Re: climate gate and programming bugs

[Robert Graham <robert_david_graham () yahoo com>]

> From: Dan Kaminsky <dan () doxpara com>
> Took a look. There are mild issues
> but nothing I'm seeing yet that  
> causes clear error. Maybe the <1% error from the
> nonspherical nature  
> of the planet could yield something interesting, but thus
> far I'm not  
> impressed that a statistically significant fault has been
> found.

Nor would you find anything like that.

The situation is like security vulnerabilities in code. Those who write the code are motivated not to see the bugs 
because they want to believe there are none. At the same time, vuln researchers are motivated to figure out how to make 
any minor bug into something major they can exploit.

The same is true of this code. I see lots of problems, such as failure to sanitize inputs, failure to sanity check 
results, and table of arbitrary values that adjust the final result with no documentation as to why they are there. For 
example, look at line 47 of "cru-code/linux/mod/homogeneity.f90".

In any case, the issue isn't "accidental" bugs so much as "intentional" ones.







      

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.