If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(ZDNet)   Remember the Heartbleed bug? Apparently a lot of IT folks haven't   (zdnet.com) divider line 40
    More: Followup, Heartbleed, OpenSSL  
•       •       •

2912 clicks; posted to Geek » on 23 Jun 2014 at 2:00 PM (25 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



40 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest
 
2014-06-23 10:04:37 AM  
If it's important, it's been patched. If a particular server has not been patched by this point... you probably shouldn't be using the same password there that you use with your financial services.
 
2014-06-23 11:59:27 AM  
I'm sure a large percentage of those will never be patched because it will close off a revenue stream for those guys.
 
2014-06-23 12:18:08 PM  
They haven't remember?
 
2014-06-23 02:07:42 PM  
aneurysm
 
hej
2014-06-23 02:09:59 PM  
Is  subby suffering from the Stroke bug?
 
2014-06-23 02:12:30 PM  
FTFA Heartbleed, discovered by a Google engineer, caused widespread panic and a furious round of server patching by companies worldwide.

The press and people who make money pushing FUD panicked.  The rest of us analyzed the risk and took appropriate action where necessary.  Then we went out for a beer.

FTFA two months after Heartbleed, 309,197 servers remain unprotected

Without context this number is absolutely meaningless.  Is it a large banking site?  Yea - that's still pretty stupid.  Is it someone's box sitting in their basement?  Yes - then who gives a fark?
 
2014-06-23 02:32:31 PM  
Over 300,000 servers?!
OH MY GLOB!!!

I used to work in a facility with about that many servers. That's probably less than a percentage of the servers out there. Big deal.
 
2014-06-23 02:37:47 PM  

tallguywithglasseson: They haven't remember?


One would think that, knowing what is going to happen to anybody who submits an improperly phrased or grammatically incorrect headline, people would be more careful. It doesn't take a whole hell of a lot of extra work.
 
2014-06-23 02:38:30 PM  
i cant english gud
 
2014-06-23 02:39:38 PM  

Mambo Bananapatch: tallguywithglasseson: They haven't remember?

One would think that, knowing what is going to happen to anybody who submits an improperly phrased or grammatically incorrect headline, people would be more careful. It doesn't take a whole hell of a lot of extra work.


But then someone else might submit the link while they're proofreading!
 
2014-06-23 02:51:02 PM  
I'm off work 4 hours early because the IT guys said they were going to have an almost mission critical server up and running yesterday at noon and still nothing
 
2014-06-23 02:55:35 PM  
My heart just bleed a bit reading that headline.
 
2014-06-23 03:08:35 PM  

A_bomb37: I'm off work 4 hours early because the IT guys said they were going to have an almost mission critical server up and running yesterday at noon and still nothing


Oh, I remember going through that at my last job. Seriously, there was a period where I had a three day work week because, without fail, they'd start doing something Friday afternoon that they weren't supposed to initiate until the end of the day and prevent us from getting anything done, and then the projected time for them to be done (Monday morning) would come and go and we'd be up and running Tuesday afternoon.

In the meantime, we got to sit around and talk about Game of Thrones or The Wire.
 
2014-06-23 03:10:33 PM  

Mambo Bananapatch: tallguywithglasseson: They haven't remember?

One would think that, knowing what is going to happen to anybody who submits an improperly phrased or grammatically incorrect headline, people would be more careful. It doesn't take a whole hell of a lot of extra work.


In fairness, while the grammar used in the headline is unusual, it's not incorrect.  You can diagram it out if you're having trouble, perhaps, but the issue seems to be that some of the commenters don't know how to deal with implied subjects and objects.  Subject-verb agreement doesn't apply as strictly across multiple sentences.
 
2014-06-23 03:17:00 PM  

Honest Bender: Over 300,000 servers?!
OH MY GLOB!!!

I used to work in a facility with about that many servers. That's probably less than a percentage of the servers out there. Big deal.


Also - how many are appliances with their own, vendor dictated, patch cycle?  If you're running an appliance with a modified version of OpenSSL at its heart, you can't just download and update OpenSSL on your own, but need the vendor modified version.  You're dependent on the vendor for patches.
 
2014-06-23 03:26:30 PM  

Jim_Callahan: Mambo Bananapatch: tallguywithglasseson: They haven't remember?

One would think that, knowing what is going to happen to anybody who submits an improperly phrased or grammatically incorrect headline, people would be more careful. It doesn't take a whole hell of a lot of extra work.

In fairness, while the grammar used in the headline is unusual, it's not incorrect.  You can diagram it out if you're having trouble, perhaps, but the issue seems to be that some of the commenters don't know how to deal with implied subjects and objects.   Subject-verb agreement doesn't apply as strictly across multiple sentences.


Says who?

Excluding situations involving poetic or literary licence, neither of which applies to this example, what rule states that subject-verb agreement becomes unimportant across two sentences?
 
2014-06-23 03:39:40 PM  

A_bomb37: I'm off work 4 hours early because the IT guys said they were going to have an almost mission critical server up and running yesterday at noon and still nothing


Tell me more about how important your server is...
 
2014-06-23 03:41:29 PM  
headline hurt brain.
 
2014-06-23 03:49:46 PM  
There are probably a lot of unpatchable and/or completely non-critical servers out there.
 
2014-06-23 03:53:35 PM  
I hate the name of that bug because I can't hear it without thinking of that terrible, horrible, awful Dune movie.
 
2014-06-23 03:56:14 PM  

mayIFark: My heart just bleed a bit reading that headline.


If it has going to bled for long, you should have seeing a doctor.
 
2014-06-23 03:56:42 PM  
"London-based Charlie Osborne is a journalist, freelance photographer and former teacher. She holds a degree in Medical Anthropology "

I get all my IT related advice from Charlie!
 
2014-06-23 03:58:56 PM  

jst3p: A_bomb37: I'm off work 4 hours early because the IT guys said they were going to have an almost mission critical server up and running yesterday at noon and still nothing

Tell me more about how important your server is...


Sorta very!
 
2014-06-23 04:03:20 PM  

jst3p: A_bomb37: I'm off work 4 hours early because the IT guys said they were going to have an almost mission critical server up and running yesterday at noon and still nothing

Tell me more about how important your server is...


It controls all the dispatching and equipment provisioning for a major telecom in a 10 city area?
 
2014-06-23 04:03:43 PM  

syberpud: Honest Bender: Over 300,000 servers?!
OH MY GLOB!!!

I used to work in a facility with about that many servers. That's probably less than a percentage of the servers out there. Big deal.

Also - how many are appliances with their own, vendor dictated, patch cycle?  If you're running an appliance with a modified version of OpenSSL at its heart, you can't just download and update OpenSSL on your own, but need the vendor modified version.  You're dependent on the vendor for patches.


Add to that the pain in the ass it is to raise all the necessary change requests and get the changes scheduled in.

Having done a lot of security work in the banking sector and large corporations, I can tell you that it doesn't matter how important a patch is, your're at the mercy of the change board, staffed with all the non technical morons who can postpone a change for any arbitrary reason.

/during a firewall audit I have found firewalls 5 years past their EoS timeline.
//a lot of places have servers that they don't know who owns or administrator them, or even what they do
///they never like my suggestion of turning them off and see if anyone screams.
 
2014-06-23 04:04:08 PM  

sendtodave: jst3p: A_bomb37: I'm off work 4 hours early because the IT guys said they were going to have an almost mission critical server up and running yesterday at noon and still nothing

Tell me more about how important your server is...

Sorta very!


My favorite is "it isn't production but it needs to be treated with a production SLA!"
 
2014-06-23 04:04:55 PM  

Delta1212: A_bomb37: I'm off work 4 hours early because the IT guys said they were going to have an almost mission critical server up and running yesterday at noon and still nothing

Oh, I remember going through that at my last job. Seriously, there was a period where I had a three day work week because, without fail, they'd start doing something Friday afternoon that they weren't supposed to initiate until the end of the day and prevent us from getting anything done, and then the projected time for them to be done (Monday morning) would come and go and we'd be up and running Tuesday afternoon.

In the meantime, we got to sit around and talk about Game of Thrones or The Wire.


The raw deal of it is that I work peicework, so that server being done means I have no work, no work means no pay.
 
2014-06-23 04:05:09 PM  

A_bomb37: jst3p: A_bomb37: I'm off work 4 hours early because the IT guys said they were going to have an almost mission critical server up and running yesterday at noon and still nothing

Tell me more about how important your server is...

It controls all the dispatching and equipment provisioning for a major telecom in a 10 city area?


And it is a single server? Not a cluster or even a load balanced pair? No hot standby?

Fail.
 
2014-06-23 04:06:39 PM  

jst3p: A_bomb37: jst3p: A_bomb37: I'm off work 4 hours early because the IT guys said they were going to have an almost mission critical server up and running yesterday at noon and still nothing

Tell me more about how important your server is...

It controls all the dispatching and equipment provisioning for a major telecom in a 10 city area?

And it is a single server? Not a cluster or even a load balanced pair? No hot standby?

Fail.


I'm sure it's not a single server. But my point is they said they would have it working by noon yesterday and it's still not up. And I can't do my job because of it.
 
2014-06-23 04:11:18 PM  

A_bomb37: jst3p: A_bomb37: jst3p: A_bomb37: I'm off work 4 hours early because the IT guys said they were going to have an almost mission critical server up and running yesterday at noon and still nothing

Tell me more about how important your server is...

It controls all the dispatching and equipment provisioning for a major telecom in a 10 city area?

And it is a single server? Not a cluster or even a load balanced pair? No hot standby?

Fail.

I'm sure it's not a single server. But my point is they said they would have it working by noon yesterday and it's still not up. And I can't do my job because of it.


img.fark.net

My point was that every group in the company thinks their servers are the most important in the company. You might be right, they might be, but in my opinion if it were that mission critical there would be redundancies and an outage this long wouldn't happen.

I don't know the specifics of your case so it could be that something has gone very, very wrong or the design sucked and IT there doesn't have the clout to say "that's a bad design and we wont support it".
 
2014-06-23 04:14:15 PM  

A_bomb37: Delta1212: A_bomb37: I'm off work 4 hours early because the IT guys said they were going to have an almost mission critical server up and running yesterday at noon and still nothing

Oh, I remember going through that at my last job. Seriously, there was a period where I had a three day work week because, without fail, they'd start doing something Friday afternoon that they weren't supposed to initiate until the end of the day and prevent us from getting anything done, and then the projected time for them to be done (Monday morning) would come and go and we'd be up and running Tuesday afternoon.

In the meantime, we got to sit around and talk about Game of Thrones or The Wire.

The raw deal of it is that I work peicework, so that server being done means I have no work, no work means no pay.


That sucks. At least I was getting paid by the hour even if I couldn't do shiat.
 
2014-06-23 04:29:14 PM  
I'm migrating group policies right now, so...kick...etc.
 
2014-06-23 04:36:25 PM  
Oh no.  My precious RAM.  But really, I should get around to updating that bucket of bolts virtual server, I guess.  I'm not sure HTTPS is even running though.
 
2014-06-23 04:50:53 PM  

jst3p: A_bomb37: jst3p: A_bomb37: jst3p: A_bomb37: I'm off work 4 hours early because the IT guys said they were going to have an almost mission critical server up and running yesterday at noon and still nothing

Tell me more about how important your server is...

It controls all the dispatching and equipment provisioning for a major telecom in a 10 city area?

And it is a single server? Not a cluster or even a load balanced pair? No hot standby?

Fail.

I'm sure it's not a single server. But my point is they said they would have it working by noon yesterday and it's still not up. And I can't do my job because of it.

[img.fark.net image 303x166]

My point was that every group in the company thinks their servers are the most important in the company. You might be right, they might be, but in my opinion if it were that mission critical there would be redundancies and an outage this long wouldn't happen.

I don't know the specifics of your case so it could be that something has gone very, very wrong or the design sucked and IT there doesn't have the clout to say "that's a bad design and we wont support it".


They're working on rolling out new technician dispatch software (by new I mean not 15 years old) and I imagine it has something to do with that.

I'm not saying the company has ground to a halt because of it, but it has a pretty severe impact, in that technicians or retail stores are not able to authorize any new equipment, swap faulty equipment etc etc. for an decently sized metropolitan area.
 
2014-06-23 05:40:44 PM  

Jim_Callahan: Mambo Bananapatch: tallguywithglasseson: They haven't remember?

One would think that, knowing what is going to happen to anybody who submits an improperly phrased or grammatically incorrect headline, people would be more careful. It doesn't take a whole hell of a lot of extra work.

In fairness, while the grammar used in the headline is unusual, it's not incorrect.  You can diagram it out if you're having trouble, perhaps, but the issue seems to be that some of the commenters don't know how to deal with implied subjects and objects.  Subject-verb agreement doesn't apply as strictly across multiple sentences.


Umm...no.
 
2014-06-23 07:26:26 PM  
Are we sure they just plum forgot about it, or do they all work for the Pointy Haired Boss-like idiots in the world who need everything looked at for an arbitrary deadline that he'll change his mind after and force them to construct new servers for $20 and the change from the soda machine?
 
2014-06-23 09:25:14 PM  
I have been assured that only around 300K servers are vulnerable.

/stopped caring about 3 weeks ago
//A pig is a pig, and I regret having a fark account.
///waiting for my do to get kicked in.... again
 
2014-06-23 09:26:29 PM  

albatros183: I have been assured that only around 300K servers are vulnerable.

/stopped caring about 3 weeks ago
//A pig is a pig, and I regret having a fark account.
///waiting for my do to get kicked in.... again


Door Damn it!
 
2014-06-23 11:33:43 PM  

A_bomb37: They're working on rolling out new technician dispatch software (by new I mean not 15 years old) and I imagine it has something to do with that.


I think the problem is that they are dispatching 15 yearolds as technicians.   That might work for for Xboxes and PS4s, but is probably bad as a general policy.
 
2014-06-24 06:27:12 AM  

jst3p: Not a cluster or even a load balanced pair


What, exactly, does my ex-wife have to do with all this?
 
Displayed 40 of 40 comments

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »
On Twitter





In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report