OpenSSL Vulnerability

SSL certificates can be compromised using a new vulnerability that shipped on currently supported versions of Debian, Ubuntu, CentOS, Fedora, the BSDs, etc.

Time update your servers, regenerate certs and if you are being rigorous about it, go through the certificate revocation process for your old ones. BUT, be careful that you have available OpenSSL 1.0.1g (or newer, should their be one). Versions previous to 1.0.1 are NOT vulnerable to heartbleed. Though many of these old versions are vulnerable to other bugs, you would not want to update from 1.0.0 for the sole purpose of avoiding heartbleed, if you are only going to land in 1.0.1e, thereby introducing the problem.

Considering the widespread deployment of OpenSSL, it is hard to overstate how common this bug is online.

Whole Lotta Shakin’

He may not have posted to this blog as much as he’d like, but Galen Charlton has been busy. Busy enough to make Library Journal’s “movers and shakers” list for his ongoing work with Evergreen, Koha and open source library software:

Kudos well deserved.

My coworker reading the post came into my office today and asked “Do you know this Galen Charlton guy?” I had to laugh. Having worked together at two different companies, at that moment I was installing and reading his MARC::Record code (again) and sitting in a couple different IRC channels where he was active. More seriously, if I was going to pick one person to carry the banner in a Library Journal context for the OSS projects I care about, I’d pick Galen too. AFAIC, they got this one exactly right.

Also, bonus point to LJ for the crafty subtitle.