Funding insecure infrastructure rather than replacing it with secure infrastructure isn't a long-term solution. It may make things worse rather than making them better.
No amount of funding is going to make OpenSSL into a project focused on security/correctness like BoringSSL.
Conversation
I don't think what they intend to do with that money is simply funding critical open source infrastructure. I think they intend for most of it to be used on efforts like the Rust TLS stack they're funding via ISRG.
abetterinternet.org/post/preparing
At least, I hope that's their plan.
2
4
Similarly, see opentitan.org which is an open hardware secure element they could use to replace their Titan secure elements in Pixels and their servers, but available for others too.
Google does fairly aimlessly throw money at projects but has more focused efforts too.
2
5
Yeah, my concern was this was going to be aimless. If they actually put money into meaningful projects, I support that, but "open source security" is scary-vague.
Giving people tokens has obvious, real value. I don't have to really guess as much about it.
1
1
Google has gotten pretty good at this especially now that they're onboard with Rust. Likely interested in funding replacing a bunch of infrastructure with solid Rust projects, among other things.
Android 12 even replaces most of the old C++ Bluetooth stack with a new Rust one.
3
3
Handing out security keys to people who don't already have them is probably has the most immediate impact, agree.
Also agree replacing hulking memory-unsafe code bases is a nice medium/long term goal. But this will take time.
1
It's going pretty fast for AOSP. Everyone using supported Pixels will get an over-the-air update to Android 12 bringing the Rust Bluetooth stack. I expect they'll be introducing dramatically more of it for Android 13 as long as deploying it for Android 12 goes well.
2
1
So the real question is can I separate out that Rust bluetooth stack and use it on a Linux distro? Will they contribute support to built it standalone so distros can benefit too?
Unfortunately there's more than just Android to improve.
2
Android has heavily used a memory safe language from the beginning: Java.
I don't think it's up to Google to convince traditional distributions their approach to security is terrible: ill-defined base system cobbled together from fragmented projects without overall security.
1
Android is a Linux distribution, and ChromeOS is one too. They could port it to replace the Bluetooth stack on ChromeOS and then other distributions could decide if they want to use it. I don't really think it makes sense for them to make something that won't really be used.
1
1
Traditional Linux distributions have moved heavily towards more pervasive use of C rather than away from it via systemd. A lot of them are pretty unhappy with projects adopting Rust since it doesn't have support for all their architectures and is harder for them to handle.
I really don't think most traditional distributions are going to have much interest in most of the services and libraries being replaced with new implementations in Rust. Fedora would probably be fine with it. I can't see it being received well in Debian. It's a waste of effort.
1
Show replies