Forgot your password?

Comment: Re:Eurocopter / Airbus X3 (Score 1) 101

by AC-x (#47413619) Attached to: Radical Dual Tilting Blade Helicopter Design Targets Speeds of Over 270mph

It's more like the Sikorsky X2. The dual rotors are an important feature; With a single rotor as you increase forward speed you lose lift on one side of the rotor as it slower relative airspeed, until it's basically going backwards. Having contra-rotating rotors means that one side will always have blades going "forwards" regardless of airspeed.

Comment: Is it really a single board computer? (Score 1) 122

by AC-x (#47393283) Attached to: New Single Board Computer Lets You Swap Out the CPU and Memory

Is it really a single board computer, if the SoC is on a separate board?

Looks more like a mini, more powerful version of the Raspberry Pi Compute Module with a Raspberry Pi like breakout board.

Those SoC modules themselves could be useful on their own if they sell the sockets to use on custom circuit boards...

Comment: Re:Computers were conceived to execute user comman (Score 1) 215

by AC-x (#47341495) Attached to: Exploiting Wildcards On Linux/Unix

I have no idea what the solution is, but I suspect that we need to do some fundamental rethinking of secure architectures and user interfaces. Architectures need to more safely isolate data and logical functionality, and interfaces need to more safely mediate users interaction with devices. I confidently assert that the current architectures simply can't be secured, no matter how much junk is kludged to the task. Prove me wrong, please.

On the other hand this specific issue could be easily solved by * prefixing all filenames with ./

So far I've not heard of anything that would break, and it's silly arguing that this specific problem is part of required functionality and not something that can/should be fixed when it appears to have such a simple solution.

Comment: Re:in root? Am I missing something? (Score 3, Informative) 215

by AC-x (#47334067) Attached to: Exploiting Wildcards On Linux/Unix

Since one is root, one can do anything anyway so why bother with all this misdirection?

Because you can trick a more privileged user into executing commands for you by writing files into your own folder. Most the examples given were of admin housekeeping tasks run against a user writeable folder.

Comment: Re:Computers were conceived to execute user comman (Score 1) 215

by AC-x (#47334029) Attached to: Exploiting Wildcards On Linux/Unix

If computers were conceived to execute user commands, then why is a command for matching file and dictionary names returning them in such a form that they become executable parameters, when they could easily be explicit filenames by adding ./ at the beginning?

Is making what should be basic and safe housekeeping functions like chmod * and tar * dangerous really something you actually want in Linux?

Comment: Re:Definition of idiot (Score 1) 215

by AC-x (#47333913) Attached to: Exploiting Wildcards On Linux/Unix

Right, so an admin tarballing the content of a user's folder is an idiot because he didn't check to make sure the shell he was using wouldn't pass any of the file names as executable attributes instead of, you know, file names?

The one line summary for this story is bad things happen to people who use a command without knowing what the command does.

The definition of the unix wildcard when used in the shell is:

"The character * is a wildcard and matches zero or more character(s) in a file (or directory) name."

Note that the definition doesn't include anything about translate filenames into other kinds of executable parameters.

Comment: Who ever asked for this "feature" (Score 1) 215

by AC-x (#47333761) Attached to: Exploiting Wildcards On Linux/Unix

Probably because anybody who's used the various Bourne-style shells for a while
considers it a feature, not a bug. This is a case where the Principle of Least
Surprise comes up with different answers for novice users and for experts:
"What? A * can expand into an unintended command argument?" "Yeah, what *else*
would it do - the shell is just globbing, it doesn't know for sure what the
command will do with the parameter".

Who asked for this feature? Can anyone give me a legitimate use case for "tar cf archive.tar *" evaluating as

tar cf archive.tar admin.php ado.php --checkpoint=1 "--checkpoint-action=exec=sh"

instead of

tar cf archive.tar "./admin.php" "./ado.php" "./--checkpoint=1" "./--checkpoint-action=exec=sh"

Support Mental Health. Or I'll kill you.