MetaFilter

It's pretty appalling that so much software which needs to be secure invokes /bin/bash in the first place, since it has been a source of security problems for literally decades (not bash specifically, but exploits that rely on a shell interpreting things like the IFS environment variable). It's not that hard to fork/exec instead of using system().

Honestly I don't really get the widespread panic, though, since cgi-bin hasn't really been in wide use since the late 90s, nor should it be.
posted to MetaFilter by whir at 10:13 AM on September 25, 2014

About consumer routers, I would tend to think the majority of them use busybox rather than bash. Certainly all the open firmware distributions I'm aware of do. Bash uses a lot of resources and space, relative to the storage and RAM resources available on embedded systems, so it wouldn't really make sense for manufacturers to ship it in their firmware.

A lot of open-source firmware distributions I've seen do write their front-end web configuration software in sh, though.… [more]
posted to MetaFilter by whir at 10:20 AM on September 25, 2014

...or just skip interpretation by a shell in the first place, and directly exec the process you want to run. Half the time it's just being used to fire up a scripting language interpreter anyways.

Symbioid, I doubt that message is related. For the most part, mail servers shouldn't need to invoke subprocesses, and even if they did it is comparatively difficult for an attacker to inject an environment variable into the subprocess. To exploit this bash bug on a cgi-bin web… [more]
posted to MetaFilter by whir at 1:29 PM on September 25, 2014

It is common to put bash on an embedded box, since bash makes development and debugging more convenient.

Sure, I could see that, but the question is whether your web-facing software then uses bash to execute cgi-bin applications. I feel like cgi-bin itself is a bit of a relic; nginx doesn't even support it, and it isn't widely used because launching a new process per http request (actually two, if you're launching bash and using it to invoke a perl… [more]
posted to MetaFilter by whir at 1:40 PM on September 25, 2014

Is it possible to craft a simple URL request in a browser to test this, or is something more complicated needed?

The curl request should do it. Most likely your browser is storing username/password information in it and that's why you're getting a 401 response. If your router uses HTTP Basic authentication (likely), you can add a "--user username:password" flag to your curl command line to pass the credentials with your request.
posted to MetaFilter by whir at 2:14 PM on September 25, 2014

I have no love for the GamerGate people and their hateful cauldron of ridiculousness, but actually some of those demands are reasonable. I'll reproduce them here in text (actually I'm copy pasting them from this tumblr):


a) authors can befriend or give and receive financial support to and from devs, but they must make this information readily available to the public.

b) authors can publish pieces about these devs and their games, but… [more]
posted to MetaFilter by whir at 10:27 AM on September 17, 2014

argh, "its audience's"
posted to MetaFilter by whir at 10:35 AM on September 17, 2014

Trying to teach a bunch of angry manchildren (and/or actual children) about the nature of journalistic ethics and what it means to do serious art criticism is just missing the real point, which is the rearguard-right war they're waging for gaming culture.

I mean, I see what you're getting at, but I'm not sure the best alternative is just to throw up one's hands in disgust and give up. There are a lot of ethical problems with… [more]
posted to MetaFilter by whir at 12:47 PM on September 17, 2014

I always thought PBS was more akin to a publisher than a studio, to put it in game development terms. But as an analogy which doesn't seem too far off, if a personal friend of a film critic had asked for and received a $500 loan in order to make a movie, and then the critic then gave that movie a positive review, wouldn't that seem improper, even though the critic did not receive any sort of financial reward for his loan?
posted to MetaFilter by whir at 1:18 PM on September 17, 2014

I guess what I'm getting at is that in reviews there is at least an implicit premise that the reviewer will be impartial, and judge a work on its own merits, irrespective of any relationship with the work's creators. Having a financial relationship could damage that impartiality, and certainly damages the appearance of impartiality.
posted to MetaFilter by whir at 1:20 PM on September 17, 2014

Are you really saying I should "declare my interest" if I ever write a review of anything he ever does?

Uh... yes? It doesn't seem that onerous, and it would help the reader of your review evaluate your position.
posted to MetaFilter by whir at 1:34 PM on September 17, 2014

I'm definitely not arguing in favor of publishers giving free stuff to game reviewers. The solution for most consumer reviews, say laptops or cars, is that the reviewer is given something to review, he or she uses it for a few days or a week or whatever, and then gives it back. The publisher pays for the item under consideration (or is provided it by the manufacturer) and the reviewer does not get to keep it in the end. This seems like a workable model for game reviews.
posted to MetaFilter by whir at 1:44 PM on September 17, 2014

When I read Anthony Lane's movie reviews in the New Yorker, I have no idea what his relationship to the movie is, but I know for a fact the dude's been working in the film industry for decades and very likely knows at least a couple of people involved in the creation of the movie. But I also trust the editors of the publication to make sure he's not full of shit.

I have a pretty high level of trust in the editors of the New Yorker. The editors of… [more]
posted to MetaFilter by whir at 1:54 PM on September 17, 2014

Also: "c'mon, it's not that big a deal" isn't really convincing me I should jump through the nonsensical hoops demanded of the most hilariously rickety smokescreen for a group's toxic behaviour.

I'm not saying you should, nor do I endorse GamerGate's poorly considered list of demands. I guess I'm a bit surprised that the disclosure of a direct financial contribution from a reviewer to the author of something he's reviewing seems so controversial.
posted to MetaFilter by whir at 2:18 PM on September 17, 2014

Well, I don't want to turn this into me vs the thread, so I'll just say I disagree about whether disclosing Patreon investments is proper and leave it at that. I do agree that things like press junkets are far more troubling, but I remain unconvinced that the same editors who send their reporters away on them are the people whose final judgement we should be relying on about whether or not their reviewers are sufficiently impartial.
posted to MetaFilter by whir at 4:08 PM on September 17, 2014

the reason I feel so strongly that "disclosing" things like Patreon support is absolutely unworkable is that the people who want this are not asking for it in the spirit of journalistic integrity.

Look, I'm absolutely not on the side of GamerGate, and I recognize that their arguments are a rear-guard action against the colossal missteps they've made in manufacturing their misguided, hateful little PR war. But I am also, independently,… [more]
posted to MetaFilter by whir at 9:04 PM on September 17, 2014

I should think not, but I also wouldn't need to run it by an editor, nor would I think of myself as practicing journalism when I did so.
posted to MetaFilter by whir at 10:25 PM on September 17, 2014

Yeah, as somebody who writes code for a living, the idea that a computer program could produce a simulation of a human being deeply enough that performing harm to the simulation would constitute a moral wrong is just laughable. It's an interesting philosophical game in some ways, but honestly, no, that won't be happening. Not even if we understood consciousness, which we don't.
posted to MetaFilter by whir at 3:08 PM on September 16, 2014

On the more general question of AI, I'm cautiously optimistic that if we could ever achieve a sufficient level of self-awareness, we might be able to reach strong AI.

I agree with this - at least, I agree that it's a possibility, though by no means a certain one. It's the simulation argument, and its concomitant moral puzzles, that strike me as completely disconnected from the actual reality of how computers work. (Likewise for the bits about… [more]
posted to MetaFilter by whir at 10:12 PM on September 16, 2014

...in 1996 I proposed an article about him to Spin. I didn’t particularly want to write an article, especially not for a glorified version of Tiger Beat...

Vice doth protest too much, methinks! (But seriously, that was a good article, thanks)
posted to MetaFilter by whir at 10:12 PM on September 11, 2014

This article is the first I'd heard of end-to-end, the Chrome extension that allows true end-to-end email encryption by doing OpenPGP in Javascript. Clever, if horribly kludgy. Is it worth paying attention to or, like PGP, will it be irrelevant to 99% of Internet users?

I'm no crypto expert, but always I've found this article on the pitfalls of doing crypto in-browser with javascript to be pretty convincing. Some of its arguments wouldn't necessarily… [more]
posted to MetaFilter by whir at 6:10 AM on August 27, 2014

Ooh, another opportunity to drop in the Birthday Clown Consortium Price Guide.
posted to MetaFilter by whir at 5:26 PM on August 2, 2014

At least a dozen clowns will be at breakfast with your family, during which time they will make conversation in their goofy, high-pitched voices, and mechanically eat their food with giant fixed grins on their makeup-caked faces!
posted to MetaFilter by whir at 5:27 PM on August 2, 2014

The Office of National Drug Control Policy has posted a mellow-harshing response to the NYT editorial, for anyone curious about the official line of argumentation against legalization. Here are some excepts, since I know all you stoners won't read the whole thing.

The editorial ignores the science and fails to address public health problems associated with increased marijuana use. Here are the facts:
* Marijuana use affects the developing brain.… [more]
posted to MetaFilter by whir at 6:41 AM on July 29, 2014

That translucent window over the bottom half for the screen telling me to sign up for pinterest makes me profoundly uncomfortable, is there any way to get rid of it without giving up my email address?
posted to MetaFilter by whir at 1:36 PM on July 16, 2014

Anyone seen the Fantastic Four?
posted to MetaFilter by whir at 10:16 AM on July 16, 2014

Comcast has apparently issued an official statement, as quoted in this Ars Technica bit about the story (bottom of the page):

"We are very embarrassed by the way our employee spoke with Mr. Block and are contacting him to personally apologize. The way in which our representative communicated with him is unacceptable and not consistent with how we train our customer service representatives. We are investigating this situation and will take quick action.… [more]
posted to MetaFilter by whir at 1:31 PM on July 15, 2014

Superman and Wonder Woman?
posted to MetaFilter by whir at 12:40 PM on July 15, 2014

I'm still irritated with DC over what happened with BatWoman

What happened with Batwoman? I read a few episodes when they rebooted everything but then I sort of gave up on DC again.
posted to MetaFilter by whir at 9:06 PM on July 13, 2014

Oh, I'm guessing you're talking about this Batwoman thing, I had completely missed that.
posted to MetaFilter by whir at 9:08 PM on July 13, 2014

Between this and 528's burrito bracket, we truly are living in a golden age of data-driven journalism.
posted to MetaFilter by whir at 12:17 PM on July 11, 2014

I disagree that it is incumbent upon someone to learn much about a given religion before dismissing it. We do not demand that someone has "gone clear" before waving off Scientology as bunkum.

Of course not, but if somebody knew literally nothing about Scientology except the name, you would also think they were being a little rash if they dismissed it out of hand, right? Somewhere in between those two extremes there… [more]
posted to MetaFilter by whir at 10:23 AM on July 9, 2014

I'm a pacifist, but I love fighting games and was really excited about this until I saw the video. Maybe it would work if instead of showing video of the bouts, they just displayed a slideshow of still shots.
posted to MetaFilter by whir at 8:26 PM on July 8, 2014

Looks like guantanamo.democrat and singlepayer.democrat are available as well.
posted to MetaFilter by whir at 8:04 PM on July 8, 2014

From MeFi's own Defective Yeti.
posted to MetaFilter by whir at 9:46 AM on July 4, 2014

Seems to be 404ing out right now, maybe the server got overloaded?
posted to MetaFilter by whir at 12:39 PM on July 1, 2014

Sadly, the Washboard.co dream seems to be over.
posted to MetaFilter by whir at 11:46 AM on June 27, 2014

I actually just saw these guys play last weekend, and it was pretty glorious. I grew up loving Big Lizard in My Backyard, which seemed like the perfect antidote to the often dour and doctrinaire politics of MRR and the East Bay punk scene. In the leadup to Bitchin' Camaro, Rodney Anonymous went on this long, rambling rant about politics and kids and like gun control or something, it sort of went on and on, and then when he was finally done he threw it over to Joe Jack Talcum,… [more]
posted to MetaFilter by whir at 9:29 AM on June 20, 2014

Warren Skaaren... would become one of the highest-paid rewrite men in Hollywood

Yeah, but he really took an axe to the scripts
posted to MetaFilter by whir at 8:28 PM on June 19, 2014

Two separate meanings of the word "liberal" do not constitute a homonym.
posted to MetaFilter by whir at 11:07 AM on June 19, 2014

Coming soon to a theater near you!
posted to MetaFilter by whir at 12:57 PM on June 6, 2014

I'm definitely in the target market for these services. When I first moved to NYC it was into a fourth-floor walk-up with the nearest laundromat three blocks away. I already hated doing laundry (well, not doing it so much, more folding clothes), and I tend to have too many clothes because I'm kind of a packrat, so I was doing all my laundry in big apocalyptic loads every two weeks or so. After a few rounds of taking those up and down the stairs and down the street, I decided to just use a… [more]
posted to MetaFilter by whir at 1:00 PM on June 5, 2014

Dowd's response to the story from her tour guide. "I favor legalization," she said, "but given all the tourists streaming into Colorado, it would be better to err on the side of conservative cautions."
posted to MetaFilter by whir at 12:12 PM on June 5, 2014

I don't love glass, but color me dubious that the Google Glass team won't be able to engineer around a 52-line shell script that just greps for a string in the MAC address to determine whether you're a glass user.
posted to MetaFilter by whir at 6:59 PM on June 4, 2014

Here's Low's version, off of the incomparable I Could Live in Hope from 1994. They kept it in the same key, but of course slowed the tempo way down, as was their wont in those days. (I confess to almost always stopping the album when it gets to this song, however.)
posted to MetaFilter by whir at 9:50 PM on June 3, 2014

I guess that explains all those "kill moose and squirrel" blogs.
posted to MetaFilter by whir at 10:18 PM on June 2, 2014

NYT blurb on the response. More importantly: Bloomberg Businessweek gets Pikettymania!
posted to MetaFilter by whir at 5:42 PM on May 29, 2014

Grief farm
posted to MetaFilter by whir at 10:33 PM on May 28, 2014

For completeness' sake, here's the final set by Katie McVay.
posted to MetaFilter by whir at 6:41 PM on May 20, 2014

I thought the last Swans comeback album was decent, but this one is really outstanding. They still put on a great live set too.
posted to MetaFilter by whir at 2:56 PM on May 13, 2014