If you pay attention to the security news, there is something coming called Badlock. It just set off a treasure hunt for security flaws in Samba. Rather than link to the web site (I’d rather not support this sort of behavior), let’s think about this as reasonable people.
I can imagine three possible outcomes to the events that have been set in motion.
- On April 12 a truly impressive security flaw will be disclosed. We will all be impressed.
- Someone will figure this out before April 12, they have no incentive to act responsibly and will publish what the know right away, better to be first than to be right!
- Whatever happens on April 12 won’t be nearly as interesting or exciting as we’ve been led to believe. The world will say a collective ‘meh’ and we’ll go back to looking at pictures of cats.
The really crazy thing to think about is if the issue isn’t actually serious, it probably won’t be found. Everyone is looking for a giant problem. They’re going to pass up minor issues (if you do find these, please report them, it’s still useful work). The prize is a pot of gold we’ve been told, not some proverbial the journey is the reward nonsense.
The thing everyone always should remember in a situation like this is there are a lot of really smart people on the planet. If you think of something clever or discover something new, there are huge odds someone else did too. 3 weeks almost guarantees someone else can figure out whatever it is you found. It’s especially interesting in this case since we have a name “Badlock” so we know it probably involves locking. We know it affects Samba and Windows. And we know who it was found by so we can look at which bits of Samba they’ve been working on lately. That’s a lot of information for a clever person.
Send your comments to Twitter: @joshbressers