Several weeks ago, the Linux community received the disappointing news that researchers at the University of Minnesota had developed a method to work with the Linux kernel called “Promised by Hypocrites” (but it didn’t work out). After which the attackers may be attached to express weakness. It was quickly – in some respects, equally annoying – followed by the fact that the university was banned, at least temporarily, from contributing to kernel development. Follow up than a public apology from followers.
Although development and disclosure are often cluttered, running technically complex “red team” programs against the world’s largest and most important open-source project feels a bit extravagant. Researchers and institutions are hard to imagine being so perfect or degraded without understanding the potentially huge explosion radius of such behavior. Equally assured, maintenance and project management are responsible for implementing the policy and not wasting their time. Common sense suggests (and users claim) that they try to produce kernel releases so that there is no exploitation.
But killing Messenger can miss at least a few things – it was more research than pure slander, and it highlights a kind of software (and organizational) vulnerability that calls for technical and systematic mitigation. I think that “commits hypocrisy” is symptomatic of every aspect of the trends related to concrete, which threatens the entire extended open-source ecosystem and its users. That ecosystem has long struggled with the scale, complexity, and problems of free and open-source software (FOSS) that are of increasing critical importance to every type of human enterprise. Let’s look at that complication:
The largest open-source projects now present big goals.
Their complexity and speed have grown beyond the scale where traditional traditional “commons” or even more evolutionary models of administration can cope.
- As a result, some for-profit organizations have begun to distort the traditional pattern of FOSS participation. Many experiments are going on. Meanwhile, funding in FOSS and other metrics, headcount commitments seem to be declining.
- OSS projects and ecosystems are adapting in a variety of ways, sometimes making it difficult for for-profit companies to feel at home or see the benefits of a partnership.
- They are developing each other as products. For example, it is becoming increasingly difficult to say with certainty whether “Linux” or “Kubarnets” should be considered an “operating system” for distributed applications. Profitable companies have taken note of this and have begun to restructure around the “complete stack” portfolio and details.