[nycbug-talk] what is the threat of the openssl advisory?
Isaac Levy
ike at lesmuug.org
Fri Sep 29 10:12:31 EDT 2006
Hey Jeff,
On Sep 29, 2006, at 8:50 AM, Jeff Quast wrote:
>> Thanks Markus Friedl for this code :)
>
> of course, you should always review code yourself if this is such a
> serious issue. System administrators should be proficient in C for
> this very reason (and why I think recent 'network security' roles
> coming into corperations are full of smoke)
Completely tangent, but I'd argue System Administrators should be
proficient in learning, more than being proficient in C. C knowledge
is a great base, but practical examples from just the last 2 years of
my life have led me to need to hack: C, C++, some Assembly and Forth
(a RAID hack), A Java GUI app (swing lib hacking), PHP, ColdFusion,
Perl, Javascript (x-site scripting), and some advanced Korn Shell
scripts written long ago using *all* the bell and whistle feature of
the shell. All of this, of course, had little or no documentation
with the code at hand.
For those who know me, you know I enjoy the Python programming
language, I am not 'Proficient in C', so all the above mentioned
stuff was done out of resolving some problem at hand. I don't think
I could even speak halfway intelligently on most of the stuff above
in a conversation- I've tossed most of that knowledge out of my brain.
However, the experiences and the methodology remain- and to me,
that's what's important.
I'm not tooting my own horn here, but I'm saying I've seen far too
many people who knew the C/C++, but couldn't think their way through
solving a real problem- which usually just requires creativity.
just my .02¢
Rocket-
.ike
More information about the talk
mailing list