SoylentNews is people
SoylentNews
The 2017 Pwnie winner for lamest vendor response goes to Lennart Poettering for systemd. According to CSO which has reported on it, the Pwnie winners which were announced a few days ago, the summary for Lennart and systemd reads as follows:
The most spectacular mishandling of a security vulnerability by a vendor ended up winning a Pwnie for Lennart Poettering due to SystemD bugs 5998, 6225, 6214, 5144, 6237. The nomination reads: "Where you are dereferencing null pointers, or writing out of bounds, or not supporting fully qualified domain names, or giving root privileges to any user whose name begins with a number, there's no chance that the CVE number will referenced in either the change log or the commit message. But CVEs aren't really our currency any more, and only the lamest of vendors gets a Pwnie!"
(Score: 0) by Anonymous Coward on Monday July 31 2017, @09:43PM
> For data processing and coding, CLI tools are correct.
Not really. A proper language, even interpreted like python, that doesn't sacrifice half its syntax for the sake of command prompt convenience would always produce better, faster and more editable results. CLI tools are for administrative operations. Small mass renaming... Finding all the files with foobar in their content... Small one-off operations that server operators need to perform occasionally. The way those tools are used in installation scripts and the like is just wrong. Web-servers calling those tools is wrong. Data analysis using those tools is wrong.
Shell scripts should glue and pipe. Not do complex logic and heuristics. Demanding those features from those tools has been the cause of some of the worst bugs and security issues for decades while adding nothing beyond what other scripting languages are already doing better.