You can run your own instance - my company does (as did my previous employer). It's got a few rough edges, and a few annoying bugs, but it's a very usable wiki.
However, as noted above, anything is only as good as its content. Company wikis tend to be "write only", but definitely need a critical mass to get going.
There are other vectors - in fact, any place that the website code (be it C, PHP, Java, Perl, whatever) runs another program *via* the shell. It depends on the language as to how this can happen. In perl, if you don't specify the full path to the thing you're calling, and you don't use a list for each argument then it'll go via the shell as a helper to make it do what you want. Obviously, anywhere you've called something as "sh -c/some/path/thing", then you're also going via the shell.
Simply calling something via the shell (or calling a shell script) isn't enough - you also need to pass some environment variables populated with user input. This seems incredibly unlikely except in CGIs. In most cases, you'd probably pass some command line arguments (maybe from user input), and you might statically set an environment variable or two (perhaps for a password or something). Those aren't a problem - it's only user input.
For anyone running CGI, you're most likely at risk. For anyone not doing so, you're probably not at risk, but code review will tell you for sure. This is no heartbleed (as the media seem to be making out), but it's pretty serious for anyone vulnerable.
As for how to scan for it - well, good luck there, it could be anywhere, and it could be nowhere. You'd literally have to scan every single URL on a site to find a problem - and even then you might still miss it.
Well done America! Goodness, what great achievements you have. As the richest country on earth, you've got a way to go before the rest of us look upon you as being some sort of beacon of goodness.
As for Congress and the President (and Senate, and everyone else for that matter) - their collective responsibility is to run the country. If they can't get their act together, what makes you/them think that anyone else should make any effort at all?
You're saying something like "if you're not a Democrat, you must be a Republican" (or "if you're not with us, you're against us"). It doesn't follow - it's overly simplistic and doesn't take into account any sort of reality.
Just because China is ostensibly Communist, doesn't mean it's what the climate rallies were going for, nor does it mean that it's the perfect implementation of Communism. Likewise, America's version of Capitalism is deeply flawed - it's actually not Capitalism in the true sense of the word at all.
I won't speak for the those that rallied, but I suspect what they were actually going for was to root out some of the "profit at all costs" aspects of America Capitalism, which doesn't mean America has to become Communist, Marxist, Anarchist or anything else - it just means it needs to think about a little more than itself.
You'll also have noticed that this is all about "asking" China to do something, and not about America doing anything at all. All Obama had to do was to say "we're going to add a 5% import tax on all Chinese products that don't have a green certificate". That sort of approach may not be perfect, but it hurts the Chinese in ways that they can remedy, and whilst it ostensibly hurts the American consumer, the tax collected helps them in other ways. The tax collected could be used to stimulate local manufacturing or something - or perhaps green projects.
So as it stands, this is just one dirty country asking another dirty country to clean up. Doesn't mean anything at all, and apart from some carefully worded responses, the Chinese need do nothing about it at all.
Start now - install orbot onto your android phone, and make sure it's set to start at boot time. Even if you don't pipe any information down the proxy, at least there'll be yet another Tor log on going on that they have to watch.
...Curiously imposed by using very 21st century means and technologies though. Had we all stayed in the 8th century, they'd be coming around with nothing more than a sword. As it is, the rest of the world provided them with guns, missiles, tanks and Internet videos etc, and they're very happy to use that to get the rest of the world back to the 8th century. Ironic, huh?
Yeah right - what if they decide to use some proprietary encapsulation that adds 200% to the original data. Should you have to pay for that? If you should, then it's only a matter of time before someone figures out this could be a nice revenue stream:-(
I'm not sure, but ToS or none, I doubt this sort of thing would be legal in most of Europe. You can't really be charged a variable amount for something you have no control over. All that said, I wouldn't be surprised if someone somewhere is charging for encapsulation (knowingly or otherwise).
How stupid do you have to be to read this sort of thing and say "oh yeah, good point". I mean, if you see "public utility" and "Marxist" being joined together, do you think "hmm... yes, I see what you mean", or do you think "hang on, but aren't the electrical grid, water, gas, roads and other things public utilities? We're not in a marxist state, so what's one more utility to worry about?".
...and do what in the meantime? Hydrogen isn't piped around the city or country *at all*, at least electricity is - so right now, today, you can use it. You could be waiting 5 years, 10 years or longer for the hydrogen economy to be properly viable. Besides, it's not like doing any of this slows down any of the work on getting fuel cells to work sensibly.
I agree the tech has a while to go before it fully replaces petrol/diesel, but it's a good enough option for a lot of use cases. Therefore, for people who fall into those use cases, they get to use a fossil fuel free solution for $n years until the hydrogen solution gets worked out. When it does, Tesla will have all the real estate and mind share to take advantage without having to spend millions on getting the basics in place. Seems like a pretty sensible way to go to me...
You must live outside some shit cities. The ones I've lived in have been great - there's always something going on that's worth spending your time on. You have a number of friends who live a similar distance as you from $thing, so you can arrange that a few of them meet you there to do whatever it is you want to do.
Additionally, there are (usually) more job opportunities, and generally higher paying jobs in the (good) cities, with the really good cities having suitably affordable housing - although you don't need to spend too much time there, so don't need the garden and clear views in all directions (there are parks just up the road for that sort of thing, which get maintained without you needing to use up your valuable time on the task).
Having said all that, I now live in a village. It's nice to have actual knowledge of your neighbours, and even the people that work in the local stores. We'll be moving somewhere bigger soon though - there just aren't any opportunities for the kids here.
I'd live to give my kids a copy of "That's not my ___" (http://www.usborne.com/catalogue/subject/1~b~bbtnm/thats-not-my.aspx) with it's touch and feel areas on Kindle. I'm sure they'd find a way to get some touch and feel sensation out of it, by maybe chewing the corners, dribbling on it it generally trying to use it in ways the manufacturer doesn't advise.
Closing libraries in preference to kindle (or any other e-book reader) is quite probably the stupidest idea I've heard on the subject. It's great for the trash novels and other ephemeral crap, but for just about anything decent, or *shudder* different, it fails entirely.
I think it's more about the end of the MHz wars. Nowadays, to get more power, you add more cores. If you can't do that, you add more boxes.
If you've got a single threaded million instruction blob of code, it's not executing very much faster today than it was a few years ago. If you're able to break it into a dozen pieces, then you can execute it faster and cheaper now than you could a few years ago, though.
Moore's law hasn't really run out of steam, it more that it's rules have changed a bit - the raw power may be going up and getting cheaper, but the way to use it all has changed.
Back on topic, I'd say TFA is roughly right - the data centre isn't going through mainframe/big iron/commodity hardware changes any longer. Things are getting refined and improved, but the major shifts in approach seem to be coming to an end.
As others above have mentioned, there's still plenty going on in the world of coding/testing/deploying. In some sense, stabilising the physical kit gives us room to think about those things in more detail.
I have no idea what I'm talking about here, but could the tap be applied while they're still laying the cable? I mean, at some point a ship with a coil of cable sets off from the US, unreeling the cable as it goes. Once it's a couple of kilometers away, the NSA sends in the sub and applies the tap before the ship's even got over the horizon. Presumably that'd work, wouldn't it? Or do they have the cable lit with some sort of test data while they're laying it?
As a spectator, I wonder how many of the recent presidents I can think of will/have written or said anything as insightful and eloquent as any of the quotes above.
Expanding it out the senate - even with all those extra stuffed shirts to choose from, how many now?
Slashdot Mirror
If they're tottering about in CIA HQ, then I suspect neither are any of these people.
You can run your own instance - my company does (as did my previous employer). It's got a few rough edges, and a few annoying bugs, but it's a very usable wiki.
However, as noted above, anything is only as good as its content. Company wikis tend to be "write only", but definitely need a critical mass to get going.
There are other vectors - in fact, any place that the website code (be it C, PHP, Java, Perl, whatever) runs another program *via* the shell. It depends on the language as to how this can happen. In perl, if you don't specify the full path to the thing you're calling, and you don't use a list for each argument then it'll go via the shell as a helper to make it do what you want. Obviously, anywhere you've called something as "sh -c /some/path/thing", then you're also going via the shell.
Simply calling something via the shell (or calling a shell script) isn't enough - you also need to pass some environment variables populated with user input. This seems incredibly unlikely except in CGIs. In most cases, you'd probably pass some command line arguments (maybe from user input), and you might statically set an environment variable or two (perhaps for a password or something). Those aren't a problem - it's only user input.
For anyone running CGI, you're most likely at risk. For anyone not doing so, you're probably not at risk, but code review will tell you for sure. This is no heartbleed (as the media seem to be making out), but it's pretty serious for anyone vulnerable.
As for how to scan for it - well, good luck there, it could be anywhere, and it could be nowhere. You'd literally have to scan every single URL on a site to find a problem - and even then you might still miss it.
Well done America! Goodness, what great achievements you have. As the richest country on earth, you've got a way to go before the rest of us look upon you as being some sort of beacon of goodness.
As for Congress and the President (and Senate, and everyone else for that matter) - their collective responsibility is to run the country. If they can't get their act together, what makes you/them think that anyone else should make any effort at all?
You're saying something like "if you're not a Democrat, you must be a Republican" (or "if you're not with us, you're against us"). It doesn't follow - it's overly simplistic and doesn't take into account any sort of reality.
Just because China is ostensibly Communist, doesn't mean it's what the climate rallies were going for, nor does it mean that it's the perfect implementation of Communism. Likewise, America's version of Capitalism is deeply flawed - it's actually not Capitalism in the true sense of the word at all.
I won't speak for the those that rallied, but I suspect what they were actually going for was to root out some of the "profit at all costs" aspects of America Capitalism, which doesn't mean America has to become Communist, Marxist, Anarchist or anything else - it just means it needs to think about a little more than itself.
You'll also have noticed that this is all about "asking" China to do something, and not about America doing anything at all. All Obama had to do was to say "we're going to add a 5% import tax on all Chinese products that don't have a green certificate". That sort of approach may not be perfect, but it hurts the Chinese in ways that they can remedy, and whilst it ostensibly hurts the American consumer, the tax collected helps them in other ways. The tax collected could be used to stimulate local manufacturing or something - or perhaps green projects.
So as it stands, this is just one dirty country asking another dirty country to clean up. Doesn't mean anything at all, and apart from some carefully worded responses, the Chinese need do nothing about it at all.
...and also, FDM - Fear Driven Management.
Eg. "Thou shalt not rework that heap of shit to unblock countless other ideas and projects because it's way too scary".
Start now - install orbot onto your android phone, and make sure it's set to start at boot time. Even if you don't pipe any information down the proxy, at least there'll be yet another Tor log on going on that they have to watch.
My employer's web proxy denies access to this link because it's categorised as "malicious sites". Make of that what you will ;-)
...Curiously imposed by using very 21st century means and technologies though. Had we all stayed in the 8th century, they'd be coming around with nothing more than a sword. As it is, the rest of the world provided them with guns, missiles, tanks and Internet videos etc, and they're very happy to use that to get the rest of the world back to the 8th century. Ironic, huh?
Yeah right - what if they decide to use some proprietary encapsulation that adds 200% to the original data. Should you have to pay for that? If you should, then it's only a matter of time before someone figures out this could be a nice revenue stream :-(
I'm not sure, but ToS or none, I doubt this sort of thing would be legal in most of Europe. You can't really be charged a variable amount for something you have no control over. All that said, I wouldn't be surprised if someone somewhere is charging for encapsulation (knowingly or otherwise).
How stupid do you have to be to read this sort of thing and say "oh yeah, good point". I mean, if you see "public utility" and "Marxist" being joined together, do you think "hmm... yes, I see what you mean", or do you think "hang on, but aren't the electrical grid, water, gas, roads and other things public utilities? We're not in a marxist state, so what's one more utility to worry about?".
...and do what in the meantime? Hydrogen isn't piped around the city or country *at all*, at least electricity is - so right now, today, you can use it. You could be waiting 5 years, 10 years or longer for the hydrogen economy to be properly viable. Besides, it's not like doing any of this slows down any of the work on getting fuel cells to work sensibly.
I agree the tech has a while to go before it fully replaces petrol/diesel, but it's a good enough option for a lot of use cases. Therefore, for people who fall into those use cases, they get to use a fossil fuel free solution for $n years until the hydrogen solution gets worked out. When it does, Tesla will have all the real estate and mind share to take advantage without having to spend millions on getting the basics in place. Seems like a pretty sensible way to go to me...
You must live outside some shit cities. The ones I've lived in have been great - there's always something going on that's worth spending your time on. You have a number of friends who live a similar distance as you from $thing, so you can arrange that a few of them meet you there to do whatever it is you want to do.
Additionally, there are (usually) more job opportunities, and generally higher paying jobs in the (good) cities, with the really good cities having suitably affordable housing - although you don't need to spend too much time there, so don't need the garden and clear views in all directions (there are parks just up the road for that sort of thing, which get maintained without you needing to use up your valuable time on the task).
Having said all that, I now live in a village. It's nice to have actual knowledge of your neighbours, and even the people that work in the local stores. We'll be moving somewhere bigger soon though - there just aren't any opportunities for the kids here.
Pff! IE's a security/update nightmare. Just stick it in the cloud and call it IE 365 or IE Live or something.
Ford - Fix Or Repair Daily
"By a Ford, you'll never be bored"
I'd live to give my kids a copy of "That's not my ___" (http://www.usborne.com/catalogue/subject/1~b~bbtnm/thats-not-my.aspx) with it's touch and feel areas on Kindle. I'm sure they'd find a way to get some touch and feel sensation out of it, by maybe chewing the corners, dribbling on it it generally trying to use it in ways the manufacturer doesn't advise.
Closing libraries in preference to kindle (or any other e-book reader) is quite probably the stupidest idea I've heard on the subject. It's great for the trash novels and other ephemeral crap, but for just about anything decent, or *shudder* different, it fails entirely.
I think it's more about the end of the MHz wars. Nowadays, to get more power, you add more cores. If you can't do that, you add more boxes.
If you've got a single threaded million instruction blob of code, it's not executing very much faster today than it was a few years ago. If you're able to break it into a dozen pieces, then you can execute it faster and cheaper now than you could a few years ago, though.
Moore's law hasn't really run out of steam, it more that it's rules have changed a bit - the raw power may be going up and getting cheaper, but the way to use it all has changed.
Back on topic, I'd say TFA is roughly right - the data centre isn't going through mainframe/big iron/commodity hardware changes any longer. Things are getting refined and improved, but the major shifts in approach seem to be coming to an end.
As others above have mentioned, there's still plenty going on in the world of coding/testing/deploying. In some sense, stabilising the physical kit gives us room to think about those things in more detail.
I have no idea what I'm talking about here, but could the tap be applied while they're still laying the cable? I mean, at some point a ship with a coil of cable sets off from the US, unreeling the cable as it goes. Once it's a couple of kilometers away, the NSA sends in the sub and applies the tap before the ship's even got over the horizon. Presumably that'd work, wouldn't it? Or do they have the cable lit with some sort of test data while they're laying it?
Not all bugs are in difficult code ...just in difficult tasks. Going to the management meetings ought to make their machine explode ;-)
How about RedPhone + TextSecure?
Although if cells are your bag, then Llama can trigger events based on the ones you're tuned to.
There's a Mrs. Jenkins? No wonder my CI system can't keep it's mind on the job at hand.
Yeah, we sort of need "The Only University Masters course NOT certified by GCHQ" ;-)
Come to think of it, if there were such an online course, I'd probably take it...
As a spectator, I wonder how many of the recent presidents I can think of will/have written or said anything as insightful and eloquent as any of the quotes above.
Expanding it out the senate - even with all those extra stuffed shirts to choose from, how many now?
I hope they have a good EULA ;-)