Hacker Newsnew | past | comments | ask | show | jobs | submit | rw-'s commentslogin

Yeah.


Shame on you, Марк Коренберг! Releasing ready-to-use exploits harms everybody.


It doesn't harm me.


It also let's people prepare for it and create solutions. It's not a bad policy, and not releasing the exploit can in many cases be more harmful.


Exactly. Disclosure is best.


phoronix.com sucks anyway :)


nothing special...


Thanks for down voting me...

Sorry, but I'm not satisfied by a random php/ajax webinterface.


Random? This is a one-of-a-kind (AFAIK) tool for managing VirtualBox over the web. The fact that it is PHP is less important than that it exists at all and will be useful to many people who manage VirtualBox running on a server without a GUI.


Put you to 0 out of pity.


hehe, thanks :-)


Please don't use this fu* Facebook redirector!


Consider using ipset. Your ruleset is very huge and slows down your netfilter...


Thank you so much for the tip, I'll look at doing this.

FWIW though I have almost no traffic to these boxes, so I've never noticed any sort of performance issues.


AFAIK no programs are allowed which interpret code.


Actually, Apple allows interpreted code under certain circumstances. Link provides more details. I'm not sure how helpful it would be in this case, though. My understanding is that the main motivation for having scripted languages as a small part of an app, as this rule allows, is for game engines which have high-performance graphics stuff in C, and some of the application logic in a language like Lua. The use of a scripting language can reduce development time, but if you were using C, you might as well compile it.

http://arstechnica.com/apple/news/2010/06/devs-cautiously-op...


But in theory you could use it to script C in debug mode, then hard compile the script before you send it to Apple.


So no postscript viewer ever? And no browsers? That's a sad state.


define "safe". :)


Running every kind of script will never corrupt the application memory :)


[deleted]


Well, if it's interpreted, the interpreter could sandbox the C code it's running, rather than passing it through directly to its own memory space.


That would kind of defy the whole premise of this thing wouldn't it? The biggest and most sought after "feature" of C is it's speed and direct memory access (and simplicity, I guess).

If you take that away, what's left?


Depends on the application, but I could see some mixture of: 1) familiarity; 2) simplicity; and 3) minimal memory usage. Browsing the source code briefly, it really does look like it's an interpreter, with C structs representing Variables, Expressions, and so on.


Of course it is possible in an interpreter.

You simply need to verify each access before allowing it, much like Valgrind does.

Of course it's quite costly do to so, and since C gives the programmer a lot of freedom I guess it's hard to optimize the tests, i.e. to know which accesses are safe without explicitly keeping track.


Are you sure? Even Valgrind does not detect everything. E.g. when you mess up variables within your stack.


That's quite different. Sandboxing in an interpreter is actually fairly easy.


Ok, you are right.


inotify is also unable to inherit handlers. after a "mkdir -p a/b/c/d" it is very likely that "d" is untracked. therefore lsyncd is useless on real systems. :(


this has absolutely nothing to do with ubuntu. ubuntu != gnu/linux.


Nor it has anything to do with Gnu/Linux for that matter. The command's older than your grandma.


GNU? Never hurd of it.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: