2:19:11 landonf@bikemonkey.org: Hi -- I was about to start tinkering with the PDF catalog, but first wanted to ask if you have discovered any other CoreGraphics' PDF failure conditions in addition to the infinite loop. Spotlight will attempt to parse the PDF on download -- I do wonder what other vulnerabilities are exposed by buggy spotlight importers arbitrarily installed with applications.
2:19:33 LMH (handle edited): many, certainly
2:19:48 LMH (handle edited): there are other issues in PDF
2:19:54 LMH (handle edited): for xpdf the fix is trivial
2:20:02 LMH (handle edited): I have a patch somewhere
2:20:45 LMH (handle edited): I asked you to work around fixing stuff...
2:20:50 LMH (handle edited): coordination
2:21:07 LMH (handle edited): still there?
2:21:28 landonf@bikemonkey.org: Yep
2:25:20 landonf@bikemonkey.org: I'd like to coordinate on fix releases, but my concern (feel free to laugh at me) is an appearance of collusion -- I think a lot is gained by having you demonstrate that the vulnerabilities exist, are real, and exploitable, and having me separately demonstrate that they're easily fixable.
2:28:00 LMH (handle edited): Sounds like your trouble is appearing like if I'm not as evil as zealots want to say, right?
2:28:36 LMH (handle edited): I find no other reason for avoiding collaboration, besides some sort of problem at your side. I'm willing to do it.
2:31:20 landonf@bikemonkey.org: I'm worried that zealots might not take the bug fixes (and thus the bugs) seriously.
2:31:41 landonf@bikemonkey.org: Since people seem to get more concerned with holy wars than with security.
2:32:05 LMH (handle edited): Sorry but that makes no sense at all. You're providing the fixes, I'm warning about the issues. That's a win-win.
2:32:23 LMH (handle edited): Besides that, it's not our duty to educate these crackheads.
2:32:39 LMH (handle edited): You know, if they are high on crack, it's their problem, not ours.
2:32:47 LMH (handle edited): I don't buy that as a reason for not working together.
2:34:09 landonf@bikemonkey.org: hmm. fair enough. Would you be OK with me publicly disclosing that you will be providing assistance in creating fixes?
2:36:15 LMH (handle edited): defintely
2:36:21 LMH (handle edited): even this chat log
2:36:29 LMH (handle edited): in it's entirety.
2:37:03 LMH (handle edited): if you have any other concerns, lemme know and I'll try to find a solution.
2:41:56 landonf@bikemonkey.org: How are you thinking we'd coordinate for each bug? You'd push information over a bit early? My other concern is alienating the friends that have stepped up to help me out so far.
2:44:01 LMH (handle edited): Listen, if the people you have around 'alienate' just because I start working with you, they are certainly NOT the crew you want at your side.
2:44:04 LMH (handle edited): ;-)
2:44:12 LMH (handle edited): I will talk to you each day
2:44:21 LMH (handle edited): a bit earlier (regarding release time)
2:44:25 LMH (handle edited): and give details
2:44:38 LMH (handle edited): given that you agree to not provide information to anyone else.
2:45:17 LMH (handle edited): I've been monitoring #macdev for a while, and have other places on the list, just in case a leak takes place, I'll know about it. That's the only one requirement.
2:45:32 landonf@bikemonkey.org: Heh! You don't need to worry about my word
2:45:42 LMH (handle edited): well
2:46:27 LMH (handle edited): I'm not going to cry over a shitty software bug. If we were in the middle of the desert and you drank the last drop of water we had, I would certainly drink your blood if necessary. But this nerdy IT stuff. No drama.
2:46:36 LMH (handle edited): I'm just serious about confidence.
2:47:08 LMH (handle edited): It's something I don't like to play with, and hence request you to act accordingly.
2:47:31 LMH (handle edited): In the end, everyone's happy and there are beers and chocolate bars for all the kids :-)
2:48:29 landonf@bikemonkey.org: I agree. If I agree to confidence, I'll keep that agreement. I am going post to the MOAB Fixes mailing list, and if the reaction isn't staunchly negative, I'm all for it. If there are serious objections, I'd like to keep operating as I have been. I know you probably won't agree with my reasoning =)
2:49:36 LMH (handle edited): Well, the point is that there's no reasoning. If you really let people decide about your own time and work, you're literally owned.
2:49:50 LMH (handle edited): It's worse when it's about some random idiots.
2:50:14 LMH (handle edited): If you conditioned your decisions by the opinion of really bright and sane people, it could make sense.
2:50:23 LMH (handle edited): But letting zealots influence your work is no business.
2:50:35 landonf@bikemonkey.org: Yes, but bear in mind these are developers that I've been friends with for years. I'm less interested in what the idiots have to say.
2:50:39 LMH (handle edited): Look, they are also, as I said, in a win-win.
2:50:43 landonf@bikemonkey.org: Though I'm sure they'll comment.
2:51:21 LMH (handle edited): So again, what kind of friend is that who alienates, goes nuts or whatever you name it, when you agree to collaborate with someone willing to help (read, me ;-) )?
2:52:36 LMH (handle edited): I'm in a neat mood with my work partner, KF, and many others around the community. Even some who have openly criticized my work. I just don't like the whores or the usual crazy guy.
2:53:06 LMH (handle edited): That my friend is friend of someone I don't like doesn't make me feel 'cheated'.
2:53:32 LMH (handle edited): It would kind of immature to let such stuff influence my mood and work.
2:53:35 LMH (handle edited): Right?
2:53:38 LMH (handle edited): ;-)
2:59:02 landonf@bikemonkey.org: Yes =)
2:59:17 LMH (handle edited): Lemme know when you have a final decision about this.
2:59:23 LMH (handle edited): You have my e-mail address right?
2:59:37 landonf@bikemonkey.org: Sure. Thanks for being patient with my concerns.
2:59:45 landonf@bikemonkey.org: Yep, I'll drop you an e-mail
2:59:52 LMH (handle edited): No worries.
3:00:20 LMH (handle edited): If you publish the AIM log, please strip my IM handle.
3:00:31 landonf@bikemonkey.org: Sure thing
3:00:34 LMH (handle edited): I don't want to shoot trespassers.
3:00:35 LMH (handle edited): ;-)
13:50:07 LMH (handle edited): ping
14:21:46 LMH (handle edited): I'm waiting for a response on the conversation we had yesterday...
14:28:54 LMH (handle edited): You should spend less time on that IRC channel :P
14:28:57 LMH (handle edited): heh
19:06:01 landonf@bikemonkey.org: I really should
19:06:19 LMH (handle edited): the rumours say some people got owned in that channel heh
19:06:34 LMH (handle edited): :-)
19:06:35 LMH (handle edited): anyway
19:06:40 LMH (handle edited): howya?
19:07:04 landonf@bikemonkey.org: Tired :) Spent too much time digging around in CoreGraphics
19:12:03 landonf@bikemonkey.org: Anyway, fuck it. When it's a difficult problem, I'm the one that gets to fix it.
19:36:11 LMH (handle edited): so
19:36:15 LMH (handle edited): back to the coordination thing
19:36:18 LMH (handle edited): anything up?
20:38:07 LMH (handle edited): Landon, it's not decent to keep me on the line with no reply at all.
20:38:20 LMH (handle edited): If you want to coordinate on the stuff and the like, lemme know.
20:38:30 LMH (handle edited): If not, say it so no one wastes time.
20:39:17 landonf@bikemonkey.org: Sorry! I get distracted easily. I'll drop you an e-mail, I'm going nuts trying to wrap up the CoreGraphics fix and a few other things.
20:39:36 LMH (handle edited): OK, just don't keep me hanging like Saddam ;P
20:40:07 landonf@bikemonkey.org: heh! Sure thing. I'll get back to you later today
22:07:36 LMH (handle edited): ping