96
Heartbleed and XZ Backdoor Learnings: Open Source Infrastructure Can Be Improved Efficiently With Moderate Funding (optimizedbyotto.com)
submitted 3 months ago by lemmyreader@lemmy.ml to c/opensource@lemmy.ml
14 comments fedilink hide all child comments
top 14 comments
sorted by: hot top controversial new old
[-] DetectiveSanity@lemmy.world 25 points 3 months ago

Imagine if the governments were to fund open source projects when they need and as such the benefit is available to everyone if they have no money.

In such scenario all governments/citizens would have access to software that is good.

[-] registeredusername@lemmy.world 15 points 3 months ago

But but think about those poor (for profit) corporations. How can they ever afford to pay upper management million dolla paychecks without milking us dry :)

And think about the children

/s

[-] DetectiveSanity@lemmy.world 4 points 3 months ago

Ohh yeah, gotta think about children's safety online.

[-] wiki_me@lemmy.ml 2 points 3 months ago

My country has non profits that lobby for citizens , I wonder if there is enough motivation in the community to set something like that for FOSS, I don't think existing non profits (FSF, OSI) will want to deal with that kind of stuff .

[-] bigkahuna1986@lemmy.ml 10 points 3 months ago

It's always impressive to me that instead of sending billions of dollars to Microsoft, the US government could have had an entire operating system that caters exactly to them. They could have then given back in the form of commits improving the software for the rest of us too.

[-] onlinepersona@programming.dev 5 points 2 months ago

Vote Pirate Party

Anti Commercial AI thingyCC BY-NC-SA 4.0

[-] floofloof@lemmy.ca 9 points 3 months ago* (last edited 3 months ago)

It was a huge fluke of luck that the XZ backdoor didn’t go in any actual Linux distribution releases.

It did get into a few, just not the ones corporations are likely to be using.

[-] DetectiveSanity@lemmy.world 9 points 3 months ago

I doubt it would have been discovered this fast and easily if it was closed source.

[-] bort@sopuli.xyz 14 points 3 months ago

it's safe to assume there are similar issues in closed source. A big part of the snowden leaks was about how NSA could access lots of data at will. It wouldn't surprise me if they also could execute code.

Also there is stuxnet. But I am not sure, if there were intentional backdoors, or only some "natural occuring" RCE.

[-] Kelly@lemmy.world 7 points 3 months ago

It wouldn't surprise me if they also could execute code.

They sat on external blue for 5 year before it was stolen and they disclosed the vulnerability to Microsoft.

https://en.wikipedia.org/wiki/EternalBlue

I don't see why we wouldn't assume there is always something similar in their armoury.

[-] Hadriscus@lemm.ee 7 points 2 months ago* (last edited 2 months ago)

I got into a rabbit hole and read the story of the SolarWinds attack. Even as a total layman, what a rollercoaster.

[-] chebra@mstdn.io 1 points 2 months ago

@Hadriscus I wonder if anyone at SolarWinds or Mandiant would notice a 300ms delay. They didn't even find it in June after the FBI contacted them.

[-] Hadriscus@lemm.ee 1 points 2 months ago

Looks like passionate people working on open source projects are more reliable as watch dogs

[-] lemmyreader@lemmy.ml 1 points 2 months ago

Thanks

this post was submitted on 07 Apr 2024
96 points (98.0% liked)

Open Source

29014 readers
191 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 4 years ago
MODERATORS
Cloak@lemmy.ml
kevincox@lemmy.ml
CrypticCoffee@lemmy.ml
Lettuceeatlettuce@lemmy.ml