Forgot your password?
typodupeerror

Comment: Re:This is not how you inspire confidence (Score 2) 151

by Jonathan C. Patschke (#47470777) Attached to: LibreSSL PRNG Vulnerability Patched

In this particular case, yes. There will always be non-exploitable bugs.

The problem is that when you begin to dismiss bugs as non-exploitable (whether you've fixed them or not) and their reports as "overblown," you put yourself in the unfortunate position of only needing to be wrong once. Specifically, dismissing bug reports with the notion that the bug would never be exploitable—not because the bug is "beyond the airtight hatchway," but because no one would be dumb enough to write an application in a particularly boneheaded way discounts decades of examples of people writing software in amazingly boneheaded ways.

Whether it's true or not (and, in this case, it seems true), this is not a way to inspire confidence, and an SSL implementation needs every bit as much community confidence as it does technical correctness.

Comment: Re:That's strangely sane and oddly normal. (Score 1) 229

by Jonathan C. Patschke (#41329977) Attached to: French Court Levies First Fine Under 3-Strikes Piracy Law

The person penalized did, or allowed to be done, something illegal but not especially malicious or very damaging. They face a penalty which will certainly be unwelcome and which will probably encourage them to act within the law. No huge court case, no lives wrecked, no lawyers riding the gravy train. *This is how a legal system is supposed to be.*

Granted, that's a far sight better than how things are here in the US, but to say that's how things are "supposed to be" is aiming pretty low. That's still a legal system that spends taxpayer money to defend the "property" of copyright holders from nebulous threats, and punishes people for activities that have no provable harm to anyone. Wouldn't it be far more preferable to have a system that spends its time restituting actual victims instead of collecting arbitrary fines from people who aren't hurting anyone, perhaps a system that considered impact instead of looking at who's coloring outside the lines drawn by politicians?

I will furthermore submit that "The Rule of Law" will always be "The Rule of Lawyers" so long as the lawyers are the ones constructing laws prohibiting whatever behavior the well-connected consider inappropriate.

Comment: Re:It depends - Sticktion Y2K Repair (Score 1) 504

by Jonathan C. Patschke (#40812057) Attached to: Can a Regular Person Repair a Damaged Hard Drive?

"Back in the day" (mid-90s) when that was more common, the term for it was "stiction." I don't know if it's less common these days because disk mechanisms are more reliable, the lubricants are better, or machines have much shorter average service lifetimes.

SGI field-service engineers actually had a rubber mallet specifically dedicated to coaxing stictioned drives to run for long enough to get the data off them. The Micropolis disks they shipped in their workstations back then were notorious for that (among many other problems). The company I worked for at the time had such a service call, and the technician told me that the hard part wasn't getting the disk running again, but convincing the disk that whanging the disk with a hammer was a sane thing to do!

Comment: Re:Actually sounds interesting... (Score 3, Informative) 83

by Jonathan C. Patschke (#38376764) Attached to: Book Review: The Economics of Software Quality
Have you heard of the Software Engineering Radio podcast? I've been listening to it for a few years, and I really enjoy it—even if I don't share Markus' enthusiasm for model-driven software. The web site is at http://www.se-radio.net/, and even the back issues are worth listening to (processes don't get dated nearly as rapidly as tools).

Comment: They're ALL Betas (Score 5, Informative) 237

by Jonathan C. Patschke (#37145166) Attached to: Firefox 7.0 Beta Released

From the big Bugzilla thread about version numbers earlier this week:

Users cannot sit on Firefox 4.x They will be updated to the latest version when they open the About dialog (or sooner) because all* but the current Firefox release are unsupported versions in the new rapid release cycle. Those not current versions do not not get critical security updates except via the current version. Firefox users will not be spread across Firefox 4, 5, 6, etc. They will be on the latest version or they will be about to be on the latest version.

Effective expiration, lack of bugfixes, and rapidly replaced by newer versions with bugfixes? By any practical definition, there is no stable version. They're all betas from here onwards. The whole notion of a release isn't that it's bug-free, but that it's supported for a reasonably-long period of time.

Comment: Re:St. Reagan (Score 1) 788

by Jonathan C. Patschke (#36943832) Attached to: Re: the debt deal reached Sunday night ...

One of the few constants in government is the "It's not <bad-thing> when we do it" trope.

Asset forfeiture? It's not stealing when we do it. Beating an unarmed man because he was videotaping police misconduct? It's not battery when we do it. Shooting a deaf whittler in the back? It's not murder when we do it.

The opposition party always does thoughtless, foolhardy, destructive, tyrannical things. However, they're not bad when we do them. "Small government" Republicans got the country further into debt in the last ten years than it'd been in fifty, and "peace prize" Democrats still wage war overseas. Thugs, the whole lot of them.

Space

+ - Rogue Brown Dwarf Lurks in Our Cosmic Neighborhood->

Submitted by
astroengine
astroengine writes "The UK Infrared Telescope (UKIRT) in Hawaii has discovered a lone, cool brown dwarf called UGPSJ0722-05. As far as sub-stellar objects go, this is a strange one. For starters, it's the coolest brown dwarf ever discovered (and astronomers using the UKIRT should know, they are making a habit of finding cool brown dwarfs). Secondly, it's close. In fact, it's the closest brown dwarf to Earth, at a distance of only 10 light years. And thirdly, it has an odd spectroscopic signature, leading astronomers to think that this might be the discovery of a whole new class of brown dwarf."
Link to Original Source
Music

+ - Universal blocks Trent Reznor's fan remix web site->

Submitted by
cLive ;-)
cLive ;-) writes "Trent Reznor's recent departure from Universal was meant to leave all this crap behind but, even now, the suits are stopping him from helping to bring the music industry into the 21st century (eg, with new distribution models). Having previously fallen out with his record company by urging fans to steal his music when he thought his CDs were overpriced, now he's being "lawyered" over his upcoming fan remix web site. The main gist of the problem is that Universal are scared to host his remix site when fans could be submitting mashup tracks that would infringe on other artists' rights, as this would affect the industry's ongoing lawsuit against YouTube et al...

When will these dinosaur industries get it?"

Link to Original Source
Security

Multiple FLAC Vulnerabilities Affect Every OS 360

Posted by kdawson
from the don't-hit-play dept.
Enon writes "eEye Digital Security has discovered 14 vulnerabilities in the FLAC file format that affect a huge range of media players on every supported operating system (Windows, Mac OS, Linux, Unix, BSD, Solaris, and even some hardware players are vulnerable). Heise points out a number of vulnerable apps that use the open source libavcodec audio codec library, which in turn relies on the flawed libFLAC library. These vulnerabilities could allow a person of ill will to trojanize FLAC files that could compromise your computer if they are played on a vulnerable media player. eEye worked with US-CERT to notify vulnerable vendors."

"Pull the trigger and you're garbage." -- Lady Blue

Working...