The context: Log4j Explained: How It Is Exploited and How to Fix It https://cisomag.eccouncil.org/log4j-explained/
An extremely casual code review of MetaMask’s crypto https://blog.cryptographyengineering.com/2022/01/14/an-extremely-casual-code-review-of-metamasks-crypto/ So, the statement in the first article by Dr Coon seems WAY Chicken Little to me. And that's despite my history of unhinged rants about the security-through-obscurity approach in many (complex) open-source efforts. There's a real risk that we'll see more Big Software in the near future. The bureaucrats never miss an opportunity to toss up brick walls, make "expertise" seem like a thing, push for certification this and letters behind your name that. It's the same tired old argument that open-source has a (n infinitely) higher total cost of ownership than proprietary code owned by a legally accountable for-profit. [sigh] But the 2nd article takes a more measured approach, admitting that this stuff is hard and what's required is for people (everyone) to dig in and take a look. Sure, not all of us are professors of cryptography ... but logistics *is* adversarial. Just admit it and get to work. And don't put all your tokens in one wallet. -- glen Theorem 3. There exists a double master function. .-- .- -. - / .- -.-. - .. --- -. ..--.. / -.-. --- -. .--- ..- --. .- - . FRIAM Applied Complexity Group listserv Zoom Fridays 9:30a-12p Mtn UTC-6 bit.ly/virtualfriam un/subscribe http://redfish.com/mailman/listinfo/friam_redfish.com FRIAM-COMIC http://friam-comic.blogspot.com/ archives: 5/2017 thru present https://redfish.com/pipermail/friam_redfish.com/ 1/2003 thru 6/2021 http://friam.383.s1.nabble.com/
