Tue Oct 19 16:40:23 2021
EVENTS
 FREE
SOFTWARE
INSTITUTE

POLITICS
JOBS
MEMBERS'
CORNER

MAILING
LIST

NYLXS Mailing Lists and Archives
NYLXS Members have a lot to say and share but we don't keep many secrets. Join the Hangout Mailing List and say your peice.

DATE 2014-06-01

HANGOUT

2021-10-19 | 2021-09-19 | 2021-08-19 | 2021-07-19 | 2021-06-19 | 2021-05-19 | 2021-04-19 | 2021-03-19 | 2021-02-19 | 2021-01-19 | 2020-12-19 | 2020-11-19 | 2020-10-19 | 2020-09-19 | 2020-08-19 | 2020-07-19 | 2020-06-19 | 2020-05-19 | 2020-04-19 | 2020-03-19 | 2020-02-19 | 2020-01-19 | 2019-12-19 | 2019-11-19 | 2019-10-19 | 2019-09-19 | 2019-08-19 | 2019-07-19 | 2019-06-19 | 2019-05-19 | 2019-04-19 | 2019-03-19 | 2019-02-19 | 2019-01-19 | 2018-12-19 | 2018-11-19 | 2018-10-19 | 2018-09-19 | 2018-08-19 | 2018-07-19 | 2018-06-19 | 2018-05-19 | 2018-04-19 | 2018-03-19 | 2018-02-19 | 2018-01-19 | 2017-12-19 | 2017-11-19 | 2017-10-19 | 2017-09-19 | 2017-08-19 | 2017-07-19 | 2017-06-19 | 2017-05-19 | 2017-04-19 | 2017-03-19 | 2017-02-19 | 2017-01-19 | 2016-12-19 | 2016-11-19 | 2016-10-19 | 2016-09-19 | 2016-08-19 | 2016-07-19 | 2016-06-19 | 2016-05-19 | 2016-04-19 | 2016-03-19 | 2016-02-19 | 2016-01-19 | 2015-12-19 | 2015-11-19 | 2015-10-19 | 2015-09-19 | 2015-08-19 | 2015-07-19 | 2015-06-19 | 2015-05-19 | 2015-04-19 | 2015-03-19 | 2015-02-19 | 2015-01-19 | 2014-12-19 | 2014-11-19 | 2014-10-19 | 2014-09-19 | 2014-08-19 | 2014-07-19 | 2014-06-19 | 2014-05-19 | 2014-04-19 | 2014-03-19 | 2014-02-19 | 2014-01-19 | 2013-12-19 | 2013-11-19 | 2013-10-19 | 2013-09-19 | 2013-08-19 | 2013-07-19 | 2013-06-19 | 2013-05-19 | 2013-04-19 | 2013-03-19 | 2013-02-19 | 2013-01-19 | 2012-12-19 | 2012-11-19 | 2012-10-19 | 2012-09-19 | 2012-08-19 | 2012-07-19 | 2012-06-19 | 2012-05-19 | 2012-04-19 | 2012-03-19 | 2012-02-19 | 2012-01-19 | 2011-12-19 | 2011-11-19 | 2011-10-19 | 2011-09-19 | 2011-08-19 | 2011-07-19 | 2011-06-19 | 2011-05-19 | 2011-04-19 | 2011-03-19 | 2011-02-19 | 2011-01-19 | 2010-12-19 | 2010-11-19 | 2010-10-19 | 2010-09-19 | 2010-08-19 | 2010-07-19 | 2010-06-19 | 2010-05-19 | 2010-04-19 | 2010-03-19 | 2010-02-19 | 2010-01-19 | 2009-12-19 | 2009-11-19 | 2009-10-19 | 2009-09-19 | 2009-08-19 | 2009-07-19 | 2009-06-19 | 2009-05-19 | 2009-04-19 | 2009-03-19 | 2009-02-19 | 2009-01-19 | 2008-12-19 | 2008-11-19 | 2008-10-19 | 2008-09-19 | 2008-08-19 | 2008-07-19 | 2008-06-19 | 2008-05-19 | 2008-04-19 | 2008-03-19 | 2008-02-19 | 2008-01-19 | 2007-12-19 | 2007-11-19 | 2007-10-19 | 2007-09-19 | 2007-08-19 | 2007-07-19 | 2007-06-19 | 2007-05-19 | 2007-04-19 | 2007-03-19 | 2007-02-19 | 2007-01-19 | 2006-12-19 | 2006-11-19 | 2006-10-19 | 2006-09-19 | 2006-08-19 | 2006-07-19 | 2006-06-19 | 2006-05-19 | 2006-04-19 | 2006-03-19 | 2006-02-19 | 2006-01-19 | 2005-12-19 | 2005-11-19 | 2005-10-19 | 2005-09-19 | 2005-08-19 | 2005-07-19 | 2005-06-19 | 2005-05-19 | 2005-04-19 | 2005-03-19 | 2005-02-19 | 2005-01-19 | 2004-12-19 | 2004-11-19 | 2004-10-19 | 2004-09-19 | 2004-08-19 | 2004-07-19 | 2004-06-19 | 2004-05-19 | 2004-04-19 | 2004-03-19 | 2004-02-19 | 2004-01-19 | 2003-12-19 | 2003-11-19 | 2003-10-19 | 2003-09-19 | 2003-08-19 | 2003-07-19 | 2003-06-19 | 2003-05-19 | 2003-04-19 | 2003-03-19 | 2003-02-19 | 2003-01-19 | 2002-12-19 | 2002-11-19 | 2002-10-19 | 2002-09-19 | 2002-08-19 | 2002-07-19 | 2002-06-19 | 2002-05-19 | 2002-04-19 | 2002-03-19 | 2002-02-19 | 2002-01-19 | 2001-12-19 | 2001-11-19 | 2001-10-19 | 2001-09-19 | 2001-08-19 | 2001-07-19 | 2001-06-19 | 2001-05-19 | 2001-04-19 | 2001-03-19 | 2001-02-19 | 2001-01-19 | 2000-12-19 | 2000-11-19 | 2000-10-19 | 2000-09-19 | 2000-08-19 | 2000-07-19 | 2000-06-19 | 2000-05-19 | 2000-04-19 | 2000-03-19 | 2000-02-19 | 2000-01-19 | 1999-12-19

Key: Value:

Key: Value:

MESSAGE
DATE 2014-06-16
FROM Ruben Safir
SUBJECT Re: [NYLXS - HANGOUT] Stupidity of the highest order ...
From owner-hangout-outgoing-at-mrbrklyn.com Mon Jun 16 12:14:36 2014
Return-Path:
X-Original-To: archive-at-mrbrklyn.com
Delivered-To: archive-at-mrbrklyn.com
Received: by mrbrklyn.com (Postfix)
id 5D36616113E; Mon, 16 Jun 2014 12:14:35 -0400 (EDT)
Delivered-To: hangout-outgoing-at-mrbrklyn.com
Received: by mrbrklyn.com (Postfix, from userid 28)
id 4798D161141; Mon, 16 Jun 2014 12:14:35 -0400 (EDT)
Delivered-To: hangout-at-nylxs.com
Received: from mailbackend.panix.com (mailbackend.panix.com [166.84.1.89])
by mrbrklyn.com (Postfix) with ESMTP id 4554716113E
for ; Mon, 16 Jun 2014 12:14:32 -0400 (EDT)
Received: from panix2.panix.com (panix2.panix.com [166.84.1.2])
by mailbackend.panix.com (Postfix) with ESMTP id AF6072E7FA;
Mon, 16 Jun 2014 12:14:31 -0400 (EDT)
Received: by panix2.panix.com (Postfix, from userid 20529)
id 78B7233CCD; Mon, 16 Jun 2014 12:14:31 -0400 (EDT)
Date: Mon, 16 Jun 2014 12:14:31 -0400
From: Ruben Safir
To: hangout-at-mrbrklyn.com
Cc: Hangout
Subject: Re: [NYLXS - HANGOUT] Stupidity of the highest order ...
Message-ID: <20140616161431.GA28094-at-panix.com>
References:
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To:
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: owner-hangout-at-mrbrklyn.com
Precedence: bulk
Reply-To: hangout-at-mrbrklyn.com

On Mon, Jun 16, 2014 at 10:05:42AM -0400, einker wrote:
> Articles like this truly PISS ME OFF! Now, only Open Source Projects by
> their sheer adherence to open source philosophy are hampered by security
> flaws? BULLSHIT.
> I guess all Microsoft and Apple products never had any security issues (You
> wish!) and were pristine because commercial vendor tested them to a greater
> degree than open source projects.
> Give me a break! Commercial products are riddled with security and basic
> programming issues. Best of all, you will never know since you can't see
> the source/test and until its way too late and you've been screwed.
> One of my favorites, OpenBSD (Calm down Ruben! Nothing personal and Theo
> does love you...) has only to remote holes in their base OS install in the
> late 10 or more years.
>
> It's amazing that Paul Rubens calls out open source / free software yet has
> the audacity to reference free and open source security programs on his
> website (rubens.org linking to http://www.clippings.me/paulrubens).
> Isn't it amazing how you use the products but then bash their security
> status and have the nerve to say that security reviews were never done.
> For what its worth, if you have doubts/concerns about open source / free
> software, do the rest of the planet a real service, don't use it. More
> importantly, dig your head from out of your ass and check out the plethora
> of opens ource / free source projects that have been responsible for
> running and maintaining the internet for years. I would strongly suggest
> looking ta netcraft surveys and then ask why is everyone using free OS /
> servers to host on as opposed
> to commercial offerings. Could it be SECURITY, VIABILITY or even should i
> say it..... Best software going for the job!
>
> For the Rubens of the World, please all turn off your computers whatever
> you are suing and please go live in a cave with the other Neanderthals!
>
> Why open source software isn't as secure as you think
>
> A failure to spot a necessary validation in OpenSLL code before an update
> caused the Heartbleed bug
>
> Paul Rubens (CIO (US))
> on 13 June,
> 2014 08:56
>
> The OpenSSL Heartbleed fiasco
>
> proves beyond any doubt what many people have suspected for a long time:
> Just because open source code is available for inspection doesn't mean it's
> actually being inspected and is secure.
>
> It's an important point, as the security of open source software relies on
> large numbers of sufficiently knowledgeable programmers scrutinising the
> code to root out and fix bugs promptly. This is summed up in Linus's Law
> : "Given enough eyeballs, all
> bugs are shallow."
>
> But look at what happened with OpenSSL. Robin Seggelemann, a German
> programmer from Munster University, updated the OpenSLL code by adding a
> new Heartbeat keep-alive function. Unfortunately, he missed a necessary
> validation in his code to check that one particular variable had a
> realistic value.
>
> The member of the OpenSSL development team who checked the code before the
> update was released also missed it. This caused the Heartbleed bug.
>
> One reviewer, even a handful of reviewers, can easily miss a trivial error
> such as this if they don't know there's a bug to be found. What's worrying
> is that, for two years, the Heartbleed bug existed in OpenSLL, in browsers
> and in Web servers, yet no one in the open source community spotted it. Not
> enough eyeballs scrutinised the code.
>
> *Commercial vendors don't review open source code*
>


I was expecting to have more feedback on this as it happened but even at
this late date, just to point out some of the falicy of this moronic
rant buy a claerly undereducated writer, is that most Free Software
projects are INDEED wrtten, funded and scrutenized by commercial
vendors. They go through a huge number of security checks and are
written and overseen by the worlds best programming talent.


Also, the noted expected security fix, checking if a variable result is
within an expect range, that is not only a crappy way of making code
secure, it is a sure way to bring speed of software to a crawl.
Additionally, by the time the varibable is overloaded, its a bit late to
check its size. This is not an efficient or secure means of dealing
with buffers.

Outlook express however, I nobody vouch for that. And we do know it is not
secure.



> Also alarming is that OpenSSL was used as a component in hardware products
> offered by commercial vendors such as F5 Networks, Citrix Systems, Riverbed
> Technology and Barracuda Networks - all of whom failed to scrutinise the
> code adequately before using it, according to Mamoon Yunus, CEO of Forum
> Systems , a secure cloud gateway vendor.
>

  1. 2014-06-08 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Section 8
  2. 2014-06-08 eminker-at-gmail.com Re: [NYLXS - HANGOUT] Section 8
  3. 2014-06-08 eminker-at-gmail.com Re: [NYLXS - HANGOUT] Section 8
  4. 2014-06-08 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Meeting
  5. 2014-06-09 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Re: Meeting
  6. 2014-06-10 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Movie Night!
  7. 2014-06-11 From: "Michael L. Richardson" <mlr52-at-michaellrichardson.com> Re: [NYLXS - HANGOUT] Movie Night!
  8. 2014-06-12 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Movie Night!
  9. 2014-06-13 Ron Guerin <ron-at-vnetworx.net> Re: [NYLXS - HANGOUT] Movie Night!
  10. 2014-06-15 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Movie Night!
  11. 2014-06-15 Ron Guerin <ron-at-vnetworx.net> Re: [NYLXS - HANGOUT] Movie Night!
  12. 2014-06-16 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Movie Night!
  13. 2014-06-16 einker <eminker-at-gmail.com> Subject: [NYLXS - HANGOUT] Stupidity of the highest order ...
  14. 2014-06-16 From: "Michael L. Richardson" <mlr52-at-mycouponmagic.com> Re: [NYLXS - HANGOUT] Stupidity of the highest order ...
  15. 2014-06-16 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Stupidity of the highest order ...
  16. 2014-06-16 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Stupidity of the highest order ...
  17. 2014-06-16 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Stupidity of the highest order ...
  18. 2014-06-17 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Movie Night II
  19. 2014-06-18 Ruben Safir <mrbrklyn-at-panix.com> Re: [NYLXS - HANGOUT] Oh look! It is the cops
  20. 2014-06-27 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] Movie Week III
  21. 2014-06-27 Ron Guerin <ron-at-vnetworx.net> Subject: [NYLXS - HANGOUT] The Internet's Own Boy
  22. 2014-06-30 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] [info-at-fegs.org: NYNP - FEGS Gets $925K Robin Hood Grant for
  23. 2014-06-30 Ruben Safir <mrbrklyn-at-panix.com> Subject: [NYLXS - HANGOUT] NYNP - FEGS Gets $925K Robin Hood Grant for Integrated Care Model
  24. 2014-06-30 From: "Redpill" <red.pill-at-verizon.net> RE: [NYLXS - HANGOUT] NYNP - FEGS Gets $925K Robin Hood Grant for

NYLXS are Do'ers and the first step of Doing is Joining! Join NYLXS and make a difference in your community today!