It’s amazing what a difference a little bit of time can make: Two years after kicking off what looked to be a long-shot campaign to push back on the practice of shutting down server-dependent videogames once they’re no longer profitable, Stop Killing Games founder Ross Scott and organizer Moritz Katzner appeared in front of the European Parliament to present their case—and it seemed to go very well.
Digital Fairness Act: https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/14622-Digital-Fairness-Act/F33096034_en
There’s been a notable uptick in supply chain attacks coming from the odd FOSS dependency.
Fortunately the FOSS environment as a whole, ironically, reflects the best aspects of a “free market” in the capitalist sense. If a package is no longer maintained, or poorly maintained, or the maintainer is a douche/Russian asset, it forks and many users jump ship to the newer package.
Users have full transparency into how the sausage is made. Everybody does.
So if exploitable code is discovered, it can just as well be discovered first by a defensive researcher (non-inclusive term: white-hat) or offensive researcher (black-hat).
And if an offensive researcher discovers it first, they have a choice:
Submitting bad code to a project in itself though. Some new user with no reputation is going to be heavily scrutinized putting a PR on a large/popular project. And even with a good reputation, you’re still putting the exploit code out there in the open and hoping none of the reviewers or maintainers catch it.
Uh, sorry to comment besides the subject, but could someone explain why white-hat is non-inclusive? I’m not trying to argue it is not, but I had not heard that and I can’t find any answers by searching about it
There’s been a push in IT (and I assume other industries as well) towards inclusive-language.
Part of that is moving away from phrasing that has non-technical historical connotations…like using “leader/follower” or “primary/secondary” instead of “master/slave”.
But another part is also getting away from catagorizing things as good/bad on a white/black spectrum. We no longer blacklist things, we denylist or blocklist them. Likewise we no longer whitelist things…they get allowlisted or permitlisted. We don’t have white-hat/black-hat hackers…we have defensive/offensive, or blue-team/red-team.
Afaik it’s still okay to refer to plugs and prongs as female and male, as that is referring to biological sex moreso than gender. But yet, people gasp when I refer to plugs that have a sheath over them as “uncircumcised”.
Aahhh, yes of course, the classic white-good evil-black problem. Thanks for the answer!