Last night, we went out for Erin's birthday, then came back here with Erin and Amanda to watch 'Vanilla Sky'. Very strange movie. It probably would have made more sense if we had all been more awake for it. As it was, it just seemed pretty odd.
Today, we're going on a picnic with Erin and her family. Tomorrow, we're having dinner with church friends. Saturday, we're going to Tom's all-day summer party. And on Sunday, Texas is in town.
All in all, it's a pretty full weekend. All good, but pretty busy.
Last week, I installed two more security patches to my home Linux box. My favorite was that I had to install a patch to fix a buffer overflow problem in OpenSSH. For years, I've been hearing about how great open source software is because of the 'many eyes' theory — i.e., with many eyes looking at the openly available source code, bugs and security holes will be caught early, long before those evil hackers can exploit it. I'm sure glad to see how well that worked in this case. Sheez...
I got a new video card yesterday. nVidia's GeForce4 Ti4200. It is much nicer than the Quadro2 card I had before. One frustration while installing it was that the Dell case I had didn't want to accept a full-height AGP card. There was this big plastic part on the lid of the case that came down on top of the half-height card. Fortunately, the big plastic part was easily removed. Counter-Strike plays a whole lot better now.
Posted by Mike at July 4, 2002 10:46 AMOoooooh, shiny. I want one of them GF4s.
You can't get too upset about that OpenSSH hole -- it was caught and fixed before it impacted you, right? But yeah, the 'many eyes' story can be pretty bogus -- you only look at the open source code if you want to add a feature or if you can't get it to compile and need a quick hackaround, typically -- neither case being conducive to decrementing bugcount, really. But that OpenSSH bug was found and fixed, probably, as part of the OpenBSD auditing process, so it does validate the many eyes principle.
I'm currently in the process of opening my mind to the refactoring and eXP memeset, and it kind of makes me want to see a project devoted just to refactoring and improving some critical piece of open-source code that's accreted a bit too much cruft. I don't know which piece that would be, really. Maybe to start with, we should take all the memcpy/strcpy type functions in the standard library and modify them to throw an ObsoleteCodingStyleException (or raise a SIGOBSCODE signal, depending on your orientation), write some buffer-safe buffer and string management libs to replace them, and spend the next couple of years recompiling and rewriting everything that used those functions.
You'd flush a damn lot of bugs that way.
Posted by: russell on July 4, 2002 09:00 PM