Re: How to check?
Presumably that is good?
Yes, you are good.
GNU bash, version 4.3.11(1)-release (i686-pc-linux-gnu)
Further along than on Fedora 20, I just arrived at 4.2.47(1).
16005 publicly visible posts • joined 3 Jun 2008
You cannot graft anything to bash without ending up with an eldritch horror that will haunt your nights. The man page insinuates as much.
But ksh and csh are not the way to go.
Just take a proper script language with minimal syntax, preferably functional (hint lots of parentheses hint), that has some syntactically nice ways to start processes and network/control them like a good process juggler, with workflow features and ETL gimmicks directly included.
As for Powershell ... yeah, I have the book by Manning, but, ... I still have to make time for it.
"I don't know who Alan Geer is, and with the following quote from his article I can't be bothered to find out"
Frankly, you should.
You should also stop jumping at words like a neurotic. In my opinion, anything downwards of using a theorem prover that your code does exactly what it says on the tin is "looking at code". And then you need to look at the tin...
even when /bin/sh will do.....
When exactly will /bin/sh do and why should it have helped in any real-world situation (leaving aside 20/20 hindsight)
If someone produced scripted code for me that was dependant on bash (or zsh/tcsh/mksh/ etc.) for no good reason, I'd seriously question their ability.
The only thing in question is whether you are the point-haired boss of Cave Jclson, the RPG programmer moaning about the kids and their modern structured programming.
It clearly is break.
And if you find yourself wondering more than 15 minutes about what bash substitution will do to the the variable-holding text that you have just written and are passing to another command or even an eval ... you know there is a nagging problem of reliability and trust that will be unable to ever shake.
In "Inviting More Heartbleed" (paywalled here ... what do you think you are doing, IEEE?), Alan Geer says:
At this point, we should ask ourselves a core question: Does looking at code actually work as a quality assurance mechanism? DES got more study than any other crypto algorithm ever will and serves as an existence proof that eyeballs can work. Evidently the eyes on it were pretty good, better than the open literature knew at the time. But the DES algorithm, even in optimized implementations, seldom runs longer than 2,000 lines of source code, whereas OpenSSL is more than 2,000 files with north of 600,000 lines of content. Does that mean OpenSSL needs 300 times as many eyeball-years to get it as good as DES? Perhaps the count of available eyes should serve as a limit on the size of a code base.
Bruce Schneier has asked whether security bugs are rare or plentiful. We don’t know. Theo de Raadt’s contention that all bugs are security bugs seems a bit too strong but better that than too weak. Either way, will a determined effort to find bugs yield security value? Yes, if bugs are rare enough that by removing what we find, we materially lower the count of bugs still in operation. If, by contrast, bugs are so plentiful that we can’t make a dent in the overall supply, then finding more is a waste of time as the ensuing work factor doesn’t change the equation one iota.
Given that it’s harder to find bugs in complex operating environments than in simple ones, is there something about how we do things today that has caused us to pass a threshold of complexity, a threshold beyond which quality assurance, no matter how we attempt it, will be infeasible at the level of effort we can or will put to the problem? Again, is the eyeball supply in a continuing shortage such that we should manage it? Have we reached “peak eyeballs” the way some say that we’ve reached “peak oil?”
I've about 40 of these accounts out there and I don't know about anyone else, but I wipe the environment at the top of the script intentionally .
I understand that at this point it's too late?
I seem to recall an input in Java 1.5.(something) that could be used to fork a shell out of a jvm.....
No. You need to run
Process p = Runtime.getRuntime().exec("bash -c '" + injectCommandLikeABeachedWhale() + '");
"The big public infrastructure-as-a-service (IaaS) players may be on the brink of a crisis as cataclysmic as the 2008 banking crash"
Yes, but the whole economy is also on the brink of a crisis far more cataclysmic than the 2008 banking crash and the 2001 dot.com crash. Where is your credit now?
Let's invest in a couple of on-premise servers.
How Financial Bubbles Fester And Burst—Even As The Fed Says Not To Worry
In today’s post Wolf Richter offers some solid insights on the dynamics of financial bubbles which merit further comment. The starting point is to recognize that once they gain a head of steam, financial bubbles tend to envelope virtually every nook and cranny of the economy, creating terrible distortions and destructive excesses as they rumble forward. In this instance, Wolf Richter explains how Silicon Valley has once again (like 1999-2000) been transformed into a rollicking capital “burn rate” machine that has spawned a whole economy based on striving for bigger losses, not better profits.
This latter development—- currently exemplified by 44 VC start-up companies in the IPO pipeline with a valuation of more than $1 billion each, despite no earnings and scarce revenues—-is indicative of late stage bubble dynamics. Say January 2000!
And also:
"He said nobody predicted the financial meltdown in the banking sector"
Did they include REMAINS of druidic underground passages opening on stairways guarded by GIGANTIC STONES leading to VAST, HIDDEN abysses wherein waft NEPHITIC VAPORS of SHOCKING DECAY and the faint sound of MAD PIPING and DRUMMING coming from the UTTER DARKNESS below is just an indication that here lurks UTTER TERROR that is best left alone?
El Reg:
jQuery security bods found no evidence that its site was foisting the drive-by download however
RISKIQ:
After verifying that the site was indeed redirecting users to a malware dropper, we immediately contacted jQuery.com to alert them to the attack. While they weren’t able to determine the root cause of the attack, the site’s administrators were addressing the issue.
Hitting this redirector, we continued to be redirected to the RIG exploit kit, even though we weren't able to replicate the script injection on jQuery.com with subsequent requests.
So what's the actual status?
Andrei Linde's theory of cosmic inflation – that for a few moments the expansion of space exceeded the speed of light.
I am shocked! I always thought that Alan Guth came up with inflation and that Andrei Linde only tacked the "inflationary multiverse" idea onto this, whereby the visible universe is just a local region of a forever inflating bubbly multiverse, where the various regions of that multiverse may or may not have varying values for natural constants. This idea is somewhat romantic though largely content-free and to all likelihood forever unverifiable. Not to be confused with the stringy multiverse whereby there are alternate realities that exist in some sort of quantum superverse, an idea which is content-free-er and frankly bonkers metaphysical.
Humanity is pretty good at covering up the existence of aliens and feeding goats to aliens who also mutilate cows in alien ways, meanwhile conspiring with aliens to modify human DNA, possibly via bees carrying alien nanovirus, and re-electing politicians controlled by aliens and having aliens take honorary seats at the trilateral commission while unfairly stealing and reverse-engineering the technology of creative aliens as well as crashed alien craft where we hide the alien corpses in nitrogen-cooled fridges, so that even the aliens do not notice that they are being taken for an alien rickroll.
We are actually the masters of Soviet-Style "technology transfer". Just pray there is no alien WIPO out there, otherwise that's gonna be costly.
Humans fuck year!
If asteroids (etc) mass is/are reduced via mining, could that affect their trajectory (especially in regards to gravitational pull from other masses) and therefore endanger the earth?
Evidently, you need to blast chunks uniformly at random in all directions to keep the vector sum of momentum changes at 0. This is also called "goan fish curry mining".
Why are there no STARS in space?....Not a single spec of light anywhere on the NASA photos?
Because NASA was totally fecking clueless and got some cheap black-painted dome installed by barely-literate chinese migrant workers instead of properly hiring Stanley Kubrick to do full-star awesome super-effects like he did a year earlier with "2001 - A Space Odyssey".
It's simple really. Then they had to set up O.J. Simpson for murder because the Mars Landing Project bombed when the Face on Mars was discovered (and what was underneath) and whistles got blown out of proportion, but that is another horror story involving Agent Orange and Oswald.
Apparently someone needs to cover up the latest economic data underneath sex-suffused front page gossip?
Found it on the tube: Goddamit Japan!!