Wednesday, 2nd July 2008
ORG verdict on London Elections: “Insufficient evidence” to declare confidence in results. Electronic voting strikes again. Also of interest: the audit conducted by KPMG can’t be published due to “commercial confidentiality”.
Ruby’s Vulnerability Handling Debacle. The critical Ruby vulnerabilities are over a week old now but there’s still no good official patch (the security patches cause segfaults in Rails, leaving the community reliant on unofficial patches from third parties). Max Caceres has three takeaway lessons, the most important of which is to always keep a “last-known-good” branch to apply critical patches to.
eval() Kerfuffle. The ability to read supposedly private variables in Firefox using a second argument to eval() will be removed in Firefox 3.1.