If you're using WP Super Cache...

Saturday, 06 July, Year 5 d.Tr. | Author: Mircea Popescu

... you should probably know it's a piece of shit. Looky :


So the nice customer of Airtel Broadband in Bangalore, Indiai adds a snippet of php which would in principle execute arbitrary code just as long as that code is sent as a base64 package alongside a string that hashes correctly. But then he embedded all this in a html comment tag.

What the hell is the point of all that ? It won't run, will it ?! Well, as it turns out it just might. It just might because the idiot who wrote Super Cache and then irresponsibly distributed as if it were usable can't code.

Unfortunately it was reported recently that remote visitors to sites using the plugin could execute any code they like by simply leaving a comment containing the right mfunc code. These functions are now disabled by default, and a filter removes harmful code from comments but if enabled they pose a security risk. I considered adding a security code to the mfunc tag but unfortunately the best way of dealing with this problem is to replace it completely with something different. The next release of the plugin will do away with mfunc, mclude and dynamic-cached-content entirely.

Unfortunately, you see. It was reported recently, you see. That he can't code and has no business touching a keyboard, you see. I happen to be immune to this one because I don't run Super Cache, I don't allow comments from new users without prior approval and I don't allow most any html tags in comments in the first place. Nevertheless, consider the following exchange :

mircea_popescu Namworld no. What I think is that some people who have no clue about Bitcoin pretend to teach others about Bitcoin. This is bad, because the net result is even more idiots who have to first be beaten into a pulp either by MPOE-PR or the market before they unlearn the stupidities and insanities they learned and can become productive members of the community. So basically Stanford is fucking up a number of kids who otherwise had a chance, maybe.ii
Namworld Yeah. I don't think too much of it. But I find it fun professors have decided to make their student integrate Bitcoin as the payment system instead of something like Paypal.

mircea_popescu Well if it were 2012 and we'd be unknown I could see it. But as it is, Bitcoin is moar than Stanford, so. They're leeching us not the other way around.
ThickAsThieves So for the sake of the argument, if the student is an engineering major, and will be the guy building such services regardless, should he now be required to have a Bitcoin Economics class?

mircea_popescu Nope.
ThickAsThieves How does one become qualified then, to build a Bitcoin service?

mircea_popescu But in order for the teacher to claim he's teaching anything whatsoever to do with Bitcoin, he is legally required to first make a WoT account and come here and say the fuck so.
ThickAsThieves Hmm.

mircea_popescu Well ? Can you go teach law ?
ThickAsThieves Nope.

mircea_popescu Well then. They can't teach Bitcoin. It's the law. And ignorance of the law is no defense.
Namworld I don't think it matters. It's not like Bitcoin is hard to understand. The professors aren't Bitcointalk.org morons either.

mircea_popescu It is hard to understand is the problem. This is why otherwise respectable gentlemen come here to ask how to trace fraudsters via Bitcoin addresses. It's motherfuckingly hard to understand, because it contradicts a host of mistaken notions people built for their own convenience with no reality backing them at all.
Namworld Yes, for most... who are clueless as to how Bitcoin works...
ThickAsThieves I do find that each person I try to explain Bitcoin to, hears something different than the last.

mircea_popescu The result of them listening to themselves more than to you.
ThickAsThieves Each clings to some aspect of it.

It's not just Bitcoin, obviously. It's coding, too. Every two bit idiot who wasn't good enough to sling dope figures they're a coder now. Let's not even get into "social media expertise" or "professional journalism" or anon. Everyone is absolutely anything they can conceivably ever wish to be, correct ? And since we're on the topic the four evangelists were three, Obama and anyone else, right ?

It's not just Bitcoin, it's everything. The entire Western civilisation is collapsing under the weight of the airs and farts of fakers. This is what we have become, we who have conquered the world, we who have decided the course of life on Earth for millenia (and those were by far the best millenia for life on Earth), we who are the first and the most important of all people. A collection of fakers.

At first by pretending like it's wrong to punish (yes, physically, but not just physically) those who pretend to be human without having what's required to back it up.iii Then by continuing to expand the scope of that nonsense to the point where belittling the fakers takes more effort than actually joining them. Soon enough there it is, the majority of fakers, claiming their imaginary "rights" and complaining that the few remaining human beings in the world are throwing the curve.

Meanwhile, China delivers. Meanwhile China delivers, and by now all perspective was lost anyhow, we're at the third if not fourth faker generation.

The jig, as they say, is up.

  1. Remind me, why are we still allowing Internet connectivity to the poor ? And just to be clear, I am filtering your response for cheapviagracialis. []
  2. And as much as the idea pains, the fact remains that Stanford is no better than sfsu in this respect. []
  3. It's "bullying" don't you know, the stuff that keeps society together is "bad", haven't you heard ? The retardopedia said so! []
Comments feed : RSS 2.0. Leave your own comment below, or send a trackback.

5 Responses

  1. hi

  2. Mircea Popescu`s avatar
    Mircea Popescu 
    Saturday, 6 July 2013

    Ya ya.

  3. Way to stay on topic dude.

  4. Mircea Popescu`s avatar
    Mircea Popescu 
    Saturday, 6 July 2013

    It's my chief weapon, which are staying on topic and surprise. Two chief weapons!

  5. This blog has a long story of ontopic comments.

Add your cents! »
    If this is your first comment, it will wait to be approved. This usually takes a few hours. Subsequent comments are not delayed.