Forgot your password?

Comment: Still problem with user input. (Score 1) 316

by Chirs (#47998529) Attached to: Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

While you don't need to pass arguments, you still need to set environment variables based on user input.

Whoever thought it was a good idea to allow an HTTP request to set environment variables within the HTTP server to arbitrary values wasn't thinking about security.

Comment: depends on how the QoS is done (Score 1) 132

by Chirs (#47966327) Attached to: Nobody's Neutral In Net Neutrality Debate

I have no problems at all with an ISP prioritizing certain types of traffic, but that prioritization should be 1) under the control of the subscriber, and 2) it should *only* affect traffic belonging to that subscriber. My traffic and your traffic should be shaped (as a whole) based on the subscriptions that each of us has paid for.

That is, I could ask my ISP to prioritize my Netflix packets over my bittorrent packets, but if you and I have paid for the same level of service then your VoIP packets shouldn't get priority over my Netflix packets.

The only difference between a car salesman and a computer salesman is that the car salesman knows he's lying.