ntang (ntang) wrote,
ntang
ntang

DJB is a prick.

He wrote a program, publicfile, which acts as an extremely limited web and ftp server, without any dynamic content abilities, and several other restrictions. He bills it as a secure alternative to the rest, which seems a fair enough statement, as long as you just need to serve static files to the world.

The great thing is the way he refers to the competition, and talks about their security flaws. The thing worth noting is that none of the exploits he discusses are in versions available since sometime in 1999. So if they've been basically secure for 2 years, what's the point of his program again...?

Example:

Apache is a big, powerful HTTP server, by far the most widely installed server on the Internet. Unfortunately, the code base has a history of security problems: Apache before version 1.1.3 allowed remote users to take over the web server, and Apache before version 1.2.5 (1998-01) allowed local users to take over the web server. Are the authors confident that no such problems will ever happen again?



Apache has had some flaws since then but nothing that major as far as I know. That's from 3 years ago. That's a pretty good track record methinks. :P
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 8 comments