<houkime>
so from now i will be far more critical of ipc standards (mostly about their correspondence to current manufacturers capabilities) and employ common logic and metacollin's stuff where datasheets don't recommend anything in particular.
<houkime>
Though strategically what i think should happen is that oshw community produce some exhaustive open guidelines on their own.
<houkime>
just on the git server somewhere, so people can commit and compile from datasheets, experience and manufacturer data actual contemporary requirements for a PCB design.
<houkime>
*producible PCB design.
<houkime>
(the thread basically says that IPC is dead)
<houkime>
(and is unlikely to update any time soon)
<Joerg-Neo900>
>>i will be far more critical of ipc standards [...] employ common logic and metacollin's stuff<< :thumbsup: :-)
<Joerg-Neo900>
you caught up with our internal discusion and conclusions/decisions
<Joerg-Neo900>
yeah, $() escape exploit in filename of icon
<Joerg-Neo900>
in .desktop
<Joerg-Neo900>
I already argues with some other hackers yesterday, and finally stand corrected as this would have hit me if I opened any arbitrary dir with konqueror
<Joerg-Neo900>
writing a .desktop to ~/Desktop is for sure sth you should try to NOT do when source is shady
<Joerg-Neo900>
but even extracting a shady origin tarbal into /tmp/foobar/ would hit you if you open /tmp/foobar/ with konqueror then
<Joerg-Neo900>
>>the researcher says the vulnerability can be used to place shell commands inside the standard "Icon" entries found in .desktop and .directory files<<
<Joerg-Neo900>
MY remediation: *sign* .desktop files with your local PK and expand only files that gave valid signature
<Joerg-Neo900>
have, even
<Joerg-Neo900>
if expansion detected in an unsigned .desktop file: Rise BIG FAT WARNING requester wit options "DONT EXPAND" "EXPAND ONCE" and "SIGN AND EXPAND ALWAYS"
<Joerg-Neo900>
of course requester will show the suspicious line "of code" in .desktop
<Joerg-Neo900>
and a 4th option should be "open in $EDITOR"
<Joerg-Neo900>
in my book *this* is the canonical way to handle such stuff
<Joerg-Neo900>
not feature neutering
<Joerg-Neo900>
which always is a lazy idiot's option to deal with such problems
threebar` has joined #neo900
<Joerg-Neo900>
you got no idea at all how many users out ther4e depend on this feature
threebar- has quit [Ping timeout: 258 seconds]
Kabouik_ has joined #neo900
threebar` has quit [Quit: Leaving]
Konsieur has joined #neo900
Kabouik_ has quit [Ping timeout: 264 seconds]
preview has joined #neo900
him-cesjf has quit [Ping timeout: 248 seconds]
preview has quit [Ping timeout: 276 seconds]
preview has joined #neo900
clapont has quit [Ping timeout: 245 seconds]
Kabouik has quit [Remote host closed the connection]