okay so not impervious to attack, I never suggested that -- Impact
Anyone... may exploit this vulnerability to gain access to any file readable by the user under which the webserver runs. --
with SUEXEC that would be each website owner and it's group so www:$USER
security minded people will already have locked down files outside the webspace to be unreadable by www that leaves the $USER's files.
We use postgres and it's access is via current username rather than password so no passwords would be revealed.
Arbitrary php execution would enable manipulating the DB data and open the door to other nasties [such as privilege escalation via forked shells & other vulnerabilities]
In the end, though, you have to blame the existence of a Super-User model. It's the biggest hole there is.
The purpose of my desktop is to fight against Microsoft? I think not. I want to get work done in a timely and cost effective manner not be part of a Jihad. I'd be rather upset if the people contributing were all fucked up with "must beat Microsfot, must beat Microsoft" rather than "must write good code, must write good code"
We Brits already had a civil war concerning that one.
Our revolutionary hero, Oliver Cromwell, became radicalised through the struggle to keep the Fens of East Anglia flooded. A grand scheme to clear, drain and develop on them was resisted by the communities that lived and worked there.
Ironincally once in power Cromwell oversaw the clearing, draining and development of the very same Fens.
There is talk today of reflooding much of then Fens and bringing the native flora and fauna back.
The coalition should have sent 5,000 unarmed civilians instead of well armed troops. No diplomat in the world could have defended a state that attacked non-aggressive civilians.
Curiously it was the UK that was the first to gas the Iraqis back in the 20th century. try googling "recalcitrant arabs"
Blair is just using the old Lloyd George maxim "Britain reserves the right to bomb niggers."
because, let's face it, thin clients are all you need most of the time. I use them all the time.
I'd be happy to buy a graphical thin client that wasn't Intel or AMD for a change.
It's an unnoccupied niche - the cheap reference platform computer. Backwards compatibility is great and all but sometimes a clean sheet can work wonders. It's a brave move but one that could reap rewards for many people. The Wintel platform is a mess. It would be wonderful to dump the lot and start with a unified architecture and someone with the muscle to say "You know those apps you've been using to save licensing fees and support costs, well we've got some computers we made especially for them that could reduce your over support costs".
I say "good luck to them" (so long as they don't come up with a sucky name for it)
Inferno provides security of communication, resource control, and system integrity.
Each external communication channel may be transmitted in the clear, accompanied by message digests to prevent corruption, or encrypted to prevent corruption and interception. Once communication is set up, the encryption is transparent to the application. Key exchange is provided through standard public-key mechanisms; after key exchange, message digesting and line encryption likewise use standard symmetric mechanisms.
Inferno is secure against erroneous or malicious applications, and encourages safe collaboration between mutually suspicious service providers and clients. The resources available to applications appear exclusively in the name space of the application, and standard protection modes are available. This applies to data, to communication resources, and to the executable modules that constitute the applications. Security-sensitive resources of the system are accessible only by calling the modules that provide them; in particular, adding new files and servers to the name space is controlled and is an authenticated operation. For example, if the network resources are removed from an application's name space, then it is impossible for it to establish new network connections.
Security mechanisms
Authentication and digital signatures are performed using public key cryptography. Public keys are certified by Inferno-based or other certifying authorities that sign the public keys with their own private key.
Inferno uses encryption for:
*
mutual authentication of communicating parties; *
authentication of messages between these parties; and *
encryption of messages between these parties.
The encryption algorithms provided by Inferno include the SHA, MD4, and MD5 secure hashes; Elgamal public key signatures and signature verification [4]; RC4 encryption; DES encryption; and public key exchange based on the Diffie-Hellman scheme. The public key signatures use keys with moduli up to 4096 bits, 512 bits by default.
Despite it sounding an interesting thought experiment it's a bit grim if you go to all the trouble of killing someone but get the time wrong. My car bomb could fail to go off and then explode under investigation the next day rendering my prediction useless thus I will not be recompensed for my risk.
when the Post Office recieves money for dropping "the occupier" [that's all - no address] letters through my letter box I believe this enables them to keep the price of postage at what the market will bear.
One of the exciting things we're announcing today is that our commitment to the Internet and to building a state-of-the-art browser extends not only to Windows 95 and Windows NT, but also to 16-bit Windows and the Macintosh and to Unix. And so, working with some partners, we've created Internet Explorer 3.0, and that's our latest, with all the active control capabilities on several Unix platforms.
okay so not impervious to attack, I never suggested that
... may exploit this vulnerability to gain access to any file readable by the user under which the webserver runs.
--
Impact
Anyone
--
with SUEXEC that would be each website owner and it's group so www:$USER
security minded people will already have locked down files outside the webspace to be unreadable by www that leaves the $USER's files.
We use postgres and it's access is via current username rather than password so no passwords would be revealed.
Arbitrary php execution would enable manipulating the DB data and open the door to other nasties [such as privilege escalation via forked shells & other vulnerabilities]
In the end, though, you have to blame the existence of a Super-User model. It's the biggest hole there is.
run PHP as a CGI and not an Apache Module and all your security fears melt away in the night
people are still patching it today :
http://www.mikes-afordable.com/
just another meme for the FUD factory
okument nicht gefunden
Die von Ihnen gewählte URL ist auf unserem
Server nicht bzw. nicht mehr vorhanden.
Gehen Sie bitte zur AIS-Homepage oder
benutzen Sie das Navigationsmenu links.
The purpose of my desktop is to fight against Microsoft?
I think not.
I want to get work done in a timely and cost effective manner not be part of a Jihad.
I'd be rather upset if the people contributing were all fucked up with "must beat Microsfot, must beat Microsoft" rather than "must write good code, must write good code"
We Brits already had a civil war concerning that one.
Our revolutionary hero, Oliver Cromwell, became radicalised through the struggle to keep the Fens of East Anglia flooded. A grand scheme to clear, drain and develop on them was resisted by the communities that lived and worked there.
Ironincally once in power Cromwell oversaw the clearing, draining and development of the very same Fens.
There is talk today of reflooding much of then Fens and bringing the native flora and fauna back.
Made me think what life would be like if *everyone* who had a car instead had a horse. Pandemonium to be sure.
Not to mention that the waste products of horses don't conveniently blow away in the wind.
i type m for mozilla (in Unix)
when I'm in plan9 I right click any text that looks like a url, select plumb and get's freebsd to open it in a new tab in mozilla on my second monitor
I was thinking about this the other day
no-one ever tries a peaceful invasion
The coalition should have sent 5,000 unarmed civilians instead of well armed troops. No diplomat in the world could have defended a state that attacked non-aggressive civilians.
Curiously it was the UK that was the first to gas the Iraqis back in the 20th century. try googling "recalcitrant arabs"
Blair is just using the old Lloyd George maxim "Britain reserves the right to bomb niggers."
because, let's face it, thin clients are all you need most of the time. I use them all the time.
I'd be happy to buy a graphical thin client that wasn't Intel or AMD for a change.
It's an unnoccupied niche - the cheap reference platform computer. Backwards compatibility is great and all but sometimes a clean sheet can work wonders. It's a brave move but one that could reap rewards for many people. The Wintel platform is a mess. It would be wonderful to dump the lot and start with a unified architecture and someone with the muscle to say "You know those apps you've been using to save licensing fees and support costs, well we've got some computers we made especially for them that could reduce your over support costs".
I say "good luck to them" (so long as they don't come up with a sucky name for it)
hope it includes SVG
anyone with any experience in Wireless nows that WEP is an insecure method of communication that is brute force breakable.
It is therefore easier to assume that all WEP protected comms are effectively plain text.
It is from this position that one should build the network.
Personally I would be using Inferno
from http://www.vitanuova.com/inferno/papers/bltj.html
Security in Inferno
Inferno provides security of communication, resource control, and system integrity.
Each external communication channel may be transmitted in the clear, accompanied by message digests to prevent corruption, or encrypted to prevent corruption and interception. Once communication is set up, the encryption is transparent to the application. Key exchange is provided through standard public-key mechanisms; after key exchange, message digesting and line encryption likewise use standard symmetric mechanisms.
Inferno is secure against erroneous or malicious applications, and encourages safe collaboration between mutually suspicious service providers and clients. The resources available to applications appear exclusively in the name space of the application, and standard protection modes are available. This applies to data, to communication resources, and to the executable modules that constitute the applications. Security-sensitive resources of the system are accessible only by calling the modules that provide them; in particular, adding new files and servers to the name space is controlled and is an authenticated operation. For example, if the network resources are removed from an application's name space, then it is impossible for it to establish new network connections.
Security mechanisms
Authentication and digital signatures are performed using public key cryptography. Public keys are certified by Inferno-based or other certifying authorities that sign the public keys with their own private key.
Inferno uses encryption for:
*
mutual authentication of communicating parties;
*
authentication of messages between these parties; and
*
encryption of messages between these parties.
The encryption algorithms provided by Inferno include the SHA, MD4, and MD5 secure hashes; Elgamal public key signatures and signature verification [4]; RC4 encryption; DES encryption; and public key exchange based on the Diffie-Hellman scheme. The public key signatures use keys with moduli up to 4096 bits, 512 bits by default.
It's not really sensible to write shell scripts using one shell and use another, so steer clear of csh.
poppycock
I use csh all day long for my interactive sessions but use rc for my shell programming.
So pray, what's wrong with doing that?
I get the features I want from a CLI and I get the features I want from the shell programming language for scripts.
there are 10 types of people
those that get trinary
those that don't
and some other lot
Despite it sounding an interesting thought experiment it's a bit grim if you go to all the trouble of killing someone but get the time wrong. My car bomb could fail to go off and then explode under investigation the next day rendering my prediction useless thus I will not be recompensed for my risk.
when the Post Office recieves money for dropping "the occupier" [that's all - no address] letters through my letter box I believe this enables them to keep the price of postage at what the market will bear.
AT&T licensed Unix to OEMs and Microsoft decided to be one of them.
Bill was a Xenix evangelist, even putting it on the desks of the secretaries if the stories are true.
See here
and here
A Snippet of his 1996 speech at Unix Expo
One of the exciting things we're announcing today is that our commitment to the Internet and to building a state-of-the-art browser extends not only to Windows 95 and Windows NT, but also to 16-bit Windows and the Macintosh and to Unix. And so, working with some partners, we've created Internet Explorer 3.0, and that's our latest, with all the active control capabilities on several Unix platforms.
Unix is Unix
Linux is Unix-like
still worth thinking about exploding Iraqis though
which could be very harmful
cut - save - crash
omg where's my work, it was there when I saved it
I was thinking in pseudo-physical terms where 1 and 0 are two bits
i don't know why I was but i was
to go to a big city electronics store and find 5 people who have heard of CSS. bonus points if they know it has something to do with DVDs.
I further challenge you to find 5 people there who know what proprietary means, bonus points if they mention computers.
it's :
The myth of interference
Internet architect David Reed explains how bad science created the broadcast industry.
- - - - - - - - - - - -
By David Weinberger
2 bits are enough for anybody