December 2020

Drum roll please... Continuing on the theme of being asked to pay no attention to the man behind the curtain we have an open source view of the SolarWinds debacle... Yes, the one that appears to have allowed 'state operatives' access to a significant part of the US Government's infrastructure as well as affecting other Fortune 500 companies like Microsoft... you know, the US company that NZ Govt agencies spend so many of our tax dollars on in spite of there being viable alternatives here in New Zealand.

I've long been a fan of Sun Tzu because I believe that knowing how an opponent thinks is crucial to knowing how to deal with them. I've also held the view that a significant part of the security industry that exists today does so solely because of the actions of a single company. The prevailing view in the IT industry has been get to market first at all costs and the ongoing effect of this is that anything that is seen as slowing down the delivery of the next MVP is a problem... so the first things to go in time critical projects are security and testing. Our target market becomes our test bed whether they like it or not.

Actually it is more like businesses in general won't take risks when hiring people... This makes it especially difficult for people entering the industry but also causes issues for more experienced IT professionals who may have a broader range of skills but not the in depth skills the employer is looking for right now. So how can you tilt your job application in your favour? Well, in the same vein as one recruiter said to me, 'you need to be more active online'... and how can new IT professionals do that? By using GitHub and GitLab to document their contributions to open source projects and build an online portfolio of work to show prospective employers.

One of the arguments used against linux and open source in the past by large proprietary OS vendors with significant market share is that of course there are fewer reported security issues with linux when compared with the tsunami of issues with their products because the linux install base is so small... Well linux based server systems now run most of the internet so that statement no longer holds water, and yet the linux and open source community are still better at detecting and correcting security issues than proprietary equivalents. This article by Jack Wallen on TechRepublic outlines some reasons why.

Open source... A short article on a study by the Open Source Security Foundation and a Harvard Innovation Science lab outlines some of the reasons why people work on open source projects. Head of the list is because they enjoy it... so no surprises there. Money also makes the list but is a lot further down.

In a case of the Government meeting its own GOAL the front end and documentation for the NZ COVID Tracer app has been released under the Affero General Public License (AGPL). That's the license that Google doesn't like so we can rest assured that it won't be re-purposed and sold back to us... Anyway, good start and kudos to the Ministry of Health. Now if there was only a way you could be convinced to drop your unhealthy relationship with Microsoft, stop sending so many taxpayer dollars offshore and use them instead to provide health services to New Zealanders by New Zealanders.

I see in Stuff that there are a number of US State and Federal officials going after Facebook for alleged monopolistic behaviour. Colour me surprised. Facebook and other members of the 'Frightful Five' have been accused of a significant amount of this behaviour and there is enough evidence that it has occurred... To date only Microsoft has actually been convicted and were punished by 'a slap on the wrist' according to the plaintiffs. What they were required to do was share their APIs with third parties to allow interoperability but in effect it only allowed people to call windows functions, and couldn't be used to create competing products. Hold that thought as you read on...

Matt Stoller, Director of Research at the American Economic Liberties Project and author of 'Goliath: The Hundred Year War Between Monopoly Power and Democracy' (available on Amazon, of course, but I suggest you buy it from your local bookseller instead) runs a blog called BIG... and his latest entry concerns the purchase of Slack by Salesforce which he sees as a defensive move by two multinationals to stave off the total monopolisation of the market by a third multinational called, you guessed it, Microsoft.