[ overboard / sfw / alt / cytube] [ leftypol / b / WRK / hobby / tech / edu / ga / ent / music / 777 / posad / i / a / R9K / dead ] [ meta ]

/tech/ - Technology

"Technology reveals the active relation of man to nature"
Name
Email
Subject
Comment
Captcha
Tor Only
Flag
File
Embed
Password (For file deletion.)
Matrix   IRC Chat   Mumble   Telegram   Discord
ReturnCatalogBottom

File: 1690247406471.jpg ( 59.06 KB , 763x572 , eu barrier against foss.jpg )

 No.12325

So the EU wants to introduce software regulations (Cyber Resilience Act) that is probably going to harm FOSS pretty badly.

The politically stated goal is improving software security. However it's not likely going to achieve this, they are introducing costly security certification. Which to me appears more like a scheme to pay somebody to take responsibility, rather than actually improving engineering quality. It might also have a psychological factor like a secular version of asking a priest to bless your technology. And it kinda looks like a anti-competitive regulatory burden that favors large firms over smaller ones. It is unclear to me whether or not there is malicious intent behind this or not.

This process might make sense for large corporate software monopoly dinosaurs that still do proprietary release dumps. This legislation will probably give an unfair advantage to those business models. The irony here is of course that proprietary software lacks the openness that would allow for public code auditing, which is a vital part of modern software security. Proprietary trust me bro security/obscurity is low quality and a bit anachronistic at this point. The net-effect of favoring this could be decreased software security.

If you listen to the FOSS advocates they want to have exemptions for open-source so the C.R.A. would not undermine FOSS projects. This is reasonable because at least it wouldn't make anything worse. The security praxis of infrastructure relevant FOSS project has improved a lot in recent years and is comparably decent atm.

What would actually improve software security in the FOSS world is more code audits, you could have an EU wide census about which software is commercially deployed and then prioritize funding security-bug-bounty programs that specifically target these. This scheme is effective because the cyber-espionage-agencies do exactly that for their weaponized software exploit acquisitions. I don't understand why they wouldn't copy what already works.

I think that if they don't fix this it will lead to walling FOSS out of the EU, with the resulting brain-drain from FOSS projects looking for regulatory environments that aren't hostile.

more detailed information here:
https://news.apache.org/foundation/entry/save-open-source-the-impending-tragedy-of-the-cyber-resilience-act
https://invidious.baczek.me/watch?v=AmsM5_5QO5A
>>

 No.12328

This definitely is a blow to the organizational capabilities of FOSS since the EU explicitly states that it will be affected. I don't think that development could realistically go underground at this current scale either. There will likely be a mixed bag of compliant larger devs and noncompliant smaller ones but it will be fuckey for sure if it happens.
>>

 No.12329

>>12328
It kinda depends on what is motivating this. If they really just want better IT security and it's not their goal to suffocate FOSS, they'll likely go back and fix the broken aspects of this, and it'll be temporary damage.

But if this is a monopoly move to kill off smaller competitors we have to start teaching FOSS companies how to bully back. I kinda thought that proprietary and FOSS software could co-exist now, it looked like the proprietarians had given up their war against FOSS, if that turns out to be false, it's better to just preserve FOSS and get rid of the predators that threaten it.

>I don't think that development could realistically go underground at this current scale either.
Yeah it's kinda hard to have a secret organization that wants to be fully transparent to the wider public.

>This definitely is a blow to the organizational capabilities of FOSS
I guess FOSS would turn into a programmers guild, where only guild members get source access and maintain the FOSS principles internally but not externally. At least that way organization would be maintained.

>There will likely be a mixed bag of compliant larger devs and noncompliant smaller ones but it will be fuckey for sure if it happens.

One thing to consider is that China has been super effective at poaching talent from Taiwan ever since the US began it's crackdown on microchips. There's even a Chinese graphics card company that was formed by a bunch of former NVIDIA employees that got screwed over in the chip-purge. The Chinese basically created a special economic zone that pretty much allowed these people to import the Taiwanese legal framework with long term legal guarantees.

If this is indeed the inquisition preparing to purge FOSS, it might be possible to survive in a Chinese special economic zone until shit goes back to normal. It would be kinda ironic if the Very American concept of freedom that are underpinning FOSS ideals end up getting preserved by the "muhauthoritarians".

Unique IPs: 3
[Return][Catalog][Top][Home][Post a Reply]
Delete Post [ ]
[ overboard / sfw / alt / cytube] [ leftypol / b / WRK / hobby / tech / edu / ga / ent / music / 777 / posad / i / a / R9K / dead ] [ meta ]
ReturnCatalogTopBottomHome