[170971] in North American Network Operators' Group
Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
daemon@ATHENA.MIT.EDU (bmanning@vacation.karoshi.com)
Mon Apr 14 16:25:57 2014
Date: Mon, 14 Apr 2014 13:24:51 -0700
From: bmanning@vacation.karoshi.com
To: "Patrick W. Gilmore" <patrick@ianai.net>
In-Reply-To: <28860040-0300-4090-AB04-4F8532076791@ianai.net>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Apr 14, 2014 at 03:59:21PM -0400, Patrick W. Gilmore wrote:
> On Apr 14, 2014, at 15:47 , Scott Howard <scott@doc.net.au> wrote:
> > =08On Sun, Apr 13, 2014 at 9:52 AM, Niels Bakker <niels=3Dnanog@bakker.=
net>wrote:
>=20
> >> At least one vendor, Akamai is helping out now:
> >> http://marc.info/?l=3Dopenssl-users&m=3D139723710923076&w=3D2
> >> I hope other vendors will follow suit.
> >=20
> >=20
> > Although it appears they may now be regretting doing so...
> >=20
> > http://www.techworld.com.au/article/542813/akamai_admits_its_openssl_pa=
tch_faulty_reissues_keys/
> >=20
> > (Of course, the end result is positive, but...)
>=20
> [NOTE: I'll just remind everyone up front that I worked at Akamai for a v=
ery long time, so take my comments with however many grains of salt you fee=
l appropriate.]
>=20
> If the only thing that happens when a large company steps up to help the =
open source community is ridicule and/or derision, one should probably not =
in the same breath ask why no companies are publishing any code.
>=20
> I applaud Akamai for trying, for being courageous enough to post code, an=
d for bucking the trend so many other companies are following by being more=
secretive every year.
>=20
> Or we can flame anyone who tries, then wonder why no one is trying.
>=20
> --=20
> TTFN,
> patrick
>=20
well, if $vendor publishes code frags, the code must have been vetted and=
ready for=20
_my_ environment so i'll just cut/paste and then when it doesn't work, its=
their=20
fault for leading me down the primrose path...
$vendor, that why I pay you... to read my mind! darn it.
/bill
