Over "die glibc exploit", bekend onder troetelnaampje CVE-2015-7547:

The advisory mentions some mitigating factors: dropping UDP packets above 512 bytes, disabling edns0 like it's the 1980s and limiting TCP responses to 1024 bytes.

With all due respect, these recommendations are terrible, and following them would be a significant regression in addition to breaking valid responses. It wouldn't be surprising if these recommendations made more actual damage than the vulnerability itself.

Eindelijk iemand die ingaat tegen de massa-histerie van gisteren. Dank u, Frank Denis!

Wat natuurlijk niet wil zeggen dat je niet moet patchen...