NLnet has awarded grants totaling €675,000 to eleven open-source projects focused on reclaiming the public internet. These projects aim to develop and improve decentralized, privacy-respecting alternatives to centralized platforms and services. The funded initiatives cover areas like peer-to-peer communication, distributed social networking, censorship-resistant content distribution, and decentralized identity management, all contributing to a more democratic and resilient online experience. The grants are part of NLnet's Commons Fund, which supports initiatives that foster open standards, protocols, and infrastructure.
A misconfigured DNS record for Mastercard went unnoticed for an estimated two to five years, routing traffic intended for a Mastercard authentication service to a server controlled by a third-party vendor. This misdirected traffic included sensitive authentication data, potentially impacting cardholders globally. While Mastercard claims no evidence of malicious activity or misuse of the data, the incident highlights the risk of silent failures in critical infrastructure and the importance of robust monitoring and validation. The misconfiguration involved an incorrect CNAME record, effectively masking the error and making it difficult to detect through standard monitoring practices. This situation persisted until a concerned individual noticed the discrepancy and alerted Mastercard.
HN commenters discuss the surprising longevity of Mastercard's DNS misconfiguration, with several expressing disbelief that such a basic error could persist undetected for so long, particularly within a major financial institution. Some speculate about the potential causes, including insufficient monitoring, complex internal DNS setups, and the possibility that the affected subdomain wasn't actively used or monitored. Others highlight the importance of robust monitoring and testing, suggesting that Mastercard's internal processes likely had gaps. The possibility of the subdomain being used for internal purposes and therefore less scrutinized is also raised. Some commenters criticize the article's author for lacking technical depth, while others defend the reporting, focusing on the broader issue of oversight within a critical financial infrastructure.
Summary of Comments ( 177 )
https://news.ycombinator.com/item?id=43769482
Hacker News commenters generally expressed support for NLnet's funding of open-source internet infrastructure projects. Several highlighted the importance of decentralization and moving away from reliance on large corporations. Some questioned the viability or impact of certain projects, particularly Matrix, while others championed its potential. A few commenters discussed the challenges of funding and sustaining open-source projects long-term, suggesting alternative funding mechanisms and emphasizing the need for community involvement. There was also a thread discussing the definition of "public internet" and whether these projects genuinely contribute to it.
The Hacker News post "Open Source Projects Receive Funding to Reclaim the Public Internet" (linking to an NLnet foundation grants announcement) generated several comments discussing the funded projects and the overall initiative.
Several commenters expressed enthusiasm for specific projects. One commenter highlighted the "Public money, public code" approach being taken by the Guix project, praising its commitment to software freedom and transparency. They further emphasized the importance of reproducible builds in ensuring the integrity and verifiability of software. Another user expressed excitement about the funding awarded to Qubes OS, citing its unique security model based on virtualization. They saw this as a crucial step towards strengthening online privacy and security. Another commenter, seemingly familiar with Qubes, added that the funding is particularly relevant given the recent surge in sophisticated malware attacks.
There was a discussion around the significance of funding open-source infrastructure projects. A commenter emphasized the crucial, yet often overlooked, role of such projects in underpinning the internet. They pointed out how these projects often operate with limited resources and how such funding can significantly impact their sustainability and development. This sentiment was echoed by another user who lamented the historical underfunding of public infrastructure in the digital realm, expressing hope that initiatives like NLnet's would pave the way for a more robust and publicly owned internet infrastructure.
One commenter focused on the legal aspects of open source, drawing attention to the importance of licenses and emphasizing their role in guaranteeing software freedoms. They expressed concern that without proper licensing, the positive impact of such funding could be diminished.
Several users engaged in a discussion about the technical merits of different projects. One thread discussed the complexities of decentralized systems and their potential to address issues of censorship and control. Another thread debated the advantages and disadvantages of particular software development methodologies.
Finally, some commenters broadened the discussion to the larger philosophical implications of a "public internet." They discussed the ongoing tension between centralized platforms and decentralized alternatives, and the importance of initiatives like this in promoting a more open and democratic internet. They viewed funding for open-source projects as a crucial step towards reclaiming the internet as a public good, rather than a space dominated by corporate interests.