Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Lessons Learned From the Diaspora Launch

Posted by kdawson on from the off-the-rails dept.

patio11 writes "Diaspora, the privacy-respecting OSS social network, did a code release last week. Attention immediately focused on security. In fact the code base included several severe security bugs. This post walks through the code, showing what went wrong, and what it would let an attacker do to someone who was using Diaspora." The developer who wrote the post ends with: "You might believe in the powers of OSS to gather experts (or at least folks who have shipped a Rails app, like myself) to Diaspora’s banner and ferret out all the issues. You might also believe in magic code-fixing fairies. Personally, I’d be praying for the fairies because if Diaspora is dependent on the OSS community their users are screwed."

2 of 338 comments (clear)

  1. Re:Invalid Argument by siride · · Score: 0, Troll

    Bullshit. Big piles of it. Do you really think that it was open source that made people think they ought to test and review code? No. It is an unproven *assertion* by certain OSS folks that many eyes make bugs shallow. So far as I know, there have been no studies to back that up and there is no logic as to why that must be necessarily true.

  2. hey kdawson... by dAzED1 · · Score: 0, Troll

    fark you. I know this is just a troll response, but that was some of the most anti-OSS crap I've ever seen you editorialize. Is it because they want a token controversial-subject person, because they think it improves readership? Is that why they let you stay on while constantly bashing the same community this site used to be defined by?