Who’s checking the code? Security of open source is being questioned

ThatNerd · January 15, 2022, 6:33pm

Somewhat related article to your point (although I don’t want to diverge this thread too much):

95omega · January 15, 2022, 6:53pm

Agreed. Take Elastic as an example. The CSP’s used it for internal operations, hired a bunch of developers to maintain/optimize it, and then used the software to sell as a service, but didn’t share the improvements made with the rest of the community. Now we expect Web3 with some of the same entities at the helm to solve the problem? Highly suspicious…

OogieM · January 15, 2022, 6:55pm

Can’t speak for @ThatNerd but in general the answer is yes, with the understanding that you might have topay for a specialist in some piece of the software to help. And Maintain is more on the lines of keep the current version running which is FAR more doable for many more folks than Keep adding features.

MitchWagner · January 15, 2022, 7:07pm

Also, as Moxie Marlinspike pointed out recently—it is a fundamental rule of the internet that very few people are interested in running their own servers. 99+% of people don’t want to run hardware servers, they don’t want to run hosted software, they don’t even want an account on Wordpress.com. So that dooms Web3–and IndieWeb.

karlnyhus · January 15, 2022, 7:11pm

And why would they? Dangers lurk in every corner and almost no one has the expertise needed.

MitchWagner · January 15, 2022, 7:13pm

Yup. And many of the people with the professional skills are doing it professionally, and don’t want to bring work home with them.

WayneG · January 15, 2022, 7:23pm

Yes. After a few decades of managing tech I now own an iPhone, iPad, and M1 MBA - i.e. my home server with build in ups

My entire “data center” along with my external storage fits in one section of my backpack.

ThatNerd · January 15, 2022, 8:26pm

Yup, echoing this just for clarity: by maintain I don’t mean continuing development as-is (that’s like having an entirely new full time job) but rather squashing existing bugs and at most fixing up code that becomes outdated with new OS releases.

JohnAtl · January 15, 2022, 11:24pm

If you’re a smooth talker/typer, you might be able to fork the project and build a movement of wide-eyed code slingers who will work for free.

OogieM · January 16, 2022, 1:24am

OK How do I do that? I could use some free programmers on my AnimalTrakker and LambTracker projects. Python or Java, take your pick.

JohnAtl · January 16, 2022, 1:52am

Still waiting on people to jump in on my little project.

webwalrus · January 16, 2022, 2:10am

This.

Reminds me of a church volunteer request a ways back - somebody was trying to find people to help re-roof a needy lady’s house. My dad pointed out that roofing isn’t particularly easy, and in the summer people who can do roofing work and want to do roofing work are typically out doing roofing work.

It took something around 3 weeks with the volunteer crew they were able to get together.

Server admin seems similar in the “knowledge work” realm. The only people who keep up with all the stuff necessary are employed doing it, and their idea of a relaxing evening typically doesn’t involve doing more of it.

ibuys · January 17, 2022, 2:20pm

That’s exactly where I’m at.