Funding Open Source?

$BLEEBZORX chart

Most of the world's software infrastructure is, or is based upon, open source. The developers and supporters of some of it, for example the Linux kernel, and the major compilers, are paid by technology companies because they are critical to their business. Other, less visible but similarly critical parts are supported by lone volunteers. Apart from the unfairness, this can lead to serious vulnerabilities. Back in 2018 I wrote about one such vulnerability, the event-stream hack, in Securing The Software Supply Chain

The attackers targeted a widely-used, fairly old package that was still being maintained by the original author, a volunteer. They offered to take over what had become a burdensome task, and the offer was accepted. Now, despite the fact that the attacker was just an e-mail address, they were the official maintainer of the package and could authorize changes.

The change they authorized included code to steal cryptocurrencies.

In 2020 I wrote a detailed post about this problem entitled Supporting Open Source Software. Recently the topic re-surfaced on an e-mail alias I read. But what triggered the post below the fold was that this coincided with yet another fascinating piece from Matt Levine and his laugh-out-loud follow-up the next day.

Internet Archive's Storage

Internet Archive Staff

Bruce Li introduces his The Long Now of the Web: Inside the Internet Archive’s Fight Against Forgetting thus:

This report delves into the mechanics of the Internet Archive with the precision of a teardown. We will strip back the chassis to examine the custom-built PetaBox servers that heat the building without air conditioning. We will trace the evolution of the web crawlers—from the early tape-based dumps of Alexa Internet to the sophisticated browser-based bots of 2025. We will analyze the financial ledger of this non-profit giant, exploring how it survives on a budget that is a rounding error for its Silicon Valley neighbors. And finally, we will look to the future, where the "Decentralized Web" (DWeb) promises to fragment the Archive into a million pieces to ensure it can never be destroyed.

It is long, detailed, comprehensive and well worth reading in full. Below the fold I comment on the part about storage.

Good Questions

Source

On November 21^st Bryce Elder posed Five questions from an ignorant no-coiner about the crypto crash. Each of his five questions identified some interesting apparent anomalies.

Below the fold I look into each of his questions, asking how anomalous its anomalies really were and whether they have persisted into the New Year.

TL;DR none of them are really surprising but reaching that conclusion took a good deal of research.

Meta: Post #1000

This is the one thousandth post to this blog in the 212 months since the first post. That is an average of 4.7 posts per month, or just over one per week, which is my long-term goal for the roughly half my time that isn't taken up with grand-parenting.

Some posts are a lot of work, and take more than a week. Major talks, such as The Gaslit Asset Class or Lessons from LOCKSS typically represent a month's work, as do long posts such as Sabotaging Biitcoin, Drones or The Dawn Of Nvidia's Technology.

The 1000 posts have gained over 6.88M page views, 7.6% of which were for my EE380 Talk. Less publicized but popular posts get around 30K page views, well above the 6.9K average.

The only one of these statistics that I care about is the goal of a post a week. Having an audience is nice when it happens, but that's not why I'm writing. I write for myself, to understand not necessarily to communicate. Despite this, I'd like to thank those who read and comment.