Well, true, it could still be plain old incompetence. I am not disputing that. It is pretty gross incompetence in that case though.

Indeed.

While generally true, this does not apply in the current disaster: The OpenSSL code, coding guidelines, coding style and project management style actually foster this kind of thing, like they wanted critical bugs. For example to test assumptions such as boundaries always at time-of-use is a fundamental secure coding principle. Apparently, they have never heard of it. To clear memory that may contain secrets when freed is another one. And so on.

Ah, sorry. My comment is redundant, did not see yours.

You must be new to this "Internet" thing: It is easy! Just do not try to understand anything!

In addition, the mitigation countermeasures also prevent memory debuggers like Valgrind from finding the problem (Valgrind find use-before-init for malloc'ed blocks, but not if there is a wrapper in between that re-uses blocks), and may also neutralize code-security scanners like Fortify.

I have to admit that while my original intuition was "screwup", this looks more and more like some parts of the OpenSSL team have been compromised and did things that make this kind of bug far more likely. Like their own insecure memory allocation. Like not requiring time-of-use boundary checks or having any secure coding guidelines in the first place. Like documenting everything badly so potential reviewers get turned away. Like not having working review for patched or a working fuzz-testing set-up (which would have found bug this easily).

After all, the NSA does not have to sabotage FOSS crypto software. They just have to make sure the quality is low enough. The bugs they can exploit will follow. And the current mess is just a plain classic. Do enough things wrong and eventually stuff breaks spectacularly.

Well, cretins that think they are better than others exist in any body variant. That the deaf have them is not a surprise. But supremacy-fantasies are by now well studies: The work by having one or a few leaders and a lot of people that look up to them and accept anything they say as gospel. Bob Altemeyer has written a nice book about this, based on solid research data (it is free): http://home.cc.umanitoba.ca/~a...

Basically, the only thing this shows is that deaf people are on average just as stupid as non-deaf ones. And no, parents not giving their children the implants without good medical reasons are just doing severe child abuse.

It is some folks trying to drag IDS back out from the grave. The issue is that generally, IDS does work extremely poorly and causes extreme operations effort (somebody has to look at all the alerts). For this specific thing for once IDS can be used to detect the problem and the whole story revolves about that. Of course the approach is fundamentally flawed: If you patch management is so bad that you cannot fix all affected OpenSSL installations pretty fast, then you are doomed anyways security-wise.

As this is pretty obvious, part of the IDS community is using deceptive and manipulative language to prop-up their meal-ticket and that is what makes the story sound so strange. The other part of the IDS community has realized that IDS as possible currently is a bad idea and has gone back to doing research on the issue. These are the hones ones that do not try to sell you an expensive box that is essentially worthless.

That is not to say, IDS is completely worthless. If you have very specific, well-known signatures, it can help you find _old_ problems that somehow slipped by, but as such it just serves as one small element of a patch-management system.

Every halfway sane human being knows the world does not revolve around them, but that they play a rather small part. That the earth or even our galaxy does so as well on a cosmic scale should neither be a surprise nor a problem. What is their angle? Is this about discrediting science in general because these people are trying to sell some scam?

Indeed. Good Seagate drive models are roughly on par with the average competitor drive. The problem is that they have so many bad ones and do not seem to care that they are pushing bad drives with significantly reduced reliability to their customers. And while other hdd manufacturers have had the occasional bad model as well, with Seagate it is a pattern and a quite frequent occurrence.

Keep kidding yourself. And yes, I have disassembled drives and I know what I am looking at with electronics. I also do understand accelerated aging for electronics and you do very obviously not. The relationship between temperature and failure rate is a simplistic model, that mostly held for old drives as ball-bearings in the spindles do follow it. Guess what, modern drives do not have them anymore and FDBs are a whole different story. There are a lot of other things to understand with heat-accelerated aging.

The Backblaze people do know what they are talking about. Of course, Seagate fanbois and paid trolls do not want to hear that.

You ask for facts? These have been eliminated from marketing a long time ago, as they tend to get in the way. There are enough suckers that will buy this thing anyways, despite Seagates consistently bad reliability track record.

WD has a know problem is sulfur-rich environments (e.g. former east-bloc) as they use silver-plating instead of gold on their PCBs. Other than that they are perfectly fine. Seagate is by far the most flaky vendor with often good disks and often lemons.

Nice attempt at diversion. What you say is complete BS though, and rather obviously so.

First, you always get bitten when doing storage. There is no way around that.

Second, "enterprise grade" disk hardware is a myth today. Backblaze recognized that and quite a few other people do it too. Sure, you can get things like lower vibration, but they do not matter to drive lifetime these days, only access time and that you can measure. Your argumentation relies on 20 year old tech and that is not being used in modern drives anymore.

And third, they bought Seagate a) before they had that data and b) why do you think they were bad value? They were far worse than the competition, but as there was a HDD shortage, they can still be better having than not having.

The "story" by tweaktown you link has all the hallmark of cleverly disguised corporate "spin", which aims to muddle the waters but does not actually disprove anything or even explain anything. It is either paid-for disinformation or the work of idiots that do not understand engineering basics. The data and explanation by Backblaze is solid though.