On 11 August 2015 at 20:00, Alessandro Rubini <[email protected]> wrote:
> But most likely I didn't get the point about this post. Can you please > expand? Hmm, you're the only person so far I know of who hasn't reacted in shock. * The attitude of security by obscurity, as if telling your customers "don't look!" stops the black hats for a second. * Don't look for security holes in Oracle, it's a violation of your license. * If you find security holes, don't tell us, it's a violation of your license to have looked and we will send a legal notice telling you to throw away the information. * It is true that someone found a pile of actual security holes, but we were totally going to fix them, honest! Some time or other. * The tone of contempt for the customer, daring to look and ascertain their own security risk. This is precisely why we need software freedom. As a sysadmin, I was shocked that a vendor with a high-quality free software alternative would write something like this that makes them look *utterly incompetent* in the field of security. Reactions on Hacker News: https://news.ycombinator.com/item?id=10039202 https://news.ycombinator.com/item?id=10040428 Someone immediately found an XSS on Oracle's site: https://twitter.com/thegrugq/status/631056841670135808 Oracle's database software is very good indeed - it gives your data back reliably and with fantastic performance. The problem is literally every other aspect of dealing with Oracle ... - d. _______________________________________________ Discussion mailing list [email protected] https://mail.fsfeurope.org/mailman/listinfo/discussion
