Wow.. that piece really stretches things and makes some rather impressive leaps. Much of it seems to to simply be 'the bible is true, when science hits an unknown, it is proof of god' and then goes into the standard 'there must be an intelligent designer because things need to be intelligently designed' reasoning followed up by 'if you read the bible just right and compare history we already know, look how prophetic it is!'

Which is why it is described a 'mathmatical proof', a domain where 'proof' has a different and specific usage then general english.

Well, adding 'zero' to the number system was a pretty big deal about nothing.

"This book was dictated but not read"

Keep in mind, we are talking about overriding libc, not the kernel. For the most part it does do things better then the default allocator. If you want to use the car analogy, this would be like replacing your standard seat-belts with a 5 point cross belt but a manufacturing defect slipped through on one of the rollers. The defect is not a little deal, but it does not mean the 5 point belt is inherently worse then the standard on, there was simply a defect that passed through quality control, which happens.

Thing is, subdividing things does not lead to as much simplicity as people tend to hope. Splitting up OpenSSL because you are only using parts of it would be a bit like taking red and green out of a graphics library because you are only using blue.

Well, it is popular because it is a generally well regarded and vetted package that supports a fairly rich set of cryptography tasks out of the box.

As for what could be done in the future? Well, automated tests really only cover cases you think about, and stress tests may or may not actually notice something. To a degree, there will always be things that slip through, and most of the time things are fixed and patched. In this case something unusually bad slipped through.

True, they did not, but I would put that at the level of mistake rather then being unreasonable.

So as far as I can tell, his rant is essentially that people should not use custom allocators and instead rely on the general purpose one built into libc because they can add system wide tools there.

I can see the argument for most cases, that is kinda the point of a general purpose allocator, but encryption (esp if you are doing lots of it) really strikes me as a case where you can really benefit from having explicit control over the behavior. I have worked on a number of applications where custom allocators had significant (user facing, not just benchmarks) impacts on performance. Ironically it also meant we were able to do better checking then the general exploit detection kits since we could bake more specific knowledge into the validator.

Given the high barrier involved in brining such a suit for other people, they are pretty much on their own too. Demonstrating that age/sex/gender/etc were the reasons is non trivial and cases are usually dismissed unless there is something really blatant.

That is not how protected classes work. As a white strait male, one has two (or three) criteria that one can be discriminated under and cases do go forward for them.

Actually, I think the research lines up rather nicely with them dropping the ball too. It could be an example of them having no clue what they are doing or having their own understanding of how things work. So 'incompetence' is still firmly in the running.

Yeah, but it is still kinda cool to see people dissect exactly how it happens or how claims are untrue. Suspecting and knowing are two very different things.

More likely 'NASA calculations show distance of Planet X, results quickly covers up by retracted claims with fake math'

I was hoping someone would post that ^_^ always good for a laugh.