[JeremyChase]

I'm not going to defend or support OpenSSL, but I find your tone extremely frustrating. For better or worse OpenSSL is an open library for you to use, and you should be thankful for that.

Also, insulting the people working on it is no way to improve the situation.

[_delirium]

Imagine my surprise at discovering that someone who writes with a tone like that is a prominent OpenBSD developer. ;-)

[jcroberts]

Have you ever actually talked with any of the OpenBSD developers?

Marco is a fantastic human being and absolutely hilarious. On top of all that, he's also an amazing programmer. Yes, I've met him in person, and we've traded emails and packages for years. In fact, there's a half a pallet of donated gear sitting behind me in need of being shipped out to him. --It should go without saying, but he's a friend and I have a strong bias.

Getting frustrated by widely deployed but poorly written software should be expected. Just voicing said frustrations solves nothing and wastes time, but voicing frustrations while providing an alternative is actually beneficial.

[_delirium]

It wasn't intended as a comment on anyone's personal worth as a human being, or what they're like in person. I have spent a good amount of time following OpenBSD-related mailing lists, though, and I'd say "polite and collegial" is not the prevailing tone--- hyperbolically trashing other people's work and calling them stupid monkeys is more par for the course. Admittedly, they don't have a monopoly on that; plenty of GNU mailing lists are similar (esp. anything RMS or Ulrich Drepper regularly posts to).

[jcroberts]

The majority of open source projects, OpenBSD included, have difficulty differentiating between attacking a problem and attacking a person.

If you read the recent HN article: "How to keep someone with you forever" http://news.ycombinator.com/item?id=1677013

And ponder it a bit, you'll see how it applies to open source projects, and interactions on mailing lists, or as the case may be, a homepage article by an open source developer.

For me at least, the more fascinating question is why open source projects eventually degrade into "sick systems" of interaction? --I wish I had an answer, but the only speculation I have is it's the result of frustration.

[16s]

"Welcome to OpenBSD" is customarily spoken as "Fuck you moron" or "SMP is for retards and jackasses like you" or "Threads are for idiots and no, we don't care."

I love OpenBSD though. Use it everyday. They don't pretend. What you see is what you get.

[there]

the monkeys reference may (or may not) be in response to linus talking about openbsd developers:

"I think the OpenBSD crowd is a bunch of masturbating monkeys"

http://news.cnet.com/Torvalds-attacks-IT-industry-security-c...

[cpr]

My favorite is the well-known flame by someone at the MIT AI Lab back in its heyday (early Lisp Machine development time)--I'm pretty sure it was RMS: "I've deleted all your <bleeping> code and also erased all the backups" (paraphrased).

[bborud]

It has been a few years since I had to work with OpenSSL and I had much of the same reactions to the code.

OpenSSL has always been bad, so it is not likely that it will improve any time soon unless someone who has a talent for API design decides to spend an immense amount of time sanitizing the library. This is a crypto library, so it is code that requires a lot of scrutiny. You can't simply make changes willy-nilly. Undoing the damage is no simple matter of programming.

I think it is important to point out badly designed APIs and make an example of them so people can learn why it is important to care about API design. It doesn't matter if it is open source or not. That is completely beside the point. Lots of open source code gets worked on by people who get paid for it or whose companies benefit from it directly or indirectly, so let's just be grown-ups and not derail the discussion.

Something being open source is not an excuse for doing a poor job. Bad code is bad code and OpenSSL does deserve harsh criticism for being unnecessarily hard to use.

I find the thought that you should not be able to criticize someone for designing bad APIs just because a project is open source offensive.