Don't forget the paradox of the paradox of intolerance (a.k.a. the meta-paradox of intolerance) which states that Popper's paradox of intolerance is often cited by those seeking to justify their own intolerance, ironically identifying themselves as also among those whom the paradox of intolerance warns against.
(I jest but, in seriousness, always remember that Popper's paradox works as a justification for any side and any viewpoint, whether good or bad. That's why it's a weak argument.)
It's because tolerance is not what's actually being discussed. It's morality. No-one thinks we should tolerate rape or murder, or considers the locking in a box of those who commit those acts as being in any way intolerant, even though to a dictionary definition, it is.
It's just about changing morals, with the idea of tolerance as the vehicle that smoothed the way. All the dichotomies dissolve when things are seen for what they are.
Uncommon as they may be, I imagine getting a divorce is currently a complicated, expensive process, even if the couple are in agreement about terms. Sounds like a good pain point to solve, though I have reservations about trying to automate complex legal, financial and emotional decisions like this.
`:;' is not the best string to use to identify shellshock exploit attempts, as the contents of the function are ignored and can change.
Searching for `() {' _should_ (and I'm happy to be corrected here) find most attempts at exploiting, since that's the key sequence that triggers bash's "parse this environment variable as a function" behaviour.
Upon researching this, "() {" will always catch this.
If you look at the bash source code, the relevant parsing function checks if an environment variable begins with the literal 4-character string of "() {". That's why it's pretty easy to detect exploits: you can't do anything to evade a filter checking for this in an HTTP header. An HTTP server should not be doing any decoding of an HTTP header that could result in "() {" being obfuscated. This may not apply for attacks against things that aren't web apps, though.
Upon researching this, "() {" will always catch this.
Unless the input is decoded in some way before reaching an environment variable. E.g. HTML entities, hex escapes (percent or backslash), gzip, ... Best just to patch bash and switch to a different /bin/sh.
Some web servers helpfully remove some sorts of white space, like newlines. '() \n{' will get past many filters, then hit some CGIs behind such servers.
I would worry similarly about some mail headers being helpfully reassembled, then handed to procmail in environment variables.
Mid-2013 press releases [1][2] talk about using "vertically-aligned carbon nanotube (VANTA) arrays" and cite similar absorption rates as the linked article.
> The Sketchbook of Susan Kare, the Artist Who Gave Computing a Human Face
> Posted: November 22, 2011
> The Woman Behind Apple's First Icons
> Apr 3, 2014
Not sure how a 2011 article can be a copy of a 2014 article.
Edit: especially since the 2014 article links back to this one in the paragraph:
> Within 10 minutes of seeing Xerox’s GUI advancement, Steve Jobs proclaimed that “all computers would work like this someday.” In exchange for a pre-IPO purchase of Apple stock, Xerox allowed Jobs and his engineering team three days’ access to PARC to scope out the Alto and its development tools.
After reading your comment, I started looking back at the packets I got using the script on a site I knew was not patched. Damn.. there are plaintext passwords in there for paypal.
1. https://www.retroarch.com/?page=achievements