| WIKI | FAQ | Tech FAQ | |
 http://csua.com/feed/ | |
| ||||||
| 2007/6/12-15 [Politics/Domestic, Politics/Domestic/President/Bush] UID:46921 Activity:nil |
6/12 Scientists find that salvage logging makes wildfires worse
http://news.yahoo.com/s/ap/20070611/ap_on_sc/wildfire_logging |
| 2007/6/12-15 [Transportation/Car, Transportation/Car/RoadHogs] UID:46922 Activity:moderate |
6/11 UNC attacker says he's sorry, asks to be released.
http://www.wral.com/news/state/story/1491807/?d_full_comments=1&d_comments_page=0#last_comment
\_ Automobile drivers go berserk and run people over all
the time. I can think of half a dozen in the last year
in San Francisco alone. Why does this particular
example of insane car driving behavior pique your
interest so much?
\_ You can name 6 events in the last year in just SF where a driver
has "gone berserk and run people over"?
\_ Because he asks to be released even thought he claims he's sorry?
\_ Yep. Fremont guy who drove around Pac Heights mowing people
down last November; the guy who flipped a U-turn after
arguing with a guy at 16th and Valencia and then drove up
onto the sidewalk, mowing down two people; two different
"homicide by automobile" in Bayview and a similar one in
The Western Addition. Add to that at least two other
hit and runs where the driver mowed someone down and
then took off.
Oceanview. And at least one more in The Mission back in
March 2006 (okay I guess that was more than one year ago)
Add to that at least three other hit and runs where the
driver mowed someone down and then took off and it is
unclear whether the fatality was an accident or deliberate.
\_ ok the guy who got ran over in the mission had an altercation
with the car owner. but the random ass Fremont dude from
really did randomly run over people in pac heights. !op
\_ These all look like cases of people who got into fights
about something else and used their car as a weapon. If
they'd not had a car they'd have used whatever else was
at hand. This says nothing about car drivers, but ok.
\_ Bullshit.
\_ Keep making excuses for homicidial car drivers,
that's ok. Why are car vs. pedestrian fatalities
in The City up 100% over the last five years, but
gun fatalities are not? It must be all those
pedestrians "provoking" them, right? They don't call
it "road rage" for nothing.
\_ Because guns are not easily available while cars are.
When you say fatalities are up 100% in the last five
years the question should be "What has changed in
the last five years?". "Drivers have suddenly all
turned insane" is not the likely answer. The term
road rage dates back at least to the late 80s when
people in LA were shooting each other on the highway.
But you'll note they used guns, not their vehicles as
weapons. I guess it is easier to just say drivers
are all assholes and killers than actually take a
series look at the problem. It may even be that the
absolute numbers are so low (6 in a year?) that a
100% increase is just a statistical anomaly given how
few events there are to count.
\- above poster: do you have any ungoogled guesses
for how many guns are in private hands in the US?
(re: guns not easily avail). i'd appreciate it
if you'ld post what your first guess it ... surely
doing so anonymously wont cause any embarassment.
\_ nothing to do with anything but feel free to
continue this line of debate on your own.
\_ No one said or even implied that drivers are all
assholes and killers. I am glad you are willing
to at least consider the possiblity that the
25+ deaths and 1000+ injuries of pedestrians
per year at the hands of automobile drivers
might be a problem. Acknowledgement of the problem
is always the first step. I am kind of amused
that you think that multiple homicide by automobile
is crazed, but individual target homicide is
per year in SF alone at the hands of automobile
drivers might be a problem. Acknowledgement of the
problem is always the first step. I am kind of
amused that you think that multiple homicide by
auto is crazed, but individual target homicide is
normal.
\_ Ok so it is 25 a year. How does that compare
with other cities? I never said anything like
your last line about multiple vs single target
murder. I have no idea where you came up
with that.
\_ "The City has the fourth-highest rate of
pedestrian deaths in the United States
for cities of more than 100,000 people."
\_ Because he asks to be released even though he claims he's sorry?
Yeah, he's really sorry, really.
\_ Okay, he is obviously nuts, but so are at least half of
people who do this kind of thing. He is kind of amusing,
I have to admit.
\_ BTW, what happened to the guy who struck and killed a pedestrian in
Fremont (which happened to be at walking distance from my home) and
then ran over 14 more people in SF?
\_ In jail, awaiting trial. one of the women he paralyzed
is suing his family.
\_ But has he apologized and asked to be released yet? |
| 2007/6/12-15 [Politics/Domestic/California, Politics/Domestic/Crime] UID:46923 Activity:nil |
6/12 Courtroom of the absurd (this seriously had me LOL):
http://blog.washingtonpost.com/offbeat/?hpid=topnews
\_ I like the old lady Godwinning.
\_ Between this and Bork's "You made me fall down" lawsuit, it's quite
the week for legal laughs.
\_ If anything, today's is even better.
http://blog.washingtonpost.com/rawfisher |
| 2007/6/12-13 [Industry/Jobs] UID:46924 Activity:nil |
6/12 Do QAs make less money than software engineers? Say both a QA and a
software engineer have five years of experience, how to the typical
salaries compare? Thx.
\_ Generally yes, but my understanding is the gap goes away once
you get into management level jobs.
\_ Then you're not QA or engineer. You're "manager".
\_ Depends on the company. Cisco and Sun both paid QA and Development
roughly the same (w/ 5-10K) for people in the same grade. Though
there were a lot more MTS4 and Staff Eng. in Development. |
| 2007/6/12-14 [Computer/SW/Unix] UID:46925 Activity:high |
6/12 Inside of a C++ program, I do a "ps | grep usename" for logging
purposes. where username = getenv("USER"); Doing this directly is a
gigantic security hole because someone could set $USER to some command
line and execute arbitrary code. What's the best way to make this
safe? Is there some standard way to check the input in a case like
this?
\_ How about "ps | grep \"username\""?
\_ man getuid, man getpwuid
\_ How's your motd logger going?
\_ I hope OP isn't doing this for a motd logger. There are much
easier ways than writing C++.
\_ Some versions of ps support a -U flag (or similar) that lets you
pass in the username OR userid. Safest way would be to (1) take the
username and translate it to the uid via getpwuid, getpwnam,
&c.; (2) exec ps (w/ the full path) and that uid; and (3) read the
output in C++. Any otherway is not 100% safe.
output in C++. Any other way is not 100% safe.
If your version of ps does not support user filtering, you should
exec ps (w/ the full path) and read/filter the output yourself.
Whatever you do, don't use system() and if you are running as root,
please drop privileges before calling exec().
\_ Not running as root. system() is bad, huh?
\_ Yes. system invokes a shell for you (in some cases csh). And
please use a full path, last thing you want is to be running
a PFY's hax0r'ed version of ps.
\_ system() is basically a wrapper around '/bin/sh -c $command'
with all the vulnerabilities and performance hit you get from
spawning the /bin/sh -c and what the shell might do with
$command. You're generally safer with fork && exec(command)
though then you have to deal with $PATH and massaging the
arguments.
\_ you should also read up on IFS.
\_ you should also read up on IFS. --psb
\_ What is IFS?
\_ IFS stands for Internal Field Separator, it is
what the shell uses to separate elements of the
various *PATH variables, among other things.
\_ and at the heart of many old skool attacks
such as /usr/lib/ex3.7preserve and other
insecure popen() problems.
insecure popen() problems. --psb
\_ Ok, but the command line I'm passing to system is pretty
complex. I don't care much about the performance, since
the logging is pretty rare. But I used "ps | grep $USER |
| sort | head" to get only the results I wanted. Seems
like fork exec would in this case would be hard. -op
\_ yes it would be. secure code is hard. insecure
code is easy.
\_ One possible sol'n would be to implement your filter
as a one line perl command and then send the output of
ps to that perl command. You would reduce the problems
to two fork/execs and would increase your security.
But the safest way is still to do as much as you can
in C and not in the shell via system().
BTW, why do use use $USER from the environment? Can't
you read it in using a CLI option or use the current
user id via getuid() or geteuid()?
\_ Actually, because I didn't know about getuid().
\_ I'm not sure what exactly you are trying to do,
but I think you can do all of it w/o system()
and not too much work in c++. Based on the above,
it seems like you could read the output of ps -U
[uid] (or equivalent) into a STL string vector,
sort the results and take the top 10. |
| 2007/6/12 [Recreation/Activities, Recreation/Food] UID:46926 Activity:nil 88%like:46930 |
6/12 Death by sports cream
http://www.washingtonpost.com/wp-dyn/content/article/2007/06/09/AR2007060901298.html |
| 2007/6/12-15 [Science] UID:46927 Activity:nil |
6/12 Nifty image technology.
http://clipaday.com/videos/ridiculous-image-technology-coming
\_ That's amazing. |
| 2007/6/12-15 [Politics/Domestic/Crime] UID:46929 Activity:nil |
6/12 Hans Reiser trial postponed
http://cbs5.com/local/local_story_163171126.html
\_ Do the crime, do the time. Nice FS for certain data sets but
writing a nice FS doesn't get you off a murder rap.
\_ Kill your ex-wife. Go to jail. Writing an interesting FS does not
earn you a get out of jail card. |
| 2007/6/12-15 [Recreation/Activities, Recreation/Food] UID:46930 Activity:nil 88%like:46926 |
6/12 Death by sports cream
http://urltea.com/r7q (washingtonpost.com) |
| 4/13 |