As I read his analysis, OpenSSL relies on releasing a buffer, reallocating it, and getting the PREVIOUS contents of that buffer back -- or else it will abort the connection. (Search for the string "On line 1059, we find a call to ssl3_release_read_buffer after we have read the header, which will free the current buffer." in his article referenced by the parent post).

Now, IMO, this goes way beyond sloppy. Releasing a buffer before you're done with it, and relying on a wacky LIFO reallocation scheme giving you back that very same buffer so you can process it, is either 1) an utterly incompetent coding blunder that just happened to work when combined with an utterly terrible, insecure custom allocation scheme, or 2) specifically designed to ensure that this insecure combination is widely deployed to provide a custom-made back door, as it works only with the leaky custom allocator.

If 1), then I must agree with Theo that the OpenSSL team were indeed irresponsible, since at least one of these two cooperating blunders ought to have shown up in a decent security audit of the code, and any decent set of security-oriented coding standards would forbid them both.

If 2), then it was deliberate, and the tinfoil-hat crowd is right for once.

Go is still the best game online. I play at KGS and IGS. (KGS has better tools, IGS is easier to find an (apropriate) opponent on short notice.)

It's not illegal to be an irresponsible asshole, and they have the same legal rights as polite people.

In 1955, Philip K. Dick wrote a short story, "Autofac", about self-replicating machinery. Still a good read, IMO.

Been there, done that, wondered "What were we thinking?"

In selecting an instrumentation framework for a test system, we went through a careful process of defining what was important, listing the pros and cons of each competing option, ran some tests to see if both would run the instruments we needed, ... Aaaand chose the worse option of the two, as events ultimately showed. The choice was evidence-based, reasonable on the basis of what we knew at the time, and suboptimal. The system worked, but we had to do some ugly stuff to make it work.

Sometimes you just can't outwit Murphy.

This is the wrong place to ask, "ask slashdot" is also controlled by the NSA.
They have been spending years building cover identities and collecting karma, so they can control ./
And that's why this post is going to be modded down, see, I told you so!

Just look at this bitmap on my smartphone. (Ha! I just KNEW that QR codes were evil!)

Israel never announces a test before they do it.
Also, the only ones with the capability to detect it are the US and Russia.
The Russians probably knew exactly what it was when they saw it.
So, maybe they are the ones trying to create a scare.

It was designed to be solved by people down under.
you are holding it upside-down.

Nowadays, anything the shrink does not like is "highly functioning Autism"

Came here to say this.

That was an act on "America's Got 'Talent' " a few seasons ago. It even went through a few rounds. No $#!@. I haven't watched since.

Two important things are missed here:
1) Google mainly bought the patent portfolio for defensive purposes, not as revenue engines in themselves. The point of the suit is that MS wants to use the patents without paying for them. It's basically a move in the MS-vs-Android war.
2) The judgement doesn't pass the smell test. Read the articles over at Groklaw for the details, but the judge here is ruling that Motorola must accept patent pool rates for a pool they don't belong to, rather than negotiate rates using the methods of the group they are a member of. The whole proceeding has been slanted toward the home team (MS) the judgment seems to be very much an overreach, and probably won't survive appeal.

can you get sued for carrying or expressing the gene without a license?