Forgot your password?

Comment: Re:Closed source won here (Score 1) 582

by Eric Smith (#46762057) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

Would you argue that if a Microsoft (or other vendor) SSL implementation was used by most of the world's web servers, this would have been less likely to happen? As far as I know, there's no reason to think that any other implementation, open or closed, would be any more immune to such problems. There is little or no evidence that closed source software is generally more reliable, or that substantial effort is made to audit it.

If you're arguing that it's bad that such a high percentage of the world's web servers use the same software, I might agree, but that is completely orthogonal to whether that software is open or closed.

Comment: Re:Honestly, the "OSS is safe" discussion is over. (Score 1) 582

by Eric Smith (#46762019) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?
That OpenSSL is open source is irrelevant. This bug could just as easily have happened in closed source software. Using closed source software does not give any higher confidence in the quality of the code; many studies (e.g., 2012 Coverity Scan Open Source Report) show generally comparable code quality, with some open source projects scoring substantially better than average.

Comment: safe languages (Score 1) 582

by Eric Smith (#46761973) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

Heartbleed is a perfect example of why software should be written in "safe" languages, which can protect against buffer overruns, rather than unsafe languages like C and C++.

Of course, the problem is that if you try to distribute open source software written in a safe language, everyone bitches and whines about how they don't have a compiler for that language, and how run time checking slows the software down by 10%. Personally I'd rather have more reliable software that ran 10% slower, than less reliable software that ran faster. It's also crazy to turn off the run-time checks "after the software is debugged", as if the debugging process ever succeeded in finding all the bugs. As C.A.R. Hoare famously observed in 1973, "What would we think of a sailing enthusiast who wears his lifejacket when training on dry land, but takes it off as soon as he goes to sea?"

The "with enough eyes" argument, and "if programmers were just more careful" arguments don't justify continued widespread use of unsafe languages. Granted, safe languages don't eliminate all bugs, but they eliminate or negate the exploit value of huge classes of bugs that are not just theoretical, but are being exploited all the time.

I keep hoping that after enough vulnerabilities based on buffer overruns, bad pointer arithmetic, etc. are reported, and cost people real money, that things will change, but if Heartbleed doesn't make a good enough case for that, I despair of it ever happening.

Comment: 1% *success* rate is high (Score 1) 147

by Eric Smith (#46466971) Attached to: How St. Louis Is Bootstrapping Hundreds of Programmers
Given the low entry barrier as compared to traditional higher education systems, the surprise isn't the failure rate, but the success rate. Given the low cost per student of providing the course, even at a 1% success rate I expect that the cost per successful student is much better than the traditional systems, though I don't actually have numbers to back that up.

Comment: They were two millenia late to the party. (Score 1) 170

by Eric Smith (#45732567) Attached to: Polynesians May Have Invented Binary Math
There are several algorithms using the binary number system, including left-to-right binary exponentiation, in Pingala's Chanda-sutra, before 200 BCE. Knuth's _The Art of Computer Programming, Volume 2: Seminumerical Algorithms_ cites B. Datta and A.N. Singh's 1935 _History of Hindu Mathematics 1_. Also al-Kashi described the right-to-left binary exponentiation algorithm in 1427 CE.

+ - NASA Proposal Reignites Asteroid vs. Return to the Moon Controversy->

Submitted by MarkWhittington
MarkWhittington (1084047) writes "While NASA's plan to capture an asteroid, bring it closer to Earth, and then visit it with astronauts has gotten wide spread support, especially in the commercial space sector, that support is not universal. A group of congressmen is submitting legislation to compel NASA to return to the moon by 2022. In the meantime a report has surfaced that suggests that NASA is about to sign an agreement with Bigelow Aerospace, a commercial space firm that proposes to build a private space station built with inflatable modules, to develop an approach to further NASA's space exploration goals, including building a lunar base, commercially, with the space agency providing technical and perhaps financial support."
Link to Original Source

Passwords are implemented as a result of insecurity.