Simon Willison’s Weblog

Subscribe

Wednesday, 2nd July 2008

ORG verdict on London Elections: “Insufficient evidence” to declare confidence in results. Electronic voting strikes again. Also of interest: the audit conducted by KPMG can’t be published due to “commercial confidentiality”.

# 10:36 am / kpmg, audit, elections, london, org, openrightsgroup, electronicvoting

Ruby’s Vulnerability Handling Debacle. The critical Ruby vulnerabilities are over a week old now but there’s still no good official patch (the security patches cause segfaults in Rails, leaving the community reliant on unofficial patches from third parties). Max Caceres has three takeaway lessons, the most important of which is to always keep a “last-known-good” branch to apply critical patches to.

# 10:39 am / ruby, security, open-source, maxcaceres, rails, patches

eval() Kerfuffle. The ability to read supposedly private variables in Firefox using a second argument to eval() will be removed in Firefox 3.1.

# 9:24 pm / firefox, eval, security, privacy, javascript, john-resig

2008 » July

MTWTFSS
 123456
78910111213
14151617181920
21222324252627
28293031