Forgot your password?
typodupeerror

Comment: Re:Refunds indicate bad tax planning (Score 1) 630

by aztracker1 (#46762763) Attached to: IRS Can Now Seize Your Tax Refund To Pay a Relative's Debt
You can do direct deposit into a savings account, just get an account slip (routing and account number) from the bank. You can also do a checking account and simply shred the debit card and checks, or simply request not to have them. All you need is a routable account. You don't need "easy access"

Comment: Re:Gotta pay the government bills somehow (Score 1) 630

by aztracker1 (#46761535) Attached to: IRS Can Now Seize Your Tax Refund To Pay a Relative's Debt
It's about affecting the whole... when a party gains popularity, even 8-10% this tends to be seen in policy changes in the other parties... I'm not pushing for a straight/classic libertarian agenda, I'm more pragmatic than that... the point is to influence the whole a bit more.

Comment: Re:Gotta pay the government bills somehow (Score 1) 630

by aztracker1 (#46761515) Attached to: IRS Can Now Seize Your Tax Refund To Pay a Relative's Debt
It's about trying to reduce the size of government consistently... It's when a party tends to get 8-10% of the popular vote, and even 5% of seats in congress that those concepts start to influence decisions... I'm more pragmatic than a typical Libertarian, just the same I'm for creating change, and reducing the federal government in was Democrats or Republicans would oppose.

Comment: Re:de Raadt (Score 1) 290

by bmajik (#46761037) Attached to: OpenBSD Team Cleaning Up OpenSSL

Ok, I actually think you, me, and Theo all agree :)

1) We don't think a specific technical change would have _prevented_ the issue.

2) We all agree that better software engineering practices would have found this bug sooner. Maybe even prevented it from ever getting checked in (e.g. suppose the codebase was using malloc primitives that that static analysis tools could "see across", and that the code was analysis clean. Could this bug have existed?)

Comment: Re:de Raadt (Score 1) 290

by bmajik (#46760367) Attached to: OpenBSD Team Cleaning Up OpenSSL

Who has claimed that using the system allocator, all else being equal, would have prevented heartbleed?

Who has claimed that heartbleed was an allocation bug?

I understand what freelists are and do.

The point here is that rigorous software engineering practices -- including the use of evil allocators or static analyzers that could actually understand they were looking at heap routines -- would have pointed out that the code implicated in heartbleed was unreliable and incorrect.

If you read the link you pointed at, after making a modification to OpenSSL such that coverity could understand that the custom allocator was really just doing memory allocation, Coverity reported 173 additional "use after free" bugs.

There are bugs from years ago showing that openSSL fails with a system allocator.

Don't you suppose that in the process of fixing such bugs, it is likely that correctness issues like this one would have been caught?

Comment: Re:de Raadt (Score 5, Insightful) 290

by bmajik (#46759527) Attached to: OpenBSD Team Cleaning Up OpenSSL

Actually, it is you who are wrong.

Theo's point from the beginning is that a custom allocator was used here, which removed any beneficial effects of both good platform allocators AND "evil" allocator tools.

His response was a specific circumstance of the poor software engineering practices behind openSSL.

Furthermore, at some point, openSSL became behaviorally dependant on its own allocator -- that is, when you tried to use a system allocator, it broke -- because it wasn't handing you back unmodified memory contents you had just freed.

This dependency was known and documented. And not fixed.

IMO, using a custom allocator is a bit like doing your own crypto. "Normal people" shouldn't do it.

If you look at what open SSL is

1) crypto software
2) that is on by default
3) that listens to the public internet
4) that accepts data under the control of attackers ... you should already be squarely in the land of "doing every possible software engineering best practice possible". This is software that needs to be written differently than "normal" software; held to a higher standard, and correct for correctness sake.

I would say that, "taking a hard dependence on my own custom allocator" and not investigating _why_ the platform allocator can no longer be used to give correct behavior is a _worst practice_. And its especially damning given how critical and predisposed to exploitability something like openSSL is.

Yet that is what the openSSL team did. And they knew it. And they didn't care. And it caught up with them.

The point of Theo's remarks is not to say "using a system allocator would have prevented bad code from being exploitable". The point is "having an engineering culture that ran tests using a system allocator and a debugging allocator would have prevented this bad code from staying around as long as it did"

Let people swap the "fast" allocator back in at runtime, if you must. But make damn sure the code is correct enough to pass on "correctness checking" allocators.

Comment: Re:Taxation (Score 1) 630

by aztracker1 (#46754899) Attached to: IRS Can Now Seize Your Tax Refund To Pay a Relative's Debt
It definitely has me rethinking my tax contributions. I think if everyone changed their deductions to 99, so they don't have taxes taken out, it would choke the government off a bit... I'd rather 20-30% of my income go into savings for the year.. I won't make anything, but it at least would stop the interest free loan the the US Govt.

Comment: Chokes (Score 1) 307

by Stargoat (#46746931) Attached to: Mathematicians Use Mossberg 500 Pump-Action Shotgun To Calculate Pi

Shotgun pattern distribution is governed by several factors, including shot quality / material, wad design, barrel design, hull design, forcing cone length / shape, but most especially choke. Steel shot will rip up some chokes. Chokes can creep (particularly on a hot Illinois day). Wadding can foul a barrel.

I wonder if these were controlled for.

Comment: Designing models for 3D printers (Score 1) 733

by ciaran_o_riordan (#46739067) Attached to: Ask Slashdot: Are You Apocalypse-Useful?

Today's mass-scale manufacturing will collapse, and needs will change, so my bet is that it will be very useful to be the guy who can design models to be fed to 3D printers.

This is going to become a useful skill anyway in the next few decades, so it's not a bad investment for a hobby today.

Will lawyers be useful? (I know many slashdotters will laugh and say we'll be better off without them, but the new forms of society will need new rules and a new justice system - and programmers would do this as badly as lawyers would program.)

panic: kernel trap (ignored)

Working...