LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Unbound 1.0 released

Unbound 1.0 released

Posted May 21, 2008 14:39 UTC (Wed) by nix (subscriber, #2304)
Parent article: Unbound 1.0 released 

Example of press-release-speak meaning the exact opposite of what they hoped: the mention that
its security algorithms are 'complex', presumably because to sufficiently clueless managers
'complex' automatically equals 'good' (probably the same managers who think 'proprietary'
equals 'good' and for much the same reason: the fictional vision of bulging brains in some mad
scientist's basement lab Thinking Thoughts That Nobody Else Can Think). Complexity is the
enemy of security, guys...

(Log in to post comments)

Unbound 1.0 released

Posted May 21, 2008 14:55 UTC (Wed) by i3839 (subscriber, #31386) [Link] 

As it's a VeriSign person saying that, I guess he's hinting at DNSSEC.
Not much more reassuring though, but still.

> "Although simplicity and performance have always been primary goals for 
> Unbound, we have placed extra attention on security features, particularly 
> since DNSSEC is not yet deployed widely,"

Is what the devs say. No security is of course faster and simpler than
implementing some security.

Unbound 1.0 released

Posted May 21, 2008 15:58 UTC (Wed) by nix (subscriber, #2304) [Link] 

It would be nice to have DNSSEC. But, oh, look, the roots aren't signed, and whose court has
that ball been in for ten years or so now? :/

Unbound 1.0 released

Posted May 23, 2008 14:10 UTC (Fri) by job (subscriber, #670) [Link] 

Yeah, but if you're in a signed TLD it's still useful.

Unbound 1.0 released

Posted May 21, 2008 14:59 UTC (Wed) by johnkarp (guest, #39285) [Link] 

That was just one comment, and they did not elaborate. They also said 
they "kept the overall design straightforward and clean" and "we have 
worked hard to produce well documented, readable and elegant code. With 
that we try to make the barrier for security audit and code review as low 
as possible." Perhaps DNSSEC is inherently messy, but they did their best?

Of course, it would be best not to take their word, and look at their code 
instead. (I wasn't able to access their code repository for whatever 
reason.)

Unbound 1.0 released

Posted May 21, 2008 15:59 UTC (Wed) by nix (subscriber, #2304) [Link] 

DNSSEC being messy is certainly true enough.

I guess 'announcement by press release' just rubbed me up the wrong way...

Unbound 1.0 released

Posted May 21, 2008 17:41 UTC (Wed) by allesfresser (subscriber, #216) [Link] 

A lyric comes to mind with your mention of proprietary mad scientists:

"We are the priests of the temples of syrinx
Our great computers fill the hallowed halls
We are the priests of the temples of syrinx
All the gifts of life are held within our walls"

I have this lyric written with marker over a Microsoft ad, displayed on the wall of my
cubicle, courtesy of a puckish coworker.

Unbound 1.0 released

Posted May 21, 2008 20:45 UTC (Wed) by nix (subscriber, #2304) [Link] 

I was thinking of _Girl Genius_, but that Rush song counts too, yes. :)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds