Robert Thau

@rst
207 Followers
293 Following
1.4K Posts
Robert Thau2d ago

@lcamtuf This code has a lot of problems. Like the race vuln in /bin/mkdir.

In pdp-11 Unix, mkdir was a suid-root program that did a mknod to create the directory, and then a chown to change its ownership to other-than-root. But something else could rename the directory after the mknod, and replace it with a link to, e.g., /etc/passwd, which would then get chowned.

On later versions with ^Z job control, a ^Z on mkdir had good odds of catching it between the two syscalls; no code required.

Show threadRobert Thau4d ago
@gwynnion There's some deceptive language in the bill that says that a REAL ID which proves citizenship is acceptable at the polls. The trick is that most REAL IDs do not prove citizenship -- legal resident aliens are eligible, and get them all the time. The ones that do ("enhanced" REAL ID) are available in only a few border states, and most residents of those states don't have them because even there, it's an extra bother.
Show threadRobert ThauMar 16

@universalhub No, that one runs on Metro-North.

(They also have heritage units, this one in similar livery.)

Show threadRobert ThauMar 9
@wilfredh The "can't compile hello world" bug report had nothing to do with the source code -- the compiler expected include files in the particular location of the systems it was built on, and couldn't find them when built on a system that located them differently. (Read the bug report and you'll see perfectly intelligible messages saying "stddef.h not found", etc. It did compile postgres to binaries that passed the test suite, and PG does require this header. A lot.)
Show threadRobert ThauMar 6

@tante But this is how open source itself got started -- RMS implementing GNU Emacs incorporating large chunks of Gosling Emacs's code (against terms of its license), later rewriting but preserving the interfaces, and writing gcc having access to the source of lcc, and very likely pcc. (Yes, Gosling rewrote RMS's earlier work.)

"Clean room" has never been a requirement of copyright law. It's a defensive tactic going above and beyond legal requirements to fend off particularly vicious litigants.

Show threadRobert ThauMar 3
@andrewducker Expected to be 400km/h in normal service. FWIW, the French got a tech-demo train on new track up over 570 km/h in a test run, but aren't close to that in normal service. https://en.wikipedia.org/wiki/TGV_world_speed_record
TGV world speed record - Wikipedia

Show threadRobert ThauFeb 26
@pravda Worth noting that the particular AIs used in the study are current, but in at least two of three cases, the bargain-basement current offering from the providers: Gemini 3 Flash, and Claude Sonnet. (The other is "GPT-5.2", which is branding applied to three different models and they don't say which -- but if you don't explicitly ask, you usually get the cheap one.)
Show threadRobert ThauFeb 10
@scottsthoughts Lose the bar requirement, and some churches might start to look reasonable. And while most theater productions won't work in a nightclub, they might be worth considering for the ones that do. (Ages ago, Amanda Palmer of all people put on a play in the Middle East downstairs...)
Show threadRobert ThauFeb 3
@quinn @dalias FWIW, this all is at least rumored to be prep work for a SpaceX IPO.
Show threadRobert ThauFeb 3
@sierrashark @ariadne San Pellegrino Aranciata is pretty close, FWIW.