"Basically, the NSA asks companies to subtly change their products in undetectable ways: making the random number generator less random, leaking the key somehow, adding a common exponent to a public-key exchange protocol, and so on. If the back door is discovered, it's explained away as a mistake. And as we now know, the NSA has enjoyed enormous success from this program." -Bruce Schneier
So when Rasmus Lerdorf checked in a change to PHP that broke crypt(), and then made a release without bothering to run the tests (he claimed that "This is mostly because we have too many test failures which is primarily caused by us adding tests for bug reports before actually fixing the bug."), was that actually because he was working for the NSA to install a giant backdoor in PHP, and not just completely incompetent and totally negligent? https://plus.google.com/113641248237520845183/posts/g68d9RvR...
"We have things like protected properties. We have abstract methods. We have all this stuff that your computer science teacher told you you should be using. I don't care about this crap at all." -Rasmus Lerdorf
"I'm not a real programmer. I throw together things until it works then I move on. The real programmers will say "Yeah it works but you're leaking memory everywhere. Perhaps we should fix that." I’ll just restart Apache every 10 requests." -Rasmus Lerdorf
Since the bug (if I understand it) would prevent anyone with an existing database from upgrading because then nobody could login, it doesn't seem like a particularly effective undetectable backdoor.
Maybe it is some very elaborate ruse by the PHP team to create regression bugs that break frequently used functions badly so when they slipped in the NSA bug it would go undetected but I doubt that. I lost count of how many times a PHP stable release introduced a massive regression bug.
"For all the folks getting excited about my quotes. Here is another - Yes, I am a terrible coder, but I am probably still better than you :)" -Rasmus Lerdorf
So when Rasmus Lerdorf checked in a change to PHP that broke crypt(), and then made a release without bothering to run the tests (he claimed that "This is mostly because we have too many test failures which is primarily caused by us adding tests for bug reports before actually fixing the bug."), was that actually because he was working for the NSA to install a giant backdoor in PHP, and not just completely incompetent and totally negligent? https://plus.google.com/113641248237520845183/posts/g68d9RvR...
"We have things like protected properties. We have abstract methods. We have all this stuff that your computer science teacher told you you should be using. I don't care about this crap at all." -Rasmus Lerdorf
"I'm not a real programmer. I throw together things until it works then I move on. The real programmers will say "Yeah it works but you're leaking memory everywhere. Perhaps we should fix that." I’ll just restart Apache every 10 requests." -Rasmus Lerdorf