Hacker News new | ask | show | jobs
by LinuxBender 1034 days ago
There is a tremendous amount of software created and maintained by Russian developers running on Windows, MacOS and Linux. One example would be NGinx which runs a good deal of websites on the internet. NGinx is now owned by F5 but still maintain the same developers. There is probably a better way to verify code, risk rank flaws and assign a level of trust. This should be an ongoing and ideally automated effort regardless of who is contributing code or hardware.

I personally would like to see AI be able to review entire code bases and see the bigger picture because state sponsored lawful intercepts are rarely one piece of code but rather require multiple pieces of code and sometimes hardware to work in conjunction to form the back door.
1 comments
kgeist 1034 days ago
Yesterday I learned that a lot of crucial stuff in Postgres was developed by Russians (the list I saw was quite extensive). So if you run nginx+Postgres (like half the Internet?) then WinRAR is least of your concerns
link
dewey 1034 days ago
Difference being that PG / nginx are open source and audited unlike WinRAR.
link
LinuxBender 1034 days ago
That's a fair point. Perhaps a solution could be that if someone were willing to pick up the par2cmdline code base and work with the 7-zip developers to merge it into their command line and GUI then there may not be many reasons left to utilize WinRAR.
link
mcast 1034 days ago
I've met many incredibly talented eastern European engineers, who seem to overwhelmingly enjoy low-level programming (compilers, database internals, etc.). I don't see the concern.
link
theshrike79 1034 days ago
They live in a country where you can literally get arrested for walking around with a blank piece of paper. Just because you MIGHT write something subversive on it.

The ability of the Russian government to lean on incredibly talented developers is extremely large.

link
thefifthsetpin 1034 days ago
The Russian government has recently shown itself to be willing and even eager to use coercive tactics against its own people.

The trust issues with software developed by Russians isn't that the engineers are Russian. It's that the engineers and their families are currently in Russia.

link
ThrowAway1922A 1034 days ago
I don't what to get accused of whataboutism, but when it comes to software if this is the bar we're setting than no software can be considered safe.
link