this post was submitted on 08 Dec 2023
243 points (99.2% liked)
Fediverse
28528 readers
228 users here now
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to [email protected]!
Rules
- Posts must be on topic.
- Be respectful of others.
- Cite the sources used for graphs and other statistics.
- Follow the general Lemmy.world rules.
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Not sure what ASF is (something Software Foundation?) but sounds like they are a solution and not a problem
Apache. The problem is there is foundational software in the world that is aging and not being actively maintained. Basically they jump into action when someone catches a security issue, but also that way too many of those security issues only get found when they're being actively exploited. Even if it's being used by your bank.
I recall reading about a university ?compsci? lab where the professor who leads it assigns her students to examine priority dependency chains. They trace everything back and report on who is maintaining various upstream packages, and identify situations where it is like just one person or otherwise really vulnerable. Then they have some sort of institutional resources to offer that person support and add extra hands to the workflow. So it is more proactive than what you are describing in that they are going out and looking for things that could be problems, not just awaiting a disastrous exploit and patching it up after the fact.
But it's just some small group somewhere. On the main I think we agree on the deficit of support for FLOSS components and applications that functionally run the whole world. It's so crazy but invisible. I am not a developer, just a fan of developers and their work. Most people I know IRL are not developers. Everyone thinks the software on their phone works because Apple and Google pay engineers to build everything. They don't know about all the FLOSS components to the phone, the services it uses, the network etc, and how so many bits and pieces are maintained in part or in whole by volunteers on their free time.
Remember when the boat got stuck in the panama canal and everyone was suddenly interested in supply chains? I forsee/fear the event that prompts the whole world to learn about dependency chains.
Relevant xkcd
That was the Suez Canal lol
omg i stand corrected
https://en.wikipedia.org/wiki/2021_Suez_Canal_obstruction
also it only lasted 1 week?? i felt like it was 9 months long
TODO: read the wikipedia beyond the introduction
yes axactly