The difference is between developers knowing the operations side and being the operations side. Developers need to know the operations side to know how to write software that Ops can install and manage. And they should be involved in the development environment and installation in the testing environment so any gotchas can be addressed quickly and the developers know exactly what happened and can go back and make sure it doesn't happen again (especially in production). And of course when things really go pear-shaped during production deployments it never hurts to have the developers on tap to tell Ops whether there's a simple, quick workaround that'll salvage the deployment or whether it's time to roll back until they can fix the problem. But those are a far cry from developers doing Operations support and administration work on a daily basis. Frankly they're two radically different skill-sets. They're related, sure, but having a developer doing Ops as a regular job is like having Kelly Johnson keeping a fleet of Piper Cubs in shape. Sure he can do it, and technically he can probably do it better than a regular mechanic, but in a month or so he'd be bored to tears and walking out to go work somewhere where they'd actually let him do his job designing and building planes like the SR-71.

... ask yourself a question, why is it that everything in USA was done "up until the 1970s" and then all of a sudden there was a gigantic decline (from building, to meaningful manufacturing jobs, to wage disparity, to ability to afford anything, etc.etc.etc.)?

So what is it that happened in the 70s that changed the USA economy so much? 1971 - Nixon defaults on the gold US dollar. The reason? Inflation that was caused by the Fed, all the massive government that could never be paid for with any amount of taxes (never mind the insane tax rates before that time).

It's the government, my dear, USA government has destroyed USA economy.

What if this was not 'OpenSSL' but instead it was some form of 'ClosedSSL' library that had this problem in it?

NSA would still have access to THAT code, you can bet your ass they would, they wouldn't leave a project like that alone. However nobody else would know (unless stumbling upon it by chance or being able to access the source OR if some insider SOLD that information to somebody on the outside and now you'd have a vulnerability that is exploited by the gov't and by shadiest of the organisations/people out there).

This does not change the discussion in terms of open source code being safer, this changes the discussion around certain practices of development / testing and also this may attract more attention of people towards the SECURITY of our information on the Internet and hopefully we'll move in the direction of working out the details of actually much more SECURE methods of communications.

I certainly have a few ideas of my own that I would like to implement now, but never mind that. The point is that this is good stuff, it finally shed a light on this topic, that should have had much more light on it for a much longer period of time in the first place.

We need better methods around building security within our systems and I think this raises the bar.

This doesn't really change it, because think how a proprietary SSL library would've handled this. The vulnerability was found specifically because the source code was available and someone other than the owners went looking for problems. When was the last time you saw the source code for a piece of proprietary software available for anyone to look at? If it's available at all, it's under strict license terms that would've prevented anyone finding this vulnerability from saying anything to anyone about it. And the vendor, not wanting the PR problem that admitting to a problem would cause, would do exactly what they've done with so many other vulnerabilities in the past: sit on it and do nothing about it, to avoid giving anyone a hint that there's a problem. We'd still have been vulnerable, but we wouldn't know about it and wouldn't know we needed to do something to protect ourselves. Is that really more secure?

And if proprietary software is written so well that such vulnerabilities aren't as common, then why is it that the largest number of vulnerabilities are reported in proprietary software? And that despite more people being able to look for vulnerabilities in open-source software. In fact, being a professional software developer and knowing people working in the field, I'm fairly sure the average piece of proprietary software is of worse quality than the average open-source project. It's the inevitable effect of hiring the lowest-cost developers you can find combined with treating the fixing of bugs as a cost and prioritizing adding new features over fixing problems that nobody's complained about yet. And with nobody outside the company ever seeing the code, you're not going to be embarrassed or mocked for just how absolutely horrid that code is. The Daily WTF is based on reality, remember, and from personal experience I can tell you they aren't exaggerating. If anything, like Dilbert they're toning it down until it's semi-believable.

by "whining" are you implying that I do not vote in firehose? Is that your professional opinion, I mean, are you paid to believe that or is this just a result of being an ass, your statement here?

By the way, if we are already on the topic of taxes, anybody who is interested should listen to this show, not only does it discuss the illegality of taxes, but also it provides some insight on what the USA citizens doing today to reduce their taxes (offshore accounts, etc.etc.)

Americans, you need to listen to this of-course, you should eliminate your federal government, a good step towards that (before you end up shooting the bastards) is to stop paying your taxes.

this is of-course a dupe, but hey, what else is new.

Ted talk on this device.

You are wrong, but that's your right to be wrong.

USA government is unconstitutional, it has abandoned the principles upon which the Republic was established. There are no private property rights anymore. This started with the Sherman's act and continued into everything, from income taxes themselves, IRS, the Fed destroying the value of the people's savings, all of the departments, SS, Medicare, Medicaid, ACA, payroll taxes, every type of income related tax of-course.

The correct thing to do is to remove USA federal government from power, which it usurped illegally and unconstitutionally and it must be removed from power immediately, by force and with extreme prejudice. Of-course this means that people must not give up any of its earnings to the central mafia that is known as the federal government.

Just because the time limit has been raised, that doesn't incur a liability for the debt on the part of anyone who isn't already liable for it. And generally children aren't liable for their parent's debts unless their signature's on the contract. The parent's estate might be liable, but good luck collecting from that once the estate's finalized and closed out. I suspect this'll be what any competent attorney will raise as an issue if the victims get one: "Regardless of anything else, this is not my client's debt and the debt being collectible doesn't on it's own make my client liable for it.".

The point is you are an ignoramus of enormous proportions. The rise in wealth in USA was due to the so called 'robber barons', which created entire new industries and allowed the economy to flourish around them. The 'trust busting' was the beginning of the DESTRUCTION of the economy, as it started destroying the principles of private property rights. Government destroys the economy, it doesn't create it, the economy has to be created first for it to be destroyed by the government, and the private sector in the USA built a mighty economy that it took the growing USA government this long to destroy it.

Internet is critical infrastructure, which is precisely why it must NOT be in the hands of any government (and no other infrastructure should either, because it is illegal, immoral but also really stupid - if you want something to work, you don't give it to government).

So once again, if you want a 'socially responsible' company that you think will survive being exactly what you want it to be, set one up and do with it as you wish. You want OTHER people to do something for you, well, tough, other people shouldn't be forced to hire you or do anything for you that you believe you are entitled to and you believe they are obligated.

I run a company, I hire people the way I want to hire people, I fire people the way I want to fire people. I provide my employees with this information upfront, it's their choice to take or not to take the job. I tell them exactly what I will pay them and if they don't like it, they are 100% free to find some other guy to work for. I have no interest in anything you call 'social responsibility', in fact I do not believe in such nonsense in the first place. I only have responsibility to myself and I have responsibility to be HONEST with people I hire, that's all.

You think there should be some other responsibility: take your own money and start your own company to provide that. That's not why I run my company, YMMV.

- so, TheGratefulNet, start your own company and hire whoever you like. Once you do that, you'll quickly figure out that you can't survive as a company, hiring unskilled labor at minimum wage labor prices, having to deal with payroll taxes, medicare (ACA now), income taxes and all the other taxes and that's AFTER you having to figure out what exactly you will be using your savings (or borrowed capital) to build as a software company.

Good luck.

Level of public science funding should be precisely 0 (that would be zero, as in nothing at all). The Internet would have existed regardless, individual people must not be forced to become slaves to the collective even to publicly fund science or health or education or food or anything, not even little cute orphans should be publicly funded, there is 0 authorisation for any of this and there should be 0 authorisation for any of this and if YOU want to fund something, that's what you have YOUR OWN bank account and you can set up a charity to donate to your particular cause.

Lock them up for what?

In Russia big business does NOT happen without involvement of government officials, who all EXPECT bribes and will NOT allow you to build your business if you do not pay them what they want.

So HP or whoever it is, if they want to deal in Russia they will be paying bribes to the politicians, there is no way around it at all. You can either do big business in Russia and as an ABSOLUTE requirement you will pay bribes, or you can forget about that market completely.

But hey, if you are talking about locking up the POLITICIANS that expect bribes, then I am 100% with you.