On Apr 14, 2014 11:01 AM, "Chris Bannister" <firstname.lastname@example.org> wrote:
> On Mon, Apr 14, 2014 at 01:55:04AM -0500, Stan Hoeppner wrote:
> > On 4/13/2014 10:03 PM, Chris Bannister wrote:
> > ...
> > > considering it is a catastrophe worse than the Y2K bug.
> > This is several orders of magnitude less severe than Y2K.
> I read https://www.schneier.com/blog/archives/2014/04/heartbleed.html
> "Catastrophic" is the right word. On the scale of 1 to 10, this is an
> So I gathered, perhaps wrongly, that in that case the Y2K bug would have
> to be greater than 11 on a scale of 1 to 10.
No we're using hex based scales now. And how this works is when someone tries to be stupid and rate something a 17, it rotates into being a 0.
They're different types of bugs. Taking a scale and making something out of bounds for it is stupid but really, so is comparing one bug to the other. They generally affected different types of systems, were caused by different types of oversight, were generally on a different programming level, and mostly the Y2K bug affected financial instructions and this bug has little affect there.
> > > Not even an email from the bank!
> > Many/most financial institutions disdain open source software and would
> > much rather pay for proprietary commercial solutions so there is someone
> > to sue and recover damages when things go tits up.
> That statement was made in the sense that at least the bank could have
> issued a statement along the lines of 'you may have heard of the
> heartbleed bug, we can assure all of our customers that we are not
> affected by this bug and there is no need to panic.'
No, I don't want to hear from my bank unless there's a problem. If everything is going OK, don't spam me. If its not, by all means, let me know. This didn't affect them so don't tell me anything.