Apache starts as root so it can bind ports 80 and 443, then switches to the apache user. But the logging subsystem starts before the setuid to apache, so a piped CustomLog binary runs as root.
More secure options would be to use CAP_NET_BIND_SERVICE instead of root, or to make Apache bind an unprivileged port and then use something like iptables (or an external load balancer) to redirect 80/443 to the privileged ports. But, for reasons I can't quite recall (it was 10+ years ago) we didn't take up any of those more secure options.
The setuid binary was created (indirectly) by the Apache CustomLog directive, which is able to spawn programs to use as log targets. So it matters which user Apache runs as, because that controls which user creates the setuid binary and thereby which privileges you can gain.
Rereading the comment it also seems more like Apache is starting something that can become root somehow, I really don't think it is implied Apache is running as root.
Apache usually starts up as root so it can do setup that requires root, and then drops privileges to a user/group specified in Apache configuration. Most commonly the required setup is just binding to privileged ports, but one of the supported setup steps is opening log pipes. See the security note here:
By default, only root can bind to ports 80 and 443. You can change this policy, but that's considered unsecure because then any program can bind to the so called "privileged ports."
You can be more specific than that and allow only a specific user/program to bind a specific privileged port. This is accomplished with a combination of SELinux and the capabilities API in 2.6.24 and newer.
Even if you do that, I think Apache still starts as root to do things like open SSL certificates and log files (and logging configuration is the thing exploited here). Is there a common config - e.g. an initscript / systemd unit on an SELinux distro - that starts Apache as a dedicated user?
I know Apache supports being started as an unprivileged user (I do this myself a lot when I need something a little more featureful than SimpleHTTPServer) but my impression was that that's not very common for production deployments.
There is the issue of the account. Whatsapp and Telegram are free (signal too?) and require 0 setup. With Conversations, you either have to pay for a conversations.im account, or open your browser and register on another server. I certainly can't imagine my grandmother doing that.
Well, there are a few more issue. None is a real show stopper but each would be worth to be solved in the sense of usability:
- Explaining decentralization aka. 'Its like E-Mail: you need an address'
- Choosing a good provider (reliable to stay for some time, server features)
- Registering an account (many providers require a registration via browser)
- Obtaining Conversations:
-> Play store: and pay for it - 'yes, its worth it and you support the development'
-> Fdroid: free, but more complicated
- Adding contacts (as Conversations doesn't scan your address book you have to do it manually)
- Enabling OMEMO (not enabled by default)
- Adjusting settings as some default settings are kinda weird (e.g. disabling green background of encrypted messages, show online status, enabling confirmation of receipt)
So to solve those issues I have a few Ideas:
Provider selection: The App could score all available providers (important features, years of service), sort by score and let the user select the desired domain extension. Afterwards it could perform an in-band registration (it already does so if the server supports it).
Price: While I find the app totally worth its price, I think it hurts the adaption to some extent. So if I could decide it, I would make it available for free and see to make the money somewhere later in the customer journey, as setting the price up-front kills the network effect.
Contacts: Actually, I do not like it when Google & co. scan my whole address book and send it to their servers and keep it there for future use. But think there could be some compromise like: I can decide to publish my own address as a hash to some central service and use my address book to ask if someone else has registered the address (rate limited). Yes, you would still have to trust the central service to some extent, but that should be an acceptable and completely optional way of contact discovery.
OMEMO: Should be enabled by default.
Default settings: Maybe some day I will create a pull request.
While this list looks kinda intimidating, using Conversations after the installation is pretty much the same as WhatsApp/Signal.
Yes, I completely agree. I couldn't understand why it isn't default either.
As for the other points, they're all true but like you say yourself they are no show stopper especially since most people have at least one friend or family member who can assist them. People who don't understand technology have resorted to those who do for decades. Getting an e-mail adress and configuring an e-mail program was no more complicated 10-20 years ago. It's a matter of minutes to set everything up.
The adoption problem isn't one of technology but mindset. If there were a heavy marketing department behind Conversations it wouldn't be a market leader but the market share would increase significantly.
It isn't any different. In "the old days" chances were high you even could just login with that e-mail account you already had, not only with gmail but with some other larger providers as well.
Sure they can. Author could specify a unique #hashtag for the post that can be used on Twitter/FB. Not sure about other platforms that support hashtags or similar concepts, but its not out of the question to track comments like that elsewhere.
In most cases on twitter/facebook, the author's official account post is going to be the main area for discussion. For places like here or reddit, alerts are an option.
Ulimit is per process, it won't do. vm.overcommit_memory=2 with some setting of vm.overcommit_ratio or bytes will help though.
I'd say overcommit heuristics break applications and cause them to eat too much memory since they don't know when to stop. The only trouble is KVM which for some reason takes double of process space allocated to the VM for no good reason and perhaps memory intensive Java.
> Will coinbase honor the price when order is placed ie if it shows $19700 then will it let me buy 0.1 BTC at this price?
No, neither the price at which they actually allow you to buy or sell BTC matches the price they display. They set the price for you, which is different in both operations (and on top they charge a fee).
GDAX on the other hand (same company as coinbase, different service) is an actual market where you can place orders at whatever price you want, and somebody will take them if your price matches theirs.
I bought a nintendo switch with zelda, and the cartridge wasn't detected the first time I put it in. Took it out, blew a bit on it, back in, working perfectly! Some things never change.
You can just uninstall it. It looks like apt remove systemd would work on my system, at the cost of GNOME and NetworkManager. APT automatically fills the gap with sysvinit and consolekit. OpenRC is also available.
Debian even has ports to kFreeBSD and HURD that don't support systemd at all.
There were some rough edges last time I ran Debian without systemd, and it might have gotten worse since then, but it surprises me how Debian ended up at the center of the debate when it doesn't seem that bad as systemd-defaulting distros go.
No idea if this is intenional or if it was just for the drag space / design, but what it also does, is that it moves the start of the URL more into the middle of the viewing area.
And the start of the URL contains security-critical information (http/-s and domain name), so having that closer to your eyeballs is generally helpful, even if it means cutting some of the URL off at the end. Especially so for average users which is ultimately the user group that's mainly going to be using the default.
Since on most platforms the tabs go all the way to top of the window now, there isn't room to grab the window to move it around. Those spaces act as extra drag targets.
Even without house rules, it depends on the way people play. In my family, monopoly is played in a very anti-social way, where the main goal seems to be preventing other's victory or advantage.
The strategy everybody follows is basically "buy everything you can, and decline all bad trades". Buy everything, of course, to prevent others from making full property groups. Since there is no such thing as an equal trade, no trades are made.
As you can imagine, since nobody has full property groups, the game takes forever, it's terribly boring, and pretty much boils down to luck.
The inability to get an equal trade shouldn’t stop you from trading anyways, as it misses that there is huge relative advantage of having a monopoly, even if it means you have to give someone else a “better” monopoly.
This is because if two players complete two monopolies first, they are basically guaranteed to be among the final two at a 4+ person table, as their early monopolies will quickly drain the other two or more players who refuse to make these trades and are therefore wasting time walking around, during which they’ll grow weaker and weaker due to your monopolies.
Knowing this, it almost doesn’t matter if the trade is equal, so long as you’re trading for a post-jail monopoly (pre-jail tends to be low value), because the winner, once you and your opponent have your improvements, will be decided by chance, as one of the two monopolists will bankrupt one of the other, more behind players first, and then take all their money and property, almost certainly netting themselves several more monopolies and funds for improvements.
