|
Python is listed in GTFOBins. There is a disclaimer at the top stating 'this is not a list of exploits' but rather a list of binaries that can be abused on 'misconfigured systems'. But there are dozens of Linux distros that are configured by default with suid and sudoers. Especially firewall appliances.
Seems like nobody realizes that Linux is swiss cheese[^].
|
|
|
|
|
Incredible footage of NASA’s latest descent to the Red Planet Good lander, bad cameraman
All that shaky cam footage - was it filmed by Peter Jackson?
|
|
|
|
|
|
Oh, oy. Yeah, I forgot those (and the Bourne films). It's an epidemic! Too many lattes in Hollywood?
TTFN - Kent
|
|
|
|
|
In my opinion, Bourne did it well. That Bond film, on the other hand.... I think directors learned their lesson afterwards, but I haven't gone to the movies much since then so I'm not sure. I pray they have.
|
|
|
|
|
Earth makes a tiny seismic rumble every 26 seconds. Clear out, it's going to blow!
And for the keen-eyed (you know who you are). Yes, yes, yes, but I didn't see it then, so it's "news to me". {insert mirthless chuckle}
|
|
|
|
|
After 4.23*1018 km on the odometer, the Earth is way overdue for a tune-up.
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.
-- 6079 Smith W.
|
|
|
|
|
And the funky sound will probably go away as soon as they take it into the shop.
TTFN - Kent
|
|
|
|
|
She's been leaking oil for several thousand years. Surely she's running low by now.
|
|
|
|
|
It's a heart beat.
Something big.
It's sleeping.
For now.
"Time flies like an arrow. Fruit flies like a banana."
|
|
|
|
|
Might be right; earth's inner core may be the cause.
But we won't find out until scientists stop it from happening.
Bastard Programmer from Hell
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
|
Gestation has finished and it's going to hatch soon?
"If you don't fail at least 90 percent of the time, you're not aiming high enough."
Alan Kay.
|
|
|
|
|
The feature uses a Machine Learning model to make suggestions based on the text typed by the user. De{tab}^H^H^HDe{esc}ar Si{tab}^H^H^HSir...
|
|
|
|
|
An IBM guy told, long ago (i.e. pre-Internet - no URL to back it up), from the early days of DB2: If a deadlock occurred and your transaction was selected as a victim to break it, once the other transactions were complete, the system would attempt to redo your transaction by repeating your keystrokes, echoing the keystrokes on your screen exactly as you had typed them, so that if the redo failed, you could see exactly how far it (successfully) got, and you could continue from there.
This was meant to be an aid to the user. But the computer operators got so annoyed by seeing their own typing errors and corrections being displayed "for anyone to see" that they screamed in protest, and IBM had to remove the "positive feedback".
(Remember than in the 1980s, business correspondence was still made on Selectrics and Remingtons. Every typo had to be corrected with white ink or correction tape, and might be visible as a defect, although corrected, in the letter that was sent out. So secretaries took pride in perfect typing; any typo was a shame. Nowadays ... For a few years, I had a keyboard counting my keystrokes. Quite often, when I wrote plain text, such as documentation, the text file might grow by twenty thousand characters, yet the keystroke counter had increased by forty or fifty thousand keystrokes. I never understood why )
|
|
|
|
|
This past October, we notified you that we were going to improve the Windows update history experience, particularly with regard to release notes. Those who do not study their Windows Update history are doomed to repeat installing the patches
|
|
|
|
|
Kent Sharkey wrote: Those who do not study their Windows Update history are doomed to repeat installing the patches LOOOOLLL If I would have been drinking something I would need to clean up my monitor...
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
I understand my windows update experience, and that's why I use Linux now.
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
It’s been said that 90% of programming is debugging (and that the other 10% must involve writing those bugs). Don't forget to update the docs
|
|
|
|
|
Quote: What happens when you find a decades-old bug? Never touch a running system?
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Most bugs are not documented, so there is nothing to update.
(Incidentally, the same applies as well to code that are bug-free, or assumed to be bug-free.)
|
|
|
|
|
With all due respect: read the article
TTFN - Kent
|
|
|
|
|
You are right - I did write my comment before reading the article.
But what the article says is just the same as my comment said: Documentation is ignored. In this case, although there were some ancient, tiny starts on some documentation. Further development just skipped the documentation part. As if it wasn't there.
I uphold that ignorance of all sorts of documentation is a major problem in software development. Documentation is "out of sight, out of mind" for the great majority of programmers I have been working with. Furthermore: When I do document my own code, my co-workers simply ignore it: Rather than looking in our documentation base, they come to me to ask how things work. I give them the link to the exact doc page they need, and the next day they may be back to get another doc link, which was included in the first page as a "For more information on ..." link. (I am not making this up!)
Sometimes developers even fight documentation actively: A number of years ago, I was engaged for a couple years to develop the (online) documentation for a web service - the developers more or less refused to "waste" time on non-coding tasks (not considering javascript to be "coding") like documentation, so I was hired to do it. I remember in particular one episode where this one developer fiercely sneered at me (and at that, she certainly was a master!) when I was asking for some information about her modules: I've got a lot more important things to do than to feed you with stuff!
I can't remember last time a programmer gave any sort of praise to documentation. Not in modern times. 30+ years ago it was different: When I left my first job after getting my degree, my notice period was set to be the time it would take me to complete the documentation of the subsystem and the code that I has been responsible for. In those days, documentation was essential. But we weren't agile in those days.
|
|
|
|
|
trønderen wrote: I uphold that ignorance of all sorts of documentation is a major problem in software development. This (and your other points) are painfully true (and I suppose was also a factor in the lack of update of the docs in the cron case in the article). I don't know if it's due to the "faster, faster" mindset of development these days, the "the code is the documentation" mindset, or just plain laziness, but docs often are the last thought.
People used to beat on MSDN frequently (and almost as many kick at docs.microsoft.com), but the support on many of those pages were better than many SO discussions.
TTFN - Kent
|
|
|
|
|
Kent Sharkey wrote: What happens when you find a decades-old bug?
No one believes you.
It's like pointing out that something that is a 'common industry practice' is actually illegal, contrary to best practice, or outright insane. No one takes the observation seriously... until one day when all hell breaks loose and people start going to prison or having to set up massive industry funds to compensate customers for what was always an illegal 'common industry practice'.
Take away point: Just because no one has noticed it before or just because everyone is doing it, doesn't make it ok or harmless.
|
|
|
|