Since no one has said it yet -- (maybe it is too obvious?) -- thanks to anyone who takes the time to improve old crufty code that most of us rely on. (Yes, even if you weaponize Comic Sans.)
I'm curious as to their funding goal. Sounds like a couple salaries for a year or two. It almost seems appropriate to test the waters here with a KickStarter. OpenSSL is pervasive in technology, I wouldn't be surprised at all if they were able to achieve even somewhat lofty donations from a combination of both individuals and private organizations.
Agreed. I read the call for donations and thought, "I and my company could afford give a couple hundred bucks to this cause, but I wouldn't even want to waste this guy's time writing to him about such a measly sum."
A Kickstarter, or similar (there are open source tools to create kickstarter like campaigns, as well) automates the small-time contributors like me into a form that is useful to an organization like this.
It's a shame there's not even a tiny bit of JS in the pages. Being able to press right or down to advance would be nice. Though I like how lightweight it all this.
I suspect the software is old and the link hasn't been updated in its source.
The software is meant to generate content for an X11 viewer/presentation app using a simple text-based markup as input.
The HTML is an export. It's not what the software was really designed to produce.
That said, I don't know if the quality of the slides is really any better in the native viewer.
Consider the age of the program. It was first developed in 1997. The png format was very new and not even standardized yet. Some (most?) web browsers didn't support it or only supported it in the latest version, at a time when auto-updating browsers didn't exist.
Shouldn't it say LibreSSL - An OpenSSL fork :)?
Seems cool that we kinda have a choice, and do not need to depend on one OpenSource project to have SSL, on other hand it seems it will be another underfunded project, waiting for another heartbleed to happen. :)
On the positive side, and assuming sufficient divergence by then, at least that will only affect about half of the ssl web instead of nearly all of it.
Seriously, why did they pick the 4 clause BSD license and Apache 1.0 license? Is it just out of spite for the GPL?
This whole thing seems kind of childish. The website and slides are especially unprofessional - not just amateurish, I think it takes work to make the slides as bad as they are. What is the point?
They didn't pick the license. The new code is ISC licensed, but the bulk of the code is from OpenSSL, so the project as a whole is stuck with OpenSSL's license.
When Comic Sans was first introduced, it got overused and quickly became an eyesore that nevertheless, still got overused, despite the bitching about it.
Now we just kind of bitch about it because we've always bitched about it. Someday, your grandchildren might bitch about it, too, but they probably won't really care.
It seems many people have a habit of using Comic Sans for formal/semi-formal stuff, even though it was inspired by comic books and designed to be used in Microsoft Bob. Lately, it's become yet another way for typography hipsters to put people down and feel smug about themselves. Scoffing at typography hipsters scoffing at bad typography is just the latest plot twist.
This presentation is tasteless and totally takes any seriousness that should be related to making and promoting an OpenSSL replacement. I personally can't take it seriously and I would recommend hackers to think about what image their presentation and design conveys.
When it comes to security tools, one uses a different approach to selecting your tools. At least, you do if you want to be secure. The best presentation and the prettiest website are nowhere in the selection criteria. You look at the history of the people involved, primarily. What have they done in the past? Was it believed to be secure by other researchers? Is it secure today because they have actively maintained it? Have they used good practices that allow their code to easily be audited by others? Have they welcomed feedback from other competent developers?
Using Comic Sans and bitching about the quality of another project is irrelevant in this scenario. OpenBSD project brings with it an almost two-decade history of seriousness about security that I think one would be a fool to ignore.
When Stee Jobs got kicked out of Lisa development and took over Macintosh he raised a pirate flag, sticking up a finger to the suits have a long and storied history in the business. The people that take offense at such things aren't people you want on your side anyway.
To me it conveys that they are a group of grognards that can't be bought and never mince words or use euphemisms, even if it upsets people. Precisely want you want for developers of a security library.
