this post was submitted on 01 Feb 2024
71 points (96.1% liked)

Open Source

31122 readers
288 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
71
Only FLOSS Provides Sovereignty, Compatibility, and Security. (kbin.social)
submitted 9 months ago* (last edited 9 months ago) by [email protected] to c/[email protected]
15 comments fedilink hide all child comments
 

I came across an NPR Article this morning discussing malware believed to have been installed by China on many small office / home routers across the United States.

National Cyber Director Harry Coker Jr. alluded to the fact that the US does the exact same thing by advising The House Select Committee on the Chinese Communist Party to "continu[e] operating with confidence, not yielding the initiative, not merely staying on the defensive, but being as strong as the United States has always been"

The vulnerability that was exploited was "outdated Cisco or NetGear devices that were no longer subject to software updates." These vulnerabilities were present because proprietary equipment and software was no-longer being maintained. This is far less likely to have occurred with routers using FLOSS, like OpenWRT. Such routers regularly receive updates for many years after the original equipment manufacturer has stopped supporting them.

Only with FLOSS hardware, software, and shared standards can nation states have digital sovereignty, compatibility, and security. If all sides are using the same FLOSS standards, then they can host their own services without dependence on a foreign tech sector, they can maintain international compatibility, and any vulnerabilities affect all parties equally. Therefore, it is in the best interest of each party to contribute fixes which ensure their own infrastructure is secure, and simultaneously provide security & functionality to each other party.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 39 points 9 months ago (3 children)

I've always felt that public money should require public code. It makes total sense, unless you are a politician who wants to give favors and earn kickbacks.

[–] [email protected] 19 points 9 months ago* (last edited 9 months ago) (2 children)

Sane way that publicly funded science should be published and freely accessible.

It's a pipe dream, coz capitalism.

[–] [email protected] 4 points 9 months ago

Capital interests certainly oppose the public domain, but I don't think it's a pipe dream, I think it's a policy change. Everything has swung in favor of private capital for long enough that it's time for the pendulum to swing back toward the public interest. I think the iron is hot, and right now is the time to start imaging and building better institutions.

[–] [email protected] 2 points 9 months ago

Things are definitely moving in this direction, a number of changes at the federal level are happening in the US. The US and EU have many grant/funding programs where open publishing is a requirement, not an option.

[–] [email protected] 9 points 9 months ago

Absolutely, and I'm glad someone else has thought the exact same thing! "Public money == public code".

[–] [email protected] 0 points 9 months ago (1 children)

When the government contracts for IT equipment, it comes with terms about maintenance, updates, and life cycle. It would require a much higher cost, especially in FTE funding, to ensure that open source code is viable and safe before deployment. I'm not implying that there are zero risks or errors with contracts, though they do provide some benefits.

[–] [email protected] 3 points 9 months ago (1 children)

to ensure that open source code is viable and safe before deployment.

It takes the same amount of time to develop closed source as open source software. So doea validating and certifying it.

Not sure why it should be more expensiv to put the moeny towards a OSS solution.

[–] [email protected] 1 points 9 months ago (1 children)

Because the government would have to hire the employees directly for this, versus the company that is contracted to do so.

[–] [email protected] 1 points 9 months ago

No. You can write in the contract that the Software needs to be open.