Oh for fuck's sake, OpenSSL. Just when I was starting to think they'd finally gotten their shit together

@pfigel @angristan Timing attacks are pretty nasty. If all the CPU makers were not able to avoid them, I'll be the last to blame this hugely underfunded, compared to their importance, project.

@steelman @angristan definitely don't blame them for the bug existing at all, but refusing to fix until an exploit is available is not what I'd be hoping for from them post-Heartbleed, especially considering a fork with even less backing managed to fix it right away

@pfigel @steelman @angristan It seems nreasonable, but… yes, it seems unreasonable.

@pfigel OpenBSD showing they have competent project management once again

@galaxis @pfigel @phessler ah, so that's during RSA key generation only?

/me puts down his server update deployment ion cannon


Just don't generate RSA keys on cloud servers I guess? ;)

Sign in to participate in the conversation
Mastodon is a microblogging site that federates with most instances on the Fediverse.