[Klug-general] SSL bug

J D Freeman klug at quixotic.org.uk
Thu May 22 17:22:32 BST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, May 22, 2008 at 09:58:55AM -0400, Karl Lattimer wrote:
> Hmm, I don't see that I claim that apple invented email there, I was taking
> the piss out of your for not moving with the times.
> 
> Your statement is still libel. 

As is your statement. The simple act of claiming someone's statement as
libel has substantial bearing, and you should consider it fully before
contining down that line.

> Which company? Hmm... Don't want to say it out loud? Funny, every man and
> his dog knows who I work for...

Yes, we all know you work for Nokia. I do not however feel any need to
discuss my previous employers. It is not something which really adds any
weight to the argument and merely discloses personal information that
need not be disclosed.

> Yeah, well I have real professionals around me all day long, what I hear at
> morning coffee is quite a bit more advanced than anything I've ever heard
> you talking about...

Me too. A quick grep of the CREDITS file for the linux kernel lists my
business partner. 

As for morning coffee today, well that was mostly a nice chat with my
fiance...

> Specifically my source is Rodrigo Novo... It was said amongst ourselves, he
> may have been quoting someone else, he makes a valid point. 

Who appears to be... well google lists a few results, but nothing
terribly useful. No Wikipedia page, no only CV, nothing infact to help
us beyond his name.

> Also I don't necessarily need to quote someone else, lets just say you can
> quote me. Personally I think quotations are for fairly stupid people who
> aren't able to discern opinion on their own.

Excellent, cos it all works on the basis that noone needs to provide
evidence! Afterall I invented faster than light travel!

Come on, be sensible. [citation needed]

> So you can't name one?

I named 2 there, and those are just big flaws in the last couple of
weeks. A quick google for the phrase "biggest security flaw in history"
lists a number of options. Starting with a flaw in HSBC's online banking
which made open 3 million bank accounts. Then a few windows flaws, ooh
look references to electronic voting machines. Wow there are some great
ones to choose from. 

Sitting in utrecht right now tho, I think the giant screwup that is the
dutch OV chipkart is pretty damn spectacular. Or perhaps the TNT mail
rooms loss of 25 million personal records. The problem is there are so
many screwups by so many organisations and individuals it is next to
impossible to make a claim that one is the worst ever. Especially when
the person making that claim is rather biased and has a history of
negative views towards debian.

I prefer the view taken by Bruce Schneier, a world renound security
expert who is respected within his field.

"This is a big deal"

Note, he doesn't claim the worst ever.

> Still don't effect an entire e-commerce infrastructure, sorry you FAIL.

Neither does this, it only effects parts of it, and then only small
parts of it. I think you are making incorrect over generalisations.

> LOL, why? 
> 
> If people around me say it, its enough, if I hear the same grumblings in
> the software community at large then its enough.

If people around me say that the world was created in seven days, does
that make it right? Does that counteract years of scientific evidence to
the contry? Does one person making a claim really get anywhere unless
they can back thatup with evidence or reasoning? Simpley "Cos I say so"
is a very week argument. Incredibly week indeed.

> Why are you so keen to evade the fact that this is the biggest issue the
> world has had to face with cryptography since the arrival of public key
> algorithms.

Because I don't agree with you. Its very simple. You are blowing it out
of proporsion due to bias and poor argument.

> I suppose you could probably class 2600 circumventing DES as a fairly big
> issue too, what with the t-shirts that made the US government a bit red
> faced an all. That still doesn't detract from the fact that I say this is
> the biggest security issue I've ever seen, and I've been around to watch
> the massive sendmail bugs, apache bugs etc...

Yes, I would put circumventing DES as even higher.

Infact I think the greatest security flaw in history, one which actually
saved millions of lives and brought about an end to world war II, has
to be the weeknesses in Enigma, and the wholesale trust in it by those
who used it. Yes I am aware I risk the wrath of godwin on that one. 

> Never in history has cryptography been owned on such a scale. Quote me on
> that bitch.

Again you resort to swearing and insults. Why? Can you not produce a
balanced well backed up argument without resorting to childish taunts?

J
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFINZ3A42M0lILkmGIRAuPyAJ4hAcWk8MJJOlE9UMqftgBZTEKvhgCfTElJ
pDVRFmeGmuW99j90mNzzyys=
=hmZo
-----END PGP SIGNATURE-----



More information about the Kent mailing list