TechPulseTechPulse
Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

72% Positive

Analyzed from 1946 words in the discussion.

Trending Topics

#source#open#software#don#more#closed#code#companies#foundation#linux

Discussion (44 Comments)Read Original on HackerNews

cryo32about 1 hour ago
No we won’t. We’ll make grand statements about it, leave it for commercial entities to corrupt it, then complain loudly about the state of it when we really did nothing about it.

I expect we’ve got a future of “undo forks” as I’ve called them which is rolling back to pre-insanity times and rethinking again. That’s only something people unencumbered by commercial requirements can do.

fithisux39 minutes ago
Spot on!!!
eastbound22 minutes ago
Commercial entities are 95% of useful open-source (Linux, Postgres and similar — excluding leftstr-type of utilities).
tetris1110 minutes ago
Commercial entities latch onto useful open-source because it is a successful product they simply cannot compete with.
smartmic15 minutes ago
The most important information is this:

> participants will contribute engineering resources

If it works out as planned, we will see. Apart from this, I am not overwhelmed by the claim of this project. It favors centralization and corporate circles, exactly the opposite of what the hacker ethics promotes for good reasons.

shevy-java11 minutes ago
You can even shorten that. This is some corporate hollo-bollers takes-your-time-and-gives-nothing-in-return fakery-roo.

> exactly the opposite of what the hacker ethics promotes for good reasons.

Yup. Seems kind of like those zombie plants in the movie "Invasion of the Body Snatchers" (the first remake; though the original is also great, but it was more about communism as threat, whereas the first remake added a bit of alien horror motifes).

bingemaker24 minutes ago
> We are joined by Amazon Web Services ...

There goes all the credibility of this post

tpoacher9 minutes ago
Nice name, "Akrites".

Probably not as impressive to a non-Greek, but to a Greek person it creates very strong imagery.

witxabout 2 hours ago
Unforteuately I think it's moot to post this on hacker news. The majority of people here drink deep from the AI pool and just don't care.

Besides many of the companies on the list are suspext numero uno for the state of open source

fithisux28 minutes ago
All voices have a place.
cryo3223 minutes ago
Some should be at the bottom of a well.
witx12 minutes ago
Ok, and? Where did I say otherwise?
fithisux10 minutes ago
I just asserted you statement. I did not attack you.
shevy-java10 minutes ago
I don't drink the AI slop and I also don't see where you derive to this conclusion. Most of the comments are very much against the AI slop.

> Besides many of the companies on the list are suspext numero uno for the state of open source

On this I agree. This seems indeed just promo advertising to white-wash these companies. They don't really care about ethics in open source.

luipugs19 minutes ago
Interestingly no Apple. *edit: Or any non-American companies for that matter .
rjzzleepabout 3 hours ago
I'm extremely concerned about the state of Open Source. The gamification of the whole thing & devstats means that people that are good at gaming metrics are rising up the ranks and people that are genuine high quality contributors and pushed to the sidelines unless they have a very popular profile. Mass generated AI slop and AI content gives people massive devstats boosts.
einpoklumabout 3 hours ago
> We are joined by Amazon Web Services, Anthropic, Chainguard, Cisco, Citi, Endor Labs, Ericsson, Google, IBM, JPMorganChase, Microsoft and GitHub, NVIDIA, OpenAI, RapidFort, Red Hat, Rust Foundation, Sonatype, Vodafone, and Zscaler

Many of the names on the list makes the initiative rather suspect. Companies who do a lot to undermine free and open-source software, who hide critical software behind their walls, preventing both its scrutiny and its adaptation and improvement, and two of the LLM giants - they'll "defend open source"? I don't know about that.

> Akrites gives critical infrastructure stakeholders a confidential, structured place to coordinate vulnerability discovery, remediation, and disclosure across the open source projects they depend on

So, a bunch of large corporations - some of who are known to be in bed with the US government - will share vulnerabilities among themselves, out of the public eye? Fishy.

Fordecabout 3 hours ago
Yeah, a bunch of the worst free riders and malicious consumers all in one place.

All they're really missing is Oracle and Bambu Lab.

hobofan25 minutes ago
That's just your typical list that makes up the Linux foundation.

It might not be the idealistic flavour of open source you prefer, but it's the flavour of open source that's actively in use in most tech companies, and that also forms the makeup of most corporate open source participation (e.g. also the top corporate Linux contributors).

nwellnhof43 minutes ago
> All members must be current Linux Foundation members and sign the participation agreement and NDA.

Just another opaque and exclusive subproject of the Linux Foundation.

Brian_K_Whiteabout 3 hours ago
Anything they "maintainer of last resort" would actually be forks, or collectively a distribution. We already have hundreds of distributions acting as maintainer of last resort many times over, only with actual developers and not presuming to make themselves the new upstream for anyone else.
sakjurabout 2 hours ago
Microsoft controls NPM and GitHub. I would not put it past them to truly take over a project if they gauged it in their best interest (though it would be a massive violation of trust, so I'd imagine they'd tread carefully before going there).

If it's sent to Akrites, they can even pretend it's done responsibly – even though only megacorps get a seat around that table.

RobotToaster22 minutes ago
We already saw Automattic (the owners of wordpress) do exactly that in their plugin repository for purely commercial reasons.
trashbabout 1 hour ago
Well, they did invent EEE after all. Why would they thread carefully? They own the product/service they can shut it down, no need for explanations.

https://en.wikipedia.org/wiki/Embrace,_extend,_and_extinguis...

throw_a_grenadeabout 1 hour ago
Will they hire the actual maintainers of the software in question, to have time dedicated to the project, or will they as usual, dump AI-generated patches unto maintainers, but this time with even more time pressure to merge, lest them consider projects “unmaintained” if they don't push a fix in 3 femtoseconds, and use it as a rationale to take over the project?
LaSombraabout 1 hour ago
I'm pretty sure it'll be an AI dump fest with barely any humans except the long term maintainers having to cope with it all.
throw_a_grenade31 minutes ago
I mean, it won't be neither the first nor the last slopdump, but it's the first that's backed by a threat of project takeover.

“Maintainers of last resort”, my [back].

benj11142 minutes ago
I'm not really a Stallman fanboy but I do find the Free software / Open source distinction really stick out in situations like this.

There isn't a call out for contributors. This is all done behind closed doors. It's the antithesis of free/open source software, presented as defending it.

I don't particularly have any better ideas. And I'm not particularly criticising. It's just a lot of the time the terms are synonymous, but here they starkly different.

Advertisement
dmitrygrabout 3 hours ago
> Additionally, when a critical package has no one maintaining it, Akrites will stand as the maintainer of last resort so a fix can still reach everyone in a timely fashion.

Ambitious and interesting. I wonder how long this will last and on whose dime and time? Akrites employs no engineers, so who will make the fixes and who'll pay them?

wwind123about 2 hours ago
Yeah, very commendable. Now I just wish the closed-source software that have lost support could similarly be supported this way, with the help from AI, so we don't have to throw away that many hardwares when their software can no longer be updated.
npodbielskiabout 3 hours ago
Who they employ then? AI?
NSUserDefaultsabout 2 hours ago
> Today, the undersigned commit real resources — engineering talent, security expertise, and funding — to harden the software we share
fmbbabout 1 hour ago
Human talent or LLM talent?
fithisux29 minutes ago
Corporates terrorized people with the financial crisis they created and the unemployment weapon.

They terrorized them to abandon their free time. They terrorized them to find easy solutions in the workplace instead of coming up with solutions that require technical expertise and deep thinking. They terrorized people to not conform to standards, or create standards but instead patch around lack of standardization. They terrorized people to not question, but accept. To become slaves. They did not help them get wide knowledge but be specific on the work, like mass produced meat. They swept all problems under the carpet and said "This time it will be different". No victories, just silence on the defeats.

It has been happening in the past, has accelerated and made worse as they seized more power.

The leap to AI era is the latest and more violent step of this attack on fundamental human rights.

The problem is political in my opinion. People ought to demand a better life and more free time to work on open source or do their hobbies. They ought to demand human centric laws that stop the greed and by enforcing the laws at last.

Free time is not for consumption, but for production of higher intellectual artefacts.

eastbound9 minutes ago
The French famously got the Congés Payés (paid holidays) in 1936 after the big strike. You have great pictures of entire trains of Parisians going to the beach in Deauville by droves.

Meanwhile the Germans were working overnight to manufacture bombs. That, alone, is already a sufficient explanation on why we got invaded and lost our country to one of the evilest powers of Earth. France had to be rescued by the Russian, the English and the Americans after losing millions of inhabitants. Because we literally took too much holidays.

The one who works the most reaps the entire benefits. And it’s clearly not good to ask for less work all the time. Today France is peanuts on the international market, we are second at everything. Who heard of DailyMotion, which was once as big as Youtube, or Mistral, which was supposed to be our OpenAI?

shevy-java13 minutes ago
So this corporate project wants to spam down more repositores via AI slop. No, I don't like it. And no, I am not feeling encouraged to "defend it together" at the slightest, even more so as many of these companies don't really contribute anything at all back.
charcircuitabout 3 hours ago
Why only a focus on Open Source? I feel like vulnerabilities in closed source products like Microsoft Office, Microsoft Windows, and Google Chrome to name a few can be just as essentially and foundational as other open source software for many businesses.
dofmabout 3 hours ago
I think the idea is that automated source code processing is making it possible to find vulnerabilities at great speed and in an overwhelming way in software that does not have paid maintainers, whereas closed source software in active use has both less accessible code and paid maintainers.

A charitable foundation might be plausible to help companies secure their closed for-profit software but it doesn’t really have the same urgency for the fabric of the internet (or the same moral clarity)

graemepabout 1 hour ago
Its a worry, but its too early to be sure what the long term effects will be. We will have many eyes on a lot more code. There might be a rush of reports that slows as all the old vulnerabilities are found.

Closed software still has many people with access to the code. Governments or researchers have been given access to lots of critical source code. It can also be leaked. I wonder whether attackers are going to be more willing to bribe people with access to source now they have better odds of finding vulnerabilities with limited effort.

dofmabout 1 hour ago
> Closed software still has many people with access to the code.

But in the examples cited (and really any other large closed piece of code of any significance in this era) it also has owners with money, and they should be compelled to fix their own stuff.

Or open the source code to be fixed, I guess ;-)

charcircuitabout 2 hours ago
>both less accessible code

Yet still important to be secured due to the impact vulnerabilities can have. And LLMs can work without source code access via utilizing things like debug symbols, disassembly, reverse engineering, etc.

>paid maintainers

Just like open source maintainers their time is already being spent on other things which they see as more important over making the project 100% security bug free. Just because they are being paid, that doesn't make security their number 1 priority.

behindsightabout 2 hours ago
Project Glasswing is already a thing, and the other labs have started their own initiatives too if they want to collaborate and work on securing closed-source software.

Still not addressed the moral clarity point being brought up, nor the ramifications of the Linux Foundation choosing which closed source projects to focus on and alienating their mission statement.

Again, your idea is noble but why should the Linux Foundation be saddled with it when those other options exist? OSS needs their focus as their mission outlines.

dofmabout 1 hour ago
> that doesn't make security their number 1 priority.

Well perhaps the companies who employ them to make that software they sell for profit should let them do that first rather than tokenmaxxing, and the great big non-profit effort can get round to them to help a little bit later after it has helped secure all the open-source stuff the internet actually runs on.

doublerabbit22 minutes ago
All those open statements are just business wank.

> Amazon Web Services

We really don't give a shit, We will continue to not give a shit. Maybe give a credit if threatened by the EU but really we don't give a shit. Keep sending us that sweet dosh for AWS.

> Anthropic

Our open source projects collectively underpins much of the internet and in so we allowed our Ai to be trained upon the collective. It's great to take and not give back, by the way your vibe coded app is looking ownage.

> Cisco

We are Cisco and we'll license you if we could. We invented the subscription model to charge you per Ethernet port on your router. Opensource is great, we don't even have to contribute upstream. We did once upon a time, isn't that enough?

> Citi

In partnership with Linux Foundation, we will do nothing and keep doing nothing. Linus enjoys his dosh and handjob now and then.

> CNCF

Working on the right fixes before the window closes, we prefer that to be left to the developers and are very proud to support that effort. Unfortunately, no treats for the developers is written in to our company policy.

> RedHat

Open source is the foundation of modern software innovation so we hide answers behind a paywall. We sold ourselves to IBM so we could keep lubing that stripper pole to fill our filthy pockets. Larry Ellison will be here soon for his next lap-dance.

> Microsoft & GitHub

We decided to throw legal action at a security analyst for finding exploits in our OS for laughs. Open source all the way, we don't even allow you to search on GitHub without a rate limit, it's healthy to laugh. How's your grandma doing? She seems a keen user of Windows 11 & very important to us; so we removed that feature she uses most.