Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

[bmanning () vacation karoshi com]

On Mon, Apr 14, 2014 at 03:59:21PM -0400, Patrick W. Gilmore wrote:
> On Apr 14, 2014, at 15:47 , Scott Howard <scott () doc net au> wrote:
> > On Sun, Apr 13, 2014 at 9:52 AM, Niels Bakker <niels=nanog () bakker net>wrote:
>
> > > At least one vendor, Akamai is helping out now:
> > > http://marc.info/?l=openssl-users&m=139723710923076&w=2
> > > I hope other vendors will follow suit.
> >
> >
> > Although it appears they may now be regretting doing so...
> >
> > http://www.techworld.com.au/article/542813/akamai_admits_its_openssl_patch_faulty_reissues_keys/
> >
> > (Of course, the end result is positive, but...)
>
> [NOTE: I'll just remind everyone up front that I worked at Akamai for a very long time, so take my comments with 
> however many grains of salt you feel appropriate.]
>
> If the only thing that happens when a large company steps up to help the open source community is ridicule and/or 
> derision, one should probably not in the same breath ask why no companies are publishing any code.
>
> I applaud Akamai for trying, for being courageous enough to post code, and for bucking the trend so many other 
> companies are following by being more secretive every year.
>
> Or we can flame anyone who tries, then wonder why no one is trying.
>
> -- 
> TTFN,
> patrick

        well, if $vendor publishes code frags, the code  must have been vetted and ready for 
        _my_ environment so i'll just cut/paste and then when it doesn't work, its their 
        fault for leading me down the primrose path...

        $vendor, that why I pay you... to read my mind!  darn it.

/bill