Hacker Newsnew | past | comments | ask | show | jobs | submit | more maximumoverload's commentslogin

I am from Czech Republic.

ICQ was popular here way more than in the rest of the world, but it got displaced by Facebook Messenger (and to some smaller extent Google Talk/Hangout/what's the name now).

I have no idea about Russia or Israel, where it was too popular.


I think intention is important in these cases, more than what you actually did.

He did not break there to make himself rich or to cause any trouble for the server owner; quite the contrary.


Thanks.

This guy writes a lot of text but it takes him forever to get to the point.


The point was already in the article title and opening line.


How is a "socialite" and "social justice whiner" different from "free software whiner"? Idiot.

Also, RMS is a socialist if you read more of his writings. So you should go die.


The main issue is, I think - if something works, nobody wants to fix it. Especially if that something is full with 80s code.

Bash works, pretty well, for a lot of people. So nobody wants to touch it.


Ironically, the shit is free, fork it and have at it! Contribute fixes... "Security guys" don't do that though, do they?

There are a whole lot of really important pieces of code that not a lot of people find sexy to work on.


Yeah, but it works already, and there are also so many features it's hard to know what all could be broken by randomly fiddling around the code.

(I suppose bash does not have a test suite.)


The good thing about quantum mechanics is that you don't have to know anything about it and still say stuff with it that sounds incredibly profound. "Everything is just a probability! We are all waves, maaan."

(Sort of like Freud's psychoanalysis. Everything is a penis, or your mother.)

This has probably nothing to do with the article though.


Well, this is an installation guide for the latest MacBook Pro, for the latest ubuntu.

I wouldn't call this "easy".

https://help.ubuntu.com/community/MacBookPro11-1/Saucy

It also has a fairly big section "Things that do not work (or fully work) yet".


Hm.

On one hand, this is pretty specific and not "run into the woods" dangerous.

On the other hand, it's also not that unrealistic.

Also, I am kind of afraid there will be more stuff lurking in there.


It's almost like the shell was designed to execute arbitrary commands!


It doesn't have a nice catchy name and a logo, though


Fine. Now it's called BashSmash. Are you happy? Go make a logo.


Someone already made on a few hours ago... https://i.imgur.com/ilJbM74.png


That's really ugly and not a real logo.


People are now calling it "Shellshock".

That's nice. I like this song.

https://www.youtube.com/watch?v=2pWZRJd4z8o


That's funny, showing my age, but "Shellshock" immediately brings up a completely different song in my mind: https://www.youtube.com/watch?v=JUhZ30D7tYU


I am on linode and precise LTS. I did this, and I got no bash update. What am I doing wrong?

edit: and how do I know if I am still vulnerable?

edit2: ok, this is the test

  env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
and apparently I am already patched. So that's good.


dpkg -l | grep bash

WIll tell you which version of bash is installed, for precise you should have bash 4.2-2ubuntu2.2


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: