Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Re:I'm not a company (Score 1) 208

This is a person who according to Ken Clarke, didn't really want to leave the EU any more than Boris did... basically, these type of people say one thing in order that the party will like them, they can get power, but then do something completely different.

The *only* reason website ratings and "think of the children" narratives are being mentioned now is simply to appeal to the people who may select her. And that's all.

It's entirely self-serving.

Comment Re:Less money but more creators? (Score 2) 288

The thing that struck me about their point that YouTube enabled people to carry virtually every song ever in their pocket... well I was just thinking, yep, that's fucking amazing. So, what exactly is it that these artists have done that's so worth hindering human advancement?

I think you're absolutely right, and I also agree with Gr8Apes comment about the relatively recent music industry basically being a blip.

Comment Re:Why don't web server scripts require exec bit? (Score 1) 50

They inject code right into the script that already has the execute bit set. It's not uncommon, I've seen it myself.

Looking at this specific example, WP Mobile Detector flaw, I can't see how that would be possible.

Just to recap (mostly for my own benefit to make sure I'm not going mad!), this flaw works by sending a URL to a vulnerable website. The vulnerable website then uses file_get_contents() to read the file... it is assuming the file is local, but actually it's a URL to somewhere else. If the server is configured with allow_url_fopen then file_get_contents() will perform the necessary HTTP GET to retrieve the contents of that file. The file still needs to be written to disk, which in this case is performed by file_put_contents().

None of the above is going to set the execute bit.

Comment Re:Why don't web server scripts require exec bit? (Score 1) 50

This doesn't help anything because the script they inject the code into already has the execute bit set.

Erm... no!

They're not uploading the script using SFTP or anything that might preserve file permissions; they're uploading using an existing, insecure, PHP script on the server. That will only allow for the file content and the file name to be preserved, so unless the PHP script explicitly set the file as executable, then it wouldn't be executable. The problem is, right now, it doesn't need to be executable in order to execute!

Comment Re:Why don't web server scripts require exec bit? (Score 1) 50

I don't think it would be a problem having PHP set it's own execute bit if it wants/needs to. A big problem seems to be with CMS-type sites where a user can upload content where (currently) miscreants can inject script. If the execute bit were required before script could be executed, then that would seem to avoid quite a lot of problems... unless a CMS were to set execute on user uploaded content, which would be dumb!

Comment Re:Why are they upgrading?!? (Score 1) 100

You mean Snow Leopard 10.6.8 v1.1. This can be crashed (as I did covered) by a Wifi AP providing IPv6.

Solution is to disable IPv6 in OS X, which is simple enough albeit you need to disable or move out of range of the AP to do so.

What actually happens is, the machine boots fine, you might be able to start an app or two, but then it'll beach-ball, and nothing will work thereafter; it's not actually frozen, but all disk activity stops and you can't even shutdown.

Details here.

Comment If theyve not fixed Gnome terminal, it ain't ready (Score 1) 207

Last time I checked, I couldn't use F11 to full-screen Gnome Terminal and then F11 to get it back to it's original size. Advanced feature I know, but I use the terminal a lot!

And that's what I really really really fucking hate about Ubuntu LTS releases... so much stuff is broken, and never actually get's fixed. So I wind up having to faff with PPAs afterwards and then hoping that the next LTS will have things fixed.

Comment Re:Might be asking too much (Score 1) 207

I'd not used systemd much until recently. From my perspective, it's no better/worse than before except that now things that used to work don't. I'm sure it'll get sorted eventually, but it kind of has the feel that almost no one fully understands how it works... hence the breakages.

And so, things that are hard for individual's to understand, are often too large in scope. Basically, to me anyway, it smells a bit like X does, i.e. overly complicated and hard to maintain.

But like I say, I've not been exposed to it for very long, and I don't completely hate it... I'm just not seeing the benefits myself.

Slashdot Top Deals

"It's like deja vu all over again." -- Yogi Berra

Working...