No, no, no. Try this one instead:

https://www.youtube.com/watch?...

This whole cloud thing will blow over. As someone already noted, if you replace "cloud" with "other people's servers" it sounds a lot less appealing and a lot less manageable.

Isn't the point of deploying OpenStack yourself that "cloud" != "other people's servers"?

Pressure is mass per unit area? Sounds like a specification for paper density.

Surely you meant force per unit area?

Its called exaggeration. If I must spell it out, it was to highlight the absurdity by contrasting the nonfree IIS / schannel (not vulnerable to the biggest security flaw in a decade) with the free OpenSSL (vulnerable).

Well if you're going to exaggerate to the point of bullshit, then you could just have easily made it a 'Free' vs 'Open' ideological argument.

And then your inner RMS would claim that none of the GPL licensed (or dual licensed) libraries (gnutls, polarssl, jsse) leaked private keys while the biggest BSD licensed one did. Thus proving the technical superiority of code written using the GPL.

See? Bullshit works both ways.

I don't know where you got the idea RMS is a libertarian

Maybe he's a... Libretarian

everything that wasnt IIS just got their private keys stolen

Hmmm... I'm sensing some level of overstatement here. I can't quite put my finger on it though.

I like the standard keys. And really, just because one manufacturer happened to use a defective part, we lose them? Key switches have been around for decade and are reliable. Just fix the reliability issue in that one model and that's it.

Another reason I like having an older car with a plain old stainless steel non electronic key. I can just hang it around my neck under my wetsuit when I go surfing and leave the car locked.

Those with newer cars are hiding their keys in wheelwells etc while hoping nobody nefarious is watching, or having to use annoying lockboxes to put their keys in.

Probably not a big deal for the average slashdotter though.

You're 55 and have no kids? You've failed your (biological) purpose in life, which is to have kids. You're too old for that now so you can't make amends once you get truly old and start having regrets about not creating life and instead just spending it all on yourself.

I say this as a parent* myself... fuck off!

There are plenty of perfectly valid reasons for not having kids, and plenty of people that want them but can't have them.

* yes I feed trolls offline too!

You weren't asking me, but syntax highlighting in vim is way nicer on the eyes with 256 colours.

That is the only thing I want to have it for though.

The Adobe Exploit Runtime offers simultaneous support across Windows, OSX, and Linux for a cutting edge vulnerability

Not so fast... most of us Linux users are falling behind in our access to cutting edge vulnerabilities.

Sure we still have plenty of the old ones to play with, so it isn't all bad.

I imagine we'll end up with the Nutrimatics version of that instead.

I understand their personal motivations, but everyone has to understand that this does not make the OpenSSL ecosystem safer, it only makes the OpenBSD specific port of OpenSSL safer. The rest of the world will still be subject to any vulnerabilities and shortcomings in the code, because they are not intent on contributing this code back to OpenSSL.

While you are correct (for now), you're not thinking far enough ahead. I reckon a year or two down the road there will be a portable version of this library just like what happened with OpenSSH when they forked SSH for themselves. ie OpenBSD becomes the new upstream for libssl rather than the existing OpenSSL team.

There is a reasonable chance the portable version of the fork could eventually end up taking over from OpenSSL by default on the other BSDs and some Linux distros.

Seriously, could they screw the pooch any harder than they are right now?

Hundreds of commits, after just *DAYS* of testing? I've never seen a faster or more reckless release cycle for code changes, ever.

This just tells me they are putting in hundreds of basically untested code changes, which is what got us into this mess in the first place.

OpenSSL is dead to me now.

Let me guess... someone else who thinks that the OpenBSD team and the OpenSSL team are the same people?

Hint: they're not. This is a fork of the OpenSSL libraries used in OpenBSD and not intended for anyone else. If after some time it stabilises and turns out to be a good move (I'm guessing it will), then some other people are likely going to want to maintain a portable version that can be used on other platforms - just like what happens with openssh plus the odd other project eg openntpd.

I think the grandparent was right. MS now is hugely better than the MS of 10-15 years ago. I'm not going to try and objectively prove that as I don't care enough about MS and probably couldn't anyway.

But the NT4 to XP/2003 era was appalling security wise - but they changed that. IIS went from swiss cheese to one of the tougher web servers to break. You just don't hear any more about the kinds of problems they used to have. If you endured those days or just laughed from the sidelines, you don't need any hard data to see that they have improved a lot.

I found this paper from Theo de Raadt illuminating though. He steps through 10+ years of OS hardening techniques OpenBSD has put in place to prevent badly written applications misbehaving. Towards the end he summarises how other platforms do this stuff - the only other platform that did it all by default was Windows (yikes!).

All this episode does is to remind us that security is hard. Encryption is even harder.

In general maybe. This issue had nothing to do with encryption though (or hard security stuff even).

It was a very basic input checking error in a massively crusty overly obfuscated and badly written/documented codebase that all kinds of people have been tacking 'kitchen sink' style features onto for years. It's almost as if the codebase is actively trying to counteract the 'many eyes' effect.

OpenBSD has already taken on their fork and started stripping out cruft - who knows that fork could end up having a portable version that everyone else starts using (like with OpenSSH).

Companies like Google and RedHat etc are presumably going to be putting some extra resources into OpenSSL to help clean it up. It's importance means they would be crazy not to. Hopefully they also put some resources into funding/helping the OpenBSD fork too as a better longer term option.