Forgot your password?

Comment: It's Not Really Oracle (Score 3, Interesting) 150

by Greyfox (#46784897) Attached to: Oracle Deflects Blame For Troubled Oregon Health Care Site
It's that people think they can drop Oracle on top of a crappy design and that will somehow magically fix it. By the time people get done trying to use brute force, ignorance and massive amounts of IT resources, you may as well have Dbase III on your back end. Oracle might let you get away with a shitty design if your application didn't really need a database, but it's not going to help you that much if what you're trying to do is complicated enough to need one.

Comment: Ted Unangst's article (Score 4, Informative) 287

by grub (#46758065) Attached to: OpenBSD Team Cleaning Up OpenSSL

Ted Unangst wrote a good article called "analysis of openssl freelist reuse"

His analysis:

This bug would have been utterly trivial to detect when introduced had the OpenSSL developers bothered testing with a normal malloc (not even a security focused malloc, just one that frees memory every now and again). Instead, it lay dormant for years until I went looking for a way to disable their Heartbleed accelerating custom allocator.

it's a very good read.

Comment: Re:The Perfect Phone Feature For Safety (Score 1) 184

by Drishmung (#46738293) Attached to: The Case For a Safer Smartphone

Have a small amount of C-4 explosive in the phone. If the phone is switched on when the velocity is greater than 30 mph *BOOM*.

The TSA will just love that.

And instead of airbags, we should also have daggers sticking out of our steering wheels, poised directly at our hearts. That way people will only be able to drive like assholes once.

Shame about that child stepping out in front of you.

Comment: Failure of risk analysis by more than OpenSSL devs (Score 4, Informative) 149

by Goonie (#46732315) Attached to: NSA Allegedly Exploited Heartbleed
Just a minor correction - my piece does indeed suggest that the OpenSSL developers have some strange priorities. However, it lays the larger blame at the companies that used OpenSSL, when all the information necessary to suggest that this kind of thing could happen was already available, and the potential consequences for larger companies of a breach are easily enough to justify throwing a little money at the problem (which could have been used any number of ways to help prevent this).

Comment: Re:It's time we own up to this one (Score 1) 149

by Bruce Perens (#46730395) Attached to: NSA Allegedly Exploited Heartbleed
I think we need to take a serious look at the "many eyes" theory because of this. Apparently, there were no eyes on the part of parties that did not wish to exploit the bug for close to two years. And wasn't there just a professional audit by Red Hat that caught another bug, but not this one?

"The most important thing in a man is not what he knows, but what he is." -- Narciso Yepes