×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

The American App Economy Is Now "Bigger Than Hollywood"

spitzak Apps bigger than Hollywood (109 comments)

And they use more burp and fart sound effects than all of Hollywood!

1 hour ago
top

Serious Network Function Vulnerability Found In Glibc

spitzak Re:Not all code is vulnerable - getaddrinfo() is f (205 comments)

As pointed out in the article, the program must use gethostbyname() on a name supplied by the attacker.

A much more mitigating factor is that the bug is only exercised if the name looks like a numerical id, and according to their search most software first checks this using inet_aton() and only calls gethostbyname() if this fails, thus avoiding the bug.

yesterday
top

Serious Network Function Vulnerability Found In Glibc

spitzak Re:Accidental bugs? (205 comments)

I have yet to have one such buffer overflow bug in my code

Yea, right. You know the authors of this function probably thought that too. They had no counter examples until now, just like you and your code.

yesterday
top

Serious Network Function Vulnerability Found In Glibc

spitzak Re:Why not strncpy or strlcpy (205 comments)

strncpy will not overflow the buffer provided you pass the size of the buffer (if you don't pass the size of the buffer, *none* of the safer functions are going to help). It's problem is that it will not write a nul at the end of the buffer, thus reading will read right off the end. It also wastes a huge amount of time filling the unused part of the buffer with nul.

strlcpy is far, far better and does pretty much what is wanted.

However in this case they really did try to figure out if the buffer would overflow, so neither strlcpy or strncpy should be needed. They did the calculation wrong, claiming it needed 4-8 bytes less than it really did.

yesterday
top

United and Orbitz Sue 22-Year-Old Programmer For Compiling Public Info

spitzak Re:Cheaper (349 comments)

My theory is that a competitor airline is needed.

AB airlines flys A->B, and also A->B->C. Without any other reason, an A->B->C ticket would cost more or equal to the A->B ticket.

But AC airlines flies A->C, and is charging a smaller price than AB airlines.

AB airlines decides to complete by lowering the price for A->B->C so that it is less or equal to AC airlines A->C price. But they are not competing on A->B so they keep the price higher for A->B.

about a month ago
top

Critical Git Security Vulnerability Announced

spitzak Re:Unrelated to Github (148 comments)

No, stop being an idiot.

"regular users" click on files in a list or 2-d grid. They would not even notice if the filesystem allowed more than one file with the same name, and the certainly do not give a damn about case insensitivity. Even if they type at a terminal they use filename-completion and do not care either.

It is also clear that it has nothing to do with user-friendliness or they would map more common errors, such as multiple spaces to single ones, removing leading and trailing whitespace, or mapping equivalent unicode to the same files. They don't do this because they realize that such complex details of the encoding do not belong in the file system api.

Case-insensitivity is a throwback to ancient ASCII-only systems. If you live in the stone age you may think it is a good idea. If you have been exposed to it all your life you may think it is a good idea. But if you were actually intelligent you would know it is wrong.

about a month ago
top

Critical Git Security Vulnerability Announced

spitzak Re:Unrelated to Github (148 comments)

All modern systems are capable of storing different strings for filenames in different cases. So no, Linux has it right and Windows has it wrong. Sorry to burst your bubble, but you are simply Wrong, with a capital W.

about a month ago
top

Critical Git Security Vulnerability Announced

spitzak Re:I blame Microsoft (148 comments)

No. Two different byte strings should identify two different files (unless one or both of them are invalid byte streams). Anything else is introducing complexity into the filesystem and potential bugs and security violations, of which this it an excellent example. Sorry, but Unix has it right, and Microsoft and lots of other systems are *WRONG*.

about a month ago
top

Top Five Theaters Won't Show "The Interview" Sony Cancels Release

spitzak Re:No winner here, except for us all (589 comments)

The new news that the government thinks they did it certainly changes my opinion, though I would be curious exactly what the evidence is. I find it hard to believe they would risk making a stupid blunder of an incorrect accusation, so the info must be pretty good, such as directly from a spy inside NK at the hacker facility.

My gut feeling is this is disgruntled Sony employees. Somebody thought it would sound cool to threaten theaters and are probably amazed at the result.

about a month ago
top

Google Proposes To Warn People About Non-SSL Web Sites

spitzak Re:Annoying to Self Hosters (396 comments)

Chrome also complains about self-signed https, so you lose. Sorry.

about a month and a half ago
top

Top Five Theaters Won't Show "The Interview" Sony Cancels Release

spitzak Re:No winner here, except for us all (589 comments)

Except NK denied being behind the hacking.

Now there is no reason to believe anything NK says, but I would think they would be very proud of their computer achievements if they had been behind it.

The reason they don't falsely claim they are behind it is because they are worried the actual hackers would be found and then it would be clear they were lying.

about a month and a half ago
top

Federal Court Nixes Weeks of Warrantless Video Surveillance

spitzak Re:What? (440 comments)

Because they wanted to arrest him for drug trafficking.

Deporting him would mean he would probably sneak back or arrange with his friends still in the USA to continue drug trafficking. If you assume that drug trafficking is something that you don't want (and under current USA laws is something the police are supposed to prevent) then this is a totally logical approach.

about a month and a half ago
top

Federal Court Nixes Weeks of Warrantless Video Surveillance

spitzak Re:What? (440 comments)

I suspect the North Korean will not have a problem getting the USA to give him a tourist visa. He *will* have some trouble getting access to ask the USA for one, and for actually getting out of North Korea to use it.

about a month and a half ago
top

Should IT Professionals Be Exempt From Overtime Regulations?

spitzak Re:No (545 comments)

This hit the special effects industry about 20 years ago. Artists were ruled as not being exempt employees. The companines (at least the ones I knew about) reclassified them as hourly but based their new salary on dividing the old weekly one by 55 hours, not 40.

about 2 months ago
top

Should IT Professionals Be Exempt From Overtime Regulations?

spitzak Re:No (545 comments)

Do you get overtime pay?

I would not be surprised if you get that too. You may be right about us being chumps.

about 2 months ago
top

Should IT Professionals Be Exempt From Overtime Regulations?

spitzak Re:No (545 comments)

Huh? I have never encountered a programmer who was not an exempt employee.

about 2 months ago
top

How Astronomers Will Take the "Image of the Century": a Black Hole

spitzak Re:Red Dwarf question (129 comments)

The Hawking radiation is very very tiny, and I am pretty certain is impossible to see. Hawking radiation is inversely proportional to the black hole size.

about 2 months ago
top

Is Chernobyl Still Dangerous? Was 60 Minutes Pushing Propaganda?

spitzak Re:Yes (409 comments)

it appears that humans are worse drain than the radiation

Um, no DUH! That does not mean the radiation is harmless, or even that it is less harmful than the worst predictions. Human settlements are pretty lethal to the reproduction of large animals like that.

Personally I think the scare of radiation is way overblown, but when you say stupid things like this I realize that there are just as uninformed people on both sides of this issue.

about 2 months ago
top

In a Self-Driving Future, We May Not Even Want To Own Cars

spitzak Re:In a Self-Driving Future--- (454 comments)

I expect a self driving car to be many many times better at lining itself up with a trailer hitch than a human driver. For instance it probably has exact detailed knowledge of the position of the hitch down to a millimeter. Don't know what in the world makes you think this is a harder problem than normal driving.

about 2 months ago

Submissions

spitzak hasn't submitted any stories.

Journals

spitzak has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?