this post was submitted on 26 Oct 2024
68 points (71.5% liked)

Asklemmy

43943 readers
815 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy πŸ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_[email protected]~

founded 5 years ago
MODERATORS
 

I for one am going through quite a culture shock. I always assumed the nature of FOSS software made it immune to be confined within the policies of nations; I guess if one day the government of USA starts to think that its a security concers for china to use and contribute to core opensource software created by its citizens or based in their boundaries, they might strongarm FOSS communities and projects to make their software exclude them in someway or worse declare GPL software a threat to national security.

top 50 comments
sorted by: hot top controversial new old
[–] slazer2au 67 points 4 weeks ago (2 children)

Nope. Politics is part of being open source.

As for US strong arming you don't have to be a US company for them to do that. RISK-V and ASML have been targeted by them in the past to prevent Chinese use.

[–] [email protected] 11 points 4 weeks ago* (last edited 4 weeks ago)

RISK-V and ASML have been targeted by them in the past to prevent Chinese use.

reading the broad points regarding RISC-V, I think my worst case scenario is apparently just the present day.

load more comments (1 replies)
[–] Karmmah 47 points 4 weeks ago (1 children)

It wasn't a culture shock but it made something obvious that sometimes gets forgotten. The "Open" just means that one can look at the source code and copy it to make a new version. There is no obligation of the original creators to support things outside of what they want/can do.

load more comments (1 replies)
[–] [email protected] 46 points 3 weeks ago* (last edited 3 weeks ago) (37 children)

Yes. There is an extremely arbitrary distinction made between the USA and Russia. Both are known for injecting spyware. China is somehow still okay? It makes no sense.

Not to mention the elephant in the room by not banning another certain country actively committing war crimes.

All software should be safety checked. Where the maintainer is from should be irrelevant.

But the most weird aspect is the timing. Why now and not a few years ago?

[–] [email protected] 15 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

All part of the current US/NATO approved Overton Window, friend.

[–] [email protected] 8 points 3 weeks ago (1 children)
load more comments (1 replies)
load more comments (36 replies)
[–] [email protected] 43 points 4 weeks ago (1 children)

Those kinds of problems aren't particularly new (PGP comes to mind as an example back when you couldn't export it out of the US), but it's a reminder that a lot of open-source comes from the US and Europe and is subject to western nation's will. The US is also apparently thinks China is "stealing" RISC-V.

To me that goes against the spirit of open-source, where where you come from and who you are shouldn't matter, because the code is by the people for the people and no money is exchanged. It's already out there in the open, it's not like it will stop the enemy from using the code. What's also silly about this is if the those people were contributing anonymously under a fake or generic name, nothing would have happened.

The Internet got ruined when Facebook normalized/enforced using your real identity online.

[–] I_Miss_Daniel 6 points 3 weeks ago

The Internet got ruined when Facebook normalized/enforced using your real identity online.

They now encourage fake accounts. Has made moderating groups somewhat harder.

[–] [email protected] 27 points 3 weeks ago (1 children)

Not really, open source projects don't necessarily have to be open to all contributors and I was aware of this already. They have to be open to anyone doing what they want with the code, by definition, which is good, but they don't have to allow everyone to contribute to upstream. I'm not sure if there's any particular defence against this being used in a discriminatory manner, but I do think this effect is significantly mitigated by the decentralised nature of open source and the fact that it's not too uncommon for forks to become preferred over the original, the fact that open source projects rise and fall in popularity, etc.

I wonder if there's some way to manage an open source project so that it's not subject to particular national laws in this way.

load more comments (1 replies)
[–] [email protected] 26 points 4 weeks ago

Is this really Linux drama though? It seems more like political drama that ended up jizzing on Linux.

I mean, yeah, there's been drama after the decision was made based on legal issues brought about by political drama, but this part of it isn't, if you get the distinction.

The only real linux drama part, as far as I can see is the crappy way it was announced, which isn't what most of the people involved in the drama after the fact are complaining about.

I dunno, I'm not complaining about the post here, just talking about the overall issue itself using the post as a jumping point.

Anyway, I guess what I'm getting at is that foss development can't be immune from political fuckery (no matter how justified or unjustified it is). Everyone that's going to be involved in development is going to live under some nation's thumb, and is vulnerable to any legal ramifications of that nation. So there's no way to prevent a project being strongarmed; all that's possible is having enough people that can review the code do so, so that any fuckery that affects the project is known, so that everyone can decide what they want to do about it as individuals.

As long as individual people have the ability to use any foss software they want on their own devices, there's a limit to how bad the fuckery can get. Tbh, I'm more worried about corporate fuckery in foss projects than governmental

[–] Diplomjodler3 23 points 3 weeks ago (2 children)

Linux at this point is an absolutely critical part of the information infrastructure our world is built on. It's not just a few nerds in basements cobbling together code. Safeguarding this infrastructure against bad actors is absolutely crucial for everybody's safety. Unfortunately we're going to see more of this kind of stuff in an increasingly polarised world.

[–] [email protected] 11 points 3 weeks ago

Depending on industry, 60-80% of all servers, globally, are running on Linux. So yes, we are not going away.

[–] rottingleaf 6 points 3 weeks ago

Israelis are more known for putting backdoors wherever they can than Russians, for example.

Anyway, nation-states are not the only kind of group with malicious interest. Maybe a maintainer is a member of some mafia, I dunno. How are you going to know this?

Many things can be done with FreeBSD. Again, in our time it may get some popularity again not because of such events even, but because of their possibility and to avoid monoculture (in the context of backdoors too).

[–] [email protected] 19 points 3 weeks ago

Open source means open source, I never assume anything else from open source projects.

[–] [email protected] 18 points 3 weeks ago

Well, in theory open source is immune to all that. However, the country a project is registered at, matters. That's why the RISC-V project, for example, took its headquarters from the US to Switzerland. For that exact reason: so no country could strong arm it, especially since Chinese were the major contributors to the project (Switzerland is not 100% neutral, but it's more neutral than other countries).

[–] [email protected] 17 points 3 weeks ago (8 children)

Yes. If FOSS projects bend the knee to shitty laws just because β€œthey are the law”, then FOSS is free labor for corporations with no gains for the people.

[–] rottingleaf 5 points 3 weeks ago (1 children)

That's the point of FOSS as copyleft, to use the law to protect "free and open" information. This allows bigger projects, because contributors don't have to keep their heads down.

At the same time maybe this is a downside, not an upside. As the reason why it has all gotten so big and complex and corporate-influenced.

load more comments (1 replies)
load more comments (7 replies)
[–] [email protected] 16 points 3 weeks ago* (last edited 3 weeks ago)

What happened this time?

Edit, answered elsewhere:

Recently, Linux removed several people from their organization that have Russian email addresses. Linus made a statement that confirmed this was done intentionally. I believe that there was some mention of following sanctions on Russia due to the war. I haven’t looked into the details of it all, so take my analysis with a grain of salt. From what I understand, it sounded like it was only Russian maintainers that were removed and normal users submitting code from Russia can still contribute. Maintainers have elevated permissions and can control what code gets accepted into a project, meaning that a bad actor could allow some malicious code to sneak past. This may have also contributed to the decision since this type of attack has happened before and Russia seems like a likely culprit. The reactions to this change have been varied. Some people feel it is somewhat justified or reasonable, some people think that it means it is no longer open source, and some people think it is unfairly punishing Russian civilians (it is worth noting that that is part of the point of sanctions).

[–] [email protected] 16 points 3 weeks ago

@Artemis_Mystique No.

It changed my view on how true to their ideas some people are.

[–] [email protected] 13 points 3 weeks ago
[–] [email protected] 11 points 3 weeks ago (1 children)

Just this one. The philosophy is still there, Linus and TLF have abandoned it with great hubris. I am very disappointed in them.

[–] rottingleaf 7 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

I'm thinking about that conspiracy theory of Linus having been made an offer one can't refuse, when some time ago he took a vacation and returned with news about seeing the error of his ways.

It almost coincided with Stallman being canceled for one of his usual highly socially unacceptable, but in principle consistent opinions. With most of the attackers being frankly some new random corporate-associated people, not very active in real communities.

Maybe I'll re-read J4F and compare Linus from there to these events. Canary and all.

EDIT: Before you downvote this for the mush in my head (thx Linus) propagating conspiracy theories, offers one can't refuse are not exactly an impossible thing. And WWII radio games, where, having captured an enemy station's operator, one of the sides could either imitate their style in transmissions or just force them to transmit what it wanted.

load more comments (1 replies)
[–] [email protected] 9 points 4 weeks ago (1 children)

Not realy since Open source is most of the time still the best Option, and you cant realy controll Open source since there is always the option to fork Things. (For example If the US decided that China ist a NoNo the Open source Community in EU or India can do what they want since it is not under their jurisdiction)

load more comments (1 replies)
[–] [email protected] 8 points 3 weeks ago

No, only of Linux

[–] [email protected] 7 points 3 weeks ago (1 children)

Same here. For now it's only barring contributors which won't harm actual users much, but that could change in the future with the precedent this is setting.

What's the point of "FOSS" at that point if it's not so different from corporate products, being similarly vulnerable to sanctions? I could see genuine free software being relegated to piracy communities if it goes that far.

[–] Karmmah 8 points 3 weeks ago

FOSS gives people the option to take the original code and create their own version of it in case they don't like what the original maintainers are doing. With closed source you would be stuck and would have to look for something new.

[–] [email protected] 7 points 3 weeks ago
[–] JusticeForPorygon 6 points 3 weeks ago (2 children)
[–] [email protected] 8 points 3 weeks ago (1 children)

Recently, Linux removed several people from their organization that have Russian email addresses. Linus made a statement that confirmed this was done intentionally. I believe that there was some mention of following sanctions on Russia due to the war. I haven't looked into the details of it all, so take my analysis with a grain of salt. From what I understand, it sounded like it was only Russian maintainers that were removed and normal users submitting code from Russia can still contribute. Maintainers have elevated permissions and can control what code gets accepted into a project, meaning that a bad actor could allow some malicious code to sneak past. This may have also contributed to the decision since this type of attack has happened before and Russia seems like a likely culprit. The reactions to this change have been varied. Some people feel it is somewhat justified or reasonable, some people think that it means it is no longer open source, and some people think it is unfairly punishing Russian civilians (it is worth noting that that is part of the point of sanctions).

load more comments (1 replies)
load more comments (1 replies)
[–] TORFdot0 6 points 3 weeks ago

If someone really wants to use the contribution of the expelled maintainers they can just make their own fork. Part of the Free in FOSS is the freedom to associate or not associate with contributors.

[–] [email protected] 5 points 3 weeks ago

Yes, bad actors can exist everywhere, it doesn't really help anything but fragment the project and harm it, do we need multiple directed forks ? Fuck no it will be best if everyone can monitor and contribute, I kind of think of it as they do peer reviewing in research and shit, it's always better when more people can view it, that will leave less room for biasing and frankly detect bad actors easily

load more comments
view more: next β€Ί