- Swift on GitHub — watch a thousand projects launch.
- HTTP API Design Guide — extracted from work on the Heroku Platform API.
- End-to-End PGP in Gmail — Google releases an open source Chrome extension to enable end-to-end OpenPGP on top of gmail. This is a good thing. As noted FSF developer Ben Franklin wrote: Those who would give up awkward key signing parties to purchase temporary convenience deserve neither.
- Close Your Comments; Build Your Community (Annemarie Dooling) — I am rarely sad when a commenting platform collapses, because it usually means the community dissolved long before.
ENTRIES TAGGED "security"
All trust is misplaced. And that's probably the way it should be.
In the wake of Heartbleed, there’s been a chorus of “you can’t trust open source! We knew it all along.”
It’s amazing how short memories are. They’ve already forgotten Apple’s GOTO FAIL bug, and their sloppy rollout of patches. They’ve also evidently forgotten weaknesses intentionally inserted into commercial security products at the request of certain government agencies. It may be more excusable that they’ve forgotten hundreds, if not thousands, of Microsoft vulnerabilities over the years, many of which continue to do significant harm.
Yes, we should all be a bit spooked by Heartbleed. I would be the last person to argue that open source software is flawless. As Eric Raymond said, “With enough eyes, all bugs are shallow,” and Heartbleed was certainly shallow enough, once those eyes saw it. Shallow, but hardly inconsequential. And even enough eyes can have trouble finding bugs in a rat’s nest of poorly maintained code. The Core Infrastructure Initiative, which promises to provide better funding (and better scrutiny) for mission-critical projects such as OpenSSL, is a step forward, but it’s not a magic bullet that will make vulnerabilities go away.