"ask yourself this: what does the measure do to a start-up's ability to protect its innovation?"
I only really know about the patent system's effect in the software industry, so I confine this comment to that arena. Far from being a tool to protect startups, patents present a huge risk to startups. It's essentially impossible to know if what you're doing will end up infringing on someone's patent. It makes a business venture into something of a crap shoot.
On the flip side, patents are all but useless in terms of protecting startups. Asserting or defending a patent requires a lot of time, energy, and money. The very things that startups tend not to have a lot of. The patent system skews the entire playing field sharply in the favor of larger corporations at the expense of the small guys.
It's worse than that. With the exception of patents used in standards, a patent holder has no obligation to give a license to anybody. Also, there are patent holders who give out licenses at no charge.
So a patent is a protectionist measure to stop anyone else from using an invention without the inventor's permission.
(i.e., exploits that need such immense computing power that anyone outside of the NSA is unlikely to be able to do anything).
That's simply crazy thinking, right there. Computing power continues to get cheaper every day. Right now, it is technically within many individual's financial ability to build their own supercomputer. Not one of the best ones, but get a small group of modestly wealthy people together and you're golden. You can build a supercomputer that rivals anything the NSA has going.
What I want to know is why he bothered to say anything along these lines at all. Saying the "NSA will reveal flaws it finds unless thinks they might be useful" is almost precisely the same as saying "the NSA won't reveal the flaws it finds."
"Problem with that is avoiding all spoilers, and not being able to join the conversation about the episode."
You just need a different set of friends. I'm not personally interested in GoT, but several of my friends are fanatical about it. Even so, you know what is never a topic of discussion among my friends? Game of Thrones. The most I've heard about it is that it's a great show.
Re: Evidence (or lack thereof) whether the NSA knew about Heartbleed
The NSA didn't know about Heartbleed because that's not what they called it. However, check out the NSA's "Project Bullrun".
According to The Guardian's analysis of the Snowden documents, under Bullrun, the NSA "has capabilities against widely used online protocols, such as HTTPS, voice-over-IP and Secure Sockets Layer (SSL), used to protect online shopping and banking."
The NSA's cracking might be of a different nature. Who knows? But to me, a rose by any other name...
Open Source does not automatically mean "volunteer" any more than it automatically means "free". There are lots of (and the numbers are increasing over time) software engineers who are paid to work on and develop open source software.
Me too. And, truthfully, only a small percentage of OSS folks have every said otherwise (and they're the kind of zealots that exist everywhere are should be disregarded.)
However, the attacks on "open source" that we're seeing now are intimating that there is something about open source that makes it more dangerous to use than closed source, and heartbleed is somehow the proof of this. That's 100% industrial-grade bullshit.
Open source and closed source software are roughly equally error-prone. The history of closed-source software contains quite a few problems on the scale of heartbleed, after all.
The primary difference between the two is that with open source, there's a greater chance that problems will be found before they bite too hard, and even more importantly, they tend to get fixed and those fixes distributed much more quickly.
Closed source software is full of examples of serious vulnerabilities that have gone unfixed for years despite being reported.