Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Re:What is the string? (Score 1) 185

by Guy Harris (#49787595) Attached to: A Text Message Can Crash An iPhone and Force It To Reboot

In hex, the string is:

506f 7765 7220 d984 d98f d984 d98f d8b5 d991 d8a8 d98f d984 d98f d984 d8b5 d991 d8a8 d98f d8b1 d8b1 d98b 20e0 a5a3 20e0 a5a3 6820 e0a5 a320 e0a5 a320 e586 97

That's the string encoded as UTF-8, so it's more like

50 6f 77 65 72 20 d9 84 d9 8f d9 84 d9 8f d8 b5 d9 91 d8 a8 d9 8f d9 84 d9 8f d9 84 d8 b5 d9 91 d8 a8 d9 8f d8 b1 d8 b1 d9 8b 20 e0 a5 a3 20 e0 a5 a3 68 20 e0 a5 a3 20 e0 a5 a3 20 e5 86 97

If we turn that into a sequence of (21-bit) Unicode code points, it becomes

000050 00006f 000077 000065 000072 000020 000644 00064f 000644 00064f 000635 000651 000628 00064f 000644 00064f 000644 000635 000651 000628 00064f 000631 000631 00064b 000020 000963 000020 000963

which, encoded as UTF-16, is

0050 006f 0077 0065 0072 0020 0644 064f 0644 064f 0635 0651 0628 064f 0644 064f 0644 0635 0651 0628 064f 0631 0631 064b 0020 0963 0020 0963

As UTF-16, there are no surrogate pairs, so the bug presumably isn't a problem with handling UTF-16-encoded Unicode characters bigger than 00FFFF.

I suspect that the string is probably being processed as UTF-16, because that's how CFString/NSString are encoded internally and because code handling UTF-8 that can't handle multi-byte characters couldn't handle anything other than ASCII.

U+0963 is DEVANAGARI VOWEL SIGN VOCALIC LL, which is a nonspacing mark; my guess is that it (or perhaps some other character in that sequence that's a combining character) is getting split, by the ellipsis, from the character with which it's supposed to combine, and that the rendering code is blowing up because of that.

If so, this has nothing to do with UTF-16 being too hard to handle correctly, or with the code not being able to handle characters that are "too many bytes", it has to do with sequences of characters sometimes having to be handled specially, and not just blithely split between characters.

It starts with "Power ", but I guess that's not important.

It might make the string long enough that the code displaying it on the main screen would abbreviate it and thus insert an ellipse.

Comment: Re:more govenrnment waste!! (Score 1) 335

by meta-monkey (#49787093) Attached to: Obama Asks Congress To Renew 'Patriot Act' Snooping

Yes actually. That's kind of the entire principle of judicial review. The court never has and never will just step in and decide on the legality/constitutionality of a law without a challenge. Cases come to them. They don't go looking for cases. Otherwise the judiciary branch would have far too much power. They would basically sit as a second, a priori veto on the legislature.

The court decides. It does not advocate. So, yes, the legislature can pass any unconstitutional bullshit they want, and the executive can sign said bullshit into law. But the judiciary will do nothing until someone brings a specific case before it and says "this is bullshit." And that's the way it should be. Otherwise, every shifting mood in the court is a cause to go on a crusade. No thank you.

Comment: Re:Lol (Score 1) 185

by Guy Harris (#49787081) Attached to: A Text Message Can Crash An iPhone and Force It To Reboot

Yes, it is. Any input that will crash your library needs to be sanitized. You need to truncate the message on display, at the bad character.

Where has it ever been stated that the message, as sent to the phone, contains a bad character? Everything I've read indicates that the problem is that the code that's displaying the message is inserting an ellipsis in the middle of a perfectly valid character, making the resulting string invalid.

That's not un-sanitized input, it's bad output, from buggy code.

Comment: Re:Russian rocket motors (Score 1) 58

by Bruce Perens (#49787045) Attached to: SpaceX Cleared For US Military Launches

Russia would like for us to continue gifting them with cash for 40-year-old missle motors, it's our own government that doesn't want them any longer. For good reason. That did not cause SpaceX to enter the competitive process, they want the U.S. military as a customer. But it probably did make it go faster.

Also, ULA is flying 1960 technology, stuff that Mercury astronauts used, and only recently came up with concept drawings for something new due to competitive pressure from SpaceX. So, I am sure that folks within the Air Force wished for a better vendor but had no choice.

Comment: Re:Terraforming potential? (Score 1) 254

by Rei (#49785427) Attached to: How To Die On Mars

First off, you're misusing temperature. You don't call it heat if all of the particles are moving in the same direction and unionized, you just call it "wind". It only becomes heat if that windstream suddenly slams into a non-moving solid surface and becomes instantly thermalized (but of course even then that would be a very short-lived event as it would correspond with a pressure rise and the deflection of the stream behind the high-pressure zone). Additionally, nor would that be the windspeed touching the surface as, obviously, wind forms boundary layers.

Secondly, hundreds of km/s from Venus escape to Mars intercept? That doesn't at all correspond to any delta-V chart I've ever seen.

Comment: Re:more govenrnment waste!! (Score 2, Informative) 335

by meta-monkey (#49784535) Attached to: Obama Asks Congress To Renew 'Patriot Act' Snooping

Not exactly. What the 2nd Circuit rules was that the bulk collection of phone records was "not authorized" by section 215 of the Patriot Act. They did not rule on the constitutionality of the program. So not "what you're doing is wrong" but "what you're doing is something nobody told you to do." Whether or not it would be constitutional to implement the program they did is left open. And with good reason...you can't rule on the constitutionality of a law that isn't written.

Consider your work at a company which has an employee agreement that the company will "respect your privacy." Lately there have been some problems with unauthorized people entering the company building, and perhaps doing nefarious things. So the leadership creates a new "Whatcha Doin'?" program, in which security guards are authorized to ask people who come through the door two questions:

1) What is your name?

2) What is your quest?

The security department takes this program and implements it. But the security chief adds another question, "What is your favorite color?"

The employees are livid and go to HR, objecting to the intrusive nature of the question. Okay, maybe it's fine to ask people coming through the door their name and their quest, but "what is your favorite color" is deeply personal information, and asking it violates the "respect your privacy" clause of the employee agreement. The security department disagrees, that asking for favorite colors is not too personal a question, and they want to keep doing it.

HR doesn't really want to get into the mess of deciding whether your favorite color is information too private for the company to ask, but they do notice, "um, hey guys...the Whatcha Doin' program doesn't authorize you to ask for favorite colors anyway, so just knock that off and we're all cool, right?"

That's basically what happened. Now, if they pass the USA Freedom Act or something else that DOES specifically authorize bulk call collection, THEN the court will be in a position to rule on whether or not bulk phone collection is constitutional.

Comment: Re:As much as possible... or none at all (Score 1) 237

by Rob Riggs (#49784355) Attached to: How Much C++ Should You Know For an Entry-Level C++ Job?
An entry-level programmer still needs to know enough about the language to get in the door: how to construct a class, class visibility, exceptions, a bit of the STL. But to me it is far more important that they know data structures, algorithms and their complexity, parallelism, OO-programming principles, functional programming principles, and show a passion for their profession. I don't expect an entry-level developer to know much about software life-cycle management, source control, unit testing, package management, C++ meta-programming, or anything of that nature. I expect them to maintain other people's code and learn from what has already been written, and from that learn all the things about software engineering that most universities completely ignore.

Comment: Every language has its gotchas (Score 1) 237

by Rei (#49784155) Attached to: How Much C++ Should You Know For an Entry-Level C++ Job?

And it's important for new programmers to learn them - more important than learning syntax.

  For C++ for example I'd warn about classes containing pointer member variables with implicitly-defined assignment operators / copy constructors. You have Foo a and Foo b, where Foobar has a member variable "int* bar". So the newbie does "a.bar = new int[100];" then later "b = a;" then later b goes out of scope, then they try to use a.bar and the program crashes. Seems to be a very common C++ newbie mistake. Eventually they learn to see pointers in class definitions as having big "DANGER" signs over them calling their attention, and/or rely on smart pointers.

Any others that people can think of that are common?

Oh, here's one more: iterator invalidation. A newbie who's not warned about this in advance will likely get bitten by it several times before the point gets driven into their head: "if you're using a class to manage memory for you, it's going to manage memory for you, including moving things around as needed."

Too much of everything is just enough. -- Bob Wier