[FRIAM] more logistics kvetching
glen
gepropella at gmail.com
Wed Jan 19 12:07:41 EST 2022
The context:
Log4j Explained: How It Is Exploited and How to Fix It
https://cisomag.eccouncil.org/log4j-explained/
An extremely casual code review of MetaMask’s crypto
https://blog.cryptographyengineering.com/2022/01/14/an-extremely-casual-code-review-of-metamasks-crypto/
So, the statement in the first article by Dr Coon seems WAY Chicken Little to me. And that's despite my history of unhinged rants about the security-through-obscurity approach in many (complex) open-source efforts. There's a real risk that we'll see more Big Software in the near future. The bureaucrats never miss an opportunity to toss up brick walls, make "expertise" seem like a thing, push for certification this and letters behind your name that. It's the same tired old argument that open-source has a (n infinitely) higher total cost of ownership than proprietary code owned by a legally accountable for-profit. [sigh]
But the 2nd article takes a more measured approach, admitting that this stuff is hard and what's required is for people (everyone) to dig in and take a look. Sure, not all of us are professors of cryptography ... but logistics *is* adversarial. Just admit it and get to work.
And don't put all your tokens in one wallet.
--
glen
Theorem 3. There exists a double master function.
More information about the Friam
mailing list