Joe Zeff wrote:
> On 04/26/2014 04:35 PM, Bruno Wolff III wrote:
>>
>> Depending on what you don't like about current Fedoras, you might try
>> out the XFCE or Mate desktops. They provide an experience similar to
>> Gnome 2. If you have an old graphics card, you will want to use kdm or
>> lxdm inst
Bruno Wolff III wrote:
> On Sat, Apr 26, 2014 at 22:19:47 +0200,
> Frantisek Hanzlik wrote:
>>
>> I'm not SSL/TLS guru and I'm not in-deep study heartbeat OpenSSL bug
>> (mainly because I consider Fedora 15+ as too problematic and stay at
>> F14 with eventual migration to CentOS 6 on my servers,
On 04/26/2014 04:35 PM, Bruno Wolff III wrote:
Depending on what you don't like about current Fedoras, you might try
out the XFCE or Mate desktops. They provide an experience similar to
Gnome 2. If you have an old graphics card, you will want to use kdm or
lxdm instead of gdm.
If you pick Xfce
On Sat, Apr 26, 2014 at 22:19:47 +0200,
Frantisek Hanzlik wrote:
I'm not SSL/TLS guru and I'm not in-deep study heartbeat OpenSSL bug
(mainly because I consider Fedora 15+ as too problematic and stay at
F14 with eventual migration to CentOS 6 on my servers, thus they aren't
affected with this
On 4/26/2014 1:19 PM, Frantisek Hanzlik wrote:
I consider Fedora 15+ as too problematic and stay at
F14
yup...fedora version 19 or 20 bugs are far worse than a computer
security breach.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
ht
Ian Malone wrote:
> On 26 April 2014 03:38, Tim wrote:
>> On Wed, 2014-04-23 at 23:26 -0400, Rahul Sundaram wrote:
>>> millions and millions of affected users who had to go ahead and change
>>> passwords for many many things they rely on
>>
>> One thing I haven't seen mentioned, here nor elsewhere
On 26 April 2014 03:38, Tim wrote:
> On Wed, 2014-04-23 at 23:26 -0400, Rahul Sundaram wrote:
>> millions and millions of affected users who had to go ahead and change
>> passwords for many many things they rely on
>
> One thing I haven't seen mentioned, here nor elsewhere, was whether the
> bug c
On Wed, 2014-04-23 at 23:26 -0400, Rahul Sundaram wrote:
> millions and millions of affected users who had to go ahead and change
> passwords for many many things they rely on
One thing I haven't seen mentioned, here nor elsewhere, was whether the
bug could only affect you if they tried to hack th
Hi
On Sat, Apr 19, 2014 at 11:32 AM, Jerry Feldman wrote:
> The cost of a "managed language" is that it affects performance.
>
Not necessarily but even in that case, it might have better to trade off
some speed for better security in such cases. We are talking about
millions and millions of a
On 04/10/2014 04:02 PM, Rahul Sundaram wrote:
> Hi
>
>
> On Thu, Apr 10, 2014 at 3:19 AM, Ian Malone wrote:
>
> .
> This bug was pretty bad, but the kind of mistakes that lead to
> overflows and over-reads tend to be from not keeping track of the data
> properly and will cause othe
On 04/09/2014 01:43 PM, Dave Stevens wrote:
> Quoting Tim :
>
>> Allegedly, on or about 08 April 2014, Jonathan Ryshpan sent:
>>> It's an interesting question why Net infrastructure code continues to
>>> be written in C, a language that provides no automatic checks for
>>> buffer overflow, which (
e: Coding Practice [was Re: Serious OpenSSL vulnerability]
>
>
>
> On 04/09/14 11:35, Jonathan Ryshpan wrote:
> <<>>
>
>> It's an interesting question why Net infrastructure code
> > continues to be written in C, a language that provides no
> > a
Hi
On Thu, Apr 10, 2014 at 3:19 AM, Ian Malone wrote:
> .
> This bug was pretty bad, but the kind of mistakes that lead to
> overflows and over-reads tend to be from not keeping track of the data
> properly and will cause other problems anyway, memory protection
> doesn't help with those.
>
In
On 9 April 2014 18:05, Liam Proven wrote:
> On 9 April 2014 17:19, Tim wrote:
>> Only the other day I was thinking similarly: That almost every exploit
>> that I read about, over the last umpteen years, was a buffer overflow;
>> and why is it so? Are programmers such morons that they accept all
Quoting Tim :
Allegedly, on or about 08 April 2014, Jonathan Ryshpan sent:
It's an interesting question why Net infrastructure code continues to
be written in C, a language that provides no automatic checks for
buffer overflow, which (if I understand right) is the opening for this
security brea
On 04/09/2014 06:19 PM, Tim wrote:
Allegedly, on or about 08 April 2014, Jonathan Ryshpan sent:
It's an interesting question why Net infrastructure code continues to
be written in C, a language that provides no automatic checks for
buffer overflow, which (if I understand right) is the opening fo
On 9 April 2014 18:05, Liam Proven wrote:
> I was just ranting about this /right before/ the Heartbleed thing became
> public:
But Gmail didn't want me to paste the link, which is:
http://liam-on-linux.livejournal.com/42285.html
--
Liam Proven * Profile: http://lproven.livejournal.com/profil
On 9 April 2014 17:19, Tim wrote:
> Only the other day I was thinking similarly: That almost every exploit
> that I read about, over the last umpteen years, was a buffer overflow;
> and why is it so? Are programmers such morons that they accept all data
> without care, rather than only accept wh
Allegedly, on or about 08 April 2014, Jonathan Ryshpan sent:
> It's an interesting question why Net infrastructure code continues to
> be written in C, a language that provides no automatic checks for
> buffer overflow, which (if I understand right) is the opening for this
> security breach, along
On Wed, 2014-04-09 at 16:35 +0200, j.witvl...@mindef.nl wrote:
> And whatever language you use, people can still create unreadable
> spaghetti-code ;-)
"There is not now, nor has there ever been, nor will there ever be, any
programming language in which it is the least bit difficult to write bad
-Original Message-
From: users-boun...@lists.fedoraproject.org
[mailto:users-boun...@lists.fedoraproject.org] On Behalf Of g
Sent: woensdag 9 april 2014 9:19
To: users@lists.fedoraproject.org
Subject: Re: Coding Practice [was Re: Serious OpenSSL vulnerability]
On 04/09/14 11:35
On Tue, Apr 08, 2014 at 10:35:24PM -0700, Jonathan Ryshpan wrote:
> On Tue, 2014-04-08 at 10:55 +0100, Patrick O'Callaghan wrote:
> > https://www.openssl.org/news/secadv_20140407.txt
> >
> > See also http://heartbleed.com/ and
> > http://arstechnica.com/security/2014/04/critical-crypto-bug-in-open
On 9 April 2014 06:35, Jonathan Ryshpan wrote:
> On Tue, 2014-04-08 at 10:55 +0100, Patrick O'Callaghan wrote:
>> https://www.openssl.org/news/secadv_20140407.txt
>>
>> See also http://heartbleed.com/ and
>> http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of
On 04/09/14 11:35, Jonathan Ryshpan wrote:
<<>>
It's an interesting question why Net infrastructure code
> continues to be written in C, a language that provides no
> automatic checks for buffer overflow, which (if I understand
> right) is the opening for this security breach, along with so
>
On Tue, 2014-04-08 at 10:55 +0100, Patrick O'Callaghan wrote:
> https://www.openssl.org/news/secadv_20140407.txt
>
> See also http://heartbleed.com/ and
> http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
>
> This is potentially v
25 matches
Mail list logo
