2024-03-29: Goodbye Ross, tech independence, backdoors
(If you work at FF/FFDW 🄽 links will send you to a local, editable page in the Filecoin Foundation Notion. If you are in the Filecoin ecosystem, you may be able to join the #monologue-danny Slack channel where I answer questions, take meeting bookings, talk to myself and the other voices in my head. In the glorious decentralized ocap-enabled future, such data-hoardings will be a thing of the past, but we live for now in a fallen ACL world.)
Three Things I Did Today
Mourned Ross Anderson🄽, who passed away this week. He invented the Eternity Service, an ancestor to Filecoin. His influence on the UK tech and security scene was considerable, including founding the Foundation for Information Policy Research, the first UK digital rights group. In his last years he was a champion of CHERI, the capability-based security architecture. Had to break the bad news to a few people. I wrote a bit about his impact in a Hacker News comment.
Put together some suggestions for the $2 million Filecoin Retro Public Goods Funding (RetroPGF)🄽 program. Submit your own nominations! Even if you’re not directly connected to Filecoin, but software that Filecoin relies upon, that counts! Nomination round ends on Sunday.
After some useful discussions of legal stuff, I’ve been itching to deal something that wasn’t a discussion, so have been hacking on some code to manage my Notion wiki, and these entries in particular. A bit meta-, but sometimes you’ve got to go meta, especially at the end of the week.
TIL
I learned this one at the same time as everyone else, but there was a long-in-the-making malicious backdoor inserted into a minor open source library, xz/libxzma🄽, intended to target ssh, one of the core secure protocols that keeps the Internet together. Breakdown of what we know so far. Possibly a state- or state-funded (or state-threatened) actor. Expect to hear a lot more about this, eventually in the mainstream media, in the next few days and weeks. You can see the detection of this flaw just in time, as either the system working as planned, or a very close shave.
Links
New Tech Congress Fellows — these are the techies who are funded to support US politician’s staff. We fund this program, because it’s a great way to raise knowledge among staffers on the truth about tech issues.
Derek Sivers🄽 has a guide to tech independence — a script that creates your own domain name, email, cloud storage and server. It’s a little convoluted and depends on Vultr🄽 which is getting some criticism, but an interesting idea.