Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Decade Old KDE Bug Fixed

samzenpus posted about 2 years ago | from the finally-got-to-it dept.

Bug 129

hypnosec writes "How long does a bug take to get resolved? A week? A month? A year? Well, a bug prevalent in the KDE libraries since 2002 has finally been resolved after a decade it has been revealed. The bug was present in the "Reject Cross-Domain Cookies" feature of KDE Libraries. Thiago Macieira noted in the KDE Libraries Revision 974b14b8 that he observed that his web cookies were being forgotten following a kded restart."

cancel ×

129 comments

Sorry! There are no comments related to the filter you selected.

Atleast it is better than an unfixed Windows bug (-1, Flamebait)

jkrise (535370) | about 2 years ago | (#42640281)

After Windows95, the operating system gets in my way, when I try to run application programs on it. Still not resolved - in fact it got progressively worse with Vista; reduced somewhat in Windows 7, and is back in full force in Windows 8. Instead of solving the bug, I think the developers have renamed it to 'feature'. Does that count?

Re:Atleast it is better than an unfixed Windows bu (1, Troll)

binarylarry (1338699) | about 2 years ago | (#42640329)

I've been asking them to get rid of the Start Menu for years and they finally did it with a recent release.

I hope they remove networking capability next and maybe add more DRM.

@SteveBallmer @Microsoft

Re:Atleast it is better than an unfixed Windows bu (0)

Anonymous Coward | about 2 years ago | (#42640403)

The quality of Slashdot comments has really gone downhill.

Re:Atleast it is better than an unfixed Windows bu (0)

Anonymous Coward | about 2 years ago | (#42640579)

No, it's about the same. There is just more of them. Moderation doesn't scale well.

Re:Atleast it is better than an unfixed Windows bu (0)

Runaway1956 (1322357) | about 2 years ago | (#42640599)

I hadn't noticed, actually. Of course, the world-famous Anonymous Coward has been here much longer than I have. With a UID of zero, I guess you would know!

Re:Atleast it is better than an unfixed Windows bu (1)

Tough Love (215404) | about 2 years ago | (#42642013)

The quality of Slashdot comments has really gone downhill.

Really? I liked that one. Droll wit indeed. Deserves upmodding.

Re: Atleast it is better than an unfixed Windows b (0)

Anonymous Coward | about 2 years ago | (#42640911)

Good job you're all reading the source and making your contributions. Except you're not.

Linux may as well be propitiatory for most of its users

Re: Atleast it is better than an unfixed Windows b (0)

Anonymous Coward | about 2 years ago | (#42642561)

propitiatory? How do you pronounce that, Ballmer-boy?

Re: Atleast it is better than an unfixed Windows b (1)

chromas (1085949) | about 2 years ago | (#42644843)

I'm sure he meant Propeciatory—as in, "Linux makes you grow a beard".

Can't decide if it's embarrassing or impressive (4, Interesting)

eksith (2776419) | about 2 years ago | (#42640297)

Maybe a little of both. Clearly, they had other priorities and this just fell through the cracks.

"turns out that mCrossDomain was of value 127": For some reason reminds me of the time Linus blew up at Mauro a little while ago also for returning a value that makes no sense (made worse by dancing around the issue).

Re:Can't decide if it's embarrassing or impressive (5, Informative)

dubbreak (623656) | about 2 years ago | (#42640493)

After RTFA (I know, broke the rules), it appears it wasn't a documented or tracked bug. It was noticed and fixed more than a decade after it was created. Pretty much non-news. If no one ever noticed or cared that their cookies were getting lost on a kde restart then how can you expect it to get fixed? If no one calls it a bug, is it actually a bug?

I've had a similar experience. I was working with a system and found a bug that had been around since the initial system (>3 years), and jumping into the old source control (I had to crack open visual source safe since that's what they were using originally..blech ..moved to hg after I started and bitched that even cvs would be better). Basics of it were: request sent, response received but ignored/not read, retry sent, original message response used. It kicked into a retry sequence even try despite having a response. Eventually this caused issues communicating to a certain device. Put the sniffer on and voila, see double requests despite getting an immediate response. No one ever noticed because it didn't cause issues with any other devices. Yes, extra traffic on the bus, but there was plenty of bandwidth and most of the devices handled it fine. It should have been caught in original testing. When writing your own protocol to talk over serial you'd assume they'd do a little more testing than a sniff test ("oh.. looks like it's working. Good enough for production! Let's ship it!"). I spent most of my time fixing bugs and most were that old but that's the only one I can remember that you would think would have been noticed earlier.

Re:Can't decide if it's embarrassing or impressive (1)

wmac1 (2478314) | about 2 years ago | (#42640551)

No one noticed their cookies are removed without any reason? "IF" no one really noticed that, then I would ask myself what kind of people have been using it.

Or perhaps there were more important bugs and problems and people did not push on this one?

Re:Can't decide if it's embarrassing or impressive (1)

Anonymous Coward | about 2 years ago | (#42640657)

Software is so complicated and diverse these days, it's hard to tell which is normal behaviour and which is not.

Honestly though, isn't forgetting cookies a GOOD thing?

Re:Can't decide if it's embarrassing or impressive (4, Interesting)

SomeKDEUser (1243392) | about 2 years ago | (#42640801)

I tend to consider my cross-domain cookies getting lost a feature. I never noticed the bug -- and I have been using KDE since before it was introduced.

There are legitimate uses for cookies, for sure, but the vast majority of them seem to serve no other purpose than tracking me. Which is occasionally fine in the case of wikipedia or slashdot keeping me logged in, but in the vast majority of cases _not_ OK.

Re:Can't decide if it's embarrassing or impressive (0)

Anonymous Coward | about 2 years ago | (#42643525)

How the fuck can a text file track you or do anything at all?

Re:Can't decide if it's embarrassing or impressive (0)

Anonymous Coward | about 2 years ago | (#42645049)

I don't know, assigning a specific ID to you, something cookies are known to do?

Re:Can't decide if it's embarrassing or impressive (3, Insightful)

Enderandrew (866215) | about 2 years ago | (#42641011)

Reboots aren't as necessary in Linux.

And I'm assuming that this only affects KDE cookies, so you'd only see this if you used Konqueror as your browser. I imagine most KDE users are using Firefox, Chome or another browser like that.

Re:Can't decide if it's embarrassing or impressive (1)

lbbros (900904) | about 2 years ago | (#42641047)

The issue only occurred if the KDE daemon (kded) was restarted. With normal usage, this never happens (only if you are testing things, or a crash).

What abot the many eyeballs? (4, Interesting)

williamyf (227051) | about 2 years ago | (#42640849)

After RTFA (I know, broke the rules), it appears it wasn't a documented or tracked bug. It was noticed and fixed more than a decade after it was created. Pretty much non-news. If no one ever noticed or cared that their cookies were getting lost on a kde restart then how can you expect it to get fixed? If no one calls it a bug, is it actually a bug?

"With enough eyeballs all bugs are shallow" Right?
Well, the theory of the many eyes say that someone somewhere should have noticed/reported/tracked this bug sooner rather than later.
this comes to prove that many eyes are NOT enough. First you need more than merely many eyes, you need many QUALIFIED eyes.
Second, you need to complement your (many) eyes with systematic test cases to so some QA, trying ad a modicum of rigor, instead of, you know, letting the QA become an ad-hoc subjective process...

Re:What abot the many eyeballs? (0)

Anonymous Coward | about 2 years ago | (#42644069)

So why are you complaining instead of being one of the pairs of eyeballs? Where were you? The source code is open you know! I don't use KDE!

Re:What abot the many eyeballs? (0)

Anonymous Coward | about 2 years ago | (#42645191)

I cannot really fathom what you are complaining about, was not this bug found and also patched? Why does his eyes not count for you?

Imagine that this had been a closed source product, then he had perhaps triggered the bug, but he had had no possibility to debug it and also no means of providing the patch what so ever.

Re:What abot the many eyeballs? (1)

Sigg3.net (886486) | about 2 years ago | (#42645539)

Well, relevance will probably have something to do with how many eyes etc.

Security and stability bugs have many eyes looking.

Re:Can't decide if it's embarrassing or impressive (0)

Anonymous Coward | about 2 years ago | (#42640983)

It was noticed and fixed more than a decade after it was created. Pretty much non-news. If no one ever noticed or cared that their cookies were getting lost on a kde restart then how can you expect it to get fixed? If no one calls it a bug, is it actually a bug?

it was a few months ago microsoft got dragged through the mud here for a decade old bug

Re:Can't decide if it's embarrassing or impressive (0)

Anonymous Coward | about 2 years ago | (#42644053)

When writing your own protocol to talk over serial you'd assume they'd do a little more testing than a sniff test ("oh.. looks like it's working. Good enough for production! Let's ship it!"). I spent most of my time fixing bugs and most were that old but that's the only one I can remember that you would think would have been noticed earlier.

You *must* be new here! I worked for a 911 call centre that had serial (SCADA) connections to fire halls (when units are selected, it sends serial commands via leased serial lines to remote terminal units at fire/ambulance stations to activate P.A., station lights, alerts, open main bay doors and send a printed incident report located near fire truck/ambulance drivers door (A rip-and-run report). The vendor that created the software noted several problems with the scada communications protocol that could cause problems. ...If only we were running Linux all the problems they had with windows would go away. I was in favor, but I was the only one.

Re:Can't decide if it's embarrassing or impressive (1)

Anonymous Coward | about 2 years ago | (#42640559)

Can't decide if it's embarrassing or impressive

There's a Slashdot rule about that: if we're talking about open-source, it's impressive, if not, it's embarrassing.

Re:Can't decide if it's embarrassing or impressive (1)

phantomfive (622387) | about 2 years ago | (#42640561)

Pretty near all large software has bugs in it. It's not surprising that a large codebase a decade old will have bugs a decade old. This particular bug doesn't seem to be in a code path that is executed very often, and that is where bugs hide. That's why you should make your infrequently executed code as simple as possible.

Re:Can't decide if it's embarrassing or impressive (1)

suy (1908306) | about 2 years ago | (#42640833)

Can't decide if it's embarrassing or impressive. Maybe a little of both.

Or none of the above. ;-)

Reading the reply from adawit [kde.org] , seems more like in some rare situations that involve restarting the "cookiejar" (the service that stores the cookies), there is possibly undefined behaviour (depending on what the compiler does).

I think is an interesting bug fix, and maybe even a nice blog post from the developer, but I don't think is worth the Slashdot frontpage, even less with that headline.

Re:Can't decide if it's embarrassing or impressive (1, Troll)

hairyfeet (841228) | about 2 years ago | (#42641111)

No matter whether you are embarrassed or impressed its just more proof that "many eyes" myth is just that, a total myth.

I'll get hate for saying it but fuck it frankly it has amazed me that myth has hung on as long as it did because it makes some pretty glaring assumptions that even a moment's thought would show just don't work and while I often don't agree with their conclusions on some issues one thing FOSS advocates usually do is follow logic to its conclusion.

The "many eyes" myth makes some pretty easy to punch through assumptions, 1.- That because something CAN happen means it HAS happened. This would be like claiming that somebody has climbed K2 wearing bunny slippers because theoretically somebody could climb K2 wearing bunny slippers. Just because something is POSSIBLE does NOT make it probable or even likely 2.- That all the projects out there, no matter how small or hidden from sight, will get the same attention. I bet every FOSS advocate on the planet has used LO/OO.o multiple times...show of hands, how many of you have actually LOOKED at the freely available source code? How many of you have submitted changes to that code? And that is one of the most popular FOSS programs on the planet, what are the odds that little subsystem hidden away in the middle of most distros has been read and edited by ANYBODY other than the guys maintaining it?

The ONLY real advantages source code brings has nothing to do with bugs, it has to do with that fact that 1.- if you have the skills and free time or 2.- Have the money to hire somebody else's free time and skills you can take a product that is EOL or doesn't run on the platform you want and make it do as you will. LO doesn't run on MIPS? You can port it or pay somebody to port it. For some reason you need Gnome 1 to run on the latest kernel? You can hire a dev team and make it so. But that doesn't magically do a damned thing about bugs, as this along with the KDELook malware or the fact that even kernel.org ended up hacked proves. Having code has its advantages but making bugs disappear? NOT one of them.

Oh and I'm sorry but the "Linus rant" was a Christian Bale douchebag rant that was completely uncalled for. The guy was working on an extremely complex subsystem with some pretty serious issues, he asks a simple question about why a value returned HAS to be X while pointing out that in the subsystem he is working on dozens of drivers do NOT return X so the application in question is gonna fucking crash anyway, and instead of taking the exact same amount of time to say "It has to be thus because" he goes superdouche. I'm sorry but I don't care if you are Bob the mailman or the fucking pope, nobody gets a license to be a douchebag and that rant was total douchebag. It was quite obvious the little prick just expects a "yes master" to anything he says, no questions asked, and when this guy dares to ask what is frankly a damned good question he gets shit on? Nope, sorry, Linus is a douchebag and deserved to be called on it.

Re:Can't decide if it's embarrassing or impressive (1)

vurian (645456) | about 2 years ago | (#42641379)

Ah, right. So the fact that this bug was caught means that the idea that opening the source for lots of people to check out means bugs get caught is false? In other words, the fact that this bug was caught means the idea that bugs get caught is wrong?

Re:Can't decide if it's embarrassing or impressive (1)

hairyfeet (841228) | about 2 years ago | (#42643619)

The FOSSies can waste mod points all the want, doesn't change the fact that its a myth and easily shown to be false. did you forget the bug that was in Debian SIX YEARS before anybody caught it? Or the blatant malware in Q3 Arena that was downloaded countless times and sat in the repos of ALL the major distros for a year and a fricking half before anybody noticed they were all being pwned?

Again you and those that advocate this myth are falling for the assumption because something CAN occur that it HAS occurred. want proof that don't happen? How many fucking Man pages in Linux are placeholders? that is a job that frankly ANYBODY can do, don't need coding experience to write a Man page, yet for most of those that have placeholders it just won't get done.

For the "many eyes" myth to hold true you would have to accept several assumptions that real life simply don't bear out, 1.- That people will download and inspect the code. Again answer my question, have YOU inspected the LO code? Even once? That is one of the most popular programs in FOSS land but I bet out of ALL the geeks on /. the number that have actually downloaded and inspected that code could be counted on one hand. Now if that is the case with one of the most popular apps ON THE PLANET how many do you think have looked at the little pissling ass subsystems and little programs that nobody even think about but which are including in every distro, things like say the clock or the calendar or the theme program? I bet my last dollar if they keep logs you'd find almost NOBODY has downloaded the actual source and there hasn't been jack shit as far as submissions by anybody but the guys that actually maintain the thing.

2.- That people that actually have the skills and experience to do meaningful code reviews are actually gonna spend their free time doing code reviews on this stuff. Do you have ANY idea how many years of coding experience it takes to be able to look at a VERY complex program like LO or Gimp or any of the other dozens of programs included in most distros and to be able to spot errors or problems? Have you ever looked at the winners of the obfuscated C contest? In that contest you KNOW there is malware in the code but frankly unless you have a high enough level of coding skill to instruct classes in C I seriously doubt you would spot it. The guys that actually do have that level of skill are frankly in high demand and free time? Not something they have a lot of so I seriously doubt that they are gonna want to sit around doing code reviews.

3.- That there are enough people out there WITH the skills to spot bugs AND the willingness to do it to keep up with the avalanche of new programs being added to the repos weekly. Hell if we even limit it to JUST the programs that are included in most distros when you figure in all the little sub-programs if it numbers less than 10,000 I'd frankly be amazed. Again go download the code to some of the popular programs like Gimp or LO or even the smaller ones like Abiword or Gnumeric and see just how many fucking pages of code we are talking about here, no way in hell you are gonna get enough highly skilled volunteers to go through that many densely coded programs even once a decade and again I bet for the vital but lesser known programs they probably haven't had a single person not on the dev team that has actually done a meaningful code review of the source code.

So I'm sorry but "many eyes" just doesn't hold up to even the most cursory of logic and you can waste all the modpoints you want but black isn't white, straw isn't gold, and many eyes is bullshit. THAT DOES NOT MEAN that not having the code is somehow "better" or that having the code doesn't give you some pretty powerful advantages, as I said if you want say Abiword to run on MIPS you can port it or pay to have it ported, if you need a program that has been EOLed like gnome 2 you can get like minded people together and keep it going, both of which are pretty powerful advantages. It simply means that "many eyes" is not one of those advantages, its a total fallacy that may have been true back in the early 90s when IIRC it was uttered, when your average repo could fit on a single CD and you could put an entire distro on a floppy. that hasn't been the case for quite some time but the myth persists and as I always say bullshit is bullshit and I WILL point out bullshit when I hear it, dogma be damned.

Re:Can't decide if it's embarrassing or impressive (0)

Anonymous Coward | about 2 years ago | (#42644311)

Hairy, you're so fucking stupid. Many eyes did work in this case. The bug was caught a very long time ago. It's just that no one felt it it was worth the time to fix. Why would that be? Because it's a fucking minor thing that most people won't experience or care about.

Many eyes caught the fucking bug long long ago. Many eyes didn't take 10 years, you dumb twit.

Re:Can't decide if it's embarrassing or impressive (1)

F.Ultra (1673484) | about 2 years ago | (#42645239)

Actually in reality many people carry out all your points. For example where I work we routinely perform source code scrrening of all the software that we use for mission critical stuff. And I do not believe that we are alone in doing that.

Further the very fact that the FOSS projects have their sources available means that all companies that develop source code validations services (like Coverty) screens lots of FOSS sources for free during their development of their products since that is the only massive amount of code that they have access to.

Add to that that the very bug you are replying to (the KDE bug) was found and also patched, it doesn't matter how long it took from when the bug was introduced and when it was discovered, it was still found and patched due to it beeing open sourced.

Re:Can't decide if it's embarrassing or impressive (1)

Samantha Wright (1324923) | about 2 years ago | (#42641385)

'Many eyes' is a statistically valid principle, just over-trusted. You're right that it's not a guarantee that bugs will be found, understood, and fixed more quickly as staff are added, but as long as developers (and testers) aren't slacking off due to herd mentality effects, the rate of finding bugs cannot be any worse than it is with fewer people. It's a submodular function.

...also, if you have an infinite number of programmers reviewing the code at the same time, however, it is certain that all bugs will be diagnosed and fixed. Possibly instantaneously. So that's a theoretically nice result.

Re:Can't decide if it's embarrassing or impressive (0)

Anonymous Coward | about 2 years ago | (#42644327)

You're right that it's not a guarantee that bugs will be found,

It was found. It just wasn't fixed. Eyes worked fine. Fingers failed. Not that the bug is that kind of OMG the sky is coming down kind of thing.

Re:Can't decide if it's embarrassing or impressive (0)

Anonymous Coward | about 2 years ago | (#42642679)

FYI, Hairyfeet is a known liar and Winshill.

Re:Can't decide if it's embarrassing or impressive (1)

Anonymous Coward | about 2 years ago | (#42643081)

But he's not wrong.

Re:Can't decide if it's embarrassing or impressive (0)

Anonymous Coward | about 2 years ago | (#42644543)

Yes he is.

Re:Can't decide if it's embarrassing or impressive (0)

Anonymous Coward | about 2 years ago | (#42643731)

I see you still enjoy the minty flavor of Ballmer's jizz.

Bug was found, bug was fixed. Ignorant rant invalid.

Not sure why you are still hot and bothered over Linus slamming that douche nozzle for being inept and trying to pass the buck.

Re:Can't decide if it's embarrassing or impressive (1)

TubeSteak (669689) | about 2 years ago | (#42641815)

"turns out that mCrossDomain was of value 127": For some reason reminds me of the time Linus blew up at Mauro a little while ago also for returning a value that makes no sense (made worse by dancing around the issue).

So what should the value have been?

Re:Can't decide if it's embarrassing or impressive (1)

buchner.johannes (1139593) | about 2 years ago | (#42642211)

false. But I don't understand how it ever became 127, because it is of type boolean.

Who Cares? (2)

terbeaux (2579575) | about 2 years ago | (#42640305)

There are bugs much older than this in the wild. Publishing this arcane factoid will just make the KDE devs feel inadequate when our bro Thiago Macieira could have earned a PhD in CS and submitted a patch herself. Can you mod an entire story -1 TROLL?

Re:Who Cares? (1)

Anonymous Coward | about 2 years ago | (#42640371)

yeah because users should have to get a phd in cs and fix the bugs themselves! open source fukken r00lz dude!!!1

open source means never having to take responsibility for releasing a shitty product...

Re:Who Cares? (2)

Tailhook (98486) | about 2 years ago | (#42640491)

open source means never having to take responsibility for releasing a shitty product

I guess I have to agree with you. At least this place seems to be inhabited with people that believe open source is an excuse to neglect work. I pointed out [slashdot.org] a 12 year old bug fixed in the latest Mozilla release and get modded Offtopic. Mozilla developers aren't working for kudos... but damn you if you offer the slightest criticism.

Re:Who Cares? (-1)

Runaway1956 (1322357) | about 2 years ago | (#42640633)

Maybe I see things in a different way than you.

With Open Source, if a bug is a real problem, then you can fix it. If you're unwilling to take the time to fix it, then it must not be really important to you. It's not like you PAID FOR the software.

With closed source, if a bug is a real problem, then you're forced to beg the vendor to fix it. If he doesn't, or if he can't, then you're just screwed out of your money.

Obviously, tens of thousands of KDE users have used the KDE desktop for a decade, and found that tiny little irritant to be unimportant. Maybe some of those users found it irritating enough to switch to another desktop environment. No big deal, I'd say.

Re:Who Cares? (0)

Anonymous Coward | about 2 years ago | (#42640855)

With Open Source, if a bug is a real problem, then you can fix it.

IF and only IF you know how.

 

If you're unwilling to take the time to fix it, then it must not be really important to you.

OR I don't have the time to learn C, study the code and fix it. Hey at least I (hypothetically) reported it. I didn't report anything, just saying hypothetically speaking.

 

It's not like you PAID FOR the software.

Yeah but I'm paying with my time to try and help by reporting a bug. Your attitude is highly arrogant and patronising. This is one of the problems with FOSS...it's not a license to be an asshole. If you don't want to give your work away for free, then don't do it. If you do, be prepared and open to constructive feedback and pointless criticism, it's part of belonging to the human race and 2 wrongs don't make a right.

Re:Who Cares? (1)

Runaway1956 (1322357) | about 2 years ago | (#42643621)

Arrogant and patronising?

Many of us would agree that it is YOU who is arrogant. You seem to assume that the software should function just as you demand that it should, and that when it does not, someone else is at fault. We can make an argument that you are part of the Great American Instant Gratification generation.

So, you can't program. Or, maybe you can program, but don't have the time or the skill to fix the problem that really bothers you. You have heard of the bounty system?

Here's a blurb on one bounty system: http://www.insanitybit.com/2012/08/14/chrome-beefs-up-its-rewards-program-bigger-bounty/ [insanitybit.com]

Re:Who Cares? (1)

F.Ultra (1673484) | about 2 years ago | (#42645281)

Regardsless of your knowledge, you still have the possibility to fix it (the can bit). The difference is that with closed software you cannot even if you would know how.

Re:Who Cares? (1, Insightful)

rudy_wayne (414635) | about 2 years ago | (#42641257)

With Open Source, if a bug is a real problem, then you can fix it.

Wrong. This is the big lie of Open Source.

  • I can submit a bug, but I can't force them to fix it. I have submitted many bugs to various open source projects over the years and none of them have ever been fixed.
    I can write a patch but I can't force them to accept it. Which makes sense -- you can't have random people messing with your code.
    I can only write a patch if I am proficient in whatever language they are using AND I am intimately familiar with the code base so that I know where to look.

Unless you are an expert programmer, with commit access to the codebase, open source is meaningless.

Re:Who Cares? (2, Insightful)

Teun (17872) | about 2 years ago | (#42641755)

And yet you can fix your system.
Commits are another story.

Re:Who Cares? (0)

Anonymous Coward | about 2 years ago | (#42642681)

That's incorrect, because once you make the patch, you can use it. It doesn't have to be accepted back to the main system for you to continue using it for as long as you might like.

Fact of the matter is, if a bug is a real problem, you -can- fix it. If you don't have the ability to fix it, then you can either find (maybe for pay) someone to fix it, or you can learn the ability to fix it.

Not that I'd defend many of the other claims people make against open source -- I've been doing this for nearly my entire life, and there's a LOT of people with zero social skills, zero UI design skills, zero aesthetic skills, zero software testing skills, and many times all of that combined into one, in the "open source community".

Re:Who Cares? (1)

NotBorg (829820) | about 2 years ago | (#42644525)

Unless you are an expert programmer, with commit access to the codebase, open source is meaningless.

Thanks. I keep trying to tell everyone that open source software is written by experts. It's nice to finally get some affirmation.

Re:Who Cares? (0)

Anonymous Coward | about 2 years ago | (#42643871)

I am a big open source fan but your attitude needs to die in a fire. It is more damaging and toxic then the ignorance hairfeet spews on behalf of his master.

I have my own work and my own projects.

I don't have the time to find, report or fix bugs in the linux kernel, KDE, Ruby, Python, Java, Netbeans, PostgreSQL, sqlite, ruby on rails and about 50 gems for ruby and/or rails, Apache commons, JRuby, firefox, Amarok, etc, etc, etc.

Of the above truncated list only amarok is not actually relevant to my work. At some point I should be working on my projects, that hopefully add something valuable, instead of spending all my time fixing everyone elses projects. If one of them breaks and I found the bug I report it, revert to the preciously working app/lib and wait for the maintainers to fix it. If they don't fix it, I won't use any future versions.

It was the authors decision to write that code and release it under a open source license. I have no responsibility to report or fix anything. That was not part of the licensing deal. I also have every right to complain about something that sucks about it.

I never put code out as OSS or even closed source, unless I am willing to take responsibility for it. I hold other programmers to the same standard whether or not I paid for it.

There have been bugs in KDE and KDE apps that were very important to me, I didn't fix them because I don't have the time to fix other people's screw ups. It is their responsibility. I just reverted to an earlier KDE version that worked. I didn't move to Gnome because Gnome sucks ass, every version, and Enlightenment is an underpowered eyesore. I owe KDE exactly jack and shit and will bitch every time something pisses me off, which is not very often.

For a non-trivial project it takes a non-trivial amount of time to learn enough to be able to work on it. No one has the time to contribute to every project that they use, and your tired, shitty little rant implies that you think we do. Fuck you.

Open source is a powerful thing, but what you are doing is committing the #1 fallacy of open source.

Re:Who Cares? (1)

DRJlaw (946416) | about 2 years ago | (#42640441)

Publishing this arcane factoid will just make the KDE devs feel inadequate when our bro Thiago Macieira could have earned a PhD in CS and submitted a patch herself. Can you mod an entire story -1 TROLL?

Embarrassing != Troll.

There are bugs much older than this in the wild.

And those projects, whether run as open source or owned by Microsoft or owned by some other closed source shop, should be embarrassed as well. If the bugs are that longstanding, public shaming is probably the only motivation left to drive them to be fixed.

Re:Who Cares? (1)

amiga3D (567632) | about 2 years ago | (#42640509)

Really? I mean I guess I'm glad it's fixed but of all the problems this has to be among the most minor. Amnesia over web cookies is right up there with "there is a speck of dust on my shoe lace." Hell it could even be considered a feature.

Re:Who Cares? - People that use KDE maybe ? (0)

Anonymous Coward | about 2 years ago | (#42640539)

There are bugs much older than this in the wild. Publishing this arcane factoid will just make the KDE devs feel inadequate when our bro Thiago Macieira could have earned a PhD in CS and submitted a patch herself. Can you mod an entire story -1 TROLL?

Who cares?

What a arrogant comment. I care and thousands of other KDE users care.

Re:Who Cares? - People that use KDE maybe ? (1)

Runaway1956 (1322357) | about 2 years ago | (#42640653)

Did you file a bug report? No? Then you didn't care very damned much.

Re:Who Cares? - People that use KDE maybe ? (0)

Anonymous Coward | about 2 years ago | (#42642047)

I always laugh at this excuse. I would say 90% of nix users do not file bug reports because of how lousy the bug report system is to non-developers in a lot opensource applications. Then if those people do post a bug report and due to their inexperience, they get shunned out of existence. I've seen it happen all the time. I once told a guy to send a bug report, he never did, and I asked him why and he said it was just too much crap to do. I've even seen patches get shunned. Just take a look at Asterisk and the bluetooth module. Thing has been broken for years and there's a patch on the bug report that's been sitting there for years and works great, but never implemented to mainline, thus it has been broken every damn release because no one wants to implement it (Yes, the patch works, I have to recompile every release).
 
There's a lot of unreported bugs for a lot of applications due to this and the excuse of "I'm not going to fix it because it wasn't reported on our lousy bug report system, but posted on a forum", is no excuse at all. We're led to believe opensource is safer, when in reality it's turning into a bureaucratic mess of ego maniacs (Gnome) and proper submission form (KDE), that's opening holes in a lot of the applications we enjoy.

I personally like Mozilla's new way of bug reports, where you can send it directly from the browser with the submit feedback and they made it as simplest as possible. They have the right idea, most of the opensource community does not.

Re:Who Cares? - People that use KDE maybe ? (0)

Anonymous Coward | about 2 years ago | (#42642549)

Thank you for the backup. For the most part I think you hit the nail right on the head.

I've submitted bugs for dozens of different distros and even been involved in development of some.
I'm not a developer. I've submitted bugs and patches (all complete & without error). But because i'm not a developer or in their "click" *GASP!* my bugs are suddenly unworthy of the ego maniacs that run the upstream and mainline branches.

Re:Who Cares? - People that use KDE maybe ? (0)

Anonymous Coward | about 2 years ago | (#42645393)

Please give examples of 3 bugs you've submitted.

Re:Who Cares? - People that use KDE maybe ? (0)

Anonymous Coward | about 2 years ago | (#42642485)

Did you file a bug report? No? Then you didn't care very damned much.

I didn't even know the bug existed until i saw this article.
And yes I damned very much do still care.

Runaway1956 I take it you are a linux developer or a linux app developer ? Your lame response speaks for itself.

common (0)

Anonymous Coward | about 2 years ago | (#42640365)

I guess it is pretty common... I mean, even recent software has years old lame bugs these days, even big projects like Chrome has issues like:
https://code.google.com/p/chromium/issues/detail?id=255

(and that is a bug you can hit every single day of normal web browsing...)

Answering the obvious (1)

Anonymous Coward | about 2 years ago | (#42640433)

How long does a bug take to get resolved? A week? A month? A year?

You said "decade old" in the title, dumbass!

KDE (4, Informative)

jones_supa (887896) | about 2 years ago | (#42640469)

Heh, gratz for fixing that one. KDE is the best UNIX DE. Reasonably fast, relatively robust, smooth to use, and very configurable. Lots of nice apps and widgets to play with, too.

Re:KDE (0)

Anonymous Coward | about 2 years ago | (#42643401)

Actully OS X is the best UNIX DE but I suppose KDE is decent...

Re:KDE (1)

toddestan (632714) | about 2 years ago | (#42643975)

KDE is better because it has much better hardware support.

Restarting KDE (1)

Anonymous Coward | about 2 years ago | (#42640473)

Restarting KDE every ten years sounds about right.

now they can start working with bugs from 2003 (0)

Anonymous Coward | about 2 years ago | (#42640479)

...

Many eyes make all bugs... (0)

Anonymous Coward | about 2 years ago | (#42640483)

...LOL I couldn't finish that lame old quote with a straight face.

Decade old GNOME bug not fixed (1)

Anonymous Coward | about 2 years ago | (#42640497)

https://bugzilla.gnome.org/show_bug.cgi?id=121113

Functionality wasn't affected (4, Informative)

lbbros (900904) | about 2 years ago | (#42640519)

If you read another developer's response to this commit [kde.org] you will see that the actual feature (reject cross domain cookies) was not affected by this blunder: instead the issue was completely different and only occurred when the KDE daemon was restarted.

That's nothing ... (0)

Anonymous Coward | about 2 years ago | (#42640543)

Microsoft has an entire bug-based OS 27 years old and counting.

No one wants to fix unglamorous bugs (3, Insightful)

hessian (467078) | about 2 years ago | (#42640555)

People work on problems that are (a) fun to solve and (b) will bring them acclaim.

Tiny, ugly, boring bugs don't do that and so in many software projects they get overlooked the longest.

Developer at fault still at large (0)

Anonymous Coward | about 2 years ago | (#42640563)

The identity of the developer responsible for the bug still remains unknown. A 10,000 bit coin reward has been posted for information leading the discorvery of his name and/or whereabouts. And in other news, Linus Torvalds has just announced.......

Déjà vu... (3, Informative)

Kelerei (2619511) | about 2 years ago | (#42640707)

...Slashdot reported on a 25 year old BSD bug being resolved [slashdot.org] back in May 2008.

And these are just the ones we know about -- there may be yet older bugs (particularly in proprietary, closed-source systems, where the source cannot be reviewed by the general community).

Re:Déjà vu... (0)

Anonymous Coward | about 2 years ago | (#42640887)

>And these are just the ones we know about -- there may be yet older bugs (particularly in proprietary, closed-source systems, where the source cannot be reviewed by the general community).

Defensive much? LOL

Re:Déjà vu... (0)

Anonymous Coward | about 2 years ago | (#42644399)

They should have fixed it the first time it was solved.

Pssst. Mozilla... (1)

Anonymous Coward | about 2 years ago | (#42640727)

Don't start asking about the number of decade-plus bugs that exist in Thunderbird. More than I could count on my entire family, or probably even entire workplace teams fingers and toes.

Are any of you programmers? (0)

Anonymous Coward | about 2 years ago | (#42640731)

I have never seen a code base that does not have bugs as old (or older) than the date the bug tracker was put in place.

This is totally normal.

Users weren't affected until recently (3, Insightful)

Bananenrepublik (49759) | about 2 years ago | (#42640735)

Sorry to spoil the fun, but the developer who found the bug fixed it "after a few months" according to the check-in comment. The code may have been buggy for a decade, but that doesn't mean that anybody was affected during that time. Once someone was affected (the developer), it was fixed in a much shorter timescale than this article makes you believe.

Still hope for 16 year old IE bug (2)

raymorris (2726007) | about 2 years ago | (#42640881)

Perhaps that means there is still hope that the IE Accept bug, documented sixteen years ago, will eventually get fixed. Microsoft did release a partial workaround after fourteen years.

Re:Still hope for 16 year old IE bug (0)

Anonymous Coward | about 2 years ago | (#42641459)

Perhaps that means there is still hope that the IE Accept bug, documented sixteen years ago, will eventually get fixed. Microsoft did release a partial workaround after fourteen years.

Are you referring to the fact that many companies still Accept IE as a viable browser? Because that's certainly buggy behavior, and it's been around a long while.

KDE is known for bugs ... (0)

Anonymous Coward | about 2 years ago | (#42641023)

KDE is known for bugs unfixed for years - another one https://bugs.kde.org/show_bug.cgi?id=224447 . 58 users hitting this one (which is a log for a bug reporting system) for 3 years already.

Re:KDE is known for bugs ... (1)

blackpaw (240313) | about 2 years ago | (#42641269)

Because its very hard to reproduce, non of the reporters could come up with a reliable way of doing other than "On my system". I myself used to see that bug until kde 4.8. Have never seen it since.

Firefox does this all the time (2)

rudy_wayne (414635) | about 2 years ago | (#42641167)

Just this month, they have fixed bugs that were originally reported in 2000 and 2001.

Re:Firefox does this all the time (0)

Anonymous Coward | about 2 years ago | (#42641827)

Took them almost 10 years to fix the javascript bug that would cause your computer to lockup and crash with an over scaled image. Surprised it wasn't exploited more often.

browser cookies being forgotten (1)

scourfish (573542) | about 2 years ago | (#42641215)

This is not a bug to me

Open source? (1)

antdude (79039) | about 2 years ago | (#42641361)

How come no took over these very old issues to fix? Did no one care for them? :( I would fix them if I could code.

Re:Open source? (1)

Tough Love (215404) | about 2 years ago | (#42642059)

How come no took over these very old issues to fix? Did no one care for them? :( I would fix them if I could code.

If it was proprietary software it would have been EOLed by now. Open source... just keeps getting better. You can't unopen it.

Re:Open source? (2)

antdude (79039) | about 2 years ago | (#42642273)

I know, but it is frustrating that no one would fix these bad bugs. :(

That long to fix? (1, Funny)

fahrbot-bot (874524) | about 2 years ago | (#42641373)

I didn't know the Oracle Java development team also worked on KDE.

Certainly not the worst example (1)

Mehmet Kse (803792) | about 2 years ago | (#42642035)

Take a look at this one: http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/128587 [freebsd.org]

One byte, two years.

By the way, how can one say FreeBSD a state-of-the-art system, they used *this* installer for twenty years.
- Hey, we've got a new mirror, let's recompile!

5 more years (2)

pmontra (738736) | about 2 years ago | (#42642193)

This makes me hope that 2017 will be the ETA for the fix of this one [mozilla.org] :-)

Obligatory disclaimer: no, I can't learn a new (for me) language and a new toolchain to fix it. I'll live with the bug as I did for three years.

Not newsworthy (1)

Frankie70 (803801) | about 2 years ago | (#42642281)

Anyone who has worked on large projects knows that a lot of bugs keep getting punted year after year because they aren't serious, affect very few users etc.

blah blah (0)

Anonymous Coward | about 2 years ago | (#42642567)

While researching a problem that I was having with GTK back about 4 years ago, I discovered that I was ramming headfirst into a 20 year old focus related problem, that will likely never be fixed, and therefore will always render Gnome a useless pile of crap (in addition to the horrific user interface that they've grafted onto it over the last 8 years or so).

There was a nearly 40 year old bug fixed in one of the base Unix tools, about a year or two ago.

Microsoft 'aux' folder (0)

Anonymous Coward | about 2 years ago | (#42642765)

In Microsoft's XP operating system, you can't name a folder (or subdirectory, in standard terminology) 'aux'.

Not to mention that every Windows system since 3.0 has the bug where the name on a CD is assigned to be the CD drive name and remains assigned even after the CD disk is exchanged with another.

These bugs probably won't get fixed until the original Voyager space probe circles the galaxy and returns to earth.

Re:Microsoft 'aux' folder (0)

Anonymous Coward | about 2 years ago | (#42643963)

In Microsoft's XP operating system, you can't name a folder (or subdirectory, in standard terminology) 'aux'.

That is odd, but apparently true.

It's like those strange old laws on the books where a man can't wear jeans in a public park, or something. There was obviously a reason for it at one time. Then by the time that reason was no longer applicable, everyone had forgotten the law existed, so it was never changed.

Yeah, but how long (1)

TheABomb (180342) | about 2 years ago | (#42643047)

has the "ksirtet is no longer in kdegames bug" been ongoing?

That's because (0)

Anonymous Coward | about 2 years ago | (#42643923)

Everything Linux SUCKS

I can beat that... (1)

seebs (15766) | about 2 years ago | (#42645217)

I reported a bug, which was accepted, in NeXTStep 0.8 or so. Last I checked, it's still in OS X. (LoginWindow won't let you enter control characters as part of a password.)

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?