DDoS

April 2, 2024
In the aftermath of what was truly an entertaining backdoor event, people are naturally still discussing it and what we can learn from it. For a historic moment in recent history, the first since the previous time a software update introduced a backdoor to open source code, people gather and discuss how to move forward. How can we ever feel safe if some unpaid, overworked and potentially anime-obsessed tech hobbyist hasn't properly verified the code they are merging for potential intricate backdoors that develop over dozens, if not hundreds of commits?
Naturally, people point out how this is really a social engineering issue; there is nothing wrong with the open source model, nor has there ever been really. It was and remains a perfect, infallible idea. Others point out that open source models directly serve social engineering interests, as you are now depending on someone who can be directly pressured (by, i.e. the US government) to add whatever backdoor into your software. This is in contrast to private companies that can be directly pressured (by, i.e. the US government) to add whatever backdoor into your software.
Some say surely, this is a problem because of hidden binary blobs and wouldn't be an issue otherwise. While it is commendable for someone to point out that yes, if you run unknown binary blobs in your system you're likely a few steps away from a perfectly secure system, it's also important to note that there's probably hundreds of zero-day backdoors sitting in anyone's installation of anything, waiting to be activated at the most convenient time, something that seems to not really occupy the mind of many a netizen.