Forgot your password?
typodupeerror

Comment: Re:Exploit that only affects Mac and Linux (Score 1) 163

by smash (#48028009) Attached to: Apple Fixes Shellshock In OS X

I like how slashdot are making out that this is more of an apple problem when perhaps 0.0001% of apple users are even running a web server and most of those are using php and not mod_cgi, the dhcp client is not vulnerable, etc.

Yet Linux with dhcp client vulnerable and a whole slew of other system utilities potential vulnerable due to using bash everywhere to glue tools together is given a pass.

bash still isn't fixed properly yet, and until it is, any linux box with a dynamic IP address sis potentially at risk.

Comment: Re:that was fast (Score 2) 163

by smash (#48027957) Attached to: Apple Fixes Shellshock In OS X
Apple are likely more concerned with breaking apps that may depend on certain behaviour and actually QA testing their shit before putting it out to 100 million users or so and dealing with the fall out from "it just works" breaking. Linux is an entirely different kettle of fish, where breaking people's shit because you don't like company X or you have an ideology conflict is "acceptable".

Comment: Re:30-46% less force is required to deform?! (Score 1) 302

by smash (#48012521) Attached to: Consumer Reports: New iPhones Not As Bendy As Believed
News flash: as the proportion of electronics volume to phone volume go up, the chassis goes down. Eventually, we reach a point where we need to decide how much force is necessary for a phone to withstand. Time will tell whether this force is enough. If the 9 reports of bent phones are to be believed, out of 10 million plus sales (first weekend) that is not so bad.

Comment: Re:Apple sells jewelry, plain and simple (Score 1) 408

by smash (#48009563) Attached to: Why You Can't Manufacture Like Apple

Unless you wrote your own compiler from machine code, you are still trusting the people who wrote your compiler. You are also trusting the people who wrote the microcode in your CPU. You are trusting third parties irrespective of whether or not you are running open source, and as demonstrated by the leaked NSA docs, there are bugs available for your hard drive firmware that you will never find.

IN short: you're boned and trusting third parties irrespective of how open your OS is - unless all of your hardware is open, all of the firmware for your hardware is open, and you have personally audited all of it.

Comment: Re:Not to praise Apple, but... (Score 1) 208

by smash (#48009525) Attached to: Apple Yet To Push Patch For "Shellshock" Bug

Correct. For this to be exploited, bash needs to be spawned by an internet facing service and pass environmental variables into a bash shell. Nothing on OS X does this by default. OS X does not run the open source dhcpd, and is thus not exploitable via dhcpd, and does not run apache unless manually enabled, and manually configured to run mod_cgi. Remote ssh is also not enabled on the mac by default.

Far more vulnerable is Linux which runs dhcpd on any machine with a non-static IP, through which bash is exploitable.

But hey, let's make out that OS X is worse off than Linux in this case.

The only possible interpretation of any research whatever in the `social sciences' is: some do, some don't. -- Ernest Rutherford

Working...