Forgot your password?

Comment: Re:Not a surprise, but no reflection of O/S vs Pro (Score 1) 131

by viperidaenz (#46774877) Attached to: Code Quality: Open Source vs. Proprietary

The more things are isolated from each other, across lots of levels (in a fractal dimension sense, perhaps) the better things are likely to be.

Language has a lot to do with that.
If your project is written in a managed language, allocated memory is always initialised first, there is no pointers arithmetic and array bounds are always checked, so it's impossible to read random data from memory.
If your project is written in C, all code has access to all memory.

Comment: Re:memset() is bad? (Score 1) 171

by viperidaenz (#46773963) Attached to: First Phase of TrueCrypt Audit Turns Up No Backdoors

This is actually tangentially related to heartbleed - if the memory had been zeroed when freed, the scope of the exploit would have been greatly reduced, as only currently allocated blocks would have been vulnerable

The blocks holding the certificate private key are always allocated, so always vulnerable.

This is completely incorrect. Until it is freed (or realloc'ed), the address returned by malloc will point to the same data, regardless of whether it is in the L1 cache, RAM, or paged to disk. Were this not the case, each program would need to implement its own MMU.

So virtual memory is completely useless, because paging to disk doesn't free up the physical RAM or other processes?

Perhaps you should have read the article linked in the article you linked.

There is SecureZeroMemory() function in the depths of Win32 API. Its description is rather concise and reads that this function overwrites a memory region with zeroes and is designed in such way that the compiler never eliminates a call of this function during code optimization.

So don't use memset to zero memory.

There is still the risk that another process reads data from RAM that another process was using, unless the OS zeros out the memory before allocating it.
That's something you can't get around in application code because you don't control the other applications.

Comment: Re:The Real Breakthrough - non auto-maker Maps (Score 2) 192

by viperidaenz (#46762595) Attached to: How Apple's CarPlay Could Shore Up the Car Stereo Industry

This won't stop the car industry.
I can't easily replace the navigation system in my car, because it controls the air-con.
The whole system is integrated in to the dash, the steering wheel controls, the trip computer and air conditioning.

There are aftermarket options on ebay, but the risk it won't work is high - The car is made in Japan with several options for air con (single/dual zone) and is visibly identical to other models made in USA which may or may not be wired the same. Added to the fact the model name of the Japanese car is the same as a completely different USA model and the one that's physically the same as a different name.

Comment: Re:memset() is bad? (Score 1) 171

by viperidaenz (#46761177) Attached to: First Phase of TrueCrypt Audit Turns Up No Backdoors

But the program performs functionally the same.
That's the rule followed when doing compiler optimisations.

memset has nothing to do with Heartbleed by the way, nor does any compiler optimisation.

You also don't guarantee the original data is overwritten. If your application is paged out of RAM before the call to memset, when it gets loaded back in to RAM it can be pointing to a different physical memory location. You're now overwriting.... something completely different.

Comment: It's spelled out isn't it? 24 months support. (Score 2) 565

by viperidaenz (#46753529) Attached to: Microsoft Confirms It Is Dropping Windows 8.1 Support

Microsoft only support the current service pack level and all those less than 24 months old for Windows Client and Server.
That's the agreement they've given to their customers.
They will drop support for 8.1 in 24 months time. .... wait a minute. They should at least update their support policy before cutting support.

What is wanted is not the will to believe, but the will to find out, which is the exact opposite. -- Bertrand Russell, "Skeptical Essays", 1928