:smile: :smiley: :D :-)
:D :-)
hmmm...
:smile: :smiley: :D :-)
:D :-)
hmmm...
There is :facepunch: (facepunch) but no :-(
So, audio, Mr Burns, what else can we possibly exploit next?
Has AutoCornify been done yet?
Are you referring to the watch Apple is supposed to unveil?
the Swype integration
(But I donāt really care myself)
During an internship I had to take some C programs which were running on a Linux distribution released in 2002, and make them work an a more recent (~2010) distribution.
My mentor thought they would Just WorkTM after a quick recompile, because they had never crashed on the previous system. Well, I compiled the first one (in fairness, it didnāt generate too many warnings), and... it crashed right away.
I eventually found (after some tedious debugging) a handful of stack buffer overflows which were previously harmless but were now corrupting pointers.
Reminds me of the time I discovered UNC paths and almost got expelled from high school during my final year.
Reminds me of my own experience in high school... One of my friends found out that \\server\c$
was accessible, copied the SAM database and started cracking all the passwords. He found out the admin password quickly (it was a five-letter word...)
But even that work was overkill since all students had Local Administrator privileges.
The machines were only protected by some āsecurityā software which was basically applying local group policies during logon. It was quite easy to work around it... For instance, even though IE was blocked, it was accessible by typing a URL into the address bar of any Explorer window. It was also possible to run any program by creating a button on a PowerPoint slide, assign it a Run Program action, and clicking it.
One popular passtime at one point was to taskkill
processes on other peopleās computers. lsass.exe
was a favorite candidate because that produced this annoying error message:
```
hr {
border: 1000px solid #f0f;
}At least it will be visible between your images...
Fortunately for me, I never tried Win v1; from what I've heard about it, I would've hated it intensely.
http://www.pcjs.org/configs/pc/machines/5160/cga/256kb/win101/
Enjoy!
At least it didnāt attempt to directly use libiptc...
Bonus points for not checking for errors and doing exit(0)
if iptables does not start.
Force quit dialog != BSOD.
Fail.
The original post is here: http://blogs.msdn.com/b/oldnewthing/archive/2014/09/02/10554253.aspx
The password field is null.
I hope nobody runs Discourse on an Oracle database...
(Yes, I know it wouldnāt work)
Aside of proposing 27 different centralized login solutions without fully understanding how they work, I think TRWTF is that Discourse allows logging in to the @system account (especially since its email address is public and not randomized).
That got me thinking... Does @system has a password? Itās probably randomized on install, but maybe itās discoverable...
updated to prevent non-terminating discourse devs.
Your infinite loop was not very efficient anyway. Better do something like this:
Read this quote again.
Status: Toothache. Greatly reduced productivity.
Yikes... Why would Discourse implement a feature to impersonate other users?
Impersonation can be useful to test user permissions. But apparently limiting the impersonation to permissions, like other forum software do, is Doing It Wrong. I guess Discourseās version of impersonation is just
session.user = selected_user
Status: Monster SQL query finally done after 3 days. I think.
ROLLBACK
instead of COMMIT
at the end...
Bad idea: Forum sofware which automatically loads new posts with questionable images even when in the background.
Status: looking for a cluebat after seeing
somefile.c:286:5: attention : passing argument 1 of āfreeā discards āconstā qualifier from pointer target type
in the build logs after a svn up
.
How can you tell /dev/sdc is mounted from the information provided in @cartman82's post?
I wasnāt. I was doing a general remark about how these commands are easy to mistype (Iāve already messed up*), and that disallowing writes on a mounted partition (like OS X does IIRC) could be an easy way to prevent some stupid mistakes.
* In fairness, when I messed up, I was using a machine whose internal SCSI drive was so slow, its device identifier could change between sda
and sdb
if a USB key was plugged in at boot time.
TRWTF is Linux allowing direct writes on mounted partitions devices.
Filed Under: Maybe he applied for the special elder-program!
Maybe itās because of his avatar?
Winner!I hit the post button after the timer had gone, presumably the timer shows Discoseconds.
In my case, the timer was off by around ~20 seconds. I think it uses the computerās local time to do its calculations (at least for the remaining number of seconds) so itās not very accurate.
It also seems that topics are effectively closed by a cron task; that would explain why you were able to post after the topicās expected close time.
I donāt think Discourse has this. If it had, it would probably make the clbuttic mistake of buttuming that swear words are never contained in other words.
When using hard links on Windows you can at least get all the names of a file: http://blogs.msdn.com/b/oldnewthing/archive/2011/07/20/10188033.aspx
There is probably a way to get the inode somewhere.
Explorer probably does not implement this because it slows down size calculations for little benefit (since theyāre probably not used anywhere except for WinSxS)
Or was / the FS that was filling up?
/dev/
is on a tmpfs so writing into it will consume the available RAM and swap.
Why the hell would you record a video to the root of a drive?
Maybe he created a āVideosā folder there?
Question from the peanut gallery: how does a 'corrupted link' produce a 500 from a server? There is no legitimate circumstance where a 500 should ever be intentionally thrown for a URL. Bug?
Iām starting to think that any price displayed on an ISPās website will not match the actual price.
Given the previous comments, I guess I canāt really complain, but still...
DAMNIT WHY DOES IT HAVE TO TRUNCATE
I think it has already been reported on meta.d, and itās a CANTREPRODUCE WONTFIX JUSTUSEF5.
That's right. No FileNotFoundException. Fucking PHP is the worst of the worst of TRWTF.
Python only got FileNotFoundError
in 2012. Before that you only had IOError
, which was raised for almost any OS related error (except in some cases, which was pretty confusing).
Maybe PHP will do the same thing in a few years, who knows?
Something else Ubuntu got wrong
Shoving that into /etc/apt/apt.conf.d/01ubuntu (or into its own 01blah file under that folder, or whatever) should fix your proxy blues.
apt-get
and friends already work fine, because iāve added env_keep="http_proxy"
in the sudoers
file. Itās the updater GUI which has trouble. Iām pretty sure it is not launched as root.
Iāve tried to add the apt config file you suggested, but update-manager still chokes when downloading the package lists. Iām not sure how to get the āupdates available dialogā back (it only popped up once when I logged in) but I donāt really think it would have helped.
My main point wasnāt the proxy settings but the update notification window. Iām fine with it using a Web browser to fetch and display the release notes, but what about displaying a sensible error message like āCould not retrieve the release notesā when the retrieval fails?
My work computer does not have direct access to the Web; i have to use a proxy with NTLM authentication.
Most Linux software do not work with that kind of proxy (Firefox does, but itās deprecated since v30), so i had to install a proxy proxy locally on my machine. Then I set http_proxy=http://localhost:3128/
in /etc/environment
and most software started working. So far, so bad.
I have still trouble with the Ubuntu software update GUI, which completely ignores http_proxy
. But I least I can take funny screenshots.
Are you sure that's happening? I don't recall ever seeing such a header being issued by a browser; they normally just don't send Range: at all. Which is OK by the spec. You might just be misinterpreting the missing header as some (fairly sensible!) defaults and thinking that you're in a partial-transfer scenario when you're really in a full-transfer one.
The thing is, media files tend to be very big, so sending them in one part may cause problems, especially with PHP which has an execution time limit. So it makes sense to try to send them in chunks on browsers which support this (and the Range header is a good indication of that).
@Arantor, why are you trying to send a media file with PHP? Why not serve it directly from the Web server (or even better, another web server specifically made to serve static files)?
If the PHP code is used for authentication purposes, you can put the media files in a folder with a random name which is difficult to guess, and tell PHP to redirect the browser there. Itās not perfect, but Iām under the impression that most websites which stream HTML5 media do this.
I guess itās probably why some adaptative streaming protocols (like HTTP Live Streaming) split up the stream in many 10 seconds chunks; it avoids tying a Web process for a long time.
So, time to break something?
U+202C
* in my description. Not sure if it will break something, thoughā¦
*ā®You know, the Unicode character for reversing text direction
Sure, that style is much better, but I was copying the style of the post I was responding to. I was under the impression that the complaint was about creating an exception rather than about instantiating objects that may or may not be used.
My point was that:
But there is one thing I always wondered about: why oh why does throw e;
reset the stacktrace of that existing exception? Couldn't they have made it more explicit by calling an extra function on that exception if you really wanted to reset it?
If you donāt reset it the stacktrace will show the point where the exception was constructed, not where it was thrown.
A program could do something like this:
Exception exc = new Exception("Some exception");
// Some code
if (condition1) {
throw exc;
}
// Some more code
if (condition2) {
throw exc;
}
Yes, if someone actually does this, itās a WTF in itself. But still, it wonāt help you find at which point the exception was thrown.
Status: Complaining about dialog boxes lacking a āDontāt bother me againā checkbox.
I would like to unify this forum's opinions
How about starting with realistic goals?
Oh cool. Let's see what I can do. Any suggestions?
Thatās what caused the XSS to be fixed the first time...