The workaround is trivial; using mod_rewrite, which is compiled into Oracle's Apache distribution it is possible to stop the attack. The workaround checks a user's web request for the presence of a right facing bracket, ')'.
Add the following four lines to your http.conf file then stop and restart the web server
Actually, this doesn't appear to be a problem in the db server software, but with an Apache module they distribute:
The flaw occurs in the way that a module in Oracle's Apache Web server distribution handles input and could give external attackers the ability to take control of a backend Oracle database through the Web server, said David Litchfield
If this is the case, it would seem that the amount of code should be significantly smaller than what you might imagine to be at stake if this were a problem in the db server itself?
hmm, I guess I was lucky and got in before the./-ing
Date Wed, 25 Jan 2006 17:39:16 -0500 (EST) From Linus Torvalds Subject Re: GPL V3 and Linux - Dead Copyright Holders
On Wed, 25 Jan 2006, Chase Venters wrote: > > This means that when the code went GPL v1 -> GPL v2, the transition was > permissible. Linux v1.0 shipped with the GPL v2. It did not ship with a > separate clause specifying that "You may only use *this* version of the GPL" > as it now does. (I haven't done any research to find out when this clause was > added, but it was after the transition to v2).
Bzzt. Look closer.
The Linux kernel has _always_ been under the GPL v2. Nothing else has ever been valid.
The "version 2 of the License, or (at your option) any later version" language in the GPL copying file is not - and has never been - part of the actual License itself. It's part of the _explanatory_ text that talks about how to apply the license to your program, and it says that _if_ you want to accept any later versions of the GPL, you can state so in your source code. The Linux kernel has never stated that in general. Some authors have chosen to use the suggested FSF boilerplate (including the "any later version" language), but the kernel in general never has.
In other words: the _default_ license strategy is always just the particular version of the GPL that accompanies a project. If you want to license a program under _any_ later version of the GPL, you have to state so explicitly. Linux never did.
So: the extra blurb at the top of the COPYING file in the kernel source tree was added not to _change_ the license, but to _clarify_ these points so that there wouldn't be any confusion.
The Linux kernel is under the GPL version 2. Not anything else. Some individual files are licenceable under v3, but not the kernel in general.
And quite frankly, I don't see that changing. I think it's insane to require people to make their private signing keys available, for example. I wouldn't do it. So I don't think the GPL v3 conversion is going to happen for the kernel, since I personally don't want to convert any of my code.
> If a migration to v3 were to occur, the only potential hairball I see is if > someone objected on the grounds that they contributed code to a version of the > kernel Linus had marked as "GPLv2 Only". IANAL.
No. You think "v2 or later" is the default. It's not. The _default_ is to not allow conversion.
Conversion isn't going to happen.
Linus
Re:The review and the Headline seem at odds or ?
on
Wicked Cool Java
·
· Score: 1
Yep, mostly the fault of this
The problem is that until you've committed to review the book, received it and read it, you don't know whether you've found a good one or have just been a victim of drive-by marketing. This was such a book.
This was such a (good|drive by marketing) book? I assumed the latter (why else would he phrase it that way?)
After reading the review it does sound interesting and I added it to my wishlist.
I'm not sure I see that. This is the way I see it:
Pixar was/is a studio, Disney had a (sweet) distribution deal. Pixar made the movies, Disney financed, promoted and distributed (and both made money). Their deal ran out after the last (next?) movie. Disney tried to negotiate a new deal and Pixar turned them down. Pixar was free to either find a new distribution deal or do it themselves. Disney worked out a deal to acquire them for stock. Pixney is now going to (probably) keep making computer animated features.
Okay, *maybe* they *would have* competed had Pixar found a new distributor or raised the capital to distribute their own features. That hadn't happened yet. My guess is that there was a continuous negotiation starting with re-upping their original distribution deal and ending with Pixar getting a bunch of equity shares in exchange for their souls.
You raise a fair point, but I wanted to point out something.
>spend $2B for a stealth bomber
While the cost of a weapons program is staggering and of questionable value relative to other needs, it's not as simple as deciding to spend $2B for a bomber.
You start out with an appropriation to spend $XXB on a program, expecting to produce NNN planes which will result in a cost of $YYY million each (still a lot, obviously).
Then, years into the program, things change and funding is cut and they say, build just 18. Now, your overall $XXB program cost is divided by the small number of planes, and pundits get to go on cable news shows and complain about government waste because stealth bombers cost $2B each.
Did they spend too much on building stealth bombers? Arguably. Did they start out approving a program that was going to cost $2B for each bomber?
>meet his younger self in a time warp created by a worm hole
gee, how original. How are they going to resolve that, by reversing the polarity of the warp field, or by streaming anti-tachyons from the deflector dish?
That's the problem I had with Trek when they started getting out of situations with some magical engineering hack all the time.
I actually liked the idea of "Enterprise" (not the execution, mind you) -- go back to a lower-tech period where there was no Federation yet and humans were just getting started with exploration. Seemed like there was going to be lots of possibilites for interesting stories of first contacts, wars, alliances, crap like that -- but no, more stupid plot devices like the "temporal Cold War".
After about midway through the second season, I couldn't take it anymore.
We've got an iPod Video to give away thanks to the folks at Mythbusters on The Discovery Channel. I'm going to be de-bunking a Chicago myth so be listening for details on how to win the iPod and some Chicago lore. It feels funny to say Mythbusters. It's like my mouth wants to say Gothtbusters, or something. So that's fun to listen for too. Today's Chicago myth is about a naked housewife greeting the meter reader. I meant to have a myth yesterday too, but I guess I mythed my opportunity.
Yeah, they seemed to have a bit of a promotional blitz around the timing of the new season. Last week I turned on the radio in the car and they were being "interviewed" by the guy on the local rock station (Chicago, Loop, Brandmeier).
They did 10-15 minutes and then "had to go" -- smelled like one of those things where they line up a dozen of these things, get the guys in a booth somewhere and then bounce around to various shows to promote their show. There's a term for that, can't think of it.
Another station had some "MythBusters iPod" promo going for a couple weeks around the same time.
Discovery had some lame-ass promo they ran at every break for a couple weeks with bigfoot stressing about the MythBusters. That made no sense, they don't tackle things like Lockness or Bigfoot on the show so it was pretty stupid to begin with, but also strange because I had never seen the show advertized on other networks.
So yeah, it seems that somebody realized the show was attracting an audience and decided it was a good idea to promote it. So what?
The journalist was quoting the memo, not making it up....
Hundreds of blank DVDs, CDs and jacket covers were also found, as was software "commonly used to crack header codes on copyrighted materials such as movies and music to allow duplication," Schafer's memo said.
Yeah, that's what I find lacking as well. The comments/discussion are pretty worthless. I like digg, I like to go and dig for stories when I've got some time to kill and/. doesn't have anything particularly intersting.
I see people complain a lot that stories posted on/. were on digg "days ago". Yep, but it isn't the story itself that interests me as much as the discussion that results.
Sure,/. has lots of warts, annoying spelling/grammar errors being not the least of them. Overall, I think it works, otherwise I wouldn't be here (along with thousands of others).
seems like it was the *Beatles-Beatles / ScuttleMonkey controversy that precipitated this series of posts from Taco.
I think it is really useful how he is doing it this time. He has had meta-slashdot discussions before, and they were good, but they didn't have the focus that these last couple have had (Taco explaining a single aspect at length and then taking the time to read all the comments and post useful replies where appropriate).
Having said that, slashdot still sucks and has really gone downhill and the trolls have taken over and the editors aren't doing their jobs and I have been unfairly banned from moderating and the moderators are all on crack and slashdot should have a spellcheker and Kuro5hin/Digg is better because of (x) and don't the editors ever read what they post and... (did I forget anything?);-)
>Who came up with this? I'm betting Marketing, with a side-bet on Legal.
Oh no, this comes from a need for revenue growth. Their revenues are flat unless they can get a surge of new subs, increase monthly fees or introduce some new value-add service that subs are willing to pay extra for.
Or, come up with a crackpot scheme like this to extort money from people who aren't even your customers. They are trying to re-define their business.
<withastraightface>It's the shipping business of the digital age</withastraightface>
riiight... unless they're introducing some QoS priority routing that isn't mentioned in the article, they appear to be just looking to squeeze more money from a different source for the same service they are aready charging their customers for.
<withastraightface>But delivering this content to our subs is driving up our costs!</withastraightface>
I think the OP is talking about all the _other_ items you may be carrying in your wallet that have RFID that may expose details about you that you that you might prefer not to share with anyone else.
Personally, this seems kind of silly to me, lining a duct-tape wallet with tinfoil to keep evil WalMart and others from peering under your kimono.
I use a lead-lined fannypack, myself.;-) Sure, I have to dig out my building pass everytime I go to the bathroom, but isn't my privacy worth a little inconvenience?
Just to prove that German automakers aren't the only ones who plan products based on what their rivals have done, GM comes out with the Camaro--a retro-styled, two-door coupe with a honking big V-8 that harks back to the glory days of Motown. If that sounds familiar, that's exactly what Ford did with the Mustang.
Slashdot Mirror
http://www.securityfocus.com/archive/1/423029
>With the code as large as Oracle's code is
Actually, this doesn't appear to be a problem in the db server software, but with an Apache module they distribute:
The flaw occurs in the way that a module in Oracle's Apache Web server distribution handles input and could give external attackers the ability to take control of a backend Oracle database through the Web server, said David Litchfield
If this is the case, it would seem that the amount of code should be significantly smaller than what you might imagine to be at stake if this were a problem in the db server itself?
Yep, mostly the fault of this
The problem is that until you've committed to review the book, received it and read it, you don't know whether you've found a good one or have just been a victim of drive-by marketing. This was such a book.
This was such a (good|drive by marketing) book? I assumed the latter (why else would he phrase it that way?)
After reading the review it does sound interesting and I added it to my wishlist.
Isn't this more a reference to the spam degree offers? That's the first thing I thought when I saw this.
I don't think any reasonable person would expect this to replace a degree from Stanford.
Exactly -- what, on your resume under 'Education' you're gonna list "downloaded everything I need to know on my iPod"?
good point
>there is less competition now
I'm not sure I see that. This is the way I see it:
Pixar was/is a studio, Disney had a (sweet) distribution deal.
Pixar made the movies, Disney financed, promoted and distributed (and both made money).
Their deal ran out after the last (next?) movie.
Disney tried to negotiate a new deal and Pixar turned them down.
Pixar was free to either find a new distribution deal or do it themselves.
Disney worked out a deal to acquire them for stock.
Pixney is now going to (probably) keep making computer animated features.
Okay, *maybe* they *would have* competed had Pixar found a new distributor or raised the capital to distribute their own features. That hadn't happened yet. My guess is that there was a continuous negotiation starting with re-upping their original distribution deal and ending with Pixar getting a bunch of equity shares in exchange for their souls.
>and the CES would be investigating
;-)
Yeah, those bastards at the Consumer Electronics Show are notorious bastards.
Heh, kind of like last night's Battlestar Galactica...
Who knew that an unborn Cylon/Human hybrid would have blood that could cure advanced, terminal cancer in a matter of minutes!
You raise a fair point, but I wanted to point out something.
>spend $2B for a stealth bomber
While the cost of a weapons program is staggering and of questionable value relative to other needs, it's not as simple as deciding to spend $2B for a bomber.
You start out with an appropriation to spend $XXB on a program, expecting to produce NNN planes which will result in a cost of $YYY million each (still a lot, obviously).
Then, years into the program, things change and funding is cut and they say, build just 18. Now, your overall $XXB program cost is divided by the small number of planes, and pundits get to go on cable news shows and complain about government waste because stealth bombers cost $2B each.
Did they spend too much on building stealth bombers? Arguably.
Did they start out approving a program that was going to cost $2B for each bomber?
>meet his younger self in a time warp created by a worm hole
gee, how original. How are they going to resolve that, by reversing the polarity of the warp field, or by streaming anti-tachyons from the deflector dish?
That's the problem I had with Trek when they started getting out of situations with some magical engineering hack all the time.
I actually liked the idea of "Enterprise" (not the execution, mind you) -- go back to a lower-tech period where there was no Federation yet and humans were just getting started with exploration. Seemed like there was going to be lots of possibilites for interesting stories of first contacts, wars, alliances, crap like that -- but no, more stupid plot devices like the "temporal Cold War".
After about midway through the second season, I couldn't take it anymore.
I suppose... just reminds me of Galaxy Quest a bit too much.
...and throw that at em while you're at it.
Hey, that's really good. Usually it's just some cardboard cutouts in a garage. Ok, red particle cannons!
Marketing plan
http://www.dahl.com/weblog/1_10_06.asp
We've got an iPod Video to give away thanks to the folks at Mythbusters on The Discovery Channel. I'm going to be de-bunking a Chicago myth so be listening for details on how to win the iPod and some Chicago lore. It feels funny to say Mythbusters. It's like my mouth wants to say Gothtbusters, or something. So that's fun to listen for too. Today's Chicago myth is about a naked housewife greeting the meter reader. I meant to have a myth yesterday too, but I guess I mythed my opportunity.
Yeah, they seemed to have a bit of a promotional blitz around the timing of the new season. Last week I turned on the radio in the car and they were being "interviewed" by the guy on the local rock station (Chicago, Loop, Brandmeier).
They did 10-15 minutes and then "had to go" -- smelled like one of those things where they line up a dozen of these things, get the guys in a booth somewhere and then bounce around to various shows to promote their show. There's a term for that, can't think of it.
Another station had some "MythBusters iPod" promo going for a couple weeks around the same time.
Discovery had some lame-ass promo they ran at every break for a couple weeks with bigfoot stressing about the MythBusters. That made no sense, they don't tackle things like Lockness or Bigfoot on the show so it was pretty stupid to begin with, but also strange because I had never seen the show advertized on other networks.
So yeah, it seems that somebody realized the show was attracting an audience and decided it was a good idea to promote it. So what?
Informative? bah
The journalist was quoting the memo, not making it up....
Hundreds of blank DVDs, CDs and jacket covers were also found, as was software "commonly used to crack header codes on copyrighted materials such as movies and music to allow duplication," Schafer's memo said.
Yeah, that's what I find lacking as well. The comments/discussion are pretty worthless. I like digg, I like to go and dig for stories when I've got some time to kill and /. doesn't have anything particularly intersting.
/. were on digg "days ago". Yep, but it isn't the story itself that interests me as much as the discussion that results.
/. has lots of warts, annoying spelling/grammar errors being not the least of them. Overall, I think it works, otherwise I wouldn't be here (along with thousands of others).
I see people complain a lot that stories posted on
Sure,
you left out lose/loose and ridiculous ;-)
seems like it was the *Beatles-Beatles / ScuttleMonkey controversy that precipitated this series of posts from Taco.
;-)
I think it is really useful how he is doing it this time. He has had meta-slashdot discussions before, and they were good, but they didn't have the focus that these last couple have had (Taco explaining a single aspect at length and then taking the time to read all the comments and post useful replies where appropriate).
Having said that, slashdot still sucks and has really gone downhill and the trolls have taken over and the editors aren't doing their jobs and I have been unfairly banned from moderating and the moderators are all on crack and slashdot should have a spellcheker and Kuro5hin/Digg is better because of (x) and don't the editors ever read what they post and... (did I forget anything?)
>As for the going for the looks part, men are the same way as women on this.
except the guys don't usually say 'looks aren't important' as the OP says women do. Guys I know make no bones about the fact that looks are important.
>Unless Daddy is loaded.
Or brown skin -- that seems to be a significant factor.
Was that one of George Carlin's rants?
>Who came up with this? I'm betting Marketing, with a side-bet on Legal.
Oh no, this comes from a need for revenue growth. Their revenues are flat unless they can get a surge of new subs, increase monthly fees or introduce some new value-add service that subs are willing to pay extra for.
Or, come up with a crackpot scheme like this to extort money from people who aren't even your customers. They are trying to re-define their business.
<withastraightface>It's the shipping business of the digital age</withastraightface>
riiight... unless they're introducing some QoS priority routing that isn't mentioned in the article, they appear to be just looking to squeeze more money from a different source for the same service they are aready charging their customers for.
<withastraightface>But delivering this content to our subs is driving up our costs!</withastraightface>
Then charge them more. Oh, wait...
I think the OP is talking about all the _other_ items you may be carrying in your wallet that have RFID that may expose details about you that you that you might prefer not to share with anyone else.
;-) Sure, I have to dig out my building pass everytime I go to the bathroom, but isn't my privacy worth a little inconvenience?
Personally, this seems kind of silly to me, lining a duct-tape wallet with tinfoil to keep evil WalMart and others from peering under your kimono.
I use a lead-lined fannypack, myself.
>yes, I know that Chevy doesn't make Camaros anymore
;-)
They've recently made at least one
Just to prove that German automakers aren't the only ones who plan products based on what their rivals have done, GM comes out with the Camaro--a retro-styled, two-door coupe with a honking big V-8 that harks back to the glory days of Motown. If that sounds familiar, that's exactly what Ford did with the Mustang.
Oh, duh -- :-(