Java 15 introduced a cryptographic vulnerability
itnews.com.auSubmitted last night:
Comments moved thither (and thread re-upped). Thanks!
This referenced article is better: https://neilmadden.blog/2022/04/19/psychic-signatures-in-jav...
> Madden points out that the affected versions of Java fail to check that two key variables in the ECDSA are not tested to ensure they’re non-zero.
Who writes this garbage? How many negations does a sentence need?
Humans write it. What would have stopped this appearing in, say, a newspaper in the 1980s was copyeditors and what happened in the last decade or three is that newspapers either fired their copyeditors or the papers were replaced by online equivalents which never had any copyeditors.
The copyeditor performs a number of functions, including fixing typographical mistakes like this and enforcing house style [e.g. a publication might choose to call it the internet, lowercase I, or it might decide television shan't be abbreviated TV even in the review section] but unfortunately the view today tends to be that this can be automated, which is not entirely true.
Of course even when newspapers all had copyeditors they weren't always as effective as you might like, which is why the British newspaper "The Guardian" is often called "The Grauniad" because it was so typo-ridden that people joked the masthead (a fixed piece of the paper similar to a logo) might even have been subject to such mistakes.
I think it should just read `tested` rather than `not tested`.
`fail to` and `non-zero` arent really negations in a relevant sense, so it's only one extra `not`
Well, I wouldn't say it doesn't need none at all...