On 19 June 2023 3:24:50 am NZST, Ralf Mardorf <[email protected]> wrote: >On Sun, 2023-06-18 at 16:51 +0200, Ralf Mardorf wrote: >> Do you remember "Heartbleed"? We owe that to someone who has >> successfully completed his doctorate with this achievement. A PhD >> student who overestimates his skills can be worse than a traitor. > >"Der Quellcode, der den Fehler aufweist, wurde am 31. Dezember 2011 von >dem einzigen fest angestellten Mitarbeiter des OpenSSL-Teams aus dem >Entwurfszweig in das OpenSSL-Git-Repository eingepflegt" - >https://de.wikipedia.org/wiki/Heartbleed
>IOW he was payed for doing his "excellent" work. All those kids never >programmed using plain Assembly, all of them are smartasses users of >compiler languages, without any knowhow how the compiler does translate >the code to Assembly. What the hell are you on about? Why are you spamming this list about this irrelevant nonsense out of nowhere? How exactly is this relevant to the discussion? The Heartbeat implementation contained a buffer overflow. It was a simple bug. It wasn't caught before being merged in and it wasn't caught by any audits or fuzzing or testing - none was being done. None of this is or should be a stain on Seggleman's character. The blame for the impact of the bug lies with the widespread adoption of OpenSSL by people that assumed that it was bugfree and relied on it 100%. Everyone makes mistakes, including you. It has nothing to do with knowing ASM. Cheers, Miles.
