This line gives me chills. He's passing a completely unsanitized input (the bandwidth thief's URL) to a system() function.
At least he didn't concatenate everything so that system() would run the entire string as a shell command.. then simply adding a semicolon or pair of backticks to the url would cause the system to run any command the attacker liked, including deleting all files squid has access to and running a custom backdoor. There are a lot more local root-escalation flaws than remote.
Even without the shell character vulnerability, who knows what kind of failures you can induce out of wget given the right parameters. He should sanitize the URL before passing it out.
There's also the possibility of a vulnerability in mogrify, given the right corrupted image file to work on. Mogrify should be run in a separate user account that has no access to anything other than the input file.
Never trust your input, especially from an already-admitted evildoer.
Yes, I'm paranoid - I work in information security.:)
Hmm...exactly how does THAT happen? That is quite sad....hope it never happens to me.
Everything goes better with booze....
Personally, I cut back around 25 or 26 years old. I'm not dry, but most weeks I won't drink anything. 2 or 3 drinks when I do (over 2 or 3 hours).
This is from someone that used to drink every day, and bartenders knew me when I walked in the door. I'd drink anyone under the table, and was damn proud of it.
I'm not the same person I was at 21 - I've had good times and bad, and I've matured from them. Staying the same person forever - never learning anything, never growing - sucks.
I don't feel bad about my time drinking; it was a lot of fun! It's just that there's other things to do, other ways to be.
A hole, any hole is going to make the aircraft turn back. People will be terrified, especially if someone gets hit, or someone sees fuel streaming from a wing. The airport will then be shutdown for a while. Do this enough and you could cripple civillian aviation, followed by the whole economy if you can keep it going.
I doubt you would hear a bullet hit the plane while inside. The engines are extremely noisy and the whole plane is shaking. The first sign would probably be either the pilots noticing a loss of fuel, or an engine going out (not terribly uncommon even without terrorists - birds are far more dangerous to engines). The passengers would never know, and the pilots are trained to deal with both fuel leaks and loss of engines. Fuel leaks and engines failures already happen - terrorists adding a few more won't make a difference.
If a bullet hit the wing, nobody would know or care until the next ground inspection.
What about the cabin? There was even a show on Mythbusters where they showed that a bullet hole through the cabin wall would do just about nothing. No explosive decompression, no people being sucked out through a tiny hole - just a whistling sound where the hole is. They actually pressurized a plane and then shot it with a bullet, pretty neat.
Another trick with the automated collect calls is when it ask your name say, "this is Joe call me 555-1212"
And then they call you back for free.
Sadly, many of the payphones in the U.S. don't ring any more. Presumably this is done to prevent anonymous phone calls in order to better track criminals, but it also prevents free phone calls.
yet leaving the line open for our friends and family that might be on payphones or in unusual situations and in dire need of our help
So you want people to put up with the certain daily annoyance of telemarketers (new ones will call regardless of how stern you are with previous ones) on the slight chance that we have a deadbeat friend who might have to spend a night outdoors? Even in your contrived scenario, nothing is stopping said deadbeat from leaving a message with his location and situation, then repeatedly collect-calling (since he apparently has nothing better to do). Collect calls are automated these days; they won't get tired of you calling the same number over and over.
My little brother has called me from jail more than once, usually around 3am (thanks bro). I don't pick up on strange numbers, but when I listen to the message a few minutes later, I drove down and bailed him out. Big deal. (Tip for you: it takes a while to bail someone out. Bring a book.)
I can't think of any situations where you only have 1 phone call, can't collect-call, and absolutely have to talk to someone as opposed to leaving a message.
Besides, we don't have to - and shouldn't - base our lives around.001% chances.
Cingular, from everything I've seen and heard, sucks.
I didn't say they were good.:)
T-mobile, the OTHER nationwide GSM carrier in the US, has good service & support at the first level. Try to do anything complicated and it turns into a disaster, but they have been pretty good and certainly I do better than Cingular users.
T-mobile leases minutes from Cingular; they use the exact same towers. So, only one nationwide GSM network, resold by more than one company.
Since they are the same towers, I fail to see how coverage could be better with T-mobile. T-mobile differentiates themselves on service plans and customer service (quite well in my opinion).
Many electric and long-distance companies operate the same way, reselling a larger company's product (usually with better pricing and service).
Alas, T-mobile doesn't serve my city (Charlotte, NC) except as roaming. So, Stinkular it is.
The problem is, providers are in a constant struggle with eachother. Cable, DSL, and whatever are always in competition. One offers "unlimited" bandwidth for $45 a month, the other has to offer it for 40, etc.
Every business works like this, so it's a horrible argument. If they are not able to be profitable at 40, then they will leave the market, and then the other provider will raise rates to a profitable level.
Except DSL and cable providers are already profitable - they just want even more.
Thought the advantage of mp3 players is how small and attractive looking they are?
An external battery pack would make it slightly heavier and larger - about the size of a AAA battery bigger and about the weight of a AAA battery heavier, yes.
Probably still smaller than a portable CD player.
I had a portable CD player, which I replaced with an iPod. Not because it was smaller/lighter/prettier, but to be able to carry around ALL my music, and not have to decide before every trip which CDs I was going to take with me. It was annoying to be thinking about a song on my daily commute, go to play it, and realize I didn't have that particular CD with me.
Roaming overseas is problematic for many US customers - a CDMA phone is useless in Europe, and multi-band CDMA GSM phones are hard to find and expensive. GSM phones are carrier locked so you can't switch providers (unless you unlock the phone)
This is why last year, as a American, I bought my RAZR phone in Europe. No carrier-specific garbage in the phone, no missing features (hello Verizon), and it works everywhere (quad-band GSM).
It was also considerably cheaper at the time (250 euros vs. $400-500). Now they give them away with 2-year contracts, heh.
When I got home, I ordered new service with Cingular (as the only nationwide GSM carrier left in the US), and had them send me the free phone (why not?). I then took the SIM they sent, plopped it in my RAZR, and have been happy ever since. Even got to keep my number from Sprint.
Depends - a country really cannot function normally unless political violence (of which terror tactics against the general population is perhaps the most potent kind) is curtailed and kept at an absolute minimum. Having city centers and landmarks get blown up with any regularity is a no-no if you want a working country.
Tell that to England (IRA bombings) or Israel, which seem to function just fine.
In fact, England seemed to chug right along during WW2, when they were getting bombed to pieces. The difference is, the government back then told people to keep going despite the bombings, instead of trying to frighten the populace in order to grab (more) control.
That can't possibly be legal. A 12 year old with a.22. If he killed someone, you're parents would have gone away for life.
Handgun purchases and posession are severely restricted and even outright banned in some states. Rifles are not.
As far as I know, a rifle is legal to purchase by anyone 18 and up in all states. Posession is not restricted, so if a 12 year old receives a rifle for his birthday, no problem. A rifle on a farm is a valid and necessary tool, and I've known 12 year olds that could handle them responsibly.
(above assumes you're not a convicted felon, mentally incompetant, etc)
I wonder why Microsoft is trying to claim 3 million consoles sold? I keep seeing people post the 1.7 million number with a breakdown something like this:
Maybe 3 million shipped to stores, which might count as "sold to stores", and 1.7 million sold to customers. Of course, the ones on store shelves may be returned.
If the USPS is delivering mail at highway speeds then I think a 20% increase in fuel usage is the least of their problems.
Funny, but USPS does have 18-wheeler trucks that go between cities on the interstate, and rural deliveries often involve driving on highways to get to the destination - at highway speeds.
Depending on the vehicle, it's usually more efficient to use the AC at 45 mph and over rather than rolling down windows.
As an example, when I worked at CompUSA I didn't see anyone that specifically wanted a 12" PowerBook. Everyone I sold one to wanted a smaller one or the 15", but instead bought the 12" because it was the smallest one Apple made or because it was much cheaper than the 15". They didn't buy it because it was the one they wanted. It sold only due to price of the fact that a better, smaller one didn't exist. Come-on Apple, sell the product that people want.
I specifically wanted the 12" Powerbook, and bought mine from CompUSA. I can't stand the small keys on the sub-sub-notebooks like the Vaios. The keyboard can't get any smaller on the 12" PB (it's already crammed in), unless they did a crazy fold-out one like the old butterfly Thinkpads.
Hmm, actually a 10" powerbook with a fold-out keyboard would be cool. I don't know if I'd trade my 12" PB for it, but I would've considered it.
Well, given that it would be illegal for Kroger to ask your age, race, gender, martial status, number of kids, how do you expect to get to work, etc. etc. as part of the application process, it may be that the machine wouldn't have much to go on in these areas.
Some of those *are* legal to ask. Birthdate? OK. Race? OK, but you don't have to answer (they collect this data to prove that they're not throwing away all black applications, for example). How you get to work? OK.
The audience for revenue numbers is investors. The audience for number of subscriptions is potential gamers. It's easy to lie^H^H^H inflate your numbers to one while telling the truth to the other.
I can't stand the Wendy's commerical where the college student is doing his budget, and he's lunch from Wendy's will give him 1 penny left over (that he will invest LOL!!!) because the the 99 cent menu.
Come on, there are very few places (if any) that don't have tax. I would -love- it if something 99 cents or 4.99 actually got me back a penny from my dollor or five.
I'm not aware of any developed area that doesn't have tax at all. However, several US states don't have sales tax, such as New Hampshire and Oregon.
Fast food often has a separate tax from "regular" sales tax (like on a TV or chair), sometimes at the town/city level, so you may still be paying tax at Wendy's.
I don't consider Apple a h/w or a s/w company...I consider them a 'user experience' company, which is why they like to marry the two products together. The 'user experience' can be frustratingly patronising from time to time, but they get it right more often than wrong.
That's the problem right there. If they have to support every random device out there - or worse, allow hardware manufacturers to supply their own drivers - then the user experience will suffer. Hardware manufacturers don't all have the same software quality, so you'll lose stability. Moreover, have you seen some of the abominations from HP, Creative, etc that pass for "drivers"? Printers, cameras, and sound cards should not install 17 applications, 3 always-present toolbars and generally take over your computer.
Microsoft has previously blamed Windows stability problems on 3rd party drivers (quite rightly in many cases). Why would Apple want that?
Hi, I am Mac user... and we DO NOT have the better desktop OS. Mac OS X is the most overrated piece of shit EVER (but it sure is pretty & shiny).
And yet you use it (or claim to). Many people are forced to use Windows at work, but I don't know of many people that are forced to use OS X - they use it out of choice.
Slashdot Mirror
This line gives me chills. He's passing a completely unsanitized input (the bandwidth thief's URL) to a system() function.
At least he didn't concatenate everything so that system() would run the entire string as a shell command.. then simply adding a semicolon or pair of backticks to the url would cause the system to run any command the attacker liked, including deleting all files squid has access to and running a custom backdoor. There are a lot more local root-escalation flaws than remote.
Even without the shell character vulnerability, who knows what kind of failures you can induce out of wget given the right parameters. He should sanitize the URL before passing it out.
There's also the possibility of a vulnerability in mogrify, given the right corrupted image file to work on. Mogrify should be run in a separate user account that has no access to anything other than the input file.
Never trust your input, especially from an already-admitted evildoer.
Yes, I'm paranoid - I work in information security. :)
Six dollars bucks per hour? Does he deposit that money into his ATM machine using his PIN number?
Everything goes better with booze....
Personally, I cut back around 25 or 26 years old. I'm not dry, but most weeks I won't drink anything. 2 or 3 drinks when I do (over 2 or 3 hours).
This is from someone that used to drink every day, and bartenders knew me when I walked in the door. I'd drink anyone under the table, and was damn proud of it.
I'm not the same person I was at 21 - I've had good times and bad, and I've matured from them. Staying the same person forever - never learning anything, never growing - sucks.
I don't feel bad about my time drinking; it was a lot of fun! It's just that there's other things to do, other ways to be.
I doubt you would hear a bullet hit the plane while inside. The engines are extremely noisy and the whole plane is shaking. The first sign would probably be either the pilots noticing a loss of fuel, or an engine going out (not terribly uncommon even without terrorists - birds are far more dangerous to engines). The passengers would never know, and the pilots are trained to deal with both fuel leaks and loss of engines. Fuel leaks and engines failures already happen - terrorists adding a few more won't make a difference.
Besides, even when planes do lose and engine, they continue to fly 11 hours anyways.
If a bullet hit the wing, nobody would know or care until the next ground inspection.
What about the cabin? There was even a show on Mythbusters where they showed that a bullet hole through the cabin wall would do just about nothing. No explosive decompression, no people being sucked out through a tiny hole - just a whistling sound where the hole is. They actually pressurized a plane and then shot it with a bullet, pretty neat.
Why would you want an update to a meeting that you aren't going to?
Another trick with the automated collect calls is when it ask your name say, "this is Joe call me 555-1212"
And then they call you back for free.
Sadly, many of the payphones in the U.S. don't ring any more. Presumably this is done to prevent anonymous phone calls in order to better track criminals, but it also prevents free phone calls.
So you want people to put up with the certain daily annoyance of telemarketers (new ones will call regardless of how stern you are with previous ones) on the slight chance that we have a deadbeat friend who might have to spend a night outdoors? Even in your contrived scenario, nothing is stopping said deadbeat from leaving a message with his location and situation, then repeatedly collect-calling (since he apparently has nothing better to do). Collect calls are automated these days; they won't get tired of you calling the same number over and over.
My little brother has called me from jail more than once, usually around 3am (thanks bro). I don't pick up on strange numbers, but when I listen to the message a few minutes later, I drove down and bailed him out. Big deal. (Tip for you: it takes a while to bail someone out. Bring a book.)
I can't think of any situations where you only have 1 phone call, can't collect-call, and absolutely have to talk to someone as opposed to leaving a message.
Besides, we don't have to - and shouldn't - base our lives around .001% chances.
I didn't say they were good. :)
T-mobile, the OTHER nationwide GSM carrier in the US, has good service & support at the first level. Try to do anything complicated and it turns into a disaster, but they have been pretty good and certainly I do better than Cingular users.
T-mobile leases minutes from Cingular; they use the exact same towers. So, only one nationwide GSM network, resold by more than one company.
Since they are the same towers, I fail to see how coverage could be better with T-mobile. T-mobile differentiates themselves on service plans and customer service (quite well in my opinion).
Many electric and long-distance companies operate the same way, reselling a larger company's product (usually with better pricing and service).
Alas, T-mobile doesn't serve my city (Charlotte, NC) except as roaming. So, Stinkular it is.
Every business works like this, so it's a horrible argument. If they are not able to be profitable at 40, then they will leave the market, and then the other provider will raise rates to a profitable level.
Except DSL and cable providers are already profitable - they just want even more.
Probably still smaller than a portable CD player.
I had a portable CD player, which I replaced with an iPod. Not because it was smaller/lighter/prettier, but to be able to carry around ALL my music, and not have to decide before every trip which CDs I was going to take with me. It was annoying to be thinking about a song on my daily commute, go to play it, and realize I didn't have that particular CD with me.
This is why last year, as a American, I bought my RAZR phone in Europe. No carrier-specific garbage in the phone, no missing features (hello Verizon), and it works everywhere (quad-band GSM).
It was also considerably cheaper at the time (250 euros vs. $400-500). Now they give them away with 2-year contracts, heh.
When I got home, I ordered new service with Cingular (as the only nationwide GSM carrier left in the US), and had them send me the free phone (why not?). I then took the SIM they sent, plopped it in my RAZR, and have been happy ever since. Even got to keep my number from Sprint.
Tell that to England (IRA bombings) or Israel, which seem to function just fine.
In fact, England seemed to chug right along during WW2, when they were getting bombed to pieces. The difference is, the government back then told people to keep going despite the bombings, instead of trying to frighten the populace in order to grab (more) control.
Handgun purchases and posession are severely restricted and even outright banned in some states. Rifles are not.
As far as I know, a rifle is legal to purchase by anyone 18 and up in all states. Posession is not restricted, so if a 12 year old receives a rifle for his birthday, no problem. A rifle on a farm is a valid and necessary tool, and I've known 12 year olds that could handle them responsibly.
(above assumes you're not a convicted felon, mentally incompetant, etc)
Maybe 3 million shipped to stores, which might count as "sold to stores", and 1.7 million sold to customers. Of course, the ones on store shelves may be returned.
Funny, but USPS does have 18-wheeler trucks that go between cities on the interstate, and rural deliveries often involve driving on highways to get to the destination - at highway speeds.
Depending on the vehicle, it's usually more efficient to use the AC at 45 mph and over rather than rolling down windows.
I specifically wanted the 12" Powerbook, and bought mine from CompUSA. I can't stand the small keys on the sub-sub-notebooks like the Vaios. The keyboard can't get any smaller on the 12" PB (it's already crammed in), unless they did a crazy fold-out one like the old butterfly Thinkpads.
Hmm, actually a 10" powerbook with a fold-out keyboard would be cool. I don't know if I'd trade my 12" PB for it, but I would've considered it.
http://www.google.com/search?q=thinkpad+701c
Some of those *are* legal to ask. Birthdate? OK. Race? OK, but you don't have to answer (they collect this data to prove that they're not throwing away all black applications, for example). How you get to work? OK.
The audience for revenue numbers is investors. The audience for number of subscriptions is potential gamers. It's easy to lie^H^H^H inflate your numbers to one while telling the truth to the other.
It's prime time for most MMORPGs. When do you think most people have free time, Tuesday mornings?
(actually you'd think that if you read WoW's forums on Tuesdays..)
Come on, there are very few places (if any) that don't have tax. I would -love- it if something 99 cents or 4.99 actually got me back a penny from my dollor or five.
I'm not aware of any developed area that doesn't have tax at all. However, several US states don't have sales tax, such as New Hampshire and Oregon.
http://www.salestaxinstitute.com/sales_tax_rates.j sp
Fast food often has a separate tax from "regular" sales tax (like on a TV or chair), sometimes at the town/city level, so you may still be paying tax at Wendy's.
It's easy enough to then ban communication with that island. Witness the ongoing trade embargo with Cuba.
FreeDOS will work with BIOS update disks. It's also considerably simpler to support.
Homeowner's insurance covers certain lawsuits.
That's the problem right there. If they have to support every random device out there - or worse, allow hardware manufacturers to supply their own drivers - then the user experience will suffer. Hardware manufacturers don't all have the same software quality, so you'll lose stability. Moreover, have you seen some of the abominations from HP, Creative, etc that pass for "drivers"? Printers, cameras, and sound cards should not install 17 applications, 3 always-present toolbars and generally take over your computer.
Microsoft has previously blamed Windows stability problems on 3rd party drivers (quite rightly in many cases). Why would Apple want that?
And yet you use it (or claim to). Many people are forced to use Windows at work, but I don't know of many people that are forced to use OS X - they use it out of choice.