alina 🌸

now, was this chinese govt or us govt disguised as chinese govt ​:troll:

also yeah, yet another proof that foss is not inherently more secure than non-foss :neocat_woozy:

RE: https://pony.social/users/cadey/statuses/112180191483099315

0
TSource Engine Query
@teidesu
>yet another proof that foss is not inherently more secure than non-foss

it isn't but the fact it was discovered and we know exact actors involved in this is something that only foss can have
1
LisPi
@a1ba @teidesu Free Software is not proof of the absence of malice. Proprietary Software/Malware however is proof of its presence.

It's a better point to start from.
1
John BS

@lispi314 @a1ba @teidesu I’d normally agree, but at the same time I think there are plenty of reasons to want to be able to monetize your work, which becomes much more difficult with free software unless you rely on donations. I mean, look at the log4j fiasco , and you can easily see that FLOSS projects are underfunded. So if we can square that away, I’m 100% in agreement.

1
LisPi
@johnabs @teidesu @a1ba Funding/monetization is not mutually exclusive with Free Software.

Ease of auditing and prevention of the creation of leverage usable maliciously against users *is* mutually exclusive with proprietary software though. The whole point of keeping it proprietary is to create such leverage.
1
John BS
Follow

@lispi314 @teidesu @a1ba I never said it was mutually exclusive. I said it was more difficult and an underfunding issue, not a lack of funding issue. Relying on donations isn’t a great practice to make a living in most cases, particularly for software.

If you have some scheme in mind, I’d love to hear it, but just because someone wants to monetize their work doesn’t mean they are intentionally being malicious. That’s where my disagreement was and is.

· · Mona for iPhone · 2 · 0 · 1
John BS

@lispi314 @teidesu @a1ba Edit: monetize by not releasing the source

1
TSource Engine Query
@johnabs @lispi314 @teidesu redhat moment
0
LisPi
@johnabs @a1ba @teidesu They may not recognize it as malice even in themselves, but in hindering the detectability of malicious behavior or upstream compromise and the ability to change such undesirable behavior by asserting leverage over others, they are nevertheless acting it out.

That being said, the best model for funding is essentially that of contracted development or support. There are quite a few cooperatives around based on exactly that model. It does not depend on secrecy of the source nor maintaining any particular leverage, and due to the economics of cooperatives not requiring an absurd climb to ever-increasing profits, it is more sustainable.

Of course I'm *very* aware of the issues related to contracting/consultancy and/or starting a business. I'm incapable of the latter and I had some deeply negative experiences with the former. Generally, it is far preferable to consult as a company/cooperative/entity than to be dispatched to a client, as then toxic work environments at the client affect you as well (and even worse, since you're a disposable consultant as far as they're concerned).
0
Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.

Trending now

Resources

Developers

What is Mastodon?

qoto.org

More…

v3.5.19-qoto · Privacy policy