I for one am going through quite a culture shock. I always assumed the nature of FOSS software made it immune to be confined within the policies of nations; I guess if one day the government of USA starts to think that its a security concers for china to use and contribute to core opensource software created by its citizens or based in their boundaries, they might strongarm FOSS communities and projects to make their software exclude them in someway or worse declare GPL software a threat to national security.

  • slazer2au@lemmy.world
    link
    fedilink
    English
    arrow-up
    68
    ·
    2 months ago

    Nope. Politics is part of being open source.

    As for US strong arming you don’t have to be a US company for them to do that. RISK-V and ASML have been targeted by them in the past to prevent Chinese use.

    • Artemis_Mystique@lemmy.mlOP
      link
      fedilink
      arrow-up
      15
      ·
      edit-2
      2 months ago

      RISK-V and ASML have been targeted by them in the past to prevent Chinese use.

      reading the broad points regarding RISC-V, I think my worst case scenario is apparently just the present day.

    • jimmy90@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      2 months ago

      i’ve been contributing to open source for a year or so now and i’ve found the politics of projects affects contributions greatly

  • geneva_convenience@lemmy.ml
    link
    fedilink
    arrow-up
    53
    ·
    edit-2
    2 months ago

    Yes. There is an extremely arbitrary distinction made between the USA and Russia. Both are known for injecting spyware. China is somehow still okay? It makes no sense.

    Not to mention the elephant in the room by not banning another certain country actively committing war crimes.

    All software should be safety checked. Where the maintainer is from should be irrelevant.

    But the most weird aspect is the timing. Why now and not a few years ago?

    • troed@fedia.io
      link
      fedilink
      arrow-up
      16
      ·
      2 months ago

      There is an extremely arbitrary distinction made between the USA and Russia.

      Your world view seems to be highly influenced by propaganda. It’s very easy to draw a distinction between these two countries. Let me start with an easy one:

      Russia is a dictatorship, the US is a democracy.

    • DigitalDilemma@lemmy.ml
      link
      fedilink
      English
      arrow-up
      3
      ·
      2 months ago

      China is somehow still okay?

      China is too important a supplier to the West. Sanctions against them would lead to retaliatory sanctions against the West from China which would be economically devastating.

      Obviously they are just as dangerous and as actively involved is espionage as the other world players, but they hold too many cards to risk escalation. The West is also too important to their economy to escalate beyond war games. At least - we all hope so.

  • Karmmah@lemmy.world
    link
    fedilink
    arrow-up
    48
    ·
    2 months ago

    It wasn’t a culture shock but it made something obvious that sometimes gets forgotten. The “Open” just means that one can look at the source code and copy it to make a new version. There is no obligation of the original creators to support things outside of what they want/can do.

  • Max-P@lemmy.max-p.me
    link
    fedilink
    arrow-up
    42
    ·
    2 months ago

    Those kinds of problems aren’t particularly new (PGP comes to mind as an example back when you couldn’t export it out of the US), but it’s a reminder that a lot of open-source comes from the US and Europe and is subject to western nation’s will. The US is also apparently thinks China is “stealing” RISC-V.

    To me that goes against the spirit of open-source, where where you come from and who you are shouldn’t matter, because the code is by the people for the people and no money is exchanged. It’s already out there in the open, it’s not like it will stop the enemy from using the code. What’s also silly about this is if the those people were contributing anonymously under a fake or generic name, nothing would have happened.

    The Internet got ruined when Facebook normalized/enforced using your real identity online.

    • I_Miss_Daniel@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      2 months ago

      The Internet got ruined when Facebook normalized/enforced using your real identity online.

      They now encourage fake accounts. Has made moderating groups somewhat harder.

  • Diplomjodler@lemmy.world
    link
    fedilink
    arrow-up
    31
    ·
    2 months ago

    Linux at this point is an absolutely critical part of the information infrastructure our world is built on. It’s not just a few nerds in basements cobbling together code. Safeguarding this infrastructure against bad actors is absolutely crucial for everybody’s safety. Unfortunately we’re going to see more of this kind of stuff in an increasingly polarised world.

    • Zier@fedia.io
      link
      fedilink
      arrow-up
      12
      ·
      2 months ago

      Depending on industry, 60-80% of all servers, globally, are running on Linux. So yes, we are not going away.

  • communism@lemmy.ml
    link
    fedilink
    arrow-up
    29
    ·
    2 months ago

    Not really, open source projects don’t necessarily have to be open to all contributors and I was aware of this already. They have to be open to anyone doing what they want with the code, by definition, which is good, but they don’t have to allow everyone to contribute to upstream. I’m not sure if there’s any particular defence against this being used in a discriminatory manner, but I do think this effect is significantly mitigated by the decentralised nature of open source and the fact that it’s not too uncommon for forks to become preferred over the original, the fact that open source projects rise and fall in popularity, etc.

    I wonder if there’s some way to manage an open source project so that it’s not subject to particular national laws in this way.

  • southsamurai@sh.itjust.works
    link
    fedilink
    arrow-up
    26
    ·
    2 months ago

    Is this really Linux drama though? It seems more like political drama that ended up jizzing on Linux.

    I mean, yeah, there’s been drama after the decision was made based on legal issues brought about by political drama, but this part of it isn’t, if you get the distinction.

    The only real linux drama part, as far as I can see is the crappy way it was announced, which isn’t what most of the people involved in the drama after the fact are complaining about.

    I dunno, I’m not complaining about the post here, just talking about the overall issue itself using the post as a jumping point.

    Anyway, I guess what I’m getting at is that foss development can’t be immune from political fuckery (no matter how justified or unjustified it is). Everyone that’s going to be involved in development is going to live under some nation’s thumb, and is vulnerable to any legal ramifications of that nation. So there’s no way to prevent a project being strongarmed; all that’s possible is having enough people that can review the code do so, so that any fuckery that affects the project is known, so that everyone can decide what they want to do about it as individuals.

    As long as individual people have the ability to use any foss software they want on their own devices, there’s a limit to how bad the fuckery can get. Tbh, I’m more worried about corporate fuckery in foss projects than governmental

    • spoopy@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      2 months ago

      The usual consequences to not following the law are not in your favor.

      If your goal in contributing to FOSS is to go to prison, there are a lot better avenues to achieve that.

      • Law aren’t always right and governments don’t always do the best neither for the world nor for its citizens. Open source projects and corporations shouldn’t rely on any government, they shouldn’t do the biddings on governments — either “good” or “bad” — and act in people best interests.

        Of course this is a pipe dream and what we got is more free work for companies with none the benefits

        • spoopy@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          2 months ago

          I don’t understand why you think “avoiding prison” equals free work for companies. The individuals contributing to open source are subject to the same laws we’re discussing in this thread, and are the ones that would actually be getting consequences.

          No one exists without a government, and that’s not even a pipe dream, it’d be societal collapse.

          • im sorry i broke the code@sh.itjust.works
            link
            fedilink
            arrow-up
            1
            ·
            edit-2
            2 months ago

            Because FOSS stands for both free software and people’s freedom. No one exists without a government except for external forces that are stronger than the government itself (lobbying is a way to strong arm a government), but this is another matter entirely.

            FOSS organisations should exist outside a government because governments are easily corruptible, which is has happened again and again throughout history and is slowly happening right now. And obeying the law not to be thrown in jail is a nice argument, yes, and a shitty one at that: imagine how good would be a German citizen to abide to the government rule during the Nazi period. This doesn’t mean either that they shouldn’t follow any laws, but that, much like any international organisation, they should be international laws agreed on by multiple nations.

            Which is essentially the crux of the matter: as long as FOSS projects work within the framework of a government (the US), the project can be easily hijacked, turned into something that goes against people interests. What are the people interests? In short, the minimum denominator is equality, freedom to speak, a right to privacy.

            If FOSS projects do have to follow a government’s laws, then contributing to one is free work for corporations: laws can be changed and a democratic society can turn into a non-democratic entity, with laws that restrict the freedom of its citizens; in EU they try to pass a “chat control” law to make cryptography useless [by adding a back door] and while I believe it won’t pass no doubt it’s a worrisome sign. At the end of the day who would benefit the most from FOSS but companies, which do so already?

            And to reiterate: sometime it’s better to be thrown in prison than to send someone else to their death

      • basmati@lemmus.org
        link
        fedilink
        English
        arrow-up
        3
        ·
        2 months ago

        Nearly every single corporation with an online presence uses free software from the foss community.

    • Crashumbc@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      ·
      2 months ago

      One of the big weaknesses of open source is the same as democracy. Nobody has time to review every piece of code (or research and hold accountable every politician) which leads to risks.

        • Crashumbc@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          2 months ago

          It’s a different risk vector. While companies want your information to sell, they don’t want to take over your computer to use it in a bot net or steal your bank information and clean out your account.

          Open source by it’s very nature relies on a lot of people having good intentions, free time, and knowledge for it to work well and safely.

          • DigitalDilemma@lemmy.ml
            link
            fedilink
            English
            arrow-up
            2
            ·
            2 months ago

            Actually - a lot of closed source programs are still vulnerable to the supply chain attacks you mention where a bad actor has got access to their codebase. This has happened and been reported on, plus I’m sure, plenty of occasions where it was hushed up for reputational reasons. And - much commercial software still uses FOSS dependencies, so is also vulnerable to the same situation you describe for that. Worst of both worlds.

            I don’t think either system is inherantly better than the other in terms of computer security. Each has different and overlapping vulnerabilities.

        • Crashumbc@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 months ago

          Absolutely that’s always good. I was talking more about someone intentionally adding malicious code though.

  • Eugenia@lemmy.ml
    link
    fedilink
    English
    arrow-up
    17
    ·
    2 months ago

    Well, in theory open source is immune to all that. However, the country a project is registered at, matters. That’s why the RISC-V project, for example, took its headquarters from the US to Switzerland. For that exact reason: so no country could strong arm it, especially since Chinese were the major contributors to the project (Switzerland is not 100% neutral, but it’s more neutral than other countries).

  • CanadaPlus@lemmy.sdf.org
    link
    fedilink
    arrow-up
    15
    ·
    edit-2
    2 months ago

    What happened this time?

    Edit, answered elsewhere:

    Recently, Linux removed several people from their organization that have Russian email addresses. Linus made a statement that confirmed this was done intentionally. I believe that there was some mention of following sanctions on Russia due to the war. I haven’t looked into the details of it all, so take my analysis with a grain of salt. From what I understand, it sounded like it was only Russian maintainers that were removed and normal users submitting code from Russia can still contribute. Maintainers have elevated permissions and can control what code gets accepted into a project, meaning that a bad actor could allow some malicious code to sneak past. This may have also contributed to the decision since this type of attack has happened before and Russia seems like a likely culprit. The reactions to this change have been varied. Some people feel it is somewhat justified or reasonable, some people think that it means it is no longer open source, and some people think it is unfairly punishing Russian civilians (it is worth noting that that is part of the point of sanctions).

  • DoubleChad@lemmy.ml
    link
    fedilink
    English
    arrow-up
    13
    ·
    2 months ago

    Just this one. The philosophy is still there, Linus and TLF have abandoned it with great hubris. I am very disappointed in them.