Basically, no problem here.

This site:

http://possible.lv/tools/hb/?domain=www.eyrie-productions.com

provides a test for the heartbleed issue, and has proven reliable enough over the past week for me to recommend it.

There's a pretty good explanation for heartbleed and what it means for you here: http://r000t.com/what-heartbleed-means-to-you/

Basically, the advice I've been giving my clients and other people whom I'm responsible for is to be careful, make sure your browser checks for certificate revocation, and change all your passwords--because you should be changing them on a regular basis anyway.

Do NOT click on any email links to reset passwords; log into the site manually and change it there. There will be hundreds of phishing emails from this event.

If you have any questions, feel free to ask me; you can email me at my username at the gmails if you wish.

--
Unable to save the day: File is read-only.

This particular type of problem is nothing new; it's been an issue in programming for decades, but the people (staff of four, total, of which one is full-time) who develop OpenSSL are -extremely- underfunded and don't get a whole lot of time to audit for that kind of bug.

There's a LOT of software that's in extremely widespread use that has the potential to contain bugs this severe due to very similar circumstances.

For instance, for a number of years, THE database of time zone info was maintained almost entirely by one guy.

Things like browsers and word processors--the stuff people use--is sexy. Things like crypto libraries and the other stuff "under the hood" that people don't directly use? Not a lot of attention there.

It's not just open/free software either, you see a lot of similar bugs in commercial software; where you don't realise there aren't many devs working on stuff.

>Things like browsers and word processors--the stuff people use--is
>sexy. Things like crypto libraries and the other stuff "under the
>hood" that people don't directly use? Not a lot of attention there.

Sadly being sexy doesn't really help them, because most of the sexy-attention goes into new features and bling, and tends to leave the important core code looking like a pile of spaghetti left by ADHD monkeys as people poke it to put their new thing in.

In general software maintanence and checking is not interesting to most people.

S.

(who loves breaking software)

Well, to be fair, there's a reason for that.

And you are correct also about the nature of the non-fun-parts code, though that's less a concern in non-security-critical infrastructure and may occasionally benefit from professional-quality rewrites and audits.

And this would be why I have, up until very recently, stayed as far from dev work as possible: ops for life! ;-P