February 2014

Apple SSL Bug: Why goto Didn't Fail

When discussing Apple's SSL bug sometimes people mention that goto is bad and shouldn't be used anyway. They often refer to Dijkstra's famous letter to the editor “Go To Statement Considered Harmful” as a reference that it should be known since 1968 that you shouldn't use goto. However I don't think goto is to blame for this bug, but the if clause without a block.

Tags:

Having an Additional Password Just for Email

On my server I usually use PAM for services that I only want to provide for internal users because then you only need to manage one password. That doesn't only mean that you have to remember only one password but also that if you change your password, it's changed everywhere. Now there are situations where such a single sign on principle might become a problem. For example if you want to have your emails on your smartphone or check your email in an internet café when travelling the world, but don't want an attacker to be able to have access to all your data if the phone gets stolen or hacked or the internet café computer is infected with a malware.