That's just to become an acquiring bank, to save on exchange fees.
Ultimately VISA determines who gets to participate in the VISA credit exchange network and will fine acquiring banks who participate in things like this. No one can force their way in and avoid responsibility -- period.
One obvious example would be if you had hired the interviewee in question. If so, it would be awfully difficult to demonstrate discrimination against them!
Don't get me wrong, it is a very bad idea to ask these questions. But it is not illegal, strictly speaking.
Here's one for you: City real estate dips in price. Suburb real estate rises, especially at the fringe of the suburbs. A self-driving car with a LTE wireless hotspot would make a previously absurd commute manageable.
Heck, you could sleep during your drive in to work.
This rant misplaces its frustration. This is not a problem with unix filesystems, this is a problem with Bourne Shell scripts, and with UNIX argument parsing semantics.
Bourne shell is notorious for its problematic quoting, both of filesystem data and of any data from any other source. Every example in which he described a problem with a filename parameter could just as well be a problem with a non-filename parameter. The correct solution is to not program complicated scripts in Bourne Shell, and instead use a language which does not implement variable access by interpolating strings and then re-tokenizing and re-evaluating them. Examples of satisfactory languages include Perl, Python, Ruby.
Regarding UNIX arguments and the dash, it is an unfortunate aspect to the flag argc/argv/envp calling convention for unix programs. Some other operating systems provide more structure in their calling convention, explicitly separating different types of parameters from one another. This is both a strength and a weakness, as it results in a uniform yet inflexible systems interface. One of the greatest strengths of UNIX is that its calling convention is so flexible. The semantics used today are quite different from the semantics used 40 years ago -- yet execve() remains unchanged. I would encourage anyone interested to do a bit of historical digging here, and see how those more ridged system APIs fared over time.
Anyway, the solution to his initial question of using `ls` is the -- argument, which signifies argument parsing should be disabled for the remainder of argv: ls -- *
The correct answer to his dotfile/glob question is: "glob() and the Bourne shell do not have the semantics you're after. Do not use them, use readdir()."
The correct answer to his find -print question is: Yes, print's use of whitespace was a mistake, and it is a mistake repeated continually throughout the land of shell scripting and accompanying standard UNIX utilities. As he notes, it is why print0 was introduced. Making print0 standard is far easier than reworking filesystem semantics (and, reworking userland in this manner is a more complete solution as it addresses data integrity issues from non-filesystem inputs as well). If you want reliable, correct programs, do not write them in shell.
No, even "satisfactory" languages can suffer problems. For example a couple of days ago I discovered a nice exploit in the qemu-img program, and using any language to parse the output wouldn't help you:
Your link above shows an author who claims JSON output, yet the output is clearly non-validating JSON (toplevel is not a [] or {}, improper quoting, etc). It appears that instead of using JSON serialization, the author merely printed key/value pairs separated by the string ": ". The problems with this approach are obvious.
This is why using a proper serialization format is important.
If the author had done this correctly and used a proper JSON library to produce this output, the following, completely safe result would have occurred:
The author probably would have been best served by YAML, which is more easily readable -- and which, like json, provides mechanisms to properly represent arbitrary data.
In any event, the discussion is severely confused. Ad-hoc buggy formats cannot be compared with well-formed JSON or YAML. This has nothing at all to do with the language.
You should probably read the link more closely. I'm advocating using JSON so that programs are able to safely parse the output of 'qemu-img'. At the moment there are many programs that parse the (current text) output, and they almost all have security holes as a result.
Yes it does - qemu-img is written in C. The two programs we found exploitable were written in Python and C. They are written in "satisfactory" languages. Bash is not involved. Yet both suffer exploits because of \n (and other) characters in filenames.
The issue you refer to is in a poorly formed, ad-hoc serialization format. It has nothing to do with representation of variables at runtime. It has nothing to do with the language.
It is a programming error, not an inherent flaw in the language.
That's incorrect. As was already pointed out this issue has nothing to do with reading data from the filesystem or manipulating variables internal to the program and everything to do with poor choices made when using printf.
In other words, those files aren't causing the QEMU program internals to re-interpolate one variable as two values. They're merely messing up a poorly written data exchange format.
Other languages such as I listed above simply do not have the same issue. The C program did not mis-interpret a variable as two separate values because it contained spaces. That is the nature of the danger with shell -- any reference to a variable in Bourne involves string interpolation and tokenization. This simply does not happen in C.
>The correct solution is to not program complicated scripts in Bourne Shell, and instead use a language which does not implement variable access by interpolating strings and then re-tokenizing and re-evaluating them.
The author also mentions a problem with the filesystem: what is the filesystem encoding? Do you treat filenames as blobs, or encoded strings? What do you do if you think the filesystem stores UTF-8 but there's a filename which has a byte sequence which is invalid UTF-8?
I was thinking about this some more. You are right, but both you and I missed the point.
I think the author is saying that the problem is the "unix filesystem" is actually filesystem that doesn't match the unix, where 'unix' includes sh/csh/bash shell and command-line arguments which start with '-'.
If the filesystem wasn't a broad in what it accepted ... and the author is trying to convince us that POSIX allows that ... then it would a unix filesystem which was a better match to unix.
Yes, Bourne Shell's variable access scheme is a bit ghetto, but to me the problem is that the shell is doing globbing at all. Why not have the shell pass "*" through to the program, and have the program itself perform globbing? Then filenames would have no impact on how the command-line is parsed.
Because that's how MS-DOS used to work, and it was dumb. It means every program has to do globbing (or often, didn't do globbing). In any case, bash does get this right: ls * will pass the correct filenames to the ls program no matter what the filenames contain. Also quotes around variable expansions can cope with any characters.
So what? If the primary API used by command-line applications to open files does the globbing, then programs will have to go out of their way to not glob. And you'll get the added benefit that globs will only be applied to arguments that are actually meant to specify filenames. There would be none of this escaping "*" when you pass it to "find."
> In any case, bash does get this right: ls will pass the correct filenames to the ls program no matter what the filenames contain.
That doesn't solve the problem; your filename could be called "--help."
bash isn't interpreting '--help' at all, it is just passed on to the program being executed, and most GNU CLI programs conventionally interpret '--help' as a special option.
If your filename is indeed --help, the convention is to use '--' as the separator between your command line options and filenames. Anything after -- is not interpreted as a command-line option.
Another way would be to use a more qualified filename form ('./--help')
Because, as the author points out, different users may want different globbing behavior. Globbing is not performed identically between shells.
If the author so wished, he might trivially create his own shell and allow * to match dotfiles, with absolutely no disruption to the rest of his system. Or one could write a shell which uses a regex instead of a glob. Or the SQL LIKE query syntax. The possibilities are endless. Anyone is free to do this.
The fact is, the current globbing behavior in unix shells strikes a good balance between pedantic correctness and "what I really want." The author's frustration is due to his attempting to use a command line interface as a structured programming language.
A better, and universal, solution to the problem of filenames starting with - is to prefix all relative paths with ./. A path like ./-blah will never be misinterpreted as a command line option, regardless of the tool, and doesn't depend on the -- convention which is only inconsistently present.
Regarding the expense of clinical trials, it's important to note that the scientific results of a clinical trial are not protected by either patent or copyright. Pure research data cannot be restricted under any form of IP. Factual data without a creative element is explicitly exempted from both the patent and copyright system.
A published paper on the results of a trial may fall under copyright, but the factual observations and conclusions cannot be.
The "clinical trials are expensive" argument is incredibly disingenuous.
It's much, much worse than what you describe. They are seizing domains based on the preference of a private entity. There is no allegation of criminal infringement against dajaz1.com -- not even a little bit.
This is not an issue of harassing minor offenders, this is an issue of harassing those who have not offended in the slightest. Who are guilty of nothing more than saying something (in the form of links) which the RIAA does not wish to hear.
Rojadirecta is an interesting case, in that they were infringing on copyright, but they were found legal in Spain (different legislation), so the U.S. government seized the .com and .org anyways.
They were not infringing on copyright. That is, the US Justice Department and Immigrations and Custom Enforcement - after 20 months - dropped the case.
There was no trial, no judgement, not even a settlement with a "fine but with no admittance of guilt." There was nothing.
So, how are you sure that they were infringing on copyright?
Which is why criminals do not charge half of its used value -- they charge 100% of the used value just like everyone else.
You cannot tell a stolen bike on craigslist apart from a non-stolen bike based on the price alone.
The problem of stolen cars is addressed through licensing and registration. Not to mention, bicycles do not have a reliable and standardized VIN system like cars do. The fact is, the hassle of creating and enforcing such a system probably outweighs the positive aspects of preventing bike crime.
I lived in a town that required all bikes to be registered and licensed, and all sales of bikes to go through the local government. It was such a big pain that I would rather just live with the higher risk of theft and the lack of enforcement.
The LAPD was ticketing riders on large group rides a while back for not having their bikes registered. It was a misapplication of the law, since the law was supposed to protect cyclists from theft, not get them ticketed if they didn't have their stamp. The idea was that the bike shop registered your bike when you purchased it.
The cyclists stormed city hall and complained loudly, and the police were forced to stop doing this.
More often they charge 75-90% of its used value, enough of a discount to move it quickly but high enough of a price to avoid looking "too good to be true."
Not sure if it applies to all of Japan or just the city where I lived, but there was a requirement to license and register your bike with the local police department. Despite that my bike still got stolen from my apartment building, and from what I heard from others bike theft was not uncommon.
When a civil contract is broken the appropriate response is a trial in a court of law. Businesses are quite familiar with the debt collection process. A judge and possibly a jury are needed to resolve these types of disputes fairly.
Under no circumstances should a merchant be permitted to forcefully take funds from another person, outside the purview of the law.
I don't know where to start.