Also a little like the robots from Silent Running; not so much in how they mechanically work, but more so in the visual appearance of a bipedal robot that's relatively wide compared with it's hight.
Do you think... nah... they wouldn't.... okay, do you think Google/Alphabet use midgets too?
And why do these politicians think I should be forced to download ads to my computer? I can/will control my browser however I damn well please, thank you very much.
Website owners are free to invent an algorithm that checks if my browser is downloading ads or not, and block the real content on their end. Not my fault that their server sends data when my browser requests it.
Reply to This
^ this. Only a few days ago I had to unblock the Telegraph website because it showed an unmovable* banner otherwise. I don't much like it, but any website is free to handle this how it chooses.
I couldn't be arsed to faff about with the browser dev-tools to get rid of it!
Give me the frequencies. I'll have jammers made in China within a month.
I suspect this is *part* of layered approach to preventing the vast number of unnecessary deaths that occur in the US every year. So this bit *might* be useful in preventing children using improperly secured weapons and inadvertently killing themselves/friends/family.
Whether it's practical or not, I suppose is what the study will establish.
But it's like adding safety features to anything - it likely increases the cost a bit and may result in more product failures... but on the other hand, everyone *may* be safer as a result, and less innocent people die.
Shard gets corrupted? Oh bad luck, thats some of your data gone - unless you've used also replication in which case you'll have spent 2 months trying to set it all up.
To be fair, I think all exposed MongoDBs mentioned in TFA are being replicated right now, so they've inadvertently got that side of things covered!:D
..also, forgot to mention, WordPress 4.4 is noticeably worse than WordPress 3.4.1 which is unfortunate. Maybe the router handling the REST API stuff has more work to do now?
Ignoring HHVM and just focusing on PHP 7 vs. CMS and Frameworks, the results were:
Laravel 5.1.11 / PHP 7: 1363.24 trans/sec
Drupal 8.0.1 / PHP 7: 917.10 trans/sec
October CMS / PHP 7: 407.89 trans/sec
WordPress 3.4.1 / PHP 7: 306.24 trans/sec
WordPress 4.4 / PHP 7: 287.92 trans/sec
Magneto 2.0 CE / PHP 7: 183.87 trans/sec
PyroCMS v3 b2 / PHP 7: 145.95 trans/sec
I assume Laravel is using static content here hence it's performance, but I'm intrigued at Drupal's performance compared with October and WordPress. Is this because Drupal's sample site is simpler and had less to do, or because Drupal is better optimised/cached?
I seem to recall reading that Edge (like Firefox) will be using the same extension interface as Google Chrome. Obviously, that would make porting existing extensions to Edge rather easy.
Does anyone know if this is still actually the case, or have they, you know, "changed a few things"?
But it could be even worse depending on your server configuration. I believe (but I haven't tested) that some Apache configurations can result in unknown file extensions being ignored. So if someone uploads a file named say "myhack.php.foobar" and it is placed in a publicly accessible directory, Apache will ignore the "foobar" extension because it doesn't recognise it, and then decide it's a PHP file, and execute it.
Also check out Apache content negotiation (and mod_mime while you're at it) and here the you see that index.html.en and index.en.html could all evaluate as index.html and you can see a similar way file naming could potentially be abused.
The parent post describes how PHP (or any script for that matter) _could_ be injected, but doesn't completely show how it could be executed. The above gives some ideas how that might work.
You _could_ just test that the file name ends with (.png) and Apache _should_ serve it as "image/png". But that's not secure enough for my liking, so my recommendations are:
1. Don't allow users to define their own file names, or if you do, massively restrict the format to alphanumerics and a single dot png|jpg|gif extension.
2. Set the directory where uploaded files are stored to NOT execute any scripts, so even if everything else fails and some how a script gets in there, it still can't be executed
3. Consider not keeping uploaded files in publicly accessible directories. Instead, use a script as a proxy to read those files and serve them with a specific mime type. Thus Apache won't try to execute them and you can be certain what mime-types are being served
4. Be super careful when the file is uploaded that you don't move it into a public directory BEFORE you validate it otherwise there might be a brief window to try to execute it.
And lastly, don't leave anything to chance. This is a really risky area that a lot of people screw up! Never be complacent. Always revisit it. Don't rely on server configuration to be correct because it's too easy to set things up, then move/rebuild a server, and then find you're vulnerable. You need multiple layers of defence.
I have a question to any who anyone who knows - why doesn't Apache demand that PHP scripts have their execute bit set? Because it seems to me that would help quite a bit.
You need to print it out, have the paper drop into a fax machine, fax to email, and then use that. It's the ONLY way to be sure you've stripped the meta-data!!!! For serious!!!
But the user is responsible for it. Like a car owner is responsible for their car. Users don't *have* to understand either of those things to own and use one, but they're still responsible.
If the author decided on an open source project, the community could have found and developed a fix during beta testing.
To be fair, the author probably coded it, posted it somewhere, tried it out and then... "oh shit!"
So they likely half-tested it, and it did half work.
Slashdot Mirror
Also a little like the robots from Silent Running; not so much in how they mechanically work, but more so in the visual appearance of a bipedal robot that's relatively wide compared with it's hight.
Do you think... nah... they wouldn't.... okay, do you think Google/Alphabet use midgets too?
What about the very last seconds (at about 2mins 22secs) of the video? What are those things burning in the background? Quite clearly, the aftermath of a battle. Probably human remains being burnt!!
Also, what if you buy a device with a faulty switch? I think it needs another light to indicate the switch is off.
...robbing my computer of CPU cycles!
Do you know if MS have any extension developer docs publicly available? I'd like to see how similar it is to Chrome extension development.
Based on the recent finding, the IEEE has issued new guideline
FFS - my company has just spent the last year designing and rolling out Drive Marination Process (TM), and now you're saying that's out of date?!!!
I was thinking "Street Hawk"... but then I saw the pictures.
So... not Street Hawk then?!
Yeah, but does it run Linux?
As of last week, "Does it run MS SQL Server?" is the new "does it run linux".
And why do these politicians think I should be forced to download ads to my computer? I can/will control my browser however I damn well please, thank you very much. Website owners are free to invent an algorithm that checks if my browser is downloading ads or not, and block the real content on their end. Not my fault that their server sends data when my browser requests it. Reply to This
^ this. Only a few days ago I had to unblock the Telegraph website because it showed an unmovable* banner otherwise. I don't much like it, but any website is free to handle this how it chooses.
I couldn't be arsed to faff about with the browser dev-tools to get rid of it!
Anyone else think it was a bit ominous it leaving the building at the end?
Still wish they programmed it to say "YOU HAVE TWENTY SECONDS TO COMPLY". I would've!
Yep. They've invented "Glass Doors". They're like windows, but they open AND close. And you can look through them too. It's the future!!
So Face book has bluerays that are full of kittens and selfies does anyone care if they store them for more than a month I mean really!
I'm just imagining archaeologists of the future (you know, after "The Event") discovering landfill full of these disks and thinking... "but why?!!"
Give me the frequencies. I'll have jammers made in China within a month.
I suspect this is *part* of layered approach to preventing the vast number of unnecessary deaths that occur in the US every year. So this bit *might* be useful in preventing children using improperly secured weapons and inadvertently killing themselves/friends/family.
Whether it's practical or not, I suppose is what the study will establish.
But it's like adding safety features to anything - it likely increases the cost a bit and may result in more product failures... but on the other hand, everyone *may* be safer as a result, and less innocent people die.
Shard gets corrupted? Oh bad luck, thats some of your data gone - unless you've used also replication in which case you'll have spent 2 months trying to set it all up.
To be fair, I think all exposed MongoDBs mentioned in TFA are being replicated right now, so they've inadvertently got that side of things covered! :D
..also, forgot to mention, WordPress 4.4 is noticeably worse than WordPress 3.4.1 which is unfortunate. Maybe the router handling the REST API stuff has more work to do now?
I assume Laravel is using static content here hence it's performance, but I'm intrigued at Drupal's performance compared with October and WordPress. Is this because Drupal's sample site is simpler and had less to do, or because Drupal is better optimised/cached?
I seem to recall reading that Edge (like Firefox) will be using the same extension interface as Google Chrome. Obviously, that would make porting existing extensions to Edge rather easy.
Does anyone know if this is still actually the case, or have they, you know, "changed a few things"?
We tell them Andromeda Strain was a documentary.
Well, even if it isn't a documentary, I'm still drinking to stay safe!
I submit to slashdot via their PostalPost(TM) feature. That's why my posts are always at least a day late! :D
But it could be even worse depending on your server configuration. I believe (but I haven't tested) that some Apache configurations can result in unknown file extensions being ignored. So if someone uploads a file named say "myhack.php.foobar" and it is placed in a publicly accessible directory, Apache will ignore the "foobar" extension because it doesn't recognise it, and then decide it's a PHP file, and execute it.
Also check out Apache content negotiation (and mod_mime while you're at it) and here the you see that index.html.en and index.en.html could all evaluate as index.html and you can see a similar way file naming could potentially be abused.
The parent post describes how PHP (or any script for that matter) _could_ be injected, but doesn't completely show how it could be executed. The above gives some ideas how that might work.
You _could_ just test that the file name ends with (.png) and Apache _should_ serve it as "image/png". But that's not secure enough for my liking, so my recommendations are:
4. Be super careful when the file is uploaded that you don't move it into a public directory BEFORE you validate it otherwise there might be a brief window to try to execute it.
And lastly, don't leave anything to chance. This is a really risky area that a lot of people screw up! Never be complacent. Always revisit it. Don't rely on server configuration to be correct because it's too easy to set things up, then move/rebuild a server, and then find you're vulnerable. You need multiple layers of defence.
I have a question to any who anyone who knows - why doesn't Apache demand that PHP scripts have their execute bit set? Because it seems to me that would help quite a bit.
You need to print it out, have the paper drop into a fax machine, fax to email, and then use that. It's the ONLY way to be sure you've stripped the meta-data!!!! For serious!!!
But the user is responsible for it. Like a car owner is responsible for their car. Users don't *have* to understand either of those things to own and use one, but they're still responsible.
There are some that posit that Faraday is a thinly disguised front for Apple....
Plus, Apple's new HQ is in the shape of... A WHEEL!
When I see "could" in a headline, I add "but it probably won't/doesn't" to the end.
Doubly so when it also has "British" in the there! (and I'm a Brit so I'm allow to be disparaging!)
If the author decided on an open source project, the community could have found and developed a fix during beta testing.
To be fair, the author probably coded it, posted it somewhere, tried it out and then... "oh shit!"
So they likely half-tested it, and it did half work.