Slashdot Mirror

← Back to Stories (view on slashdot.org)

Decade Old KDE Bug Fixed

Posted by samzenpus on from the finally-got-to-it dept.

hypnosec writes "How long does a bug take to get resolved? A week? A month? A year? Well, a bug prevalent in the KDE libraries since 2002 has finally been resolved after a decade it has been revealed. The bug was present in the "Reject Cross-Domain Cookies" feature of KDE Libraries. Thiago Macieira noted in the KDE Libraries Revision 974b14b8 that he observed that his web cookies were being forgotten following a kded restart."

17 of 129 comments (clear)

  1. Can't decide if it's embarrassing or impressive by eksith · · Score: 4, Interesting

    Maybe a little of both. Clearly, they had other priorities and this just fell through the cracks.

    "turns out that mCrossDomain was of value 127": For some reason reminds me of the time Linus blew up at Mauro a little while ago also for returning a value that makes no sense (made worse by dancing around the issue).

    --
    If computers were people, I'd be a misanthrope.
    1. Re:Can't decide if it's embarrassing or impressive by dubbreak · · Score: 5, Informative

      After RTFA (I know, broke the rules), it appears it wasn't a documented or tracked bug. It was noticed and fixed more than a decade after it was created. Pretty much non-news. If no one ever noticed or cared that their cookies were getting lost on a kde restart then how can you expect it to get fixed? If no one calls it a bug, is it actually a bug?

      I've had a similar experience. I was working with a system and found a bug that had been around since the initial system (>3 years), and jumping into the old source control (I had to crack open visual source safe since that's what they were using originally..blech ..moved to hg after I started and bitched that even cvs would be better). Basics of it were: request sent, response received but ignored/not read, retry sent, original message response used. It kicked into a retry sequence even try despite having a response. Eventually this caused issues communicating to a certain device. Put the sniffer on and voila, see double requests despite getting an immediate response. No one ever noticed because it didn't cause issues with any other devices. Yes, extra traffic on the bus, but there was plenty of bandwidth and most of the devices handled it fine. It should have been caught in original testing. When writing your own protocol to talk over serial you'd assume they'd do a little more testing than a sniff test ("oh.. looks like it's working. Good enough for production! Let's ship it!"). I spent most of my time fixing bugs and most were that old but that's the only one I can remember that you would think would have been noticed earlier.

      --
      "If you are going through hell, keep going." - Winston Churchill
    2. Re:Can't decide if it's embarrassing or impressive by SomeKDEUser · · Score: 4, Interesting

      I tend to consider my cross-domain cookies getting lost a feature. I never noticed the bug -- and I have been using KDE since before it was introduced.

      There are legitimate uses for cookies, for sure, but the vast majority of them seem to serve no other purpose than tracking me. Which is occasionally fine in the case of wikipedia or slashdot keeping me logged in, but in the vast majority of cases _not_ OK.

    3. Re:Can't decide if it's embarrassing or impressive by Enderandrew · · Score: 3, Insightful

      Reboots aren't as necessary in Linux.

      And I'm assuming that this only affects KDE cookies, so you'd only see this if you used Konqueror as your browser. I imagine most KDE users are using Firefox, Chome or another browser like that.

      --
      http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
  2. Who Cares? by terbeaux · · Score: 2

    There are bugs much older than this in the wild. Publishing this arcane factoid will just make the KDE devs feel inadequate when our bro Thiago Macieira could have earned a PhD in CS and submitted a patch herself. Can you mod an entire story -1 TROLL?

    1. Re:Who Cares? by Tailhook · · Score: 2

      open source means never having to take responsibility for releasing a shitty product

      I guess I have to agree with you. At least this place seems to be inhabited with people that believe open source is an excuse to neglect work. I pointed out a 12 year old bug fixed in the latest Mozilla release and get modded Offtopic. Mozilla developers aren't working for kudos... but damn you if you offer the slightest criticism.

      --
      Maw! Fire up the karma burner!
    2. Re:Who Cares? by Teun · · Score: 2, Insightful

      And yet you can fix your system.
      Commits are another story.

      --
      "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
  3. KDE by jones_supa · · Score: 4, Informative

    Heh, gratz for fixing that one. KDE is the best UNIX DE. Reasonably fast, relatively robust, smooth to use, and very configurable. Lots of nice apps and widgets to play with, too.

  4. Functionality wasn't affected by lbbros · · Score: 4, Informative

    If you read another developer's response to this commit you will see that the actual feature (reject cross domain cookies) was not affected by this blunder: instead the issue was completely different and only occurred when the KDE daemon was restarted.

    --
    A CC-licensed illustrated horror novel
  5. No one wants to fix unglamorous bugs by hessian · · Score: 3, Insightful

    People work on problems that are (a) fun to solve and (b) will bring them acclaim.

    Tiny, ugly, boring bugs don't do that and so in many software projects they get overlooked the longest.

    --
    Futurist Traditionalism
  6. Déjà vu... by Kelerei · · Score: 3, Informative

    ...Slashdot reported on a 25 year old BSD bug being resolved back in May 2008.

    And these are just the ones we know about -- there may be yet older bugs (particularly in proprietary, closed-source systems, where the source cannot be reviewed by the general community).

  7. Users weren't affected until recently by Bananenrepublik · · Score: 3, Insightful

    Sorry to spoil the fun, but the developer who found the bug fixed it "after a few months" according to the check-in comment. The code may have been buggy for a decade, but that doesn't mean that anybody was affected during that time. Once someone was affected (the developer), it was fixed in a much shorter timescale than this article makes you believe.

  8. What abot the many eyeballs? by williamyf · · Score: 4, Interesting

    After RTFA (I know, broke the rules), it appears it wasn't a documented or tracked bug. It was noticed and fixed more than a decade after it was created. Pretty much non-news. If no one ever noticed or cared that their cookies were getting lost on a kde restart then how can you expect it to get fixed? If no one calls it a bug, is it actually a bug?

    "With enough eyeballs all bugs are shallow" Right?
    Well, the theory of the many eyes say that someone somewhere should have noticed/reported/tracked this bug sooner rather than later.
    this comes to prove that many eyes are NOT enough. First you need more than merely many eyes, you need many QUALIFIED eyes.
    Second, you need to complement your (many) eyes with systematic test cases to so some QA, trying ad a modicum of rigor, instead of, you know, letting the QA become an ad-hoc subjective process...

    --
    *** Suerte a todos y Feliz dia!
  9. Still hope for 16 year old IE bug by raymorris · · Score: 2

    Perhaps that means there is still hope that the IE Accept bug, documented sixteen years ago, will eventually get fixed. Microsoft did release a partial workaround after fourteen years.

  10. Firefox does this all the time by rudy_wayne · · Score: 2

    Just this month, they have fixed bugs that were originally reported in 2000 and 2001.

  11. 5 more years by pmontra · · Score: 2

    This makes me hope that 2017 will be the ETA for the fix of this one :-)

    Obligatory disclaimer: no, I can't learn a new (for me) language and a new toolchain to fix it. I'll live with the bug as I did for three years.

  12. Re:Open source? by antdude · · Score: 2

    I know, but it is frustrating that no one would fix these bad bugs. :(

    --
    Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).