Heartbleed was a good thing: Give and you shall receive

Garikai Dzoma Avatar
Heartbleed, was to a large extent, a good thing!

When I read the report that said for the past several years the entire amount received in donations by the OpenSSL project was a mere $2000 in donations per year; I was shocked. Surely the article was wrong and may be they meant to say monthly instead of yearly. As, more news articles popped up with the same story, the untenable financial position of the project was not only confirmed, but I realised that it was actually worse that I first thought – apparently the project has one full-time employee (poor guy) and only a small group of contributors. Whenever I try to wrap my head around this, a joke, in which one expresses astonishment and bewilderment at the current breaking news, which is currently making rounds on Social Media come immediately comes to mind. It (the joke) has many variations but the common statements are: “Unombonyatsoshaya kuti zviri kumbofamba sei chaizvo, haaa unotozoona kuti mupfungwa macho ndoomotonzvenga!”  I apologize to non-Shona speakers but that is exactly how I feel.

Most people in general and Zimbabweans in particular just like to profit from pieces of software without contributing anything in return. It does not matter if it is free open-source software (FOSS), shareware, freeware, premium licensed software or games, people just want to use it for free despite all the hard work and effort put in by the developers. To that end we have Key generators (Key Gens), hacks, activators, trial extensions and patches to circumvent legitimate ownership checks. In FOSS people happily skip donation buttons and where these are incorporated in the menu they happily ignore them. We have forums and boards where people share Warez and cracked version of software and tips on how to cheat the system and use software for free. When was the last time you paid to use Winrar after the trial period had expired? Do you feel no shame when you use fake Usernames and Passwords to update your ESET virus software? How did you activate you copy of Windows? Have you ever donated to the Ubuntu project?

The simple truth is that these projects require time, manpower, server resources as well as other resources all of which translate to money. If it were only a few individuals involved in this practice of getting free rides then the problem could be dismissed as a mere annoyance as the projects could easily obtain the funds and steam ahead unhampered. It would seem however that even some of the most powerful corporations on earth will not pass up on a free lunch whenever it suits them despite how much they have in their coffers or how much they benefit from a piece of FOSS. Companies like Google, Yahoo, Red Hat, Amazon, Dell, IBM, VMware, World Stock exchanges, all the Big Banks, Big Tobacco, Big Pharmaceuticals and Big Oil as well as countries like the United States Government, the Russians, the Chinese, Canadians and perhaps even the Pope and the Vatican were willing to make use of OpenSSL and give nothing in return.

OpenSSL is not one of those headline making projects with stories like how cool the new Unity Interface is, or the wonders of OpenStack and how it has contributed to the cloud, or as revolutionary as HTML or as readily understandable by the user as any of those clearly visible components of the software. It chugs along in the background on your desktop, on your favourite website’s server and for some reason people tend to only think that those things that they only understand and see are the only ones important-“Out of sight out of mind.” Since OpenSSL was invisible few people reviewed the code, few people donated, so as a result when everyone else was partying, dancing and drinking with their families on New Years Eve on 31 December 2011 at 23:59 hours, someone was working hard trying to improve the code, tired and exhausted, he unwittingly introduced a bug that has had everyone screaming and running to fix it.

To a large extend Heartbleed was a good thing and no this is not one of those German was wronged-so-justified-to-start-world-war-two arguments that sophists like to give at public lectures. Heartbleed drew attention to those critical but underfunded projects that power the web and other critical operations. It forced people to make a review of their lifestyle and habits. It made people ask the important and right questions. Who funds OpenSSL? How much money did they receive over the past months or years? What is this upstart thingy?( Init disappeared from people’s computers ages ago.) What is BIND and who funds it? What is all this fuss about Xserver, Wayland and Mir talk all about?

Not long after Heartbleed, the OpenSSL project received over $17000 in donations way more than it has made in the past three years combined-the highest donation was $300 and the lowest 2 cents (this was donated through PayPal and PayPal shamelessly took the two cents as a transaction fee despite the fact that PayPal is one of those companies that use OpenSSL!) In the wake of Heartbleed skilled volunteers from companies like Google and OpenBSD started combing the OpenSSL code looking for errors and fixing code. Due to Heartbleed big Fortune 500 companies via the Linux Foundation have pledged a total of $3.9 million over the next three years.

Disaster and catastrophe fuels change world over. Plane crashes compel manufacturers to make safer planes, lost limbs spurred the invention and widespread use of car starters, the Haber process, Nuclear energy, RADAR and many others are a result of frantic human effort spurred by disaster.

They say the Swiss have not been in a war for a long time and the only invention they have to show for it are watches- probably invented because they have to navigate their “uneventful lives. When I think of it, I wish some digital disaster would strike Zimbabwe for all the good it would do us. Perhaps people would become more security conscious. Maybe most people would stop using their loved one’s names, monikers and birthdays as passwords and pins. Who knows maybe we will start seeing a Donate by Ecocash/ Telecash/One Wallet button. It maybe bring an end to the bullying and closed doors policy that is currently in operation in our largest ICT industry players. Maybe only then will we see an Ecocash API with hackers cheerfully creating useful smartphone apps that can be hosted on an EcoMarket/TeleMarket. Maybe operators this will then stop charging obscene tariffs even for local data.

Who knows perhaps people will start clicking the Send button instead of the Don’t Send button. Perhaps they will spent a little more time on GITHub, Sourceforge and Launchpad than they do on Facebook and Twitter. Maybe people will learn the power crowd sourcing and Venture capital companies will stop demanding sure-thing projects and take a little more risk and realise that you will have to give something in order to receive.I feel like I am back in Sunday school here guys but I have to say it nevertheless.“Blessed are those who give. For they shall see less bugs.”

Give and you shall receive. You must give in order to receive.