From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.4 Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!news.eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!newsfeed.fsmpi.rwth-aachen.de!newsfeed0.kamp.net!newsfeed.kamp.net!87.79.20.101.MISMATCH!newsreader4.netcologne.de!news.netcologne.de!newsfeed.arcor.de!newsspool4.arcor-online.net!news.arcor.de.POSTED!not-for-mail Date: Sat, 19 Apr 2014 17:36:17 +0200 From: Georg Bauhaus User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: OpenSSL development (Heartbleed) References: <-OGdnezdYpRWFc_OnZ2dnUVZ_vednZ2d@giganews.com> In-Reply-To: <-OGdnezdYpRWFc_OnZ2dnUVZ_vednZ2d@giganews.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Message-ID: <535297f1$0$6715$9b4e6d93@newsspool3.arcor-online.net> Organization: Arcor NNTP-Posting-Date: 19 Apr 2014 17:36:17 CEST NNTP-Posting-Host: 82a2e0ba.newsspool3.arcor-online.net X-Trace: DXC=]YM5haP4WkF02Sh8E_NfIAMcF=Q^Z^V3H4Fo<]lROoRA8kFd2bkNPCY\c7>ejVHoGHV1S8c2`O_ca[29_WnIC X-Complaints-To: usenet-abuse@arcor.de Xref: news.eternal-september.org comp.lang.ada:19421 Date: 2014-04-19T17:36:17+02:00 List-Id: On 19/04/14 16:31, Alan Browne wrote: > > Good article in the NYT: > > http://www.nytimes.com/2014/04/19/technology/heartbleed-highlights-a-contradiction-in-the-web.html?ref=business > An exquisite example of how journalism keeps contributing to tactically keeping everyone uninformed, for money (ads, or subscription). But, well, it ends in fundraising, for whatever allegedly good thing having somehow to do with OpenSSL. Scene: We've got an accident! (A big bug in who-knows-what causing ...). Starring: software people, politicians, companies, passwords, funding. Unquestioned semitheories, by emphasis: - Open Source means unpaid, voluntary weekend work. - Open Source means eyeballs looking at others' software, hence quality assurance. So vastly unspecific, incomplete, and untestable as stated, this is a good start for putting opinions on just something in contrast; the conditional of the second hypothesis is in and of itself good for rhetoric. The author indicates that there is no clear indication of the actual harm done (while at about the same time some lad finds himself arrested for doing harm (sniffing social security numbers) using the Heartbleed bug). Quoted "expert" (E. S. Raymond) says: there weren't any eyeballs watching the software. (Misquote? After all, the author names the reviewing software person.) But the expert is popular and controversial, so he's a perfect journalistic asset (triggers Raymond gossip and Raymond controversy). Finally, the author announces a fundraising project of said expert. Good advertising. In between, reports of booing, bemoaning, and demanding; journalist tries to establish a scape goat (OpenSSL users don't fund!). No proof, no clear indication of causation, but alluding in style. By saying that OpenSSL is not a well funded project, she obviously tries to imply that this is (a) true in effect, and (b) that funding prevents bugs. (a): most of OpenSSL does exist only after work of payed employees. (b): See bugs discovered at the same time in well funded MS Word and MS Outlook projects, of similar reach.