83
submitted 7 months ago by Five@slrpnk.net to c/technology@beehaw.org
you are viewing a single comment's thread
view the rest of the comments
[-] tal@lemmy.today 4 points 7 months ago

That’s also how the most damaging attacks on proprietary software work.

Yeah, supply chain attacks can happen. There was that infamous SolarWinds supply chain attack recently. But I think that there are some important mitigating factors there.

  • Proprietary software companies -- unless they're using something open-source like xz upstream in their supply chain, as it's not just a "proprietary software world" and "open-source software world" -- tend to have someone's personal information if they're employed by them. They're not gonna hire and pay some random name who they know only as a GitHub account through a VPN, certainly not make them maintainer of their software.

  • Many -- not all -- proprietary software companies mandate that employees work locally. I's likely that if I'm working for a US company, a person is also subject to US law enforcement. In contrast, if you have a state-backed group, they're probably targeting people elsewhere. Whoever the people from the Jia Tan group are, my guess is that it's good odds that they will probably aim to avoid being in a country that they are targeting. Even if we expose their identities, they probably aren't going to be directly-impacted by law enforcement. Open source projects hypothetically could do that, I suppose, but normally they're pretty border-agnostic.

That is, I think that this is going to be specially a challenge for the open-source world, as the attacks are targeting some things that the open-source community is notable for -- border-agnosticism, a relatively-low bar to join a project, and often not a lot of personal identity validation.

At some point all organizations need to trust their members and co-workers need to trust each other - I can’t think of a way to be more miserable at work than having to second guess everyone around you.

Yeah, that's kinda what I was thinking, but you put it more-frankly.

It seems like there's a lot of potential for this to be corrosive to the community.

this post was submitted on 03 Apr 2024
83 points (100.0% liked)

Technology

37742 readers
623 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS