While others have noted that the asterisk circumvents appropriate use of globbing, there are really three fixes.
1. Defensively check the setting of the variable and presence of the directory to print reasonable error messages. 2. Use 'set -u' or 'set -o nounset' to avoid any unset variables. 3. Do not include the unnecessary astersisk to avoid globbing and fall back on modern operating system safe defaults when a bare / is specified.
I only include #1 because when using set -e and set -u as recommended by Pashley (among others), you should probably handle the things explicitly and gracefully for something to be run by an end user.
Except for the fact that they revamped their website for about 4 million dollars. So to get 35 paid subscribers from that web redesign and have their traffic fall from 2.2m to 1.5m (per month)... well that may not be epic fail yet, but it is getting close.
I think they are trying to separate themselves to state that if you want the news, come to us and do it properly.
Riiighhht. When I want news done properly, I'll PAY FoxNews to do it properly. Just think about that for a second. The only reason anyone should be remotely concerned about this is because he now controls the WSJ.
Have you ever searched for some information, and Google gave a hit where the surrounding text of the query already answers your question? And then not clicked the website?
No, not for news. Try searching for "2009 election results" or "apple earnings 2009" and see if you can make sense of it (although "who beat rihanna" actually kind of worked). Nobody can use that crap. Even Google News doesn't provide usable news in their largest digest. FoxNews.com charging would be fun to watch, glad to see them go first.
It is trivial to write a script (on Windows or Unix) to simply attack the default gateway. Hopefully, that is what they do as opposed to using the default configuration, but maybe they aren't so cl3v4r.
Do you think that more people record passwords via CCTV cameras and RF, or shoulder surfing? Now what happens to that number when you remove masking?
Does masking help, yes. Is it fool-proof security, no. It is a layer, and a decent one at that. The biggest issue is that it does reveal length, which really is way too much. No echo is better.
Howzabout we make it optional, so people can decide for themselves?
If we let lusers decide for themselves, they would choose weak passwords, write them down on post-it notes and stick them to their screens, take out full-page adds in the New York Times with them in 256 pt Arial.
Seriously, end users don't understand security. Maybe it can be an advanced setting.;-)
Good security involves locking out the user after a certain number of attempts in order to stop a "dictionary attack". I just had to reset a users PW twice this afternoon because she locked herself out of her account. Sure, it's extra hassle but the security is worth it.
Unchecked, and with low thresholds, this can make it easy for a malicious person to deny service to valid users. Blocking requests from that particular IP address is a far safer option. Introducing long delays before authentication can be attempted again could also be used.
If you think that you are adding to security by locking out users that types the password in 5 times, 10 times, or maybe even 100 times, you are fooling yourself. If you require strong passwords (e.g. 3 classes, at least 8 characters), there is no way anyone is going to do an online dictionary attempt with that few amount of tries.
Right, and when we unmask all passwords, people will just shoulder surf, much easier! No recording equipment, plausible deniability, easy to do in public places. It's a real win-win.
I'm not sure that you really thought this through.
Pretty much any benefit that post-reproductive individuals have on the survival of their offspring (or the species in general) is a "use" for those individuals.
Including, but not limited to: hunting gathering meat (cannibalism) war care of other offspring
But paycheck? Where I live, cops START at a 100K a year, and it goes up from there. This is on top of awesome benefits and a retirement age in the 50s.
In NYC, rookie cops start at 43k in NYC. I know that there are more expensive places to live. Can you show me the police department that starts at 100k USD a year?
Re:Lawyers? We don't need no stinkin lawyers for t
on
So Amazing, So Illegal
·
· Score: 1
Well, mash-ups and the remix culture being fast and loose with IP and copyright could be compared to how the king co-opted some parts of African American music that he had exposure to, and made it his own.
Or am I reading too much into this?
Also, last time I checked my Elvis CD collection was is my Dad's house, gathering dust. Can't really say that I am a fan, although obviously it is historic and all that jazz.
Right, because this has never been done before....
I can't imagine such a system that is widely used today where layers were added to build out functionality, and work around various issues below in the stack, hardware issues, et cetera.
Slashdot Mirror
This.
While others have noted that the asterisk circumvents appropriate use of globbing, there are really three fixes.
1. Defensively check the setting of the variable and presence of the directory to print reasonable error messages.
2. Use 'set -u' or 'set -o nounset' to avoid any unset variables.
3. Do not include the unnecessary astersisk to avoid globbing and fall back on modern operating system safe defaults when a bare / is specified.
I only include #1 because when using set -e and set -u as recommended by Pashley (among others), you should probably handle the things explicitly and gracefully for something to be run by an end user.
Not in Haiku form? srsly?
my life is a sham
two day wait makes my wrists itch
please pass me a knife
It is MIT Kerberos, so yes. This came out last week.
http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2011-002.txt
Shame on you, you think that internets people would know better.
http://www.theatlantic.com/politics/archive/2010/03/why-the-ny-salt-ban-proposal-is-a-good-idea/37342/
Except for the fact that they revamped their website for about 4 million dollars. So to get 35 paid subscribers from that web redesign and have their traffic fall from 2.2m to 1.5m (per month) ... well that may not be epic fail yet, but it is getting close.
in fact, forget the motivation ...
Agreed, although Jonathan Swift was Irish. I'm American, so close enough as far as I am concerned.
So if the defendant is trying to get back pay, then aren't they just going to pull the "freeloader's debt" thing, and sue him for unpaid auditing?
I think they are trying to separate themselves to state that if you want the news, come to us and do it properly.
Riiighhht. When I want news done properly, I'll PAY FoxNews to do it properly. Just think about that for a second. The only reason anyone should be remotely concerned about this is because he now controls the WSJ.
Have you ever searched for some information, and Google gave a hit where the surrounding text of the query already answers your question? And then not clicked the website?
No, not for news. Try searching for "2009 election results" or "apple earnings 2009" and see if you can make sense of it (although "who beat rihanna" actually kind of worked). Nobody can use that crap. Even Google News doesn't provide usable news in their largest digest. FoxNews.com charging would be fun to watch, glad to see them go first.
The worst thing is, I think that I may remember that number for the rest of my life. What a waste of space.
And if you didn't get the joke,
http://www.youtube.com/watch?v=ab8GtuPdrUQ
WOOSH
It is trivial to write a script (on Windows or Unix) to simply attack the default gateway. Hopefully, that is what they do as opposed to using the default configuration, but maybe they aren't so cl3v4r.
Do you think that more people record passwords via CCTV cameras and RF, or shoulder surfing? Now what happens to that number when you remove masking?
Does masking help, yes. Is it fool-proof security, no. It is a layer, and a decent one at that. The biggest issue is that it does reveal length, which really is way too much. No echo is better.
Howzabout we make it optional, so people can decide for themselves?
If we let lusers decide for themselves, they would choose weak passwords, write them down on post-it notes and stick them to their screens, take out full-page adds in the New York Times with them in 256 pt Arial.
Seriously, end users don't understand security. Maybe it can be an advanced setting. ;-)
Good security involves locking out the user after a certain number of attempts in order to stop a "dictionary attack". I just had to reset a users PW twice this afternoon because she locked herself out of her account. Sure, it's extra hassle but the security is worth it.
Unchecked, and with low thresholds, this can make it easy for a malicious person to deny service to valid users. Blocking requests from that particular IP address is a far safer option. Introducing long delays before authentication can be attempted again could also be used.
If you think that you are adding to security by locking out users that types the password in 5 times, 10 times, or maybe even 100 times, you are fooling yourself. If you require strong passwords (e.g. 3 classes, at least 8 characters), there is no way anyone is going to do an online dictionary attempt with that few amount of tries.
Right, and when we unmask all passwords, people will just shoulder surf, much easier! No recording equipment, plausible deniability, easy to do in public places. It's a real win-win.
I'm not sure that you really thought this through.
He's Jesus Christ himself. ;-)
Are the two mutually exclusive?
Pretty much any benefit that post-reproductive individuals have on the survival of their offspring (or the species in general) is a "use" for those individuals.
Including, but not limited to:
hunting
gathering
meat (cannibalism)
war
care of other offspring
Am I missing something?
SMS is limited to 160, but twitter wants to be to add a username, so they limit it to 140.
You were close.
The fact that the post was modded up as Insightful is a joke.
Oh well, it's only /.
Correction, it is about 46k (typo'd it), still not near 100k.
But paycheck? Where I live, cops START at a 100K a year, and it goes up from there. This is on top of awesome benefits and a retirement age in the 50s.
In NYC, rookie cops start at 43k in NYC. I know that there are more expensive places to live. Can you show me the police department that starts at 100k USD a year?
http://most-expensive.net/city-in-us
http://www.nypdrecruit.com/
Well, mash-ups and the remix culture being fast and loose with IP and copyright could be compared to how the king co-opted some parts of African American music that he had exposure to, and made it his own.
Or am I reading too much into this?
Also, last time I checked my Elvis CD collection was is my Dad's house, gathering dust. Can't really say that I am a fan, although obviously it is historic and all that jazz.
So maybe Elvis isn't everyone's Elvis.
Right, because this has never been done before....
I can't imagine such a system that is widely used today where layers were added to build out functionality, and work around various issues below in the stack, hardware issues, et cetera.
This truly is madness.
http://en.wikipedia.org/wiki/OSI_reference_model
Just like you chose not to read the article, the customer can choose not to use this service.
I love Ameri^WJapanese ingenuity.