Skip to main content

advocacy

The Debian OpenSSL Fiasco.

Posted in

On May 13th, Debian announced that there is a bug in the way SSH RSA/1024 and DSA/2048 were generated, the actual probelm was that the keys were not random enough, given time and resources you can generate enough keys to use in a brute force attack. Aside from the obvious, I have my own thoughts on the matter.

First, I was mad, really mad. How can Debian miss such a glaring hole? And then I read the description of what actually happened - I won't go in detail here, you can find it online - and guess what, I got even MORE mad. This was beyond a simple mistake, this was bad management.

100 M$ Deals on the wall...

Posted in

Hello and welcome to the new world where Linux vendors are selling their souls.

As you can tell from the first line of this post, I am extremely frustrated with the state of Linux vendors these days, let's try to analyze the latest IP deals, shall we?

First there was the Novell/SuSE deal, I am not a lawyer, but from what I gathered, it was all a trick to get around the GPL, and apparently it worked so well that the FSF made specific changes to GPL3 to prevent that sort of thing.

Syndicate content