God help us all, the old man from Zelda has found the internet. Clearly the combination of his indestructibility and energy-shooting flames will destroy us all.
This is why you need a queryable, updateable public spam database like Akismet where, with a little effort in telling it the odd time it gets it wrong, you can eliminate 99% of spam. This might not help for a registration script, but you could use it on the content ultimately used by the registered user to determine whether the signup was likely a bot or a human.
Also, that flash of light you saw in the sky was not a U.F.O. Swamp gas from a weather balloon was trapped in a thermal pocket and refracted the light from Venus.
Microsoft finally lost me this year anyway, and I seriously doubt I'll be going back. I'm happily posting this from Gentoo Linux, and even the effort to get certain things working here is worth avoiding the five minute startup time of my Vista partition and general slowness from the hundreds of processes running in the background.
Dr. Hibbert: Oh, didn't I? [laughs] Nothing dissolves glue better than human sweat. I knew Bart would panic and start perspiring at the sight of this button applicator!
Bart: Couldn't you have just turned the heat up a little?
Dr. Hibbert: [sinister] Oh, heavens no! It had to be terror sweat!
The exploit goes after a feature that is only found in SQL Server. I'm not trying to say that Linux is impervious to SQL injection. I'm saying that this specific exploit is targetting SQL Server and therefore will not affect me because I am not running it.
This is exactly what I said when I was talking about this with my girlfriend.
I suspect that, for safety reasons, what will end up happening is that there will be a separate highway for automated cars, where every car that gets on that highway is on the same radio / cellular / wireless network and can talk to every other car. It's an expensive proposition, to be sure, but the automated cars could not truly guarantee the safety of their passengers without being able to communicate with the other cars.
Now, perhaps by the time this gets around, we'll have such well-performing AI that it can deal with manual-driving cars. But they still won't be able to exercise the sort of full advantages of automated driving (I'm thinking of traffic management, gap reduction between cars, etc.) without every car on the road being automated and communicating.
And you make a good point about the liability in the case of an accident; car companies certainly wouldn't want a class action lawsuit put against them because the AI had a bug that cause fender benders (or worse).
Seriously though, automated cars would be awesome, especially if you're driving long distances. Hrmmm... would this make truckers obsolete?
Not to mention that the exploit attacks a feature specific to SQL Server. Unless you're suggesting I'm running some magical Linux version of SQL Server as well.
Whoop-de-fucking-doo. Read my post. I'm asking what script has the vulnerability. I'm not claiming some sort of immunity just because I'm running Linux.
Even better, things like The Digital Art Auction and Street Performer Protocol explicitly outline steps that one can take to both make money, and release their works into the public domain (thus allowing unlimited copying).
Recording companies et al simply don't like it because they'd have to overhaul their entire business, and would likely simply be realized as useless by the artists themselves.
Hell, TPB recently added a music feature that gives info on the artist, reviews on the album, and links to any torrents they have for their other albums.
Yes. But it's MySQL and none of the users have access from anything but localhost. So it's kind of a moot point unless they find a remote exploit in MySQL itself that doesn't require a valid login, and that's a long shot.
So question: What injection were they using to gain access to the DB to query it in the first place?
AFAICT I shouldn't be affected because my server is Linux and none of my users have access from anything but localhost, unless they were using an injection attack through some crappy script I might have had installed.
Slashdot Mirror
God help us all, the old man from Zelda has found the internet. Clearly the combination of his indestructibility and energy-shooting flames will destroy us all.
True story: My ex's parents had a broadsword on the wall behind the TV.
Not that I ever thought they'd use it, but still.
This is why you need a queryable, updateable public spam database like Akismet where, with a little effort in telling it the odd time it gets it wrong, you can eliminate 99% of spam. This might not help for a registration script, but you could use it on the content ultimately used by the registered user to determine whether the signup was likely a bot or a human.
Also, that flash of light you saw in the sky was not a U.F.O. Swamp gas from a weather balloon was trapped in a thermal pocket and refracted the light from Venus.
I feel I should point out that ED is largely NSFW. I think the Anonymous article is OK, but fair warning.
Oh, you must mean my Asus G1 gaming laptop, with an Intel Core 2 Duo at 2.0 GHz and 2 GB of RAM.
There is no spyware. There is no crapware. Vista is just slow compared to Linux in general.
You can get more information about Anon from Encyclopedia Dramatica. I wouldn't try Wikipedia, they kind of delete everything to do with them.
There are stories here that make you wonder, but IMHO this isn't one of them.
Microsoft finally lost me this year anyway, and I seriously doubt I'll be going back. I'm happily posting this from Gentoo Linux, and even the effort to get certain things working here is worth avoiding the five minute startup time of my Vista partition and general slowness from the hundreds of processes running in the background.
Marge: What happened? You didn't do anything!
Dr. Hibbert: Oh, didn't I? [laughs] Nothing dissolves glue better than human sweat. I knew Bart would panic and start perspiring at the sight of this button applicator!
Bart: Couldn't you have just turned the heat up a little?
Dr. Hibbert: [sinister] Oh, heavens no! It had to be terror sweat!
I demand this game be made.
Here you go.
Only one way to find out!
2) It will force people to realize that such fraud is possible, and force a solution to be created before the next US Federal Election.
Or, the far more likely scenario, it will simply be disregarded by most as a crazy conspiracy theory and once again fuck up the election.
The exploit goes after a feature that is only found in SQL Server. I'm not trying to say that Linux is impervious to SQL injection. I'm saying that this specific exploit is targetting SQL Server and therefore will not affect me because I am not running it.
Oh, they'll have a trial. And that'll lead to execution, and war, and enslavement of mankind in goo-filled pink pods...
This is exactly what I said when I was talking about this with my girlfriend.
I suspect that, for safety reasons, what will end up happening is that there will be a separate highway for automated cars, where every car that gets on that highway is on the same radio / cellular / wireless network and can talk to every other car. It's an expensive proposition, to be sure, but the automated cars could not truly guarantee the safety of their passengers without being able to communicate with the other cars.
Now, perhaps by the time this gets around, we'll have such well-performing AI that it can deal with manual-driving cars. But they still won't be able to exercise the sort of full advantages of automated driving (I'm thinking of traffic management, gap reduction between cars, etc.) without every car on the road being automated and communicating.
And you make a good point about the liability in the case of an accident; car companies certainly wouldn't want a class action lawsuit put against them because the AI had a bug that cause fender benders (or worse).
Seriously though, automated cars would be awesome, especially if you're driving long distances. Hrmmm... would this make truckers obsolete?
Parent is a copypasta.
Not to mention that the exploit attacks a feature specific to SQL Server. Unless you're suggesting I'm running some magical Linux version of SQL Server as well.
Whoop-de-fucking-doo. Read my post. I'm asking what script has the vulnerability. I'm not claiming some sort of immunity just because I'm running Linux.
Even better, things like The Digital Art Auction and Street Performer Protocol explicitly outline steps that one can take to both make money, and release their works into the public domain (thus allowing unlimited copying).
Recording companies et al simply don't like it because they'd have to overhaul their entire business, and would likely simply be realized as useless by the artists themselves.
Hell, TPB recently added a music feature that gives info on the artist, reviews on the album, and links to any torrents they have for their other albums.
Yes. But it's MySQL and none of the users have access from anything but localhost. So it's kind of a moot point unless they find a remote exploit in MySQL itself that doesn't require a valid login, and that's a long shot.
So question: What injection were they using to gain access to the DB to query it in the first place?
AFAICT I shouldn't be affected because my server is Linux and none of my users have access from anything but localhost, unless they were using an injection attack through some crappy script I might have had installed.
Except I'm not going to buy it, and I get the feeling there will at least be those of us geeks who do the same.