It could be some subdomain that’s hard to guess. You can’t (generally) enumerate all subdomains through DNS, and if you use a wildcard TLS certificate (or self-signed / no cert at all), it won’t be leaked to CT logs either. Secret hostname.
Examples:
github.internal.companyname.com
or
jira.corp.org
or
jenkins-ci.internal-finance.acme-corp.com
or
grafana.monitoring.initech.io
or
confluence.prod.internal.companyx.com
etc
These, if you don't know the host, you will not be able to hit the backend service. But if you know, you can start exploiting it, either by lack of auth, or by trying to exploit the software itself
What if I run linux + gnu + gnome over rdp on VM a server in a rack somewhere that has no screen keyboard and mouse on it? Am i using desktop linux or not?
What if that same VM also is running nginx and serving up web content?
What if I have a pc with a keyboard and monitor sitting literally on my desktop, and it's running linux + gnu but no graphical environment, and I use it for coding (it has music playing when I do this, and i sometime check email or github issues, etc via cli) - yes I've done this, even recently to reduce distractions... some days GUIs are bad for my adhd. Is that a desktop linux? If not, why? What's different about this than doing basically the same thing, but also having a browser open when it's surrounded by a GUI?
I feel like you're overthinking it. It's not that one can get a badge saying "powered by Desktop Linux". It's a rough categorisation based on the use case:
* Embedded Linux is what you expect to see on a "small" device that usually doesn't have a graphical environment (it may have a small screen showing a temperature).
* A Linux server is what you expect to see in racks, serving stuff over the Internet. A homeserver could be that, too.
* Linux on mobile is what you would put on your phone.
* Desktop Linux is what you would put on your working computer, the one you interact with "physically".
Of course, you can run a server on your personal laptop, and you could run a "Desktop" graphical environment on a mobile phone. But that's beside the point. And of course, you can work on a Linux without a graphical environment.
American white supremacists can't figure out a definition of "white". I doubt anyone will ever get a handle on it.
(e.g. do you include Italians? Jewish people? What about Turks or Armenians? Eastern Europeans? There's all sorts of disagreements about what "white" is in the most racist groups out there... because the whole concept is fucking stupid).
There's a difference between the neighbor (whom you've almost certainly met) stepping out and saying "hey stop that" or "keep it down", and karen calling the cops. That's the new thing - this insane insistence that children must be kept hidden, and that the authorities must be involved if they are playing in designated play areas, or walking around the block unsupervised, or (heaven forbid) being loud during reasonable daylight hours.
Who the fuck cares? Seriously - a corporation is a piece of paper that separates ownership from responsibility. It's already a fucking stupid idea - You're deeply liable if you can't keep you trees maintained, or your car under control, but if you can't control you company, it's no problem?
We hand out these get-out-of-trouble cards to the type of useless trash that destroy lives (see pollution, workplace safety, dangerous products knowingly misadvertised as healthy, etc), let those disgusting shareholders profit, and then use tax dollars to cover the bill (if anyone does). Now you wan them to have rights on top of the special treatment? How about instead we do something that is sane, something that doesn't make a handful of people extremely powerful, and doesn't make millions of sad, pathetic tools who just want to pretend they matter complicit? How about we say, "Look if you want special protection, you have to follow these rules that limit the damage you do. If you want to do those damaging actions, you can be responsible", and put in a bunch of rules that stop these specially protected investors from profiting off other's suffering.
tl;dr - it's an incredibly stupid and ultimately harmful position that a paper granting special privileges has rights. Corporations are no more entitled to profit than anyone else, privileges should come with responsiblities equal to them.
Then get legislation through congress to change it. The courts are not there to fix legislation unless it is superseded by other higher legal authorities. Such as the constitution national or state. Current legislation gives them corporations rights. If you think that is wrong then the way to change it is to get people elected who can change that legislation.
The person you replied to didn't say that you had to bypass safe. This bug is orthogonal to type and memory safety, its a different issue.
The git bug in question could be written in 100% safe rust using as much or as little of the type system[1] as you want. It's a logic error when parsing a string.
I dev rust full-time, and I've spent a lot of time writing protocol parsers. It's easy to forget to check this or that byte/string for every possible edge case as you're parsing it into some rust type, and happens all the time in rust, just like it did in C or python or go when I used those languages. This bug (if anything) is the type of thing that is solved with good tokenizer design and testing, and using more small, independently tested functions - again not at all related to the type system.
[1] Although in rust you can arrange your types so that this sort of bug is harder to implement or easier to catch than in most languages... but doing that requires an up-front understanding that logic bugs are just as possible in rust as in other languages, as well as some experience to avoid awkwardness when setting the types up.
In practice I think a Rust project would have used toml which parses safely. The limitation there would be that toml requires strings to be utf8, so it couldn't represent all possible unix paths.
Which kind of makes it an unsuitable solution for the given problem right? Git is not free to (or at least doesn't consider itself free to) work only on a subset of possible paths.
Most applications could probably get away with not supporting control characters in paths, even git, because most file systems/OSes doesn’t support it anyway, as a user of control characters in a paths you can never trust it to work anyway.
_I_ would agree with you. But I’m also not a person writing a version control system for a kernel that still runs wrong-endianess hardware (I forgot which one we are using and can’t be bothered to look it up). And I think a major part of this is, that I assume that something is so insane, that people just shouldn’t do it and the people steering the kernel or git don’t (get to) assume that
Git itself uses this functionality. On my ubuntu system the path is `/usr/lib/git-core/` and in it you see all sorts of bins for "git commands", e.g `git-rm`, `git-mv`, `git-difftool`, etc. A lot of these are just links back to the git binary these days, but many features begin life as a standalone `git-$X` executable, and back in early git days much more functionality was split across executables. (The ones that are now links back to git are largely for scripting purposes, a lot of git "plugins" and various CI type scripts will call `git-mv` rather than trying to get quoting right around calling `git mv` for example.
It also helps make plugins easier to distribute. I don't want to have to type `git-x` sometimes and `git y` others, and if I want my plugin to get adoption, I really really don't want that. So things like git-lfs, git-annex, etc can easily be distributed, documented as a plugin, and generally be considered as "a part of git", rather than a separate command.
This pattern is also not unique to git. Other softwares have followed it, notably cargo.
The very idea strikes me as irresponsible and misguided.