So? Same problem exists in bash and friends too. Heck, there's a version of iTunes on Mac that would wipe your drive if you had a space in the volume name.
I wonder how many still have that subsystem, since it became optional. But then again, that's something that might reasonably be installed on a server. If I had it installed, I'd give it a try.
Quotation marks are used in the shell environment to make sure that the data inside the quotes is not interpreted by the program as a command.
Except in the cases it triggers the exploit. IMHO, that's the newsworthy bit of this.
Not quoting causes issues is news along the same level as "water is wet". Trying to be secure and breaking things? That's big. At least it's not possible with filenames.
And they went running to another Open Source compiler. Your point?
A shell / powershell script is plain text.
I don't know that an average cost would actually show that much. With the articles about "whales", it seems that the average would be fairly low.
It's a horrible and a sample of things that could potentially come in the future.
That is exactly why I say do it. Implement it, and implement it well. The blow back will hopefully be huge and act as a precedent, both in a legal sense and a more informal sense where the entities trying to do it get hit hard in PR and profits.
"The best way to get a bad law repealed is to enforce it strictly." - Abraham Lincoln
A dynamic non-linear system has some weird boundary conditions. Who could ever have predicted that? </s>
Why wasn't this assumed from the beginning and it shown that it wasn't an issue?
So you missed the ones after that saying it just changed the error they were getting?
Better explain all the 0x80070002, 0x80073712, and 0x80070005 errors in my update log then.
And no, I don't think it's an OEM problem since the logs indicate a missing file in the update itself, at least for some of the errors.
There are plenty of alternatives that are present in many embedded devices?
This depends on upgrades. Carriers, upgrade?
Hell, my wife and I are on different versions of Android, same carrier, same phone, both say they're fully up to date.
Right, their security is far beyond what any criminal organization can ever penetrate. Sure. Pull the other one, it's got bells on.