* Posts by Chris Gray 1

202 posts • joined 8 Jul 2009

Page:

Named arguments squeak into PHP 8.0, 7 years after first RFC

Chris Gray 1

Possibilities...

Another way for boolean parameters is to define an enumeration type for each parameter. Lots of typing once, but nice for the calls. If you define the enumeration tags nicely, then it is all perfectly clear. I didn't do that in any of my languages, however, because of scope issues with the tags, etc.

Having parameters with default values is likely OK, so long as you don't allow the function to change the defaults. If the defaults are always, e.g., 0, 0.0, false, "", then I expect readability is OK. As a bonus, you can add parameters and most calls don't require changes.

Overload: A one-way ticket to a madman's situation

Chris Gray 1

Re: phoning and testing

I wondered that myself a while after my post. My recollection is that it wasn't just making the system page itself to death - there was something special about using MVCL (can't recall if CLCL would have worked as well). Hmm. I wonder if the pages were all ready to go, so no page faults, but the instruction then somehow locks them all during execution?

Chris Gray 1
Go

phoning and testing

Back in the heyday of mainframes, the university had installed its new Amdahl box (IBM 370-like). They opened it up for stress testing. One bright soul noted that the "MVCL" instruction would take registers containing source address/length and destination address/length. So, that one instruction could access 32 Megabytes of virtual memory. And one could arrange that the memory was not yet created in the OS. Unless they did something illegal, instructions would run to completion before anything like a task switch could happen. Run a few copies of that program and the mainframe was on its knees. The offer of wide-open testing was soon withdrawn, but I think I heard that the systems folks were good sports.

Later, in a job with a computer company, several folks were working from a site in California (head office in Alberta, Canada). They would often have a phone connection to the systems at home to allow access to sources, etc. One late night that connection was forgotten. When the phone bill showed up it had just asterisks for the cost (Fortran and other languages tended to print asterisks for "number too large to fit in output field"). I believe in this case, the phone company was eventually convinced that this wasn't possible and that it must be some kind of error in their systems. All was well.

In all honesty, I have to admit that neither of these miscreants was me. Sigh.

Japan to test self-destructing satellite to shrink space junk with string and an inanimate carbon blob

Chris Gray 1
Facepalm

tethers?

How long are those ElectroDynamic Tethers? Does the presence of those make it significantly *more* likely that collisions will occur?

Had a bad weekend? Probably, if you're a Sectigo customer, after root cert expires and online chaos ensues

Chris Gray 1
Meh

Ipify.org via curl

Ah, that's the root cause. I run my toy domain over a dynamic IP address from my provider. There are scripts that determine my actual IP address by querying "ipify.org" using Linux program "curl" (fetches from a single URL). That broke because of a certifcate problem. The logged error told me how to disable the security in "curl", but since my IP address is pretty stable, I chose to sit and wait for a bit. After a couple of days I semi-automatically got an updated certificate bundle from Ubuntu and lo, the problem fixed itself.

Even though I run a couple of services here, I am constitutionally unable to be a proper sysadmin, so its mostly a lot of fingers crossed that nothing breaks! Why am I unable? Poor memory - sysadmin requires a good memory of obscure commands, and of how all sorts of stuff actually works. And yes, I do have a router acting as a firewall, thanks.

Hooray! It's IT Day! Let's hear it for the lukewarm mugs of dirty water that everyone seems to like so much

Chris Gray 1
Happy

It's cheap and easy!

I was fed tea (mostly milk of course) as a young 'un, and have stuck with it. I find coffee too bitter, though I imagine I could get used to it. Tea gives me the caffeine boost that I'm now used to. All you need is a kettle (which will last for years) and a teapot (which will last for decades). Far simpler than some coffee rigs. And, I believe it is a lot cheaper than coffee.

The one downside for me is stained teeth (not nearly as bad as smokers, and I imagine coffee does it too). And perhaps a few more bathroom breaks...

Prepare to have your shonky password hygiene shamed by Firefox 76

Chris Gray 1

Re: Firefox has sought to arrest its slide in the rankings

I'll keep my comment there, but, well, it isn't consistent for me. The fat thing comes back if I'm on an empty page (e.g. just started up). The useless ">>" is always there. Gah.

Chris Gray 1
Meh

Re: Firefox has sought to arrest its slide in the rankings

In the search preferences, you can't turn off the "helpful" stuff, but you can tell it to put a separate search bar up there. Then, go back to "customize" and remove it. My URL bar went back to not being the fat thing. Now, how do I get rid of the >> saying I have more bookmarks, when they are actually all shown.....

Keen to go _ExtInt? LLVM Clang compiler adds support for custom width integers

Chris Gray 1

Re: Ugh!

Bob, I'm quite aware of using structs to overlay hardware resources - done lots of that. But, I recall comp.arch discussions of a few (several?) years ago saying essentially that using bitfields in C structs and expecting to produce correct portable code is not going to work well. The biggest issue was endianess, I believe. C doesn't say enough about how bitfields are layed out to make them safely usable across architectures.

In my latest programming language, I've split the concepts apart - structs and "bits" types. In the latter, the endianess is, I hope, well enough defined to be usable. It's clearly usable for space-saving, but I've had no opportunity to try it on hardware interfacing.

Chris Gray 1
FAIL

Ugh!

For many years I've had the very strange hobby of creating programming languages and writing compilers for them. My first readily-available one ran on 8-bitters under CP/M. It had the ability to define and use integers with user-specified bitwidths. Thought it would be useful on the memory-constrained machines of the day. Tryed using them in one major-ish project I did. Bad idea. Never tried to use them again.

For programming FPGA's having various-sized fields is pretty basic. But why does that have to reflect itself back into something like the C programming language, which is intended for general-purpose programming? My gut tells me that they will be patching weird issues for years, and that any actual benefit will not be worth the overall cost.

Watching you, with a Vue to a Kill: Wikimedia developers dismiss React for JavaScript makeover despite complaints

Chris Gray 1

Re: Wikimedia uses JavaScript?

Elledan, if you find out, let us know.

I opened a tab to Wikipedia just now and NoScript reported blocking 5 whatevers, but showed that only wikipedia.org was needed. I didn't try allowing it to see what changed - I thought you should have that joy. :-)

Hong Kong makes wearable trackers mandatory for new arrivals, checks in with ‘surprise calls’ too

Chris Gray 1
Big Brother

Exercise?

Hmm. Guidance I've seen indicates that one should continue to get exercise, and going out for walks is a good thing, and to be allowed (just like going for groceries). By common sense you don't hug and kiss any friends you happen to meet. Sounds like the rules in Hong Kong are definitely different, if you are not allowed out of your space for any reason. What happens if you are an antisocial computer geek, and don't have anyone to go get groceries for you? If your income is gone (or you were relying on retirement funds which are now worth a whole lot less than they were), you may not be able to afford to pay to have all of your food delivered to your door.

The Wristwatch of the Long Now: When your MTBF is two centuries

Chris Gray 1

Electronics die...

Don't electronic things decay and stop working over time? The smaller the transistors, the shorter the lifetime. That's why an old electronic whatsit based on individual transistors can last for 100+ years, but very high density IC's are unlikely to last more than 20. Or has this issue been resolved?

Anatomy of OpenBSD's OpenSMTPD hijack hole: How a malicious sender address can lead to remote pwnage

Chris Gray 1
Mushroom

With great power...

(By chance, just watched Into the Spiderverse last night...)

The "Unix model" includes lots of very powerful tools, such as being able to use a shell from within programs. In cases like this, the tool is *too* powerful. Using a full programmable shell for process invocations not much more complex than using vfork()/exec() is overkill, and dangerous, as others have mentioned.

It shouldn't be hard to write a *much* simpler mini-shell, which is intended for such situations. It would take time to wean programmers off of using "bash", etc. but if you give it a few "modes" for the kinds of shell-like things it will do, it shouldn't be hard to handle most cases, and would be far safer. Yes, its slightly more total code to be maintained, but worth it.

What is WebAssembly? And can you really compile C/C++ to it? And it'll run in browsers? Allow us to explain in this gentle introduction

Chris Gray 1
WTF?

Also want more security info

Amused to see a LISP-like syntax for the WebAssembly "source". Well, it is pretty much the simplest form of "source" anyone has come up with. Better than a Forth-like syntax!

I see it supports pointer creation, casting and dereferencing. The created X86 code includes no checking of values. I want to know much much much more about what is going on. Otherwise this is the equivalent of letting J Random Hacker run any C code he wants on my machine without me having any choice. Sure, I do that with the OS and all the other native stuff that's part of the distribution I run, but that isn't coming from a random web page, which, if I don't block JavaScript, can force run stuff in my browser. BBAADD!!

LG announces bold new plan for financial salvation: Trying to actually make phones people want to buy

Chris Gray 1
Thumb Up

{AOL}

(Me too!)

Wade, add a decent camera (13+ Megapixels) on the back, and I'll take one - you hit my list almost dead on. (Currently on Galaxy S4, still going strong on 3rd battery.)

What if everyone just said 'Nah' to tracking?

Chris Gray 1
Meh

{AOL}

(Me too! :-) )

I'm on Firefox with NoScript here, similar to many. Since I'm not web-dependent it works fine for me.

Over the holidays I was using my sister's Windows 10 computer with Chrome, and it was shocking. Since she doesn't have users set up, I was seeing ads targeted at her, and they made sense in that context. But sheesh!!!

Like a BAT outta hell, Brave browser hits 1.0 with crypto-coin rewards for your fave websites

Chris Gray 1
Meh

Minor use here

I've had Brave installed (Linux) for a while, but don't use it much. I use it every now and then to work with a web-mail portal at my ISP that I need to use for an association I'm involved with. Under Firefox/NoScript it just doesn't work.

My main problem is that I've never been able to find out exactly what it does in terms of scripts, etc. It also needs fully updating annoyingly often.

I do agree with the general concept of micropayments, and so am happy to participate in the experiment.

It's back: The mercifully normal-looking Moto 360 smartwatch

Chris Gray 1
Meh

expensive!

Several years ago I bought my Samsung Gear 2 Neo for CDN $250. Smartwatch, does notifications, texts, emails from my phone. Counts steps and will do pulse-rate. Lasts 3 days on a charge. A bit bulky. Talks Bluetooth to the phone, but has no other radios. Why can't someone produce an updated, slimmed-down version of this?

Good news – America's nuke arsenal to swap eight-inch floppy disks for solid-state drives

Chris Gray 1

keep 'em!

I'm with the folks that say they should keep those old systems. The repairability of those old systems is almost infinitely greater than the repairability of modern stuff.

The reliability is typically much greater as well. I'm no expert, but I believe that the failure rate of integrated circuits increases with the density of the circuitry. Things like stray cosmic rays do little to an ancient chip with huge transistors, but can subtly impair the functioning of a modern high-density chip. Sure, the new ones typically have error correction, but the very fact that they need that says something. Also, the error correction is all a probability thing - you can't repair *all* errors.

WeWork's Meetup slaps RSVP fees on events ‒ then tells everyone not to panic amid backlash

Chris Gray 1
Meh

choice?

I've never been involved with Meetup or WeWork...

but, maybe they should offer meet organizers the choice of how to pay for the service. Let the organizer choose how much the repliers pay to join the meet. There should be a minimum cost to the organizer before the meet can be registered. And, once the Meetup income from any cost of repliers exceeds some amount set by Meetup, Meetup no longer charges the organizer. Or, make it graduated - the organizer pays up front, and repliers pay, as chosen by the organizer, first paying down what the organizer paid, then the rest going to Meetup. Everyone should be happy with something like that. Assuming, of course, that it is implemented and described properly.

Ever own a Galaxy S4? Congrats, you're $10 richer as Samsung agrees payout over dodgy speed tests

Chris Gray 1
Thumb Up

I've got one too

And I also don't care about $10. I just hope the phone runs forever. For at least the last couple of years, I haven't seen another phone that I would want to have.

I'm quite happy with a 1920x1080 screen - longer than the standard 1080p seems silly. It has good cameras. It has a replaceable battery. It has a headphone jack. It has a microSD card slot inside. And it has no notch. Heck, it even has an IR emitter for messing with TV's, etc.

Blindly accepting network update texts could have pwned your mobe, say researchers

Chris Gray 1
Facepalm

Updates?

"Check Point claimed the vulns affected billions of devices. While possibly true from a theoretical point of view back in March when discovered, the majority of those will have incorporated the patches, either through routine updates or updates pushed (legitimately) from mobile networks."

Do the numbers show that "the majority" of phones *get* updates?? Lots are out of the support range of the manufacturer or carrier.

It's official: Deploying Facebook's 'Like' button on your website makes you a joint data slurper

Chris Gray 1
Devil

simple solution!

Simple solution - use a tool like "NoScript" in your browser to block Javascript, and never allow any scripts from Facebook to run.

In terms of other aspects of browser operability, your mileage may vary.

Firefox armagg-add-on: Lapsed security cert kills all browser extensions, from website password managers to ad blockers

Chris Gray 1
Meh

Easy work-around for many

Saw this a couple days ago on Slashdot. A work-around shown there is to go into about:config and change xpinstall.signatures.required to "false". Apparantly that doesn't work for folks with artificially restricted versions of Firefox (Windows/Mac? - I forget). It worked fine for me on Linux. When a fixed version comes through from Ubuntu, I'll flip it back (not that I'm likely to install any extensions other than "NoScript"!)

Canadian woman fined for not holding escalator handrail finally reaches the top after 10 years

Chris Gray 1
Devil

Skaith North-hound?

OssianScotland, you fiend, you've put in my head the image of Stark trying to carry a North-hound from Skaith on an escalator....

(Sorry can't find online images, etc. They were giant dogs that one rode on. Author Leigh Brackett.)

Prince Harry takes a stand against poverty, injustice, inequality? Er, no, Fortnite

Chris Gray 1

tax it

Tobacco and alcohol are taxed, and hopefully some of the money taken goes towards treatment expenses for those who are harmed by those addictive substances.

So, if games like Fortnite really are harmfully addictive, then they should be taxed, and the money earned spent on treatment of the addicted.

We don't want to be Latch key-less kids: NYC tenants sue landlords for bunging IoT 'smart' lock on their front door

Chris Gray 1
Stop

Hope they win!

I hope the residents win the lawsuit(s).

Not sure what I would do if the condo board here put in an internet accessible smart lock system. Try to sell and move out, I guess.

Why can't they just put in a system that uses key fobs? The owner gets very similar info about comings and goings, but without the insecurity of the "smart" locks and the requirement for a smartphone. It might cost more - I dunno.

Facebook blames 'server config change' for 14-hour outage. Someone run that through the universal liar translator

Chris Gray 1
Black Helicopters

tapping now done

Never having visited a Facebook site, I wouldn't have known either.

Being paranoid, my theory is that the downtime was needed to insert US government tapping tendrils deep into their infrastructure, so that everything is properly gathered up.

Either that or they had to thoroughly delete all sorts of incriminating stuff (and all backups of it), in preparation for any and all upcoming investigations.

Thought you'd seen everything there is to Ultima Thule? Check this out: IN STEREO!

Chris Gray 1
Go

Go for *three*

Nazz, try to get it to be just 3 images, and concentrate on the middle one - its the one with left & right overlayed. Make sure you are looking straight at the image, too.

Chris Gray 1
Thumb Up

Kewl!

I bought a couple of random-dot-stereogram posters years ago, and so became quite good at doing the trick of manually looking at 3D images. This one works fine for me - no squinting needed. Thanks - I saved a copy!

Brave claims its mobe browser batt use bests whatever you're using. Why? Hint: It begins with A then D then V...

Chris Gray 1
Meh

Back to Brave...

I installed Brave on my desktop and tried it out a while back. It seemed fine for what sites I visit. I also like its micropayments system, although I didn't use Brave long enough to participate. El Reg could have been one I would contribute for.

The reason I stopped using Brave is that I could not find any description of just what it does. I was left with blindly trusting its developers to safeguard my interests.

I don't want to block ads per se. I want to block 99% of Javascript. Ads don't harm me, Javascript can. So, I went back to Firefox with NoScript. And yes, that occasionally prevents me from seeing something a regular website points me at.

Black-hat sextortionists required: Competitive salary and dental plan

Chris Gray 1
WTF?

Re: Translation?

Ok, thanks for that.

Textually like the filler that many SPAM emails have in them. I guess it could be a buggy spamming system - I've seen the results of those several times, like %name% in the body, etc.

Chris Gray 1

Translation?

Humph - too late to edit. Here's the body of one that just came in:

⒈00<永日无言>00<画图难足>多<欢娱渐随流水>種電<小堂深处>子遊<帘卷西风>戲返水<

也莫向>3.0<头白倚寒翠>‰手<一年春事都来几>拵餸最<水天宽>高38<此地曾轻别>88逢<霏雾

弄晴>8<缓步香茵>必<忍萧索>發<障滟蜡>忑碼4<乱红飞过秋千去>8.<却不解带将愁去>89<谁

把钿筝移玉柱>杯<依前唤酒银罂>,天天<不应有恨>限琻大<暝鸦零乱>回<我亦虱其间>饋

Chris Gray 1

Similar here - I've been getting the "you've been hacked" ones for a month or more. Sometimes several a day. The one that made me take notice used my old LinkedIn password. But, since LinkedIn told everyone about that breach, that password changed years ago.

What I'm getting much more of is stuff all in what I believe is Chinese. The subject and body are all in glyphs, not standard letters. I've no idea what they are about. Isn't one in my inbox right now, else I'd try copy/paste to here.

WWW = Woeful, er, winternet wendering? CERN browser rebuilt after 30 years barely recognizes modern web

Chris Gray 1
Thumb Up

Works fine...

Works fine on my site, except for not showing the pictures, which is most of what's there....

(I'm a stubborn old fart who built his site by hand - no scripting and no CSS.)

Having links not work is *very* painful, though.

(And, no, I'm not pointing you lot to my website - its behind a cable modem, so is quite slow if more than one person uses it.)

(And I'm not giving a prize to anyone who bothers to figure out where it is.)

Earth's noggin took quite a clockin' back in the day: Now a second meteorite crater spotted under Greenland ice

Chris Gray 1
Devil

More craters

Mark 120, I came here to note the same thing.

Go down from the "H" in Humbolt, and right from the "H" in Hiawatha and you are at the upper-right corner of this nice round feature, which even has a dimple in the middle.

I also imagine small and large ones to the right of the Humbolt label.

And another large one right between the first-mentioned small one and the new large official one.

Also, go left from the top line of the dotty box, until you are under the Hiawatha...

I've spotted features like these in our local terrain maps used on weather forecasts too. I guess you have to be properly trained to avoid imagining things that aren't really there. Maybe.

It's 2019, and a PNG file can pwn your Android smartphone or tablet: Patch me if you can

Chris Gray 1
Meh

Errrrr.

So my 5.0.1 device is fully safe then?

London Gatwick Airport reopens but drone chaos perps still not found

Chris Gray 1

machine gun?

I've seen reasons why you can't use a shotgun (not enough accurate range) or a rifle (risk of bullet missing and doing damage/harm when it lands), but how about an old machine gun? I know nothing about firearms, but my impression from WWII movies is that those machine gun bullets wouldn't go that far (or be moving fast when falling to the ground), but there are much better chances of hitting a drone.

Hole-y ship: ISS 'nauts take a wander to crack Soyuz driller whodunnit

Chris Gray 1
Joke

Re: Bits of foil

Yeah, couldn't they have at least vacuumed up the floating bits?

Mobile networks are killing Wi-Fi for speed around the world

Chris Gray 1
Stop

Cost!

The main reason for using WiFi at home is that it uses your home broadband connection to get to the internet instead of your phone's data plan. For many folks that costs a whole lot less - e.g. almost unlimited at no extra cost for home broadband, versus limited and expensive for phone data.

Away from home it'll depend on any costs to ride on someone else's WiFi, but I expect it'll still be cheaper than phone data on many plans.

This is the case for me, and I expect for lots of other folks too.

Lush scrubs its card-processing servers squeaky clean

Chris Gray 1
Meh

Here too

We have them here in Canada as well. Nearest is about 20 blocks away. I don't know if they are affected as well, and I am *NOT* about to walk into one to find out!

Microsoft confirms: We fixed Azure by turning it off and on again. PS: Office 362 is still borked

Chris Gray 1
Black Helicopters

Hmmmm

"Mitigation: Engineers deployed a hotfix which eliminated the connection between Azure Identity Multi-Factor Authentication Service and a backend service."

What kind of back-end service needs to connect to the Multi-Factor Authentication Service? See icon.

RIP Bill Godbout: Cali wildfire claims the life of master maverick of microcomputers

Chris Gray 1
Thumb Up

My first "real" computer?

I had a couple of hobby computers (Radio Shack CoCo, Exidy Sorcerer with S100 expansion box), but then I wanted a *real* computer. Bought a humongous S100 chassis with 25 Amp power supply. Filled it with a CompuPro dual-CPU (8085/8088) board, CompuPro Disk-2 floppy controller, a pair of memory cards (static RAM on one, dynamic RAM on the other), a CompuPro System Controller board, and a graphics board. My biggest investment ever in a personal computer. Wrote the first Draco compiler (for CP/M natch) on that machine.

Definitely brings back memories!

... Aaaand that's a fifth Brit Army Watchkeeper drone to crash in Wales

Chris Gray 1
FAIL

Thales

Thales had the contract for the software for the most-recently-sortof-completed chunk of our LRT (Light Rail Transit) system (mostly-aboveground subway stuff). They are two years late in trying to integrate their stuff into the existing system, and the trains have been running too slow for those 2 years. A minor speed increase a few months ago. The city has set deadlines, and is about to "do something".

So, flying airplanes into the ground does not surprise me.

The great wearables myth busted: Apps never, ever mattered

Chris Gray 1
Go

non-fitness user

I'm an old fart, so using my 3-year old smartwatch for fitness stuff was never something I wanted to do. It counts my steps on my regular walks, but my phone could do that. What I mostly use the watch for is telling time. Second behind that is glancing at it to see incoming texts (and often reply using the canned replies (changeable with the phone App)), see the first part of incoming emails on my rarely used gmail and ISP accounts, and see and acknowledge notifications of scheduled events. All of this is governed from my phone, so I have no use for a smartwatch with its own data connection. I also have never had any use for GPS - location services are always off on my 5 year old phone.

And yes, I never bother with the Apps I do have on the watch. When they were new I used the games a bit, but not beyond that.

So, similar in that I don't use or care about non-builtin Apps, but different in that I don't care about the fitness aspect or GPS.

I expect other life-style things will affect the value of a smartwatch to you. I don't carry my phone in my hand, and getting it out of a pocket can be a nuisance, depending on the season - taking off my gloves and opening up my parka in winter is not instantaneous!

Too many bricks in the wall? Lego slashes inventory

Chris Gray 1

You got me

El Kapitan: you have me on the Disney stuff - none of the nearly 2000 Lego sets I've bought over the years has "Disney" in its name or category.

Others mentioned the Harry Potter sets as specialized. Well, a local friend who has the largest online LEGO store in Canada called them "Harry Parter" since some are such a goldmine of parts for other stuff. I don't have an online store, but bought multiples of some of them to get the parts.

I like the modular buildings, and some of the Creator 3-in-1 sets. I also buy boxes of just bricks, but for larger quantities I buy on bricklink.com . I love large Technic sets, but find the new lift-arm style ones a pain (physically!) to take apart.

Chris Gray 1
FAIL

Do your research

I know this is a lot of El Reg commentards, but as usual you should do a bit of reseach before mouthing off.

LEGO in general does not make specialty pieces for sets. There are occasional ones for some of the collectable or licensed minifigs. Those make them lots of money. As for the Saturn V set (taps on it - not opened yet), I looked through the parts inventory here:

https://www.bricklink.com/catalogItemInv.asp?S=21309-1

and didn't find anything special, other than the few painted pieces. Pick a piece there and click on its part number - that'll show you how many sets that part has been used in.

The cost of LEGO pieces is driven by two things: the cost of the material primarily, and the cost of the moulds. Check the Lego website's pick-a-brick page and you'll see.

The material that LEGO uses (which is different from 50 years ago) lasts much better than the stuff used by the cheap knockoffs. I used to have Megabloks years ago - they started out with pieces that didn't match LEGO shapes very well (I've been told it is fairly hard to allow for shrinkage of various shapes as they are pushed out of the mold), but got better in a few years. But, as far as I know, they still use a material that will flake away after too many uses.

Wanna build an AI robot? Don't have an actual robot yet? Try this Holodeck for droids

Chris Gray 1
Meh

Sounds random

This "sparse rewards" thing may be useful in some situations, but it sounds like you are asking for trouble and more work. If it solves the problem in some unique way, you have no information on how it solved the problem (for problems which don't involve watching the result happen). If you guide it with intermediate rewards, you at least have basic ideas of how it is achieving the result, and so can pick better test cases.

After all, shaking the wine bottle up and down a few times may well end up with the glass containing the right amount of wine. But, that doesn't sound like a desired solution - you haven't had any way to put reasonable constraints on the solution found.

Until last week, you could pwn KDE Linux desktop with a USB stick

Chris Gray 1
Stop

evil injection

For web servers, one of the big security problems for quite a few years has been SQL injection attacks. We solved those quickly, right? Right? Anyone?

So, for Unix-based boxes, script injection attacks will be solved just as quickly. Sigh.

Both work the same way - stuff that should not be trusted is blindly stuffed into command strings, and the command strings are then parsed and run with whatever privileges they "need". Its just plain a bad idea.

Do Windows servers have similar problems, or does Microsoft shipping huge binary blobs actually help with this?

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020