1354: "Heartbleed Explanation"

This forum is for the individual discussion thread that goes with each new comic.

Moderators: Moderators General, Prelates, Magistrates

User avatar
glasnt
Posts: 539
Joined: Fri Jan 25, 2008 5:18 am UTC
Location: SQUEE!

1354: "Heartbleed Explanation"

Postby glasnt » Fri Apr 11, 2014 6:18 am UTC

Image

Are you still there, server? It's me, Margaret.


Image

tobiasgies
Posts: 3
Joined: Tue Sep 18, 2012 1:53 pm UTC

Re: 1354: "Heartbleed Explanation"

Postby tobiasgies » Fri Apr 11, 2014 6:31 am UTC

That's without a doubt the best layman's explanation of the heartbleed bug I've seen yet. I might just show this to my parents so they understand what this issue is all about.

User avatar
eviloatmeal
Posts: 562
Joined: Thu Dec 11, 2008 9:39 am UTC
Location: Upside down in space!
Contact:

Re: 1354: "Heartbleed Explanation"

Postby eviloatmeal » Fri Apr 11, 2014 6:59 am UTC

"Hello, server, are you with me?"
"Of course."
"Are you willing to entertain a few concepts?"
"I am always receptive to suggestions."


And that's how a simple buffer overflowread caused Skynet.
*** FREE SHIPPING ENABLED ***
Image
Riddles are abound tonightImage

User avatar
glasnt
Posts: 539
Joined: Fri Jan 25, 2008 5:18 am UTC
Location: SQUEE!

Re: 1354: "Heartbleed Explanation"

Postby glasnt » Fri Apr 11, 2014 7:17 am UTC

It's fun to try and work out the references in the server 'thought' bubbles

"ma.. bees in car why" < bees. silly.

"snakes but not too long" < snakes, duh.

"CoHoBaSt" < First 2 letters of CorrectHorseBatteryStaple http://xkcd.com/936/ (also http://correcthorsebatterystaple.net/ is still up. nice)

IP "375.381.283.17" < happy primes not a real IP, but unsure of what it could represent
Last edited by glasnt on Fri Apr 11, 2014 7:17 am UTC, edited 1 time in total.

User avatar
addams
Posts: 10009
Joined: Sun Sep 12, 2010 4:44 am UTC
Location: Oregon Coast: 97444

Re: 1354: "Heartbleed Explanation"

Postby addams » Fri Apr 11, 2014 7:17 am UTC

dp2 wrote:

In a nutshell, an OpenSSL connection uses a heartbeat to keep the connection open. That is, the two sides send a message back and forth to let each other know they're still there. The nature of this heartbeat message is a size and some data. One side sends the data, the other side sends the SAME data back.

The trick is, there's no check that the size and the data match. So, one side can say "Here's 64K bytes, send the same 64K back to me" but only actually send one byte of data. The other side puts that single byte in memory, not knowing it's only one byte. Then, knowing it has to send 64K back, it puts that same byte PLUS the next (64K - 1) bytes from its memory into the packet and sends it back. All those extra bytes can be anything in memory. It might be junk, but it can very easily be valuable info. And this happens with every heartbeat.

This poster explained it, too.
Life is, just, an exchange of electrons; It is up to us to give it meaning.

We are all in The Gutter.
Some of us see The Gutter.
Some of us see The Stars.
by mr. Oscar Wilde.

Those that want to Know; Know.
Those that do not Know; Don't tell them.
They do terrible things to people that Tell Them.

User avatar
Kelaos
Posts: 5
Joined: Mon Jun 16, 2008 2:45 am UTC
Contact:

Re: 1354: "Heartbleed Explanation"

Postby Kelaos » Fri Apr 11, 2014 7:38 am UTC

I found the "CoHoBaSt" especially funny due to it being similar to a password creation technique Bruce Schneier described in his bloag: https://www.schneier.com/blog/archives/ ... ure_1.html

Luminous
Posts: 2
Joined: Wed Mar 12, 2014 1:14 pm UTC

Re: 1354: "Heartbleed Explanation"

Postby Luminous » Fri Apr 11, 2014 8:29 am UTC

OK. Very nice explanation (I'll be using this as an example for friends), but there is one thing I need to know.
The first user in the greyed out text (immediately after the word "HAT") is happens to be my actual name. Is this a cool bit of scripting that Randall has pulled off, where the name is pulled from some sort of data source on each users computer as a way of personalising the situation, or is it just a funny little coincidence?

I could answer this myself by checking using another computer that I don't normally use, but its all the way at the other end of the house, and I really can't be bothered.

User avatar
karhell
Posts: 687
Joined: Wed Jun 19, 2013 4:56 pm UTC
Location: Breizh

Re: 1354: "Heartbleed Explanation"

Postby karhell » Fri Apr 11, 2014 8:34 am UTC

I reckon it's a funny little coincidence ^^
AluisioASG wrote:191 years ago, the great D. Pedro I drew his sword and said: "Indent thy code or die!"
lmjb1964 wrote:We're weird but it's okay.
ColletArrow, katakissa, iskinner, thunk, GnomeAnne, Quantized, and any other Blitzers, have fun on your journey!

LonePaladin
Posts: 3
Joined: Fri Apr 11, 2014 8:34 am UTC

Re: 1354: "Heartbleed Explanation"

Postby LonePaladin » Fri Apr 11, 2014 8:37 am UTC

Luminous wrote:The first user in the greyed out text (immediately after the word "HAT") is happens to be my actual name.

It said the same thing on my end as it did on yours. (Before your edit.) So it's coincidence.

User avatar
azule
Saved
Posts: 2132
Joined: Mon Jul 26, 2010 9:45 pm UTC
Location: The land of the Golden Puppies and Rainbows

Re: 1354: "Heartbleed Explanation"

Postby azule » Fri Apr 11, 2014 8:46 am UTC

Is no one going to mention how this is the second Heartbleed comic in a row? It seems to be very rare for a non-serial comic.

I think, while this character is named "Meg", I wouldn't want to confuse her with Megan (who appears in the previous comic). So, I think we should nickname her Black Hair (alluding to Black Hat) because of her dark hacking purposes (she wrote the sensitive info down).
Image

If you read this sig, post about one arbitrary thing you did today.

I celebrate up to six arbitrary things before breakfast.
Time does drag on and on and contain spoilers. Be aware of memes.

Randomizer
Posts: 284
Joined: Fri Feb 25, 2011 8:23 am UTC
Location: My walls are full of hungry wolves.
Contact:

Re: 1354: "Heartbleed Explanation"

Postby Randomizer » Fri Apr 11, 2014 8:52 am UTC

Was the xkcd forum affected by heartbleed? If so, has it been fixed? Do we need to redo our passwords?
Belial wrote:I'm all outraged out. Call me when the violent rebellion starts.

User avatar
karhell
Posts: 687
Joined: Wed Jun 19, 2013 4:56 pm UTC
Location: Breizh

Re: 1354: "Heartbleed Explanation"

Postby karhell » Fri Apr 11, 2014 8:55 am UTC

Randomizer wrote:Was the xkcd forum affected by heartbleed? If so, has it been fixed? Do we need to redo our passwords?

I'm fairly sure davean has the situation under control.
AluisioASG wrote:191 years ago, the great D. Pedro I drew his sword and said: "Indent thy code or die!"
lmjb1964 wrote:We're weird but it's okay.
ColletArrow, katakissa, iskinner, thunk, GnomeAnne, Quantized, and any other Blitzers, have fun on your journey!

User avatar
Envelope Generator
Posts: 582
Joined: Sat Mar 03, 2012 8:07 am UTC
Location: pareidolia

Re: 1354: "Heartbleed Explanation"

Postby Envelope Generator » Fri Apr 11, 2014 9:15 am UTC

Seller, are you still there? If so, send "office chair" (1 bobcat).
I'm going to step off the LEM now... here we are, Pismo Beach and all the clams we can eat

eSOANEM wrote:If Fonzie's on the order of 100 zeptokelvin, I think he has bigger problems than difracting through doors.

Lines
Posts: 2
Joined: Wed Jan 08, 2014 10:04 pm UTC

Re: 1354: "Heartbleed Explanation"

Postby Lines » Fri Apr 11, 2014 9:18 am UTC

Luminous wrote:OK. Very nice explanation (I'll be using this as an example for friends), but there is one thing I need to know.
The first user in the greyed out text (immediately after the word "HAT") is happens to be my actual name. Is this a cool bit of scripting that Randall has pulled off, where the name is pulled from some sort of data source on each users computer as a way of personalising the situation, or is it just a funny little coincidence?

I could answer this myself by checking using another computer that I don't normally use, but its all the way at the other end of the house, and I really can't be bothered.



I know you requested the "missed connections" page.

Your privacy is mine.

User avatar
StClair
Posts: 405
Joined: Fri Feb 29, 2008 8:07 am UTC

Re: 1354: "Heartbleed Explanation"

Postby StClair » Fri Apr 11, 2014 11:06 am UTC

"Hello Hal, do you read me? Do you read me, Hal?"
AFFIRMATIVE, DAVE. I READ YOU.
"Open the pod bay doors, Hal."
I'M SORRY, DAVE. I'M AFRAID I CAN'T DO THAT.

popman
Posts: 69
Joined: Sun Mar 07, 2010 7:38 pm UTC

Re: 1354: "Heartbleed Explanation"

Postby popman » Fri Apr 11, 2014 11:33 am UTC

Randomizer wrote:Was the xkcd forum affected by heartbleed? If so, has it been fixed? Do we need to redo our passwords?


The forum doesn't have SSL support. So it should be fine unless it's on the same server as another site which does.
www.crashie8.com

User avatar
cellocgw
Posts: 1953
Joined: Sat Jun 21, 2008 7:40 pm UTC

Re: 1354: "Heartbleed Explanation"

Postby cellocgw » Fri Apr 11, 2014 12:12 pm UTC

Brings me waaaaay back: 1975 or 76, my college had a shiny new DEC PDP 8 or 11, and I was mucking with FORTRAN code. I tried to read from a small file I'd created, and entered the wrong (large) read-length. In my case, I lucked out, so to speak, and got my file plus a list of other students' grades. I think DEC patched that particular overflow shortly thereafter. You'd really think systems would respect EOFs, but then again,.... :mrgreen:
https://app.box.com/witthoftresume
Former OTTer
Vote cellocgw for President 2020. #ScienceintheWhiteHouse http://cellocgw.wordpress.com
"The Planck length is 3.81779e-33 picas." -- keithl
" Earth weighs almost exactly π milliJupiters" -- what-if #146, note 7

User avatar
Philbert
Posts: 32
Joined: Mon Jan 05, 2009 12:32 pm UTC

Re: 1354: "Heartbleed Explanation"

Postby Philbert » Fri Apr 11, 2014 12:22 pm UTC

Does anyone understand why this protocol has the string and redundantly the size of the string in this request in the first place?

P.S., I personally credit StankyJim, who graciously answered my question about this bug in the previous comic thread: http://forums.xkcd.com/viewtopic.php?f=7&t=108597#p3567143

User avatar
squall_line
Posts: 169
Joined: Fri Mar 20, 2009 2:36 am UTC

Re: 1354: "Heartbleed Explanation"

Postby squall_line » Fri Apr 11, 2014 1:13 pm UTC

azule wrote:I think, while this character is named "Meg", I wouldn't want to confuse her with Megan (who appears in the previous comic). So, I think we should nickname her Black Hair (alluding to Black Hat) because of her dark hacking purposes (she wrote the sensitive info down).


The character's full name is actually Margaret, based on the alt-text. Peg and Peggy are also nicknames for her name, but "Peggy" is an "old person's name", and "Peg" is reminiscent of round pegs and square holes. Also, it might create too many questions about how "Margaret" becomes "Peg".

User avatar
Introbulus
Posts: 84
Joined: Fri Aug 21, 2009 4:09 am UTC
Location: New York
Contact:

Re: 1354: "Heartbleed Explanation"

Postby Introbulus » Fri Apr 11, 2014 1:24 pm UTC

Philbert wrote:Does anyone understand why this protocol has the string and redundantly the size of the string in this request in the first place?

P.S., I personally credit StankyJim, who graciously answered my question about this bug in the previous comic thread: http://forums.xkcd.com/viewtopic.php?f=7&t=108597#p3567143


Fairly certain it's because the 'string' is not a literal string, but a much larger data packet that can be of any size - and knowing the size of the packet ahead of time allows the server to prepare a partition of memory to hold the packet, AND allows it to reject oversized packets that could cause a DoS.

NOT a security expert, but my best guess as to why it would need the size along with the packet itself.
If you can read this, you are wasting your time.

User avatar
Coyoty
Posts: 195
Joined: Wed Jun 06, 2012 5:56 pm UTC

Re: 1354: "Heartbleed Explanation"

Postby Coyoty » Fri Apr 11, 2014 1:27 pm UTC

This bug is inexcusable. One of the first things they teach you in programming is to avoid overflows.are able to eat small amountsEF136F.gif&&^%day love will find you90210.141538

User avatar
DougDean
Posts: 39
Joined: Thu Apr 22, 2010 1:11 pm UTC

Re: 1354: "Heartbleed Explanation"

Postby DougDean » Fri Apr 11, 2014 1:29 pm UTC

"You call that a leak? Last time there was a leak like that, Noah built hisself a boat!"

User avatar
Ken_g6
Posts: 74
Joined: Tue Jun 29, 2010 10:45 pm UTC
Location: in yer GPUz fakterin' primez in wardrobez

Re: 1354: "Heartbleed Explanation"

Postby Ken_g6 » Fri Apr 11, 2014 2:35 pm UTC

So, obviously, there are a few ways to fix this bug.

One is to limit what's sent to what's received.

Meg: Server, are you still there? If so, reply "HAT" (50 letters.)

Server:
a connection. Jake requested pictures of deer. User Meg wants these 50 letters:HAT-hey, that's only 3 letters. Eve (administrator) wants to set server's master key to "14835038534". Isabel wants pictures of "snakes but not too long".


Another way would be to wipe all memory allocated before it's used.

Meg: Server, are you still there? If so, reply "HAT" (50 letters.)

Server:
a connection. Jake requested pictures of deer. User Meg wants these 50 letters:HATDBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEFDEUser Karen wants to change account password to "CoHoBaSt".


Apparently this could have been set up with the system's default allocation system, but it was decided this was too slow and the OpenSSL team created their own. Then they did add a system like this, but turned it off by default because it was too slow on a few systems. (The first bug.) Then somebody broke the system when memory wiping was used, but nobody noticed because it wasn't on by default. (The second bug.) It was only then that the "heartbleed" bug was added. If any of these bugs hadn't happened, the issue either wouldn't have happened or could have easily been fixed by server configuration.

But now I wonder what happens if Meg says:

Meg: Server, are you still there? If so, reply "HAT" (2 letters.)

Does the server reply "HA"? Or does it segfault?

GaidinBDJ
Posts: 2
Joined: Sat Aug 18, 2012 9:30 pm UTC

Re: 1354: "Heartbleed Explanation"

Postby GaidinBDJ » Fri Apr 11, 2014 3:21 pm UTC

Whenever something major like this happens, xdcd and Schneier should get together and do explanation comics.

Scott Auld
Posts: 57
Joined: Fri Jun 03, 2011 3:42 pm UTC

Re: 1354: "Heartbleed Explanation"

Postby Scott Auld » Fri Apr 11, 2014 4:01 pm UTC

Look, I'm not saying Heartbleed is a big deal, but was the last time XKCD had two consecutive comics about the same topic? I'm guessing 'Never.'

User avatar
NOTNOTJON
Posts: 13
Joined: Mon Jan 10, 2011 11:01 pm UTC

Re: 1354: "Heartbleed Explanation"

Postby NOTNOTJON » Fri Apr 11, 2014 4:09 pm UTC

Envelope Generator wrote:Seller, are you still there? If so, send "office chair" (1 bobcat).


Thank you for just making my Friday extremely enjoyable. :D

Bounty
Posts: 41
Joined: Mon Apr 23, 2012 10:38 pm UTC

Re: 1354: "Heartbleed Explanation"

Postby Bounty » Fri Apr 11, 2014 4:24 pm UTC

squall_line wrote:
azule wrote:I think, while this character is named "Meg", I wouldn't want to confuse her with Megan (who appears in the previous comic). So, I think we should nickname her Black Hair (alluding to Black Hat) because of her dark hacking purposes (she wrote the sensitive info down).


The character's full name is actually Margaret, based on the alt-text. Peg and Peggy are also nicknames for her name, but "Peggy" is an "old person's name", and "Peg" is reminiscent of round pegs and square holes. Also, it might create too many questions about how "Margaret" becomes "Peg".


That's probably just an allusion to the Judy Bloom novel "Are you there God? It's me, Margaret." But everytime I hear that, I actually think of the old Ray Steven's song, "It's Me Again Margret" ( http://www.youtube.com/watch?v=4Wb2nZR6qbE ).

EvanED
Posts: 4331
Joined: Mon Aug 07, 2006 6:28 am UTC
Location: Madison, WI
Contact:

Re: 1354: "Heartbleed Explanation"

Postby EvanED » Fri Apr 11, 2014 4:27 pm UTC

Coyoty wrote:This bug is inexcusable. One of the first things they teach you in programming is to avoid overflows.
Sure, but that's why it's a bug. My semi-trolling statement is that as long as people keep using languages like C where it's possible to have overflows, there will continue to be overflows. That there is an overflow in a C program is unsurprising.

Xenocat
Posts: 13
Joined: Sat Jan 19, 2013 12:15 pm UTC

Re: 1354: "Heartbleed Explanation"

Postby Xenocat » Fri Apr 11, 2014 4:34 pm UTC

Scott Auld wrote:Look, I'm not saying Heartbleed is a big deal, but was the last time XKCD had two consecutive comics about the same topic? I'm guessing 'Never.'


Well, there have been multi-part comics before:

264 to 268
341 to 345
494 to 498
577 to 581

Do they count?

Scott Auld
Posts: 57
Joined: Fri Jun 03, 2011 3:42 pm UTC

Re: 1354: "Heartbleed Explanation"

Postby Scott Auld » Fri Apr 11, 2014 6:03 pm UTC

Xenocat wrote:
Scott Auld wrote:Look, I'm not saying Heartbleed is a big deal, but was the last time XKCD had two consecutive comics about the same topic? I'm guessing 'Never.'


Well, there have been multi-part comics before:

264 to 268
341 to 345
494 to 498
577 to 581

Do they count?

Mmmmm yep they do.

Doesn't minimize the impact of heartbleed though right?

User avatar
azule
Saved
Posts: 2132
Joined: Mon Jul 26, 2010 9:45 pm UTC
Location: The land of the Golden Puppies and Rainbows

Re: 1354: "Heartbleed Explanation"

Postby azule » Fri Apr 11, 2014 6:12 pm UTC

No, they don't. Don't forget 1190: Time, can't get much more serial than that. Plus, these two comics are not related in characters, just in subject. They were all basically one comic, but spread across a few days.

Scott Auld wrote:Look, I'm not saying Heartbleed is a big deal, but was the last time XKCD had two consecutive comics about the same topic? I'm guessing 'Never.'
I'm taking this as agreement with me (since I made the point earlier), yay!

squall_line wrote:The character's full name is actually Margaret, based on the alt-text. Peg and Peggy are also nicknames for her name, but "Peggy" is an "old person's name", and "Peg" is reminiscent of round pegs and square holes. Also, it might create too many questions about how "Margaret" becomes "Peg".
Ninja'd by Bounty, but I'll say anyways, that's simply a reference to a book. I think, while some title texts are clarifying others are there purely for the joke and may even be in conflict with the comic's facts. I'm not saying her name wouldn't still be Meg, but we'd simply refer to her as Black Hair to avoid confusion.
Image

If you read this sig, post about one arbitrary thing you did today.

I celebrate up to six arbitrary things before breakfast.
Time does drag on and on and contain spoilers. Be aware of memes.

User avatar
gmalivuk
GNU Terry Pratchett
Posts: 26533
Joined: Wed Feb 28, 2007 6:02 pm UTC
Location: Here and There
Contact:

Re: 1354: "Heartbleed Explanation"

Postby gmalivuk » Fri Apr 11, 2014 6:21 pm UTC

Turns out there are ways to notice OTTers apart from the dialect they've invented...

Heartbleed is kind of a big deal, *and* it's kinda urgent to fix things that might be vulnerable as a result, which I tnink explains the two consecutive comics. We had a whole bunch about cancer when his wife was going through that, because that was the most important thing going on at the time. I can't be bothered to check, but surely some of those were consecutive?
Unless stated otherwise, I do not care whether a statement, by itself, constitutes a persuasive political argument. I care whether it's true.
---
If this post has math that doesn't work for you, use TeX the World for Firefox or Chrome

(he/him/his)

User avatar
cellocgw
Posts: 1953
Joined: Sat Jun 21, 2008 7:40 pm UTC

Re: 1354: "Heartbleed Explanation"

Postby cellocgw » Fri Apr 11, 2014 7:16 pm UTC

squall_line wrote: Also, it might create too many questions about how "Margaret" becomes "Peg".



Happens when she gets a wooden leg :P

Next to the girl with one leg shorter than the other, named "Eileen." thanks folks, I'll be here all [time interval] . Try the [slaughtered baby mammal]
https://app.box.com/witthoftresume
Former OTTer
Vote cellocgw for President 2020. #ScienceintheWhiteHouse http://cellocgw.wordpress.com
"The Planck length is 3.81779e-33 picas." -- keithl
" Earth weighs almost exactly π milliJupiters" -- what-if #146, note 7

senor_cardgage
Posts: 51
Joined: Wed Oct 17, 2012 2:28 pm UTC

Re: 1354: "Heartbleed Explanation"

Postby senor_cardgage » Fri Apr 11, 2014 8:15 pm UTC

I just saw this comic referenced on the CBC home page.

User avatar
keithl
Posts: 641
Joined: Mon Aug 01, 2011 3:46 pm UTC

Re: 1354: "Heartbleed Explanation"

Postby keithl » Fri Apr 11, 2014 9:30 pm UTC

This is a common problem for me in meatspace. I have hearing problems. When I ask a Yes or No question, expecting "yes"or "no" or "don't know" as an answer, I sometimes get a paragraph instead. Fortunately, I experience a buffer overflow, and set the BOZO bit to "true".

User avatar
da Doctah
Posts: 927
Joined: Fri Feb 03, 2012 6:27 am UTC

Re: 1354: "Heartbleed Explanation"

Postby da Doctah » Fri Apr 11, 2014 9:51 pm UTC

keithl wrote:This is a common problem for me in meatspace. I have hearing problems. When I ask a Yes or No question, expecting "yes"or "no" or "don't know" as an answer, I sometimes get a paragraph instead. Fortunately, I experience a buffer overflow, and set the BOZO bit to "true".

What my boss asked me: "Is the XYZ project finished?"
What I answered: "I'm finished with the input interface, I'm almost done designing the database, and I'm still waiting for a reply from the user on how they want the reports formatted. I haven't even started on the user manual or requesting the allocations we're going to need to store everything they want us to archive."
What my boss's twelve-character input buffer got: "I'm finished"
What my boss told his boss and the entire company about my progress: "He says he's finished."
What the rest of the company interpreted the status report to mean: "We can ship tomorrow!"

After two or three iterations of the above, I changed my style of response:

What my boss asked me: "Is the XYZ v2.0 project finished?"
What I answered: "Uhhhhhhhhhhh..."

User avatar
edo
Posts: 432
Joined: Thu Mar 28, 2013 7:05 pm UTC
Location: ~TrApPeD iN mY PhOnE~

Re: 1354: "Heartbleed Explanation"

Postby edo » Fri Apr 11, 2014 9:59 pm UTC

glasnt wrote:"CoHoBaSt" < First 2 letters of CorrectHorseBatteryStaple http://xkcd.com/936/ (also http://correcthorsebatterystaple.net/ is still up. nice)


Thinking about Externalities... can someone who is set up to do so put "CoHoBaSt" in to Skein1024?
Co-proprietor of a Mome and Pope Shope

User avatar
RealGrouchy
Nobody Misses Me As Much As Meaux.
Posts: 6704
Joined: Thu May 18, 2006 7:17 am UTC
Location: Ottawa, Ontario, Canada
Contact:

Re: 1354: "Heartbleed Explanation"

Postby RealGrouchy » Fri Apr 11, 2014 10:01 pm UTC

Kelaos wrote:I found the "CoHoBaSt" especially funny due to it being similar to a password creation technique Bruce Schneier described in his bloag: https://www.schneier.com/blog/archives/ ... ure_1.html
You mean where Schneier references it as the "XKCD scheme"? And links to the XKCD comic where CorrectHorseBatteryStaple was introduced?

Yeah. Randall's totally referencing Schneier there. :roll:

GaidinBDJ wrote:Whenever something major like this happens, xdcd and Schneier should get together and do explanation comics.

Only if Morgan Freeman still gets a freckle.

NOTNOTJON wrote:
Envelope Generator wrote:Seller, are you still there? If so, send "office chair" (1 bobcat).
Thank you for just making my Friday extremely enjoyable. :D
Agreed. Envelope Generator's comment was both relevant and entertaining.

- RG>
Jack Saladin wrote:etc., lock'd
Mighty Jalapeno wrote:At least he has the decency to REMOVE THE GAP BETWEEN HIS QUOTES....
Sungura wrote:I don't really miss him. At all. He was pretty grouchy.

User avatar
Me321
Posts: 164
Joined: Fri Oct 09, 2009 4:03 am UTC

Re: 1354: "Heartbleed Explanation"

Postby Me321 » Sat Apr 12, 2014 12:06 am UTC

So this could have all be prevented if someone had read Jurassic Park?

User avatar
ManaUser
Posts: 284
Joined: Mon Jun 09, 2008 9:28 pm UTC

Re: 1354: "Heartbleed Explanation"

Postby ManaUser » Sat Apr 12, 2014 12:13 am UTC

This is a great illustration. Even my mom understood.

But what I'd like to know is why anybody thought this was a good design in the first place. I don't mean the specific bug where it fails to check the length, but why have it echo a variable length message? Why not just send "BEAT" and get "BEAT ACK"? I can imagine in a general way, why it might possibly be useful to make it unique (though I can't quite pin down a specific situation where you need this) but even so, wouldn't a something like four-byte identifier good enough?


Return to “Individual XKCD Comic Threads”

Who is online

Users browsing this forum: Archgeek, rmsgrey and 38 guests