Forgot your password?
typodupeerror

Comment: Re:Only CGI scripts affected? (Score 1) 399

by ArsenneLupin (#47991853) Attached to: Remote Exploit Vulnerability Found In Bash

Oh I had the same thought....I mean, by the time an "attacker" is modifying arbitrary environment variables in your process,

Which is the case on most Apache Web server configs: the client has full control over the HTTP_REFERER and HTTP_USER_AGENT variables... And the exploit in question works with any environment variable, including those 2.

Well, starting from here, you are vulnerable as soon as:

  1. You have a CGI script written as a #!/bin/bash script on your system
  1. You have /bin/sh symlinked to /bin/bash (used to be common in many Linux distribution), so as soon as a script calls system(), /bin/bash gets executed, along with the scripts full environment...

Comment: Re:Really? Using bash for CGI? (Score 2) 399

by ArsenneLupin (#47991811) Attached to: Remote Exploit Vulnerability Found In Bash

The problem affects any CGI that *calls* bash, which means any call to system() in any language is going to cause a problem.

Nowadays, on most systems, /bin/sh is a proper Bourne Shell (either ash or dash), and no longer bash. So system() should no longer be an issue, but explicitly calling bash still would be...

Comment: Re:Full Disclosure can be found on oss-security... (Score 1) 399

by ArsenneLupin (#47991801) Attached to: Remote Exploit Vulnerability Found In Bash

Just ran pacman -Syu

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

Good. And now on to the next level:

env X='() { (a)=>\' bash -c "echo /usr/bin/id"; cat echo

Comment: Re:Wrong type of machine for Dremel (Score 1) 105

by ArsenneLupin (#47943627) Attached to: Dremel Releases 3D Printer
Doesn't all this depend on the software? On a milling machine intended for the end user, the software could know about some of these constraints, and automatically reduce the speed to safe levels where needed. And also, this iModela machine works with soft materials (plastics, woods), not steel, which (probably) means it's not quite as likely to destroy its bits if mis-driven.

Comment: Re:What is a customer? (Score 1) 290

by ArsenneLupin (#47888947) Attached to: German Court: Google Must Stop Ignoring Customer E-mails

The court, not being stupid, will probably send a few "canary" emails.

The court, while certainly not stupid, is very probably lazy. And won't continue bothering google out of its own initiative once a "settlement" is reached.

It will take a continued action by the consumer watchdog organization to keep the court interested, but it's a very fine line to walk between "keeping the court interested" and "not annoy the court by pestering it too much"

Comment: Re:What is a customer? (Score 1) 290

by ArsenneLupin (#47888321) Attached to: German Court: Google Must Stop Ignoring Customer E-mails

If Google decides to discontinue all Google services in Germany as a result, would that really be a "win" for the German consumer?

More likely outcome is that they change the auto-reply text of the mail to "thank you for your valuable feedback", and then still continue to ignore it. The customer will be none-the-wiser, and unable to prove that feedback gets ignored.

Comment: Re:Yes (Score 1) 152

by ArsenneLupin (#47814819) Attached to: Google Serves Old Search Page To Old Browsers

Please, Google, do continue to not "improve" the experience for "older" browsers. I've had all the UX "improvement" I can take.

Well said! I fullheartedly agree, and set the user agent of my firefox to version 0.10: the experience is a breeze! And yes, it even prevents google from inserting its own tracking into some of the links...

Comment: Re:Yes (Score 1) 152

by ArsenneLupin (#47814805) Attached to: Google Serves Old Search Page To Old Browsers

And there are no tracking cookies or similar inserted into the links, just the plain links. Overall a good experience :-)

... however, the normal site (for "recent" browsers) does insert tracking cookies.

I didn't check though whether the results were maybe outdated (newer pages not listed...), that would be nasty...

A test with google news shows that this is fortunately not the case, it shows news from within today. So if it is outdated, it's certainly outdated by less than one day.

Comment: Re:Yes (Score 4, Informative) 152

by ArsenneLupin (#47814789) Attached to: Google Serves Old Search Page To Old Browsers
I tried it (by setting the user-agent of my firefox to "Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040914 Firefox/0.10"), and I'm delighted. Image search works again and it feels faster too.

I didn't notice the problem you're mentioning about link visited being broken. I searched twice for myself, the first time I clicked on one of my links. After the second search, that link was correctly colored purple, as it should. However, I did notice a small delay before it turned from blue to purple.

And there are no tracking cookies or similar inserted into the links, just the plain links. Overall a good experience :-)

I didn't check though whether the results were maybe outdated (newer pages not listed...), that would be nasty...

Your code should be more efficient!

Working...