FLOSS virtualization hacker, occasional brewer

  • 0 Posts
  • 4 Comments
Joined 3 years ago
Cake day: June 9th, 2023
  • Alex@lemmy.mltoProgramming@programming.devThe Hidden Vulnerabilities of Open Source - Revisiting and Contextualizing the designed xz backdoor, multi-year-long effort
    1·
    6 months ago

    There are large areas of open source that don’t rely on volunteer labour because companies with a vested interest pay people to work on them. They tend to be the obvious large projects that are continuously developed and gain new features. The trouble with something like xz is it was mostly “done” (as in it did the thing it was intended to do) but still needed maintenance to address the minor niggles, bug reports and updates to tooling and dependencies.

    The foundations could do a better job here of supporting the maintainers. After Heartbleed the Linux Foundation started the Core Infrastructure Initiative to help fund those under recognised projects. I would hope the people running that could be more proactive identifying those critical understaffed components.

    Edit I think it’s now called the Open Source Security Foundation: https://openssf.org/

  • Alex@lemmy.mltoNo Stupid Questions@lemmy.worldHow come nobody does anything about North Korea?
    0·
    8 months ago

    Are you familiar with the Korean war? There was a massive conflict which got drawn out into a stalemate and everybody agreed a temporary ceasefire was preferable to even more destruction.

    Trying to topple a regime that has nothing to lose and a highly indoctrinated population is not an easy ask. We can only hope that like most authoritarian regimes they eventually succumb to the weight of their own opression. It’s better than torching the whole continent in the name of freedom.