Forgot your password?
typodupeerror

Comment: Re:Mr Fixit (Score 1) 359

by drinkypoo (#46763325) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

We should remember that FLOSS reacted very quickly to the "revelation," but the bug itself has been sitting there for years, which isn't really supposed to happen.

Unfortunately, the very same thing happens in proprietary software. And "isn't supposed to happen" is a misunderstanding. It's just supposed to happen less, and it's supposed to get fixed easier. The latter, at least, has been proven out.

Comment: Re:not at those prices, it won't fly off the shelv (Score 1) 124

by drinkypoo (#46763285) Attached to: How Apple's CarPlay Could Shore Up the Car Stereo Industry

like the other poster said, all I want in there is an amp and speakers with a jack for audio input

That's what I put in my truck. You can't listen to optical media in it unless you have a heavy load, because the suspension is too hard. So I have a $20 amplifier with stereo in and four outputs.

I'd like my 1964 Dodge back. fixable, the controls fall where your hands are, no menus, and no nonsense.

Yes, if I had perfect foresight instead of excellent hindsight, I'd have kept my 1960 Dodge. It got over 20 mpg on the freeway and it was stupid simple. But I didn't know how to rebuild a brake system then (dirt simple, as it turns out) and so I couldn't afford to keep it.

Comment: Re:Why spend another $700 for a car stereo (Score 1) 124

by drinkypoo (#46763257) Attached to: How Apple's CarPlay Could Shore Up the Car Stereo Industry

It's more reliable. Bluetooth Audio is miserably finicky. The only thing that ever worked right with my JVC was AT&T Fuze. With a couple different Android devices now including the Nexus 4 I get occasional skips. I used to use an Xperia Play, that skipped a lot. Flawless using the headphone cable in my truck instead.

I'm going to try adding bluetooth to my car anyway, switching into the line inputs from the changer with an audio signal relay, and using an ultra-cheap receiver. but i'm also going to have line in, just in case.

Comment: The bug was found because it was open source.. (Score 4, Informative) 359

Nobody was seriously inerested in forking it... But the OpenBSD people have now gotten their claws into it, and chances are it's gonna be fixed bigtime .... or else!.

The problem was found because the code was Open Source. If it had been closed source, then the bug would still be secret. To the extent to which the bug was recognized (or commissioned) and exploited by the likes of the NSA, it would have probably remained secret for a lot longer.

According to Microsoft's EULA, for example, finding -- much less fixing -- such a bug is illegal. If the NSA had paid them to put such a bug into the Windows version of SSL, then it would probably remain unpatched for years after someone had pointed it out to them as an exploitable bug.,, and anybody openly reporting such a bug, even after 6 months of trying to get MS to fix it, would be roundly criticized for disclosing the bug 'prematurely'.
Even then, it would probably not be fixed by Microsoft until at least the next monthly bug release cycle (or even the one after that.

With the code being Open Source, the problem got fixed faster than yesterday. Period. If the OpenSSL people refused to fix it, then it would have been forked. ... and more to the point: Such a security-centric fork would have been legal.

.. and that is the power and freedom of Free, and Open Source software.

Comment: Re:Subtle attack against C/C++ (Score 2, Insightful) 150

by HiThere (#46761259) Attached to: The Security of Popular Programming Languages

C++ (and do a lesser extent C) lose support because of their extremely poor support for utf8. And the absurd part of it is that they could easily do a good job. Utf8 is just a byte array with various routines to interpret the code. Glibc does a reasonable job for a C library...not ideal, but reasonable.

All the array needs is a way to address a chunk by character # rather than by byte #, a way to copy of a character or a slice of chars, and a way to determine the general character classification of any character. Also a few methods: first(), last(), hasnext(), hasprior(), next() and prior(). And these all "sort of" exist, except getting the general character classification. (Do note that these functions need to operate on utf-8 characters rather than on bytes.) But several different ways of doing this are already known. Vala, e.g., handles it without difficulty, and is able to emit C code (using Glibc libraries).

So it's not a programming difficulty that's holding things up. It's the standards bodies...or, perhaps, some members of them.

But I've looked at C++11, and it is not a satisfactory answer. Vala has a good answer. D (Digital Mars D) has a different good answer. Even Python3 has a pretty good answer. (I don't like that in Python you can't determine memory allocation within the string.) Also Racket, etc. But C++ doesn't.

Comment: Re:Wonder how Ada 2012 would fare... (Score 2) 150

by HiThere (#46761109) Attached to: The Security of Popular Programming Languages

It's hardly a solved problem. There are approaches that can be made to work, but that's not the same thing. The current approaches are all clumsy, and often that's a charitable description. It's usually doable. Saying anything beyond that is fulsom praise.

OTOH, because different languages have different basic derived structures, it's often not clear exactly what the best approach would be, even when one is considering things carefully. For one purpose the best I've been able to come up with is marshalling everything into a byte array, and then separating it back out. Doable, but hardly what I'd call "a solved problem". Probably an insoluble problem because the different languages map the same concept differently internally. So you need to deal with it on a special case by special case basis.

Comment: Re:Wonder how Ada 2012 would fare... (Score 1) 150

by HiThere (#46761033) Attached to: The Security of Popular Programming Languages

Perhaps you need to define what you mean by "more general purpose". I tend to consider C the most general purpose of languages, because it *isn't* specialized to some task. It's true that , e.g., FoxPro was better at interfacing to the FoxPro database, but that's NOT being general purpose, that's being special purpose.

OTOH (to get back on thread) I don't consider C a very secure language BECAUSE it is lacking in specializations. This means you need to keep creating, e.g., hash tables from scratch, and every time you do it you are likely to introduce an error.

Ada is in an in-between state. It's very secure against some types of errors. The facility for defining specific types is a particular instance. If one defines a meters type, then one cannot store an inches type into it...unless one uses a numeric literal, because one needs to allow instances to be created from numeric litrals. OTOH, this very security introduces verbosity, and verbosity is a common entry point for errors. (I used the meters/inches example because of the nortorious example of the space probe where that was misused. Ada did NOT save the day. And the reason that it didn't was because doing things properly would have been too verbose.)

In principle, every "Turing complete" language is as general purpose as every other. Practical considerations are the distinction between them. If you're doing database programming, then you are less likely to make mistakes if you use a language that contains extensions specialized to make database use easier. (I barely count embedded SQL, because while SQL is reasonably great for manipulaitng databases, it's lousy at interfacing to programming languages. Everything either needs to be converted into a string, or a blob, and blobs are clumsy to handle.) But note that these "databse extensions" are specializations away from "general purpose".

Comment: Re:Good (Score 1) 75

source, please?

Most of the stuff Snowden has released concerns NSA spying on American citizens, not other countries.

Wrong... Snowden released methods and means of foreign intelligence. People tend to overlook that.
Consider his release of information on intelligence gathering on China's Huawei and govt, Yep... he is a traitor.

Kill Ugly Processor Architectures - Karl Lehenbauer

Working...