• Onno (VK6FLAB)@lemmy.radio
      link
      fedilink
      English
      arrow-up
      0
      ·
      4 months ago

      Nothing “recent” about Microsoft hacks, it’s been happening for decades, the only difference is that the victim was you, now for a change, we have been made aware that Microsoft itself was hacked, but only because it impacted people outside Microsoft.

      Microsoft was forced to reveal that it was hacked back in November 2023, and still hasn’t managed to prove that their systems are not still compromised today in July 2024. Just so we’re clear, their internal network was breached.

      We also don’t know if it started in November, or if that’s just a convenient date because nobody externally has yet discovered evidence to show any different.

      If the Lemmy repository was hacked and malicious code was added, people here would lose their shit. That’s what hit Microsoft and the fact that it’s only talked about in ICT professional circles is a good indication of just how bad this really is.

      So, yeah, open source, open data, open governance, all of it.

  • VonCesaw@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    4 months ago

    Open Source code for Science/Mathematics/Medicinal related fields 👍

    Open Source code for Security/Social Media/Psychological related fields 👎

  • hubobes@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    4 months ago

    I work for a company which creates software for the government. Super exited for more OSS projects.

    • dan@upvote.au
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      4 months ago

      the government.

      The Swiss government? What’s it like?

      • hubobes@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        ·
        4 months ago

        Yep, the swiss government. Complicated is probably the best word to describe it. We are a very decentralized country (which makes sense for a country that was founded as a coalition to fight the royals that oppressed its people, none of those partners want someone to rule them) so every canton (state) does a lot of things differently than the other ones. But it is nice to see that after years of neglect they try to actually push digitalization by establishing common standards and systems.

  • jabathekek@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    0
    ·
    4 months ago

    I hope more governments do this, especially after how unsurprisingly shit (read: insecure) microsoft has become.

      • TrickDacy@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        4 months ago

        Yeah it’s always been shit but I do think they may have been referencing how the number of exploits and malware has only gotten worse over the years

  • nerdschleife@lemm.ee
    link
    fedilink
    English
    arrow-up
    0
    ·
    4 months ago

    Meanwhile my country’s apps don’t let you open them if you have Developer Options enabled on android :)

  • CaptainBasculin@lemmy.ml
    link
    fedilink
    English
    arrow-up
    0
    ·
    4 months ago

    Hopefully more governments will follow this. At the very least, the taxpayer should have the right for whatever software’s source code that it funds development.

    • Tja@programming.dev
      link
      fedilink
      English
      arrow-up
      0
      ·
      4 months ago

      But it will be written in Schwiizerdütch, so no one outside of Switzerland will understand it. I think it’s a dialect of Perl.

      • Onno (VK6FLAB)@lemmy.radio
        link
        fedilink
        English
        arrow-up
        0
        ·
        4 months ago

        Your joke aside, which I thought was funny did remind me that as it happens, the Swiss do an amazing job in making things internationally accessible.

        Take for example their spectrum management system that not only allows you to search for categories of users, handles kHz to MHz data entry, gives access to the legal provisions and then the legislation itself, does so in four languages.

        https://www.ofcomnet.ch/#/fatTable

    • stormeuh@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      4 months ago

      IMO this should be the case for everything developed using public money, looking at you, pharmaceutical companies…

      • Liz@midwest.social
        link
        fedilink
        English
        arrow-up
        0
        ·
        4 months ago

        The issue becomes when things are developed with a mix of public and private money. I’m not saying we shouldn’t tackle the issue, only that it can’t be as simple as public money = public resource. If that were true, nearly all of us would be required to work for free, since we got the majority of our education through public funding.

        • ipkpjersi@lemmy.ml
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          4 months ago

          You can still pay people to write public code, though. Just because you can use it for free doesn’t mean it always has to be written for free. In some cases, sure, it can make more sense to have it for free if it’s a fully non-profit volunteer-run project, but that is not the only way to write open-source software. Talented developers are still talented, open-source or not.

        • MonkderDritte@feddit.de
          link
          fedilink
          English
          arrow-up
          0
          ·
          4 months ago

          There’s the difference between individual knowledge (company training) and code licenses though.

        • logging_strict@lemmy.ml
          link
          fedilink
          English
          arrow-up
          0
          ·
          4 months ago

          govts print infinite money. All of us are working for free. Their fiat is credits for the company store.

          If you think funding projects is bad then the response is to support lobbying project owners to put in malware until FOSS is publically funded.

          All we have to do is verbally support it. And cheerlead when it occurs. We don’t actually have to actively do it. It’s a threat which is done in politics all the time.

        • nfh@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          4 months ago

          I don’t think anyone intends public funds to be quite that sticky; public education is itself a public good, and having once attended a public school really has nothing to do with developing a product 20 years down the road.

          Also, writing open source code can support a viable business. Not every example has been successful, and some have been sold to hypercapitalist owners who wanted to extract more profit, others have failed to keep up, but Canonical is doing alright with it, Red Hat did for a long time, among others. Plenty of bigger tech companies also employ people to write open source software, despite it not being the company’s main business, React, PyTorch, TensorFlow, and so many other projects. Those engineers definitely aren’t working for free.

  • WhatAmLemmy@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    4 months ago

    This is the way it should be. Governments around the world have spent decades enriching big tech with public money, when they could have pooled their resources and built FOSS software that benefited everyone.

    Same goes for science and everything else funded by tax payers.

  • bassomitron@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    4 months ago

    This makes me curious in the US on whether or not government app source code would be provided via a FOIA request.

    • John Richard@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      4 months ago

      You’d think so, but the answer is no. They’ve employed companies like Microsoft, Oracle, etc. to write up the security handbooks that says proprietary software is more secure. Heck, even electronic voting systems in the US is closed-source.

      • seang96@spgrn.com
        link
        fedilink
        English
        arrow-up
        0
        ·
        4 months ago

        Security by obscurity the 100% least effective security measure! Wait what? MS left the government knowingly vulnerable for years for the shareholders?! That’s some good security right there!

        • cmhe@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          4 months ago

          I don’t agree with the generalization here. Sure, it is generally advisable not to rely on security through obscurity, but depending on the use-cases and purpose it can be effective.

          I dislike DRM systems with a passion, but they, especially those for video games like denuvo, can be quite effective, if the purpose is to protect against copying something for a short time until it gets cracked.

          Otherwise I agree that software developed in the open is intrinsically more secure, because it can be verified by everyone.

          However, many business and governments like to have support contracts so want to be able to sue and blame someone else than themselves if something goes wrong. This is in most cases easier with closed source products with a specific legal entity behind it, not a vague and loose developer community or even just a single developer.

          • 0x0@programming.dev
            link
            fedilink
            English
            arrow-up
            0
            ·
            4 months ago

            However, many business and governments like to have support contracts

            What i don’t get is that governments can have their own in-house IT and can moderately large companies and up, so why the blame-shifting game?

            If i’m a customer and your software blows up in my face i will not care that It’s not our fault, it’s our contractors.

            • catloaf@lemm.ee
              link
              fedilink
              English
              arrow-up
              0
              ·
              4 months ago

              They don’t care about what their customers think. It’s about criminal and civil liability.

        • uis@lemm.ee
          link
          fedilink
          English
          arrow-up
          0
          ·
          4 months ago

          By claiming that everyone who do not trust is communist trumpist

        • John Richard@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          4 months ago

          Simply, you can’t. I’m personally all for an open source alternative for electronic voting. I can bank online, but not vote online. I’d trust an open source online voting platform more than I’d trust poll workers to not skew some votes. I’d also like to be able to track my vote and ensure it was cast for the person I voted for.

          • uis@lemm.ee
            link
            fedilink
            English
            arrow-up
            0
            ·
            4 months ago

            Biggest vulnreability for online voting stands behind voter

          • Fedizen@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            edit-2
            4 months ago

            you can’t have secret ballot and have a secure, auditible online vote. One of the problems of social media is it has created enemy lists for authoritarian states.

            • milicent_bystandr@lemm.ee
              link
              fedilink
              English
              arrow-up
              0
              ·
              4 months ago

              You kind of can. Depends how fully auditable you want, but you can have cryptographically anonymized entries, that (I believe?) could even allow the original voter to track their vote, without enabling anyone else to track the vote back to the voter.

              It’s a different project, but GNU Taler have some interesting work on anonymized but not forgeable money transactions.

          • iknowitwheniseeit@lemmynsfw.com
            link
            fedilink
            English
            arrow-up
            0
            ·
            4 months ago

            Banking is completely different from voting from a security point of view. None of the parties in a bank transaction are anonymous, and there are numerous ways to retry or roll back a transaction. Computerized voting is more like crypto currency. 😝

        • NotMyOldRedditName@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          4 months ago

          I think we’re well past the open/closed discussion when hackers have repeatedly shown how easy it is to compromise the voting machines.

          We know they’re trash, it’s not theory.

    • catloaf@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      4 months ago

      Generally, works of the US government are public domain.

      However, most apps are produced on contract with development companies, and I expect the contract specifies that the rights remain with the developer.

      • cybersandwich@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        4 months ago

        The explicitly do not, at least with every US federal contract I’ve ever seen. The govt owns the code that is written full stop.

        • bamboo@lemm.ee
          link
          fedilink
          English
          arrow-up
          0
          ·
          4 months ago

          As someone who works with and knows several military contractors, I’ve never heard of the US taking ownership of any code written. In fact, most of what they’re paying for is for companies to extend software they’ve already written to better fit the governments use case, such that even if the government owned the new improvements, that code wouldn’t function without the base application that pre-dates a government contract.

          • cybersandwich@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            edit-2
            4 months ago

            It depends on the software and situation of course, but if you are paying a contractor to develop/write a solution for you aka “government built” then the contractor that writes the code owns 0 of that code. It’s as if it was written by Uncle Sam himself.

            Now, if the government buys software (licenses), the companies will retain ownership of their code. So if Uncle Sam bought Service Now licenses, the US doesn’t “own” service now. If service now extended capability to support the govt, the US still doesn’t own the license or that code in most cases.

            Sometimes the government will even pay for a company to extend its software and that company can then sell that feature elsewhere. The government doesn’t get any benefit beyond the capability they paid for–ie they don’t own that code. That can work to the governments benefit though, because it can be used as a price negotiation point. “we know you can sell this feature to 50 different agencies if you develop it for us, so we only want to pay 25% of what you priced it at”.

            But like it said, if it’s a development contract and the contractors build an app for the government, all of the contracts I’ve ever seen, have Uncle Sam owning it all. The govt could open source it if they wanted and the contractor would have no say.

            That’s what we call GOTS products https://en.m.wikipedia.org/wiki/Government_off-the-shelf#:~:text=Government off-the-shelf (,for%20which%20it%20is%20created.

            Vs COTS:

            https://en.m.wikipedia.org/wiki/Commercial_off-the-shelf

            With COTS, that’s where you’d see the ownership (depending on the contract/license agreement of course) remain with the vendor.

    • satanmat@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      4 months ago

      Short version: no

      Long version: I’m pretty sure; no. I believe that; tools used like apps would not be subject to FOIA.

      I deal with public records requests at work… email, documents etc. sure thing, but I’m pretty sure that the AG would laugh at you requesting the source code for apps we use.

      —- I could only wish that we were mandated to use only open source software