SpoofedEx
@SpoofedEx
Best posts made by SpoofedEx
-
RE: Codethulu's evil spawn, in fewer lines than you can imagine
This code even has undefined behaviour. At least; it will when you compare these values with NULL/nullptr. See, it seems the coder's trying to initialise a NULL array, but NULL does not need to be stored as "0" in memory. It probably does on any non-embedded system, though, but it may not if 0 is a valid address and there's no virtual memory...
-
RE: Conservapedia: The funniest site in the world
@antiquarian: Who's he arguing with? As I stated before, I'm no advocate of ObamaCare as I don't know it's details.
Again, it's NOT about whether you oppose or reject it. The quote:
ObamaCare, formally known as "The Patient Protection and Affordable Care Act," (ACA) will impose massive penalties on young workers, small businesses and others who choose not to buy expensive health insurance, beginning in 2014.
Is the description of ObamaCare. Let me translate that to the creation of speed limits:
Speed limits impose massive penalties on those young drivers who choose to drive 150 mph.
Sure it's true, and you can write it down as a consequence, but it's not a proper way to define "speed limits". The speed limits obligates the drivers to adhere to these limits, and the fines are only a means to an end.
Perhaps I should have mentioned that the quote is the first sentence of the article, which I consider relevant.
Would the article have said something along the lines of:ObamaCare, formally known as "The Patient Protection and Affordable Care Act," (ACA) will mandate Americans to buy health insurance. [...] It achieves this by imposing penalties on those refusing to comply to these rules. [...] However, health insurance is currently expensive. [...] Blah massive penalties blah
Then I wouldn't have had complained, except perhaps about the lack of argumentation. A sanely written article should simply never mix fact with opinion: first define what you're talking about, then fire away with your opinion and reasoning. -
RE: Conservapedia: The funniest site in the world
What, did you live under a rock for the past hundred of years?
There's also http://rationalwiki.org/wiki/Conservapedia - depending on your outlook, another site to ridicule or a comprehensive guide to the madness.
Actually, TheDailyWTF has only a single topic every mentioning the site. And No, I didn't know it...
About ObamaCare: I'm not talking about whether it's good or bad (mandating health-care is definitely a good thing, its implementation I don't know). The writing isn't any less bad: it's not about "imposing penalties on [those] who choose not to buy expensive health insurance", it's about mandating health insurance. Come on, even those opposing ObamaCare can't condone this style of writing, right?
Again, I'm not pro-ObamaCare, as I don't know enough about it. My country (the Netherlands) mandates health care as does nearly every other western country, and while it's not perfect, it works great in most cases. -
RE: 4images
Wow, I didn't know the software, but I looked it up and it looks like an incredible piece of shit...
I noticed that you should really update though, as there's been a fix for a XSS 2 days ago:
Their method for filtering XSS looked redicious, so I looked it up, and I can definitely say that bypassing it would seem to be incredible easy... But to be honest, judging by the quality of the code, I expect a XSS to be the least of your possible problems.
Also, this:
if (strstr(getenv("HTTP_USER_AGENT"), "MSIE")) { // Browser Detection $textinput_size = "50"; $textinput_size2 = "30"; $textarea_size = "50"; } else { $textinput_size = "30"; $textinput_size2 = "17"; $textarea_size = "28"; }
-
RE: Var x = document.getElementById("MainContent").style; x.backgroundImage = "url('http://i.imgur.com/2eODocT.png')"; x.backgroundSize = "100%";</script>
Oh, I've seen both ways go wrong too. It's just been my experience that getting the data to some semblance of 'safe' (i.e. htmlspecialchars before it hits the DB) is usually the lesser of the evils.
At least now, if anyone does happen to find a/an* XSS, you can actually fix it without having to update all posts in the database. Imagine you forgot to blacklist a tag, or accidentally whitelisted a tag, that allows javascript, or the sanitation turns out to be slightly wrong (see 4images). If it's sanitised in the database, you're screwed. You're probably going to have to write a script to fix it otherwise.
And you know, discourse, with this many WTF's, there are bound to be some of those, right?*) Damn it, is it "a XSS" or "an XSS"? As in: "an ex-ess-ess" or "a cross site scripting"?
-
RE: Finding a phone number field on a form
Bug report: my phone number field "phonenr" isn't recognised!
Latest posts made by SpoofedEx
-
RE: "Shell Shock", the bash complement to heartbleed (AS IF)
http://seclists.org/oss-sec/2014/q3/741
Third variation of ShellShock identified. So expect yet another patch.
Bullshit, this isn't a vulnerability. If a setuid/setgid preserves the environment, that is the vulnerability. Otherwise there are countless more vulnerabilities available: say, simply updating PATH, or LD_LIBRARY_PATH, and there's even some environment variable that is executed before running bash, though I forgot its name (something to do with setting which rc file to execute I think - maybe INPUTRC).
Being able to set environment variables is equal to owning the machine. There's nothing new about that. Just some dude trying to win some fame here, I imagine...
So no, don't expect yet another patch. -
RE: "Shell Shock", the bash complement to heartbleed (AS IF)
It's reasonable for protocol analysis, which is the only thing I use it for. The fact it crashes every 2 minutes on my work machine is more problematic.
Yeah, I had to use it today for uni. Unfortunately, there were so many packets coming in so quickly that I couldn't stop the capturing, and eventually I had to kill it.
It looks almost as though it's coded in Java...
-
RE: Codethulu's evil spawn, in fewer lines than you can imagine
Is it preprocessor abuse if you're using it to effectively generate new keywords in the language? I ask because I really like my
#define foreach(…)
macro…Not when the language already has it (Wiki)
That's only since C++11 though. -
RE: Codethulu's evil spawn, in fewer lines than you can imagine
This code even has undefined behaviour. At least; it will when you compare these values with NULL/nullptr. See, it seems the coder's trying to initialise a NULL array, but NULL does not need to be stored as "0" in memory. It probably does on any non-embedded system, though, but it may not if 0 is a valid address and there's no virtual memory...
-
RE: Finding a phone number field on a form
Dutch!
Loads of Dutch here ;-)
Anyways, I just went to Google to see if I was able to find the website... No luck, but I did find this:
-
RE: Finding a phone number field on a form
Bug report: my phone number field "phonenr" isn't recognised!
-
RE: Var x = document.getElementById("MainContent").style; x.backgroundImage = "url('http://i.imgur.com/2eODocT.png')"; x.backgroundSize = "100%";</script>
Oh, I've seen both ways go wrong too. It's just been my experience that getting the data to some semblance of 'safe' (i.e. htmlspecialchars before it hits the DB) is usually the lesser of the evils.
At least now, if anyone does happen to find a/an* XSS, you can actually fix it without having to update all posts in the database. Imagine you forgot to blacklist a tag, or accidentally whitelisted a tag, that allows javascript, or the sanitation turns out to be slightly wrong (see 4images). If it's sanitised in the database, you're screwed. You're probably going to have to write a script to fix it otherwise.
And you know, discourse, with this many WTF's, there are bound to be some of those, right?*) Damn it, is it "a XSS" or "an XSS"? As in: "an ex-ess-ess" or "a cross site scripting"?
-
RE: Conservapedia: The funniest site in the world
The reason your health insurance costs are ridiculous? Because Health Insurance Companies are in the business of making money, not making healthy.
Actually, that's the very reason they're so cheap here in the Netherlands: competition.
I pay about 100 euro a month. When I go to the dentist, go see a doctor, etc, I have to pay about 400 euro maximum of what's covered (not sure how much it is now, it does increase and rules do change, as I said, it's still not perfect here). Anything above that, the insurance companies pay. Some things aren't always covered though, but they're usually not the life-threatening parts.
Now, if the prices would go up, nobody would buy their plan anymore, and they'd go bankrupt. So they're forced to stay cheap.
What's wrong with that in the US? Any company would start a plan half the price and they'd make loads of money... Right? Or is that merely due to the insane rates charged by hospitals over there? -
RE: Conservapedia: The funniest site in the world
@SpoofedEx said:
A sanely written article should simply never mix fact with opinion: first define what you're talking about, then fire away with your opinion and reasoning.
WTF. I haven't gone to the site, but you're just being stupid.
I LOL'ed.Anyways guys, I'm sorry I picked a quote that may not have been as bad as I considered it first go. I did not (and, honestly, still don't) grasp how bad the rule can be, and how it can be as terrible as you guys say, but I'll trust your words over it. Maybe I was being pedantic there (I often am). That doesn't excuse the rest of the site.
-
RE: Conservapedia: The funniest site in the world
@antiquarian: Who's he arguing with? As I stated before, I'm no advocate of ObamaCare as I don't know it's details.
Again, it's NOT about whether you oppose or reject it. The quote:
ObamaCare, formally known as "The Patient Protection and Affordable Care Act," (ACA) will impose massive penalties on young workers, small businesses and others who choose not to buy expensive health insurance, beginning in 2014.
Is the description of ObamaCare. Let me translate that to the creation of speed limits:
Speed limits impose massive penalties on those young drivers who choose to drive 150 mph.
Sure it's true, and you can write it down as a consequence, but it's not a proper way to define "speed limits". The speed limits obligates the drivers to adhere to these limits, and the fines are only a means to an end.
Perhaps I should have mentioned that the quote is the first sentence of the article, which I consider relevant.
Would the article have said something along the lines of:ObamaCare, formally known as "The Patient Protection and Affordable Care Act," (ACA) will mandate Americans to buy health insurance. [...] It achieves this by imposing penalties on those refusing to comply to these rules. [...] However, health insurance is currently expensive. [...] Blah massive penalties blah
Then I wouldn't have had complained, except perhaps about the lack of argumentation. A sanely written article should simply never mix fact with opinion: first define what you're talking about, then fire away with your opinion and reasoning.