[ShadowAce]

[RitaOK]

” IS THE FOSS INFRASTRUCTURE CRUMBLING? “

---

I don’t know but my alley is, definitely.

[zeugma]

The vast majority of internet infrastructure still runs on FOSS software. We are going to have to come up with a way to unwrite the maintenance of some parts of it though. Things like SSH come to mind. The problem for the developers is that it is something that is hard to monetize. You can build a business around the Apache webserver, and databases, and things like that, because they are a lot more flashy than a secure communications protocol.

Regular audits should be run on many of these 'small' bits of what are essentially critical parts of the infrastructure, but the question arises of "Who's going to pay for that?" It's tempting to say that it should be companies like RedHat that live almost wholly in the FOSS space. The problem with that, is that everyone depends upon things like SSH even if they don't know it. The cryprographic protocols now built into servers of almost all kinds are absolutely critical to commerce to an astounding degree, but we don't really have anyone that is spending the time to look at the internals of them and make sure things like PRNGs, handshakes,fallbacks and such are properly written.

One of the biggest problems is, that in the case of physical infrastructure, government agencies would go this, and doubtless waste countless billions and introduce bureaucracy and multiple layers of cruft into the process. However, even if the government claimed it wanted to take on such a task, they simply can't be trusted with it. We know that the NSA has purposefully and with malice aforethought kept many if not most failures of software they've discovered secret, so they can exploit them at their leisure, regardless of how wide-open such actions leave all of us.

Feral governments, like ours and most others on the planet have fundamental conflicts of interest in taking on such a task.

Perhaps we need something like UL (Underwriters Labratories) for some critical FOSS. One problem is going to be identifying what is, and is not critical. Is the TCP/IP stack critical infrastructure? I'd say so. What about APIs for financial transactions? Maybe, maybe not, depending upon how the API is constructed.

This entire subject does need some light and discussion.

 

[RinaseaofDs]

This is what I never understood about the Linux crowd. What part of FREE do they not get? Why should any for-fee company pay to keep a competitor going? Why should the pay to sustain an OS that a base of a software companies users will demand they support (for Free).

I give them a ton of credit for getting these guys to pony anything to them.

Seems like there’s a hot new programming language coming out every quarter now. I can’t keep up with them all, like a dinosaur sinking in a tar pit.

[tacticalogic]

The problem with open source projects is that eventually, the owner gets a girlfriend.

[grey_whiskers]