The article, headline, story and comments are all bullshit.
Assuming the graph is not also bullshit, the correct story is that in the first 6 months of 2014 (1H 2014 on the graph), IE has had more vulnerabilities than all of 2013. IF this keeps up, then by the end of 2014, IE will have had more than a 100% increase in the number of vulnerabilities over last year.
Re:"Just let me build a bridge!"
on
'Just Let Me Code!'
·
· Score: 4, Insightful
When you want to build a bridge, you don't just throw a bunch of construction workers at it and trust them to make the best judgements, even though you might trust each one of them individually to build a sawhorse or something equally trivial.
You also don't have the president of the company come in and declare that this week we're switching to agile bridge building and fuck six, we're going to seven sigmas so we can be on the bleeding edge and shift our paradigms into high gear to synchronize our release schedule and get out ahead of the pack as we swing around the final stretch into the processification.
But just no, to the conversation mirror - most parents already don't keep their eyes on the road, we don't need to give them another excuse.
Ah, memories of my childhood. Things like my father flying down the freeway at 60 turning around in his seat and screaming "You look at me when I'm talking to you boy!" while everyone else screamed about oncoming traffic.
At the time I learned to drive, I considered my greatest achievement was being able to hold a conversation without looking at the person I'm speaking with.
That's also seen in bad console ports, by the way.
I've long since overcome my motion sickness (mom's van came with multiple barf buckets), but watching the screen move like I flicked google maps and it slowly pans to a stop (especially in any kind of curved motion) tickles the part of my brain that says "stop that, it's trying to make you sick".
Only if the master process quit after forking twice. This is not typical
No, this IS typical. The double fork allows the original process to interact with the user ("Enter your private key password:"), then exit and return 0 to the init script so init can print [ OK ] on your console.
The middle process needs to close file descriptors and do other cleanup then fork and die, causing the final process to become re-parented to init. Init then becomes responsible for cleaning it up if it dies, so it won't become a zombie.
OpenSSL's RNG is used in many places separately from the SSL communication protocol itself, sometimes just for encryption in general (S/MIME) or sometimes someone just wants really random bytes.
Many servers fork twice in order to reparent to init, repeated forking is a common idiom in unixland.
Apache with MPM-prefork forks a bunch of children from a master process, which is typically itself a descendant of apachectl. In apache's case, this shouldn't be a problem since the "master-process-rng" would have recognized the fork and reinitialized on the first openssl connection, so the children are protected because they cannot have the same PID as the master-process.
Where it would be a problem would be an application or daemon that starts up, initializes the RNG, forks twice, then without this fork touching the RNG, starts forking children to do something random (say, encrypting one file per process or establishing a single SSL connection per process or something). Without having the RNG reset by the master process, one in 65534 or so processes will have the exact same RNG, because it will have inherited the original RNG untouched and be assigned the PID that created the RNG.
Ahahaha whoa there now, slow down sonny. Those regulations are there for a reason, mostly to keep people from competing against me and to make sure that nobody smokes anything I wouldn't openly admit to smoking. Let's back up to that low taxes thing.
I went across the street and told my elderly neighbours (both have since passed) who had survived the great depression and served in world war 2 that no, they had seen worse in the world, and it wasn't going to end, all they had to do was change the batteries in their smoke detectors and get a good nights sleep.
Well THERE'S the problem right there! Your neighbors were in charge of fixing the DMV's software!
Except that the crime is assault. I think it shouldn't be a charge of its own, but I see no problem with a zeroth degree murder charge or assault with a racist insult.
Actually, I've personally witnessed drivers screw up at these intersections by watching the wrong cues. A few months ago a driver rolled out into the middle of the intersection because they thought that when the cross traffic light turned red, our light would turn green (no, the left-turn only lane light goes first after cross traffic). I know that's what they did because I was watching the light too, except this is the last intersection before I get home so I know what the light pattern is. Because the light pattern changes depending on time of day and whatever bug crawled up the traffic engineer's ass that week, when you're watching the other lights, you still have to verify your light before you go.
Ideally we'd get our own countdown timer to let us know whenever the signal is going to change. Staring at a red light for 45 seconds is boring, you can go ahead and insist that we change human nature, or you can go with human nature and give us something to pay attention to.
there's no real difference between the business and its owners.
Oh, wait, nevermind, as soon as someone sues them there'll suddenly be a "real difference" again and mommy government will ride in to save them from their actions.
What's next? A coptic efficiency expert? An Irish peacemaker?
A "religion" selling whatever religious views you want your company to become an adherent to. For $10 million, your company can "believe" that minimum wage is evil, or that dioxin regulations are the spawn of the devil.
The number of people who don't get hired because the shrub in their front yard is trimmed crooked is considerably lower than the number of people who don't get hired because they have MS, cancer or some other chronic disease that will cost the company's insurer big bucks and drive up the cost of insurance and cost the company in lost productivity when they're incapacitated. Oh sorry, I meant, don't get hired because they "aren't a good fit with the company culture".
Slashdot Mirror
what does this mean.
http://en.wikipedia.org/wiki/R...
The article, headline, story and comments are all bullshit.
Assuming the graph is not also bullshit, the correct story is that in the first 6 months of 2014 (1H 2014 on the graph), IE has had more vulnerabilities than all of 2013. IF this keeps up, then by the end of 2014, IE will have had more than a 100% increase in the number of vulnerabilities over last year.
You also don't have the president of the company come in and declare that this week we're switching to agile bridge building and fuck six, we're going to seven sigmas so we can be on the bleeding edge and shift our paradigms into high gear to synchronize our release schedule and get out ahead of the pack as we swing around the final stretch into the processification.
If it's not exactly the same then what we've got wouldn't be very useful.
I'm with the "destroy it" crowd. If someone attacks us with smallpox, nuke the fuck out of them.
Ah, memories of my childhood. Things like my father flying down the freeway at 60 turning around in his seat and screaming "You look at me when I'm talking to you boy!" while everyone else screamed about oncoming traffic.
At the time I learned to drive, I considered my greatest achievement was being able to hold a conversation without looking at the person I'm speaking with.
If you believe that's not a scam then boy do I have a deal for you! One bridge*, slightly used!
That's also seen in bad console ports, by the way.
I've long since overcome my motion sickness (mom's van came with multiple barf buckets), but watching the screen move like I flicked google maps and it slowly pans to a stop (especially in any kind of curved motion) tickles the part of my brain that says "stop that, it's trying to make you sick".
Only if the master process quit after forking twice. This is not typical
No, this IS typical. The double fork allows the original process to interact with the user ("Enter your private key password:"), then exit and return 0 to the init script so init can print [ OK ] on your console.
The middle process needs to close file descriptors and do other cleanup then fork and die, causing the final process to become re-parented to init. Init then becomes responsible for cleaning it up if it dies, so it won't become a zombie.
Step-by-step "how to daemon" guide here.
This is apparently my president's nightmare because he will call me at midnight and ask me when our domains and SSL certs expire.
OpenSSL's RNG is used in many places separately from the SSL communication protocol itself, sometimes just for encryption in general (S/MIME) or sometimes someone just wants really random bytes.
Many servers fork twice in order to reparent to init, repeated forking is a common idiom in unixland.
Apache with MPM-prefork forks a bunch of children from a master process, which is typically itself a descendant of apachectl. In apache's case, this shouldn't be a problem since the "master-process-rng" would have recognized the fork and reinitialized on the first openssl connection, so the children are protected because they cannot have the same PID as the master-process.
Where it would be a problem would be an application or daemon that starts up, initializes the RNG, forks twice, then without this fork touching the RNG, starts forking children to do something random (say, encrypting one file per process or establishing a single SSL connection per process or something). Without having the RNG reset by the master process, one in 65534 or so processes will have the exact same RNG, because it will have inherited the original RNG untouched and be assigned the PID that created the RNG.
with fewer regulations for everyone
Ahahaha whoa there now, slow down sonny. Those regulations are there for a reason, mostly to keep people from competing against me and to make sure that nobody smokes anything I wouldn't openly admit to smoking. Let's back up to that low taxes thing.
performance impact or benefit
When gaming, performance = Frames Per Second. It was neither positively nor negatively changed by using a discrete sound card.
Well THERE'S the problem right there! Your neighbors were in charge of fixing the DMV's software!
"Here, hold this wrench a second"
The worse thing that could happen to a view screen is that it gets so smashed up
Well, no, the worst thing is that it falls out, and so does the pilot. http://en.wikipedia.org/wiki/B...
Except that the crime is assault. I think it shouldn't be a charge of its own, but I see no problem with a zeroth degree murder charge or assault with a racist insult.
Actually, I've personally witnessed drivers screw up at these intersections by watching the wrong cues. A few months ago a driver rolled out into the middle of the intersection because they thought that when the cross traffic light turned red, our light would turn green (no, the left-turn only lane light goes first after cross traffic). I know that's what they did because I was watching the light too, except this is the last intersection before I get home so I know what the light pattern is. Because the light pattern changes depending on time of day and whatever bug crawled up the traffic engineer's ass that week, when you're watching the other lights, you still have to verify your light before you go.
Ideally we'd get our own countdown timer to let us know whenever the signal is going to change. Staring at a red light for 45 seconds is boring, you can go ahead and insist that we change human nature, or you can go with human nature and give us something to pay attention to.
How about doing what other countries do and giving drivers our own damn timers to let us know when our lights are going to change?
Now that you've proposed it, someone's going to hack a language entirely out of smileys.
If this actually sticks:
Oh, wait, nevermind, as soon as someone sues them there'll suddenly be a "real difference" again and mommy government will ride in to save them from their actions.
What's next? A coptic efficiency expert? An Irish peacemaker?
A "religion" selling whatever religious views you want your company to become an adherent to. For $10 million, your company can "believe" that minimum wage is evil, or that dioxin regulations are the spawn of the devil.
The number of people who don't get hired because the shrub in their front yard is trimmed crooked is considerably lower than the number of people who don't get hired because they have MS, cancer or some other chronic disease that will cost the company's insurer big bucks and drive up the cost of insurance and cost the company in lost productivity when they're incapacitated. Oh sorry, I meant, don't get hired because they "aren't a good fit with the company culture".
The NSA should have put a clause in his employment contract preventing him from competing against them for the next X years.
Why would anyone sell shovels? If it was profitable, they'd dig everything themselves.
Actually, the real profit is in licensing the shovels with a per-scoop fee.
To put it bluntly, heartbleed was exciting and in security, exciting is bad.