This provides a more nuanced analysis: https://research.swtch.com/openssl - but it’s important to understand the context: at the time openssl was seen as very secure by many despite issues like the one that Roeckx was addressing. Many serious vulnerabilities has been discovered in openssl in the next years, leading to a lot of fixing and major cleanups.
The Debian maintainer knew he didn’t understand the code, so he asked for help on the openssl-dev mailing list […] He got two substantive replies. […] Both essentially said, “go ahead, remove the MD_update line.
Gemini claims to “Takes user privacy very seriously” and yet it leaks the client and server IP addresses to each other and to network observers by not using any form of https://en.wikipedia.org/wiki/Mix_network.
It claims to “Strives for maximum power to weight ratio” and yet does not support caching.
It does not support content-addressed sites in any form: to host a single-page static site the user has to pay for a VPS or buy some SBC, pay for a domain and configure DNS. The “lightweight” aspect is the protocol itself, not the deployment effort.
The protocol is “non-extensible by design” but obviously cannot prevent users from adding higher-level markups in some clients and start adding complexity, exactly what happened for the web.
A random example of staggering keys in the right direction (vertical) and with a better angle: https://www.kickstarter.com/projects/keyboardio/atreus
Not just DMCAs. People have been arrested and even imprisoned for writing software that is clearly designed to facilitate copyright infringement.
Arguing around technicalities is not an effective defense, especially when the goal of downloading movies is made very clear by remarks like:
“last” launch of my “favorite movie” (sarcasm).
Some examples:
https://en.wikipedia.org/wiki/The_Pirate_Bay_trial
https://www.theverge.com/2015/8/20/9181243/popcorn-time-how-to-sites-arrested
https://torrentfreak.com/police-arrest-men-for-spreading-popcorn-time-information-150819/
He describes himself as essentially neurodivergent and tone-deaf (his word): https://www.fsf.org/news/rms-addresses-the-free-software-community
I’ve met him and a lot of people I know and trust have been around him at conferences. In 20 years I’ve heard plenty of complains about his public behavior and I’ve witnessed various episodes of that. Nobody ever told me in person that RMS is inherently evil or malevolent, but rather unable to act appropriately around people or understand what is socially acceptable, despite having been told many times. He apologized on various occasions over the years… without changing behavior.
Public roles are different from private life. A public speaker is responsible of communicating clearly, understanding the context of conversations, acting properly, and avoid creating these controversies in the first place.
The diagram and beat matrix at the bottom of https://www.debian.org/vote/2021/vote_002 tell a different story:
- the cluster of options 1/2/3/4 are very strong and very close to winning.
- the “support RMS” options 5/6 flat out failed
- had the vote been between the two clusters, the first would have won.
- Unsurprisingly, a lot of people voted “no statement” as a fall-back option, and Condorcet strongly favors options that makes most people “not completely unhappy” rather than making a relative majority with their preferred choice.
Leaking matadata is a breach of confidentiality - which is a cornerstone of security: https://en.wikipedia.org/wiki/Information_security#Definition