Saturday, July 3, 2021

Kinds of People


“If we are to achieve a richer culture, rich in contrasting values, we must recognize the whole gamut of human potentialities, and so weave a less arbitrary social fabric, one in which each diverse human gift will find a fitting place.” – Margaret Mead

If everyone were aggressive, fights would be constant and nothing would get done.

Many of the aggressive power seekers in our modern world don't recognize this. To them, anyone who isn't aggressive is weak, lesser. Thus the tribes, our societies, are broken.

Is this an inevitable outcome of human aggressiveness? We seem to be one of the most violent creatures on the planet. Certainly the most violent among the mammals. Chimps are perhaps closest. They have inter-tribal battles. They're willing to commit genocide. Other predators are sometimes violent, but in a limited way. Males don't usually kill females. They kill males and young so their genes dominate. Or they kill for territory.

Most creatures compete for resources and reproduction. Expand territory, kill others, acquire mates. Thank you DNA, not! Weirdly, it isn't just DNA. Viruses are a collection of proteins, yet they're driven to reproduce. Why?

Margaret Meade is also to have expressed the sentiment that she had done her duty by bearing and raising children, passing on her DNA. After that, her life was her own. In other words our whole purpose for existing is reproduction.

Our societies are broken at least partly because the powerful don't recognize the value of non-aggressive members. If everyone tries to be a chief, who will take care of the tribe? Arguably, a tribe can thrive without a chief. There are other forms of governance. It can't survive without caregivers.

And yet societies can survive based entirely on violence and slavery, e.g. the Taliban. We don't call their people slaves, but in fact they are. Conform or die. Follow orders or die. Try to leave, you die. Slavery.

Russia: conform or die, follow orders or die. Slavery.

Syria: conform or die, follow orders or die, More slavery.




Thursday, March 4, 2021

Apache SSI, is it secure?

Various authors have challenged Apache SSI security. For example:

Protecting Web Servers from Security Holes in Server-Side Includes by Jared Karro, Jie Wang, Division of Computer Science, University of North Carolina at Greensboro, Greensboro, NC 27402, USA, Jared Karro@uncg.edu, wang@uncg.edu
All of the examples this paper sites are internal attacks. Controlling who can edit the Web site and what user Apache runs as completely negate the claimed problems.

Generally, when people talk about the security of a Web scripting language, they are referring to external attacks. No one will claim that a Web language is totally immune, but SSI has, historically, had the fewest issues of any such language.

Other claimed vulnerabilities:


  • Server-Side Includes (SSI) Injection
    • The authors provide no explanation of how the injection is to be accomplished. Setting the file system permissions so the Web server can't write to the Web pages and turning off Exec permission, which are standard procedures for securing an Apache site, should eliminate any possibility of this working.
    • Perhaps they are referring to using the query string as a variable in an SSI command. Programmers must be cautioned to never do this without checking the content of the query string.

Thoughts on Chromebook

In particular, Acer CB515.

We have retired our desktop computers, a Mac Mini and the mid-tower running Ubuntu, in favor of Acer Chromebooks. Yes, there is the concern about being logged into Google all the time. Offsetting that are the following pluses:


  •     Low price ($300, Oct. 2019)
  •     Simple   
  •     Excellent performance
    •         Dozens of browser tabs
    •         Half a dozen or more apps
    •         Slow loading Linux apps...but once loaded performance is excellent
  •         Run most Android apps
  •  Multiple desktops (with a dedicated key for creating and switching - F5 on external keyboard) and separate desktops for each display
    • With one external monitor and the laptop screen, that's 4 desktops each for a total of 8
  •         Multiple displays, mirrored or extended desktop, user choice
  •         Run Debian compatible Linux apps
  •         Special keys for search and multiple desktops
  •     Works with most printers, either directly or via Google Cloudprint
    • Better than Linux
  • Has Penguin Linux available. Most things seem to work.
    • Thunderbird
    • Firefox
    • Gimp
    • grsync
    • Missing:
      • apturl
  •     Integrates with Android smart phones
    • Unlock
    • Text messages
  •     Hardware:
    •         All solid state
    •         Display full 1080 15.6" screen with excellent color and viewing angle
    •         Good speakers and keyboard
    •         Lots of ports
    •             USB 3 (2)
    •             USB C (2)
    •             HDMI (external monitor)
    •             Headphones
    •         MicroSD slot
    •         Brushed aluminum case with strong screen hinge (very similar to Apple MacBook Pro)
      • Slim
      • Lightweight
      • Note: screen hinge failed in a little over a year
    •         Touchscreen
    • Large touchpad with 2-finger support
      • 2-finger drag
      • pinch and zoom
    •         Long battery life
    •         Kensington lock slot
Even though it has only 32GB of built in eMMC, the MicroSD slot expands that substantially. Huge external drives can be connected to the USB C.