Microsoft, Google, Others Join To Fund Open Source Infrastructure Upgrades

wiredmikey (1824622) writes "Technology giants including Microsoft, Google, Intel, and Cisco are banding together to support and fund open source projects that make up critical elements of global information infrastructure. The new Core Infrastructure Initiative brings technology companies together to identify and fund open source projects that are widely used in core computing and Internet functions, The Linux Foundation announced today. Formed primarily as the industry's response to the Heartbleed crisis, the OpenSSL library will be the initiative's first project. Other open source projects will follow. The funds will be administered by the Linux Foundation and a steering group comprised of the founding members, key open source developers, and other industry stakeholders. Anyone interested in joining the initiative, or donating to the fund can visit the Core Infrastructure Initiative site."

Game theory in action

[HangingChad]

Team up to create the pie, then fight for your pieces. I'm actually shocked Microsoft is participating. It's a good move and I'm not used to seeing Redmond do the smart thing. Maybe their collective IQ went up now that Ballmer is out of the picture.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Sure they do.

[wjcofkc]

Nothing is wrong with this picture. Like pretty much every tech company, the future of Microsoft relies on a vibrant, healthy, and growing internet - and there is still lot of room grow. Helping to fine tune the world of Open Source results in expanding needs and infrastructure, which invariably means that Microsoft software will find a way to be involved. Helping Open Source is a fast-track to expanding profits, fighting Open Source is a task for Sisyphus and they know it. There is no reason that Open and closed source cannot coexist in this world.

Disclaimer: When I talk about Microsoft's technology, I am not talking about their current consumer OS debacle. I used to be a ZOMG! M$ SUX!!! type, but Microsoft is now an embattled company well aware that they fucked up a lot these last few years. I am curious to see what direction that will take them. I suppose this is part of that. Also, their back end products: Windows Server/Active Directory/Sql server, etc... really are pretty nice. Although I do prefer Linux, FreeBSD and their associated Open Source server solutions.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:duplicated effort?

[serviscope_minor]

So the Linux Foundation has a fundamental distaste for Theo? Does the world really need two competing forks of OpenSSL?

It doesn't: this new initiative have so far done nothing. I fully expect Amazon, Cisco, Facebook, Fujitsu, Google, HP, IBM, Intel, Linux Foundation, Microsoft, Netapp, Qualcomm, Rackspace and VMWare (yep those are the logos splattered all over the place) to sit around with their dicks in their hands having press releases statting initiatives and decding how to spend the funding while OpenBSD actually knuckles down and fixes OpenSSL.

I expect that shortly after, some enterprising person from Debian will do some basic porting and have an alteriative set up in the experimental repo. From there it will wend its way around into the other distributions (mint, ubuntu) and the patch set might wind up in some early Arch AUR builds and Fedora packages. By that stage the OpenBSD people will have probably accepted the patches and it will be officially portable. At this point Arch will have probably replaced it as a system wide depencendy because hey, it can always be unreplaced if it's bad. Gentoo of course will make it easy to switch between OpenSSL and LibreSSL with just a teeny little recompile of everything, but whatever it's just some portage flags anyway. Redhat probably won't care since they're probably on a version of OpenSSL so old that there are no longer any known bugs. Fedora will vascillate between the two and eventually decide to do whatever ubuntu finally chooses.

Then maybe in a while, we'll have an announcement that someone we've never heard of will be heading this terribly important project, and that huge splat of logos will get another outing. I expect this will happen at about the same time that some nutjob finishes a port of LibreSSL to his Amiga.

During the above timespan, I expect to hear about Linux and Theo swearing at people in public and to have some good troll threads on slashdot about geneder equality in IT (or nursing or teaching), 27 articles about 3D printing (guns or otherwise).

Where is Apple?

[kbdd]

Oh wait, they can't afford it, it's not in their budget...

Re:Ah industry initiatives.

[serviscope_minor]

1. It's not initially feature-compatible with OpenSSL

It's feature compatible enough to recompile the entire OpenBSD ports tree with LibreSSL as a drop in replacement.

3. There's no guarantee the rewrite would be accepted by the OpenSSL team

Probably not, but they didn't accept fixes for big bugs which had been maintained as out of tree patches by OpenBSD and a bunch of Linux distros, so at this point who cares?

4. There's no guarantee LibreSSL will work on anything but BSD

Well, it will if they port it. Besides, it's not like OpenBSD don't have a proven track record in this department.

5. Theo doesn't control OpenSSL

That sounds like a reason for LibreSSL, not against. The OpenBSD project (apart from an astounding security record) is in charge of OpenSSH, another piece of critical infrastructure.

1. This Linux Foundation fund identify LibreSSL as the most feasible solution in the long-term, and provide support for both projects.

That would be good.

2. Important bugs identified by both teams are ported to patch the current OpenSSL release.

That seems unlikely given the above.