* Posts by Destroy All Monsters

10181 posts • joined 3 Jun 2008

Patch Bash NOW: 'Shellshock' bug blasts OS X, Linux systems wide open

Destroy All Monsters
Silver badge
Holmes

Re: And they said I was crazy

You cannot graft anything to bash without ending up with an eldritch horror that will haunt your nights. The man page insinuates as much.

But ksh and csh are not the way to go.

Just take a proper script language with minimal syntax, preferably functional (hint lots of parentheses hint), that has some syntactically nice ways to start processes and network/control them like a good process juggler, with workflow features and ETL gimmicks directly included.

As for Powershell ... yeah, I have the book by Manning, but, ... I still have to make time for it.

0
0
Destroy All Monsters
Silver badge
Holmes

Re: Always been there or new?

"I don't know who Alan Geer is, and with the following quote from his article I can't be bothered to find out"

Frankly, you should.

You should also stop jumping at words like a neurotic. In my opinion, anything downwards of using a theorem prover that your code does exactly what it says on the tin is "looking at code". And then you need to look at the tin...

1
1
Destroy All Monsters
Silver badge
Pint

Re: Linux = Making Windows look Great

Troll/10, would inject code with.

Where is the "This is bait" icon?

1
0
Destroy All Monsters
Silver badge

Re: This was fixed before you even reported it

I think I met her in a bar yesterday.

4
2
Destroy All Monsters
Silver badge
Facepalm

Re: This *shouldn't* have been a big problem

even when /bin/sh will do.....

When exactly will /bin/sh do and why should it have helped in any real-world situation (leaving aside 20/20 hindsight)

If someone produced scripted code for me that was dependant on bash (or zsh/tcsh/mksh/ etc.) for no good reason, I'd seriously question their ability.

The only thing in question is whether you are the point-haired boss of Cave Jclson, the RPG programmer moaning about the kids and their modern structured programming.

4
0
Destroy All Monsters
Silver badge

Re: bash is older than the web, so why break it?

It clearly is break.

And if you find yourself wondering more than 15 minutes about what bash substitution will do to the the variable-holding text that you have just written and are passing to another command or even an eval ... you know there is a nagging problem of reliability and trust that will be unable to ever shake.

2
0
Destroy All Monsters
Silver badge
Holmes

Re: Always been there or new?

In "Inviting More Heartbleed" (paywalled here ... what do you think you are doing, IEEE?), Alan Geer says:

At this point, we should ask ourselves a core question: Does looking at code actually work as a quality assurance mechanism? DES got more study than any other crypto algorithm ever will and serves as an existence proof that eyeballs can work. Evidently the eyes on it were pretty good, better than the open literature knew at the time. But the DES algorithm, even in optimized implementations, seldom runs longer than 2,000 lines of source code, whereas OpenSSL is more than 2,000 files with north of 600,000 lines of content. Does that mean OpenSSL needs 300 times as many eyeball-years to get it as good as DES? Perhaps the count of available eyes should serve as a limit on the size of a code base.

Bruce Schneier has asked whether security bugs are rare or plentiful. We don’t know. Theo de Raadt’s contention that all bugs are security bugs seems a bit too strong but better that than too weak. Either way, will a determined effort to find bugs yield security value? Yes, if bugs are rare enough that by removing what we find, we materially lower the count of bugs still in operation. If, by contrast, bugs are so plentiful that we can’t make a dent in the overall supply, then finding more is a waste of time as the ensuing work factor doesn’t change the equation one iota.

Given that it’s harder to find bugs in complex operating environments than in simple ones, is there something about how we do things today that has caused us to pass a threshold of complexity, a threshold beyond which quality assurance, no matter how we attempt it, will be infeasible at the level of effort we can or will put to the problem? Again, is the eyeball supply in a continuing shortage such that we should manage it? Have we reached “peak eyeballs” the way some say that we’ve reached “peak oil?”

9
1
Destroy All Monsters
Silver badge
Headmaster

Err what.

This is how CGI scripts work, dontcha know.

The webserver sets some environment variables, then executes the CGI script with request data on STDIN IIRC.

The environment variables are fed from various request data:

See RFC 3875, Part 7.2. for example.

Or mod_ssl.

13
0

Bash bug: Shellshocked yet? You will be ... when this goes WORM

Destroy All Monsters
Silver badge
Paris Hilton

Re: shell shocked admins?

I've about 40 of these accounts out there and I don't know about anyone else, but I wipe the environment at the top of the script intentionally .

I understand that at this point it's too late?

I seem to recall an input in Java 1.5.(something) that could be used to fork a shell out of a jvm.....

No. You need to run

Process p = Runtime.getRuntime().exec("bash -c '" + injectCommandLikeABeachedWhale() + '");

1
0
Destroy All Monsters
Silver badge
Coat

Re: Oh $!#t.

Running bash scripts to process requests on a web server is 1980-era software design that is in dire need of an upgrade anyway

Doc Brown, you need more jigawatts!

I know that for some Gulf War I was before they were born, but still!

2
0
Destroy All Monsters
Silver badge
Paris Hilton

Re: Oh $!#t.

What service do you have listening for TCP calls that will run a bash script with an environment crafted by the caller?

Why would anyone do such a weird thing?

Everybody who uses old-school CGI or anybody who hacked some stuff back in 2000 on the quick?

3
1
Destroy All Monsters
Silver badge

Re: "The use of shells for CGI was discouraged since the mid 90s."

Yes, yes, yes.

In other news, homeopathy is still a hot topic.

9
0
Destroy All Monsters
Silver badge

Re: When do the films come out?

"Smoking Hashroom"

"Randthrax Attacks"

"Illegal State of Siria and the Login"

2
0
Destroy All Monsters
Silver badge
Trollface

Damned bash who does it work?

0
0

IT crisis looming: 'What if AWS goes pop, runs out of cash?'

Destroy All Monsters
Silver badge
Trollface

I like this thinking!

"The big public infrastructure-as-a-service (IaaS) players may be on the brink of a crisis as cataclysmic as the 2008 banking crash"

Yes, but the whole economy is also on the brink of a crisis far more cataclysmic than the 2008 banking crash and the 2001 dot.com crash. Where is your credit now?

Let's invest in a couple of on-premise servers.

How Financial Bubbles Fester And Burst—Even As The Fed Says Not To Worry

In today’s post Wolf Richter offers some solid insights on the dynamics of financial bubbles which merit further comment. The starting point is to recognize that once they gain a head of steam, financial bubbles tend to envelope virtually every nook and cranny of the economy, creating terrible distortions and destructive excesses as they rumble forward. In this instance, Wolf Richter explains how Silicon Valley has once again (like 1999-2000) been transformed into a rollicking capital “burn rate” machine that has spawned a whole economy based on striving for bigger losses, not better profits.

This latter development—- currently exemplified by 44 VC start-up companies in the IPO pipeline with a valuation of more than $1 billion each, despite no earnings and scarce revenues—-is indicative of late stage bubble dynamics. Say January 2000!

And also:

"He said nobody predicted the financial meltdown in the banking sector"

He says bullshit

4
2

'Space bubbles' may have helped Taliban down 'copter in bloody Afghanistan battle

Destroy All Monsters
Silver badge

Murrica!

That wheeled armored vehicle on the diagram seems to be increasingly Ukrainized by mysterious radiation from space while the F-16 just receives wholesome blue emissions. What's going on?

0
0

My TIGHT PANTS made my HUGE iPHONE go all BENDY!

Destroy All Monsters
Silver badge
Holmes

So we are into phacesitting now?

Oh beautiful 21st century of amazements and sheer wonder.

0
0

4chan outraged by Emma Watson nudie photo leak SCAM

Destroy All Monsters
Silver badge

Re: Vinegar Tits.....

gb2 /b/, *****

1
2
Destroy All Monsters
Silver badge
Holmes

Re: Just for my own piece of mind...

So Emma Watson is just collateral damage in .... a marketroid campaign performed by people who can't into securing the Apache webserver status page?

We are reaching "CoS pulling a Xenu" levels of QUALITY here.

19
0
Destroy All Monsters
Silver badge
Trollface

Re: Why is it called the flappening?

But there is no shlickening?

Not enough feminism, I say!

13
3

Heatmiser digital thermostat users: For pity's sake, DON'T SWITCH ON the WI-FI

Destroy All Monsters
Silver badge
Coat

"I don't understand the obsession people have with adjusting thermostats."

It's the new "cooller app"

1
0
Destroy All Monsters
Silver badge
Trollface

Adequate webservers are small, very cheap and available under "industry-friendly" terms

A security issue has been identified on our WiFi Thermostat…

The issue consists in the fact that it exists.

7
0

Ordnance Survey intern plonks houses, trees, rivers and roads on GB Minecraft map

Destroy All Monsters
Silver badge

Re: No Profit

This would mean the going price is 36x the YoY profit? Clearly a generational game.

"Who's your co-pilot?" asked PDP-1 Kenobi.

"Two Bacco, here, my Bookie."

"Odds aren't good," said the brownish lump beside him, and then fell silent, or over.

0
0
Destroy All Monsters
Silver badge
Pint

Liverpool underground nightclubs!

Did they include REMAINS of druidic underground passages opening on stairways guarded by GIGANTIC STONES leading to VAST, HIDDEN abysses wherein waft NEPHITIC VAPORS of SHOCKING DECAY and the faint sound of MAD PIPING and DRUMMING coming from the UTTER DARKNESS below is just an indication that here lurks UTTER TERROR that is best left alone?

6
2

Le whoops! Microsoft France boss blows lid off 'Windows 9' event

Destroy All Monsters
Silver badge
Paris Hilton

Re: There's little wrong with the bones of Windows 8.

The mere fact that "it's not Windows 8" will move a ton of copies, since the whole "every second version is crap" pattern is widely believed.

But has anyone outside of late-night geek talking circles ever heard of it?

0
0
Destroy All Monsters
Silver badge
Coat

The Council has Spoken!

"On September 30, we will be providing an update on what’s next for Windows and the enterprise."

Death?

2
0

jQuery site popped to serve malware slop

Destroy All Monsters
Silver badge
FAIL

What's going on here??

El Reg:

jQuery security bods found no evidence that its site was foisting the drive-by download however

RISKIQ:

After verifying that the site was indeed redirecting users to a malware dropper, we immediately contacted jQuery.com to alert them to the attack. While they weren’t able to determine the root cause of the attack, the site’s administrators were addressing the issue.

Hitting this redirector, we continued to be redirected to the RIG exploit kit, even though we weren't able to replicate the script injection on jQuery.com with subsequent requests.

So what's the actual status?

0
0

SpaceX Dragon cargo truck flies 3D printer to ISS: Clawdown in 3, 2...

Destroy All Monsters
Silver badge
Windows

In a more interesting universe...

... the ISS would host a wormhole portal and SpaceX would bring down rare artifacts and mysterious specimens from unknown biospheres.

Fruit flies? PAH!

0
1

Swiss cops BAN MASKS at meeting of rebellious United Nations IP staff

Destroy All Monsters
Silver badge

A pox on all their houses

> prestigious organisation which deserves respect,

Pretentious organization which deserves all the disrespect one can muster?

Why anyone would freely choose to work there is beyond me.

4
0
Destroy All Monsters
Silver badge

What makes you think this is the case?

1
2

GRAV WAVE DRAMA: 'Big Bang echo' may have been grit on the scanner – boffins

Destroy All Monsters
Silver badge
Paris Hilton

Andrei Linde's theory of cosmic inflation – that for a few moments the expansion of space exceeded the speed of light.

I am shocked! I always thought that Alan Guth came up with inflation and that Andrei Linde only tacked the "inflationary multiverse" idea onto this, whereby the visible universe is just a local region of a forever inflating bubbly multiverse, where the various regions of that multiverse may or may not have varying values for natural constants. This idea is somewhat romantic though largely content-free and to all likelihood forever unverifiable. Not to be confused with the stringy multiverse whereby there are alternate realities that exist in some sort of quantum superverse, an idea which is content-free-er and frankly bonkers metaphysical.

3
0

Moon landing was real and WE CAN PROVE IT, says Nvidia

Destroy All Monsters
Silver badge
Alien

Ayyy lmao

Humanity is pretty good at covering up the existence of aliens and feeding goats to aliens who also mutilate cows in alien ways, meanwhile conspiring with aliens to modify human DNA, possibly via bees carrying alien nanovirus, and re-electing politicians controlled by aliens and having aliens take honorary seats at the trilateral commission while unfairly stealing and reverse-engineering the technology of creative aliens as well as crashed alien craft where we hide the alien corpses in nitrogen-cooled fridges, so that even the aliens do not notice that they are being taken for an alien rickroll.

We are actually the masters of Soviet-Style "technology transfer". Just pray there is no alien WIPO out there, otherwise that's gonna be costly.

Humans fuck year!

2
1
Destroy All Monsters
Silver badge
Pint

Re: Return journey

If asteroids (etc) mass is/are reduced via mining, could that affect their trajectory (especially in regards to gravitational pull from other masses) and therefore endanger the earth?

Evidently, you need to blast chunks uniformly at random in all directions to keep the vector sum of momentum changes at 0. This is also called "goan fish curry mining".

1
0
Destroy All Monsters
Silver badge
Windows

Re: models

> I call fake ;(_ The shadows are wrong!

Damn, this looks like a shot from a movie version of "The Martian Chronicles".

Oh, melancholy.

0
0
Destroy All Monsters
Silver badge
Headmaster

Re: To all conspiracy muppets out there

Why are there no STARS in space?....Not a single spec of light anywhere on the NASA photos?

Because NASA was totally fecking clueless and got some cheap black-painted dome installed by barely-literate chinese migrant workers instead of properly hiring Stanley Kubrick to do full-star awesome super-effects like he did a year earlier with "2001 - A Space Odyssey".

It's simple really. Then they had to set up O.J. Simpson for murder because the Mars Landing Project bombed when the Face on Mars was discovered (and what was underneath) and whistles got blown out of proportion, but that is another horror story involving Agent Orange and Oswald.

20
0

Oz carrier Tiger Air takes terror alerts to new heights

Destroy All Monsters
Silver badge
Big Brother

Unserious about Emmanuel Goldstein?

I am extremely dismayed and shocked. It is good that private companies step up to the plate and nip this kind of antisocial behaviour in the bud.

A visit to the Ministry of Love for reeducation should be mandatory.

2
0

Home Depot ignored staff warnings of security fail laundry list

Destroy All Monsters
Silver badge

Re: Get a proofreader.

The Wifi connection from the pub downstairs will now be taken away!

0
0

Report: EE in talks to scoop up 60 Phones 4u stores from troubled High Street retailer

Destroy All Monsters
Silver badge

Re: "pick over the carcass"

On the other hand, Phones4U has no god-given (or govt-mandated) right to play as an intermediary of the carrier and the customer.

It may exploit a niche for some time, but niches have the nasty tendency to close.

"Capitalism" is not about preservation.

3
0

'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*

Destroy All Monsters
Silver badge

Re: is it just me....

Reptilian sex is not very exciting though.

0
0
Destroy All Monsters
Silver badge

Re: Removal

That kind of prayer might well lead to a liberating action by the US air force. You don't want that.

3
3
Destroy All Monsters
Silver badge
Trollface

Re: Whilst the security failure is worrying...

Apparently someone needs to cover up the latest economic data underneath sex-suffused front page gossip?

3
4

Facebook's Oculus unveils 360-degree VR head tracking Crescent Bay prototype

Destroy All Monsters
Silver badge

Re: headphones

You take the Red Pill - and I will show you how deep the Oculus Rift goes!

0
0
Destroy All Monsters
Silver badge

Re: The Glorious Age of VR Waifus, Begun it Has!

Found it on the tube: Goddamit Japan!!

0
0
Destroy All Monsters
Silver badge
Alien

The Glorious Age of VR Waifus, Begun it Has!

I think this is still tongue-in-cheek:

Japan’s Health Ministry Fears Summer Lesson Will Destroy Population, Begs Sony Not to Release Game

Announced at Sony’s Tokyo Game Show press conference, Summer Lesson is a virtual reality game where it appears you will tutor a Japanese schoolgirl using Project Morpheus. If this is released, public officials fear Japan’s population will hit zero before 2100.

...

“There is no turning back if this game is released,” explained population scientist Akita Osamu, “Japan’s population is already under attack and Summer Lesson will be the finishing blow. It is already affecting Japan as we speak. I am currently single and I have already pre-ordered this game earlier today. I will die alone and that is perfectly fine with me and Nahoko which is the name of the girl I have chosen for Summer Lesson.”

Even Japan’s prime minister Shinzo Abe personally went out of his way to beg Sony CEO Kazuo Hirai to prevent the release of this game. Unfortunately, Hirai said that it was out of his hands arguing that Japan would eventually fall victim to a game like Summer Lesson and believed it would be most honorable if Japan did it to themselves rather than having a game from the American Oculus Rift do it.

7
0
Destroy All Monsters
Silver badge
Trollface

Re: Will they make a christmas release?

They are probably setting up another kickstarter campaign?

2
0

iPhone 6: The final straw for Android makers eaten alive by the data parasite?

Destroy All Monsters
Silver badge

Re: Emerging markets

I also noticed that in the new TV show "Glue" all the teen kids on that have Nokia Lumia phones

But this be just product placement, innit?

7
1
Destroy All Monsters
Silver badge
Holmes

iPhone - not yet dead as disco, but the undertaker is taking measures

New iPhones at last means that Android, Google's smartphone middleware, will soon look attractive only for budget vendors selling into fast-growing emerging markets.

As Trevor Pott would say: "It may be a niche market, but it's the only niche that counts!"

2
0

India vs America: Earthling invaders in race to MARS

Destroy All Monsters
Silver badge

War in the Pocket!

It would be awesome if these where like giant robots and stuff and a fistfight or a flaming-sword-fight would break out on the way.

0
1
Destroy All Monsters
Silver badge
Devil

Re: oh well

I think the US should be spending it's cash on bringing the basic necessities to it's provincial population

I'm sorry?? I can't hear you over the noise of all the money printing and bomb-dropping.

Also: "MILITARY CUT THE BONE AND MORE." Then MRAPs turn up at granny's police shack....

6
2

Blood-crazed Microsoft axes Trustworthy Computing Group

Destroy All Monsters
Silver badge
Devil

WTF am I reading?

security and privacy programs getting folded into

1) Cloud & Enterprise Division

Ahah? Hah!

2) Legal & Corporate Affairs group

MUAHAHAHA!

Tacking to windward no longer? Methinks that ship has get some water in them holds and will soon feel the fury of hackery blunderbusses!!

14
1

Forums