I admit. I am disappointed with many people on my timeline who take the #xz backdoor as “we are doomed” when instead it shows the power of Open as someone working on something completely unrelated decided to investigate something out of curiosity, shared his findings and in less than 24 hours the backdoor was confirmed, contained, solved, fixed before it became a real problem. A huge success, IMHO. But some of you folks just want to see the world burn, I guess?
@jwildeboer the really good thing about this incident is, we now have a publicly available case study, how these attacks work and we can check if a defence mechanism would have worked for this case.
@jwildeboer well it's both, yes, open source and "many eyeballs" worked, but also, wow, that was a pretty close call, and it shows clearly how open source can be abused in a pretty devastating way, if someone dedicated the resources to it, and how hard it is to prevent it without relying on luck (because yes, we rolled a natural 20 here, that won't happen all the time, and we might already be owned in similar ways, without realizing it).
I will start to look at other places to find people that share my optimism. I don’t want to feel the need to defend it. I think making things better is why we exist. The internet doesn’t help with that anymore. So I’ll do my thang in real life and let the internet do their thing of demotivating everyone and everything. #Goodnight and virtual hugs!
@joytrek not just someone. The message reached a community of experts across many Linux distributions and other groups tasked with keeping our ecosystem safe and they didn’t go for wasting time on discussions. They got to work and fixed shit. And they still do.
Add comment