You are confused as to what NSA's "defensive" mission is. They aren't there to be the defenders of the internet. They aren't there to be corporate America's QA department. They aren't there to review open source and provide fixes. They aren't there to "make the country's computers more secure".

They are there to protect DoD classified systems. That's the defensive mission, as an agency under the DoD umbrella. Protect DoD classified systems and anything that deals with military activities. All this extraneous whining - none of it is their mission.

It's a simple calculation on their side as far as the defensive mission - does "vulnerability X" involve classified DoD systems or ones that have military information? No? NOT THEIR PROBLEM.

Don't like it? Well too bad, you don't get to gripe when they don't follow their mandate and also gripe when they do.

If you want to complain, take that up with congress or the president to alter their mandate/directive. Or, take it up to congress to provide more funding for the agencies that are actually supposed to be looking out for commercial internet use and regular gov sites - NIST and DHS. Or, lobby congress to create a fully civilian non-DoD agency that's there to provide an extra security layer for the world at large. And in that last case, don't bitch about the government spending money when clearly the free market is failing to provide a solution, since it appears greedy for-profit corporations are happy to use but not contribute any resources towards this critical software infrastructure.

With the constant complaining about them and government in general from all the anti-government libertarian neck beards here, why would they even bother producing a fix? Who would trust code they released? This would not be like the selinux release, which is optional and provided new capabilities - if they produced a fixed openssl nobody would use it until code reviewing for years. They'd spend more time with PR and a ton of bullshit than doing nothing at all which is free from their perspective. If they disclosed the bug, they don't have any power to compel "the internet" to upgrade to a fixed version, so they'd be blamed for exploits and vulnerabilities during the time servers were slowly upgraded.

Whatever they do, somebody would gripe and given it ISN'T THEIR JOB in the first place, doing nothing looks like the game-theory resulting best call.

Slow weekend at Ars? Had you actually looked at the Ars article, you may have noticed it was from one month ago, March 4 2014.

The fact it's here now (and is also a dupe of a previous article here) reflects more on Slashdot and its submitters and editors, than Ars.

This whole comment doesn't even make sense.

The Fibonacci examples at Rosetta Code are all longer for Ocaml than C, iterative and recursive.

And are you implying ML "encourages economy of expression that's actually antithetical to maintainable code"... but C doesn't? Seriously?

If you replace "functional" with "object oriented" and went back in time 20 years ago, your dismissive, skeptical attitude would have fit right in that era as well.

As in: many languages have benefited by gaining object-oriented aspects, haven't found a reason to use an object-oriented language, nothing compelling enough to apply elsewhere, fully aware that a month isn't long enough to master anything but it were cool and earth-shattering then it would obviously manifest.

Sure, maybe the functional hype machine is cranked a little high, but what are you expecting - a concise summary of the years of improvements knowledge, experience in software development and language research, summarized and tailored to highlight the personal benefits to your workflow?

I would suggest picking up a few books and investing more than one month in figuring anything out. Start with the functional support in a language like Python (https://docs.python.org/2/howto/functional.html). Code stuff up one way and then in another. Basically unless you actually invest some effort you won't believe what somebody comes along to tell you.

>authorization from "installing too much" was Apple to activate iTunes.

I've never had to call Apple for that. Just "Deauthorize all computers" to wipe out the non-functional, no longer owned, temporarily installed, whatever iTunes instances, and then reauthorize my current machines.

Much faster than the times (admittedly small handful) I've had to call Microsoft and then deal with their automatic phone system to get activation codes.

Sad but true; only the government can make this happen, since there isn't any profit to be had via science spending in the next quarter or year (which is all modern corporations look at).

Well, too bad. I mean sorry, kids, that your parents were dumbasses, but you don't get to complain about a nanny state (preventing you from building in a risky location) and complain about the lack of a nanny state (that didn't forcibly remove you or removed your kids) at the same time.

Marriage confers various legal statuses, and as such, involves the gov't.

Now if you are talking about some kind of Libertarian exception that exempts both spouses from ALL legal status and responsibilities, then sure, knock yourself out. Just be happy with a giant middle finger if later you wanted one of those rights/benefits you passed on, to avoid the gov't definition.

But it would be very hypocritical to expect the gov't to grant legal status with marriage, without agreeing to the definition of marriage.

Dude, your original claim is complete bullshit (can't get ANY manual), so come on, man up, and admit you were either willfully ignorant or stupid.

Monopoly abuse? You mean of Comcast, the ISP, right?

Once Netflix caved, paying for bandwidth (the whole thing about an ISP not actually providing the bandwidth they claim to their consumers is another issue), the race will be on for others to do the same.

Or are you going to claim that Comcast, after extorting special payments from Netflix and then demanding the same from Apple, is the fair and free-market way an ISP is supposed to behave??

Corporations generally don't give a flip about this situation:

>I could convince a company to hire me based on willingness to learn and improve.

If that's true, what sets you apart from anybody else that is also willing to learn and improve, with a more extensive background that you have?

That being said, I think what you should do is start networking immediately, reach out to anybody and everyone you know for entry level positions in development and/or system administration. Do not spend the next 6 months studying on your own in the evening, in isolation.

>violate the US Constitution, US law, international treaties, the trust of US allies

Dude, they are an intelligence agency, what the fuck do you think they do? Except the constitutional violation part, that should be reigned in. Violate treaties and trust? Hello are you that naive? If you want to get all butthurt about US violations, start with the wars in Iraq and Afghanistan, which killed thousand, pissed away trillions, and had us take a dump on the world. That an intel agency is developing exploits - this confuses you?

I'm not sure you'll get that much out of studying the Accumulo source code, honestly. Secure coding practices have been widely knows for decades at this point, and it isn't as if they've got some magic way to call sprintf() securely, that nobody else has figured out.

High performance data storage and retrieval? So basically they are interested in dealing with lots of data? I could have told you that without bothering to look at Accumulo (and I haven't). Where their magic lies isn't in the software, it is the DATA, which they aren't releasing (obviously) and don't want to talk about gathering.

It isn't as if they are giving out do_mitm_attack.a or break_encryption.dll.

>To fix existing weaknesses while also deliberately creating others seems illogical and self defeating to me...

Makes perfect sense to me. Think of the low hanging fruit theory. Fix a weakness that adversaries and script kiddies can find (thus, the weakness has no actual long term value) and create ones that take nation-state levels of effort to get.

How is heck is this insightful?

I thought Slashdot was the bastion of "technology is inherently neutral; anything can be used for various purposes and that doesn't make them bad". See previous argument as applied to guns, encryption, laser pointers, chemistry, hell scientific progress in general.

So now you just need to bribe a few extra people to clear a plane for flight with a non-functional tracking device installed by maintainence?

Folks, we're talking about protection $250 million. If your simple suggestion won't resist $25 million of theft effort, it is worthless, as in it merely provides the illusion of protection.

Simple: is it possible to protect a $250 million dollar asset against, say 10% effort ($25 million) to steal it?
$25 million pays for a lot of training, bypass devices, and bribes.

If Slashdot let me edit posts I'd put that in my original: what is the break even point of added cost of incremental protection versus cost of theft? For a $250 million dollar asset, you need a system that at least resists $25 million of theft effort. Otherwise it is an illusion of protection.