Comments

1
Duh

Just like the BC Law Society knew Trinity Western is full of bigots
2
Well, of course they did. As an intelligence agency, if you find a way to eavesdrop on what your adversaries think is a secure channel, you keep quiet about it.

The real outrage is the NSA considers their own citizens to be the enemy too, and in their mind, they exist to protect us from ourselves.

Expecting the NSA, CIA or FBI to publicly point out flaws in privately used cryptography is unrealistic. It's against their own interests. They have a long history of trying to weaken and thwart widespread adoption of private individuals using strong cryptography.

It's no wonder many software engineers are libertarian. Seeing your own government as your adversary can do that to a person.
3
No, Paul, the NSA is not "supposed to protect Americans?", it's supposed to protect the government. Come on, you should know this by now.

We are cattle.
4
Knew about it? Hell, the NSA probably created the fucking thing.
5
So a bug that effects encryption on all systems is known for two years before it is fixed, and you call this news.

A bug that effects encryption on Linux systems (most of the servers in the US run on Linux) is known for over six years before it is fixed and it isn't even worth mentioning?

You really need to get on the ball guys. You're slipping.
6
Hail Hydra.
8
This doesn't surprise me at all.

The real question is whether they introduced the bug in the first place.
9
Paul's capacity to be surprised seems to be unlimited.
10
It's open-source code. God knows, no one else was looking at it.
11
@4 @8 coding errors like that exist everywhere, and are very easy to make - especially in the mess of code that is OpenSSL.
12
If the NSA doesn't have at least a dozen full-time employees who's job it is to subscribe to and carefully review the commit notifications of every major open source crypto project (openssl, gnutls, etc) and to regularly do top-to-bottom code audits, then I would say that they're not doing their jobs terribly well.
13
@11 is correct. The error was committed by a volunteer coder for the OpenSSL project (a german, I believe-- the press is being impressively circumspect about naming him, but it's easily findable), and was exactly the sort of error that programmers tend to make when writing networked programs in C. It sailed through code review because OpenSSL is mantained by a bunch of seriously underpaid volunteers, and is a legendarily awful spaghetti snarl of amateur-hour code in the first place. Never attribute to malice what can easily be explained by stupidity.

The real question is why, in C.E. 2014, we still continue to allow people to write any code at all that exists between the kernel and a network socket in a language without bounds checking, garbage collection, and native exception handling. Apparently we are slow learners.
14
Well, Bloomberg is citing anonymous sources, but the NSA has lied to Congress, so a press release would be no sweat. I'd say it's a toss-up.
15
Ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssshocking.
16
Whom does the NSA serve?

They spy on every American citizen as they would an enemy; so, the NSA does not serve us.

So, since they don't serve the average American citizen, isn't it about time we stopped being asked to pay for the NSA? In fact, if we're their enemy, why are they allowed to exist within our nation's borders. Of course, things being as they are, I guess we must first determine whose country it is and who is actually the unwelcome interloper, the NSA or us.

17
@13: Because c is a useful language. But your basic point is well made. In some languages, memory management is so important the programmer must do it. In other languages, memory management is so important you don't let the programmer near it.
18
@17: C is, to be sure, a useful language. If you want to write a weak clone of multics to run on a PDP-11, there's really nothing better suited to the task. :)

Please wait...

Comments are closed.

Commenting on this item is available only to members of the site. You can sign in here or create an account here.


Add a comment
Preview

By posting this comment, you are agreeing to our Terms of Use.