New York Times Recognizes Open-Source Maintainers With 2024 'Good Tech' Award (thestar.com.my) 6
This week New York Times technology columnist Kevin Roose published his annual "Good Tech" awards to "shine the spotlight on a few tech projects that I think contributed positively to humanity."
And high on the list is "Andres Freund, and every open-source software maintainer saving us from doom." The most fun column I wrote this past year was about a Microsoft database engineer, Andres Freund, who got some odd errors while doing routine maintenance on an obscure open-source software package called xz Utils. While investigating, Freund inadvertently discovered a huge security vulnerability in the Linux operating system, which could have allowed a hacker to take control of hundreds of millions of computers and bring the world to its knees.
It turns out that much of our digital infrastructure rests on similar acts of nerdy heroism. After writing about Freund's discovery, I received tips about other near disasters involving open-source software projects, many of which were averted by sharp-eyed volunteers catching bugs and fixing critical code just in time to foil the bad guys. I could not write about them all, but this award is to say: I see you, open-source maintainers, and I thank you for your service.
Roose also acknowledges the NASA engineers who kept Voyager 1 transmitting back to earth from interstellar space — and Bluesky, "for making my social media feeds interesting again."
Roose also notes it was a big year for AI. There's a shout-out to Epoch AI, a small nonprofit research group in Spain, "for giving us reliable data on the AI boom." ("The firm maintains public databases of AI models and AI hardware, and publishes research on AI trends, including an influential report last year about whether AI models can continue to grow at their current pace. Epoch AI concluded they most likely could until 2030.") And there's also a shout-out to groups "pushing AI forward" and positive uses "to improve health care, identify new drugs and treatments for debilitating diseases and accelerate important scientific research."
And high on the list is "Andres Freund, and every open-source software maintainer saving us from doom." The most fun column I wrote this past year was about a Microsoft database engineer, Andres Freund, who got some odd errors while doing routine maintenance on an obscure open-source software package called xz Utils. While investigating, Freund inadvertently discovered a huge security vulnerability in the Linux operating system, which could have allowed a hacker to take control of hundreds of millions of computers and bring the world to its knees.
It turns out that much of our digital infrastructure rests on similar acts of nerdy heroism. After writing about Freund's discovery, I received tips about other near disasters involving open-source software projects, many of which were averted by sharp-eyed volunteers catching bugs and fixing critical code just in time to foil the bad guys. I could not write about them all, but this award is to say: I see you, open-source maintainers, and I thank you for your service.
Roose also acknowledges the NASA engineers who kept Voyager 1 transmitting back to earth from interstellar space — and Bluesky, "for making my social media feeds interesting again."
Roose also notes it was a big year for AI. There's a shout-out to Epoch AI, a small nonprofit research group in Spain, "for giving us reliable data on the AI boom." ("The firm maintains public databases of AI models and AI hardware, and publishes research on AI trends, including an influential report last year about whether AI models can continue to grow at their current pace. Epoch AI concluded they most likely could until 2030.") And there's also a shout-out to groups "pushing AI forward" and positive uses "to improve health care, identify new drugs and treatments for debilitating diseases and accelerate important scientific research."
- The nonprofit Arc Institute released Evo, an AI model that "can predict and generate genomic sequences, using technology similar to the kind that allows systems like ChatGPT to predict the next words in a sequence."
- A Harvard University lab led by Dr. Jeffrey Lichtman teamed with researchers from Google for "the most detailed map of a human brain sample ever created. The team used AI to map more than 150 million synapses in a tiny sample of brain tissue at nanometer-level resolution..."
- Researchers at Stanford and McMaster universities developed SyntheMol, "a generative AI model that can design new antibiotics from scratch."
Missing caveat (Score:2, Insightful)
"As far as we know".
Vulnerability in Linux OS :o (Score:3)
“Researchers have found a malicious backdoor in a compression tool that made its way into widely used Linux distributions, including those from Red Hat and Debian.”
“Because the backdoor was discovered before the malicious versions of xz Utils were added to production versions of Linux [arstechnica.com], “it's not really affecting anyone in the real world,” Will Dormann, a senior vulnerability analyst at security firm Analygence, said”
Re:Vulnerability in Linux OS :o (Score:4, Informative)
xz is extremely important, and yes it affected Linux as well, because the kernel boot image is compressed with xz nowadays.
No doubt had the xz backdoor not been discovered when it was, it would've been embedded throughout the ecosystem. It only affected SSH at first, but it wouldn't be a huge stretch for it to affect the Linux kernel as well, injecting a vulnerability into the kernel.
xz is also great at compressing highly repetitive data - text log files, for example, compress extremely well because repeating messages compress down a lot. It's a bit slow - I had to compress about 100MB of log file and it came out to around 2MB or so to attach to a ticket. Gzip on -9 would make it 20MB.
Are the NY Times tech staff still on strike? (Score:2)
Need to also recognize (Score:2)
Aging out and retiring of lots of open source developers who started in the 90s and early 2000s with significant projects going into unmaintained status