[antimagic]

I downvoted you, but I thought I'd explain why - I don't think it's reasonable to characterise this as childish. Government surveillance is something which our industry is the best positioned to speak out against. This type of thing seems to be clearly political speech, and not a prank.

[Lawtonfogle]

It also is something that really hurts our industry, perhaps more so than any other industry out there.

Edit: To be clear, I mean the spying hurts our industry.

[hobs]

Legit question, why?(in this case) If you mean general lack of professionalism, sure, but in this case encoding this as a matter of protest seems appropriate.

[saganus]

Genuine question, how does it really hurt our industry?

You mean because "outsiders" will see us as childish or for some technical reason?

[Lawtonfogle]

I meant the spying hurts our industry as those who buy IT services lose trust in the confidentiality of their data.

[rand334]

Yes; the entirety of our internet infrastructure is...almost...hopelessly insecure. The OpenSSL team refuses to even use SSL/TLS on their website because "they don't want anyone to get the slightest illusion that it's secure" and want everyone to manually verify the SHA hashes.

[simoncion]

> The OpenSSL team refuses to even use SSL/TLS on their website because "they don't want anyone to get the slightest illusion that it's secure"

Eh?

1) Visting http://www.openssl.org automatically redirects me to https://www.openssl.org .

2) The OpenSSL source code is stored in a git repo in GitHub. While this doesn't ensure that the code hasn't been tampered with, git does make it substantially easier to detect tampering than other VCSs do.

3) All of the release tarballs are PGP signed. Verification of the authenticity of these files is just about as automatic as it gets.

[loginusername]

I could be mistaken but I think, not too long ago, openssl.org used to redirect to openssl.net.

And if I recall correctly, it was http://openssl.net not https://.

Is it possible there have been some changes in recent years?

[simoncion]

> Is it possible there have been some changes in recent years?

Well, I made my comment based largely on information that I verified a few minutes before I wrote the comment. I'm unaware of the site's history.

[bdamm]

Have they posted their concerns regarding SSL/TLS? It would make interesting reading. I am assuming the issue is the certificate issuance hierarchy and correspondent lack of transparency, but that's just a guess.

[oldmanjay]

Of course if those hashes are also served via plaintext, then comparing them also doesn't matter, and using them as verification is akin to praying to not be compromised

[lern_too_spel]

The OpenSSL team uses TLS on www.openssl.org. I don't know where you found that quote.

[gozo]

As part of the in-group I can think it's kind of funny in a "stick it to the man" kind of way. But considering that much of what let's the NSA do what it does is because of the failure of organizations like the IETF (and bystanders like ourselves not to put more pressure on them) to make secure technologies prevalent, it's not that funny anymore.

This is exactly what the NSA wants. That you feel like you're on the right side and "sticking it to the man" while they laugh all the way to their long term data storage.

[krapp]

It might be political speech, but it's also childish.

What is it intended to accomplish? What is the actual statement being made, and who is the intended audience? Not the government - they already know what PRISM is. Also not the common internet user. If it had the potential to be effective at influencing or censoring political dialogue, I would be upset at the attempt to bake propaganda (however sympathetic the tech community might be to it) into what should be a politically neutral protocol. But it does seem more like a prank than anything else.

[mbrutsch]

> This type of thing seems to be clearly political speech

So it's your assertion that a thing cannot be both "childish" and "political speech" at the same time?

[eevilspock]

Apparently Feynman is pretty "childish" too: https://news.ycombinator.com/item?id=10650175

[smrq]

I don't think Feynman would have disagreed with that.