Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment: Re:Why not strncpy or strlcpy (Score 1) 211

by Cramer (#48919387) Attached to: Serious Network Function Vulnerability Found In Glibc

a) sizeof(some pointer) will not tell you the size of what it points to
b) the error here is allocating space for 3 things and putting 4 in it. It doesn't matter what function you call if you tell it to copy sizeof(void *) too much.

The error is a simple mistake due to unnecessarily complex code.

Comment: Re:Many mitigating factors, not THAT dangerous (Score 1) 211

by Cramer (#48919345) Attached to: Serious Network Function Vulnerability Found In Glibc

... until their metasploit code is published and everyone can see how to use this error. All it takes is one example; ONE person figures out how to trigger shellcode, and it's game over. No matter how complex the situation, an exploit is an exploit. It doesn't matter if it takes 87 steps to set off a nuke, if you know those steps and complete them - *boom*.

Comment: Re:Accidental bugs? (Score 1) 211

by Cramer (#48919289) Attached to: Serious Network Function Vulnerability Found In Glibc

Either you write very little code, very simple code, or no one is closely inspecting your code. People make mistakes - period.

This glibc error was a simple mistake... count 3 things, put 4 in there. But yes, if their code weren't in such a f'ing complicated mess (have these fools never head of stuct) this mistake would be harder to make.

Comment: Re:Risk is part of the job last I checked (Score 1) 461

by Cramer (#48910295) Attached to: Police Organization Wants Cop-Spotting Dropped From Waze App

Police who commit misconduct of any kind is are the extreme minority.

That we hear about in the national news... we aren't made aware of every bullet fired by officers (there's supposed to be paperwork when they discharge their weapon(s)) or their every infraction

Comment: Re:Wait a minute... (Score 3, Interesting) 461

by Cramer (#48910129) Attached to: Police Organization Wants Cop-Spotting Dropped From Waze App

Actually, it's usually safer for all if the cops don't show up during the bank heist. That's how hostages get taken and people get shot/stabbed/etc. Plus, if they "get away", it's instantly the FBI's problem. (also, with technology what it is today, few ever totally get away with it.)

Comment: Re:Our revenue stream your personal freedoms (Score 1) 461

by Cramer (#48910043) Attached to: Police Organization Wants Cop-Spotting Dropped From Waze App

...know where we'll be!

Not where they will be, but where their doughnut-eatin'-ass is currently parked. They're in cars that are most definitely mobile -- and likely running with the heat/ac on max. Just sitting there "cruiser spooning" isn't exactly doing their job.

Happiness is a positive cash flow.

Working...