[[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
bmanning at vacation.karoshi.com
bmanning at vacation.karoshi.com
Mon Apr 14 20:24:51 UTC 2014
On Mon, Apr 14, 2014 at 03:59:21PM -0400, Patrick W. Gilmore wrote:
> On Apr 14, 2014, at 15:47 , Scott Howard <scott at doc.net.au> wrote:
> > �On Sun, Apr 13, 2014 at 9:52 AM, Niels Bakker <niels=nanog at bakker.net>wrote:
>
> >> At least one vendor, Akamai is helping out now:
> >> http://marc.info/?l=openssl-users&m=139723710923076&w=2
> >> I hope other vendors will follow suit.
> >
> >
> > Although it appears they may now be regretting doing so...
> >
> > http://www.techworld.com.au/article/542813/akamai_admits_its_openssl_patch_faulty_reissues_keys/
> >
> > (Of course, the end result is positive, but...)
>
> [NOTE: I'll just remind everyone up front that I worked at Akamai for a very long time, so take my comments with however many grains of salt you feel appropriate.]
>
> If the only thing that happens when a large company steps up to help the open source community is ridicule and/or derision, one should probably not in the same breath ask why no companies are publishing any code.
>
> I applaud Akamai for trying, for being courageous enough to post code, and for bucking the trend so many other companies are following by being more secretive every year.
>
> Or we can flame anyone who tries, then wonder why no one is trying.
>
> --
> TTFN,
> patrick
>
well, if $vendor publishes code frags, the code must have been vetted and ready for
_my_ environment so i'll just cut/paste and then when it doesn't work, its their
fault for leading me down the primrose path...
$vendor, that why I pay you... to read my mind! darn it.
/bill
More information about the NANOG
mailing list