this post was submitted on 26 Dec 2021
-1 points (0.0% liked)

Technology

34806 readers
208 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] -5 points 2 years ago (2 children)

I think this is a wrong gesture on China's part. The government should be a secondary entity to the developer entity of software code affected. Apache software's bug should be known to Apache first, and then anyone else, considering Apache server is used everywhere in the world.

[–] [email protected] 0 points 2 years ago (1 children)

It is a double-edged sword: Where is the Apache Foundation registered and operating? In the United States. The company that found the exploit, Alibaba, is Chinese. Even the department that found it (security team) is located in the offices of Alibaba Cloud, in Singapore. In short, the Chinese government was very close to having a tool to seriously damage the Western technology infrastructure, without the other side ever knowing where exactly they were being hit from. And if it had been the other way around? if that information had reached the Singaporean authorities earlier? we must not forget that it is a very servile government to the United States. Or in the worst case scenario the report was intercepted at the Apache Foundation, remember PRISM? one of their goals is to find potential vulnerabilities and exploit them against "hostile forces" even forcing companies registered on US soil and several beyond their borders to leave "backdoors" in their products/systems without public knowledge.

Fortunately or unfortunately it was reported and announced publicly, without prior knowledge of the respective governments, so neither side gained a considerable advantage in this new field of warfare that is the cyberspace.

[–] [email protected] -3 points 2 years ago

In short, the Chinese government was very close to having a tool to seriously damage the Western technology infrastructure, without the other side ever knowing where exactly they were being hit from.

I thought of this later, but there is a significant downside with Apache exploit, and that is multiple FOSS projects around the world that are independent of government stuff. Think of the privacy SaaS. What if OVH data centers, on which Lemmy runs, relies on Apache? Or any of the Fediverse networks?