Forgot your password?
typodupeerror

Comment: Re:GTFO. (Score 1) 450

by fnj (#48042219) Attached to: Obama Administration Argues For Backdoors In Personal Electronics

But I don't trust the government, in the form of law enforcement or in any other form, to operate in terms of genuine best interest of the people. It's as simple as that. They are a bunch of cynical, power-drunk hooligans, elected by morons, and with their puppet strings controlled by entrenched unaccountable evil bastards.

Let's hear it for science. If brilliant scientists can defeat some of the excesses of this cancer on the people, I say hip hip hurray. Criminal elements have always been reachable using genuine backbreaking detective work, no matter how clever the criminals. I am not filled with fear to think that the next group of 19 hijackers, or child molesters if you MUST use the boogeyman du jour, will have unbreakable cryptography. I am more worried about the atmosphere that is breeding these deviants and causing them to thrive.

Comment: Re:There are no "remote" exploits for bash (Score 1) 326

by fnj (#48032247) Attached to: Bash To Require Further Patching, As More Shellshock Holes Found

The setup script for Altera's Quartus II IDE uses "/bin/env" to find "sh" on Linux. I mean WTF... env isn't located in /bin on most systems. env isn't even given a standard location by POSIX or LSB, whereas sh is. Granted, they assume some ancient version of RH, but it works fine on Debian.

Since linux has now fucked up the directory structure, /bin/env is the same as /usr/bin/env now. Hey, look on the plus side. It's easier to find executables now.

Now /bin, /usr/bin, /sbin, and /usr/sbin are now all symlinked to one place, and /lib, /lib64, /usr/lib, and /usr/lib64 are all symlinked to one place. At least that's the way it is on arch, and I have no doubt all distros will be going that route.

Comment: Re:Is the bash parser a lost cause? (Score 1) 326

by fnj (#48020541) Attached to: Bash To Require Further Patching, As More Shellshock Holes Found

why do people keep picking on Bash when many other software programs have had these problems

Those programs are not shells. Now show me bugs in BSD's POSIX sh, or dash, or mksh, or zsh that approach anywhere near the unacceptable gross severity of Shellshock in bash. If you can do that, we might lay off flaying bash. Until then, it is bloody obvious why we keep "picking on" bash.

Comment: Re:There are no "remote" exploits for bash (Score 2) 326

by fnj (#48020491) Attached to: Bash To Require Further Patching, As More Shellshock Holes Found

/bin/sh is linked to /bin/bash and vulnerable

Only for a distro which is designed and implemented STUPIDLY. Granted a lot of major distros do this. RHEL for example. And yes, it is stupid and lazy. It is stupid because bash does not perfectly implement POSIX sh behavior. Even when $0 is /bin/sh, the reduced emulation is flawed. It still allows extensions which expose bugs. And it is lazy because they allowed crap scripts to creep into the system so that they decided it was too hard to weed them out. A crap script is one whose shebang line says "#!/bin/sh" instead of "#!/bin/bash, which claims that all it needs is POSIX sh, but which still relies on bash extensions, because the writer never tested it on a real sh.

Debian and ubuntu link /bin/sh to dash instead of bash. The BSDs do not link /bin/sh to anything; they start with a proper POSIX sh. Dash, and BSD sh, are much better implementations of POSIX sh behavior than bash is. They doesn't have the buggy extensions and are much lighter weight. The best interactive shell is not the best, or even necessarily an acceptable, scripting shell. You can install bash in debian or ubuntu or BSD and it doesn't hook into and take over /bin/sh.

Let's not forget that the multiple bugs which have recently come to light are all in bash. I have seen nothing similar exposed in BSD sh, dash, mksh, csh/tcsh, or zsh. Looks to me like the coding of bash was crappy going back at least 25 years.

Comment: Re:Cost (Score 1) 117

by fnj (#48017943) Attached to: World's Smallest 3G Module Will Connect Everything To the Internet

If you're hooking up things in your house, use something like the ESP8266. It does WPA2/bgn, has a range of a 100 feet with just the chip antenna, max transmit for less than 250 mA, sleeps 10mA, and only costs 5 USD single module pricing.

I was going to ridicule any piece of junk with that collossal level of sleep current. Then I looked up the specs and found it's a more palatable 10 microamps power-down and 1 mW standby. Still higher than it should be IMO, but at least usable.

Example: a PIC18 can easily handle measuring remote temperature (outdoors, cellar, hot and cold water pipes, unused rooms, etc) using a Dallas 18B20 sensor, sleeping at under 1 microamp and waking once a minute for a few milliseconds. That would make possible powering with a lithium coin cell for a year. You wouldn't want the WiFi interface raising that requirement from one coin cell to 10 or 100 or 1000 coin cells.

Comment: Re:Issue with FSF statement... (Score 1) 208

by fnj (#48008759) Attached to: Apple Yet To Push Patch For "Shellshock" Bug

Ahem. Apple is legally compelled to issue source code for whatever version of bash they use. It's called the GPL. For the rest of their core operating system (but not the proprietary GUI), yes, Apple voluntarily has released source code. It's mostly derived from BSD licensed stuff, and nothing compelled them to do so.

It is entirely possible to run bash on Windows, too. I'll let you figure out how. And the provider of that bash is compelled to make their source code available too.

Comment: Re:~/.cshrc (Score 4, Interesting) 208

by fnj (#48008739) Attached to: Apple Yet To Push Patch For "Shellshock" Bug

Rename /bin/bash to /bin/bash.bak then create a link [cyberciti.biz] from /bin/dash to /bin/bash ..

And get ready for a whole lot of scripts failing. Scripts that start with #!/bin/sh but are written dependant on bash features will fail. Scripts that start with #!/bin/bash on the other hand will just fail to start. You'll have a busted-ass system, but at least it won't be attacked.

Now if you were running debian or ubuntu /bin/sh would already be a link to /bin/dash, and there wouldn't be any screwed up scripts because the design of the file layout was made by people who weren't brain dead.

Programmers do it bit by bit.

Working...