yea, finaly something is moving... maybe *ssl becomes valgrind clean one day? *dreams*
They've pulled that crap before.
They need someone dedicated to handling OpenSSL. That would take care of almost all of their problems.
Probably won't happen anytime soon.
Tue Jun 24 2014 10:08:03 EDT from IGnatius T Foobar @ UncensoredI read through the entire presentation. Their goals are worthwhile and their approach is sensible. If they want funding they're going to have to do a better presentation than MagicPoint with Comic Sans. With any luck, LibreSSL will do to OpenSSL what Xorg did to XFree86. Eliminating any reason for GNUTLS to exist would also be a plus.
well, one of the most discussed removals was alternative ways for random seeds, which makes it i.e. impossible to use in putty.
It's bug- and feature-free. Say, does anyone have a spare ASN.1 parser kicking around? ;-p
I think 'doze does have a random number generator. Unsure if it's suitable, though, heh.
It wouldn't take much to convince me that every time a sysadmin logs into a solaris box, god rapes a dolphin in front of the pope.
#: command 'rape' not found
Anyone bitten by 'shellshock'?
"ShellShock" (CVE-2014-6271) is a security bug in Mac OS X that also happens to affect other Unix and Linux systems.
Not bitten (that I can tell yet). Patched with the second round of bash package updates. Good to see that Slackware released patches back to 13.0 were released around 2 pm CST. That would have saved me a bit of time fussing if Debian / Ubuntu was that fast :-) They did come in a close second at around 4:50 pm CST, but a one man shop should probably come in second. Just kidding, I realize he has minions dedicated to testing. I appreciate all the folks doing the heavy lifting and discussions today as well. Hated that the mess existed, but loved the response and frank discussions of the patches - all in the open !!!.
Thu Sep 25 19:55:13 UTC 2014 a/bash-4.3.025-i486-2.txz: Rebuilt. Patched an additional trailing string processing vulnerability discovered by Tavis Ormandy. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169 (* Security fix *) ap/lxc-1.0.6-i486-1.txz: Upgraded. Fixed bash completion file. Thanks to dunric.
Thu Sep 25 21:50:16 UTC 2014
bash (4.1-2ubuntu3.2) lucid-security; urgency=medium * SECURITY UPDATE: incomplete fix for CVE-2014-6271...
A Generation Lost in the Bazaar
Quality happens only when someone is responsible for it.
Thirteen years ago, Eric Raymond's book The Cathedral and the Bazaar (O'Reilly Media, 2001) redefined our vocabulary and all but promised an end to the waterfall model and big software companies, thanks to the new grass-roots open source software development movement. I found the book thought provoking, but it did not convince me. On the other hand, being deeply involved in open source, I couldn't help but think that it would be nice if he was right.
The book I brought to the beach house this summer is also thought provoking, much more so than Raymond's (which it even mentions rather positively): Frederick P. Brooks's The Design of Design (Addison-Wesley Professional, 2010). As much as I find myself nodding in agreement and as much as I enjoy Brooks's command of language and subject matter, the book also makes me sad and disappointed. ...
"there is no escaping that the entire dot-com era was a disaster for IT/CS in general and for software quality and Unix in particular."
Bold words. I'm not sure I would go that far. Except if I were talking about PHP. >:-P
Ford ][ would be eating that article up.
As examples of "lost in the bazaar" he cites:
* All of the baristas-turned-web-developers during the Dot Com Boom
* The FreeBSD ports tree
He conveniently leaves out all of the places where quality is present because someone is paying attention to it, or even better, because there are customers paying for it (Red Hat, Oracle, etc).
The comments were more fun than the "get off my lawn" article.