Welcome to the MacNN Forums.

besson3c · Apr 13, 2014, 04:53 AM

Any other fans of the Wikipedia here?

I just heard Wales give a talk. There were lots of interesting facts and figures shared, very candid sharing of past failures with much humility, the Wikipedia content development process, and talk about Wikipedia Zero, a program that makes Wikipedia free to target countries via their mobile devices (no data charges). He also talked about a number of challenges, including making the Wikipedia available in a wide range of languages, etc.

There is much more I can share and expound upon, if you're interested, but I'll save some extra writing until I see if this is a discussion you guys are interested in having?

besson3c · Apr 13, 2014, 04:57 AM

Wales also postulated that the big OpenSSL/heartbleed issue was probably due to a lack of funding of OpenSSL.

turtle777 · Apr 13, 2014, 04:47 PM

Originally Posted by besson3c

Wales also postulated that the big OpenSSL/heartbleed issue was probably due to a lack of funding of OpenSSL.

Going off on a tangent here: open source software is always "marketed" as safer / more secure because people can audit the code.

How can it be that one of the underpinnings of *nix security has a simple / stupid error like this, and it didn't get found until now ?

To me, this throws the "secure because it's open" argument out of the window...

-t

besson3c · Apr 13, 2014, 05:06 PM

Originally Posted by turtle777

Going off on a tangent here: open source software is always "marketed" as safer / more secure because people can audit the code.

How can it be that one of the underpinnings of *nix security has a simple / stupid error like this, and it didn't get found until now ?

To me, this throws the "secure because it's open" argument out of the window...

-t

"Can" isn't a guarantee. What provides greater assurance is funding. Resources are always finite.

OpenSSL: Support Contracts

As far as "it's secure because it's open", that is not literally true without the caveat that this requires the right conditions. Even then, there are never any guarantees.

subego · Apr 13, 2014, 06:18 PM

I believe the argument is [more] secure because it's open.

This was found because it's open. With closed it would have been up to the developer, assuming they care, and/or haven't intentionally put their own hole in it.

But, be my guest. Trust some corporate overlord telling you they've got your back. What could go wrong?

subego · Apr 14, 2014, 01:30 AM

On topic: I'm still annoyed from his "message" from a few years back.

besson3c · Apr 14, 2014, 01:45 AM

What was his message? I don't remember that.

subego · Apr 14, 2014, 02:24 AM

His message was "donate to Wikipedia", but the execution was obnoxious IMO.

After seeing the banner for a "Personal Message from Jimmy Wales" for the thousandth time, I had something of a personal message for him, if you get my meaning.

Don't get me wrong, I still ponied up, but that was despite the campaign, not because of it.

subego · Apr 14, 2014, 02:26 AM

Whoops... It was a personal appeal.

turtle777 · Apr 14, 2014, 01:30 PM

It didn't appeal to me. Not even personally.

-t