BoringSSL is a great name and directly addresses what got OpenSSL into trouble most recently, implementing a new protocol parameter based on a student's idea for a degree thesis. Innovation for innovation's sake, that was. Hurriedly applied for some reason.

And it's not something a website would "use," if you mean a high level protocol akin to "https." It's a library to implement common standards.

Maybe by assigning people to the project who have not chosen security as a career field. On the Mozilla commits I used to follow, the personalities in the security arena were a different kettle of fish from the other developers. They had to maintain FIPS compliance, so were conservative about changes, but it was more than that. Not to mention, there's a possibility of workers with ulterior motives. All the more reason to develop a wider community than just self-selected specialists.

The billion dollar companies can afford it, and should have a long time ago.

They made a whole movie about this one, on the Alabama border. But the franchise was for... sin! The Phenix City Story

Classic Theme Restorer. Cheap, easy, no config.

Cinnamon or Mate?

The big companies probably want more control over the project than LibreSSL will allow them. They've been burned once by relying on old-style Unix community dev. But it's also entirely their own fault for not funding and auditing the open source code they were building their billions on.

Seems to me LibreSSL is the way to go, but I can also see why the corporations would just use it as a side-stream for hints on what to fix. They have enough resources to rewrite openSSL from the inside rather than the the LibreSSL tear-down approach. Having both projects is really a benefit for LibreSSL as longs as it gets sufficient interest and resources.

Cox also competes with Verizon FiOS in several markets. This article says only 9%, last year: http://www.telecompetitor.com/...

The odometers did not even have a digit for 100,000. The rare car "turned over" back to zero. Title forms still have a check box for that. It's one thing the Car Talk guys were right about.

Some actual energy and costs figures are here:
http://ccows.csumb.edu/wiki/in...
(Concerns a different region in California, but has been put together well.)

In the political battle in Santa Cruz last year, a key contention was that the proposed carbon offsets were not a real benefit to the environment.

MailChimp etc. are not mailing lists. They are one-way distribution lists. Mailman has to deal with replies to the group.

In other words, you could not detect the bug by looking at "openssl version" at the shell prompt, or looking for the openssl version in phpinfo().

Yes, LiteSpeed web server, a common drop-in replacement for Apache, had the bug even when the shell of a LAMP stack did not. LS patched it.

If this bug had been in 0.9.8 the web would be in a real disaster now. Many web ISP's stay behind a few versions on the stack. I've got one that runs the oldest PHP version still in release. That's a bit extreme. So the bug hit more big companies.

The special ed kids with learning disabilities are mixed with the ones with behavioral/emotional disabilities in this school. In other words, people that get made fun of, and people that are a danger to them. Sheep and wolves. Must make the regular classrooms nice to remove both the slow learners and troublemakers.

The same thing happens in homeless shelters, where it's hard to protect the defenselessly mentally ill from the bad guys. And prisons, where a lot of mentally ill people live due to the policies of our country.

Another problem in this case is that the police and the judge are an extension of the school administration, and see themselves that way. Also, it is a small Western Pennsylvania school district surely dominated by athletics. Also, we don't know the full story. This could be the best school in the world, but I somehow doubt it.

They all need to be contributing to OpenSSL or a fork.

In a typical year the OpenSSL project receives about US$2000 in donations.

This week we have received roughly 200 donations totaling nearly
US$3000. Amounts have ranged between $0.02 and $300, and I notice that
some individuals have made multiple contributions.

https://groups.google.com/foru...

Security theater is sometimes more like security exhaustion.

Narayanan is agreeing with Thatcher by the way.