Excellent post: Everything is Broken. Read it all, but here are 2 extracts from an extraordinarily good article:
Look at it this way — every time you get a security update (seems almost daily on my Linux box), whatever is getting updated has been broken, lying there vulnerable, for who-knows-how-long. Sometimes days, sometimes years. Nobody really advertises that part of updates. People say “You should apply this, it’s a critical patch!” and leave off the “…because the developers fucked up so badly your children’s identities are probably being sold to the Estonian Mafia by smack addicted script kiddies right now.”
When the NSA hoards exploits and interferes with cryptographic protection for our infrastructure, it means using exploits against people who aren’t part of the NSA just doesn’t count as much. Securing us comes after securing themselves.
In theory, the reason we’re so nice to soldiers, that we have customs around honoring and thanking them, is that they’re supposed to be sacrificing themselves for the good of the people. In the case of the NSA, this has been reversed. Our wellbeing is sacrificed to make their job of monitoring the world easier. When this is part of the culture of power, it is well on its way to being capable of any abuse.