[liberationtech] DecryptoCat

[Karl Fogel]

Maxim Kammerer <mk at dee.su> writes:
>I think you forgot that you are not in a presentation to PHBs. There
>is absolutely nothing I can learn from this incident. I know basic
>programming principles, and my job is not in providing consulting to
>software companies in a mess.
>
>I understand the unwillingness to accept criticism and the
>white-knighting, but look at it this way. If I told you that I found
>another vulnerability in Cryptocat, and am in a process of selling it
>to an intelligence agency, would you still proceed to lecture me on my
>thinking processes, and on best software practices?

Without adding too much reading-time to this thread...

To the extent that counting noses helps here, FWIW I did find Tom
Ritter's post worthwhile & helpful.

Maxim I guess it wasn't meant for you :-), but even after years as an
experienced programmer I occasionally still made dumb mistakes.  I'm
glad peer review caught this bug over at Cryptocat, but Tom's reminder
that anyone can do it, and his suggestions for reducing the frequency of
such mistakes, were not just useful for PHBs.  (And I'm not sure what
the "unwillingness to accept criticism" reference was to, as I haven't
seen that in this incident.)

-K, making a social point more than a technical one