The question is unexplored territory, pun intended.
The FAA could deny approval for launch, but its unclear what the basis would be. What happens on Mars is out of it's jurisdiction, literally.
The UN governs Earth, not Mars. It could expand to cover Mars I suppose. It's the sort of pointless activity you could imagine the European Parliament obsessing over, but there is little they could do about an American launch company.
But the reality is we are centuries away from something approaching a land-rush on Mars, or actual competition between nations for control of anything.
I suspect it will be a "watch and wait and see" situation.
Although it covers states, not individuals, and was signed in the 1960s. That said, most space law still derives from these outdated laws and treaties and we're sorely in need of an updated approach that recognises things work differently now. Even if not for Mars, we need it to work better in orbit and on the Moon.
I agree we're centuries away, so there's that. But being pejorative about the force of law and writing it off as useless european hand-wringing I think misses the point: Elon is either going to pussy out, and not actually put people into space, or is going to, and they're going to die.
Since he doesn't have a matter transporter, he has to transit from a legal regime his company assets exist in, to some mythical point where the jurisdictional boundary lies. I think that is likely to be where alignment of the limits to US lawfare, and the headache of privatized use of space combine.
If I was China, I'd refuse to recognise any claim to ownership of assets beyond Geosynchronous. I wouldn't deliberately go to the lagrange points and graffiti the JWST, but I'd sure as hell make sure Musk knew that if he finds magnetic monopoles or tritium supplies, China expects it's cut. (magnetic monopoles don't exist.)
Some people use this term interchangeably. Many layperson's don't know the difference. Although yes, salted and hashed is the way. Encryption means there's a key (which can be compromised) to decrypt it.
yeah but you can't fight human psychology. If I say CVE-2014-0160, only a handful of people will know what I mean, but if I say heartbleed, there's a lot more recognition. Until the singularity happens and we're post-scarcity, people need money and recognition helps get more of that, however indirectly.
let's go further .. domain name means visibility and costs money.. so whoever builds and pays for "cipherleaks dot com" intends to make a business out of it..
Let's imagine a worst case scenario, where thousands of highly skilled hours are put into building common infrastructure ("barn raising") among capable people with implied social promises but not cash, and then a second wave ("cattle ranchers") comes in and starts collecting money for CVEs and pushing out any claims for compensation by authors..
this scenario is playing out in the EU (CRA laws) or de-facto in the USA (VC startups) right now.. with the monetization of CVEs , but foot-dragging and long speeches for compensation of OSS engineering. make sense?
> By reading the source code, I realized that the incoming data was put into a fixed-size static buffer in the stack, and the payload was decrypted into another fixed-size buffer. There’s no boundary or size check.
This is not normal. It's amateurish in the extreme that leads to the only conclusion that whoever wrote this ZeroMQ thing is not a real software engineer. I.e. stay away at all costs.
> This is not normal. It's amateurish in the extreme that leads to the only conclusion that whoever wrote this ZeroMQ thing is not a real software engineer. I.e. stay away at all costs.
I don't think that's a remotely fair assessment. ZeroMQ is a very large and quite popular project but it's also getting close to two decades old if I remember correctly. Any large C or C++ project that is that old is going to have quite a bit of historical cruft. And looking at some of the code that said vulnerability touched, most of that code was over a decade old.
Not to claim that it's any less severe but this is the nature of long lived projects. Unless they are massively privileged, they tend to have more code than eyes to look at said code and said code often was written in the bad old days.
> it's also getting close to two decades old if I remember correctly. Any large C or C++ project that is that old is going to have quite a bit of historical cruft.
I don't think writing arbitrary data into fixed-size buffer without boundary checks is just an artifact of being historical cruft, it's a ridiculous mistake no matter which time period it was written in. Whoever wrote that code decades ago was incredibly amateurish.
That assuming the code was written that way initially. More often than not in long running projects pieces get moved around, refactored, functionality added and removed, and silent assumptions that were true before aren't true anymore. Somebody coded functionality for fixed data buffer, somebody else extended it with variable sized data but was not aware fixed buffers are being used, that stuff happens. We live in a myriad of glass castles, don't be so quick to throw stones around.
The tone of some comments like this one makes me wonder if the authors ever wrote any software of reasonable complexity, on their free time while getting paid zero dollars.
With such high standards I wonder why this people use such amateur software and not make or buy their own professional grade software.
Also sheds light why truly free open source software is such a thankless and hazardous activity
Pieter Hintjens who started ZeroMQ, advocated for 'optimistic merging' as a strategy to encourage community & project building [1] (prev discussed in [2]). For all of the benefits listed it does open it up to lower quality or malicious merges.
Literally every serious C/C++ project has shipped memory unsafety vulnerabilities. We have discovered, as the global community of programmers, that humans are not smart enough to write C code without doing that. It is time to blame the language (or the species) and move on.
Let's not pretend that the people writing the unsafe code are unimaginably stupid. They are extremely imaginably stupid, as we all are.
The more I use ChatGPT, the useless I realize it is.
It looks impressive at first, until you realize it is like a trick pony. Don't get it to haul your luggage.
It gives apparently good summaries of sometimes complex topics. But then you ask it to explain things in more detail...welcome to a special hell of circular reasoning, inherent contradictions, and surprising about-faces that occur even when you ask a complementary question (complementary as in congruent not admiring).
ChatGPT: <long verbose answer...>
Me: Oh so your saying X implies Y but not Z? (which previous answer did)
ChatGPT: Apologies for causing confusion, I misspoke.... (go on to give a worse response now)
Me: But your first response was OK, I just wanted to clarify XYZ...
ChatGPT: <now gives a response with directly conflicting statements>
The FAA could deny approval for launch, but its unclear what the basis would be. What happens on Mars is out of it's jurisdiction, literally.
The UN governs Earth, not Mars. It could expand to cover Mars I suppose. It's the sort of pointless activity you could imagine the European Parliament obsessing over, but there is little they could do about an American launch company.
But the reality is we are centuries away from something approaching a land-rush on Mars, or actual competition between nations for control of anything.
I suspect it will be a "watch and wait and see" situation.