Linked by Howard Fosdick on Mon 22nd Oct 2012 04:51 UTC
Linux Here's a topic guaranteed to start controversy. Which Linux distribution is best? It all depends on your criteria for judging. Even then the topic is highly subjective. Here are a few nominees for "best distro" in specific categories.
Thread beginning with comment 539837
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Comment by marcp
by lucas_maximus on Wed 24th Oct 2012 07:42 UTC in reply to "RE[2]: Comment by marcp"
lucas_maximus
Member since:
2009-08-18

Some believe security through obscurity is great, that hiding your security flaws magically makes them disappear, that has never been the case.


It was there for over 2 years and was due to developer laziness.

It pretty much puts the "many eyes" into the category of "Myth".

Reply Parent Score: 3

RE[4]: Comment by marcp
by delta0.delta0 on Wed 24th Oct 2012 12:29 in reply to "RE[3]: Comment by marcp"
delta0.delta0 Member since:
2010-06-01


It was there for over 2 years and was due to developer laziness.


It was a misunderstanding, an error, do you know the exact circumstances around the issue to know for a fact that it was down to laziness ? From everything I have read about the incident it seems to be a misunderstanding rather than just laziness, shit happens and it happens in both closed and open platforms, that's reality, no such thing as perfect code, because humans are not perfect.

At least on open platforms if you stumble on shit you can clean it up, in the closed world if you stumble on shit, you have to wear it until the manufacturer cleans it up, that's the difference.



It pretty much puts the "many eyes" into the category of "Myth".


Bullshit !

How many cracks or system compromises were attributed to this ? afaik 0, none.

Sure after this had been revealed there was a lot of upgrading / key regenerations, but before it was known it looks like no one had stumbled across it, so in reality it neither proves or disproves either theory, but I love the fact that you think obscurity provides you better protection. Especially considering Windows your beloved platform of choice has been the most compromised platform on this planet and it is one of the most closed platforms.

Reply Parent Score: 0

RE[5]: Comment by marcp
by lucas_maximus on Wed 24th Oct 2012 14:14 in reply to "RE[4]: Comment by marcp"
lucas_maximus Member since:
2009-08-18

It was laziness, by the looks of it.

http://digitaloffense.net/tools/debian-openssl/

I don't think obscurity provides better protection. What I do believe is that one person that is extremely proficient is better than 10 who aren't.

Edited 2012-10-24 14:16 UTC

Reply Parent Score: 3