Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Comment Re:I'm not a company (Score 1) 208

This is a person who according to Ken Clarke, didn't really want to leave the EU any more than Boris did... basically, these type of people say one thing in order that the party will like them, they can get power, but then do something completely different.

The *only* reason website ratings and "think of the children" narratives are being mentioned now is simply to appeal to the people who may select her. And that's all.

It's entirely self-serving.

Comment Re:Less money but more creators? (Score 2) 288

The thing that struck me about their point that YouTube enabled people to carry virtually every song ever in their pocket... well I was just thinking, yep, that's fucking amazing. So, what exactly is it that these artists have done that's so worth hindering human advancement?

I think you're absolutely right, and I also agree with Gr8Apes comment about the relatively recent music industry basically being a blip.

Comment Re:Why don't web server scripts require exec bit? (Score 1) 50

They inject code right into the script that already has the execute bit set. It's not uncommon, I've seen it myself.

Looking at this specific example, WP Mobile Detector flaw, I can't see how that would be possible.

Just to recap (mostly for my own benefit to make sure I'm not going mad!), this flaw works by sending a URL to a vulnerable website. The vulnerable website then uses file_get_contents() to read the file... it is assuming the file is local, but actually it's a URL to somewhere else. If the server is configured with allow_url_fopen then file_get_contents() will perform the necessary HTTP GET to retrieve the contents of that file. The file still needs to be written to disk, which in this case is performed by file_put_contents().

None of the above is going to set the execute bit.

Comment Re:Why don't web server scripts require exec bit? (Score 1) 50

This doesn't help anything because the script they inject the code into already has the execute bit set.

Erm... no!

They're not uploading the script using SFTP or anything that might preserve file permissions; they're uploading using an existing, insecure, PHP script on the server. That will only allow for the file content and the file name to be preserved, so unless the PHP script explicitly set the file as executable, then it wouldn't be executable. The problem is, right now, it doesn't need to be executable in order to execute!

Comment Re:Why don't web server scripts require exec bit? (Score 1) 50

I don't think it would be a problem having PHP set it's own execute bit if it wants/needs to. A big problem seems to be with CMS-type sites where a user can upload content where (currently) miscreants can inject script. If the execute bit were required before script could be executed, then that would seem to avoid quite a lot of problems... unless a CMS were to set execute on user uploaded content, which would be dumb!

Comment Re:Why are they upgrading?!? (Score 1) 100

You mean Snow Leopard 10.6.8 v1.1. This can be crashed (as I did covered) by a Wifi AP providing IPv6.

Solution is to disable IPv6 in OS X, which is simple enough albeit you need to disable or move out of range of the AP to do so.

What actually happens is, the machine boots fine, you might be able to start an app or two, but then it'll beach-ball, and nothing will work thereafter; it's not actually frozen, but all disk activity stops and you can't even shutdown.

Details here.

Comment If theyve not fixed Gnome terminal, it ain't ready (Score 1) 207

Last time I checked, I couldn't use F11 to full-screen Gnome Terminal and then F11 to get it back to it's original size. Advanced feature I know, but I use the terminal a lot!

And that's what I really really really fucking hate about Ubuntu LTS releases... so much stuff is broken, and never actually get's fixed. So I wind up having to faff with PPAs afterwards and then hoping that the next LTS will have things fixed.

Slashdot Top Deals

You can not get anything worthwhile done without raising a sweat. -- The First Law Of Thermodynamics

Working...