Forgot your password?
typodupeerror

Comment: Re:The more things change the more the stay the sa (Score 1) 716

by ArsenneLupin (#48111145) Attached to: Why the Trolls Will Always Win

"politic" meaning roughly in the original Greek "To shout down"

Bullshit. The word "politic" is derived from "polis", the Greek word for "city". So "politics" is the art of running a city (or city-state, as most cities were back then), not the art of shouting your opponent down...

Comment: Re:Only CGI scripts affected? (Score 1) 399

by ArsenneLupin (#47991853) Attached to: Remote Exploit Vulnerability Found In Bash

Oh I had the same thought....I mean, by the time an "attacker" is modifying arbitrary environment variables in your process,

Which is the case on most Apache Web server configs: the client has full control over the HTTP_REFERER and HTTP_USER_AGENT variables... And the exploit in question works with any environment variable, including those 2.

Well, starting from here, you are vulnerable as soon as:

  1. You have a CGI script written as a #!/bin/bash script on your system
  1. You have /bin/sh symlinked to /bin/bash (used to be common in many Linux distribution), so as soon as a script calls system(), /bin/bash gets executed, along with the scripts full environment...

Comment: Re:Really? Using bash for CGI? (Score 2) 399

by ArsenneLupin (#47991811) Attached to: Remote Exploit Vulnerability Found In Bash

The problem affects any CGI that *calls* bash, which means any call to system() in any language is going to cause a problem.

Nowadays, on most systems, /bin/sh is a proper Bourne Shell (either ash or dash), and no longer bash. So system() should no longer be an issue, but explicitly calling bash still would be...

Comment: Re:Full Disclosure can be found on oss-security... (Score 1) 399

by ArsenneLupin (#47991801) Attached to: Remote Exploit Vulnerability Found In Bash

Just ran pacman -Syu

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

Good. And now on to the next level:

env X='() { (a)=>\' bash -c "echo /usr/bin/id"; cat echo

Comment: Re:Wrong type of machine for Dremel (Score 1) 105

by ArsenneLupin (#47943627) Attached to: Dremel Releases 3D Printer
Doesn't all this depend on the software? On a milling machine intended for the end user, the software could know about some of these constraints, and automatically reduce the speed to safe levels where needed. And also, this iModela machine works with soft materials (plastics, woods), not steel, which (probably) means it's not quite as likely to destroy its bits if mis-driven.

Comment: Re:What is a customer? (Score 1) 290

by ArsenneLupin (#47888947) Attached to: German Court: Google Must Stop Ignoring Customer E-mails

The court, not being stupid, will probably send a few "canary" emails.

The court, while certainly not stupid, is very probably lazy. And won't continue bothering google out of its own initiative once a "settlement" is reached.

It will take a continued action by the consumer watchdog organization to keep the court interested, but it's a very fine line to walk between "keeping the court interested" and "not annoy the court by pestering it too much"

Comment: Re:What is a customer? (Score 1) 290

by ArsenneLupin (#47888321) Attached to: German Court: Google Must Stop Ignoring Customer E-mails

If Google decides to discontinue all Google services in Germany as a result, would that really be a "win" for the German consumer?

More likely outcome is that they change the auto-reply text of the mail to "thank you for your valuable feedback", and then still continue to ignore it. The customer will be none-the-wiser, and unable to prove that feedback gets ignored.

Do not underestimate the value of print statements for debugging.

Working...