EvilZone

Well IRCd uses from what I remember Secure Sockets, so it's SSL - so yeah heartbleed is relevent.

When it comes to coding there are only two languages you need, C & D, C++ has far too much dynamic linking for my liking, on top of that you depend on other Dev's to have not done something malicious to the underlying Kernel code. I've seen far too many Kernel Bugs in my time and looked through far too many RFC's to know that, that many mistakes is no accident!

It's stupidity, even Theo the guy writting & maintaining OpenBSD has decided he's had enough of OpenSSL and started his own fork called LibreSSL. But then SSL is hardly a complete toolbox. There are plenty of algorithms and features missing from OpenSSL.

It's so Open it's full of Bugs - Remember the tale that too many cooks spoil the soup?

Thats why when you let teams of people go at something, someone somewhere misses something or overlooks something and then later on your left at the mercy of a crap coding Job done by someone else.

If your going to Code something, you should always do it 100% yourself, it's open source, your free to modify any part of it you think could be improved, however the improvements in the last 40 to 50 years are not what I would call an improvement, if anything it's gone backwards and rapidly. Things are only going to get worse before they get better, so yeah - all software sucks, Linux - Sucks, Unix - Sucks and AIX -Sucks raw eggs through a straw! If you look at the TCPCrypt project they've been pushing for Ubiquitous encryption at the packet layer for a long time, but no-one has implimented it, because that ruins Cyber-Crooks Jobs.

You only have to read the stuff on the ACLU and all the dox that have been released and when you read - IPSEC - Vulnerable, then you know that even Kerberos has been deliberately and maliciously nobbled!

As for Dev's I am one, or I was, years ago I was on the Debian mailing lists and pulling forks and pointing out flaws for other Devs on the Tor project, things like Geolocation in the Tor browser, that just shouldnt be in there in the first place because it reveals your real IP regardless of going through a Tor exit and now I dont maintain or want to maintain a Linux distro, not after watching them accept Google's kernel revisions and listening to Linus go oh DRM is ok with Linux but if you dont like it then Flame Linus to a Crisp!

An now I understand all too clearly why Theo can't bear to be in the same room as him!

This was  alot of months before the Heartbleed bug.
Building your OS from scratch would be probably a very bad idea. It takes teams of Devs, Designers, et-la to come up with a clone of debian or ARCH. whatever.

/THIS IS GOING OFFTOPIC. [THREAD HIJACKING]

It wasnt off-topic, teams of dev's if your programing in Linux maybe, ARC4 is weak and how do you distribute the key's without an adversary obtaining a copy? By e-mail? Or off the forum thread?

You have to hand out key's in person or give them the same OS. The weakness is of course in the wording Public Key as in shared with the General Public. be it a third party Key-Server or posted in electronic mail.

How do you find a bug in the GCC? By running the GDB.. But here's the thing Bro, that compiler you love so much is compiled on a Z80 from the 1980's and you along with everbody else sit's there scratching your head wondering why there's so many buffer over or under runs?!

The differance between Unicode & Truetype!?!

You along with the (dot)gov are playing with what all those hackers that are all in the late 50's to 60's with grey hairs call a "dead horse!"

How many line's of code in your Kernel? 4 Million? Then of course this micro kernel compiled on another 8 bit micro-processor is of no interest to you at only 154'000 lines of code which no metasploit can lay waste to or claim. One day they might understand that the guy running the GPL - General Public License is nobodies tool.

So what's his solution, keep giving them the busted compiler, eventually they might take the hint!