Unfortunately no.
I remember the selinux controversy and the nsa trying to slip bad algorithms in.
this post was submitted on 26 Oct 2024
81 points (100.0% liked)
Asklemmy
1454 readers
73 users here now
A loosely moderated place to ask open-ended questions
Search asklemmy ๐
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- !lemmy411@lemmy.ca: a community for finding communities
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
founded 5 years ago
MODERATORS
Nothing is devoid of global politics.
If you are having sensitive information stored using closed-source software/OS, you can stop reading right here. This is your biggest vulnerability and the best thing you can do is to switch to FOSS.
For those that have already switched:
It made me think about how to improve the resistance of large FOSS projects against state-sponsored attackers injecting backdoors.
The best thing i came up with would be to have each contribution checked by a contributor of a rival state. So a Russian (or Chinese) contributor verifies a contribution by an American.
The verifying contributors would have to be chosen at random in a way that is not predeterminable by an attacker, otherwise a Chinese-state contributor will contribute harmless code until the next verifier will be a US-based Chinese spy. Then they will submit a backdoor and have it checked by an American citizen paid by China.
Also the random number generator has to be verifiable by outsiders, otherwise a spy in the Linux-Foundation can manipulate the outcome of choosing a favorable verifier for a backdoor.
This can obviously only be done as long as there are lots of contributors from rivaling states. If the US decided that Linux can only allow contributors from USA/EU, then this model can not work and Linux would have to relocate into a more favorable state like Switzerland.
What one should keep in mind that even if the US would ban all foreign contributions and the foundation would not relocate, Linux would still be more secure than any closed source OS, as those foreigners can still look at the code and blow the whistle on bugs/backdoors. It would however be much more insecure than it is now, as the overhead for finding bugs/backdoors would be much larger.
I'm ootl. Quick summary?
Hasn't changed my view much. I already knew Linux was a company that has a legal presence in the US and so would be subject to their laws. The only real surprise is that it's taken so long to action this particular set of sanctions.
I do think the announcement was poorly handled - it should have been explained either before or immediately afterwards to cut back on the conjecture. The git notice only said that these contributors' names had been removed from the credits, not that they'd been stopped from contributing completely. Any company, including Linux, that does something they know is going to be contentious like this should bloody well get ahead of that curve and put the facts out.
The world is at war. It's not a bloody world war as we've seen before, but it is nation against nation by other means. FOSS is used so widely it is absolutely a target and nobody can be so idealistic that they cannot see the conflict, nor not know that it's constantly being attacked. Where you live does matter. I wish that wasn't the case - I truly do, but it's naive in the extreme to pretend otherwise.
This wasn't a decision made based on sanctions, it was just an excuse given but no actual evidence of Linux being required to act on them was ever given.
Why do you think Linus is not being truthful?
Other countries are similarly sanctioned, and hundreds of maintainers from those sanctions are still there. So the sanctions thing is absolutely just an excuse.
What Linus just did to Russians is scaring a lot of people right now, who are probably wondering if they should keep working in association with a project which has just demonstrated its unreliability.
From what I understand this wasn't a decision dictated by sanctions nor was there any strongarming. Otherwise it would've happend way earlier.
I also think splitting politics and literally anything else doesn't work and is something people who benefit from the discussion (or lack therof) made up.
No
People are just waking up to the fact that theory isn't reality.
It's banning contributors but not contributions themselves. So there must be inconvenience but somewhat effective workarounds. That could be fun to see unfold.
Although why would anyone from Russia even consider helping a project which sees them as lesser
But that's not what happened. If the lawyers are saying that some open source groups can't work with open source groups in Russia, as Linus indicated, that doesn't mean either group dislikes the other group. I don't think this is a question of animosity.