due to CloudFlare's default referrer blocking settings. I assume (2) is to prevent "hotlinking" (aka - "using the Web"), but it prevents scripts, styles, etc from loading. However the first behavior (blocking anyone without a Referer header) is complete bullshit.
Using NoScript on a CloudFlare site can also be a nightmare. They have their own absolutely batshit absurd scripting thing call Rocket Loader. The only impression I've gotten from it so far is that it makes script whitelisting difficult and user-scripts even worse.
I can appreciate the primary selling points of CloudFlare (CDN, DDoS protection), but they do a lot more to interfere with site web traffic. The default settings for a site are also probably too aggressive.
and like to provide some "opt-out" choices
I miss the CowboyNeal option
You should be able to disable Aero Peek, or you can use a fantastic third party tool to customize how the taskbar behaves.
It's nice Apple responded, but the outrage over this whole thing (especially for people who have already bought into the iTunes garden) seems way overblown.
Atheism is the lack of belief in a god or god. Nothing else.
Ideally, yes, but we all know that that's not all there is to it these days.
Only because theists have done everything in their power to change the common meaning of the word "atheist". It's so much easier to persecute someone if you can twist their stance into being the exact opposite of your own because this allows you to set up "us versus them" and "attack on our way of life" straw men.
It doesn't help that for many people (in English anyway), the phrase "I do not believe X" has come to be equal to "I believe against X". Declaration of a lack of a thing does not, in any way, declare that you hold to its antithesis. It's this crucial point that theists miss -- some due to ignorance, but most due to an explicit intent to mislead.
Of course, this applies to topics other than (a)theism, and is pretty much the standard MO of most conservative pundits. Why have a rational discussion when you can fabricate a one-sided fight instead?
Did he also decide to produce the Hex output that is entirely useless and without merit? I understand that's for debugging purposes, but who decided that was a good idea to leave in for a consumer-level OS? Seriously.
Ah yes. Everyone should have to set up a second machine, connect it to the other via a serial cable (having remembered to enable serial port debugging on the host prior to the crash), and then fire up their kernel debugger just to get the bugcheck code.
Putting a numeric error code (which usually comes with the symbolic name as well) on a consumer-facing fatal error is absolutely the correct thing to do. Once you've reached the kernel panic failure point there's not much most consumers can do anyway, so providing some diagnostic information can't hurt anything. If you don't then you may as well just restart the machine and not bothering to show an error at all. That sure sounds friendly.
A lot of interesting and infamous material ends up on 4chan, some of which might be illegal in certain jurisdictions for reasons ranging from copyright infringement to child pornography.
Have any of the 4chan staff/admins think they've found a real honeypot on the site created by a government or corporation with the intent to prosecute or harass 4chan users (or the site/owners itself)? If so, what actions did you take?
4chan has been a popular high-trafic site for a while now. I'm curious: how many buyout offers have you received from outside parties? Who were they and how much did they offer?
You should be careful -- you're well on your way (if not there already) of becoming infamous around here. We've already got APK, "Guardian of the Hosts File". We certainly don't need narcc, "Defender of Chromifox".
The moon is made of green cheese. -- John Heywood