Submission + - Drupal contrib Remote Code Execution vulnerability gets patched Wednesday

kbahey writes: The Drupal security team has issued a Public Service Announcement (PSA) on an upcoming security release for multiple contributed modules with remote code execution.

Drupal site owners are advised to set time aside on Wednesday (July 13th) around 12:00 EDT (16:00 UTC) to update their site.

This advice is an attempt to avoid what happened when SA-CORE-2014-005 was released, and how fast automated exploits were developed within hours, leading to many Drupal sites being compromised.

Comment Raspbian + Kodi (Score 2) 226

If you want to retain the usual Raspbian (Debian derived) command line interface and use the box just like any other Debian/Ubuntu box, there is no need to install a media specific distro like OSMC or OpenELEC.

Just install regular Raspbian, then install Kodi as you would any debian package:

$ sudo apt-get install kodi

If you want kodi to start automatically and take over the HDMI port, then add this to crontab:

@reboot sleep 45; /usr/lib/kodi/kodi.bin --standalone -fs

The delay is to give you some time to kill the process if you want to start the GUI desktop.

Comment Free Internet Radio (Score 1) 316

I don't subscribe to any music service. All I listen to is Internet radio.

You have a desktop Linux, right? Start by going to vTuner station line up, and search for the stations/genre/language that you want. Click on the "Play" link, and save to a file. In that file, there will be the stream to that station. You can then take that and stick it in your music player. I use Clementine.

No desktop Linux? Okay, you must have a Raspberry Pi then. Just install Kodi:

sudo aptitude install kodi

Then configure the Radio addon, and you will find more or less the same channel line up as in vTuner.

Then add this to your crontab:

@reboot sleep 45; /usr/lib/kodi/kodi.bin --standalone -fs &

But, there is OpenELEC you say. But, Kodi runs on Windows you say. Yes, of course, but this is Slashdot ...

Comment More technical info on Panama Papers (Score 1) 155

There is more technical details in this article.

They are running a 2013 version of Drupal that is vulnerable to SQL injection (dubbed Drupalgeddon).

They are also running an Oracle HTTP server too. That web server seems to be ignoring the .htaccess setup by Drupal, and returns back the entire code of the .module files, and listings of directories, and such.

More interesting is how ICIJ setup their own collaboration around the documents using open source software, like VeraCrypt (fork of TruCrypt), Backlight (Ruby On Rails tool to index documents in Apache Solr), and Oxwall (a social media type of thing).

Comment The Insider Story (Score 1) 150

There are lots of comments, some by BlackBerry insiders, that shed light on why BB went under.

But here is an expose by a reporter (who later turned this into a book).

Inside the fall of BlackBerry: How the smartphone inventor failed to adapt

Basically, BB refused to see Apple's iPhone as a threat. They were too arrogant. They failed to see the concept of having a store where apps are uploaded by developers. Not once! But twice! First with Apple iPhone in 2007, then with Android in 2008, and for years after that.

Look at the comments of Lazarides: all he thought of is "no keyboard", "bad battery life" and "it is too complex"! He and Balsillie failed to see the concept of a phone as an application platform with an entire ecosystem.

Comment Linking (Score 2) 379

Reminds me of a related issue: the FSF's position on linking (which will not impact the issue at hand: ZFS in Ubuntu, but has been raised in different contexts).

Basically, WordPress allows non-GPL modules even though WordPress itself is GPL. The FSF does not like that, and they hold that to extend a GPL application, every extension must be GPL, and they invoke the linking interpretation. Drupal on the other hand, takes the position that all modules must be GPL.

The linking interpretation makes sense when you have A depend on B, and B is proprietary and you can't run A without B, or you can't inspect B at all since you don't have the source code for it. But an extension is the other way. It is not essential for the main application to run, it is optional. Also, the linking interpretation was done in the days before dynamic linking (.so) was possible, and everything was static (.a). And now, we have things like WordPress and Drupal which are written in interpreted languages such as PHP, and you have the source code already.

That linking interpretation is archaic and needs to be expanded or reevaluated.

Comment Anecdotal (Score 1) 123

Anecdotal observations ...

In Southern Ontario where I live ... this year I have been hearing many song birds in early and mid February. Today (Feb 20), it was a male cardinal singing. A couple of weeks ago, it was Red Winged Black Birds, and American Goldfinches.

This is very unusual. It was not until March that we would hear them. I am not saying they are migratory, since some of them choose to stay and feed of bird feeders in people's backyards. But the act of males singing is the unusual part ...

It is an El Nino year though, and winter has been unusually mild.

Comment Re:Never seen so many allergies in people (Score 1) 134

You are basically right, but you made the jump too fast in the timeline ...

Theory has it that hunters and gatherers were egalitarians, with each member doing his share, and no real hierarchy. The work day was like you said.

But then, humans moved from hunting/gathering subsistence, to farming. Farming led to villages, and villages led to towns, and towns led to a division of labor, and that led to social stratification, with the priests and kings at the top, aristocracy next, merchants next, and then the laborers ...

And that is what led to feudalism, and now the same is happening with corporatism.

Comment Believed in aliens ... (Score 4, Informative) 113

He said he had had an "epiphany" in space and later devoted his life to studying the mind and unexplained phenomena. He said he believed that aliens had visited Earth. ... Mitchell left the US space agency Nasa in 1972 and set up the Institute of Noetic Sciences which aimed to support "individual and collective transformation through consciousness research".

Source: BBC.

Comment UI annoyances ... (Score 1) 1310

Here are the UI annoyances I referred to in my previous reply to you (which is here).

The links following the title is a bad idea. The site made its community used to all links being in the text of the story, but someone decided that a link should go in the title. See this screenshot, and look at where "(" is? That is really annoying. Make it go back to where we are used to it (in the story text).

In this screenshot the background color is dark when the mouse moves to the drop down list. That is distracting and obscures the choices. The background color should remain white with no change when the mouse is moved in, as in this screenshot.

Comment Re:Long timer here ... (Score 1) 1310

The community already has a say (or sorts) on what goes on the front page, by voting on the firehose.

Perhaps it can be tweaked to give more weight for the community input.

But in all cases, editorial control should be maintained by a few who have varied outlooks. The front page should never be totally automated, because that is a recipe for ruining the site, as has happened to others (e.g. Digg)

Comment Long timer here ... (Score 1) 1310

I have been a regular visitor/commenter on Slashdot for over 16 years.

There are some quick fixes to be done, both technology and editorial.

- This site is about one thing: discussion! Not the articles, not the editorializing. Discussion is why everyone comes here. The stories are just jumping points for discussions.

- Fix Unicode. It is 2016 now, and it took a motivated programmer on SoylentNews a moderate effort to fix Unicode in Slashcode. Go get the fix from there.

- Stop linking to sites that don't display right with Javascript and/or Ad blockers. We are nerds here, and most of us disable Javascript and have ad blockers. Sites like Forbes is not welcome here, and daily posts by StartsWithABang are frustrating.

- Move back the main link to the article from the story title, down in the text. The colors make this link all but invisible, and we get side discussions of "there is no link in the story", "yes, there is, it is in the title", and these are unnecessary and frustrating.

- Freeze any UI changes. Do not even go back to the pre-beta version of the site. Just freeze it to what has been running for many months and users have gotten accustomed to. The exception is invisible links, and when foreground and background are the same color when mousing over.

Will post more if I think of some.

