The allocator was never "100% necessary". It might have been advantageous in some systems, but in vast majority of systems it have never been more than a hassle. Then when they made the OpenSSL unworkable without their allocator - or rather without the undocumented behaviour their allocator happened to have, they should have removed it immediately. But no, they were macho, they thought "we know better".
This problem was caused by a simple missed parameter check, nothing more. Stop acting like the cultural problem is with the developers when it is with the leaches who consumer their work.
I do not believe you. If this were an isolated case, then you'd be right. But no, this kind of "oops, well now it is fixed" things happens all the time, over and over again. The culture of the programming never improves due to the error - no matter how simple, no matter that it should have been noticed earlier, no matter what.
I am willing to bet that after next hole the excuses will be same "it was simple, now it is fixed, should up" and "why don't you make better, shut up" or just "you don't understand, shut up". And still the cowboy-coding continues.
This was caused partially by unchecked parameter (this should have never happened, there is no excuse for it), partially because the idiots used their own allocator which created the covert channel and prohibited the use of malloc-debug libraries. Libraries which would have found the error - again this should not have happened.
But then, maybe I just should shut up
You forgot NIH. OpenSSL used its own allocator, the most positive thing I can say about that is "totally idiotic". AFAIK nobody is removing it
Furthermore, C is insufficient language for a security software (C++ when properly used barely acceptable, managed languages much better).
"less clear"?
Less clear my ass! I'd say there is no leadership in the project, unless "FUD" (fear of it breaking something) is called "leadership". But then as you say, "nobody cares".
If the code is as you describe, the whole shebang should be rewritten from scratch using higher level managed language. Any managed language would have prevented the information leak although probably not the unchecked value.
I challenge anybody to review it and find (or notice) the bug.
My point, once again, is: C should not be used for security sensitive programs, we should start using managed languages.
I know, won't happen, because people are lazy and won't learn. Yet again we will think that this fix solves everything, that now OpenSSL is fixed. Which it most likely is not; I would be really surprised if there are no holes KNOWN (to some russian, chinese, israeli, usa,
Are you saying I do not have the right to say "Eich must be fired" or "please support my view" or "I will use another browser"?
Any of those or all together or where is the line?
AFAIK nobody has threatened him or other people, have they?
Note: I personally have no opinion whether Eich should step down or not.
Close but no cigar.
Suppose that "we" hold a democratic election whether gays should go to jail. Now, suppose over 50% vote "yes, they must".
I cannot ever agree with "you don't get your way". Even minorities, i.e. a bunch of individuals as you put it, have rights. Rights which are more important than "democracy". After all, we don't keep elections whether OJ is guilty or not, and I sincerely hope we never will.
Whether Eichs view is "popular" or "mainstream" does not make it less appalling. Today "war on terror" has huge popularity, like McCarthy before, and so on.
And since it takes me a few days to adjust to getting up 1 hour earlier (the norm is only 1 day per hour), I miss an hour's sleep for a few days after the clock change.
This is something I just cannot understand.
First, the human internal clock is not 24 hours. Second, the sunrise and sunset move by an hour in two to three weeks (depending where you live), so it cannot be Sun related (not that you claim it is - but some do). Third, if you move to different time zone, say two hours off, you will notice pretty much nothing in the next day. Fourth, in the Autumn nobody claims they "must go to bed and wake up hour early" or "clock is off for weeks".
So I do not claim you do not have the problems you mention, but I think it is more because you look at the clock "I cannot go to sleep this Sunday earler than one hour late".
BTW, AFAIK melatonin is not addictive, whether it helps or not - I wouldn't know.
No, the main question is whether phone usage increases the likelihood of an accident or not (and if it increases, how much). This is testable at least in simulated environments - if not already done.
But then, we both know what the study will show.
Track record this far is
I'd be really surprised if the most of incompabilities were not bugs in the code itself (or libraries as you point out). Far too many a program rely on some undefined behaviour, and when it changes, you are screwed.
I'm all for what bitcoin is trying to achieve.
I'm not. Actually I do not know what it is trying to achieve, but "unregulated" and "not backed up by anything" are certainly not what I am after.
But this is just a news story about an exchange which didn't know what it was doing, trading in a currency that hasn't been fully proven, operating in an unknown capacity from somewhere in Japan, and without any oversight at all.
I think they knew what they were doing. I think the currency is proven - to be faulty. I think the "achieve" part means "no oversight at all" so you are already contradicting yourself.
That's like millions of people asking my buddy Joe who lives in a trailer to hang onto their money for them. Oh no, bad decisions were made?
What you "bitcoin people" seem to want is anymous (i.e. can buy drugs without getting caught) which can be easily transferred (i.e. no exchange can steal or stop you) backed up (i.e. you cannot lose your money - just win with it) non-government (i.e. not backed up
Then someone makes "cryptographic mathematically proven" - and you expect that to mean it holds all above. You fail to understand that money has just one necessary condition: majority of people trust it - mostly because the country they live in would collapse without it, and the persons backing it up knows this and you know they know.
I am willing to bet it costs $10'000 plus certification & type approval for aviation use.
No, taking pictures in public is explicitly allowed in Finland. Collecting data about people is not.
Thank (all the gods), this kind of thing is illegal in Finland. And most likely in the EU too.
I program, therefore I am.
