SoylentNews is people
SoylentNews
Don't worry - I won't.
I won't tell a human soul other than those in a position to fix it, however it's a systemic weakness, and cannot be fixed by issuing patches. This problem won't get fixed until the IETF issues some future RFCs - more than one of them - and even then, not until those new standards are _widely_ implemented.
I've never mentioned this in a public way - this is the very _first_ time I've done so - and I've only told one other person that I know how, but not how it would be done.
If you're in a position to implement new RFCs at your company, or in your contributions to a Free Software or Open Source codebase that you are a _commiter_ to, please fetch my OpenPGP key from a keyserver, if your key isn't already there, please submit it then _email_ your key fingerprint - I think that's 16 digits of hex or so - then I'll add it to my keyring.
$ gpg --keyserver pgp.mit.edu --list-keys 69297A03F84E2022
pub rsa4096 2018-11-18 [SC] [expires: 2023-11-17]
87741D160E80D4F860A192FE69297A03F84E2022
uid [ultimate] Michael David Crawford
sub rsa4096 2018-11-18 [E] [expires: 2023-11-17]
Note that I do not yet have a key for mike@soggywizards.com.
$ gpg --keyserver pgp.mit.edu --receive-key 69297A03F84E2022
Please do _not_ sign my key - nor anyone else's - unless I show your my _passport_ in your direct presence. That my technical articles are so popular led a few complete strangers who I'd never met to sign my old key. The key I've got now is _only_ self-signed.
Please keep it that way until we meet for coffee. But not a beer; I only get drunk when a close friend has been unlucky in love. Then we both Pray To The Porcelain God.
I must be purposefully oblique about the details I provide until I can feel certain not just that those who I share this with will keep a lid on it but also until I've found enough RFC-implementors that once I do provide the details, they'll be able to apply the fixes expeditiously.
It happens that I know some primary developers of some stacks. I also know some leading security experts. I'll explain this to a few of them first. I'm on good terms with some vendors' security people, I'll explain it to them as well.
(Score: -1, Troll) by Anonymous Coward on Tuesday December 04 2018, @05:04AM (3 children)
...then flush your head down the toilet.
Have a shit day and fucking die real soon, shithead.
Oh and I want the internet GONE and you gone with it.
Fuck MDC
(Score: 2) by MichaelDavidCrawford on Tuesday December 04 2018, @07:46AM (2 children)
That's time you would have better put to use by wandering the desert wearing a hairshirt and beating yourself with chains.
Yes I Have No Bananas. [gofundme.com]
(Score: -1, Troll) by Anonymous Coward on Tuesday December 04 2018, @01:54PM
Drop dead.
Fuck MDC
(Score: 0) by Anonymous Coward on Wednesday December 05 2018, @10:44AM
Such is the way of Salty Spice.
Salty seems really angry, so I guess he's been applying for jobs, or he shorted oil last week and took a bath in the market when oil popped 5% over the weekend.
tl;dr - It's not easy being Salty.