SoylentNews

Moxie Marlinspike Leaves Encrypted-Messaging App Signal

posted by janrinok on Thursday January 13 2022, @12:53PM   
from the delegate++ dept.

upstart writes:

Moxie Marlinspike leaves encrypted-messaging app Signal:

Moxie Marlinspike, the co-founder and chief executive of encrypted-messaging app Signal, has resigned.

He blogged it was a "good time to replace myself as CEO" after working on Signal for over a decade.

Signal recently enabled crypto-currency payments within the app, which has concerned some users. Mr Marlinspike remains a board member of the Signal Foundation, while the board's executive chair, Brian Acton, becomes interim chief executive.

[...] Mr Marlinspike - whose real name is Matthew Rosenfeld - blogged he had always hoped to reach a point where Signal could "grow and sustain" beyond his involvement.

"I was writing all the Android code, was writing all of the server code, was the only person on call for the service, was facilitating all product development, and was managing everyone," he wrote. "I couldn't ever leave cell service, had to take my laptop with me everywhere in case of emergencies, and occasionally found myself sitting alone on the sidewalk in the rain late at night trying to diagnose a service degradation."

More than 40 million people now use Signal.

---

Original Submission

• HeartBleed HeartBleed (Score: 3, Interesting) by quietus on Thursday January 13 2022, @06:20PM (3 children)

  by quietus (6328) on Thursday January 13 2022, @06:20PM (#1212456) Journal

  "I was writing all the Android code, was writing all of the server code, was the only person on call for the service, was facilitating all product development, and was managing everyone," he wrote. "I couldn't ever leave cell service, had to take my laptop with me everywhere in case of emergencies, and occasionally found myself sitting alone on the sidewalk in the rain late at night trying to diagnose a service degradation."

  That quote made me think of HeartBleed -- essentially 2 guys keeping an essential piece (OpenSSL) of software running -- and leaves me very worried about the [security of the] service. (There were still one or two OpenBSD developers spitting through the OpenSSL code, according to a 2020 (i believe) report on undeadly.org, and they're only halfway through.)

  (For the record: this is not criticism on [the quality of the code produced by] Moxie Marlinspike, nor his security knowledge.)

  Starting Score:	1		point
  Moderation		+1
  Interesting=1, Total=1
  Extra 'Interesting' Modifier		0
  Karma-Bonus Modifier		+1
  Total Score:		3

• Re:HeartBleed Re:HeartBleed (Score: 2, Informative) by Anonymous Coward on Thursday January 13 2022, @06:27PM (2 children)

  by Anonymous Coward on Thursday January 13 2022, @06:27PM (#1212461)

  There were still one or two OpenBSD developers spitting through the OpenSSL code, according to a 2020 (i believe) report on undeadly.org, and they're only halfway through

  https://www.openssl.org/community/committers.html [openssl.org]

  There is a few more now. They have a budget of around $1 million

  https://en.wikipedia.org/wiki/OpenSSL#Project_history [wikipedia.org]

  It's better than it used to be.

  Parent

  • Re:HeartBleed (Score: 5, Insightful) by quietus on Thursday January 13 2022, @06:37PM

    by quietus (6328) on Thursday January 13 2022, @06:37PM (#1212467) Journal

    Better than it used to be ... If those 18 committers were working full-time, you'd need two to three times that budget of $1 million for a year's worth of their production. And yet, the whole world still depends on that piece of software.

    Parent

  • Re:HeartBleed (Score: 1, Informative) by Anonymous Coward on Saturday January 15 2022, @01:34AM

    by Anonymous Coward on Saturday January 15 2022, @01:34AM (#1212822)

    LibreSSL is OpenBSD, OpenSSL is still the same clowns!

    Parent