Google managed to backdoor Linux and Firefox with their “FOSS” libWebp. Took literally years until some security researcher not affiliated with any of them found the bug by chance and made a public report, and by then it had already been explited by NSO for ages. If they had worked for Google (or Apple/Microsoft/Amazon/any of the other corporations that just imported Google’s libWebp code without looking at it) they would have gotten silenced and the exploit would still be there as a gift to Israel. Turns out just because it’s auditable doesn’t mean it gets audited before it’s too late.
In this situation it works well, IMO. For some more context, ZFS was created by Sun (FOSS). Oacle bought them and built Oracle ZFS out of it. OpenZFS forked at that point from Sun code, and that’s what we use in Linux/etc. The Oracle variant supplies support to the FOSS variant. So Oracle has no control over OpenZFS.
Everyone always says “Companies should fund FOSS instead of spending money on big corpos!”, yet then this.
It’s FOSS. It’s auditable. Funding is a good thing.
Google managed to backdoor Linux and Firefox with their “FOSS” libWebp. Took literally years until some security researcher not affiliated with any of them found the bug by chance and made a public report, and by then it had already been explited by NSO for ages. If they had worked for Google (or Apple/Microsoft/Amazon/any of the other corporations that just imported Google’s libWebp code without looking at it) they would have gotten silenced and the exploit would still be there as a gift to Israel. Turns out just because it’s auditable doesn’t mean it gets audited before it’s too late.
That’s true, but we also know that funding can come with stipulations. Oracle is an especially sketchy company.
But that counts for all big tech I guess.
So not using Linux at all then? Most of the development is paid for by big tech.
My comment moreso pertains to the “which is a good thing” part of the previous one.
In this situation it works well, IMO. For some more context, ZFS was created by Sun (FOSS). Oacle bought them and built Oracle ZFS out of it. OpenZFS forked at that point from Sun code, and that’s what we use in Linux/etc. The Oracle variant supplies support to the FOSS variant. So Oracle has no control over OpenZFS.