Heartbleed disproved _many eyeballs make a bug shallow_. I'm happy this outage proved that we still need supe secure mainframes. Also, i wonder if Intel Itanium (EPIC, not EPYC) created the monoculture, because it killed off a lot of non-PC (RISC) architectures.. 🤔
I'm not sure I would agree that Heartbleed disproved the aphorism you mention. If anything, I think Heartbleed proved the general point that those who use a product commercially should contribute to its development. Crypto in general is a hard subject to do well, and the OpenSSL devs were chronically short on money and people who were both skilled enough and had sufficient free time to contribute. They didn't have the "many eyes" they needed to make the bugs shallow, nor did they have the resources to hire more. I don't think Itanium created any sort of a monoculture. Other RISC lines (including SPARC, ARM, and the IBM Power series) continued for decades after Itanium's introduction. They may not be especially common (certainly not as common as the x86-64 CISC microarchitecture), but they're still out there, and many are still being actively developed and sold today. Itanium, on the other hand, has itself been discontinued.
Maybe its a problem (root cause) about alternatives, quality of service and a sprinkle of opensource and open access.
Heartbleed disproved _many eyeballs make a bug shallow_. I'm happy this outage proved that we still need supe secure mainframes. Also, i wonder if Intel Itanium (EPIC, not EPYC) created the monoculture, because it killed off a lot of non-PC (RISC) architectures.. 🤔
I'm not sure I would agree that Heartbleed disproved the aphorism you mention. If anything, I think Heartbleed proved the general point that those who use a product commercially should contribute to its development. Crypto in general is a hard subject to do well, and the OpenSSL devs were chronically short on money and people who were both skilled enough and had sufficient free time to contribute. They didn't have the "many eyes" they needed to make the bugs shallow, nor did they have the resources to hire more.
I don't think Itanium created any sort of a monoculture. Other RISC lines (including SPARC, ARM, and the IBM Power series) continued for decades after Itanium's introduction. They may not be especially common (certainly not as common as the x86-64 CISC microarchitecture), but they're still out there, and many are still being actively developed and sold today. Itanium, on the other hand, has itself been discontinued.