[Ach] Bug/Ba in OpenSSL

ianG iang at iang.org
Tue Jan 7 21:10:08 CET 2014

On 7/01/14 13:25 PM, Aaron Zauner wrote:
> ianG wrote:
>  > I'm curious -- where is BSAFE used?  As far as I was aware, it was
>  > mostly shipped to USG. Is it in general shipping with in any user field?
>  >  You mention “high security” proprietary windows and java applications
>  > ... but are those things we should be worried about if we don't use
>  > them?  Any clue as to which they are?
> As far as I know it's used in a lot of commercial windows software,
> although I cannot name any particulars. If you google a bit you'll be
> able to find enough.
>  > I need a pithy statement for this.
> Whats a pithy statement? :)

That's a pithy statement!

Pith in english is the white stuff in the peel in a citrus fruit :)

A pithy comment is one that is short, concise, on point and often 
ironically or amusingly so.  So, it is easy to remember, and might 
become an aphorism.

I've found that when explaining tough concepts, having some pithy phrase 
there to encapsulate it works better than rheems of blog posts and 
arguments:  "There is only one mode, and it is secure."  People might 
not agree with it, but they get the essential thrust, and as it comes up 
again and again, they remember, and consider and rethink...

As another possibility:  it often makes for fun reading if you can put a 
quote into every heading.  It takes a while to fill them all up, but 
it's worth it for readability.

Any good quotes spring to mind?

More information about the Ach mailing list