Forgot your password?
typodupeerror
Open Source Google Microsoft

Microsoft, Google, Others Join To Fund Open Source Infrastructure Upgrades 101

Posted by timothy
from the and-moving-forward-henceforth dept.
wiredmikey (1824622) writes "Technology giants including Microsoft, Google, Intel, and Cisco are banding together to support and fund open source projects that make up critical elements of global information infrastructure. The new Core Infrastructure Initiative brings technology companies together to identify and fund open source projects that are widely used in core computing and Internet functions, The Linux Foundation announced today. Formed primarily as the industry's response to the Heartbleed crisis, the OpenSSL library will be the initiative's first project. Other open source projects will follow. The funds will be administered by the Linux Foundation and a steering group comprised of the founding members, key open source developers, and other industry stakeholders. Anyone interested in joining the initiative, or donating to the fund can visit the Core Infrastructure Initiative site."
This discussion has been archived. No new comments can be posted.

Microsoft, Google, Others Join To Fund Open Source Infrastructure Upgrades

Comments Filter:
  • by HangingChad (677530) on Thursday April 24, 2014 @09:11AM (#46832015) Homepage

    Team up to create the pie, then fight for your pieces. I'm actually shocked Microsoft is participating. It's a good move and I'm not used to seeing Redmond do the smart thing. Maybe their collective IQ went up now that Ballmer is out of the picture.

  • hold the fuck up... (Score:5, Interesting)

    by nimbius (983462) on Thursday April 24, 2014 @09:28AM (#46832129) Homepage

    that make up critical elements of their information infrastructure.

    Frankly the only reason I think these multibillion dollar monopolistic companies have banded together to throw money is because their reputation and userbase have clammored for some kind of response to the problem. lets be perfectly clear: Theo De Raadt is completely capable of handling the code refactor (he even went so far as to say he didnt need help with the code projects website.) going to the Linux foundation just shows how fucking shortsighted these guys are. If you want to help, donate to the OpenBSD [openbsdfoundation.org] foundation because this is a BSD package that was kindly ported to Linux. It will be released as LibreSSL, not the OpenSSL you want to "fix" in your products, as the code is completed and tested in accordance with what I presume is an OpenBSD development model, not Linux. And in regard to the 'other open source projects will follow' statement, its arrogant and absurd to think that once the LibreSSL code is finalized and ported that these dicks are going to stick around and continue to contribute to any open source technology that doesnt clandestinely butter their bread in user facing products that happen to be facing a sev. 1 exploit they cant avoid through marketing or a new product.

  • Re:Sure they do. (Score:5, Interesting)

    by wjcofkc (964165) on Thursday April 24, 2014 @09:30AM (#46832151)
    Nothing is wrong with this picture. Like pretty much every tech company, the future of Microsoft relies on a vibrant, healthy, and growing internet - and there is still lot of room grow. Helping to fine tune the world of Open Source results in expanding needs and infrastructure, which invariably means that Microsoft software will find a way to be involved. Helping Open Source is a fast-track to expanding profits, fighting Open Source is a task for Sisyphus and they know it. There is no reason that Open and closed source cannot coexist in this world.

    Disclaimer: When I talk about Microsoft's technology, I am not talking about their current consumer OS debacle. I used to be a ZOMG! M$ SUX!!! type, but Microsoft is now an embattled company well aware that they fucked up a lot these last few years. I am curious to see what direction that will take them. I suppose this is part of that. Also, their back end products: Windows Server/Active Directory/Sql server, etc... really are pretty nice. Although I do prefer Linux, FreeBSD and their associated Open Source server solutions.
  • The OpenSSL rampage (Score:4, Interesting)

    by Neo-Rio-101 (700494) on Thursday April 24, 2014 @09:37AM (#46832217)

    For some funny blow-by-blow commentary that the LibreSSL people are doing, check out http://opensslrampage.org/ [opensslrampage.org]

    Too many VMS jokes to count.... but just looking at the comments, OpenSSL's code is labyrinthine and full of cruft and useless files.

  • by serviscope_minor (664417) on Thursday April 24, 2014 @09:48AM (#46832299) Journal

    So the Linux Foundation has a fundamental distaste for Theo? Does the world really need two competing forks of OpenSSL?

    It doesn't: this new initiative have so far done nothing. I fully expect Amazon, Cisco, Facebook, Fujitsu, Google, HP, IBM, Intel, Linux Foundation, Microsoft, Netapp, Qualcomm, Rackspace and VMWare (yep those are the logos splattered all over the place) to sit around with their dicks in their hands having press releases statting initiatives and decding how to spend the funding while OpenBSD actually knuckles down and fixes OpenSSL.

    I expect that shortly after, some enterprising person from Debian will do some basic porting and have an alteriative set up in the experimental repo. From there it will wend its way around into the other distributions (mint, ubuntu) and the patch set might wind up in some early Arch AUR builds and Fedora packages. By that stage the OpenBSD people will have probably accepted the patches and it will be officially portable. At this point Arch will have probably replaced it as a system wide depencendy because hey, it can always be unreplaced if it's bad. Gentoo of course will make it easy to switch between OpenSSL and LibreSSL with just a teeny little recompile of everything, but whatever it's just some portage flags anyway. Redhat probably won't care since they're probably on a version of OpenSSL so old that there are no longer any known bugs. Fedora will vascillate between the two and eventually decide to do whatever ubuntu finally chooses.

    Then maybe in a while, we'll have an announcement that someone we've never heard of will be heading this terribly important project, and that huge splat of logos will get another outing. I expect this will happen at about the same time that some nutjob finishes a port of LibreSSL to his Amiga.

    During the above timespan, I expect to hear about Linux and Theo swearing at people in public and to have some good troll threads on slashdot about geneder equality in IT (or nursing or teaching), 27 articles about 3D printing (guns or otherwise).

  • Where is Apple? (Score:4, Interesting)

    by kbdd (823155) on Thursday April 24, 2014 @09:49AM (#46832313) Homepage
    Oh wait, they can't afford it, it's not in their budget...
  • by serviscope_minor (664417) on Thursday April 24, 2014 @09:54AM (#46832395) Journal

    1. It's not initially feature-compatible with OpenSSL

    It's feature compatible enough to recompile the entire OpenBSD ports tree with LibreSSL as a drop in replacement.

    3. There's no guarantee the rewrite would be accepted by the OpenSSL team

    Probably not, but they didn't accept fixes for big bugs which had been maintained as out of tree patches by OpenBSD and a bunch of Linux distros, so at this point who cares?

    4. There's no guarantee LibreSSL will work on anything but BSD

    Well, it will if they port it. Besides, it's not like OpenBSD don't have a proven track record in this department.

    5. Theo doesn't control OpenSSL

    That sounds like a reason for LibreSSL, not against. The OpenBSD project (apart from an astounding security record) is in charge of OpenSSH, another piece of critical infrastructure.

    1. This Linux Foundation fund identify LibreSSL as the most feasible solution in the long-term, and provide support for both projects.

    That would be good.

    2. Important bugs identified by both teams are ported to patch the current OpenSSL release.

    That seems unlikely given the above.

If you think nobody cares if you're alive, try missing a couple of car payments. -- Earl Wilson

Working...