Nobody claimed that free software means someone will fulfill one's every wish. In the end, with free software you're allowed to create the fork; proprietary software, you're not (generally). That's it, no miracles involved.
Free software is about ideology. About the availability of source code and the permission to examine, modify and redistribute it. It doesn't mean better security or indeed better by any quality metric, and that's not the point. Much like freedom of speech: it's important even if I never say or write anything and it doesn't make everyone Shakespeare either.
Posted from my Windows computer btw; I think there is value in software freedom, but I use what best meets my current needs and wants, and encourage others to do so too.
Because 200 euro and 500 euro notes are all that stands between total anonymity and letting the government track your every step...
Maybe I'm not paranoid enough; many posters seem to consider this a huge issue but I don't see it. If getting rid of 500 euro notes means loss of freedom, what does the lack of 1000 euro and higher notes mean? I realize cash would be effectively banned for many uses if all coins/notes above, say, 1 euro were taken from circulation, but I don't think the Finnish government could even succeed in doing that.
I don't know about eagerness to forgive and all that, but surely the search results aren't limited to Europeans? So also people who presumably aren't eager to forgive and move on would also see the results, which would be seen as an issue. Or does Google return wildly different results (assuming the query is specific enough) depending on the user's country?
I didn't check the statistics, but I wouldn't be surprised if a lot of rapes happened at people's homes (not necessarily the victim's home), workplaces and similar "safe places". So effectively you'd always partly blame the victim for dressing "provocatively". I have a simpler rule of thumb: victim's aren't at fault.
Saying "but there was a pedestrian crossing and I had the right of way" doesn't help you when you're lying in the hospital with broken bones.
Would you go to the hospital and rub it in the pedestrian's face, telling them how they were in the wrong place and shouldn't have done this and that? What good would such victim-blaming do? However, reminding other people to watch out when crossing the street wouldn't be victim-blaming because they aren't victims. In this case there's much potential for a positive outcome.
Does that saying apply to lawyers too if they get sued? Maybe they would end up making stupid mistakes because of the emotional involvement?
Lawyers do seem pretty good at the job security game: make the system very complicated and convince everyone they need lawyers. Software houses should keep this in mind and not try to focus on ease of use.:-)
Which adblocker are you using that doesn't block ads on Youtube? Adblock Plus for Firefox does it, so I'd expect it to be possible with other browsers as well.
It seems to me that they didn't really have all that much going for them, if they didn't consider their lives precious beyond measure (as you aptly put it). I feel bad for anyone who commits or seriously contemplates suicide; it's not an enviable state of mind to be in.
For a doctor it's very helpful and often necessary to see the patient in person, but I'm not sure why the same would apply to a lawyer and their client. Unless you meant it more generally, like "never get professional advice from non-professionals." Then again, IANAL.
find|grep spawns two processes. find -exec grep is probably what you meant. I think something like "grep xxx $(find yyy)" should produce the same result without huge amounts of forking. Unless command line length has a practically reachable limit. I'm not sure about that.
Thanks for the example. My bank actually has an SMS confirmation system like you described, but it's only for "unusual" transactions. I've never triggered it, so merely transferring money to new accounts for the first time doesn't do it. Most of my payments are in the two-digit range though, and I assume they thought it would be too annoying for most customers to confirm each and every transfer.
It's just an indexed list of short codes, bank's website tells which index to use when logging in and also when doing wire transfers or other important stuff. Each of the 300 codes are used only once obviously.
Could you elaborate on the worthless systems? Is my bank's system one of those and if not, what would these systems be like exactly?
Or our Battle.net accounts, which have better security measures* than anything on your list:-)
*Stronger passwords than my online banking allows plus a one-time pad and SMS confirmation for actions such as changing passwords. My bank has a one-time pad too but from what I've gathered from comments on/. that's not as common as it should be.
I appreciate the effort and I don't mean to be argumentative, but it's/bin/bash in the CGI script that causes the issue, not that the naive programmer launches shellshock-victim-server.pl from bash, right? My point from the start was that the interactive shell used doesn't matter. This is starting to feel a bit silly, but I'm still not sure if you're misunderstanding me or if I'm just very thick today (it's not intentional).
My point was that I don't know why human users' login shell being bash in Debian would make the system more vulnerable to remote attacks; thus I was wondering why you thought it was relevant to point out that interactive users run bash by default. Your reply didn't really clarify that. Running servers from a bash shell shouldn't cause issues by itself. Unless maybe if the server spawns another shell instance based on $SHELL instead of using/bin/sh directly?
Slashdot Mirror
Based on written law in the US, what possible crime can be committed by speech?
IANFWUSL*, but how about something like revealing military or other state secrets?
(*I am not familiar with US law)
Remember that "places where they shouldn't be in the first place" includes sites that serve ads from 3rd party servers.
Nobody claimed that free software means someone will fulfill one's every wish. In the end, with free software you're allowed to create the fork; proprietary software, you're not (generally). That's it, no miracles involved.
No problem, just have him stop by any time and he can have it.
We had buttons that give feedback, but most people stopped buying such devices.
Free software is about ideology. About the availability of source code and the permission to examine, modify and redistribute it. It doesn't mean better security or indeed better by any quality metric, and that's not the point. Much like freedom of speech: it's important even if I never say or write anything and it doesn't make everyone Shakespeare either.
Posted from my Windows computer btw; I think there is value in software freedom, but I use what best meets my current needs and wants, and encourage others to do so too.
Because 200 euro and 500 euro notes are all that stands between total anonymity and letting the government track your every step...
Maybe I'm not paranoid enough; many posters seem to consider this a huge issue but I don't see it. If getting rid of 500 euro notes means loss of freedom, what does the lack of 1000 euro and higher notes mean? I realize cash would be effectively banned for many uses if all coins/notes above, say, 1 euro were taken from circulation, but I don't think the Finnish government could even succeed in doing that.
I don't know about eagerness to forgive and all that, but surely the search results aren't limited to Europeans? So also people who presumably aren't eager to forgive and move on would also see the results, which would be seen as an issue. Or does Google return wildly different results (assuming the query is specific enough) depending on the user's country?
I didn't check the statistics, but I wouldn't be surprised if a lot of rapes happened at people's homes (not necessarily the victim's home), workplaces and similar "safe places". So effectively you'd always partly blame the victim for dressing "provocatively". I have a simpler rule of thumb: victim's aren't at fault.
Saying "but there was a pedestrian crossing and I had the right of way" doesn't help you when you're lying in the hospital with broken bones.
Would you go to the hospital and rub it in the pedestrian's face, telling them how they were in the wrong place and shouldn't have done this and that? What good would such victim-blaming do? However, reminding other people to watch out when crossing the street wouldn't be victim-blaming because they aren't victims. In this case there's much potential for a positive outcome.
Since you're new here, I understand you haven't heard of "feature phones" before. But calling someone a marketing person... that's really offensive.
Simple: it works on my feature phone, and everyone I want to contact also has it installed.
Does that saying apply to lawyers too if they get sued? Maybe they would end up making stupid mistakes because of the emotional involvement?
Lawyers do seem pretty good at the job security game: make the system very complicated and convince everyone they need lawyers. Software houses should keep this in mind and not try to focus on ease of use. :-)
Which adblocker are you using that doesn't block ads on Youtube? Adblock Plus for Firefox does it, so I'd expect it to be possible with other browsers as well.
It seems to me that they didn't really have all that much going for them, if they didn't consider their lives precious beyond measure (as you aptly put it). I feel bad for anyone who commits or seriously contemplates suicide; it's not an enviable state of mind to be in.
For a doctor it's very helpful and often necessary to see the patient in person, but I'm not sure why the same would apply to a lawyer and their client. Unless you meant it more generally, like "never get professional advice from non-professionals." Then again, IANAL.
find|grep spawns two processes. find -exec grep is probably what you meant. I think something like "grep xxx $(find yyy)" should produce the same result without huge amounts of forking. Unless command line length has a practically reachable limit. I'm not sure about that.
Comparing an operating system to a development model ought to throw an exception.
Third time's the charm:
cat </dev/tcp/time.nist.gov/13
:-) I wasn't aware of the feature, thanks.
Thanks for the example. My bank actually has an SMS confirmation system like you described, but it's only for "unusual" transactions. I've never triggered it, so merely transferring money to new accounts for the first time doesn't do it. Most of my payments are in the two-digit range though, and I assume they thought it would be too annoying for most customers to confirm each and every transfer.
It's just an indexed list of short codes, bank's website tells which index to use when logging in and also when doing wire transfers or other important stuff. Each of the 300 codes are used only once obviously.
Could you elaborate on the worthless systems? Is my bank's system one of those and if not, what would these systems be like exactly?
Or our Battle.net accounts, which have better security measures* than anything on your list :-)
*Stronger passwords than my online banking allows plus a one-time pad and SMS confirmation for actions such as changing passwords. My bank has a one-time pad too but from what I've gathered from comments on /. that's not as common as it should be.
You're right, and Linux actually ignores the setuid bit on shell scripts. I forgot about that earlier.
I appreciate the effort and I don't mean to be argumentative, but it's /bin/bash in the CGI script that causes the issue, not that the naive programmer launches shellshock-victim-server.pl from bash, right? My point from the start was that the interactive shell used doesn't matter. This is starting to feel a bit silly, but I'm still not sure if you're misunderstanding me or if I'm just very thick today (it's not intentional).
My point was that I don't know why human users' login shell being bash in Debian would make the system more vulnerable to remote attacks; thus I was wondering why you thought it was relevant to point out that interactive users run bash by default. Your reply didn't really clarify that. Running servers from a bash shell shouldn't cause issues by itself. Unless maybe if the server spawns another shell instance based on $SHELL instead of using /bin/sh directly?