daniel hates software: OpenSSH and it's built-in denial of service "feature"

• From: Daniel Pittman
  Date: 03:48 on 11 Dec 2003
  Subject: OpenSSH and it's built-in denial of service "feature"
  
  ...I hate OpenSSH.  It's sure nice to have a free SSH server and all,
  but it is *so* full of hateful half-complete features.
  
  In this case, we need to use password expiration on our systems, because
  company policy demands it. So, we enable this. Life is good.[1]
  
  Then a password expires. Fine, whatever. So, user tries to log in to the
  master server where they need to change the password.[2]
  
  OpenSSH knows that the password is expired, so they are not permitted to
  log in. That is a fine feature, except...
  
  ...OpenSSH does not implement changing passwords.
  
  
  Oh, yes, it can tell you to sod off if your password is now expired,
  because that is so useful, especially when that is the only way to get
  in to the machine to change the password.
  
  
  Advice to programmers:  if you want to leave your feature half finished,
  do it is a way that isn't going to suddenly impale someone through the
  heart and have them bleed to death.
  
  
  At least the server isn't in the data center in Kansas yet...
  
     Daniel
  
  
  Footnotes: 
  [1]  Well, the interface is hateful, and distributing passwords across
       machines is hateful, but not quite as hateful as OpenSSH.
  
  [2]  See point one. All distributed password systems suck.
  
  
  

• From: peter (Peter da Silva)
  Date: 12:22 on 11 Dec 2003
  Subject: Re: OpenSSH and it's built-in denial of service "feature"
  
  > ...I hate OpenSSH.  It's sure nice to have a free SSH server and all,
  > but it is *so* full of hateful half-complete features.
  
  I hate SSH because it's got a fundamentally broken design.
  
  I hate the official implementation of SSH because it deliberately makes
  it as hard as possible to set up a server that's compatible with all the
  variants of sshv1 and sshv2 clients out there.
  
  Thanks for completing the unholy trinity with a new chunk of evil for
  OpenSSH.
  
  If only I didn't hate all the alternatives to SSH even more...
  
  > [2]  See point one. All distributed password systems suck.
  
  Almost there! "All software sucks". Live it! Be it! Is it in you?
  
  
  

Generated at 10:27 on 16 Apr 2008 by mariachi