mstdn.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A general-purpose Mastodon server with a 500 character limit. All languages are welcome.

Administered by:

Server stats:

13K
active users

#DUAL_EC_DRBG

0 posts0 participants0 posts today
Replied in thread

@wchr solcher shice gehört als die verbotene #Stalkerware & #Spyware verboten die es ist.

Allein das Feilbieten jener Lösung sollte strafrechtlich verfolgt werden.

Replied in thread

@cody The fact that #GAFAMs and other #Corporations that commited illegal #Espionage (#PRISM) and/or imtegrated #Govware #Backdoors (i.e. #DUAL_EC_DRBG) ain't #denylisted by @bsi for useage and/or procurement by the German Government and Public Institutions and banned from their premises and networks is undue leniency.

Or would @Bundesregierung literally expect anything but a blanket ban against entire German companies if they were to ship some #ITAR / #Wassenaar / #NPT "compliance check" in their systems when sold to the USA?

Not to mention the #NonCompliance of #Windows, #MicrosoftOffice, #Office365 / #Mcirosoft365, #GoogleDocs, etc. with #GDPR & #BDSG due to #CloudAct...

Replied in thread

@PC_Fluesterer Und wenn nicht wird wie im #Cyberfaschismis dann halt der "#Export" per #ITAR verboten, weil #SSL und #PGP sind pöse sicher... ^

Merke: Wenn's in den #RICS (#Russland, #Indien, "V.R." #China, #SaudiArabien) legal ist und aus den #USA exportiert wurde, dann nur weil's #Malware ist oder anderweitig dienlich ist.

Grundsätzlich haben alle entsprechenden #Govware-Integraten bei mir 3x solange #Hausverbot wie es dauert bis diese sich entschuldingen bzw. 2x solange wie's dauert bis die das Problem systemisch fixen.

Egal of #PRISM, #DUAL_EC_DRBG, oder was auch immer...

Replied in thread

@TimWardCam @bert_hubert

Also you're overexaggregating cuz if customers of ANY kind would take seriously, then participation in programs like and integrating like would not only be considered [which they are: it's called ] but be entirely banned from selling their products at all.

c.im/@TimWardCam/1100504731380

C.IMTim Ward ⭐🇪🇺🔶 #FBPE (@TimWardCam@c.im)@kkarhan@mstdn.social @bert_hubert@fosstodon.org The problem is that version 3.x of the open source package, the one you're using, is out of support, and the vulnerability fix is only in 4.x and 5.x. So it obviously makes sense to upgrade to 5.x. But of course the buggers have added lots of new features between 3.x and 5.x, and have had to make breaking changes to accommodate them. So you have to find all the breaking changes, and fix your code, and do a complete set of regression tests, and just to be sure do a complete set of performance tests, in case they've accidentally made your particular old-style use case worse whilst adding their shiny new features ... ... and do it all again in a year or two's time when your customers take objection to the long list of vulnerabilities that's now been found in 5.x ... and of course 5.x is no longer supported, so you have to start all over again... And that's just one of the dozens of open source components you're using. It would be lovely if "manufacturers" could "be obligated to provide long-term support", but open source suppliers can't be *obligated* to do *anything*.