Sat Jun 22 07:45:20 2024
EVENTS
 FREE
SOFTWARE
INSTITUTE

POLITICS
JOBS
MEMBERS'
CORNER

MAILING
LIST

NYLXS Mailing Lists and Archives
NYLXS Members have a lot to say and share but we don't keep many secrets. Join the Hangout Mailing List and say your peice.

DATE 2014-06-01

HANGOUT

2024-06-22 | 2024-05-22 | 2024-04-22 | 2024-03-22 | 2024-02-22 | 2024-01-22 | 2023-12-22 | 2023-11-22 | 2023-10-22 | 2023-09-22 | 2023-08-22 | 2023-07-22 | 2023-06-22 | 2023-05-22 | 2023-04-22 | 2023-03-22 | 2023-02-22 | 2023-01-22 | 2022-12-22 | 2022-11-22 | 2022-10-22 | 2022-09-22 | 2022-08-22 | 2022-07-22 | 2022-06-22 | 2022-05-22 | 2022-04-22 | 2022-03-22 | 2022-02-22 | 2022-01-22 | 2021-12-22 | 2021-11-22 | 2021-10-22 | 2021-09-22 | 2021-08-22 | 2021-07-22 | 2021-06-22 | 2021-05-22 | 2021-04-22 | 2021-03-22 | 2021-02-22 | 2021-01-22 | 2020-12-22 | 2020-11-22 | 2020-10-22 | 2020-09-22 | 2020-08-22 | 2020-07-22 | 2020-06-22 | 2020-05-22 | 2020-04-22 | 2020-03-22 | 2020-02-22 | 2020-01-22 | 2019-12-22 | 2019-11-22 | 2019-10-22 | 2019-09-22 | 2019-08-22 | 2019-07-22 | 2019-06-22 | 2019-05-22 | 2019-04-22 | 2019-03-22 | 2019-02-22 | 2019-01-22 | 2018-12-22 | 2018-11-22 | 2018-10-22 | 2018-09-22 | 2018-08-22 | 2018-07-22 | 2018-06-22 | 2018-05-22 | 2018-04-22 | 2018-03-22 | 2018-02-22 | 2018-01-22 | 2017-12-22 | 2017-11-22 | 2017-10-22 | 2017-09-22 | 2017-08-22 | 2017-07-22 | 2017-06-22 | 2017-05-22 | 2017-04-22 | 2017-03-22 | 2017-02-22 | 2017-01-22 | 2016-12-22 | 2016-11-22 | 2016-10-22 | 2016-09-22 | 2016-08-22 | 2016-07-22 | 2016-06-22 | 2016-05-22 | 2016-04-22 | 2016-03-22 | 2016-02-22 | 2016-01-22 | 2015-12-22 | 2015-11-22 | 2015-10-22 | 2015-09-22 | 2015-08-22 | 2015-07-22 | 2015-06-22 | 2015-05-22 | 2015-04-22 | 2015-03-22 | 2015-02-22 | 2015-01-22 | 2014-12-22 | 2014-11-22 | 2014-10-22 | 2014-09-22 | 2014-08-22 | 2014-07-22 | 2014-06-22 | 2014-05-22 | 2014-04-22 | 2014-03-22 | 2014-02-22 | 2014-01-22 | 2013-12-22 | 2013-11-22 | 2013-10-22 | 2013-09-22 | 2013-08-22 | 2013-07-22 | 2013-06-22 | 2013-05-22 | 2013-04-22 | 2013-03-22 | 2013-02-22 | 2013-01-22 | 2012-12-22 | 2012-11-22 | 2012-10-22 | 2012-09-22 | 2012-08-22 | 2012-07-22 | 2012-06-22 | 2012-05-22 | 2012-04-22 | 2012-03-22 | 2012-02-22 | 2012-01-22 | 2011-12-22 | 2011-11-22 | 2011-10-22 | 2011-09-22 | 2011-08-22 | 2011-07-22 | 2011-06-22 | 2011-05-22 | 2011-04-22 | 2011-03-22 | 2011-02-22 | 2011-01-22 | 2010-12-22 | 2010-11-22 | 2010-10-22 | 2010-09-22 | 2010-08-22 | 2010-07-22 | 2010-06-22 | 2010-05-22 | 2010-04-22 | 2010-03-22 | 2010-02-22 | 2010-01-22 | 2009-12-22 | 2009-11-22 | 2009-10-22 | 2009-09-22 | 2009-08-22 | 2009-07-22 | 2009-06-22 | 2009-05-22 | 2009-04-22 | 2009-03-22 | 2009-02-22 | 2009-01-22 | 2008-12-22 | 2008-11-22 | 2008-10-22 | 2008-09-22 | 2008-08-22 | 2008-07-22 | 2008-06-22 | 2008-05-22 | 2008-04-22 | 2008-03-22 | 2008-02-22 | 2008-01-22 | 2007-12-22 | 2007-11-22 | 2007-10-22 | 2007-09-22 | 2007-08-22 | 2007-07-22 | 2007-06-22 | 2007-05-22 | 2007-04-22 | 2007-03-22 | 2007-02-22 | 2007-01-22 | 2006-12-22 | 2006-11-22 | 2006-10-22 | 2006-09-22 | 2006-08-22 | 2006-07-22 | 2006-06-22 | 2006-05-22 | 2006-04-22 | 2006-03-22 | 2006-02-22 | 2006-01-22 | 2005-12-22 | 2005-11-22 | 2005-10-22 | 2005-09-22 | 2005-08-22 | 2005-07-22 | 2005-06-22 | 2005-05-22 | 2005-04-22 | 2005-03-22 | 2005-02-22 | 2005-01-22 | 2004-12-22 | 2004-11-22 | 2004-10-22 | 2004-09-22 | 2004-08-22 | 2004-07-22 | 2004-06-22 | 2004-05-22 | 2004-04-22 | 2004-03-22 | 2004-02-22 | 2004-01-22 | 2003-12-22 | 2003-11-22 | 2003-10-22 | 2003-09-22 | 2003-08-22 | 2003-07-22 | 2003-06-22 | 2003-05-22 | 2003-04-22 | 2003-03-22 | 2003-02-22 | 2003-01-22 | 2002-12-22 | 2002-11-22 | 2002-10-22 | 2002-09-22 | 2002-08-22 | 2002-07-22 | 2002-06-22 | 2002-05-22 | 2002-04-22 | 2002-03-22 | 2002-02-22 | 2002-01-22 | 2001-12-22 | 2001-11-22 | 2001-10-22 | 2001-09-22 | 2001-08-22 | 2001-07-22 | 2001-06-22 | 2001-05-22 | 2001-04-22 | 2001-03-22 | 2001-02-22 | 2001-01-22 | 2000-12-22 | 2000-11-22 | 2000-10-22 | 2000-09-22 | 2000-08-22 | 2000-07-22 | 2000-06-22 | 2000-05-22 | 2000-04-22 | 2000-03-22 | 2000-02-22 | 2000-01-22 | 1999-12-22

Key: Value:

Key: Value:

MESSAGE
DATE 2014-06-16
FROM Ruben Safir
SUBJECT Re: [NYLXS - HANGOUT] Stupidity of the highest order ...
On Mon, Jun 16, 2014 at 10:05:42AM -0400, einker wrote:
> Articles like this truly PISS ME OFF! Now, only Open Source Projects by
> their sheer adherence to open source philosophy are hampered by security
> flaws? BULLSHIT.
> I guess all Microsoft and Apple products never had any security issues (You
> wish!) and were pristine because commercial vendor tested them to a greater
> degree than open source projects.
> Give me a break! Commercial products are riddled with security and basic
> programming issues. Best of all, you will never know since you can't see
> the source/test and until its way too late and you've been screwed.
> One of my favorites, OpenBSD (Calm down Ruben! Nothing personal and Theo
> does love you...) has only to remote holes in their base OS install in the
> late 10 or more years.
>
> It's amazing that Paul Rubens calls out open source / free software yet has
> the audacity to reference free and open source security programs on his
> website (rubens.org linking to http://www.clippings.me/paulrubens).
> Isn't it amazing how you use the products but then bash their security
> status and have the nerve to say that security reviews were never done.
> For what its worth, if you have doubts/concerns about open source / free
> software, do the rest of the planet a real service, don't use it. More
> importantly, dig your head from out of your ass and check out the plethora
> of opens ource / free source projects that have been responsible for
> running and maintaining the internet for years. I would strongly suggest
> looking ta netcraft surveys and then ask why is everyone using free OS /
> servers to host on as opposed
> to commercial offerings. Could it be SECURITY, VIABILITY or even should i
> say it..... Best software going for the job!
>
> For the Rubens of the World, please all turn off your computers whatever
> you are suing and please go live in a cave with the other Neanderthals!
>
> Why open source software isn't as secure as you think
>
> A failure to spot a necessary validation in OpenSLL code before an update
> caused the Heartbleed bug
>
> Paul Rubens (CIO (US))
> on 13 June,
> 2014 08:56
>
> The OpenSSL Heartbleed fiasco
>
> proves beyond any doubt what many people have suspected for a long time:
> Just because open source code is available for inspection doesn't mean it's
> actually being inspected and is secure.
>
> It's an important point, as the security of open source software relies on
> large numbers of sufficiently knowledgeable programmers scrutinising the
> code to root out and fix bugs promptly. This is summed up in Linus's Law
> : "Given enough eyeballs, all
> bugs are shallow."
>
> But look at what happened with OpenSSL. Robin Seggelemann, a German
> programmer from Munster University, updated the OpenSLL code by adding a
> new Heartbeat keep-alive function. Unfortunately, he missed a necessary
> validation in his code to check that one particular variable had a
> realistic value.
>
> The member of the OpenSSL development team who checked the code before the
> update was released also missed it. This caused the Heartbleed bug.
>
> One reviewer, even a handful of reviewers, can easily miss a trivial error
> such as this if they don't know there's a bug to be found. What's worrying
> is that, for two years, the Heartbleed bug existed in OpenSLL, in browsers
> and in Web servers, yet no one in the open source community spotted it. Not
> enough eyeballs scrutinised the code.
>
> *Commercial vendors don't review open source code*
>


I was expecting to have more feedback on this as it happened but even at
this late date, just to point out some of the falicy of this moronic
rant buy a claerly undereducated writer, is that most Free Software
projects are INDEED wrtten, funded and scrutenized by commercial
vendors. They go through a huge number of security checks and are
written and overseen by the worlds best programming talent.


Also, the noted expected security fix, checking if a variable result is
within an expect range, that is not only a crappy way of making code
secure, it is a sure way to bring speed of software to a crawl.
Additionally, by the time the varibable is overloaded, its a bit late to
check its size. This is not an efficient or secure means of dealing
with buffers.

Outlook express however, I nobody vouch for that. And we do know it is not
secure.



> Also alarming is that OpenSSL was used as a component in hardware products
> offered by commercial vendors such as F5 Networks, Citrix Systems, Riverbed
> Technology and Barracuda Networks - all of whom failed to scrutinise the
> code adequately before using it, according to Mamoon Yunus, CEO of Forum
> Systems , a secure cloud gateway vendor.
>

  1. 2014-06-08 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Section 8
  2. 2014-06-08 eminker-at-gmail.com Re: [NYLXS - HANGOUT] Section 8
  3. 2014-06-08 eminker-at-gmail.com Re: [NYLXS - HANGOUT] Section 8
  4. 2014-06-08 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Meeting
  5. 2014-06-09 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Re: Meeting
  6. 2014-06-10 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Movie Night!
  7. 2014-06-11 From: "Michael L. Richardson" <mlr52-at-michaellrichardson.com> Re: [NYLXS - HANGOUT] Movie Night!
  8. 2014-06-12 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Movie Night!
  9. 2014-06-13 Ron Guerin <ron-at-vnetworx.net> Re: [NYLXS - HANGOUT] Movie Night!
  10. 2014-06-15 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Movie Night!
  11. 2014-06-15 Ron Guerin <ron-at-vnetworx.net> Re: [NYLXS - HANGOUT] Movie Night!
  12. 2014-06-16 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Movie Night!
  13. 2014-06-16 einker <eminker-at-gmail.com> Subject: [NYLXS - HANGOUT] Stupidity of the highest order ...
  14. 2014-06-16 From: "Michael L. Richardson" <mlr52-at-mycouponmagic.com> Re: [NYLXS - HANGOUT] Stupidity of the highest order ...
  15. 2014-06-16 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Stupidity of the highest order ...
  16. 2014-06-16 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Stupidity of the highest order ...
  17. 2014-06-16 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Stupidity of the highest order ...
  18. 2014-06-17 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Movie Night II
  19. 2014-06-18 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Oh look! It is the cops
  20. 2014-06-27 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Movie Week III
  21. 2014-06-27 Ron Guerin <ron-at-vnetworx.net> Subject: [NYLXS - HANGOUT] The Internet's Own Boy
  22. 2014-06-30 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] [info-at-fegs.org: NYNP - FEGS Gets $925K Robin Hood Grant for
  23. 2014-06-30 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] NYNP - FEGS Gets $925K Robin Hood Grant for Integrated Care Model
  24. 2014-06-30 From: "Redpill" <red.pill-at-verizon.net> RE: [NYLXS - HANGOUT] NYNP - FEGS Gets $925K Robin Hood Grant for

NYLXS are Do'ers and the first step of Doing is Joining! Join NYLXS and make a difference in your community today!