Oleg Zabluda's blog
Wednesday, April 11, 2012
 
It took Titanic 2h:40m to sink.
It took Titanic 2h:40m to sink. Question: why during this time not a single raft was made? Answer: poor leadership, and passengers who didn't watch "National Geographic" channel on cable/satellite/YouTube/G+.

Note that not having enough lifeboats is a bit of red herring, because there were 500 empty seats in them anyhow, and only 8 people were fished out of water.

http://en.wikipedia.org/wiki/Sinking_of_the_RMS_Titanic

[...] As the enormity of what was about to happen sank in, captain Smith became paralysed by indecision. He did not issue a general call for evacuation, failed to order his officers to load the lifeboats, did not adequately organise the crew, withheld crucial information from his officers and crewmen, and gave sometimes ambiguous and impractical orders. Even some of his bridge officers were unaware for some time after the collision that the ship was sinking; Fourth Officer Joseph Boxhall did not find out until 01:15, barely an hour before the ship went down, while Quartermaster George Rowe was so unaware of the emergency that after the evacuation had started, he phoned the bridge from his watch station to ask why he had just seen a lifeboat go past. Smith did not advise his officers that the ship did not have enough lifeboats to save everyone. He did not supervise the loading of the lifeboats and seemingly made no effort to find out if his orders were being followed. [...] No lifeboat or fire drills had been carried out since Titanic left Southampton. A lifeboat drill had been scheduled for the morning before the ship sank, but was cancelled for unknown reasons by Captain Smith. [...]
http://en.wikipedia.org/wiki/Sinking_of_the_RMS_Titanic

Labels:


 
My first contribution to the python community from 2003. I reported bugs and potential security holes in getpass.py
My first contribution to the python community from 2003. I reported bugs and potential security holes in getpass.py
http://mail.python.org/pipermail/python-dev/2003-December/040579.html
Guido Van Rossum, later in the thread, decided they were not worth fixing.

In 2009, the bug/security hole were actually triggered, and it was noted that I reported this bug/security hole back in 2003:
http://bugs.python.org/issue7208
http://bugs.python.org/issue7208#msg94594

The proposed fix at the time was still incomplete. sync(2) can return before fd is flushed (see sync(2)), stream.flush() can fail (I/O error, user replaced flush(), etc...) or be interrupted (^C or other signal, ditto with tcsetattr)
or the thread can be canceled. If so, later I/O from a programmer to the stream might echo the password.

I didn't check the current state of getpass.py. The stated reason for even using it instead of getpass(2) is portability, but on platforms where getpass(2) are available (like glibc), it's best to use that, because it clearly received more scrutiny, and, even more importantly, it's used throughout the system (login, ssh, sudo, etc...) and if it is broken, the game over anyway, so it reduces defense perimeter.
http://mail.python.org/pipermail/python-dev/2003-December/040579.html

Labels:



Powered by Blogger