2
Get 100$ credit for your own Linux and gaming server: https://www.linode.com/linuxexperiment 150€ off the Slimbook Executive ultrabook with code executive-laptop-nick-friends: https://slimbook.es/en/executive-en 👏 SUPPORT THE CHANNEL: Get access to an exclusive weekly podcast, vote on the next topics I cover, and get your name in the credits: YOUTUBE: https://www.youtube.com/channel/UC5UAwBUum7CPN5buc-_N1Fw/join Patreon: https://www.patreon.com/thelinuxexperiment Or, you can donate whatever you want: https://paypal.me/thelinuxexp?locale.x=fr_FR 🏆 FOLLOW ME ELSEWHERE: Linux news in Youtube Shorts format: https://www.youtube.com/channel/UCtZp0mK9IBrpS2-jNzMZmoA Join us on our Discord server: https://discord.gg/xK7ukavWmQ Twitter : http://twitter.com/thelinuxEXP My Gaming on Linux Channel: https://www.youtube.com/channel/UCaw_Lz7oifDb-PZCAcZ07kw 📷 GEAR I USE: Sony Alpha A6600 Mirrorless Camera: https://amzn.to/30zKyn7 Sigma 56mm Fixed Prime Lens: https://amzn.to/3aRvK5l Logitech MX Master 3 Mouse: https://amzn.to/3BVI0Od Bluetooth Space Grey Mac Keyboard: https://amzn.to/3jcJETZ Logitech Brio 4K Webcam: https://amzn.to/3jgeTh9 LG Curved Ultrawide Monitor: https://amzn.to/3pcTVDH Logitech White Speakers: https://amzn.to/3n6wSb0 Xbox Controller: https://amzn.to/3BWmIA3 Amazon Links are affiliate codes and generate small commissions to support the channel 00:00 Intro 00:44 Sponsor : 100$ credit on your Linux or gaming server 01:56 Open Source doesn't mean "free of charge" 03:51 The Web runs on Free and Open Source Software 05:35 LOG4J, Faker and Colors 08:25 Who needs to pay? 10:56 The status quo isn't sustainable 12:13 150€ off your next ultrabook! 12:34 Support the channel A lot of people assume that open source, or free software is free of charge, but while that's generally the case, it's not an obligation. This ends up with a paradox: user facing software that has a GUI and is used by regular users tends to have easier access to funding than server-side libraries that are used by giant companies that make billions each year, because basic users will part more easily with their cash, one dollar at a time, than a company that doesn't really know what they use to make their own stuff work. And this brings us to the second major point of the video: the modern web is heavily dependent on free and open source software. https://hostingtribunal.com/blog/linux-statistics/ Linux isn't the only open source project underpinning the web. For a long while, the default stack for a server was LAMP: Linux, Apache, MySQL, and PHP. All open source projects. It's less true nowadays, with tons of new technologies being used to replace these various components, but most of these new technologies are open source. With the rise of NPM, the Node Package Manager, it's easier than ever to access hundreds of thousands of libraries for your projects, most of them open source. Recent issues have showcased all of that. Let's begin with log4j. It's one of the most popular logging libraries used online. It gives software developers a way to build a record of activity to be used for anything from troubleshooting to auditing, data tracking, whatever else. Companies such as Apple, IBM, Oracle, Cisco, Google and Amazon, all run Log4j. Except THIS library had a huge vulnerability that affected almost the entire web a few months ago. Another recent issue with a very different outcome was with the very, very popular libraries colors, and faker. “Colors" enables users to “get color and style in their node.js console.” It is downloaded over 23 million times per week and has nearly 19,000 projects that depend on it. “Faker,” creates fake, realistic data for testing purposes, and it's downloaded over 2.4 million times per week and has over 2,500 projects depending on it. Except their developer got fed up of having super successful projects that didn't turn in any money, and were used by fortune 500 companies, so one day, he decided to push an update that borked the output of both libraries. First it would have been easier to spot the issue in log4j had companies that used that library implemented a code review process for open source code they want to use, and maybe contribute to improving said code. Second, if companies decided that they wanted to make their own work depend on smaller open source projects, a monetary contribution doesn't seem so crazy. The current model of web giants basing their own offerings on the shoulders of unpaid volunteers, and expecting all of that to work flawlessly without ever contributing to it, with code, or money, isn't really sustainable. As a project is used by bigger companies, it becomes a target for malicious hackers, and making sure that this code is secure can become a full time job that no one can expect an unpaid volunteer to do.
My opinion is that most people think, oh if the project X dies, I move on and just use another alternative because there is always someone who provides alternatives.
The problem is that this, as mentioned in the video, creates a paradox because alternatives are maybe less well maintained, not as secure or reviewed by millions of users and might die too if there is a lack of support and funding.
Because of that developers switched to OSS otherwise you never see the light. We are not talking btw about small projects developed by one or two hobby developers, more like bigger projects that are used by millions of people.