Loading ...
Sorry, an error occurred while loading the content.

64243Re: [linux] Re: [Fwd: Re: HeartBleed perpetrator identified]

Expand Messages
  • ed
    Apr 12 4:25 AM
      On Fri, Apr 11, 2014 at 03:21:00PM -0700, Thad Floryan wrote:
      > Scott wrote:
      > > It is probably good to point out that the statement was made by Theo
      > > DeRadt, who tends to, when criticizing anything his team hasn't
      > > written, be rather nasty.

      Depends, from his point of view he produced a nice new way to do string
      handling but people don't bother to use it.

      http://www.courtesan.com/todd/papers/strlcpy.html

      > { hmmm, your article was easy to scrape from Yahoo noting I haven't
      > been loggedin for ages since Neo waiting for my account to expire }

      Nor have I. Do you remember our discussion about the other YahooGroups
      that you're a member of, I've not logged in since around then. You'll
      still be able to use YahooGroups despite your account expiring, mail
      will still turn up in your mailbox, you'll just not be able to make
      modifications to your account until you "recover" it.

      > No more nastier than when I refer to Yahoo's indiocies especially
      > the NEO fiasco -- group messages are still hosed 8 months later and
      > not one person in this group shared/shares my concern for the loss of
      > this group's message archives beginning January 1998.

      We're all quite pissed off with the filter, when we found there was back
      door in via the beta site that still hosted the older interface we
      wanted the use that and recover the archive. I'd have gladly imported it
      and hosted it along with any new messages. If you're reading this and
      you did get a copy then please forward that to me, I'll host it.

      Thinking about it, I wonder what archive.org has (goes to look) ah
      not much:

      https://web.archive.org/web/*/http://tech.dir.groups.yahoo.com/group/linux/message/*

      Shame.

      > As I discovered during a NEO glitch in October 2013, the "raw" message
      > archives are still OK, it's just that NEO is not fetching and displaying
      > them in any sane manner due to Yahoo's incompetence.

      Some mail lists support a message retrieval commands, I can't find
      anything to back this up for yahoogroups though.

      > I posted the HeartBleed perpetrators' names so people would know wbo
      > the clowns are who caused the problem should they ever seek employment
      > in the computer or IT job sectors ever again. What they did, as I
      > posted previously, was inexcusable and unconscionable and they should
      > suffer lifelong shunning as a minimum punishment.

      Instead they will probably get to write a book about it and make
      millions.

      > I do NOT abide PC (Political Correctness crapola) and will call a spade
      > a spade and Theo's comment
      >
      > "OpenSSL is not developed by a responsible team."
      >
      > is spot on and NOT a nasty comment.
      >
      > I just looked at the latest source fixes this week from here:
      >
      > http://www.openssl.org/source/openssl-1.0.1g.tar.gz 4.3MB
      >
      > and randomly examining the source code shows a dearth of comments which
      > is a sign of shoddy design and thinking resulting in crap software much
      > like the systemd crapola from Poettering and Sievers.

      There are alternatives out there

      http://en.wikipedia.org/wiki/Comparison_of_TLS_implementations

      Now, if we could just get a nice secure set of wrapper functions to
      allow end users to decide which to use...

      --
      Best regards,
      Ed http://www.s5h.net/
    • Show all 4 messages in this topic