Sourceforge break-in and Python 2.1 security
Laura Creighton
lac at cd.chalmers.se
Fri Jun 1 17:16:43 EDT 2001
I'm running 2.1 and I am not worried. I am not worried because
statistically speaking, people who break into things and then talk
about it are majorly interested in making people worried, which is why
the most shallow of them just make the talk wihtout the breaking.
Getting you to make postings like you did is the point. Now they can
tell all their friends that they made Tim Peters say something, which
the rest of us implement by saying `hi Tim'.
The next class of people change your software by globally changing
all instances of FooMaker into fooMaker. Unless they are lame and
forget a file, or you are lame and have a FooMaker and a fooMaker
(which you might not be lame for, given certain types of coding
standardization which indeed requires you to have fooMaker objects
in the FooMaker class) they are no problem. They are a bloody
annoyance as you change the code back, but not a real problem
for anybody who doesn't have to work on the code. (Unless you
are teaching some hard coding standardization of variable names
and they break your convention so your teaching goes to hell. Be
careful with your changes, gang.)
These people need some really hard unsolved algorithms in the more
mathematical disciplines or math itself to occupy their bored
little minds. But those of us who have _got_ some unsolved
algorithms don't waste our time on pond scum, so we are of absolute
no use in keeping the word a safer place by giving them something more
cool to do than be pests.
Then there are the real problems. They are real rare, and generally
get about because something is real popular (hey! lets do a denial of
service attack on Ebay. wouldn't that be cool?) or because they
hate you (Tim Peters is a total fool. He said something wrong about
floating point _once_ in the last 10 years. Let us make his life
hell.) If it turns out that Tim Peters is up against that war,
and has chosen to not talk about it, then we need to immediately
back him unconditionally by ignoring it totally especially because
we do not understand what is going on. Whatever it is, Tim Peters
has decided to not talk about it. Hush. (thus breaking the
rule, Tim Peters gets one free crack at calling me pond scum,
because I know better, redeemable any time he likes.)
<but I am nice pond scum with a broken hyphen key it seems>
Laura
More information about the Python-list
mailing list