Decade Old KDE Bug Fixed

hypnosec writes "How long does a bug take to get resolved? A week? A month? A year? Well, a bug prevalent in the KDE libraries since 2002 has finally been resolved after a decade it has been revealed. The bug was present in the "Reject Cross-Domain Cookies" feature of KDE Libraries. Thiago Macieira noted in the KDE Libraries Revision 974b14b8 that he observed that his web cookies were being forgotten following a kded restart."

Can't decide if it's embarrassing or impressive

[eksith]

Maybe a little of both. Clearly, they had other priorities and this just fell through the cracks.

"turns out that mCrossDomain was of value 127": For some reason reminds me of the time Linus blew up at Mauro a little while ago also for returning a value that makes no sense (made worse by dancing around the issue).

Re:Can't decide if it's embarrassing or impressive

[dubbreak]

After RTFA (I know, broke the rules), it appears it wasn't a documented or tracked bug. It was noticed and fixed more than a decade after it was created. Pretty much non-news. If no one ever noticed or cared that their cookies were getting lost on a kde restart then how can you expect it to get fixed? If no one calls it a bug, is it actually a bug?

I've had a similar experience. I was working with a system and found a bug that had been around since the initial system (>3 years), and jumping into the old source control (I had to crack open visual source safe since that's what they were using originally..blech ..moved to hg after I started and bitched that even cvs would be better). Basics of it were: request sent, response received but ignored/not read, retry sent, original message response used. It kicked into a retry sequence even try despite having a response. Eventually this caused issues communicating to a certain device. Put the sniffer on and voila, see double requests despite getting an immediate response. No one ever noticed because it didn't cause issues with any other devices. Yes, extra traffic on the bus, but there was plenty of bandwidth and most of the devices handled it fine. It should have been caught in original testing. When writing your own protocol to talk over serial you'd assume they'd do a little more testing than a sniff test ("oh.. looks like it's working. Good enough for production! Let's ship it!"). I spent most of my time fixing bugs and most were that old but that's the only one I can remember that you would think would have been noticed earlier.

Re:Can't decide if it's embarrassing or impressive

[wmac1]

No one noticed their cookies are removed without any reason? "IF" no one really noticed that, then I would ask myself what kind of people have been using it.

Or perhaps there were more important bugs and problems and people did not push on this one?

Re:Can't decide if it's embarrassing or impressive

Can't decide if it's embarrassing or impressive

There's a Slashdot rule about that: if we're talking about open-source, it's impressive, if not, it's embarrassing.

Re:Can't decide if it's embarrassing or impressive

[phantomfive]

Pretty near all large software has bugs in it. It's not surprising that a large codebase a decade old will have bugs a decade old. This particular bug doesn't seem to be in a code path that is executed very often, and that is where bugs hide. That's why you should make your infrequently executed code as simple as possible.

Re:Can't decide if it's embarrassing or impressive

Software is so complicated and diverse these days, it's hard to tell which is normal behaviour and which is not.

Honestly though, isn't forgetting cookies a GOOD thing?

Re:Can't decide if it's embarrassing or impressive

[SomeKDEUser]

I tend to consider my cross-domain cookies getting lost a feature. I never noticed the bug -- and I have been using KDE since before it was introduced.

There are legitimate uses for cookies, for sure, but the vast majority of them seem to serve no other purpose than tracking me. Which is occasionally fine in the case of wikipedia or slashdot keeping me logged in, but in the vast majority of cases _not_ OK.

Re:Can't decide if it's embarrassing or impressive

[suy]

Can't decide if it's embarrassing or impressive. Maybe a little of both.

Or none of the above. ;-)

Reading the reply from adawit, seems more like in some rare situations that involve restarting the "cookiejar" (the service that stores the cookies), there is possibly undefined behaviour (depending on what the compiler does).

I think is an interesting bug fix, and maybe even a nice blog post from the developer, but I don't think is worth the Slashdot frontpage, even less with that headline.

Re:Can't decide if it's embarrassing or impressive

[Enderandrew]

Reboots aren't as necessary in Linux.

And I'm assuming that this only affects KDE cookies, so you'd only see this if you used Konqueror as your browser. I imagine most KDE users are using Firefox, Chome or another browser like that.

Re:Can't decide if it's embarrassing or impressive

[lbbros]

The issue only occurred if the KDE daemon (kded) was restarted. With normal usage, this never happens (only if you are testing things, or a crash).

Re:Can't decide if it's embarrassing or impressive

[hairyfeet]

No matter whether you are embarrassed or impressed its just more proof that "many eyes" myth is just that, a total myth.

I'll get hate for saying it but fuck it frankly it has amazed me that myth has hung on as long as it did because it makes some pretty glaring assumptions that even a moment's thought would show just don't work and while I often don't agree with their conclusions on some issues one thing FOSS advocates usually do is follow logic to its conclusion.

The "many eyes" myth makes some pretty easy to punch through assumptions, 1.- That because something CAN happen means it HAS happened. This would be like claiming that somebody has climbed K2 wearing bunny slippers because theoretically somebody could climb K2 wearing bunny slippers. Just because something is POSSIBLE does NOT make it probable or even likely 2.- That all the projects out there, no matter how small or hidden from sight, will get the same attention. I bet every FOSS advocate on the planet has used LO/OO.o multiple times...show of hands, how many of you have actually LOOKED at the freely available source code? How many of you have submitted changes to that code? And that is one of the most popular FOSS programs on the planet, what are the odds that little subsystem hidden away in the middle of most distros has been read and edited by ANYBODY other than the guys maintaining it?

The ONLY real advantages source code brings has nothing to do with bugs, it has to do with that fact that 1.- if you have the skills and free time or 2.- Have the money to hire somebody else's free time and skills you can take a product that is EOL or doesn't run on the platform you want and make it do as you will. LO doesn't run on MIPS? You can port it or pay somebody to port it. For some reason you need Gnome 1 to run on the latest kernel? You can hire a dev team and make it so. But that doesn't magically do a damned thing about bugs, as this along with the KDELook malware or the fact that even kernel.org ended up hacked proves. Having code has its advantages but making bugs disappear? NOT one of them.

Oh and I'm sorry but the "Linus rant" was a Christian Bale douchebag rant that was completely uncalled for. The guy was working on an extremely complex subsystem with some pretty serious issues, he asks a simple question about why a value returned HAS to be X while pointing out that in the subsystem he is working on dozens of drivers do NOT return X so the application in question is gonna fucking crash anyway, and instead of taking the exact same amount of time to say "It has to be thus because" he goes superdouche. I'm sorry but I don't care if you are Bob the mailman or the fucking pope, nobody gets a license to be a douchebag and that rant was total douchebag. It was quite obvious the little prick just expects a "yes master" to anything he says, no questions asked, and when this guy dares to ask what is frankly a damned good question he gets shit on? Nope, sorry, Linus is a douchebag and deserved to be called on it.

Re:Can't decide if it's embarrassing or impressive

[vurian]

Ah, right. So the fact that this bug was caught means that the idea that opening the source for lots of people to check out means bugs get caught is false? In other words, the fact that this bug was caught means the idea that bugs get caught is wrong?

Re:Can't decide if it's embarrassing or impressive

[Samantha+Wright]

'Many eyes' is a statistically valid principle, just over-trusted. You're right that it's not a guarantee that bugs will be found, understood, and fixed more quickly as staff are added, but as long as developers (and testers) aren't slacking off due to herd mentality effects, the rate of finding bugs cannot be any worse than it is with fewer people. It's a submodular function.

...also, if you have an infinite number of programmers reviewing the code at the same time, however, it is certain that all bugs will be diagnosed and fixed. Possibly instantaneously. So that's a theoretically nice result.

Re:Can't decide if it's embarrassing or impressive

[TubeSteak]

"turns out that mCrossDomain was of value 127": For some reason reminds me of the time Linus blew up at Mauro a little while ago also for returning a value that makes no sense (made worse by dancing around the issue).

So what should the value have been?

Re:Can't decide if it's embarrassing or impressive

[buchner.johannes]

false. But I don't understand how it ever became 127, because it is of type boolean.

Re:Can't decide if it's embarrassing or impressive

But he's not wrong.

Re:Can't decide if it's embarrassing or impressive

[hairyfeet]

The FOSSies can waste mod points all the want, doesn't change the fact that its a myth and easily shown to be false. did you forget the bug that was in Debian SIX YEARS before anybody caught it? Or the blatant malware in Q3 Arena that was downloaded countless times and sat in the repos of ALL the major distros for a year and a fricking half before anybody noticed they were all being pwned?

Again you and those that advocate this myth are falling for the assumption because something CAN occur that it HAS occurred. want proof that don't happen? How many fucking Man pages in Linux are placeholders? that is a job that frankly ANYBODY can do, don't need coding experience to write a Man page, yet for most of those that have placeholders it just won't get done.

For the "many eyes" myth to hold true you would have to accept several assumptions that real life simply don't bear out, 1.- That people will download and inspect the code. Again answer my question, have YOU inspected the LO code? Even once? That is one of the most popular programs in FOSS land but I bet out of ALL the geeks on /. the number that have actually downloaded and inspected that code could be counted on one hand. Now if that is the case with one of the most popular apps ON THE PLANET how many do you think have looked at the little pissling ass subsystems and little programs that nobody even think about but which are including in every distro, things like say the clock or the calendar or the theme program? I bet my last dollar if they keep logs you'd find almost NOBODY has downloaded the actual source and there hasn't been jack shit as far as submissions by anybody but the guys that actually maintain the thing.

2.- That people that actually have the skills and experience to do meaningful code reviews are actually gonna spend their free time doing code reviews on this stuff. Do you have ANY idea how many years of coding experience it takes to be able to look at a VERY complex program like LO or Gimp or any of the other dozens of programs included in most distros and to be able to spot errors or problems? Have you ever looked at the winners of the obfuscated C contest? In that contest you KNOW there is malware in the code but frankly unless you have a high enough level of coding skill to instruct classes in C I seriously doubt you would spot it. The guys that actually do have that level of skill are frankly in high demand and free time? Not something they have a lot of so I seriously doubt that they are gonna want to sit around doing code reviews.

3.- That there are enough people out there WITH the skills to spot bugs AND the willingness to do it to keep up with the avalanche of new programs being added to the repos weekly. Hell if we even limit it to JUST the programs that are included in most distros when you figure in all the little sub-programs if it numbers less than 10,000 I'd frankly be amazed. Again go download the code to some of the popular programs like Gimp or LO or even the smaller ones like Abiword or Gnumeric and see just how many fucking pages of code we are talking about here, no way in hell you are gonna get enough highly skilled volunteers to go through that many densely coded programs even once a decade and again I bet for the vital but lesser known programs they probably haven't had a single person not on the dev team that has actually done a meaningful code review of the source code.

So I'm sorry but "many eyes" just doesn't hold up to even the most cursory of logic and you can waste all the modpoints you want but black isn't white, straw isn't gold, and many eyes is bullshit. THAT DOES NOT MEAN that not having the code is somehow "better" or that having the code doesn't give you some pretty powerful advantages, as I said if you want say Abiword to run on MIPS you can port it or pay to have it ported, if you need a program that has been EOLed like gnome 2 you can get like minded people together and keep it going, both of which are pretty powerful advantages. It simply means that "many eyes"

Re:Can't decide if it's embarrassing or impressive

[F.Ultra]

Actually in reality many people carry out all your points. For example where I work we routinely perform source code scrrening of all the software that we use for mission critical stuff. And I do not believe that we are alone in doing that.

Further the very fact that the FOSS projects have their sources available means that all companies that develop source code validations services (like Coverty) screens lots of FOSS sources for free during their development of their products since that is the only massive amount of code that they have access to.

Add to that that the very bug you are replying to (the KDE bug) was found and also patched, it doesn't matter how long it took from when the bug was introduced and when it was discovered, it was still found and patched due to it beeing open sourced.

Re:Can't decide if it's embarrassing or impressive

[unixisc]

Winshill? Have you even read what he's been saying about Microsoft, Ballmer and Windows 8 lately?

Re:Can't decide if it's embarrassing or impressive

[unixisc]

The source code advantage as far as bugs go is that if someone finds it, and has the skill or the money to hire that skill, one can discover where that bug is and fix it. You are right - it is more of a theoretical possibility than an actual probability, but still, even for this, having the source code for all the software one has is better than not having it. That way, if one finds the bug and has the skills to know where to look and what to do, one can debug the stuff. Not possible w/ closed source, where one would have to send it back to the vendor.

I do agree that the biggest advantage of open source is that the software licensee has the power to decide where he wants to port the software, customize and extend it according to his needs and not have someone like HP force him to buy Itanics when he doesn't need it.

Re:Can't decide if it's embarrassing or impressive

[BrokenHalo]

Does anyone actually use konqueror? I can't imagine why, it's horrible. That said, I have no beef about the rest of KDE, though I really did hate it for many years when it was kluttered and kfucking kfugly, but now it is as elegant, feature-rich and usable as I could wish for...

...Unlike Gnome, of which I really was a big supporter since ~1997 but which since version 3.0 is (for good reason) about as popular as a dose of the clap.

Re:Can't decide if it's embarrassing or impressive

[BrokenHalo]

If no one ever noticed or cared that their cookies were getting lost on a kde restart then how can you expect it to get fixed?

Since I don't use konq, I never noticed this bug, but in any case I would call this a feature, since I actually use a script to routinely delete any cookies files. While I realise cookies might be delicious, I don't care to be tracked by friends of acquaintances, so (as far as is conveniently possible) I don't choose to let them.

Re:Can't decide if it's embarrassing or impressive

[hobarrera]

Reboots aren't as necessary in Linux.

Sure, if you want to run the same kernel for the rest of your life, that's true.

Re:Can't decide if it's embarrassing or impressive

[Enderandrew]

http://www.ksplice.com/

You can even swap kernels without a reboot.

Re:Can't decide if it's embarrassing or impressive

[Blaskowicz]

I had to reboot lately, because Firefox was a zombie process and still taking 1.5G of memory. Its parent was init. For the first time, I did a kill -1 -9 to see what happens (kills everything but init) this gives you a black screen and losing all input to do anything with the computer. I should haved killed init to see what happens lol.

Doing something without reboot is also a test on your admin skills (I'm sure a user barely able to edit /etc/fstab will just reboot instead of doing a mount -a, and so on.)

Re:Can't decide if it's embarrassing or impressive

[fnj]

I did a kill -1 -9 to see what happens (kills everything but init)

Um, pretty sure that should be kill -9 -1

Re:Can't decide if it's embarrassing or impressive

[dubbreak]

Reboots aren't as necessary in Linux.

My thoughts exactly. I pretty much never rebooted my Linux desktop. Laptop.. yes because hibernate didn't work right.

Some people also set their browser to delete cookies every time they close the browser (I usually set one to do this so I have something clean for testing).

Who Cares?

[terbeaux]

There are bugs much older than this in the wild. Publishing this arcane factoid will just make the KDE devs feel inadequate when our bro Thiago Macieira could have earned a PhD in CS and submitted a patch herself. Can you mod an entire story -1 TROLL?

Re:Who Cares?

yeah because users should have to get a phd in cs and fix the bugs themselves! open source fukken r00lz dude!!!1

open source means never having to take responsibility for releasing a shitty product...

Re:Who Cares?

[DRJlaw]

Publishing this arcane factoid will just make the KDE devs feel inadequate when our bro Thiago Macieira could have earned a PhD in CS and submitted a patch herself. Can you mod an entire story -1 TROLL?

Embarrassing != Troll.

There are bugs much older than this in the wild.

And those projects, whether run as open source or owned by Microsoft or owned by some other closed source shop, should be embarrassed as well. If the bugs are that longstanding, public shaming is probably the only motivation left to drive them to be fixed.

Re:Who Cares?

[Tailhook]

open source means never having to take responsibility for releasing a shitty product

I guess I have to agree with you. At least this place seems to be inhabited with people that believe open source is an excuse to neglect work. I pointed out a 12 year old bug fixed in the latest Mozilla release and get modded Offtopic. Mozilla developers aren't working for kudos... but damn you if you offer the slightest criticism.

Re:Who Cares?

[amiga3D]

Really? I mean I guess I'm glad it's fixed but of all the problems this has to be among the most minor. Amnesia over web cookies is right up there with "there is a speck of dust on my shoe lace." Hell it could even be considered a feature.

Re:Who Cares?

[rudy_wayne]

With Open Source, if a bug is a real problem, then you can fix it.

Wrong. This is the big lie of Open Source.

• I can submit a bug, but I can't force them to fix it. I have submitted many bugs to various open source projects over the years and none of them have ever been fixed.
  I can write a patch but I can't force them to accept it. Which makes sense -- you can't have random people messing with your code.
  I can only write a patch if I am proficient in whatever language they are using AND I am intimately familiar with the code base so that I know where to look.

Unless you are an expert programmer, with commit access to the codebase, open source is meaningless.

Re:Who Cares?

[Teun]

And yet you can fix your system.
Commits are another story.

Re:Who Cares?

[Runaway1956]

Arrogant and patronising?

Many of us would agree that it is YOU who is arrogant. You seem to assume that the software should function just as you demand that it should, and that when it does not, someone else is at fault. We can make an argument that you are part of the Great American Instant Gratification generation.

So, you can't program. Or, maybe you can program, but don't have the time or the skill to fix the problem that really bothers you. You have heard of the bounty system?

Here's a blurb on one bounty system: http://www.insanitybit.com/2012/08/14/chrome-beefs-up-its-rewards-program-bigger-bounty/

Re:Who Cares?

[NotBorg]

Unless you are an expert programmer, with commit access to the codebase, open source is meaningless.

Thanks. I keep trying to tell everyone that open source software is written by experts. It's nice to finally get some affirmation.

Re:Who Cares?

[F.Ultra]

Regardsless of your knowledge, you still have the possibility to fix it (the can bit). The difference is that with closed software you cannot even if you would know how.

Re:Who Cares?

[hobarrera]

It's not just open source: the truth is, windows doesn't have a bug tracker, so you can't see really old bugs.
Windows 7 won't allow users to open/delete/move/do-anything-else on files with some particular characters in their filename. This bug has existed since DOS, so it's actually around two decades old.

Answering the obvious

How long does a bug take to get resolved? A week? A month? A year?

You said "decade old" in the title, dumbass!

KDE

[jones_supa]

Heh, gratz for fixing that one. KDE is the best UNIX DE. Reasonably fast, relatively robust, smooth to use, and very configurable. Lots of nice apps and widgets to play with, too.

Re:KDE

[toddestan]

KDE is better because it has much better hardware support.

Re:KDE

[Blaskowicz]

Do I need a SSD to run it? I run my OS on an old IDE drive (data, not /home on a 160GB one) and have a stack of those if I want to try something different.
If I want to try it, and PC-BSD 9.1 or Linux Mint 14 KDE should be awesome OSes, I'd like to have the databases enabled (interfaced with whatever IM/mail/contacts/"PDA" stuff) as it's like the main feature of KDE along with kio slaves. But if I invest time into using it (after learning how to disable the animations crap and the tabbed start menu), and it turns into a slow piece of crap then I will have wasted my time. I dumped Windows 7 because it did too much I/O and that was on a 1TB drive.

Re:KDE

[jones_supa]

I have tested this. KDE is very responsive with a mechanical hard drive too. It seems to preload a lot of stuff into RAM.

Restarting KDE

Restarting KDE every ten years sounds about right.

Decade old GNOME bug not fixed

https://bugzilla.gnome.org/show_bug.cgi?id=121113

Re:common

[jones_supa]

Mozilla also fixed an over decade old bug in Firefox 18 (prevent sending insecure requests from a secure context).

Functionality wasn't affected

[lbbros]

If you read another developer's response to this commit you will see that the actual feature (reject cross domain cookies) was not affected by this blunder: instead the issue was completely different and only occurred when the KDE daemon was restarted.

No one wants to fix unglamorous bugs

[hessian]

People work on problems that are (a) fun to solve and (b) will bring them acclaim.

Tiny, ugly, boring bugs don't do that and so in many software projects they get overlooked the longest.

Re:Who Cares? - People that use KDE maybe ?

[Runaway1956]

Did you file a bug report? No? Then you didn't care very damned much.

Déjà vu...

[Kelerei]

...Slashdot reported on a 25 year old BSD bug being resolved back in May 2008.

And these are just the ones we know about -- there may be yet older bugs (particularly in proprietary, closed-source systems, where the source cannot be reviewed by the general community).

Pssst. Mozilla...

Don't start asking about the number of decade-plus bugs that exist in Thunderbird. More than I could count on my entire family, or probably even entire workplace teams fingers and toes.

Users weren't affected until recently

[Bananenrepublik]

Sorry to spoil the fun, but the developer who found the bug fixed it "after a few months" according to the check-in comment. The code may have been buggy for a decade, but that doesn't mean that anybody was affected during that time. Once someone was affected (the developer), it was fixed in a much shorter timescale than this article makes you believe.

What abot the many eyeballs?

[williamyf]

After RTFA (I know, broke the rules), it appears it wasn't a documented or tracked bug. It was noticed and fixed more than a decade after it was created. Pretty much non-news. If no one ever noticed or cared that their cookies were getting lost on a kde restart then how can you expect it to get fixed? If no one calls it a bug, is it actually a bug?

"With enough eyeballs all bugs are shallow" Right?
Well, the theory of the many eyes say that someone somewhere should have noticed/reported/tracked this bug sooner rather than later.
this comes to prove that many eyes are NOT enough. First you need more than merely many eyes, you need many QUALIFIED eyes.
Second, you need to complement your (many) eyes with systematic test cases to so some QA, trying ad a modicum of rigor, instead of, you know, letting the QA become an ad-hoc subjective process...

Re:What abot the many eyeballs?

[Sigg3.net]

Well, relevance will probably have something to do with how many eyes etc.

Security and stability bugs have many eyes looking.

Still hope for 16 year old IE bug

[raymorris]

Perhaps that means there is still hope that the IE Accept bug, documented sixteen years ago, will eventually get fixed. Microsoft did release a partial workaround after fourteen years.

Firefox does this all the time

[rudy_wayne]

Just this month, they have fixed bugs that were originally reported in 2000 and 2001.

browser cookies being forgotten

[scourfish]

This is not a bug to me

Re:KDE is known for bugs ...

[blackpaw]

Because its very hard to reproduce, non of the reporters could come up with a reliable way of doing other than "On my system". I myself used to see that bug until kde 4.8. Have never seen it since.

Open source?

[antdude]

How come no took over these very old issues to fix? Did no one care for them? :( I would fix them if I could code.

Re:Open source?

[Tough+Love]

How come no took over these very old issues to fix? Did no one care for them? :( I would fix them if I could code.

If it was proprietary software it would have been EOLed by now. Open source... just keeps getting better. You can't unopen it.

Re:Open source?

[antdude]

I know, but it is frustrating that no one would fix these bad bugs. :(

Re:Open source?

[Tough+Love]

it is frustrating that no one would fix these bad bugs.

I guess the bug was not very bad, which you can confirm by RTFA. More to the point: if a bug goes ten years in open source, that's a news item. In proprietary software it's par for the course.

That long to fix?

[fahrbot-bot]

I didn't know the Oracle Java development team also worked on KDE.

Re:That long to fix?

[laffer1]

That's not fair. KDE eventually fixed the bug.

Re:Atleast it is better than an unfixed Windows bu

[Tough+Love]

The quality of Slashdot comments has really gone downhill.

Really? I liked that one. Droll wit indeed. Deserves upmodding.

Certainly not the worst example

[Mehmet+Kse]

Take a look at this one: http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/128587

One byte, two years.

By the way, how can one say FreeBSD a state-of-the-art system, they used *this* installer for twenty years.
- Hey, we've got a new mirror, let's recompile!

5 more years

[pmontra]

This makes me hope that 2017 will be the ETA for the fix of this one :-)

Obligatory disclaimer: no, I can't learn a new (for me) language and a new toolchain to fix it. I'll live with the bug as I did for three years.

Not newsworthy

[Frankie70]

Anyone who has worked on large projects knows that a lot of bugs keep getting punted year after year because they aren't serious, affect very few users etc.

Yeah, but how long

[TheABomb]

has the "ksirtet is no longer in kdegames bug" been ongoing?

Re: Atleast it is better than an unfixed Windows b

[chromas]

I'm sure he meant Propeciatory—as in, "Linux makes you grow a beard".

I can beat that...

[seebs]

I reported a bug, which was accepted, in NeXTStep 0.8 or so. Last I checked, it's still in OS X. (LoginWindow won't let you enter control characters as part of a password.)

Whaaaa?

[Safety+Cap]

How the fuck can a text file track you or do anything at all?

Easy: give it some duct tape and a magnifying glass, then stand back.

Re:Atleast it is better than an unfixed Windows bu

[RockDoctor]

I hope they remove networking capability next

That's a necessity to prevent hacking of the Internet from our OS, for which we remain criminally liable.

and maybe add more DRM.

We just need to ensure that the decryption keys are only ever issued on a robust one-time-use policy over the network, after the user has paid their pay-per-view fees for that viewing of the content. As our corporate customers have been demanding for years. We've got to get rid of the current thing of storing the keys on the media itself, because those hackers will always find a way to break such a scheme.

Regards, Bill

(But Steve, you've been in post for a decade or so now, and I'm retired. So why am I having to wipe your arse on basic topics like this. And what are you doing with that chai $£&$^$£&* NO CARRIER

You fixed it for yourself... +1

[mrflash818]

You fixed it for yourself... +1