Is it just me, or has the quality of Slashdot comments devolved quite a lot in the recent months - essentially due to crap like the anonymous cowards posting in this post? It would be a shame if these idiots make it neccessary to remove anonymous posting at./ - I've seen some brilliant posts written by people who briefely coming out of lurkdom to answer something which is right in the middle of their field of expertice.
For this particular bug, seeing the actual code at least helped me to understand what was going on - and undoubtedly helped many who wrote explanations for it. I don't really need to understand the core crypto-algorithms in OpenSSL's core to understand what happened in this case.
Exactly - software is complex and sometimes shit happens. An employer who knows anything about code knows that - and he (+ the reviewer) probably won't make the same mistake again.
In this case, the code is open, so pretty much everyone understands exactly what happens, exactly how bad it is, and how to fix it. If the code wasn't open, the bug could just as well be there, except that it would be less understood, maybe never found (except by exploits), and patched more slowly (or never, or tuesday next month, or when you pay to upgrade to the newest version of the program which includes the buggy library).
Would it really be caugth *immediately* under testing? All non-corrupted & non-malicious packages have the correct length set, and thus would not trigger the bug.
I was thinking exactly the same thing - Python is already free, easier to learn and available on most platforms (heck, even my old S60 phone from ~'05 ran a Python interpreter with example programs. It was the most powerfull pocket calculator ever. You could probably do simple Python stuff on an tablet device if you really wanted to..).
The problem is the availability of teachers who know how to program, not software.
A lot of these systems are built as a normal PC controlling some expensive piece of hardware, possibly via a specialized interface board which is only supported on XP/Win9x/DOS/whatever.
Many of these systems will be running 10-15 years from now, disconnected from the internet, with a pile of dusty old PC's (with winXP/whatever installed) as spares in the backroom.
(This may very well be extended to "if the publisher doesn't make the book/movie/whatever available to a given geographical region in a reasonable format, they loose rights in that region/format")
Also agreed - especially for books etc. - if they are not available from the publisher for a "reasonable" fee, the publisher should loose their rights to deny others from publishing it (effectively loosing copyright).
I agree - the customer decided to buy a proprietary OS for something which needed indefinite-term support and is a critical function / expensive to replace, and the customer got what they payed for.
I have not (never even heard of it - it hasn't been very much adverticed here (currently living/working in France/Switzerland), but a quick check of IMDB indicates that it's a even less reliable source of information than Mythbusters:)
Most of the time it's Norwegian out of Oslo, but I also fly Lufthansa/SAS quite a bit, and occasionally KLM. The "premium" airlines are often actually cheaper than the "low cost" ones, you just have to spend 30 minutes comparing prices - expedia is great for this (but not neccessesarily book through them, the airlines are easier to deal with for changes etc. if you go through their system).
On the self-check-in machines for Norwegian, you can pick your seat, but of course you get 2nd pick after whoever paid for it. On check-in counters, they often ask "aisle or window", but I think they have the same choice as on the machines. Personally, I try to get one a bit in the back, on a 3-seater with only one other passenger on one side (or place myself and my SO on each end of such a 3-seater. If the plane is almost empty, I sometimes gamble and pick the seat in the middle of an empty 3-seater - its a pretty good chance of getting it to yourself...
I have honestly never seen a boarding card without any seat assignement - I guess they don't want all the passengers to clump in one end of the plane or something similar which would be bad for the weight distribution.
Only problem is that the overhead bins on the few last rows are often filled with crew's stuff, PA system boxes, firefigthing equipment, portable oxygen containers and a ton of other stuff. So you might end up putting it under the seat in front of you (which sucks if you're tall).
I wonder how the flight staff reacts when a passenger walks up to them and quietly tells that the guy sitting next to them is carrying a gun on the plane...
So, its really just another make-work program under the TSA? Couldn't they rather invest in a bit more effective immigration control? Last time I flew to the US, I spent ~2 hours in line for a 1 minute interview, which almost made me miss the connecting flight. Three-four guys for interviewing a few 747s takes forever (not everyone gets the 1-minute treatment - that comes with knowing the drill and being prepared for which questions they will ask + a pile of old US entry stamps in my passport).
No, not really, even if I don't think Mythbusters is the pinnacle of science & engineering. A few holes in the fuselage may even not be enough to decompress the plane, and a window would be unfortunate, but probably not too dangerous - given that the range of the plane while flying below normal altitude allows it to reach a runway. There might be some risk to wires for instrumentation etc., but I suspect the greatest risk here is to the passengers.
However, we do normally go to ridiculous lengths to ensure safety on aircraft - both in the maintenance requirements, certifications for the people involved, and what the passengers are allowed to bring aboard. Adding a guy with a gun into the mix seems inconsistent and probably more of a risk than a benefit.
Nah, I just didn't pay to much attention to it, and threw it in with the rest of the paranoia just after 9/11. Honestly, the debate here where more focused on Iraq - the right-wing governement we had at the time actually sent a few troops there (in addition to Afghanistan), and we might have been sucked into that conflict if they hadn't lost the election in '05.
But when you mention it, I do actually remember there was a ton of fuzz about allowing them to carry guns in the cabin of US-bound/-originated planes from/to our airports - a quick search reveals it still is (last article from 2011). So far, the answer has been that it's illegal, and there would be severe reprecursions to the airline (and I guess also the mashal) if they went through with it without permission.
Anyway, it's still an interesting thing to discuss - at the same time as we are banning nailclippers and toothpaste in carryon luggage, have installed solid cocpit doors (which also may have it's problems, but this is probably a better tradeoff), and the mode of passengers facing hijackers have in gone from a "stay in your seat, it's just a free trip to Cuba" to "rush'em and kill'em!" - so now, basically the only people who can hijack an aircraft are the flight crew (something which has happened a few times, last time was EA flight 702 in february). Thus I honestly don't see the need to fly around armed TSA personel - it's a waste of tax money, fuel, and probably more of a liability than a security.
Slashdot Mirror
Is it just me, or has the quality of Slashdot comments devolved quite a lot in the recent months - essentially due to crap like the anonymous cowards posting in this post? It would be a shame if these idiots make it neccessary to remove anonymous posting at ./ - I've seen some brilliant posts written by people who briefely coming out of lurkdom to answer something which is right in the middle of their field of expertice.
But never for you, who will forever live in your mother's basement, married to your right hand till death does you part.
Has there been any cases where the leaked information has been usefull in pointing out flaws which lead to patching security holes?
For this particular bug, seeing the actual code at least helped me to understand what was going on - and undoubtedly helped many who wrote explanations for it. I don't really need to understand the core crypto-algorithms in OpenSSL's core to understand what happened in this case.
Exactly - software is complex and sometimes shit happens. An employer who knows anything about code knows that - and he (+ the reviewer) probably won't make the same mistake again.
In this case, the code is open, so pretty much everyone understands exactly what happens, exactly how bad it is, and how to fix it. If the code wasn't open, the bug could just as well be there, except that it would be less understood, maybe never found (except by exploits), and patched more slowly (or never, or tuesday next month, or when you pay to upgrade to the newest version of the program which includes the buggy library).
Most software is inperfect, also non-free - even what you mention, code in control systems for areospace.
I don't think there is any precedent for claiming that non-free software is more secure than free software.
Has that happened in other cases, like when Microsoft had security holes?
Would it really be caugth *immediately* under testing? All non-corrupted & non-malicious packages have the correct length set, and thus would not trigger the bug.
So one could say that the UK had that "brilliant" idea of introducing a secound unit of the same name and dimensions but different sizes :/
Just to be clear - it's the same as 6.5 L/100 km rigth?
Who's brilliant idea was it to have two slightly different gallons, or to use a different gallon than the one already invented?
Considering the XKCD link gained a +5 insigthfull, maybe it was The Grim Reefer posting as AC?
Conspiracies, conspiracies everywhere!
A kid just learning to program probably won't jump straight into debugging multithreaded code...
I was thinking exactly the same thing - Python is already free, easier to learn and available on most platforms (heck, even my old S60 phone from ~'05 ran a Python interpreter with example programs. It was the most powerfull pocket calculator ever. You could probably do simple Python stuff on an tablet device if you really wanted to..).
The problem is the availability of teachers who know how to program, not software.
A lot of these systems are built as a normal PC controlling some expensive piece of hardware, possibly via a specialized interface board which is only supported on XP/Win9x/DOS/whatever.
Many of these systems will be running 10-15 years from now, disconnected from the internet, with a pile of dusty old PC's (with winXP/whatever installed) as spares in the backroom.
(This may very well be extended to "if the publisher doesn't make the book/movie/whatever available to a given geographical region in a reasonable format, they loose rights in that region/format")
Also agreed - especially for books etc. - if they are not available from the publisher for a "reasonable" fee, the publisher should loose their rights to deny others from publishing it (effectively loosing copyright).
I agree - the customer decided to buy a proprietary OS for something which needed indefinite-term support and is a critical function / expensive to replace, and the customer got what they payed for.
I think some AC made a nice responce here:
http://politics.slashdot.org/c...
I have not (never even heard of it - it hasn't been very much adverticed here (currently living/working in France/Switzerland), but a quick check of IMDB indicates that it's a even less reliable source of information than Mythbusters :)
Most of the time it's Norwegian out of Oslo, but I also fly Lufthansa/SAS quite a bit, and occasionally KLM. The "premium" airlines are often actually cheaper than the "low cost" ones, you just have to spend 30 minutes comparing prices - expedia is great for this (but not neccessesarily book through them, the airlines are easier to deal with for changes etc. if you go through their system).
On the self-check-in machines for Norwegian, you can pick your seat, but of course you get 2nd pick after whoever paid for it. On check-in counters, they often ask "aisle or window", but I think they have the same choice as on the machines. Personally, I try to get one a bit in the back, on a 3-seater with only one other passenger on one side (or place myself and my SO on each end of such a 3-seater. If the plane is almost empty, I sometimes gamble and pick the seat in the middle of an empty 3-seater - its a pretty good chance of getting it to yourself...
I have honestly never seen a boarding card without any seat assignement - I guess they don't want all the passengers to clump in one end of the plane or something similar which would be bad for the weight distribution.
Only problem is that the overhead bins on the few last rows are often filled with crew's stuff, PA system boxes, firefigthing equipment, portable oxygen containers and a ton of other stuff. So you might end up putting it under the seat in front of you (which sucks if you're tall).
I wonder how the flight staff reacts when a passenger walks up to them and quietly tells that the guy sitting next to them is carrying a gun on the plane...
So, its really just another make-work program under the TSA? Couldn't they rather invest in a bit more effective immigration control? Last time I flew to the US, I spent ~2 hours in line for a 1 minute interview, which almost made me miss the connecting flight. Three-four guys for interviewing a few 747s takes forever (not everyone gets the 1-minute treatment - that comes with knowing the drill and being prepared for which questions they will ask + a pile of old US entry stamps in my passport).
No, not really, even if I don't think Mythbusters is the pinnacle of science & engineering. A few holes in the fuselage may even not be enough to decompress the plane, and a window would be unfortunate, but probably not too dangerous - given that the range of the plane while flying below normal altitude allows it to reach a runway. There might be some risk to wires for instrumentation etc., but I suspect the greatest risk here is to the passengers.
However, we do normally go to ridiculous lengths to ensure safety on aircraft - both in the maintenance requirements, certifications for the people involved, and what the passengers are allowed to bring aboard. Adding a guy with a gun into the mix seems inconsistent and probably more of a risk than a benefit.
Nah, I just didn't pay to much attention to it, and threw it in with the rest of the paranoia just after 9/11. Honestly, the debate here where more focused on Iraq - the right-wing governement we had at the time actually sent a few troops there (in addition to Afghanistan), and we might have been sucked into that conflict if they hadn't lost the election in '05.
But when you mention it, I do actually remember there was a ton of fuzz about allowing them to carry guns in the cabin of US-bound/-originated planes from/to our airports - a quick search reveals it still is (last article from 2011). So far, the answer has been that it's illegal, and there would be severe reprecursions to the airline (and I guess also the mashal) if they went through with it without permission.
Anyway, it's still an interesting thing to discuss - at the same time as we are banning nailclippers and toothpaste in carryon luggage, have installed solid cocpit doors (which also may have it's problems, but this is probably a better tradeoff), and the mode of passengers facing hijackers have in gone from a "stay in your seat, it's just a free trip to Cuba" to "rush'em and kill'em!" - so now, basically the only people who can hijack an aircraft are the flight crew (something which has happened a few times, last time was EA flight 702 in february). Thus I honestly don't see the need to fly around armed TSA personel - it's a waste of tax money, fuel, and probably more of a liability than a security.