nomanisanisland - Slashdot User

Comment Re:Wat? (Score 1) 582

by nomanisanisland on Tuesday April 15, 2014 @10:18PM (#46763407) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

What the OpenSSL team seems to have failed to do is to perform a really serious amount of destructive testing on their library which, as you pointed out is essentially what black hats do to find these kinds of vulnerabilities anyway. This is not surprising since quality assurance and testing seems to be a bit of a poor relations many FOSS projects just like it is in the closed source community.

Actually that surprised me quite a bit. A lot of FOSS projects do perform testing, at least automated testing. And some even do fuzz testing. And some even run static code analyzers. So considering how important and widely-used OpenSSL is, I was surprised to hear they didn't. So I went and checked and they do appear to have some test code. Obviously not enough, or at least not for this new hearbeat feature, but they do have some.

Finally, when something is as widely used and fundamental to the workings of the internet and online commerce as OpenSSL is one would expect that perhaps some of the big beneficiaries of the OpenSSL project like Google, Apple, Amazon, Facebook etc. could foot the bill to do some suitably paranoid amount of quality assurance on it and other such FOSS projects.

I'm with you 100% on that. They have no legal obligation of course, but damn they look really cheap and slimy right now. (except for maybe Apple since they don't use OpenSSL, but then again they had their own embarrassing security bug just a few months back)

Comment Re:the heartbleed bug was introduced by a jew (Score 1) 582

by nomanisanisland on Tuesday April 15, 2014 @09:39PM (#46763157) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

it's not a matter of open source but a matter of having israel partisans working on mission critical code.

You're obviously a troll and an idiot, but just for the record: I don't know if Seggelmann is Jewish - his last name is, but then so are a lot of German last names... and he's German (not Israeli) and there aren't many German Jews left - but the reviewer of the code was Stephen Henson, who is not Jewish. Do you blame him too? RSA (the company that became synonymous with public crypto, and the algorithms they patented) stands for Ron Rivest, Adi Shamir, and Len Adleman. The last two are also Jews, and Adi Shamir is actually an Israeli. Do you blame them too? In fact, according to the Bible, there's this guy named Jesus who was also a Jew. Do you blame him too? As it happens, there are a disproportionate number of Israeli programmers in the tech space, mostly because as far as I can tell they've always had a high ratio of well-educated people in math and comp sci, and lately an influx of of well-educated former-Russians too. Thank god it wasn't an Indian or Chinese programmer who caused this, or /. servers would collapse from the comments.

Slashdot Top Deals