Oh, come on. I'm driving a 4 gear automatic at very inefficient speeds and still getting well over 30 to the gallon.
21 as an average is terrible. New diesels in the UK are pulling 45-60mpg, including the automatics. Those are decent sized cars, the small town cars are doing even better.
Even the Chelsea tractors are getting 15-40.
4 gear automatics get 30mpg (36mpg) here too. UK cars are not magically more efficient - US drivers just drive WAY more trucks, which brings the average down. Almost nobody drives diesel, further bringing the average down, mostly because clean air rules limit the number of diesel cars sold in the US per year (but not trucks).
P.S. I've never heard of Slashdot being a US-centric website. The significant number of non-US users and the extensive European response to even this article should be a small clue.
That's why I provided a link to the FAQ. US-centric doesn't mean US-exclusive, but it does mean that you should keep in mind that the majority of your audience is American when you post.
You'd probably do well to look up UK slang and silently thank the poster that used it for expanding your horizons rather than bitching about its use in the first place.
I did look it up and even provided a link - something the original poster could have done. Or he could have just avoided using slang in the first place.
Understanding the phrase "Chelsea Tractor" did not really expand my horizons, as it's not a new concept - just different words. Using that slang caused the message to be lost to most of the audience. Using regional slang limits the number of people who will understand your ideas.
However, the total volume of an Imperial gallon and a US statute gallon is one gallon. It is just that the number of smaller or larger ounces is different.If you buy ten gallons of fuel in the UK, you have ten gallons of fuel by US volume, as well.
Apparently you are that dumb. Anonymous coward too, probably because you have no idea what you're talking about and don't want your name attached to idiocy.
* U.S. liquid gallon is 231 in (exactly) or 128 fl oz (exactly) or 3.785411784 liters
* U.S. dry gallon is 4.404 884 L
* Imperial (UK) gallon is 4.54609 L (exactly). That is approximately 1.201 US gallons.
So, my mpg calculations are slightly off.. since I used 20 oz/16 oz = 1.25 instead of 4.545 L / 3.785 L = 1.201. I should've checked that a UK person actually knew how large a UK gallon was, silly me. But they're still larger, and the mpg calculations are approximately correct.
My J reg Mercedes 190 is renown as a gas guzzler and gets 30mpg. If I were looking for a new car I wouldn't dream of looking at anything that got less than 35mpg. OK, so I know we have bigger gallons (20 fl oz vs 16 fl oz) but, from a UK perspective, 21mpg is only achieved by buying an SUV, and, if you want to buy a Chelsea tractor, pay the price.
The 21mpg you're complaining about would be 26.25mpg using 20oz gallons. Not far from your 30mpg. "Light duty vehicles" includes both 16mpg (20mpg) pickup trucks and 30mpg (37.5 mpg) passenger cars, so 21mpg as an average is not bad. Note that American cars normally have automatic transmissions. The same car with a manual transmission would give about 5mpg (6.25 mpg) better mileage.
P.S. I've never heard the term Chelsea tractor and had to look it up. You'd probably do well to avoid (or explain) UK slang on a US-centric website.
Yes, the huge shopping malls located far away, and the lack of public transport is just the result of having really cheap gas for a couple of decades.
Once the american society adapts to the fact that driving 1 mile might cost 1 dollar, then the malls will be smaller and closer, and the cars will be more efficient.
After WW2, the federal government gave out subsidized/guaranteed mortgages (GI Bill) to tons of veterans and their families, but basically forced you into the suburbs (if you were white; if you were black, you could only get a mortgage in the city). The current suburbia is the result of this and other government policies. Cheap gas certainly helped, but was not the motivator.
By the way, if european cars get better mileage, why not buy a european car??
They're not legal in the US. They would pass the required safety/emissions tests, but have to go through the paperwork first.
There are specialty dealers that will import non-US cars for you, doing all the paperwork, but it's so expensive that it's not worth it unless the car is >$100k or so.
Are you trying to suggest that only pretenious wankers by Macs?
Nope. Especially since I have a Powerbook along with my XP gaming box and Linux server.:)
I am saying that if you can choose between several different products, and they all present the same functionality, then other factors come into play, such as looks.
For example, any laptop would've worked for the web-surfing, email, and digital camera uploads that I need when I travel. My Powerbook is nice looking and easy to carry since it's so small (12" G4 Powerbook). The power adapter is small and packs up nicer than any other I've seen. So, I bought it for its form, since functionality was already taken care of.
Side note: while I've traveled with Dells and Thinkpads for years (the butterfly-keyboard Thinkpad was my favorite for a long time), I've never been stopped and asked about my laptop until I started carrying my Powerbook.
My server box on the other hand, is an ugly Frankenstein monster. It does its job and lives in a closet, so who cares about looks.
I think this is something the geek community forgets - that most non-geek people place looks right up alongside price and functionality.
Because that's called a laptop without a battery and is fuckin' pointless. Sure, it looks cool but once its outdated you throw it away. People don't like that with laptops but they put up with it because its portable. This aint, so why put up with it?
You answered it yourself - because it looks cool.
Function is mostly solved; aside from gamers and developers, almost any computer will work for average Joe's desktop use. What's left? Form - looks, interface, size, etc.
$10 curtains block the light just as well as $200 curtains.. but people still buy the $200 curtains.
I wouldn't be too bothered about people knowing my name.
Then why hide behind a fake name, jez9999?
It's like someone knowing your IP address, it's just an identifier. So what? There're thousands of other people with the same name as me, anyway.
There are a lot of crazy people in the world, and pissing them off (even unintentionally) while they are in posession of your personal details is not a very safe idea.
A name and IP is actually plenty. Many IPs reverse resolve to a hostname that gives an indication of geographic area. Certain ISPs are regional. If your name happens to be John Smith, you're probably okay. If your name is slightly more unique, and someone knows from your IP that you're in the greater Atlanta area.. well, prepare for an ass-kicking "Jay and Silent Bob Strike Back"-style.
Second, and any poster from malygos can confirm this. Roughly three months ago, around the time I quit, Over half the raiding guilds on malygos collapsed at the same time, including my own. Actually the collapse is largely due to the guild I was in at the time, as we recruited and turned over 50 members of some 4 AQ-level guilds, Leaving people behind and causing a large mess.
I'm on Malygos and have no idea what you're talking about. Which side was this on?
Also, what do you mean by "turned"? Accepted then kicked them out?
...There's a big "but", usually, to try and curb hyper-inflation interest rates are raised. So now your 5% PA mortgate is a 50% PA one.
Not sure what PA is supposed to mean.. per annum?
Assuming that's what you meant.. most adjustable rate mortgages (ARMs) have both an upper-limit rate and a maximum increase per year. For example, I have a 4.50% ARM that can adjust 1% per year, cap of 12%.
However, if you were smart enough to get into a fixed rate mortgage and there's still time before it converts into a variable rate one you should be a happy camper, if you can feed yourself that is. If you have savings, that 50% interest should come in handy for that too!
I've never even heard of a fixed rate mortgage that could convert to an adjustable one. Are these actually offered somewhere?
Quick question: what makes you or your neighbors so damn special that they have more rights (ha!) to hold down a job than some joe schmuck who just so happens to not live within some completely arbitrary geographical boundaries?
Joe India may have equal rights to that job.. but people have a vested interest in a) keeping their own job and b) keeping their own economy healthy.
Almost all of the Japanese imports sold in the US are manufactured in America (USA). You are still helping the US economy when you buy one.
Ironically, many "US" cars are made in Mexico or Japan, or are simply rebranded foreign cars. You can look at the the VIN next time you're shopping for cars.
1st character- Identifies the country in which the vehicle was manufactured.
For example: U.S.A.(1or4), Canada(2), Mexico(3), Japan(J), Korea(K), England(S), Germany(W), Italy(Z)
The good news is that the dollar crash will take out the families with "old money" too, and we can return to a more egalitarian economic system. It'll be rough, for a bit, but definitely worth it.
Nope. Old money families usually own resources, not dollars. If you own a diamond mine worth $3 million today, and the dollar deflates by 100 - now you own a $300 million diamond mine. You've lost nothing. Same with stock, pork futures, or real estate.
The rich usually stay rich.
However, your $70k mortgage balance is still only $70k, while the value of the house is now $7 million. Any debt you (or rich people) hold would become trivial to pay off.
In Austria, yes. But I wouldn't be surprised if defense attorneys are required for dead people in the USA soon. It's almost to the point where you need to consult an attorney before you flush the toilet.
They are required, since both the state and the victim may try to recover money from the dead person's estate.
This is quite simple. If a person that's the "victim" buys a house without "touring" the house first guess what? I'd bet the fucker is either in on it or stupid in which case they deserve it and I got a cheap bridge in China to sell them. They can't see it though untill they purchase it. It's fairly eaisy to find the thief in such insances because theres a paper-trail and a person who suposidly "put up money" for the place.
The story said that the houses were mainly empty rental houses or vacation homes. The buyers DID tour the houses; the houses were shown by the thief.
It would not be hard to find or identify the buyer. It would be hard or impossible to prove he was in on it though.
A really good thief could perform both roles, buyer and thief, using different identities for each role.
If someone tried stealing my home out from under me I would be sitting on the porch with a shotgun holding my copy of the deed in my hand. I would not care if the buyers think they have rights to my house or not, if someone forged my name I would not be liable because I said so.
At least, until the police show up, order you to drop you gun, then shoot you when you don't comply.
Every law everywhere has an "or else" clause, consisting of armed men showing up at your house.
Clearly the fairest way to resolve the situation is to refund the buyer's purchase price and return the property to its original owner. Everyone still has injuries (except the asshat fraudster), but no one is out a life's savings.
Since they cannot find the thief, who exactly is supposed to be doing the refunding?
It's terrible that the victim lost money, but nobody else should pay for his mistake but the thief. If the victim is compensated by anyone else, be prepared to start seeing two-man teams, one playing the thief, one as the "victim".
Firefox has a tray app? Mozilla had one but I haven't found a Firefox one. Please link me a URL if you know how to install this because that's one app I use often enough to benefit from a resident quickload!
(In development) -Turbo option for Firefox and Thunderbird. MinimizeToTray implements this popular feature from the Mozilla application suite. Have a Firefox tray icon and menu always available, even if no browser window is open. Or have Thunderbird launch directly into the tray only to notify you if you receive mail.
Unneccesarily memory-resident apps are a big problem in the Windows world. Have you seen a new Dell machine the first time it is turned on?
BS apps like Quicktime are an assault on Windows users, not a result of their "active ignorance". Anyone with an iPod is forced to run Quicktime at all times. You can thank Apple, makers of a popular non-Windows platform you may have heard of, for that gem.
You can turn the system tray thingy off. Go to control panel and double-click the QT icon. Select 'Browser Plug-in' from the drop down list, you should see 'Quick Time system tray icon' option.
So "force" is the wrong word, since it doesn't actually force you.
Apple Quicktime, Adobe Acrobat, Microsoft Office and yes - even Firefox - all have an option to have a system tray applet stay resident, so that when you access the application, you don't have to wait for it to load. If you have lots of memory and use the application often, it's actually a decent compromise. You can turn off all of them.
I use strcpy. If you know for a fact that the string is terminated then it's overkill to use anything else.
Because variables never get overwritten with garbage, either intentionally or not. Also, only one programmer ever works on a piece of code, and would never change the length of either the buffer or the input, let alone the content./sarcasm
In your trivial example, it's easy enough to see it's harmless, true. It's still bad practice. What is the compelling reason to use an unsafe function? To save a few characters?
Yes, it is important to know why strcpy should not be used. And then you should never use it, even when it's "safe", because it's a bad habit. Humans are much more habitual than logical, even programmers. Especially programmers at 2am after they've been on a caffiene-induced all-night coding session.
He just knows more perl than you, the system function is perfectly safe when used like that, the useless quotes around $url indicate he could learn some more perl, but that's not a security issue.
It's perfectly safe from shell metacharacter exploits, right. I already said that. You're missing the point - this isn't about his perl or the way he's calling wget. It's the fact that he's calling wget and passing it unsanitized data. It's the same mistake if it was written in C or Java or php.
He's taking unknown data and passing it to a local program without sanitizing it. There have been programs that crash when given an long argument (over 256/512/4096 bytes), or a rather convoluted url (think http://www.google.com/../one/../two/../three/../fo ur/../five/../ etc). Some even crash when given Unicode characters. Some of those crashes allow code execution.
Calling system() correctly (as the code does) won't prevent these vulnerabilities. Sanitizing the url given will help. Running wget as a limited user with access to only one directory will help too.
I disagree. As long as some other part of the system blocks non-http URLs from getting through, that should be perfectly safe.
Since this is a redirector for squid, the only other part of the system looking at URLs would be squid itself. I believe squid does indeed check URLs for sanity and encoding before passing then to the redirector, and actually does a good job at it. I like squid, and use it myself; I think it's a good, secure product.
But there's no reason to trust squid. The redirector code should still sanitize the input. The user is untrusted, and so should be any data that user produces.
Defense in depth is the idea that if one part of the system breaks, you haven't broken the whole system. Too many systems are broken when some supposedly secure piece fails, and no other piece takes any responsibility for its input.
He did it the right way. If used in the way quoted, the system() function of perl uses execvp directly instead of going through any shell, so no special characters will be interpreted. wget will see the contents of $url as a single argument, any spaces within will be treated as part of the URL to be downloaded.
True, the way he called system(), sending "http://www.google.com; rm -rf /;" as $url should be harmless - doubly so since squid (and therefore this redirector) should be running as a limited user. wget should also not see anything in $url as additional switches.
However, it's possible that certain ASCII strings passed to wget would make it fail in interesting ways, including compromise. Even if the current wget is completely safe, what about the next version? (Or an old one?) What if someone takes the code and uses curl instead of wget, or some other app?
The point is that this code is sloppy and dangerous, and could easily be fixed. Data from the user is untrusted and should be presumed to be dirty. The author of this code presumes $url is clean. Cleaning it should only take a line or two, and should be the first thing you do.
Here's the fun part - I've done enterprise development, and even within the same team I had to defend against bad input from other parts of the system. All routines that I worked on first cleansed the input, then checked it for sanity - and I managed to find quite a few bugs in other people's code that way. There is no safe data, there are no trusted sources.
It's not always malicious - mistakes do happen. But a mistake (or attack) in one portion of a system shouldn't break another part of the system.
Maybe he's more paranoid than you?? He may have left out such details to reduce the chances of someone getting past his data-sanitizing routines...
While it is possible he has some super-leet data sanitization methods, that shouldn't stop him from recommending to the rest of the world something simple and effective, and then doing his super-leet stuff on top of or instead of the simple method. My perl's rusty, but this should be a good first step, since it is supposed to be a URL:
Slashdot Mirror
4 gear automatics get 30mpg (36mpg) here too. UK cars are not magically more efficient - US drivers just drive WAY more trucks, which brings the average down. Almost nobody drives diesel, further bringing the average down, mostly because clean air rules limit the number of diesel cars sold in the US per year (but not trucks).
That's why I provided a link to the FAQ. US-centric doesn't mean US-exclusive, but it does mean that you should keep in mind that the majority of your audience is American when you post.
I did look it up and even provided a link - something the original poster could have done. Or he could have just avoided using slang in the first place.
Understanding the phrase "Chelsea Tractor" did not really expand my horizons, as it's not a new concept - just different words. Using that slang caused the message to be lost to most of the audience. Using regional slang limits the number of people who will understand your ideas.
Besides, they don't have tractors in New York City.. maybe they have some in Chelsea, MA?
I should add that there are no Imperial Liters - a liter is a liter everywhere (though that would be funny).
I've also probably misspelled liter / litre. Suck it.
Apparently you are that dumb. Anonymous coward too, probably because you have no idea what you're talking about and don't want your name attached to idiocy.
http://en.wikipedia.org/wiki/Gallon
* U.S. liquid gallon is 231 in (exactly) or 128 fl oz (exactly) or 3.785411784 liters
* U.S. dry gallon is 4.404 884 L
* Imperial (UK) gallon is 4.54609 L (exactly). That is approximately 1.201 US gallons.
And in case you don't like Wikipedia..
http://www.sizes.com/units/gallon_imperial.htm
1 Imperial gallon = 4.545 liters
http://www.sizes.com/units/gallon_US.htm
1 US gallon = 3.785 liters
So, my mpg calculations are slightly off.. since I used 20 oz
The 21mpg you're complaining about would be 26.25mpg using 20oz gallons. Not far from your 30mpg. "Light duty vehicles" includes both 16mpg (20mpg) pickup trucks and 30mpg (37.5 mpg) passenger cars, so 21mpg as an average is not bad. Note that American cars normally have automatic transmissions. The same car with a manual transmission would give about 5mpg (6.25 mpg) better mileage.
P.S. I've never heard the term Chelsea tractor and had to look it up. You'd probably do well to avoid (or explain) UK slang on a US-centric website.
After WW2, the federal government gave out subsidized/guaranteed mortgages (GI Bill) to tons of veterans and their families, but basically forced you into the suburbs (if you were white; if you were black, you could only get a mortgage in the city). The current suburbia is the result of this and other government policies. Cheap gas certainly helped, but was not the motivator.
Ah, here's a reference: "the five years after V-J Day, eight million returning vets made use of the bill's educational provisions, while the bill's loan guarantees brought home ownership within the reach of five million vets, resulting in the explosive development of suburbia. Humes is alert to the G.I. Bill's failures as well. For example, black vets were shunted into vocational training rather than college and were systematically redlined away from the new suburbs."
They're not legal in the US. They would pass the required safety/emissions tests, but have to go through the paperwork first.
There are specialty dealers that will import non-US cars for you, doing all the paperwork, but it's so expensive that it's not worth it unless the car is >$100k or so.
Nope. Especially since I have a Powerbook along with my XP gaming box and Linux server. :)
I am saying that if you can choose between several different products, and they all present the same functionality, then other factors come into play, such as looks.
For example, any laptop would've worked for the web-surfing, email, and digital camera uploads that I need when I travel. My Powerbook is nice looking and easy to carry since it's so small (12" G4 Powerbook). The power adapter is small and packs up nicer than any other I've seen. So, I bought it for its form, since functionality was already taken care of.
Side note: while I've traveled with Dells and Thinkpads for years (the butterfly-keyboard Thinkpad was my favorite for a long time), I've never been stopped and asked about my laptop until I started carrying my Powerbook.
My server box on the other hand, is an ugly Frankenstein monster. It does its job and lives in a closet, so who cares about looks.
I think this is something the geek community forgets - that most non-geek people place looks right up alongside price and functionality.
You answered it yourself - because it looks cool.
Function is mostly solved; aside from gamers and developers, almost any computer will work for average Joe's desktop use. What's left? Form - looks, interface, size, etc.
$10 curtains block the light just as well as $200 curtains.. but people still buy the $200 curtains.
Then why hide behind a fake name, jez9999?
There are a lot of crazy people in the world, and pissing them off (even unintentionally) while they are in posession of your personal details is not a very safe idea.
A name and IP is actually plenty. Many IPs reverse resolve to a hostname that gives an indication of geographic area. Certain ISPs are regional. If your name happens to be John Smith, you're probably okay. If your name is slightly more unique, and someone knows from your IP that you're in the greater Atlanta area.. well, prepare for an ass-kicking "Jay and Silent Bob Strike Back"-style.
I'm on Malygos and have no idea what you're talking about. Which side was this on?
Also, what do you mean by "turned"? Accepted then kicked them out?
Not sure what PA is supposed to mean.. per annum?
Assuming that's what you meant.. most adjustable rate mortgages (ARMs) have both an upper-limit rate and a maximum increase per year. For example, I have a 4.50% ARM that can adjust 1% per year, cap of 12%.
I've never even heard of a fixed rate mortgage that could convert to an adjustable one. Are these actually offered somewhere?
Nope. The WENUS - Weekly Estimated Net Usage Statistics. Net being gross minus expenses; nothing to do with networking.
Man, I watched too much of that show..
Joe India may have equal rights to that job.. but people have a vested interest in a) keeping their own job and b) keeping their own economy healthy.
Ironically, many "US" cars are made in Mexico or Japan, or are simply rebranded foreign cars. You can look at the the VIN next time you're shopping for cars.
1st character- Identifies the country in which the vehicle was manufactured.
For example: U.S.A.(1or4), Canada(2), Mexico(3), Japan(J), Korea(K), England(S), Germany(W), Italy(Z)
http://www.autoinsurancetips.com/vin.htm
Nope. Old money families usually own resources, not dollars. If you own a diamond mine worth $3 million today, and the dollar deflates by 100 - now you own a $300 million diamond mine. You've lost nothing. Same with stock, pork futures, or real estate.
The rich usually stay rich.
However, your $70k mortgage balance is still only $70k, while the value of the house is now $7 million. Any debt you (or rich people) hold would become trivial to pay off.
The story said that the houses were mainly empty rental houses or vacation homes. The buyers DID tour the houses; the houses were shown by the thief.
It would not be hard to find or identify the buyer. It would be hard or impossible to prove he was in on it though.
A really good thief could perform both roles, buyer and thief, using different identities for each role.
At least, until the police show up, order you to drop you gun, then shoot you when you don't comply.
Every law everywhere has an "or else" clause, consisting of armed men showing up at your house.
Since they cannot find the thief, who exactly is supposed to be doing the refunding?
It's terrible that the victim lost money, but nobody else should pay for his mistake but the thief. If the victim is compensated by anyone else, be prepared to start seeing two-man teams, one playing the thief, one as the "victim".
You can turn the system tray thingy off. Go to control panel and double-click the QT icon. Select 'Browser Plug-in' from the drop down list, you should see 'Quick Time system tray icon' option.
So "force" is the wrong word, since it doesn't actually force you.
Apple Quicktime, Adobe Acrobat, Microsoft Office and yes - even Firefox - all have an option to have a system tray applet stay resident, so that when you access the application, you don't have to wait for it to load. If you have lots of memory and use the application often, it's actually a decent compromise. You can turn off all of them.
Because variables never get overwritten with garbage, either intentionally or not. Also, only one programmer ever works on a piece of code, and would never change the length of either the buffer or the input, let alone the content. /sarcasm
In your trivial example, it's easy enough to see it's harmless, true. It's still bad practice. What is the compelling reason to use an unsafe function? To save a few characters?
Yes, it is important to know why strcpy should not be used. And then you should never use it, even when it's "safe", because it's a bad habit. Humans are much more habitual than logical, even programmers. Especially programmers at 2am after they've been on a caffiene-induced all-night coding session.
It's perfectly safe from shell metacharacter exploits, right. I already said that. You're missing the point - this isn't about his perl or the way he's calling wget. It's the fact that he's calling wget and passing it unsanitized data. It's the same mistake if it was written in C or Java or php.
He's taking unknown data and passing it to a local program without sanitizing it. There have been programs that crash when given an long argument (over 256/512/4096 bytes), or a rather convoluted url (think http://www.google.com/../one/../two/../three/../fo ur/../five/../ etc). Some even crash when given Unicode characters. Some of those crashes allow code execution.
Calling system() correctly (as the code does) won't prevent these vulnerabilities. Sanitizing the url given will help. Running wget as a limited user with access to only one directory will help too.
Since this is a redirector for squid, the only other part of the system looking at URLs would be squid itself. I believe squid does indeed check URLs for sanity and encoding before passing then to the redirector, and actually does a good job at it. I like squid, and use it myself; I think it's a good, secure product.
But there's no reason to trust squid. The redirector code should still sanitize the input. The user is untrusted, and so should be any data that user produces.
Defense in depth is the idea that if one part of the system breaks, you haven't broken the whole system. Too many systems are broken when some supposedly secure piece fails, and no other piece takes any responsibility for its input.
True, the way he called system(), sending "http://www.google.com; rm -rf / ;" as $url should be harmless - doubly so since squid (and therefore this redirector) should be running as a limited user. wget should also not see anything in $url as additional switches.
However, it's possible that certain ASCII strings passed to wget would make it fail in interesting ways, including compromise. Even if the current wget is completely safe, what about the next version? (Or an old one?) What if someone takes the code and uses curl instead of wget, or some other app?
The point is that this code is sloppy and dangerous, and could easily be fixed. Data from the user is untrusted and should be presumed to be dirty. The author of this code presumes $url is clean. Cleaning it should only take a line or two, and should be the first thing you do.
Here's the fun part - I've done enterprise development, and even within the same team I had to defend against bad input from other parts of the system. All routines that I worked on first cleansed the input, then checked it for sanity - and I managed to find quite a few bugs in other people's code that way. There is no safe data, there are no trusted sources.
It's not always malicious - mistakes do happen. But a mistake (or attack) in one portion of a system shouldn't break another part of the system.
While it is possible he has some super-leet data sanitization methods, that shouldn't stop him from recommending to the rest of the world something simple and effective, and then doing his super-leet stuff on top of or instead of the simple method. My perl's rusty, but this should be a good first step, since it is supposed to be a URL: