this post was submitted on 26 Oct 2024
77 points (73.9% liked)

Asklemmy

43733 readers
1708 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
 

I for one am going through quite a culture shock. I always assumed the nature of FOSS software made it immune to be confined within the policies of nations; I guess if one day the government of USA starts to think that its a security concers for china to use and contribute to core opensource software created by its citizens or based in their boundaries, they might strongarm FOSS communities and projects to make their software exclude them in someway or worse declare GPL software a threat to national security.

(page 3) 23 comments
sorted by: hot top controversial new old
[โ€“] [email protected] 1 points 5 days ago

People are just waking up to the fact that theory isn't reality.

[โ€“] [email protected] 1 points 5 days ago

Everything be it software or anything else is beholden only to those who is the highest bidder. Being FOSS doesn't change anything. This has been true for some time now that Linux and TLF is duty bound to businesses running it.

It had been covert till now, it is the overtness of this action which is surprising to most. I for one am surprised it didnt happen sooner.

[โ€“] [email protected] -1 points 4 days ago

If you are having sensitive information stored using closed-source software/OS, you can stop reading right here. This is your biggest vulnerability and the best thing you can do is to switch to FOSS.

For those that have already switched:
It made me think about how to improve the resistance of large FOSS projects against state-sponsored attackers injecting backdoors.

The best thing i came up with would be to have each contribution checked by a contributor of a rival state. So a Russian (or Chinese) contributor verifies a contribution by an American.
The verifying contributors would have to be chosen at random in a way that is not predeterminable by an attacker, otherwise a Chinese-state contributor will contribute harmless code until the next verifier will be a US-based Chinese spy. Then they will submit a backdoor and have it checked by an American citizen paid by China.
Also the random number generator has to be verifiable by outsiders, otherwise a spy in the Linux-Foundation can manipulate the outcome of choosing a favorable verifier for a backdoor.

This can obviously only be done as long as there are lots of contributors from rivaling states. If the US decided that Linux can only allow contributors from USA/EU, then this model can not work and Linux would have to relocate into a more favorable state like Switzerland.

What one should keep in mind that even if the US would ban all foreign contributions and the foundation would not relocate, Linux would still be more secure than any closed source OS, as those foreigners can still look at the code and blow the whistle on bugs/backdoors. It would however be much more insecure than it is now, as the overhead for finding bugs/backdoors would be much larger.

[โ€“] [email protected] -1 points 5 days ago* (last edited 5 days ago)

Certain Open Source movements are pure bigotry and opportunism, the Linux Kernel / The Linux Foundation for example, so it doesn't really make me wonder.

[โ€“] [email protected] 0 points 5 days ago* (last edited 5 days ago) (1 children)

I'm not concerned that they followed the best advice of their lawyers to respond to the legal and political challenges that currently exist.

I am concerned that hostile nation states (define those as you will) have made supply chain attacks (remember the xz Utils backdoor) so common that actions like this or worse are becoming necessary and that open source, globally contributed software could be at risk.

load more comments (1 replies)
[โ€“] [email protected] 0 points 5 days ago (2 children)

It's banning contributors but not contributions themselves. So there must be inconvenience but somewhat effective workarounds. That could be fun to see unfold.

load more comments (2 replies)
load more comments
view more: โ€น prev next โ€บ