Micropost

The vulnerability in the GNU C Library (glibc) represents a major Internet threat, in some ways comparable to the Heartbleed and Shellshock bugs that came to light last year. The bug, which is being dubbed ”Ghost” by some researchers, has the common vulnerability and exposures designation of CVE-2015-0235. While a patch was issued two years ago, most Linux versions used in production systems remain unprotected at the moment. What’s more, patching systems requires core functions or the entire affected server to be rebooted, a requirement that may cause some systems to remain vulnerable for some time to come. The buffer overflow flaw resides in __nss_hostname_digits_dots(), a glibc function that’s invoked by the gethostbyname() and gethostbyname2() function calls. A remote attacker able to call either of these functions could exploit the flaw to execute arbitrary code with the permissions of the user running the application. ...

Except instead of the usual story, we’re going to try to answer this question in as much detail as possible. No skipping out on anything. This is a collaborative process, so dig in and try to help out! There’s tons of details missing, just waiting for you to add them! So send us a pull request, please! » Alex Gaynor | github.com

A French coder has developed what is thought to be the smallest-sized chess computer program. BootChess is only 487 bytes in size, and the code can be run on Windows, Mac OS X and Linux computers. That makes it smaller than 1K ZX Chess - a Sinclair ZX81 computer game, which contained 672 bytes of code and had held the record for 33 years. » Leo Kelion | bbc.com

With the release of yet another time travel movie this week (Project Almanac), it’s time for us to look back at the great time travel movies of our past. Here are all the major time travel movies ever, ranked. Here are the rules: No animation. No short films. And no movies that where someone is frozen (or something) and then they wake up in the future (so Mel Gibson’s Forever Young, Encino Man are OUT). ...

All secure crypto on the Internet assumes that the DNS lookup from names to IP addresses are insecure. Securing those DNS lookups therefore enables no meaningful security. DNSSEC does make some attacks against insecure sites harder. But it doesn’t make those attacks infeasible, so sites still need to adopt secure transports like TLS. With TLS properly configured, DNSSEC adds nothing. » Thomas & Erin Ptacek | sockpuppet.org

The program Bentley asked Knuth to write is one that’s become familiar to people who use languages with serious text-handling capabilities: Read a file of text, determine the n most frequently used words, and print out a sorted list of those words along with their frequencies. » Dr. Drang | leancrew.com

The Old Testament is full of examples of chiasmus, which is a figure of speech used in ancient times to emphasize balance. It lists a bunch of ideas or things and then repeats each of them in reverse order. It’s often not an identical repetition. It frequently uses the opposite of what came before or something similar to it. » Robert Lockard | dejareviewer.com

There was a time not so long ago when Minecraft was actually a game. Now, it’s an insane sandbox where people build all kinds of incredibly complex things… like a word processor… out of blocks. This crazy contraption is the work of a a third-year robotics student who goes by the name of Koala_Steamed on YouTube. It’s the result of nearly two years of painstaking work inside the Minecraft world. That’s not continuous, mind you. Breaks were obviously taken to do things like attend classes, use the washroom, and interact with people and things that had curves. ...

The dynamic creation and destruction of objects was always one of the bugbears of C. It required the programmer to (manually) control the allocation of memory for the object, handle the object’s initialisation then ensure that the object was safely cleaned-up after use and its memory returned to the heap. Because many C programmers weren’t educated in the potential problems (or were just plain lazy or delinquent in their programming) C got a reputation in some quarters for being an unsafe, memory-leaking language. ...

Using HSTS to track your browsing habits evades the features of web browsers designed to control more normal ”cookie” based tracking mechanisms. Using ”incognito” or ”private” modes means that existing cookies won’t be shared with sites you visit. Browsers also let you entirely delete cookies that could be used to track you. Because HSTS is a security feature and isn’t intended to be used for tracking, web browsers treat it differently from cookies. It is only by intentional misapplication that HSTS can be exploited to track users. ...