lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed May 10 02:26:08 2006
From: david at hayes-family.org (David)
Subject: Should I Be Worried?

On Wednesday 26 April 2006 02:27 pm, CrYpTiC MauleR wrote:
> Forgot to say that the VP of Software Dev who is in charge of the site 
said he would do an emergency fix in 6 hours to fix the problem. As I 
expected the problem is still there. Either he is a moron and didn't 
understand me or they just tried to give the impression they were 
fixing it. 

I usually believe in full disclosure, but you're jumping here when it's 
not necessary.  You got a "yes" answer.  Why are you in such a hurry to 
hear it as a "no"?  Take the man at his word until he proves himself 
untrustworthy.  For now, believe that he is interested and does want to 
fix it.  

Possibility A:  He misunderstood

	Go meet with him again, and explain the problem.  Make yourself
	some drawings or notes to explain what the problem is.  If you 
	think you might want to offer to demonstrate the problem, be sure
	you bring someone with you to act as a witness.  If the school
	gets upset, you may need to prove you acted with the VP's consent.
	Keep copies of whatever drawing or notes you give as part of
	your explanation of the problem.

Possibility B:  It's more complicated than a 6-hour fix

	He's already had the staff take a swipe at fixing it, but it couldn't
	be done for some reason.  A fix takes more than just coding the fix.
	Meet with the VP, and also with whatever IT engineer he assigned to
	handle the issue.  Try to understand what roadblocks they ran into.

Either way, go back and meet with the VP.  He's your ally right now.  
You both have the same interest, fixing the problem.  Work with him 
until he demonstrates that he's not interested in a fix.

--
David Hayes

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ