Damn autocorrect. "McCloud", not McClure.

Fly McClure? "Hi, I'm Fly McCulre. You may remember me from such vermin-borne illnesses as cholera and anthrax."

Sigh.

In the midst of a banked turn, the flies can roll on their sides 90 degrees or more, almost flying upside down at times, said Florian Muijres

"Do a barrel roll!"

The WTF part of this (the kind that thedailywtf.com lives on) is that the RFC, which he co-authored, has this strong and specific warning:

If the payload_length of a received HeartbeatMessage is too large, the received HeartbeatMessage MUST be discarded silently.

He knew about the risk. He documented the risk. But come coding time, he forgot the risk.

Ya gotta feel for that. How many times have I gotten up bleeding and dazed and said to myself "I knew that was a bad idea."

Right. Instead of a remotely-exploitable information leak, it's most probably reduced to (at worst) a low-grade denial-of-service attack caused by crashing HTTPS server processes no faster than they can respawn.

By that critereon alone, I do surely wish OpenSSL had just stuck to the dog-standard malloc() rather than cowboying up their own.

Many compilers precalculate arithmetic expressions consisting of constants, replacing them at compile-time with the result value constant.

I believe the different constants can be deduced from Section 4 of the original RFC proposing the TLS hearbeat message:

4. Heartbeat Request and Response Messages

The Heartbeat protocol messages consist of their type and an
arbitrary payload and padding.

struct {
HeartbeatMessageType type;
uint16 payload_length;
opaque payload[HeartbeatMessage.payload_length];
opaque padding[padding_length];
} HeartbeatMessage;

The total length of a HeartbeatMessage MUST NOT exceed 2^14 or
max_fragment_length when negotiated as defined in [RFC6066].

type: The message type, either heartbeat_request or
heartbeat_response.

payload_length: The length of the payload.

payload: The payload consists of arbitrary content.

padding: The padding is random content that MUST be ignored by the
receiver. The length of a HeartbeatMessage is TLSPlaintext.length
for TLS and DTLSPlaintext.length for DTLS. Furthermore, the
length of the type field is 1 byte, and the length of the
payload_length is 2. Therefore, the padding_length is
TLSPlaintext.length - payload_length - 3 for TLS and
DTLSPlaintext.length - payload_length - 3 for DTLS. The
padding_length MUST be at least 16.

HeartbeatMessageType is a single-byte enumeration (documented in Section 3) and the payload_length is a uint16 (two bytes)... and the packet always requires 16 bytes of padding, so that's the 1, the 2, and the 16.

I remember hearing a proposal that the barrel (or rail) would be magazine-fed along with the armature and round. Kinda defeats the probable space/weight advantages over a chemically-propelled round, but at least you don't have tons of explosive propellants in the magazine.

I don't know how serious the proposal was. But it would solve the rate-of-fire issue.

So, this explains why you were tipping those "Smarts".

What about your criminal confederates? More illegal thrill-seeking? Someone secretly paying to have the cars tipped? Voices in their heads? Hatred of tiny four-wheeled tin boxes arrogantly pretending to be cars?

The last is the reason I do it. I mean, would do it. Although I don't. Really.

It is if you have operators and engineers that have any brains

But out here in reality, what operators and engineers have in brains they make up for by the absence of give-a-damn. Laziness can trump smarts every day of the week, and the path of least resistance is a damn fine malware vector.

that have any brains, There are tons

Speaking of brains... that's a comma splice. If English is your first language, please return to third grade to learn not to do that.

There are tons of CNC machines not being infected out there.

There were tons of numerically controlled machines out there infected by this very mechanism. The fact that it wasn't CNC machines this time doesn't mean it can't be CNC any time in the future. The attack is feasible.

You're not the target demographic. That doesn't mean it's a bad idea. These kinds of phones will be bought by tech nerds in their 20s.

Glassholes, you mean.

modular IBMPC / overclocking crowd.

Modular PC. Not exactly the stirring precedent I'd go looking for.

Thus, even if you have access to a movie for free through Netflix, using the Voice Search for that movie will only bring up Amazon's paid options.

You make that sound like a bad thing.

--Signed,
Jeff Bezos

Wait, what?

Burning Man has greeters like Wal-Mart has greeters?

O_o

I think you're missing the point.

As far as I can tell, the point is "You're wrong, because I, and only I, am right. It doesn't even matter if you agree with me. You're still wrong, because you're not me."

Yeah, doesn't make sense to me, either. Probably all the heatstroke and pharmaceticals.

Do we really want to send reality TV loving cretins to colonize other planets?

Three words:

Golgafrincham "B" Ark.