Slashdot Mirror


Theo De Raadt's Small Rant On OpenSSL

New submitter raides (881987) writes "Theo De Raadt has been on a better roll as of late. Since his rant about FreeBSD playing catch up, he has something to say about OpenSSL. It is worth the 5 second read because it is how a few thousand of us feel about the whole thing and the stupidity that caused this panic." Update: 04/10 15:20 GMT by U L : Reader badger.foo pointed out Ted Unangst (the Ted in the mailing list post) wrote two posts on the issue: "heartbleed vs malloc.conf and "analysis of openssl freelist reuse" for those seeking more detail.

1 of 301 comments (clear)

  1. Re:not developed by a responsible team? by timeOday · · Score: -1, Flamebait
    No more irresponsible than writing the software in C in the first place. If you wanted checks like this universally enforced, you would use a language that doesn't require you to remember to do them every single time. The heartburn that comes with higher-level languages is exactly the type of heartburn that caused this check to be disabled.

    I don't put much stock in retrospective finger-pointing. Almost all bugs are trivial in retrospect.