Comments on: Debian needs some serious commit review http://rdist.root.org/2008/05/19/debian-needs-some-serious-commit-review/ Embedded security, crypto, software protection Mon, 08 Mar 2010 21:19:29 +0000 http://wordpress.com/ hourly 1 By: Nate Lawson http://rdist.root.org/2008/05/19/debian-needs-some-serious-commit-review/#comment-4845 Nate Lawson Thu, 04 Dec 2008 20:59:03 +0000 http://rdist.wordpress.com/?p=137#comment-4845 Yuhong, it was a private comment to me that I thought was hilarious. Yuhong, it was a private comment to me that I thought was hilarious.

]]> By: Yuhong Bao http://rdist.root.org/2008/05/19/debian-needs-some-serious-commit-review/#comment-4842 Yuhong Bao Fri, 21 Nov 2008 04:55:21 +0000 http://rdist.wordpress.com/?p=137#comment-4842 BTW, where did the Thomas Ptacek quote come from? Because I can't find it using Google. BTW, where did the Thomas Ptacek quote come from? Because I can’t find it using Google.

]]> By: Nate Lawson http://rdist.root.org/2008/05/19/debian-needs-some-serious-commit-review/#comment-4702 Nate Lawson Mon, 21 Jul 2008 18:47:24 +0000 http://rdist.wordpress.com/?p=137#comment-4702 I was surprised to see this post get so many comments months after it was published. Looks like Linux Haters brought in the hordes. I had to delete a few comments that were racist. Please try to add value with what you write here, don't just insult others. With respect to the defense that "disabling seeding is documented behavior", I think this is a terrible design. The only valid reason for this is some kind of test mode that should never be used on a live system. Thus, my recommendation was that enabling this test mode should result in a giant #warning at compile time and printf("WARNING...") at runtime. I was surprised to see this post get so many comments months after it was published. Looks like Linux Haters brought in the hordes. I had to delete a few comments that were racist. Please try to add value with what you write here, don’t just insult others.

With respect to the defense that “disabling seeding is documented behavior”, I think this is a terrible design. The only valid reason for this is some kind of test mode that should never be used on a live system. Thus, my recommendation was that enabling this test mode should result in a giant #warning at compile time and printf(“WARNING…”) at runtime.

]]> By: grfgguvf http://rdist.root.org/2008/05/19/debian-needs-some-serious-commit-review/#comment-4686 grfgguvf Sat, 12 Jul 2008 23:09:15 +0000 http://rdist.wordpress.com/?p=137#comment-4686 This is nothing new. I Switched away from Debian years ago because of the crappy patches their "developers" were allowed to apply to packages. Actually Ubuntu has helped the situation a lot as they pay competent coders to clean up the Debian tree, at least the important packages are mostly fine now. @sheesh As for Vista: it still stores passwords as an unsalted hash. Which yes, makes it possible to reverse them in minutes. Look into ophcrack. This has little to do with cryptographic key quality though. This is nothing new.
I Switched away from Debian years ago because of the crappy patches their “developers” were allowed to apply to packages.

Actually Ubuntu has helped the situation a lot as they pay competent coders to clean up the Debian tree, at least the important packages are mostly fine now.

@sheesh
As for Vista: it still stores passwords as an unsalted hash. Which yes, makes it possible to reverse them in minutes. Look into ophcrack. This has little to do with cryptographic key quality though.

]]> By: Adam http://rdist.root.org/2008/05/19/debian-needs-some-serious-commit-review/#comment-4685 Adam Sat, 12 Jul 2008 12:26:02 +0000 http://rdist.wordpress.com/?p=137#comment-4685 We all know it's easy for Microsoft to stand at the top of the walled fortress and throw off-hand remarks out due to their closed nature, and if this was Microsoft instead of Debian, well no-one would even know. However, if you are a security focussed company in the Free Software world, you choose Suse or Red Hat or another enterprise-y distribution. Hell, use QNX. People are very quick to say "Oh, you used Free software, it's not as good as money you paid for.", you pay for Linux. It's a profitable operating system, you just don't HAVE to. Just don't run a high security network on a consumer operating system. We all know it’s easy for Microsoft to stand at the top of the walled fortress and throw off-hand remarks out due to their closed nature, and if this was Microsoft instead of Debian, well no-one would even know.

However, if you are a security focussed company in the Free Software world, you choose Suse or Red Hat or another enterprise-y distribution. Hell, use QNX. People are very quick to say “Oh, you used Free software, it’s not as good as money you paid for.”, you pay for Linux. It’s a profitable operating system, you just don’t HAVE to.

Just don’t run a high security network on a consumer operating system.

]]> By: website design http://rdist.root.org/2008/05/19/debian-needs-some-serious-commit-review/#comment-4684 website design Fri, 11 Jul 2008 23:43:13 +0000 http://rdist.wordpress.com/?p=137#comment-4684 Saying that the fix isn't complete is slightly misleading and shows he didn't quite read enough on the issue. The line that wasn't uncommented is the one between #ifdef PURIFY, as such, the code is already documented (by upstream) to work without it. Saying that the fix isn’t complete is slightly misleading and shows he didn’t quite read enough on the issue. The line that wasn’t uncommented is the one between #ifdef PURIFY, as such, the code is already documented (by upstream) to work without it.

]]>