They haven’t particularly made a comment on the situation so much as acknowledged it’s happening. They seem to be going with the story that they had nothing to do with it and this is news to them. Hope to hear more from them soon so we can find out more about the situation, how and why this happened, etc.

(The sceptical tone isn’t because of disbelief of Collin, it’s because we don’t know enough about the situation to be able to say Collin is or isn’t telling the truth here.)

  • haui@lemmy.giftedmc.com
    link
    fedilink
    arrow-up
    0
    ·
    7 months ago

    Damn. The amount of unpaid work for something so crucial to todays communication is staggering. I always make sure to pass parts if the donations I receive (not a lot) upstream.

    I have the horrible feeling that very few people who use FOSS software and could actually donate some money at least dont do this. Do we have any numbers for this?

    • eveninghere@beehaw.org
      link
      fedilink
      arrow-up
      0
      ·
      7 months ago

      I am starting to believe that we shouldn’t rely on this type of labor product in the first place. Something as critical as OpenSSH should be (and possibly is) funded by the users and also NOT use third party libs because it’s dangerous, as this incidence showed. FOSS is free not as in beer.

      • DigitalDilemma@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        Good luck with that.

        Commercial and closed source software is no safer, and may even be using the same foss third-party libs under the hood that you’re trying to avoid. Just because foss licences generally require you to disclose you’re using them, it doesn’t mean that’s what actually happens.

        And even if, by some miracle, they have a unique codebase - how secure is that? Even if an attacker can’t reach the source, they can still locate exploits and develop successful attacks against it.

        At its core, all software relies upon trust. I don’t know the answer to this, and we’ll be here again soon enough.

        • eveninghere@beehaw.org
          link
          fedilink
          arrow-up
          0
          ·
          edit-2
          7 months ago

          I’m not saying that they should go closed source.

          Your part on using foss third-party libs also makes no sense because my theoretical assumption is that they’re not used.

          Your argument bent my logic for the sake of making it weaker. Please counter my argument without altering it, and I indeed admit it’s imperfect. But this particular lineage of comments is not constructive at all.

          • DigitalDilemma@lemmy.ml
            link
            fedilink
            arrow-up
            0
            ·
            7 months ago

            In what way did I bend your logic? I found your logic quite twisted to start with, and don’t think I did alter it further.

            Also - not constructive? But you’re the one that’s being negative. I’m merely trying to point out that you’ll have a very hard job not relying on foss as it stands today. Where we go from here is a much bigger question, but we’ve all got very used to having free software and, as I said, even if we all start paying huge amounts of money for the alternative, that doesn’t mean it’ll be safer. In fact, I rather suspect it’ll be less safe, as issues like this then have a commercial interest in not disclosing security problems. (As evidenced already in numerous commercial security exploits that were known and hidden)

            • abbenm@lemmy.ml
              link
              fedilink
              arrow-up
              0
              ·
              7 months ago

              In what way did I bend your logic?

              Well for starters, the person above was pretty explicitly NOT advocating for reliance on third party libs, and perhaps more importantly, they were not in any way suggesting reliance on closed source software. In essence, diametrically the opposite of everything you were talking about.

              I think your confusion came in their phrasing of not relying on “labor product.” I took them to mean, not relying on people committing their free labor to sustain FOSS. I think you must have read that as not supporting FOSS.

              Also - not constructive? But you’re the one that’s being negative.

              I think they are right. You took the exact opposite of what they said and “corrected” them for it, which is irritating as hell. And now you’re doubling down, which is worse. I would be irritated too!

            • eveninghere@beehaw.org
              link
              fedilink
              arrow-up
              0
              ·
              edit-2
              7 months ago

              Learn to read. Or learn logic. I’m just sincerely suggesting you to do those because I don’t have the opinion you think I have.

      • haui@lemmy.giftedmc.com
        link
        fedilink
        arrow-up
        0
        ·
        7 months ago

        I‘m not sure what you‘re suggesting. Every piece of FOSS software is made by someone and the a lot of it builds on top of some upstream thing. Otherwise everyone would have to rebuild from scratch and FOSS would break down. Or am I missing your point?

        Also, you cant make every 16 yr old user pay for a foss product. Companies must be made to pay for foss and downstream teams must be made to send parts of their income upstream, no matter if they make enough.

          • haui@lemmy.giftedmc.com
            link
            fedilink
            arrow-up
            0
            ·
            7 months ago

            Mate, we are discussing on two different threads. Chill out. Maybe I didnt get your point so feel free to elaborate or leave it. Your choice.

            • eveninghere@beehaw.org
              link
              fedilink
              arrow-up
              0
              ·
              7 months ago

              Yes. I simply think I already wrote what I needed to. The answer to your question is there. I guess it takes time to see my point.

              • ReversalHatchery@beehaw.org
                link
                fedilink
                English
                arrow-up
                0
                ·
                7 months ago

                You only said 2 things:

                • we shouldn’t rely on free software made by free labor, and we need to say goodbye to some 60-70% or more of the software we use
                • important software shouldn’t reuse code already made, they should reinvent the wheel and in the process introduce unique vulnerabilities and spend orders of magnitude more time doing that

                None of these make sense in my opinion

                • eveninghere@beehaw.org
                  link
                  fedilink
                  arrow-up
                  0
                  ·
                  7 months ago

                  I was talking about third party dependencies, which you missed. It’s fair to say that was my poor writing, but my point still stands.

                • abbenm@lemmy.ml
                  link
                  fedilink
                  arrow-up
                  0
                  ·
                  edit-2
                  7 months ago

                  we shouldn’t rely on free software made by free labor, and we need to say goodbye to some 60-70% or more of the software we use

                  Again I’m just reading along, and as a person who cares about, you know, the principle of charity, I don’t see how you can possibly think that’s the most charitable interpretation of what they said. I took them to mean we should do what we can to ensure these projects have financial resources to continue, not that we should “say goodbye” to them.

                  And here’s the crazy thing: I’m not even saying I agree. I just think it’s possible to address a face value version of what they’re talking about without taking unnecessary cheap shots.

                  • ReversalHatchery@beehaw.org
                    link
                    fedilink
                    English
                    arrow-up
                    0
                    ·
                    7 months ago

                    I took them to mean we should do what we can to ensure these projects have financial resources to continue, not that we should “say goodbye” to them.

                    They have said this:

                    Something as critical as OpenSSH should be (and possibly is) funded by the users and also NOT use third party libs because it’s dangerous, as this incidence showed.

                    Emphasis mine.

                  • Christian@lemmy.ml
                    link
                    fedilink
                    English
                    arrow-up
                    0
                    ·
                    edit-2
                    7 months ago

                    But being charitable to the person you’re responding to, they twice said explicitly that they didn’t understand what was being said and asked for elaboration and both times got a reply that more or less suggested that they didn’t understand because they’re illiterate. At some point the reaction becomes understandable.

                    edit: different poster from the first two, but I think they were sympathizing with the other person

            • abbenm@lemmy.ml
              link
              fedilink
              arrow-up
              0
              ·
              edit-2
              7 months ago

              Mate, we are discussing on two different threads. Chill out. Maybe I didnt get your point so feel free to elaborate or leave it.

              I think it would be really good if all of us on the internet agreed to a rule, which is that if you mischaracterize someone or misread them, it’s not that weird for them to want you to not do that. So I don’t think it’s fair to response to a comment correctly noting they are being mischaractized by going out of your way to try and make it about their emotions/mental state.