Decade Old KDE Bug Fixed

← Back to Stories (view on slashdot.org)

Posted by samzenpus on Sunday January 20, 2013 @05:45AM from the finally-got-to-it dept.

hypnosec writes "How long does a bug take to get resolved? A week? A month? A year? Well, a bug prevalent in the KDE libraries since 2002 has finally been resolved after a decade it has been revealed. The bug was present in the "Reject Cross-Domain Cookies" feature of KDE Libraries. Thiago Macieira noted in the KDE Libraries Revision 974b14b8 that he observed that his web cookies were being forgotten following a kded restart."

6 of 129 comments (clear)

Min score:

Reason:

Sort:

Can't decide if it's embarrassing or impressive by eksith · 2013-01-20 05:51 · Score: 4, Interesting

Maybe a little of both. Clearly, they had other priorities and this just fell through the cracks.
"turns out that mCrossDomain was of value 127": For some reason reminds me of the time Linus blew up at Mauro a little while ago also for returning a value that makes no sense (made worse by dancing around the issue).

--
If computers were people, I'd be a misanthrope.
1. Re:Can't decide if it's embarrassing or impressive by dubbreak · 2013-01-20 06:21 · Score: 5, Informative
  
  After RTFA (I know, broke the rules), it appears it wasn't a documented or tracked bug. It was noticed and fixed more than a decade after it was created. Pretty much non-news. If no one ever noticed or cared that their cookies were getting lost on a kde restart then how can you expect it to get fixed? If no one calls it a bug, is it actually a bug?
  
  I've had a similar experience. I was working with a system and found a bug that had been around since the initial system (>3 years), and jumping into the old source control (I had to crack open visual source safe since that's what they were using originally..blech ..moved to hg after I started and bitched that even cvs would be better). Basics of it were: request sent, response received but ignored/not read, retry sent, original message response used. It kicked into a retry sequence even try despite having a response. Eventually this caused issues communicating to a certain device. Put the sniffer on and voila, see double requests despite getting an immediate response. No one ever noticed because it didn't cause issues with any other devices. Yes, extra traffic on the bus, but there was plenty of bandwidth and most of the devices handled it fine. It should have been caught in original testing. When writing your own protocol to talk over serial you'd assume they'd do a little more testing than a sniff test ("oh.. looks like it's working. Good enough for production! Let's ship it!"). I spent most of my time fixing bugs and most were that old but that's the only one I can remember that you would think would have been noticed earlier.
  
  --
  "If you are going through hell, keep going." - Winston Churchill
2. Re:Can't decide if it's embarrassing or impressive by SomeKDEUser · 2013-01-20 07:08 · Score: 4, Interesting
  
  I tend to consider my cross-domain cookies getting lost a feature. I never noticed the bug -- and I have been using KDE since before it was introduced.
  There are legitimate uses for cookies, for sure, but the vast majority of them seem to serve no other purpose than tracking me. Which is occasionally fine in the case of wikipedia or slashdot keeping me logged in, but in the vast majority of cases _not_ OK.
KDE by jones_supa · 2013-01-20 06:17 · Score: 4, Informative

Heh, gratz for fixing that one. KDE is the best UNIX DE. Reasonably fast, relatively robust, smooth to use, and very configurable. Lots of nice apps and widgets to play with, too.
Functionality wasn't affected by lbbros · 2013-01-20 06:26 · Score: 4, Informative

If you read another developer's response to this commit you will see that the actual feature (reject cross domain cookies) was not affected by this blunder: instead the issue was completely different and only occurred when the KDE daemon was restarted.

--
A CC-licensed illustrated horror novel
What abot the many eyeballs? by williamyf · 2013-01-20 07:15 · Score: 4, Interesting

After RTFA (I know, broke the rules), it appears it wasn't a documented or tracked bug. It was noticed and fixed more than a decade after it was created. Pretty much non-news. If no one ever noticed or cared that their cookies were getting lost on a kde restart then how can you expect it to get fixed? If no one calls it a bug, is it actually a bug?
"With enough eyeballs all bugs are shallow" Right?
Well, the theory of the many eyes say that someone somewhere should have noticed/reported/tracked this bug sooner rather than later.
this comes to prove that many eyes are NOT enough. First you need more than merely many eyes, you need many QUALIFIED eyes.
Second, you need to complement your (many) eyes with systematic test cases to so some QA, trying ad a modicum of rigor, instead of, you know, letting the QA become an ad-hoc subjective process...

--
*** Suerte a todos y Feliz dia!