Feeds

Good news, everyone! KDE cookie-scoffing bug smashed after 10 YEARS

Some sort of record? Let us know

Combat fraud and increase customer satisfaction

A bug in the KDE Linux desktop that made penguin-powered computers spill their cookie jars has been resolved after more than a decade.

The flaw in the free-software environment is best described as a glitch or irritant rather than anything serious, but it did cause some systems to forget their web cookies after a reboot or shutdown - throwing users out of websites and forcing them to log in again.

At first, it was thought the bug was in the "Reject Cross-Domain Cookies" feature of the KDE Libraries, although further probing traced the fault to an uninitialised variable in the platform's cookie jar.

It appears nobody complained about the oversight, so it was only when developer Thiago Macieira came across the error and fixed it in revision 794b14b8 last week that its existence came to light.

"For several months now, all my cookies would be forgotten after a kded restart," Macieira explained. "After debugging the problem, it turns out that mCrossDomain was of value 127, which makes no sense for a boolean."

"This variable has been present since 2002, which means that the 'reject cross domain cookies' feature has been broken for 10 years and 8 months," he added.

Macieira's explanation makes clear that the minor bug was resolved easily and with minimal fuss. Any complex software package harbours all sorts of long-hidden bugs, some of which are probably never identified and fixed. Still, is a decade between the inclusion of a bug and its resolution something of a record? There must surely be big-iron software running for longer with glitches allowed to stand or that remain hidden. Let us know in The Register forums. ®

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.