Marty Fouts (@MartyFouts@mastodon.online)
Föderation EN Fr 19.07.2024 16:51:12
@eliasp @EUCommission This has nothing to do with open versus closed source but everything to do with large scale automated deployment of updates.
brightside (@brightside@mastodon.online)
Föderation EN Fr 19.07.2024 18:02:41
@MartyFouts @eliasp @EUCommission Open source makes #digitalsovereignty a lot easier as programmers can be hired and knowledge can be build and kept in-house giving greater control. The huge dependency of countless companies and organizations on US big tech (Which is usually closed source based) defeats #digitalsovereignty for either EU or country. Given the fact that the upcoming US elections may be won by Trump makes this unfavorable position possibly much worse.
Marty Fouts (@MartyFouts@mastodon.online)
Föderation EN Fr 19.07.2024 19:09:28
@brightside @eliasp @EUCommission Whether OSS makes this easier is not supported by this incident because the incident had to do with the kind of deployment failures that happened independent of how the software was developed.
Similar past failures as a result of pushing bad Linux kernel binaries are documented, for example. They have not caused this level of disruption because Linux is not as widely used, not because it is open source.
brightside (@brightside@mastodon.online)
Föderation EN Fr 19.07.2024 22:39:57
@MartyFouts @eliasp @EUCommission Linux is in the minority on desktop computers but not otherwise. Shut down all Linux servers and routers and we would not be communicating here as the whole Internet would be down. Besides that Linux is in comparison not a mono-culture like Windows. Aside from that most media did not report that two different things happened today 1) Microsoft Azure problems in four different regions 2) The automated Crowdstrike update problems.
Marty Fouts (@MartyFouts@mastodon.online)
Föderation EN Sa 20.07.2024 01:37:57
@brightside @eliasp @EUCommission I think one of the biggest myths on the net is how widespread Linux servers are. This comes from skewed statistics that count user visible web servers but can’t count internal or B2B services. But there is some truth to the claim that Linux is currently less of a monoculture.
Of course, if Linux does become more widespread, usage will concentrate to a few distros, paradoxically resulting in greater monoculture.
brightside (@brightside@mastodon.online)
Föderation EN Sa 20.07.2024 11:56:24
@MartyFouts @eliasp @EUCommission Yes, I guess you're talking about web servers when it comes to numbers where the statistics may be questionable. But I expect most DNS servers are run on Linux or a BSD flavor nowadays and without DNS the Internet is broken for most people. And Mastodon servers we're communicating on now I'd expect to be run on Linux mainly.
Marty Fouts (@MartyFouts@mastodon.online)
Föderation EN Sa 20.07.2024 15:21:11
@brightside @eliasp @EUCommission On the other hand most BGP servers run on Cisco boxes that run proprietary RTOS and there are a lot more of those than DNS servers.
I’m not saying Linux has no presence on the net. I am saying that the statistics I see that claim that it dominates under count a lot of non Linux servers because of the way they are gathered.
(@minecraftchest1@firefish.minecraftchest1.us)
Föderation · So 21.07.2024 05:00:13
@MartyFouts@mastodon.online
The problem with your argument is that the effect is the same. If all the front end proxies are down, you can't access the back end web service no matter what OS the back end runs on.
Vint Prox (@vintprox@techhub.social)
Föderation EN Sa 20.07.2024 01:38:25
@MartyFouts @eliasp Yeah, perhaps that's the point: free and open source software has no direct relation to this incident. So why, @EUCommission?
Still, I opine that cutting costs on FOSS initiatives is simply adding salt to an injury: there will be less sustainable grassroots projects with influence at least relatively comparable to Crowdstrike. I see it as a loss in expertise enough for secure deployments at scale.
Marty Fouts (@MartyFouts@mastodon.online)
Föderation EN Sa 20.07.2024 01:41:48
@vintprox @eliasp @EUCommission I don’t understand why the EU is doing this. No matter what else is going on, support for competition and reduction of monoculture should be sufficient to justify spending on FOSS alternatives.
Vint Prox (@vintprox@techhub.social)
Föderation EN Sa 20.07.2024 01:44:59
@MartyFouts @eliasp @EUCommission Signing under each word 💯
thomas_shone (@thomas_shone@fosstodon.org)
Föderation EN So 21.07.2024 11:39:43
@MartyFouts @eliasp @EUCommission It is an open vs closed issue. Linux identified kernel modules as a risk (especially closed source ones) and built protection mechanisms to prevent exactly this type of failure 10 years ago: https://en.m.wikipedia.org/wiki/EBPF
Microsoft ported this to Windows in 2021 because of its success on Linux (but likely didn't pressure kernel driver authors to swap to use it and there was no visibility on the scope of the risk because the entire ecosystem is closed).
Marty Fouts (@MartyFouts@mastodon.online)
Föderation EN So 21.07.2024 15:00:56
@thomas_shone @eliasp @EUCommission eBPF did not prevent the same company from making the same mistake and bricking Linux systems in the same way in the past. The damage then was smaller only because the software is less widely used in Linux installations.
As you point out, it’s also technology that is now available in Windows, a closed system. The issue here is not closed versus open but one of processes that are independent of that.