Re: The real culprit
Maybe someone can comment about whether SELinux capabilities would be good safety net against such mishaps.
13348 posts • joined 3 Jun 2008
Is the deliberately holed *nix security model. Once again a SUID/setuid utility strikes.
You are very confused and clearly don't understand where the problem lies: it comes from the fact that an admin program (in this case, the newgrp) changes it behaviour (here, indirectly) based on input from a dubious low-privilege source (here, an environment variable).
This can happen in any system in which the user from time to time needs to have the system perform an operation with privileges that are higher than he has himself.
Which happen to be all of them. Even the bureaucratic ones.
This is also why setuid programs should always scrub their environment before they perform their operation.
Yep, GIGANTIC, CHTONIC AND CURIOUSLY GEOMETRIC GEOLOGICAL FORMATIONS CONFUSINGLY SEEN BY THE WANING LIGHT OF A SETTING SUN WHILE WE SPEED BY?
TEKELI-LI, I SAY!
...only if they are used towards customers. There is no requirement to open-source code used in-house only.
I grant this licence under GPL [whatever version], but
FALSE derived from premises. End of line.
Downvoted for stating facts? This is El Reg comment section.
The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.
There may be a "non-snooping source license" but it WILL NOT be "open".
allowing a program in a VM to escape to the hypervisor
These may very well not exist because the isolation of the hypervisor is easier to verify, and can possibly be verified formally.
Because sandboxes don't offer up much protection, especially when it by necessity has to interact with the system.
It depends on the sandbox...
In-program permission verification on legacy system with all the warts < Virtual machine < Another machine < Another universe
But flash should simply be ported to Java.
Then there would be only one problem.
Wanna make a bet?
Ahhhh ... echos of A.K. Dewdney's "Computer Recreations"....
Clark recalls that Animal was such a popular game that eventually every directory in the company system contained a copy. "Furthermore, as employees of the company were transferred to other divisions...they took Animal as well, and thus it spread from machine to machine within the company." The situation would never have become serious had it not been for the fact that all those copies of this otherwise innocuous game began to clog the disk memory. Only when someone devised a more "virulent" version of the game was the situation brought under control. When the new version of Animal was played, it copied itself into other directories not once but twice. Given enough time, it was thought, this program would eventaully overwrite all the old versions of Animal. After a year had passed, a certain date triggered each copy of the new Animal program. "Instead of replicating itself twice whenever it was invoked, it now played one final game, wished the user 'goodbye' and then deleted itself. And thus Animal was purged from the system."
I see the same names cropping up again and again in articles condemning it as a bug ridden pile of hurt.
IT'S A VAST RIGHT-WING CONSPIRACY!
FLASH IS ACTUALLY GOOD FOR YOU!! KEEP IT TO WATCH MOVIES!!!!
THE TRUTH SHALL PREVAIL!!!+!
Here, everything from war in the Middle East to a slightly uncomfortable bowel movement is viewed as MS's fault and grounds for a move to linux.
AND IT'S TRUE!
“We suggest that low-status males increase female-directed hostility to minimise the loss of status as a consequence of hierarchical reconfiguration resulting from the entrance of a woman into the competitive arena”.
Imma putting on my wifebeater.
In other news at 11: women prefer pink and hate symbolic computation.
I. for one, get utterly enraged at being forced to buy.
And these are not autonomous robots / autodocs. They are remote manipulators.
Hmmmmmmm... did I hear an O-Ring burst?
Hollywood tells us that "investigating" such things is fraught with deadly danger...
Dude, I don't think people who want to run MongoDB would consider PostgreSQL a solution.
> both worlds
What two worlds are those?
Most exposed instances run on cloud servers including Digital Ocean, Amazon, Linode, and OVH and do so without authorisation enabled, in what Matherly says is a trend in which cloud instances are more vulnerable than datacenter hosting.
I don't know about the others but at Amazon you have to explicitly punch holes into the Internet-facing packetfilter (which is separate from any packetfilter that may be active on the VM) to let through traffic, and why would anyone do that?
You have really no idea of what it takes to render complex vector fonts for professional output.
Go crawl back under a rock and cuddle your professional output, idiot.
Try to scroll a complex documents with lots of text in different fonts, antialiasing, kerning, etc., and some complex graphics, and try to render it smoothly while the user scrolls or zooms it...
"But... but ... MUH OPTIMIZATIONS! I can't do it! HERP! DERP!"
I agree the situation would be completely hopeless if practically the whole company consisted of low-grade fakers unable to even understand how this "Operating System" that they are supposed to own even works. Well thought-out optimizations and proper architecture would be right out and it everybody would think it be a good idea to shit all over everything and do insecure stuff where it shouldn't be done.
As I suppose this is not the case at MS, some other factor must have been very important.
Just take the time to look at how font rendering works, and how a graphic card works, and maybe you'll understand why. And you'll also learn why most Linux desktops and windows managers are pure crap.
Troll or 15-year old who has just discovered fanboism?
We're Jews out in space
We're zooming along
protecting the Hebrew race
We're Jews out in space
If trouble appears
we put it right back in its place
When goyim attack us
We give 'em a smack
we'll slap them right back in the face
We're Jews out in space
We're zooming along
protecting the Hebrew race
So it is a race against time for COMRADERIE and GLORY for the Russians as "Wall Street" and "The City" could messily implode at any moment, with problems ranging from shitty software written by overpaid web developers, dangerous feedback loops everywhere, addiction to free money injections directly from the printing press, valuations with no relation to the economic fundamentals and debt abysses never seen before.
And that gets to the real truth about the Wall Street bubblies which were flowing last Friday. Morgan Stanley’s chief equity strategist, like the rest of the sell-side stock peddlers, has it exactly upside down; and the proof of the pudding in this instance lies is in Morgan Stanley’s own “New Tech” index of 16 high flyers of the present era.
This charmed circle includes Google, Amazon, Baidu, Facebook, Saleforce.com, Netflix, Pandora, Tesla, LinkedIn, ServiceNow, Splunk, Workday, Ylep, Priceline, QLIK Technologies and Yandex. Taken altogether, their market cap clocked in at $1.3 trillion on Friday. That compares to just $21 billion of LTM net income for the entire index combined.
The talking heads, of course, would urge not to be troubled. After all, what’s a 61X trailing PE among today’s leading tech growth companies?
As it happens, quite a bit. When you take GOOG’s middle-aged profits machine out of the mix, you get something altogether more frisky. Namely, a collective market cap of $840 billion for the other 15 names in the Morgan Stanley index and LTM net income of exactly $6.0 billion.
As we said at the top—-let’s see. That’s a PE multiple of 140X. That’s February 2000 all over again.
Take cover. The Wall Street bubblies are back!
I reckon the Russians will lose.
The odds of finding signal are about on the level of finding intelligent commentary on YouTube.
But then again, the result of Alien Google, the Self-Driving Ad-Slinging Galacto-AI, or even the Galactic Lads from Lagos might ready to talk, who knows.
Time to re-read either "His Master's Voice" (Stanislaw Lem), "Missile Gap" (Charles Stross), "Contact" (Carl Sagan), also "Hinterlands" (William Gibson).
Yeah, from 1933 .... when Hitler was no more repellent than any other machist leader (like Hillary Clinton for example), Roosevelt admired and tried to learn from Mussolini (hence, the "New Deal" - command econonomy, hurrah!) and Stalin was big everywhere crazies hoped for the proletarian revolution....
Luckily it's not religious/political/management fantasies, or there would be trouble.
The "general firing" was apparently not confirmed.
involuntarily supporting some dictatorship
Better than voluntarily supporting some dictatorship, or enabling ISIS for "regime change", hmmmmm?
More likely the kernel is considered as tainted by the closed source module.
"opprc" = "oppress PRC"?
reinforcing each others hatred
Casting doubt on Windows 10 is now RACISM?
Yes, I am expecting Articles Of Major Disapproval on liberal websites soon. Then we will probably be grouped together with libertarians for wage slavery or something.
...firmly in the "consumer segment", then, this Operating System resides?
Interest not kindled, it is.
They make me lock and load my trusty blunderbuss.
Well, at least I now have heard about the MEAN stack: MongoDB, Express.js, AngularJS and Node.js. The mind boggles. What the fuck is that shit and how is it of any use to anybody?
Converting to the MEAN stack gives your development team a number of benefits, the three most significant being a single language from top to bottom, flexibility in deployment platform, and enhanced speed in data retrieval.
More like barely able coders falling over themselves, unable to get any meaningful work done while the applications blow up left and right.
Unless the crash comes, which won't be long.
Putin destabilising and trying to establish puppet governments
The worst thing is that this is not even the case.
Meanwhile, Kiev's chocolate king oligarch has nazi troopers and tourist islamists trying to cause serious trouble. Europe still has a few
yearsdecades of fun times ahead.
"Hmmm... this software has bugs"
Are they still in their silos, rotting? Are any missing and if so, where did they go?
Really, it's a mess...
Given all the frothing by hawkish U.S. Senators about Iran’s possible development of nuclear weapons, one might think that Iran was violating the nuclear Non-Proliferation Treaty (NPT).
But it’s not. The NPT, signed by 190 nations and in effect since 1970, is a treaty in which the non-nuclear nations agreed to forgo developing nuclear weapons and the nuclear nations agreed to divest themselves of their nuclear weapons. It also granted nations the right to develop peaceful nuclear power. The current negotiations in which Iran is engaged with other nations are merely designed to guarantee that Iran, which signed the NPT, does not cross the line from developing nuclear power to developing nuclear weapons.
Nine nations, however, have flouted the NPT by either developing nuclear weapons since the treaty went into effect or failing to honor the commitment to disarm. These nine scofflaws and their nuclear arsenals are Russia (7,500 nuclear warheads), the United States (7,100 nuclear warheads), France (300 nuclear warheads), China (250 nuclear warheads), Britain (215 nuclear warheads), Pakistan (100-120 nuclear warheads), India (90-110 nuclear warheads), Israel (80 nuclear warheads), and North Korea (10 nuclear warheads).
Nor are the nuclear powers likely to be in compliance with the NPT any time soon. The Indian and Pakistani governments are engaged in a rapid nuclear weapons buildup, while the British government is contemplating the development of a new, more advanced nuclear weapons system. Although, in recent decades, the US and Russian governments did reduce their nuclear arsenals substantially, that process has come to a halt in recent years, as relations have soured between the two nations. Indeed, both countries are currently engaged in a new, extremely dangerous nuclear arms race. The US government has committed itself to spending $1 trillion to “modernize” its nuclear facilities and build new nuclear weapons. For its part, the Russian government is investing heavily in the upgrading of its nuclear warheads and the development of new delivery systems, such as nuclear missiles and nuclear submarines.
More like an interpreter.
Warren Abstract Machine in hardware when?
Is it even economically feasible to reach 7nm?
Yeah, but calling it "Socialist Republic of California" is just too long.
while wearing their underpants outside their trousers
It's true. We have politicans wear their underpants on their heads. Much more funny!
Wasn't it "Mighty Atom" (maybe of the Marvel universe ... or was it DC... ?) who behaved like Elon Musk and could shrink himself to mini-size?
I remember that he paired up with Batman (he also had to explain basic vector arithmetic to Wayne, not the brightest kid in the block, but hey, it's a 1%-er) and at one moment had to enter Batman's brain via the ear to perform inner surgery after a coma attack.
An then Mighty Atom got split in "The Death of Superheroes", accidentally nuking the whole Kansas...
Safety rules typically forbid recursion: Risk of stack overflow, Recursion makes it impossible to do the V&V necessary for a system like the ETCS
Even V&V consists of badly processed knowledge, applied badly.
Why not a Confederate Flag to enrage liberals?
Toyota engine management ... 256.6K Non-Comment Lines C Source on page 18.
Even if this is something lawyerly-arguably close to MISRA C .... WHAT!
The inertia inherent in industry, bullshit whirling around in closed loops in execs' heads and the cruft pushed by "learning institutions" and impressed on young minds must be just insurmountable.
Stand still, laddie!!
Richard Stallman famously left his MIT user account open to world & dog because principles, causing rejects of society to misuse it.
In other news, Linux is used to manage Concentration Camps in $BAD_COUNTRY etc.