The original qMail author, Dan Berstein (DJB) was so convinced of the infallibility of his code that he put up a monetary reward for any exploits. This context came about because DJB, as a professor of Computer Science, maintained that it is completely within the realm of reality to write unbuggy, yet complicated and highly functional code.
DJB welched on every claim at that bounty, and refused to pay out. He is an egotistical over-selfconfident person. He wrote good code back in the day, but he lost the forest for the trees.
You're being downvoted, but from what I can tell you're right. DJB is undoubtedly a brilliant computer scientist, but it seems he'd be very quick to tell you that. I see this as a loss to our profession because I think that DJB-minus-ego could make even more awesome things.
Oh, I don't know about that. There are lots of brilliant computer scientists and mathematicians with reputations for also being really nice and humble people. The smartest people I know freely admit when they're at the edge of their knowledge and abilities, and are the first to tell you when they've made mistakes.
You're talking about other people's motivations. But DJB minus ego wouldn't be some other person, he'd still be DJB; just "DJB if you cut a certain part of his brain out." And I don't think that that person would have any other motivation-generating part of his brain left. His works specifically seem entirely ego-driven. DJB minus the ego probably wouldn't have had any interest in becoming an information-worker at all. (I'd like to think he'd become a janitor, like the protagonist of Flowers for Algernon. :P)
I concede this point. May I modify my original statement? I wish DJB took motivation from non-ego sources, so that we could have the wonderful things he’s made, but even more wonderful because they were made by someone who knew they were fallible.
Almost everyone who has worked really hard to be great at something has an ego about it. In most cases, they really wanted to be better than (often some specific) others.
To pick some well know people, I'd say Feynman and Einstein both had massive egos. They "knew" they were smart. They also had reputations for being really nice and humble.
It would be simpler to just admit that you think DJB is a bit of a jerk. Linus Torvalds is a bit of a jerk too, in most people's estimation. Brilliant jerks, we call them.
They can make great workers and are always terrible leaders.
There’s a big difference between self-assessed qualifications, and ability to admit fallibility. Good scientists know they know a lot. Great scientists know that they don’t know a lot, and admitting that you might be wrong is critical for the scientific method to work.
So DJB is brilliant, but if he admitted that he could make mistakes (or even that a compiled could mis-compile his flawless code), then he might have put in failsafes like unreachable code assertions that would have meant that we wouldn’t be discussing this today.
I don’t think he’s a jerk. I don’t know enough about him; maybe he’s the nicest, kindest guy around. I do think the evidence suggests that he’s arrogant, though, and that’s not a good look on anyone.
I did a rough diff of the two first saved snapshots (which span 2009), and got this:
@@ -6,7 +6,7 @@
The djbdns security guarantee
-I offer $500 to the first person to publicly report a verifiable security hole in the latest version of djbdns.
+I offer $1000 to the first person to publicly report a verifiable security hole in the latest version of djbdns.
@@ -14,17 +14,25 @@
-Bugs outside of djbdns, such as OS bugs or browser bugs, do not qualify. The vulnerability of DNS to forgery does not qualify. Denial-of-service attacks do not qualify. (An attacker can easily take down the Domain Name System, or selected parts of it; this is not news.)
+Examples of problems that do not qualify:
+
+
+
+ Bugs outside of djbdns, such as OS bugs or browser bugs. (People could seize control of BIND 9.1 through an OpenSSL buffer overflow, but that was a bug in OpenSSL, not in BIND.)
+
+ The vulnerability of DNS to forgery. (BIND's port reuse makes blind forgery much less expensive, but this is a quantitative difference, not a qualitative difference. The DNS architecture needs cryptographic protection.)
+
+ Denial-of-service attacks. (BIND 9's fragility makes denial of service completely trivial; but an attacker can easily take down the Domain Name System without using any of BIND's bugs. The DNS architecture needs to be decentralized.)
I don't think this looks unreasonable in terms of actual consequences/definitions, but it is interesting how much effort and verbiage he spends on pointing out the flaws of other DNS servers.
So wide-spread is his ego, that it reminds me of this quote from Donnie J. Barnes (of RedHat): "I went on IRC once. I was mistaken for Dan Bernstein. I still have nightmares."
Can you give an example of a claim he "welched" on? Google isn't pointing me to anything except the fact that email is unencrypted which I tend to agree is out of scope.
DJB welched on every claim at that bounty, and refused to pay out. He is an egotistical over-selfconfident person. He wrote good code back in the day, but he lost the forest for the trees.