February 05, 2008
Homeland Security, Doing Good by Doing what it does Well - DHS has for almost a year had a program to comb common industrial Open Source software products (the Apaches and the Linuxes and the Firefoxen &c) to detect and repair security flaws. This is perfect for everyone involved -- it has a real effect on security, and highlights why openness is a superior approach to security; it signals to whomever still doubts it that open source software can be industrial strength; and it's a contribution that enthusiasm-driven open-source projects struggle with but that a government agency is superbly equipped to provide. It's also cheap, as far as I can tell ($300k/year). More of this and fewer of the airport anal probes please DHS.
This other article is weirdly dissonant, headlining the alarming tautology that "Open Source Code Contains Security Holes" and citing an average 1 flaw/1k lines of code (loc). The body of the article, however, gives the numbers
- Linux: about 1k flaws in 3.6M loc, half of them fixed.
- FreeBSD: ~600 in 1.6Mloc, apparently most fixed on the FreeBSD end.
- Apache: 20 in 0.14Mloc.
- Gnu C library: 83 bugs, all fixed, in 0.6Mloc.
- Firefox: ~650 in 2.5Mloc, half fixed.
...Which makes me wonder what kind of swiss cheese monkeyware is bringing those totals up. There's also scant mention of the fact that "zero bugs remaining" means "... according to an automated test coverage process", or any comparison to private software products.
I didn't mean "sorry this is something you already read on slashdot", I meant "this is kindof a slashdot post that I'm putting up here on AE which is not slashdot."
I actually don't read slashdot anymore -- too many, too strident.
Haterade bug report. "Logger debug message consisted entirely of "cocksucker." Took it out. Seemed minimally informative, and impolite."
151 switch_to_alt_inheritance_column 152 test_eager_load_belongs_to_something_inherited 153 switch_to_default_inheritance_column 154 - ActiveRecord::Base.logger.debug "cocksucker" 155 end
I thought there was a post when google released a "Search code snippets on line" tool, using it to (of course) find comments with the word "fuck", "kludge", "broken", etc. But I can't find it, so it goes here.
« Older Teh lulz | Texas Vehicular Pride Newer »
To post comments to a thread you must login or create a profile.
(re: title of the post)
Why is assumed that everyone who reads AE plows through the gagillion slashdot articles that come out every day? Virtually all of our posts come from some popular source rather than original thought...
posted by McD at 09:31AM CST on February 05