Gentoo Archives: gentoo-user

From: walt <w41ter@×××××.com>
To: gentoo-user@l.g.o
Subject: [gentoo-user] [OT/rant] Self-replicating programmer stupidity
Date: Thu, 23 Jun 2011 23:57:43
Message-Id: iu0jng$i8a$
1 I've been reading the monthly security bulletin from for
2 several years. During that time I've noticed some recurring themes,
3 including multiple appearances from Adobe products like Flash.
5 Another recurring theme is ftp servers (of which there are dozens)
6 like this month's report:
8 Platform: Cross Platform
9 Title: Wing FTP Server "ssh public key" Authentication Security Bypass
10 Vulnerability
11 Description: Wing FTP Server is a secure file server for Windows, Linux,
12 Mac, FreeBSD and Solaris. Wing FTP Server is exposed to a security bypass
13 issue that affects the SSH authentication mechanism. Versions prior to
14 Wing FTP Server 3.8.8 are affected.
15 Ref:
17 Mind you, this is the first time I've seen Wing mentioned, but over the
18 years there have been dozens of other ftp servers cited for other flaws
19 in security.
21 My question: WTF uses these poorly written ftp servers? Why do they
22 exist? Who asked for them? Who wrote the code, and why?
24 My tentative guess: either evil programmers, or incompetent programmers.
25 (I suspect the intersection of the two sets is very small.)
27 Many years ago when I was still using M$ Windows I wrote my own hex
28 editor in Visual Basic. I can't explain why I chose to do it, other
29 than as an exercise to learn Visual Basic. (I haven't used it since.)
31 I'm quite certain that my hex editor would flunk even the most basic
32 security tests today because I wasn't programming with security in mind.
33 (In other words, I was the rankest of amateurs.)
35 I'm running out of indignation now, and going to bed, but I'd welcome
36 other indignant comments :)


Subject Author
[gentoo-user] Re: [OT/rant] Self-replicating programmer stupidity Harry Putnam <reader@×××××××.com>
Re: [gentoo-user] [OT/rant] Self-replicating programmer stupidity Matthew Finkel <matthew.finkel@×××××.com>
Re: [gentoo-user] [OT/rant] Self-replicating programmer stupidity "Arttu V." <arttuv69@×××××.com>
Re: [gentoo-user] [OT/rant] Self-replicating programmer stupidity Paul Hartman <paul.hartman+gentoo@×××××.com>