On 06/07/2019, Theo de Raadt <dera...@openbsd.org> wrote: > Precisely. Most of the risks are in the bugs, and if you hit a problem > you'll be Dennis Muilenburg saying you didn't know (that phrase works > one way today, but if in the next few days he leaves his position, it > will work a different way). The unknown risk factors are first unknown > and potentially accidental, and secondly unknown and now we are supposed > to guess it wasn't accidental. Vendors are wired to increase > performance and noone judges security aspects, that the process where > the "accident" arises. Maybe we should suddenly accuse absolutely > everyone of malpractice! As if that will change anything...
Hence, not only can you get the effect of conspiracy without there being one, but it doesn't matter whether there is a conspiracy or not when it won't change anything; and at any rate, most smart culprits have figured out to maintain plausible deniability. Unless one is a member of a jury tasked with deciding e.g. Dennis's guilt or innocence, it doesn't matter one way or another. > So this is misc, which is full of lots of talk about nothing, by people > who can't change the ecosystem. Having worried vocally about this > before, I know I can't change it. Pretty sad to see people who are even > less capable find the energy to moan about it. Few emotions are as powerful as impotent rage. Impotent rage, rage, rage against the dying of the light. Ian PS: Don't die on us, Theo.
