Berkeley CSUA MOTD:2007:June:12 Tuesday <Monday, Wednesday>
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2007/6/12 [Uncategorized] UID:46920 Activity:nil 66%like:46928 Entry has been invalidated. Access denied.
2007/6/12-15 [Politics/Domestic, Politics/Domestic/President/Bush] UID:46921 Activity:nil
6/12    Scientists find that salvage logging makes wildfires worse
        http://news.yahoo.com/s/ap/20070611/ap_on_sc/wildfire_logging
2007/6/12-15 [Transportation/Car/RoadHogs, Transportation/Car] UID:46922 Activity:moderate
6/11    UNC attacker says he's sorry, asks to be released.
        http://www.wral.com/news/state/story/1491807/?d_full_comments=1&d_comments_page=0#last_comment
        \_ Automobile drivers go berserk and run people over all
           the time. I can think of half a dozen in the last year
           in San Francisco alone. Why does this particular
           example of insane car driving behavior pique your
           interest so much?
           \_ You can name 6 events in the last year in just SF where a driver
              has "gone berserk and run people over"?
           \_ Because he asks to be released even thought he claims he's sorry?
              \_ Yep. Fremont guy who drove around Pac Heights mowing people
                 down last November; the guy who flipped a U-turn after
                 arguing with a guy at 16th and Valencia and then drove up
                 onto the sidewalk, mowing down two people; two different
                 "homicide by automobile" in Bayview and a similar one in
                 The Western Addition. Add to that at least two other
                 hit and runs where the driver mowed someone down and
                 then took off.
                 Oceanview. And at least one more in The Mission back in
                 March 2006 (okay I guess that was more than one year ago)
                 Add to that at least three other hit and runs where the
                 driver mowed someone down and then took off and it is
                 unclear whether the fatality was an accident or deliberate.
                 \_ ok the guy who got ran over in the mission had an altercation
                    with the car owner.  but the random ass Fremont dude from
                    really did randomly run over people in pac heights. !op
                 \_ These all look like cases of people who got into fights
                    about something else and used their car as a weapon.  If
                    they'd not had a car they'd have used whatever else was
                    at hand.  This says nothing about car drivers, but ok.
                    \_ Bullshit.
                    \_ Keep making excuses for homicidial car drivers,
                       that's ok. Why are car vs. pedestrian fatalities
                       in The City up 100% over the last five years, but
                       gun fatalities are not? It must be all those
                       pedestrians "provoking" them, right? They don't call
                       it "road rage" for nothing.
                       \_ Because guns are not easily available while cars are.
                          When you say fatalities are up 100% in the last five
                          years the question should be "What has changed in
                          the last five years?".  "Drivers have suddenly all
                          turned insane" is not the likely answer.  The term
                          road rage dates back at least to the late 80s when
                          people in LA were shooting each other on the highway.
                          But you'll note they used guns, not their vehicles as
                          weapons.  I guess it is easier to just say drivers
                          are all assholes and killers than actually take a
                          series look at the problem.  It may even be that the
                          absolute numbers are so low (6 in a year?) that a
                          100% increase is just a statistical anomaly given how
                          few events there are to count.
                          \- above poster: do you have any ungoogled guesses
                             for how many guns are in private hands in the US?
                             (re: guns not easily avail). i'd appreciate it
                             if you'ld post what your first guess it ... surely
                             doing so anonymously wont cause any embarassment.
                             \_ nothing to do with anything but feel free to
                                continue this line of debate on your own.
                          \_ No one said or even implied that drivers are all
                             assholes and killers. I am glad you are willing
                             to at least consider the possiblity that the
                             25+ deaths and 1000+ injuries of pedestrians
                             per year at the hands of automobile drivers
                             might be a problem. Acknowledgement of the problem
                             is always the first step. I am kind of amused
                             that you think that multiple homicide by automobile
                             is crazed, but individual target homicide is
                             per year in SF alone at the hands of automobile
                             drivers might be a problem. Acknowledgement of the
                             problem is always the first step. I am kind of
                             amused that you think that multiple homicide by
                             auto is crazed, but individual target homicide is
                             normal.
                             \_ Ok so it is 25 a year.  How does that compare
                                with other cities?  I never said anything like
                                your last line about multiple vs single target
                                murder.  I have no idea where you came up
                                with that.
                                \_ "The City has the fourth-highest rate of
                                    pedestrian deaths in the United States
                                    for cities of more than 100,000 people."
           \_ Because he asks to be released even though he claims he's sorry?
              Yeah, he's really sorry, really.
              \_ Okay, he is obviously nuts, but so are at least half of
                 people who do this kind of thing. He is kind of amusing,
                 I have to admit.
        \_ BTW, what happened to the guy who struck and killed a pedestrian in
           Fremont (which happened to be at walking distance from my home) and
           then ran over 14 more people in SF?
           \_ In jail, awaiting trial.  one of the women he paralyzed
              is suing his family.
              \_ But has he apologized and asked to be released yet?
2007/6/12-15 [Politics/Domestic/California, Politics/Domestic/Crime] UID:46923 Activity:nil
6/12    Courtroom of the absurd (this seriously had me LOL):
        http://blog.washingtonpost.com/offbeat/?hpid=topnews
        \_ I like the old lady Godwinning.
        \_ Between this and Bork's "You made me fall down" lawsuit, it's quite
           the week for legal laughs.
        \_ If anything, today's is even better.
           http://blog.washingtonpost.com/rawfisher
2007/6/12-13 [Industry/Jobs] UID:46924 Activity:nil
6/12    Do QAs make less money than software engineers?  Say both a QA and a
        software engineer have five years of experience, how to the typical
        salaries compare?  Thx.
        \_ Generally yes, but my understanding is the gap goes away once
           you get into management level jobs.
           \_ Then you're not QA or engineer.  You're "manager".
        \_ Depends on the company. Cisco and Sun both paid QA and Development
           roughly the same (w/ 5-10K) for people in the same grade. Though
           there were a lot more MTS4 and Staff Eng. in Development.
2007/6/12-14 [Computer/SW/Unix] UID:46925 Activity:high
6/12    Inside of a C++ program, I do a "ps | grep usename" for logging
        purposes.  where username = getenv("USER");  Doing this directly is a
        gigantic security hole because someone could set $USER to some command
        line and execute arbitrary code.  What's the best way to make this
        safe?  Is there some standard way to check the input in a case like
        this?
        \_ How about "ps | grep \"username\""?
        \_ man getuid, man getpwuid
        \_ How's your motd logger going?
           \_ I hope OP isn't doing this for a motd logger.  There are much
              easier ways than writing C++.
        \_ Some versions of ps support a -U flag (or similar) that lets you
           pass in the username OR userid. Safest way would be to (1) take the
           username and translate it to the uid via getpwuid, getpwnam,
           &c.; (2) exec ps (w/ the full path) and that uid; and (3) read the
           output in C++. Any otherway is not 100% safe.
           output in C++. Any other way is not 100% safe.
           If your version of ps does not support user filtering, you should
           exec ps (w/ the full path) and read/filter the output yourself.
           Whatever you do, don't use system() and if you are running as root,
           please drop privileges before calling exec().
           \_ Not running as root.  system() is bad, huh?
              \_ Yes. system invokes a shell for you (in some cases csh). And
                 please use a full path, last thing you want is to be running
                 a PFY's hax0r'ed version of ps.
              \_ system() is basically  a wrapper around '/bin/sh -c $command'
                 with all the vulnerabilities and performance hit you get from
                 spawning the /bin/sh -c and what the shell might do with
                 $command.  You're generally safer with fork && exec(command)
                 though then you have to deal with $PATH and massaging the
                 arguments.
                 \_ you should also read up on IFS.
                 \_ you should also read up on IFS. --psb
                    \_ What is IFS?
                       \_ IFS stands for Internal Field Separator, it is
                          what the shell uses to separate elements of the
                          various *PATH variables, among other things.
                          \_ and at the heart of many old skool attacks
                             such as /usr/lib/ex3.7preserve and other
                             insecure popen() problems.
                             insecure popen() problems. --psb
                 \_ Ok, but the command line I'm passing to system is pretty
                    complex.  I don't care much about the performance, since
                    the logging is pretty rare.  But I used "ps | grep $USER |
                    | sort | head" to get only the results I wanted.  Seems
                    like fork exec would in this case would be hard. -op
                    \_ yes it would be.  secure code is hard. insecure
                       code is easy.
                    \_ One possible sol'n would be to implement your filter
                       as a one line perl command and then send the output of
                       ps to that perl command. You would reduce the problems
                       to two fork/execs and would increase your security.
                       But the safest way is still to do as much as you can
                       in C and not in the shell via system().
                       BTW, why do use use $USER from the environment? Can't
                       you read it in using a CLI option or use the current
                       user id via getuid() or geteuid()?
                       \_ Actually, because I didn't know about getuid().
                          \_ I'm not sure what exactly you are trying to do,
                             but I think you can do all of it w/o system()
                             and not too much work in c++. Based on the above,
                             it seems like you could read the output of ps -U
                             [uid] (or equivalent) into a STL string vector,
                             sort the results and take the top 10.
2007/6/12 [Recreation/Activities, Recreation/Food] UID:46926 Activity:nil 88%like:46930
6/12    Death by sports cream
        http://www.washingtonpost.com/wp-dyn/content/article/2007/06/09/AR2007060901298.html
2007/6/12-15 [Science] UID:46927 Activity:nil
6/12    Nifty image technology.
        http://clipaday.com/videos/ridiculous-image-technology-coming
        \_ That's amazing.
2007/6/12-13 [Uncategorized] UID:46928 Activity:very high 66%like:46920 Entry has been invalidated. Access denied.
2007/6/12-15 [Politics/Domestic/Crime] UID:46929 Activity:nil
6/12    Hans Reiser trial postponed
        http://cbs5.com/local/local_story_163171126.html
        \_ Do the crime, do the time.  Nice FS for certain data sets but
           writing a nice FS doesn't get you off a murder rap.
        \_ Kill your ex-wife.  Go to jail.  Writing an interesting FS does not
           earn you a get out of jail card.
2007/6/12-15 [Recreation/Activities, Recreation/Food] UID:46930 Activity:nil 88%like:46926
6/12    Death by sports cream
        http://urltea.com/r7q (washingtonpost.com)
2017/09/19 [General] UID:1000 Activity:popular
9/19    
Berkeley CSUA MOTD:2007:June:12 Tuesday <Monday, Wednesday>