If you're a Steam user — beware, even slight modifications of your system may result in the nuking of your home directory, and more!
Fortunately, as the entry point for the user is a shell script (bash, but that's another story), it's been quite easy to find the source of the problem, the lack of sanitising shell variables before passing them to potentially dangerous commands — in this case, “rm -rf "$STEAMROOT/"*'”. The commit that introduced the bug also seems to have contained a remarkably apt comment ``#Scary!'' (it's not clear that the repo being pointed to, and its commits, mirror exactly the same commits as Steam themselves would have added them.)
It seems that even on MS Windows, Steam gets a bit over-eager about deleting files it doesn't own.
As a software engineer, who's also been a package maintainer on huge projects with up to 70 engineers wanting to force patches into my tree, I've become hyper-attuned to the concept of asking "what could possibly go wrong" (and having a mindset like Bob the Bastard from the animated Dilbert series), and consequently for demanding small readable patches which do just one small thing that's trivial to review. Would the patch have passed review? How confident are you about the quality of the rest of the code if things like this can slip through?
(Score: 1) by ThG on Friday January 16 2015, @03:43PM
Boot.ini was killed by the classic to premium graphics update (Trinity release).
If that hadn't happened, I'd never have gotten my hands on the boots.ini (wearable apparel for EVE avatars)!
(Score: 2) by nitehawk214 on Friday January 16 2015, @04:19PM
Ahh that was it. I was running either a too old or too new version of windows to be affected by it.
Their big problem was they had a file called boot.ini in their installation directory and this overwrote it. I think a quick windows "repair" fixed it... as long as you have the installation media. :)
"Don't you ever miss the days when you used to be nostalgic?" -Loiosh