Forgot your password?

Comment: Re:Interstate Commerce Clause (Score 1) 314

by whoever57 (#46796007) Attached to: Beer Price Crisis On the Horizon

Weed that doesn't cross state lines you mean.

Exactly. The Supreme Court has decided that weed that doesn't cross state lines can be regulated by the Federal government. Your opinions don't matter.

Yes, I agree that this does not agree with the text of the Constititution but it also follows prior decisions such as allowing the Feds to regulate wheat grown for personal use. Basically, the Supreme court has decided that anything that affects interstate commerce can be regulated, even if that commerce is illegal anyway. And yes, it's hard to imagine anything that doesn't affect interstate commerce.

Comment: Re:Yahoo does make money. (Score 3, Interesting) 149

by whoever57 (#46787533) Attached to: Investors Value Yahoo's Core Business At Less Than $0

Yahoo mail is not bad at all IMHO.

I don't think that it is coincidence that, whenever someone I know gets their email hacked and used to send SPAM, they are using Yahoo mail.

There was an issue disclosed a few months ago which related to stealing Yahoo credentials -- I suspect there are others. It's either vunlerabilities at Yahoo or there is something about the type of person who uses Yahoo mail.

Comment: missing the point? (Score 4, Insightful) 59

Traditionally, typeface designers have considered legibility and aesthetics in their work (in addition to typesetting limitations). Apparently those factors are optional now as well.

OK, these are interesting intellectual exercises. But don't try to sell them as examples of typeface design, because that's a creative discipline that goes beyond mathematical questions of "can it be done?"

Comment: Re:ALL the exchanges failed (Score 1) 156

by whoever57 (#46785617) Attached to: Oracle Deflects Blame For Troubled Oregon Health Care Site

You tell me you want a house built in two days... Fine... but if you expect there to not be serious problems and unforeseen issues as a result of rushing through the planning phase and then constantly changing the mission premeters throughout development... then you're being unreasonable.

Newsflash .. customers are often unreasonable.

In your scenario, if the contractor signs a contract to build the house in two days, then the contractor is liable if the house is not ready in two days. As the contractor, you should not take on a contractual resposibility that you cannot deliver. That's just as true for building a house as it is for building a large website.

As the contractor, you should have the expertise to decide to refuse the deal if the terms are impossible, or take actions to eliminate the risk.

Comment: Re:I'm disapointed in people (Score 1) 689

by whoever57 (#46776913) Attached to: The GNOME Foundation Is Running Out of Money
All of this sounds good in theory, but in practice there are some terrible design decisions being made. For example, I tried a build of Red Hat EL7, which has Gnome Classic.

The first thing I tried to do was to customise the panel. right-button clicking on the panel did nothing. Why? I have later learned that I have to click <alt>-right-button on the panel to have the same effect. But why? How should a user know that s/he needs to also hold down the alt button? What was wrong with a simple right-click, which has been used for decades to bring up a context menu? The right-click has not been re-assigned, it just became non-functional.

The changes make the desktop environment less discoverable and hence less usable. It's this type of change that puts people off.

Comment: Re:The sad part here... (Score 1) 266

by tverbeek (#46774521) Attached to: Nokia Had a Production-Ready Web Tablet 13 Years Ago

Yeah, I saw the low UID, which is why I wondered how you could be online and yet so unaware of what so many people were doing on the Web in 2000. Sure, it was mostly dial-up or bad DSL, but it was hardly just "hardcore geeks". They were e-mailing and chatting and looking at (still-image) porn and shopping and selling garbage on eBay, and talking about what a bust Y2K had been. There was that whole "dot-com bubble" that everyone was talking about (but not calling it a "bubble" yet because it was still the latest Big Thing). The following September, I distinctly recall everyone at my office flocking to news web sites trying to learn what was happening in New York on a Tuesday morning. So I have to figure that you were too preoccupied doing stuff with the geekier parts of the internet to notice that yes: the Web was already kind of a a big thing in 2000.

Comment: Re:The sad part here... (Score 1) 266

by tverbeek (#46772255) Attached to: Nokia Had a Production-Ready Web Tablet 13 Years Ago

Was the web on its own interesting enough in 2000 to make this a killer device?

Yes, it was. Were you still wading on CompuServ and Usenet or something at the time? :)

Also, what OS does it run, can it do anything but surf the web?

EPOC could do lots more than surf the web; it had apps for all the obvious personal-assistant functions (calendar, notes, to-do, contacts) and had a decent ecosystem of third-party apps. It powered the Psion PDAs (clamshells with decent thumb keyboards and stylus input), and was head-and-shoulders bettter than PalmOS or WinCE (its contemporaries) in terms of stability and ability to run on low-power hardware. I nursed one of the later Psions along for years after they were discontinued, until the iPhone came along and there was finally another pocket computer worth switching too. The devices' main weakness (other than nonexistent marketing) was the state of mobile connectivity in their day: slow-n-crappy cellular data, hard-to-find local wireless, and dial-up.

Comment: Re:Funny (Score 1) 689

by whoever57 (#46771021) Attached to: The GNOME Foundation Is Running Out of Money

The board fell behind on bugging folks on payments because the processing took a lot of time and our financial controller was buried in work. As I was saying elsewhere, it's a scaling problem.

No. It's a management problem when an organization takes on a role that it is not equipped to execute and is not part of the organization's primary mission. Furthermore, it is a management problem because the issue was allowed to fester for some time with little to no action (as the minutes show).

Comment: Re:de Raadt (Score 1) 289

by bmajik (#46761037) Attached to: OpenBSD Team Cleaning Up OpenSSL

Ok, I actually think you, me, and Theo all agree :)

1) We don't think a specific technical change would have _prevented_ the issue.

2) We all agree that better software engineering practices would have found this bug sooner. Maybe even prevented it from ever getting checked in (e.g. suppose the codebase was using malloc primitives that that static analysis tools could "see across", and that the code was analysis clean. Could this bug have existed?)

Comment: Re:de Raadt (Score 1) 289

by bmajik (#46760367) Attached to: OpenBSD Team Cleaning Up OpenSSL

Who has claimed that using the system allocator, all else being equal, would have prevented heartbleed?

Who has claimed that heartbleed was an allocation bug?

I understand what freelists are and do.

The point here is that rigorous software engineering practices -- including the use of evil allocators or static analyzers that could actually understand they were looking at heap routines -- would have pointed out that the code implicated in heartbleed was unreliable and incorrect.

If you read the link you pointed at, after making a modification to OpenSSL such that coverity could understand that the custom allocator was really just doing memory allocation, Coverity reported 173 additional "use after free" bugs.

There are bugs from years ago showing that openSSL fails with a system allocator.

Don't you suppose that in the process of fixing such bugs, it is likely that correctness issues like this one would have been caught?

Comment: Re:Economy Class Only (Score 1) 145

by whoever57 (#46760061) Attached to: How Amazon Keeps Cutting AWS Prices: Cheapskate Culture

The requirement of 'no business class' for air travel isn't unique to Amazon.

In large companies this may be really "no purchased business class seats", except that the company will buy for senior execs the most expensive economy seats and then get free upgrades for them because of the volume of travel bought by the company.

Comment: Re:de Raadt (Score 5, Insightful) 289

by bmajik (#46759527) Attached to: OpenBSD Team Cleaning Up OpenSSL

Actually, it is you who are wrong.

Theo's point from the beginning is that a custom allocator was used here, which removed any beneficial effects of both good platform allocators AND "evil" allocator tools.

His response was a specific circumstance of the poor software engineering practices behind openSSL.

Furthermore, at some point, openSSL became behaviorally dependant on its own allocator -- that is, when you tried to use a system allocator, it broke -- because it wasn't handing you back unmodified memory contents you had just freed.

This dependency was known and documented. And not fixed.

IMO, using a custom allocator is a bit like doing your own crypto. "Normal people" shouldn't do it.

If you look at what open SSL is

1) crypto software
2) that is on by default
3) that listens to the public internet
4) that accepts data under the control of attackers ... you should already be squarely in the land of "doing every possible software engineering best practice possible". This is software that needs to be written differently than "normal" software; held to a higher standard, and correct for correctness sake.

I would say that, "taking a hard dependence on my own custom allocator" and not investigating _why_ the platform allocator can no longer be used to give correct behavior is a _worst practice_. And its especially damning given how critical and predisposed to exploitability something like openSSL is.

Yet that is what the openSSL team did. And they knew it. And they didn't care. And it caught up with them.

The point of Theo's remarks is not to say "using a system allocator would have prevented bad code from being exploitable". The point is "having an engineering culture that ran tests using a system allocator and a debugging allocator would have prevented this bad code from staying around as long as it did"

Let people swap the "fast" allocator back in at runtime, if you must. But make damn sure the code is correct enough to pass on "correctness checking" allocators.

Comment: Re:Funny (Score 1) 689

by whoever57 (#46747535) Attached to: The GNOME Foundation Is Running Out of Money
Your responses here do not put you in a good light. First you try to deflect -- stating that I should read the FAQ first and after that, you will answer "any questions", then, when challenged, you run for cover behind "consistent message".

You claim to "have had discussions about it", but the minutes don't support this claim.

Ma Bell is a mean mother!