Had I done that, and had "allow automatic updates" turned off, my machine would have been been vulnerable for two weeks until I came back. I'm glad this one was automatically installed, while al of the other lower-priority updates have always awaited my approval.
I would imagine that the timing of this is one reason why it was pushed this way. As you point out, a lot of machines would be unattended until after New Year's and would be patched until then.
I downloaded and installed this update. It updates bash to version 3.2.53(1), but a patch to version 3.2.54(1) is available on gnu.org. I'm guessing that there will be more updates since additional issues with the parsing in bash have been (are being) found.
Which kinda suck for use as a recurring payment method.
No they work quite well. When you setup the 'one-time' use number, you specify that it is for recurring charges. When the first charge hits it, the number is bound to that vendor. Any charge to that number from a different vendor will be rejected. This can cause a problem for some vendors that change card processors after you've set one of these up.
What about 3-phase power for lighting? When you full wave rectify 3-ph you don't get the 0 volt valleys in the wave. Of course, we're not going to re-wire all our houses for that.
Often the conferences have sessions on lessons learned, best practices, etc that can really help. The *one* time I went to a conference I made sure to bring back lots of notes on the sessions and to spread them out to my co-workers. They didn't get to go to the conference, but they still got some benefit from it. If management sees that kind of thing, they might be more willing to send someone, maybe rotating the person that gets to go.
The EE Times article is from 2013. Barr analyzed the source code and found numerous problems:
Having spent more than 18 months going in and out of the secure room to study Toyota's code, Michael Barr, CTO of the Barr Group, put together an 800-page report analyzing the 2005 Camry L4's software. On the witness stand, he walked a jury step by step through what the experts discovered in their source-code review. According to Barr's testimony, that review revealed:
Software bugs that specifically can cause memory corruption
Unmaintainable code complexity in Toyota's software
A multifunction kitchen-sink Task X designed to execute everything from throttle control to cruise control and many of the fail-safes
That all Task X functions, including fail-safes, are designed to run on the main CPU in the Camry's electronic control module
That the brake override that is supposed to save the day when there is an unintended acceleration is also in Task X
The use of an operating system in which there is no protection against hardware or software faults
A number of other problems
Single bit flips can also be caused by memory corruption, not to mention tasks crashing.
Pretty sure those runaways were caused by morons who put their floormats over the accelerator, not software.
Pretty sure they weren't (at least, not all of them).
Having spent more than 18 months going in and out of the secure room to study Toyota's code, Michael Barr, CTO of the Barr Group, put together an 800-page report analyzing the 2005 Camry L4's software. On the witness stand, he walked a jury step by step through what the experts discovered in their source-code review.
...
Barr testified that the source-code review indicated "both that task could die by the memory corruption, and that also that one of side effects of that would be that this -- for example, that task died, that many of fail safes would be disabled." But is it possible to prove that the experts' discoveries in that cloak-and-dagger source-code room would manifest themselves in a moving vehicle? How do we know how a car might react to malfunctions or an outright failure in Task X?
...
However, we have confirmed in other vehicle testing that I'll talk about later, that if the incident begins with the peddle, [sic] brake peddle [sic] pressed at all, even lightly then the unintended acceleration will continue, potentially, forever unless the driver tries the risky thing of letting go of the brake while the car is driving away with him.
Here's a success story about Kentucky's Kynect Exchange.
They need not have worried. Over the past year, Kentucky’s health care website has proved to be a huge success. More than a half-million Kentucky residents have signed up for the Bluegrass State’s version of Obamacare. A majority of Kentuckians approve of it. That this has happened in a deeply red state is unexpected but hardly an accident.
The lines of code immediately after the second 'goto fail;' up to the 'fail' label are unreachable. There is no label or closing brace after the second goto fail, so how would it get executed?
Slashdot Mirror
I was always wondering what happened to good old fashion ROM in a socket. If you want an upgrade, a chip can be FedExed* to you
*Google isn't the only word to be 'verb-alized'
Any noun can be verbed. :-)
Had I done that, and had "allow automatic updates" turned off, my machine would have been been vulnerable for two weeks until I came back. I'm glad this one was automatically installed, while al of the other lower-priority updates have always awaited my approval.
I would imagine that the timing of this is one reason why it was pushed this way. As you point out, a lot of machines would be unattended until after New Year's and would be patched until then.
As requested: The Complete Lenna Story
Do not look at pulsar with remaining good eye.
The knowledge base article on the update only mentions CVE-2014-6271 and CVE-2014-7169.
Bash 3.2 is still under the GPL v2.
Pay per view sounds good to me; they pay me and I'll watch it!
I downloaded and installed this update. It updates bash to version 3.2.53(1), but a patch to version 3.2.54(1) is available on gnu.org. I'm guessing that there will be more updates since additional issues with the parsing in bash have been (are being) found.
Which kinda suck for use as a recurring payment method.
No they work quite well. When you setup the 'one-time' use number, you specify that it is for recurring charges. When the first charge hits it, the number is bound to that vendor. Any charge to that number from a different vendor will be rejected. This can cause a problem for some vendors that change card processors after you've set one of these up.
What about 3-phase power for lighting? When you full wave rectify 3-ph you don't get the 0 volt valleys in the wave. Of course, we're not going to re-wire all our houses for that.
Often the conferences have sessions on lessons learned, best practices, etc that can really help. The *one* time I went to a conference I made sure to bring back lots of notes on the sessions and to spread them out to my co-workers. They didn't get to go to the conference, but they still got some benefit from it. If management sees that kind of thing, they might be more willing to send someone, maybe rotating the person that gets to go.
I do like to drink my Columbian coffee, that according to you own link was probably indigenous to and first cultivated in Yemen.
You should try Colombian coffee instead!
The EE Times article is from 2013. Barr analyzed the source code and found numerous problems:
Having spent more than 18 months going in and out of the secure room to study Toyota's code, Michael Barr, CTO of the Barr Group, put together an 800-page report analyzing the 2005 Camry L4's software. On the witness stand, he walked a jury step by step through what the experts discovered in their source-code review. According to Barr's testimony, that review revealed:
Software bugs that specifically can cause memory corruption
Unmaintainable code complexity in Toyota's software
A multifunction kitchen-sink Task X designed to execute everything from throttle control to cruise control and many of the fail-safes
That all Task X functions, including fail-safes, are designed to run on the main CPU in the Camry's electronic control module
That the brake override that is supposed to save the day when there is an unintended acceleration is also in Task X
The use of an operating system in which there is no protection against hardware or software faults
A number of other problems
Single bit flips can also be caused by memory corruption, not to mention tasks crashing.
Pretty sure those runaways were caused by morons who put their floormats over the accelerator, not software.
Pretty sure they weren't (at least, not all of them).
Having spent more than 18 months going in and out of the secure room to study Toyota's code, Michael Barr, CTO of the Barr Group, put together an 800-page report analyzing the 2005 Camry L4's software. On the witness stand, he walked a jury step by step through what the experts discovered in their source-code review.
...
Barr testified that the source-code review indicated "both that task could die by the memory corruption, and that also that one of side effects of that would be that this -- for example, that task died, that many of fail safes would be disabled." But is it possible to prove that the experts' discoveries in that cloak-and-dagger source-code room would manifest themselves in a moving vehicle? How do we know how a car might react to malfunctions or an outright failure in Task X?
...
However, we have confirmed in other vehicle testing that I'll talk about later, that if the incident begins with the peddle, [sic] brake peddle [sic] pressed at all, even lightly then the unintended acceleration will continue, potentially, forever unless the driver tries the risky thing of letting go of the brake while the car is driving away with him.
Here's a success story about Kentucky's Kynect Exchange.
They need not have worried. Over the past year, Kentucky’s health care website has proved to be a huge success. More than a half-million Kentucky residents have signed up for the Bluegrass State’s version of Obamacare. A majority of Kentuckians approve of it. That this has happened in a deeply red state is unexpected but hardly an accident.
And to be true, the current equivalent is this beast: http://ritchiespecs.com/specif...
Pffft! That's not a shovel, THIS is a shovel!
> Employees not wearing protective gear worked with (bacteria that were supposed to have been killed but may not have been).
I've often wished that writers of the English language were required to use parenthesis to help with parsing.
Check this thread (and the pics).
Or a shirt/vest with the electronics and battery in pockets.
I'm waiting for someone to make the Mythbuster's Dimpled Car. They got nearly 10% better MPG in their test.
Or do you even use monitors on your Linux?
I'm doing just fine with my ASR-33, thank you!
The lines of code immediately after the second 'goto fail;' up to the 'fail' label are unreachable. There is no label or closing brace after the second goto fail, so how would it get executed?
He should have asked:
"Have you stopped spying on Congress?"
For some reason, I always hate it when people choose an explicit
rather than just
I'm glad those people have to hunt for extra bugs ;)
Absolutely! If you give the boolean variable a good name it makes the code read logically:
if (thing_is_valid)
{
do_stuff();
}
If doesn't fly and go underwater, it's not Supercar!