User talk:FenixFeather/Archives/2014/April
This is an archive of past discussions with User:FenixFeather. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the current talk page. |
Space warfare And the death of Wikipedia.
To all editors: Let the reader decide, given all the various ways of looking at things, don't try and decide what is true, we are not good at it. Please copy this comment to more general Wikipedia forum, I am not familiar with those aspects of the wiki community, but I believe this needs to be addressed.
Most recent example: editors insists on keeping false data in Space Warfare article solar panels efficiency claims. Space solar panels are 30% efficient, not 5-18%. Spectrolab makes and sells them, that's not a good enough reference? Somehow my doing some simple calculations comparing the needed size to the ISS solar panels is "bad" original work, but the rest of the entire section, which is un referenced, is not?
Wiki worked great when you let the user decide what were "reliable sources" now you have taken that choice away. You have taken the "wiki" out of Wikipedia, it's not the quick collaborative encyclopedia anymore, it some attempt to find the one and only "truth".
What is a "reliable source"? Not the one Wiki claims. Not peer reviewed.
http://science.howstuffworks.com/innovation/scientific-experiments/scientific-peer-review4.htm not good at finding errors
http://www.sott.net/articles/show/245503-The-Corruption-of-Science-How-Corporations-Like-Monsanto-Have-Hijacked-Higher-Education What's more, a broader look at all corporate agricultural research, $7.4 billion in 2006, dwarfs the mere $5.7 billion in all public funding of agricultural research spent the same year.
Peer reviewed does no mean correct. Most peer reviewed papers eventually turn out to be wrong, that's progress, . Go read a bunch of Nature papers from the 1940's: Mostly wrong ideas, bad methodology, bad conclusions.
Nature does a good job, and they are still wrong, that's science.
The misunderstanding of the significance of peer reviewed
http://science.howstuffworks.com/innovation/scientific-experiments/scientific-peer-review4.htm
Unless it's one of a handful of top journals it really means almost nothing, yet it might be the next big thing.
Not that there aren't great papers and report of great experiments, it's just that the mere fact of being peer reviewed has nothing to do with that.
Science is about the experiments and theories and then the testing of the theories by replication by other scientists. The journals were just a way to publish
http://michaelnielsen.org/blog/three-myths-about-scientific-peer-review/
http://wiki.riteme.site/wiki/Peer_review_failure
Now with the internet, it's not really necessary
http://quod.lib.umich.edu/j/jep/3336451.0010.107?rgn=main;view=fulltext pro peer review but modified
You should not even allow references to for pay articles, it completely defeats the purpose. If a pay reference is used, it can only duplicate an unpaid ref, how will anyone afford to check all the paid refs? Just say need unpaid reference.
Is Government a "reliable Source"? Nope.
Example: The cost of electricity article you believe the DOE is a "reliable Source" You believe the government agencies repeatedly accused and found to be captive to the fossils and nuclear industry. I ask the editors: what cost of solar panels did the DOE sited numbers use? Search for it, and you will learn that the DOE doesn't take solar seriously, they hired a consulting firm to give them numbers without and backup data. solar panels on the world spot market on are 50-70 cents, but the DOE uses much higher numbers. They also assume a 15 year life for panels that last at least 40 years.
Do you believe the gov on everything else it says? In fact, is there any reason to believe the gov at all?
I know you want some sort of truth, that is believable, but there is no single immutable truth about much of anything.
Stop this editing out of everything that does not come from the gov or a peer reviewed source, that's not truth, it's not science, it is not encyclopedic. There are differences of opinion, and hidden agendas all over the place, you can't tell which ones are correct, you MUST leave it to the readers.
I want every crazy theory referenced in every article. We can put the "most popular" view first, but we need comprehensive articles, no one takes Wikipedia articles or ANY encyclopedia articles as "truth" anyway, they are not primary references. We used to do this. Let's do it again. — Preceding unsigned comment added by 24.21.79.104 (talk) 07:54, 4 April 2014 (UTC)
- @24.21.79.104: Hey there, thanks for dropping by. I appreciate the effort to communicate. If you want to reach a wider audience for the improvement of Wikipedia, I believe you can do this at Wikipedia:Proposals.
- I would agree with you that nobody has a monopoly on truth, but on Wikipedia, because of the large number of readers and editors, there has to be a standard for reliability of sources. While I see the appeal of a place where anything goes, that's not what Wikipedia is set out to be. Elsewhere on the internet, however, you will find that people can write almost anything they want; it's just that when Wikipedia was created, it was decided that it would serve only as a compilation of human knowledge, not as a place where new knowledge and analyses would be created.
- I removed your edit because it seemed to contain original research and the refs seemed a bit odd. But this doesn't mean I felt the information you put there was bad. Check out the tutorial for how to cite sources, then add the info back in. Trust me, the tutorial helps! And make sure all the information you put in this encyclopedia is supported by your sources. The other stuff is not cited as well, so I was probably a little hasty in removing your 30% number. In fact, I've taken the liberty of restoring that number (with a proper reference, rather than an external link).
- Yes, a lot of the rest of the article seems to contain original research. This means it's even more important to add cited info to the page. Additionally, while your intentions are noble, Wikipedia is not an indiscriminate collection of information, nor is it a publisher of original thought. You seem to feel strongly about this, though, so I encourage you to look into other mediums for writing about ideas that are not supported by reliable third party sources or ideas not notable enough to be included. But welcome to Wikipedia and thanks for your contributions! – FenixFeather (talk)(Contribs) 08:17, 4 April 2014 (UTC)
Please comment on Talk:Seahorse
Greetings! You have been randomly selected to receive an invitation to participate in the request for comment on Talk:Seahorse. Should you wish to respond to the invitation, your contribution to this discussion will be very much appreciated! If in doubt, please see suggestions for responding. If you do not wish to receive these types of notices, please remove your name from Wikipedia:Feedback request service. — Legobot (talk) 00:02, 5 April 2014 (UTC)
Malaysian
Sorry, I had to undo your edit in order to remove some nonsense that had been added earlier. Nothing personal. Roundtheworld (talk) 08:11, 6 April 2014 (UTC)
- @Roundtheworld: No worries :) Thanks for the notice and for your work on the article! By the way, have you tried out Twinkle yet? It lets you revert multiple edits or restore to a certain version of the article. Saves you the time of undoing each edit! – FenixFeather (talk)(Contribs) 08:21, 6 April 2014 (UTC)
Adding References to Vishnu
Hi I request you to add the following hyperlink{http://www.hindupedia.com/en/Panchayudha_Stotram] as a source of with reference to Pancha Ayudham in the "Vishnu" page — Preceding unsigned comment added by Mirtuh (talk • contribs) 15:23, 7 April 2014 (UTC)
- @Mirtuh: Thanks for the notice! I will add it. – FenixFeather (talk)(Contribs) 15:38, 7 April 2014 (UTC)
- Okay, it's done! In the future, you can check out the tutorial for more info on how to make references. Thank you for your contribution! – FenixFeather (talk)(Contribs) 15:47, 7 April 2014 (UTC)
Frozen box office
Dear FenixFeather,
WP:MOS/Film states that we should descrivbe how the film performed in a retrospective, not a historical way. Therefore this: "During its nineteenth weekend of release, Frozen surpassed Toy Story 3 in the worldwide box office, becoming the highest-grossing animated film of all time." should simply be stated as "Frozen is the highest-grossing animated film worldwide". Furthermore, it is logical to compare Frozen with other Walt Disney Animation Studios films or other animated films in general, but comparing it to Disney and Pixar films is definitely WP:INDISCRIMINATE. WP:MOS/Film also states that editors should "Avoid indexical terminology such as "domestic" [...] and [...] "international"." Such terminology includes the word "foreign". We should be specific and state "the film's debut outside the US and Canada" or "outside North America".
Concerning the part stating that Frozen is a "Walt Disney Pictures release", just read these three Wikipedia articles: The Walt Disney Studios (division), Walt Disney Animation Studios, Walt Disney Pictures. The first clearly states in the infobox that Walt Disney Pictures and Walt Disney Animation Studios are separate divisions. The division of Disney that releases films is called Walt Disney Studios Motion Pictures.
Furthermore, in my edit I updated the film's ranking in some categories and corrected a grammatical error "(five-day opening of $14.1 million)and Russia and the CIS", where the word "and" was not necessary (not to mention it was stuck onto the brackets). So I would like to ask kindly that the next time you disagree with part of my edit, please only change that specific part instead of the whole thing.
Thank you in advance. Spinc5 (talk) 16:10, 7 April 2014 (UTC)
- @Spinc5: Thanks for dropping by. Per WP:CIRCULAR, we shouldn't rely on other Wikipedia articles for information. According to this article, which is the first ref appearing in the body of the article, it is a Walt Disney Pictures film release. I would argue that including information about Frozen being the top earner in the box office is relevant information. Maybe the reference to Toy Story 3 could be removed, though. And I apologize for removing the other stuff; I must've missed it while I was looking at the diff. – FenixFeather (talk)(Contribs) 16:12, 7 April 2014 (UTC)
- @FenixFeather:This article, published by Disney itself states: "It is The Walt Disney Studios' seventh release to reach the $1 billion". Walt Disney Studios, not Walt Disney Pictures. Furthermore, this Disney website does not mention Walt Disney Pictures at all. Spinc5 (talk) 16:22, 7 April 2014 (UTC)
- @Spinc5: Yeah, this and the Wikipedia article on Walt Disney Studios you cited earlier both seem to indicate that Walt Disney Pictures is one of the studios under Walt Disney Studios, but is responsible for the live action films. Walt Disney Animation Studios seems to be the correct studio. That's odd. The article right now says that Animation Studios produced it, but Pictures released it. Maybe bring this issue up on the article talk page so other editors can offer input? It seems like a rather confusing situation. – FenixFeather (talk)(Contribs) 19:03, 7 April 2014 (UTC)
- @FenixFeather: What is even odder is that every animated film from Disney or Pixar that I checked says "Released by Walt Disney Pictures" in the leading section. Look at Up (2009 film), Wreck-It Ralph, Toy Story 3, Tangled, Monsters University, Bolt (2008 film), etc. Is it possible that such a mistake has not been noticed before? In the cases of Wreck-It Ralph and Monsters University, there are references that do not mention "Walt Disney Pictures", although they are supposedly supporting that claim. Spinc5 (talk) 05:29, 8 April 2014 (UTC)
- @Spinc5: That does seem confusing. I think you should present this issue on the talk page, with all of the evidence you gathered here, and see what the other editors have to say. It seems odd that an error like this would be repeated across multiple pages. It's possible that they were following one another till that error was repeated across multiple pages, or we're just missing something. In any case, I feel like more input is needed on what seems like a potentially widespread problem. – FenixFeather (talk)(Contribs) 06:47, 8 April 2014 (UTC)
- Addendum: Okay, even more confusingly, while I know wikis aren't good sources for Wikipedia, the pictures here seem to support Walt Disney Pictures as a separate entity from Walt Disney Motion Pictures. There needs to be some reliable source found on this, because the Walt Disney Pictures article is very lacking on sources too. – FenixFeather (talk)(Contribs) 07:03, 8 April 2014 (UTC)
Please comment on Talk:Water fluoridation controversy
Greetings! You have been randomly selected to receive an invitation to participate in the request for comment on Talk:Water fluoridation controversy. Should you wish to respond to the invitation, your contribution to this discussion will be very much appreciated! If in doubt, please see suggestions for responding. If you do not wish to receive these types of notices, please remove your name from Wikipedia:Feedback request service. — Legobot (talk) 00:03, 11 April 2014 (UTC)
he's a neo pagan
We don't know exactly what his motive to drive so far to kill three white/non-jewish people is.
For all we know this could be motivated by his pagansim.
so it gets two words (that very light).
And the source is solid otherwise I wouldn't write this about a living person.
Check it out.
--107.199.68.228 (talk) 05:36, 16 April 2014 (UTC)
- @107.199.68.228: Thanks for dropping by. I think the information could be useful, but maybe insert into the body rather than the intro. Also, check out WP:REFB and WP:CITE for how to cite sources properly, rather than inserting external links. Thanks again for your contribution! – FenixFeather (talk)(Contribs) 05:38, 16 April 2014 (UTC)
- Also, the BLP warning was about the other article you edited. I'm aware that you cited a source for the shooting article. – FenixFeather (talk)(Contribs) 05:39, 16 April 2014 (UTC)
Sorry getting tied, thought you should know everyone involved in the shootings religion seems to matter so that's what the categories are at the bottom. --107.199.68.228 (talk) 05:42, 16 April 2014 (UTC)
- @107.199.68.228: But speculating at this point without a source would be WP:SPECULATION or WP:OR, so just avoid putting the article under "Neo-paganism in the United States" for now. It's not very neutral of Wikipedia at all to categorize the shooting as an act of Neo-paganism. I suggest inserting the information in a relevant place in a neutral way. Thanks! – FenixFeather (talk)(Contribs) 05:45, 16 April 2014 (UTC)
Moving vishnu to semi-protected article.Regarding shiva edit
Italic text
Hi Fenix these days i am seeing lot of mischevious edits to Vishnu page. I requestank you to move the article to 'semi-protected'. so that it can be protected from mischevious vandalism.
Thank You. — Preceding unsigned comment added by Mirtuh (talk • contribs) 14:33, 17 April 2014 (UTC)
- @Mirtuh: Well, I can’t semi-protect articles, only request it. And usually semi-protection requests only work if there is persistent vandalism. See WP:ROUGH for a rough guide to semi-protection. The adding of Buddha into the main list of avatars of Vishnu is not really vandalism, but rather just a good faith mistake; they probably didn’t notice the sentence below that already indicates some people believe Buddha to be the ninth avatar. Whileyour instruction. I know you feel strongly about whether Buddha is an avatar of Vishnu, we have to keep in mind WP:NPOV and maintain a neutral point of view, which means acknowledging that some people do think Buddha to be an avatar. – FenixFeather (talk)(Contribs) 14:42, 17 April 2014 (UTC)
Please comment on Talk:Unified Modeling Language
Greetings! You have been randomly selected to receive an invitation to participate in the request for comment on Talk:Unified Modeling Language. Should you wish to respond to the invitation, your contribution to this discussion will be very much appreciated! If in doubt, please see suggestions for responding. If you do not wish to receive these types of notices, please remove your name from Wikipedia:Feedback request service. — Legobot (talk) 00:04, 18 April 2014 (UTC)
Please help me!
Hi! You removed one of my links, about Riot. Can i please ask you some more info? I'm a noob in wikipedia, and every modify i make, some guy starting to undo it. and he didnțt let me any message. I have no idea how to get in touch with him. Can tou please help me? Thank you! — Preceding unsigned comment added by Zwargolak (talk • contribs) 21:49, 20 April 2014 (UTC)
- @Zwargolak: Hey, thanks for dropping by. Glad to see you're interested in contributing. I removed your link because it violates Wikipedia's policy on external links. Read this page for what should be linked. If you want to talk about lag problems in one of Riot's games, then you should find a reliable secondary source (preferably not a self published source) that talks about it, and then add some content to the relevant page and cite your source. See the tutorial for how to cite sources. Adding links that provide some information on an issue is simply not the way to go about adding information to Wikipedia. Thanks again and welcome to Wikipedia! – FenixFeather (talk)(Contribs) 21:55, 20 April 2014 (UTC)
I have no idea what to do
Thanks for responding man. the problem is i have no idea what to do. I modified 3-4 articles by adding one link to my blogs, which treated the subject. I mean in hannover page i write hannover blog and linked to my blog. the same with the mouse (linked to my post). but i see that man removed my modification on romanian page as well (im romanian and he's german), so whats his problem? can we talk via e-mail please? i have no idea here where to write person to person message. anyway my e-mail adress is vasile_francisc@yahoo.com
Thank you! — Preceding unsigned comment added by Zwargolak (talk • contribs) 22:15, 20 April 2014 (UTC)
- @Zwargolak: I think it's best if we keep any discussion related to improving Wikipedia on publicly visible talk pages unless privacy is absolutely necessary. With regards to your blogs, they are self published sources and so should not be used except in very specific circumstances. Remember that Wikipedia is an encyclopedia; the information in your blog may be great for your blog, but they don't constitute a reliable source here. I would suggest trying to find a third party source for the changes you would like to make. I've posted a welcome message to your user page with more information on editing Wikipedia. (By the way, you can just reply to this comment without making a new section). – FenixFeather (talk)(Contribs) 22:24, 20 April 2014 (UTC)
ah reply is on edit button. i had no idea. but i undertand whats wrong. but if i will make a new page for a smartphone company, i can put the links i want rigt? its my page, so i can do whatever i want (the links are related to the company). — Preceding unsigned comment added by Zwargolak (talk • contribs) 23:16, 20 April 2014 (UTC)
- Well, no, nobody owns an article on Wikipedia. See WP:OWN for more information on that. Your article will still have to follow Wikipedia guidelines, eg Wikipedia is not a link farm. However, you can include the links that you want on your blog. Also, don't forget to sign your posts on talk pages with four tildes. – FenixFeather (talk)(Contribs) 23:29, 20 April 2014 (UTC)
Please comment on Talk:Circumcision
Greetings! You have been randomly selected to receive an invitation to participate in the request for comment on Talk:Circumcision. Should you wish to respond to the invitation, your contribution to this discussion will be very much appreciated! If in doubt, please see suggestions for responding. If you do not wish to receive these types of notices, please remove your name from Wikipedia:Feedback request service. — Legobot (talk) 00:04, 25 April 2014 (UTC)
Hello! There is a DR/N request you may have interest in.
This message is being sent to let you know of a discussion at the Wikipedia:Dispute resolution noticeboard regarding a content dispute discussion you may have participated in. Content disputes can hold up article development and make editing difficult for editors. You are not required to participate, but you are both invited and encouraged to help find a resolution. The thread is "Heartbleed". Please join us to help form a consensus. Thank you! EarwigBot operator / talk 17:48, 27 April 2014 (UTC)
ANI
There is currently a discussion at Wikipedia:Administrators' noticeboard/Incidents regarding an issue with which you may have been involved. Thank you.
Wikipedia:Administrators'_noticeboard/Incidents#Cyberbullying_over_article_about_Anita_Sarkeesian— alf laylah wa laylah (talk) 23:17, 27 April 2014 (UTC)
- Thanks for the notice! A bit too much WP:WIKIDRAMA for my taste, but it should be interesting to see how this ends up. – FenixFeather (talk)(Contribs) 23:22, 27 April 2014 (UTC)
- Unreal. Why can't people just talk about content? I'll never understand ever.— alf laylah wa laylah (talk) 23:24, 27 April 2014 (UTC)
Barnstar!
The Graphic Designer's Barnstar | ||
For your quick and timely action to create a great graphic representation of the Heartbleed bug when it was needed most. Cheers, ~SuperHamster Talk Contribs 06:35, 21 April 2014 (UTC) |
- Yay thank you! It was my pleasure. Much appreciated :) – FenixFeather (talk)(Contribs) 06:40, 21 April 2014 (UTC)
- Seconded. --Chealer (talk) 21:28, 29 April 2014 (UTC)
Hi there! The IP is nothing more than a troll. He's been blocked numerous times but uses proxies to jump IPs and avoid bans etc. Antiochus the Great (talk) 23:26, 29 April 2014 (UTC)
- @Antiochus the Great: Thanks for letting me know. You should still be careful though. Sometimes waiting for admin action is the best choice rather than wasting time and risking problems by fighting them. – FenixFeather (talk)(Contribs) 23:31, 29 April 2014 (UTC)
Hi FenixFeather, In [1], you have changed "Attackers in this way could receive sensitive data, compromising the confidentiality of the victim's communications with other parties." back to "Attackers in this way could receive sensitive data, compromising the security of the victim's communications.", justifying with ' "Other parties" is confusing and makes it seem like this has implications for security outside of the current communication.'. I haven't restored this change yet, but would you mind clarifying what you meant? How can "other parties" be confusing? This does have implications for security outside of the current communication, hence the gravity. --Chealer (talk) 20:43, 29 April 2014 (UTC)
- @Chealer: I changed it to "other party" because you make it sound like the victims' communications with everybody will be compromised, which isn't true unless they get the server master key (which isn't guaranteed to happen in all cases). – FenixFeather (talk)(Contribs) 20:45, 29 April 2014 (UTC)
- Oh. When client A attacks a server, he can intercept (among other things) communications between the server and clients other than A ("other parties"). I can see how you interpreted the sentence though. I'm bringing it back to what it was then, since the precision is not quite needed. Thanks, that will avoid the ambiguity. However, I'm changing the sentence to refer again to confidentiality, rather than security, which is vaguer. --Chealer (talk) 01:47, 30 April 2014 (UTC)
- Chealer, I don't appreciate this. "Security" is a better term because, as I explained before, sometimes you can maintain confidentiality but lose security. For example, with LastPass, even though the security of the transaction was compromised, the confidentiality was not. On the first issue, you are right. The client can get that information, but describing that puts undue weight on intercepting communication. Other stuff could be present in the memory that is leaked. This exploit is not focused on intercepting communication, and we don't want to create that impression. – FenixFeather (talk)(Contribs) 01:51, 30 April 2014 (UTC)
- Correct. Confidentiality is one aspect of security, along with integrity, availability and, according to some authors, imputability. Therefore, a confidentiality issue constitutes a security flaw. However, a security flaw may constitute a confidentiality issue or not. This doesn't mean that "security" is better to describe Heartbleed. "confidentiality" is more precise, and, IMHO, (about) equally well understood as security, so I prefer it, unless I'm missing some disadvantage. --Chealer (talk) 02:08, 30 April 2014 (UTC)
- Anyways, this isn't a big deal. I'm fine with the state of the sentence as it is now. – FenixFeather (talk)(Contribs) 01:52, 30 April 2014 (UTC)
- Chealer, I don't appreciate this. "Security" is a better term because, as I explained before, sometimes you can maintain confidentiality but lose security. For example, with LastPass, even though the security of the transaction was compromised, the confidentiality was not. On the first issue, you are right. The client can get that information, but describing that puts undue weight on intercepting communication. Other stuff could be present in the memory that is leaked. This exploit is not focused on intercepting communication, and we don't want to create that impression. – FenixFeather (talk)(Contribs) 01:51, 30 April 2014 (UTC)
- Oh. When client A attacks a server, he can intercept (among other things) communications between the server and clients other than A ("other parties"). I can see how you interpreted the sentence though. I'm bringing it back to what it was then, since the precision is not quite needed. Thanks, that will avoid the ambiguity. However, I'm changing the sentence to refer again to confidentiality, rather than security, which is vaguer. --Chealer (talk) 01:47, 30 April 2014 (UTC)
Heartbleed - Custom memory management
Hi, You removed a request for reference on Heartbleed justifying "Holy shit, why do you have to edit war over ever single tiny thing? RTFM. It says clearly the the default clib malloc() (memory allocator) has protections against countermeasures. Please don't edit if you don't read the sources." Which sources are you referring to? By "clib", I assume you mean libc? --Chealer (talk) 21:00, 29 April 2014 (UTC)
- Yes, I'm referring to that. Their custom memory allocator is bad because the default memory allocator, malloc(), has countermeasures against memory exploits built in. The OpenSSL people decided to make their own allocator because they didn't want these protections for the sake of performance. The source is source 54 cited directly at the end of the paragraph, available for view here. Note that the author of that email was actually involved in the writing of those memory exploit countermeasures. He is the leader of the OpenSSH team and a leading open source contributor. – FenixFeather (talk)(Contribs) 21:05, 29 April 2014 (UTC)
- Right. The thing is, "we" refers to OpenBSD, an OS designed to maximize security. Although the names may look similar, OpenSSL is in no way limited to OpenBSD (in fact, OpenBSD represents a minor part of systems using OpenSSL). Therefore, unless some reference shows that all libc implementations also have these countermeasures in place, we can't claim that the vulnerability results from custom memory management. --Chealer (talk) 21:25, 29 April 2014 (UTC)
- Not this again. Yes, I am aware that OpenBSD, OpenSSL, and OpenSSH, or hell, even OpenOffice are different projects. De Raadt clearly explains that the OpenSSL team wrapped the "protective malloc" inside their own stuff, thus preventing the memory exploit countermeasures. Give it a rest, will you? We don't need to find a ref for every tiny little fact that is already in the existing sources. If you want to though, go ahead and find the ref that says the malloc used by OpenSSL had exploit countermeasures. Just don't tag it with cn when Theo de Raadt clearly explains that, had they used the original malloc that came with the libc they were using, they would've been fine. – FenixFeather (talk)(Contribs) 21:31, 29 April 2014 (UTC)
- Of course they're different projects. What I meant is that unlike OpenSSH, OpenSSL is not limited to OpenBSD. Therefore, for example, OpenSSL can be used on GNU/Linux, where malloc() doesn't have the countermeasures in question, unless I'm mistaken (except in some cases).
- Of course "De Raadt clearly explains that the OpenSSL team wrapped the "protective malloc" inside their own stuff", that's never been challenged. The question is whether all libc-s have these malloc countermeasures. In fact, I already know the answer to that, but since I'm not a C expert, I'll give these a chance at sourcing the problematic material and merely restore the request for now.
- Unfortunately, that's not how we ensure verifiability. Even if we can't find references supporting that A is false, we can't claim that A is true without a reference supporting that A is true. This may be demanding, but that's the cost we decided to pay for credibility... and accuracy. --Chealer (talk) 23:50, 29 April 2014 (UTC)
- Chealer, nobody else challenges the stuff you challenge. Instead of tagging stuff all day and nitpicking over stuff that nobody else is concerned about, WP:FIXTHEPROBLEM. You even said you know the answer yourself, so why challenge? The stuff you're tagging for isn't even relevant. The source says specifically, that OpenSSL team used malloc that HAD the countermeasures, but wrapped it in their own function so that those measures weren't able to be used. Read that email one more time before you continue to bother me with this issue. This same exact scenario happened with the LastPass stuff. Stop being lazy, go out and be productive instead of sitting around on Heartbleed and complaining about pointless things. If you want ultraspecific sources, go out and find them yourself (especially cause you know the answer already), instead of making other editors do that work for you. – FenixFeather (talk)(Contribs) 00:00, 30 April 2014 (UTC)
- Not this again. Yes, I am aware that OpenBSD, OpenSSL, and OpenSSH, or hell, even OpenOffice are different projects. De Raadt clearly explains that the OpenSSL team wrapped the "protective malloc" inside their own stuff, thus preventing the memory exploit countermeasures. Give it a rest, will you? We don't need to find a ref for every tiny little fact that is already in the existing sources. If you want to though, go ahead and find the ref that says the malloc used by OpenSSL had exploit countermeasures. Just don't tag it with cn when Theo de Raadt clearly explains that, had they used the original malloc that came with the libc they were using, they would've been fine. – FenixFeather (talk)(Contribs) 21:31, 29 April 2014 (UTC)
- Right. The thing is, "we" refers to OpenBSD, an OS designed to maximize security. Although the names may look similar, OpenSSL is in no way limited to OpenBSD (in fact, OpenBSD represents a minor part of systems using OpenSSL). Therefore, unless some reference shows that all libc implementations also have these countermeasures in place, we can't claim that the vulnerability results from custom memory management. --Chealer (talk) 21:25, 29 April 2014 (UTC)
- The problem is, how do you "fix the problem" (pun intended)? There are 2 approaches to making articles verifiable - sourcing problematic content appropriately, or removing problematic content. Possibly out of respect for my colleagues, I prefer to give sourcing a chance rather than directly removing content (sometimes even when I'm confident that the content is unverifiable, indeed). You can see the LastPass-related edits on Heartbleed to see that giving sourcing a chance doesn't prevent removal when it becomes clear that content is unverifiable.
- I have read the email again, but this only confirms the problem. When you say that malloc HAD the countermeasures, that's only true in the OpenBSD context. As I've been trying to explain, the email was sent by an OpenBSD developer to other OpenBSD developers. Of course OpenBSD has a secure malloc. It's a security-focused OS. That doesn't mean malloc is secure on all platforms. --Chealer (talk) 01:18, 30 April 2014 (UTC)
- Read. The. Article. I don't know how a grown adult can fail so miserably at reading comprehension. The discussion is clearly about OpenSSL. I don't know why you take reverts so personally. Everyone is wrong sometimes. I will highlight the relevant words for you, in case you still don't understand:
But around that time OpenSSL adds a wrapper around malloc & free so that the library will cache memory on it's own, and not free it to the protective malloc.
You can find the comment in their sources ...
- ifndef OPENSSL_NO_BUF_FREELISTS
/* On some platforms, malloc() performance is bad enough that you can't just
OH, because SOME platforms have slow performance, it means even if you build protective technology into malloc() and free(), it will be ineffective. On ALL PLATFORMS, because that option is the default, and Ted's tests show you can't turn it off because they haven't tested without it in ages.
So then a bug shows up which leaks the content of memory mishandled by that layer. If the memoory had been properly returned via free, it would likely have been handed to munmap, and triggered a daemon crash instead of leaking your keys.
OpenSSL is not developed by a responsible team.
- Please. Just find the source that you want so badly, and stop disruptively editing to make a point. That's how you fix the problem. – FenixFeather (talk)(Contribs) 01:24, 30 April 2014 (UTC)
- Quoting myself:
I have read the email again, but this only confirms the problem.
- Yes. OPENSSL, within the context of OpenBSD, would not have been exploitable if it wasn't for custom memory management. Sorry to repeat myself, but "The question is whether all libc-s have these malloc countermeasures." I do not want any source so badly. What I want so badly is, simply, a verifiable article. --Chealer (talk) 01:59, 30 April 2014 (UTC)
- I would prefer that this conversation be held on the talk page, but no, it is not in the context of OpenBSD. He literally says, "if the OpenSSL developers used the default free, this wouldn't have happened". Forget about OpenBSD. Just read that sentence. Over and over if you have to. – FenixFeather (talk)(Contribs) 02:03, 30 April 2014 (UTC)
- Hehehe. The message was sent to misc@openbsd.org. I can assure you it was written in the context of OpenBSD. Think about OpenBSD. He literally says "if the OpenSSL developers used the default free, this wouldn't have happened", and he literally means that in the context of OpenBSD (or, to be more exact, in the context of hardened operating systems such as OpenBSD). This conversation has indeed taken an unpleasant form... sorry, maybe I should have brought it up on the article's talk page. I'm following it there anyway, if you have something to reply. --Chealer (talk) 02:44, 30 April 2014 (UTC)
- I would prefer that this conversation be held on the talk page, but no, it is not in the context of OpenBSD. He literally says, "if the OpenSSL developers used the default free, this wouldn't have happened". Forget about OpenBSD. Just read that sentence. Over and over if you have to. – FenixFeather (talk)(Contribs) 02:03, 30 April 2014 (UTC)
- Quoting myself:
Articles you might like to edit, from SuggestBot
Note: All columns in this table are sortable, allowing you to rearrange the table so the articles most interesting to you are shown at the top. All images have mouse-over popups with more information. For more information about the columns and categories, please consult the documentation, and please do get in touch on SuggestBot's talk page with any questions you might have.
SuggestBot picks articles in a number of ways based on other articles you've edited, including straight text similarity, following wikilinks, and matching your editing patterns against those of other Wikipedians. It tries to recommend only articles that other Wikipedians have marked as needing work. We appreciate that you have signed up to receive suggestions regularly, your contributions make Wikipedia better — thanks for helping!
If you have feedback on how to make SuggestBot better, please let us know on SuggestBot's talk page. Regards from Nettrom (talk), SuggestBot's caretaker. -- SuggestBot (talk) 23:36, 30 April 2014 (UTC)