And so, after many years. Slashdot is being removed from my bookmarks bar. This bit of poorly-sourced, shameless click-bait is the final straw. It was fun for awhile.

Yes, his not reading the summary was precious. As is your sig in this story.

Just pointing out the irony.

Whatever you say, Alanis. In the same way that electric cars became bad the first time a driver ran over someone's dog in a Tesla.

Remember this? In December 2010 there was a scandal when a developer who had previously worked on OpenBSD wrote to Theo de Raadt and claimed that the FBI had paid the company he had been working with at the time, NETSEC Inc (since absorbed by Verizon), to insert a backdoor into the OpenBSD IPSEC stack. They particularly pointed to two employees of NETSEC who had worked on OpenBSD's cryptograhpic code, Jason Wright and Angelos Keromytis. In typically open-source fashion, de Raadt published the letter on an OpenBSD mailing list. After the team began a code audit de Raadt wrote,

"After Jason left, Angelos (who had been working on the ipsec stack alreadyfor 4 years or so, for he was the ARCHITECT and primary developer of the IPSEC stack) accepted a contract at NETSEC and (while travelling around the world) wrote the crypto layer that permits our ipsec stack to hand-off requests to the drivers that Jason worked on. That crypto layer contained the half-assed insecure idea of half-IV that the US govt was pushing at that time. Soon after his contract was over this was ripped out. ...

"I believe that NETSEC was probably contracted to write backdoors as alleged."

I'd like to find a more recent report of what they found.

Supporting evidence for this assertion:

"It is worth noting that, even if one assumes that all of the “unknown” contributors were working on their own time, over 75% of all kernel development is demonstrably done by developers who are being paid for their work."

Corbet, Jonathan, Greg Kroah-Hartman, and Amanda McPherson. Linux Kernel Development: How Fast it is Going, Who is Doing It, What They are Doing, and Who is Sponsoring It . San Francisco: Linux Foundation, March 2012. 9.

Your post makes you sound like a censorious, company man. I'm hoping your soul isn't really dead.

What you're saying may be generally true. That's what made Mac OS 10.6 such an amazing release. As John Siracusa wrote in his Ars review:

At WWDC 2009, Bertrand Serlet announced a move that he described as "unprecedented" in the PC industry.

"0 New Features"

Read Bertrand's lips: No New Features! That's right, the next major release of Mac OS X would have no new features. The product name reflected this: "Snow Leopard." Mac OS X 10.6 would merely be a variant of Leopard. Better, faster, more refined, more... uh... snowy.

I think Mac OS X could use another release like that today. Fewer iOS-like "features" more bugs quashed, please. Too bad Serlet left the company.

This has been in the works long, long before the crisis caused by the financial industry catastrophe of 2008.

Slow down. Winestock is not making the "If you're offline you must have something to hide ..." argument, he's anticipating it. He's warning that this is an argument authoritarians will soon be making and so one should be ready to defend the right to even have a general-purpose computer and keep one's data locally.

I think you're misreading the article. The Winestock is not making the "if you have something to hide ..." argument, he's anticipating it. His argument is that the computer industry, and perhaps computing as a technical endeavor, tends the direction of centralization of computing power and grunt work which then leads to centralization of data. Both governments and business – even cool, supposedly "revolutionary" businesses – like it this way. So, don't look to the high tech companies for help protecting your privacy. As he says in TFA:

Pleading will not help because the interests of those companies and their users are misaligned. One reason why they are misaligned is because one side has all of the crunch; terabytes of data, sitting in the servers, begging to be monetized. Rather than giving idealistic hackers the means to liberate the users from authority, the democratization of computing has only made it easier for idealistic hackers to get into this conflict of interest. That means that more of them will actually do so and in more than one company.

You see, in the past, the computer industry was dominated by single corporations; first IBM, then Microsoft. Being lone entities, their dominance invited opposition. Anti-trust suits of varying (lack of) effectiveness were filed against them. In the present, we don't even have that thin reed. Thanks to progress, we now have an entire social class of people who have an incentive to be rent-seekers sitting on our data.

Being members of the same social class, they will have interests in common, whatever their rivalries. Those common interests will lead to cooperation in matters that conflict with the interests of their users. For example, the Cyber Intelligence Sharing and Protection Act (CISPA) is backed by Microsoft, Facebook, Yahoo, and, yes, Google, too.

As the head of the Software Freedom Law foundation, Eben Moglen says, keep your data locally, at home, where the 4th Amendment still has some effect. As Winestock is saying, you better be ready to defend even the right to do that.

It's interesting that, as the middle ages went on, foot soldiers went from bearing a shield and one-handed sword or axe to pole arms like the above, then later, pikes. Also swords went from the one-handed variety used with a shield to the two-handed sort. All this happened after the longbow and crossbow were introduced. Which seems counterintuitive to me because those would make me more inclined to have a shield to hide behind, not less.

The halberd was used by the free cities and cantons of Switzerland to evict invading French and Austrian knights. Clearly the superior aristo-killing tool!

(Also see Barbara Tuchman's excellent Distant Mirror . Highly recommended.)

Cause that would be cool.

Yes, but slowing down a brute force attacker by a factor of the cardinality of the set of unique salts will almost certainly be a huge win, especially if the salts chosen are long enough where salt-collisions are rare to nonexistent. 6.5 million accounts were compromised; requiring someone to have 6.5 million times as much compute resources to compromise all passwords is nothing to sneeze at.

Of course, salts don't help you in the case where a well determined attacker isn't after 6.5 million accounts but rather just one specific account, but that's not what they are intended to help with.