you can't have surprised customers unless you have customers.

He could (and probably would) be arrested for providing material useful to terrorists. Anyone who visits the site is likely to be placed under a veil of suspicion too. The most dangerous act of terrorism is about to be defined as.... 'thinking'.

Was he reported to throw it across the room when he heard it too did not come with Solitaire? I mean, how else was it gonna help him get through inane board meetings!?

I too had felt the same way, Java & .NET both seem like more modern development tools that free the developer from having to think about memory management and instead focus on what they want to create. Having recently been using Objective-C my perspective has changed quite a bit. I have some background in C & assembly so the concept of managing memory is not entirely foreign. I am finding the Cocoa APIs to be very clean and nice to use. Managing memory is also not as painful an experience as I recall from my C days. Objective-C apps should be more efficient (which really matters on battery-powered devices where processor usage is still important) and indeed it is. I believe it is one of the reasons Android and its apps still lag even when compared to older, less powerful Nokia phones.

before the Snowden revelations I would have believed that. Now it just seems like they're not able to maintain the same statement so they haven't updated it. Call me paranoid if you like but context has changed.

One of the big selling points of OSS is that software can be scrutinised for things like back doors. OpenSSL is indeed extremely popular as is OpenVPN - surprises me that the NSA and others have outwit the smart techies that should be able to spot weaknesses. Or perhaps we take OSS for granted so everyone assumes it has been scrutinised but no one actually bothers to analyse the code.

Hmm, so a quick browse over to http://openvpn.net/index.php/open-source/faq/community-software-general/295-are-there-any-known-security-vulnerabilities-with-openvpn.html and we see: "Are there any known security vulnerabilities with OpenVPN? Not to our knowledge (as of 2004.12.08)" Not to be paranoid, but is it too much to ask for them to update their knowledge by about a decade? Am a bit surprised that there doesn't seem to be much published analysis of the protocol.

When it comes to international standards I should remind everyone that the NSA doesn't need to do much to make those complicated and unwieldily. Look at SOAP or UML. For some reason when you gather an international consortium together to make a standard it is natural for it to be a huge WTF by the time it eventually becomes finalised. People feel the need to cater for every conceivable use case even if they're unlikely to be practical or real-world and often those pushing for things have very little grasp of the implications. Crypto related standards are different though, because you actually need people who know what they're doing. So apply the same approach to security and the resulting standard is bound to contain weaknesses. I would bet money that the NSA probably saved the IPSEC standards committee from making it overly weak (much like they enhanced DES when it was first created). Is there an open source alternative to IPSEC that has been scrutinised by cryptographers?