- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Willing to be the version they were using was past EOL.
Admin
TRWTF is they were not staying on top of Java updates. At least use a current release of 7, damnit...
Admin
Decent (if not unexpected... @#&^#& Google) WTF, but... lay off the Said Bookisms, Jane.
Admin
Filed under "what happens when you don't keep up with the current patch versions."
Admin
Most days, an alpaca farm upstate sounds like the better option.
Admin
Google unilaterally pushing updates without any regard for how it would break any existing processes older than five minutes? Say it ain't so!
Admin
Wait, so let me get this straight. Someone deploys software that relies on checking certs (and cert chains back to trusted roots). They then never update said trusted root certs in their shipped software. Then blame someone else (Google) for returning a cert that's chain signed back to a newer known trusted root that is unknown according to their software (because it has assumed a fixed, unalterable, carved in stone set of root CA's). That's the real WTF.
Admin
Opinion: This article would have been better if it were written in the narrative "as it happened" style of most other feature articles, instead of as a conversation between two people after the fact. It reads as clunky, detached, and second-hand.
Admin
TRWTF is that Java doesn't use the system certificate store.
Admin
"it's almost enough to make a girl quit and start an alpaca farm upstate."
Or quit and start writing urban fantasy novels (whatever those are)?
Admin
What's the WTF here? Is it ... clients running slightly outdated software? Or Google not making a big enough fuss when the cert changes? Sure, I guess that's slightly inconvenient, but it's hardly a WTF. I sometimes run into bigger problems just integrating a new version of an existing library. Or is it something else?
Admin
Completely disagree. It flows beautifully, and is the most interesting article in days.
Admin
"it ain't so!"
Do you feel better now?
Even if you have more cash at your disposal than two dozen UN members you can't do anything you like. Somtimes it would be quite convenient if 2+2 were 5 ...
Admin
The real WTF is thinking one of these poorly written articles from this author would actually be decent. The next good one will be the first
Admin
You know what would be awesome? A story that actually explains WTF the WTF is for people who don't work with this sort of thing.
Admin
I've been super disappointed in most of these "WTFs" lately. Most of them are just "I don't know what I'm doing so I'm going to blame someone else."
I think the time has come to remove TDWTF from my RSS feeds...
Admin
Is "urban fantasy" a synonym for "software documentation"?
Admin
https://security.googleblog.com/2017/01/the-foundation-of-more-secure-web.html
“It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.’” Douglas Adams, The Hitchhiker's Guide to the Galaxy (Hitchhiker's Guide to the Galaxy, #1)
Admin
If it's written in this style I really, really hope not.
Admin
three excellent WTFs, sadly none of which was the point of this article:
1/ java incorporated a root created in 2006 only ten years later, in 2016
2/ customers do not update their software (hardly a surprise, this one)
3/ customers do not read important security announcements that warned about that change almost a year in advance
plus meta-wtf 4/ so called admin is blaming third party for the three above
Admin
I'd say the WTF is actually the lack of provision for key updating in the X.509 framework. If there was something where updated root certificates could be downloaded, signed by the previous ones and perhaps cross-signed for added layer of security, deployed systems could simply fetch them and everything would have them in timely fashion. But no, the way it is every vendor must take care of distributing them themselves.
Admin
Urban fantasy based around a girl and her alpaca farm in upstate NY.
I'd read it.
Furry cows moo and decompress.
Admin
Such a provision would perpetuate a compromised root key.
Admin
In reply to P. Wolff
2+2 is 5 for large values of 2.
Admin
Everyone knows that “It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.’” comes from the Hitch-Hiker's Guide to the Galaxy, you don't need to reference the source.
Admin
What is really crazy about this story is Katya's monumental incompetence. Her abundance of ignorance shows clearly when she blames Google for her own mistakes.
This is typical behavior for women on the workplace. Too bad Rick does not appear to be much of a help either. Instead of providing the women around him with much needed male guidance he just nods his head much like a woman would.
At least I give Katya credit for realising that she should probably consider simpler work.