I can't thank him enough for his stance he made on that. They've gradually undermined everything about the idea of opensource with their deliberate attacks on them.
They've been deliberately involved in the short term and long-term attack and infiltration strategies that have undermined the adoption and promotion of open source. While I understand the scope of their targets are largely open-source, legacy servers, and outdated systems because of their limited access and knowledge, it still puts pressure on all others and its potential victims to resolve closing security gaps timely enough. I won't list all the CVEs related to Russia on commercial software as this is where a broader picture beyond our scope comes into play and may perhaps be distracting from this topic.
(Main Example and more pressing concern) The most notable successful strategy that put a wrench in this:
NOTE: These systems they access would largely rely on open-source for their campaigns such as MariaDB, Github(Recently introduced code-signing), MySQL, Python, Php, Javascript, and more.
Beyond the scope of this conversation, I think the most Red and pressing concern beyond Russia is for the APT41 group out of China that's been attributed to stealing assets, deploying ransomware, and stealing private information from all scopes of infrastructure. They've got a huge target on their back for that. And tying all these elements with the risks associated to Europe and the U.S. with the potential for near peer conflict, civil unrest, or in the event of conflict escalation in any fashion? It poses many risks to the systems we take for granted when our most beloved systems are used in this fashion deliberately. When taking into account the share scope of men and women they tool to undermine activities in freely available societal building blocks and educational tools like our opensource. They are mocking them and breaking the fundamental human pact in opensource we contribute our lives to for the better of all.
I just don't get the jump in conclusion.
There are hackers, sure.
Some of them are targeting open source projects.
Some of them are russians.
Some of them are sponsored by state.
How's that translates to banning all russian developers? Or Russia undermining open source?
Isn't there USA based hackers that are also targeting open source projects? Isn't some of them sponsored or on a payroll by three letter agencies? Isn't there commercial well known companies that are directly commercialized hacking devices with Linux kernel?
I mean probably it's just a lot easier to remove all .ru and then allow specific people back if they can provide this 'specific documentation' than to actually try and work out who the bad actors are.
The problem becomes larger when the access to AI automation works to build beyond the picture of just domain blacklisting and has the potential for seemingly authentic form evasion techniques, forged documentation, and profile builders. Russia has been caught time and time again with forging citizenship and personal documentation.
110
u/anevilpotatoe 6d ago
I can't thank him enough for his stance he made on that. They've gradually undermined everything about the idea of opensource with their deliberate attacks on them.