LibreSSL PRNG Vulnerability Patched
In this particular case, yes. There will always be non-exploitable bugs.
The problem is that when you begin to dismiss bugs as non-exploitable (whether you've fixed them or not) and their reports as "overblown," you put yourself in the unfortunate position of only needing to be wrong once. Specifically, dismissing bug reports with the notion that the bug would never be exploitable—not because the bug is "beyond the airtight hatchway," but because no one would be dumb enough to write an application in a particularly boneheaded way discounts decades of examples of people writing software in amazingly boneheaded ways.
Whether it's true or not (and, in this case, it seems true), this is not a way to inspire confidence, and an SSL implementation needs every bit as much community confidence as it does technical correctness.
LibreSSL PRNG Vulnerability Patched
Q: What do we call "contrived test programs" in the "real" word?
WY Teen Cut From Science Fair For Entering Too Many
So, just like shopping any under-development technology around (or applying for research grants) in real life, then?
French Court Levies First Fine Under 3-Strikes Piracy Law
The person penalized did, or allowed to be done, something illegal but not especially malicious or very damaging. They face a penalty which will certainly be unwelcome and which will probably encourage them to act within the law. No huge court case, no lives wrecked, no lawyers riding the gravy train. *This is how a legal system is supposed to be.*
Granted, that's a far sight better than how things are here in the US, but to say that's how things are "supposed to be" is aiming pretty low. That's still a legal system that spends taxpayer money to defend the "property" of copyright holders from nebulous threats, and punishes people for activities that have no provable harm to anyone. Wouldn't it be far more preferable to have a system that spends its time restituting actual victims instead of collecting arbitrary fines from people who aren't hurting anyone, perhaps a system that considered impact instead of looking at who's coloring outside the lines drawn by politicians?
I will furthermore submit that "The Rule of Law" will always be "The Rule of Lawyers" so long as the lawyers are the ones constructing laws prohibiting whatever behavior the well-connected consider inappropriate.
Can a Regular Person Repair a Damaged Hard Drive?
"Back in the day" (mid-90s) when that was more common, the term for it was "stiction." I don't know if it's less common these days because disk mechanisms are more reliable, the lubricants are better, or machines have much shorter average service lifetimes.
SGI field-service engineers actually had a rubber mallet specifically dedicated to coaxing stictioned drives to run for long enough to get the data off them. The Micropolis disks they shipped in their workstations back then were notorious for that (among many other problems). The company I worked for at the time had such a service call, and the technician told me that the hard part wasn't getting the disk running again, but convincing the disk that whanging the disk with a hammer was a sane thing to do!
Book Review: The Economics of Software Quality
Have you heard of the Software Engineering Radio podcast? I've been listening to it for a few years, and I really enjoy it—even if I don't share Markus' enthusiasm for model-driven software. The web site is at http://www.se-radio.net/, and even the back issues are worth listening to (processes don't get dated nearly as rapidly as tools).
Firefox 7.0 Beta Released
From the big Bugzilla thread about version numbers earlier this week:
Users cannot sit on Firefox 4.x They will be updated to the latest version when they open the About dialog (or sooner) because all* but the current Firefox release are unsupported versions in the new rapid release cycle. Those not current versions do not not get critical security updates except via the current version. Firefox users will not be spread across Firefox 4, 5, 6, etc. They will be on the latest version or they will be about to be on the latest version.
Effective expiration, lack of bugfixes, and rapidly replaced by newer versions with bugfixes? By any practical definition, there is no stable version. They're all betas from here onwards. The whole notion of a release isn't that it's bug-free, but that it's supported for a reasonably-long period of time.
Re: the debt deal reached Sunday night ...
One of the few constants in government is the "It's not <bad-thing> when we do it" trope.
Asset forfeiture? It's not stealing when we do it. Beating an unarmed man because he was videotaping police misconduct? It's not battery when we do it. Shooting a deaf whittler in the back? It's not murder when we do it.
The opposition party always does thoughtless, foolhardy, destructive, tyrannical things. However, they're not bad when we do them. "Small government" Republicans got the country further into debt in the last ten years than it'd been in fifty, and "peace prize" Democrats still wage war overseas. Thugs, the whole lot of them.
SCOTUS Rules Petiton Signatures Are Public Record
Okay, so petition signatures are public record? How about henceforth Congress is only permitted to pass legislation by roll call?
Government of the who by the huh for the what-now?
PI License May Soon Be Required for Computer Forensics
This, and 10,000 other issues, are why you never buy a house without a licensed realtor.
No, it's why you get a home inspection and title insurance, both of which are usually required by the mortgage company, anyhow.
Jonathan C. Patschke hasn't submitted any stories.
Jonathan C. Patschke has no journal entries.