Due Diligence?
ekr writes "The OpenSSL remote buffer overflows discovered at the end of July got
a lot of press here on /. But how many people actually fixed their
machines? I decided to study this question, and the results are kind of
depressing. Two weeks after the release of the bug, over two thirds of
the servers I sampled were still vulnerable. Even two weeks after
the
Slapper worm was announced, a third of the total servers
were vulnerable. The paper can be found here in
PDF
or
Postscript."
Wow, I just read this after reading that article about sh*tty programming, and Michael Barcella saved my bacon. I have decided not to install any patches because:
I can't understand what the he** this program is doing. It's all just "use stdio.h"... WTF?? You wackos can read this stuff??
It is not written in perl, ruby, python, JavaScript or some other high level language. MB told me that C/C++ is evil. I believe him.
While I was trying to read it, a friend came up and pointed at the screen. Rule #3, no pointers.
Finally, I did not see the official seal of the united states in the upper left corner of my text editor. I never do, but after reading MB's column, I look for it.
However, I can't post this message because I am leaving the inet services off until I can understand all of the source for my TCP-IP stack. After that, I'm gonna tackle the source for Telnet.
WooT!
~Hammy