Keep Calm and Stay Smart
11:21
Wasu masu haɓakawa suna lalata software mai buɗewa
Getty Images
Ɗaya daga cikin abubuwan ban mamaki game da buɗaɗɗen tushen ba shine yana samar da babbar manhaja ba. Yana da cewa da yawa developers ajiye son zuciyarsu a gefe don ƙirƙirar manyan shirye-shirye tare da taimakon wasu. Yanzu, duk da haka, wasu tsirarun masu shirye-shirye suna sanya damuwarsu a gaban kyawawan abubuwan da yawa da kuma yuwuwar lalata software mai buɗewa ga kowa.
Popular a yanzu
Misali, mai kula da fakitin JavaScript RIAEvangellist, Brandon Nozaki Miller, ya rubuta kuma ya buga buɗaɗɗen lambar npm kunshin lambar tushe mai suna peacenotwar. Ya ɗan yi kaɗan amma buga saƙo don salama zuwa kwamfutoci. Ya zuwa yanzu, mara lahani.
Daga nan Miller ya saka lambar qeta a cikin kunshin don sake rubuta tsarin fayilolin masu amfani idan kwamfutarsu tana da adireshin IP na Rasha ko Belarushiyanci. Sannan ya kara da shi a matsayin dogaro ga shahararriyarsa node-ipc shirin da hargitsi nan take! Sabbin sabar da PC da yawa sun sauka yayin da suke sabuntawa zuwa sabuwar lambar sannan kuma tsarin su ya goge abubuwan tafiyarsu.
Kariyar Miller, "Wannan duk jama'a ne, rubuce-rubuce, lasisi da buɗaɗɗen tushe,” baya dagewa.
Liran Tal, the Rariya wani mai binciken da ya bankado matsalar ya ce, “Ko da gangan kuma da gangan wasu suka dauki matakin da gangan a matsayin haramtacciyar zanga-zanga. ta yaya hakan ke nuni ga martabar mai kula da ita a nan gaba da hannun jari a cikin al'umma masu tasowa? Shin za a sake amincewa da wannan mai kula da shi don kada ya bi diddigin ayyukan da za a yi a nan gaba a irin waɗannan ayyukan ko ma fiye da haka ga duk wani ayyukan da suka shiga?
Miller ba bazuwar crank. Ya samar da adadi mai kyau da yawa, kamar node-ipc, da Node HTTP Server. Amma, za ku iya amincewa da kowane lambar sa don kada ya zama qeta? Yayin da yake siffanta shi da cewa "ba malware ba, [amma] protestware wanda ke da cikakkun bayanai, ” wasu kuma da dafi ba su yarda ba.
Popular a yanzu
Kamar yadda wani mai tsara shirye-shiryen GitHub ya rubuta, "Abin da zai faru da wannan shi ne cewa ƙungiyoyin tsaro a cikin kamfanonin Yamma waɗanda ba su da alaƙa da Rasha ko siyasa za su fara gani. software mai kyauta da buɗaɗɗen tushe azaman hanyar kai hare-haren sarkar kayayyaki (wanda wannan shi ne gaba ɗaya) kuma a sauƙaƙe fara hana software kyauta da buɗaɗɗen tushe - duk software mai kyauta da buɗaɗɗen tushe - a cikin kamfanoninsu. "
Kamar yadda wani mai haɓaka GitHub tare da nm17 ya rubuta, “The Amintaccen factor na bude tushen, wanda ya dogara ne akan kyakkyawar nufin masu haɓakawa yanzu ya ƙare, kuma yanzu, mutane da yawa suna fahimtar cewa wata rana, ɗakin karatu / aikace-aikacen su na iya yiwuwa a yi amfani da su don yin / faɗi duk abin da wasu bazuwar dev akan intanet suka yi tunani ' shi ne abin da ya dace su yi.'
Dukansu suna yin ingantattun maki. Lokacin da ba za ku iya amfani da lambar tushe ba sai kun yarda da matsayin siyasa na mai yin sa, ta yaya za ku yi amfani da shi da tabbaci?
Zuciyar Miller na iya kasancewa a daidai wurin - Slava Ukraini! - amma shin software ce ta buda-baki ta kamu da muguwar kaya hanyar da ta dace don kare mamayar da Rasha ta yi wa Ukraine? A'a, ba haka ba ne.
Hanyar bude tushen kawai tana aiki saboda mun amince da juna. Lokacin da aka karya wannan amana, ko da menene dalili, to, tushen tushen tushen tushen ya karye. Kamar yadda Greg Kroah-Hartman, mai kula da kernel na Linux don reshe mai tsayayye, ya ce lokacin da ɗalibai daga Jami'ar Minnesota suka yi ƙoƙarin saka lambar mara kyau a cikin kernel na Linux don gwaji a 2021, "Abin da suke yi shi ne mugun hali da gangan. ba a yarda da shi kuma gaba ɗaya rashin ɗa'a. "
Popular a yanzu
Mutane sun dade suna jayayya cewa bude tushen ya kamata ya haɗa da tanadin ɗa'a kuma. Misali, 2009 Babban Lasisi na Jama'a (eGPL), bita na GPLV2, yayi ƙoƙarin hana "bangare," kamar masu amfani da soja da masu ba da kayayyaki, daga yin amfani da lambar sa. Ya kasa. Sauran lasisi kamar su lasisin JSON tare da butulci mai dadi "software za a yi amfani da shi don nagarta, ba mugunta ba" jumlar har yanzu tana kusa, amma babu wanda ya tilasta shi.
Kwanan nan, mai fafutuka kuma mai haɓaka software Coraline Ada Ehmke ya gabatar da lasisin buɗe ido wanda ke buƙatar masu amfani da shi suyi aiki da ɗabi'a. Musamman, ita Hippocratic lasisi kara da cewa MIT lasisin buɗe tushen wata magana mai cewa:
“Ba za a iya amfani da software ta daidaikun mutane, kamfanoni, gwamnatoci, ko wasu ƙungiyoyi don tsarin ko ayyukan da ke cikin haɗari da sani ba, cutarwa, ko kuma yin barazana ga lafiyar jiki, tunani, tattalin arziƙi, ko rayuwar marasa galihu. take hakkin yancin ɗan adam na Majalisar Dinkin Duniya."
Yayi kyau, amma ba buɗaɗɗen tushe ba ne. Ka ga, tushen buɗe ido yana cikin kansa da kansa matsayi na ɗabi'a. Ka'idojinsa suna kunshe a cikin Gidauniyar Software na Kyauta (FSF)s 'Yanci Mahimmanci Hudu. Wannan shine tushen duk lasisin buɗe ido da ainihin falsafar su. A matsayin masanin shari'a mai tushe kuma farfesa a fannin shari'a na Columbia Eben Moglen, ya ce a lokacin cewa lasisin ɗa'a ba zai iya zama software na kyauta ko lasisin buɗe ido ba:
Popular a yanzu
"'Yanci zero, 'yancin gudanar da shirin na kowace manufa, ya zo na farko a cikin 'yanci guda hudu domin idan masu amfani ba su da wannan 'yancin game da shirye-shiryen kwamfuta da suke gudanarwa, a ƙarshe ba su da wani hakki a cikin waɗannan shirye-shiryen kwata-kwata. Ƙoƙarin ba da izini kawai don amfani mai kyau, ko kuma hana mummuna a gaban mai ba da lasisi, ya saba wa abin da ake buƙata don kare sifirin 'yanci."
A wasu kalmomi, idan ba za ku iya raba lambar ku ba saboda kowane dalili, lambar ku ba ta zama tushen buɗe ido da gaske ba.
Wani ƙarin hujjar da ta fi dacewa game da hana ƙungiya ɗaya yin amfani da software na buɗaɗɗen tushe shine toshewa akan wani abu kamar adireshin IP babban goge ne. Kamar yadda Florian Roth, kamfanin tsaro Nextron Systems'Shugaban Bincike, wanda yayi la'akari"kashe kayan aikina na kyauta akan tsarin tare da wasu harshe da saitunan yankin lokaci,” a ƙarshe ya yanke shawarar ba. Me yasa? Domin yin haka, "za mu kuma musaki kayan aikin akan tsarin masu suka da masu tunani wanda ke yin Allah wadai da ayyukan gwamnatocinsu.”
Abin baƙin ciki, ba kawai mutane suna ƙoƙarin amfani da buɗaɗɗen tushen abin da suke gani a matsayin babban manufar ɗabi'a ba ne ke haifar da matsala ga buɗaɗɗen software.
A farkon wannan shekara, mai haɓaka JavaScript Marak Squires da gangan ya yi ɓarna ga ɓoyayyensa, amma mahimman mahimmin buɗe-bude tushen ɗakunan karatu na Javascript 'colors.js' da 'faker.js." Sakamakon? Dubun dubatar shirye-shiryen JavaScript sun tashi.
Me yasa? Har yanzu bai bayyana sarai ba, amma a cikin sakon GitHub da aka goge tun lokacin, Squires ya rubuta, “Gaskiya, Ba zan ƙara goyon bayan Fortune 500s ba (da sauran ƙananan kamfanoni) tare da aikina na kyauta. Babu wani abu da yawa da za a ce. Yi amfani da wannan a matsayin dama don aiko mini da kwangilar lamba shida a kowace shekara ko cokali mai yatsa a sa wani ya yi aiki a kai.” Kamar yadda kuke tsammani, wannan yunƙuri na ɓata hanyarsa zuwa albashi bai yi masa kyau ba.
Kuma, sannan akwai mutanen da da gangan suka sanya malware a cikin lambar buɗe tushen su don jin daɗi da riba. Misali, kamfanin tsaro na DevOps JFrog gano sabbin fakiti 17 na qeta JavaScript a cikin ma'ajiyar NPM wadanda suka kai hari da gangan da sace alamun Discord na mai amfani. Za a iya amfani da waɗannan a kan Rikici sadarwa da dandamalin rarraba dijital.
Bayan ƙirƙirar sabbin shirye-shirye na buɗe tushen ɓarna waɗanda ba su da laifi kuma suna taimakawa, sauran maharan suna ɗaukar tsofaffi, software da aka watsar suna sake rubuta su don haɗawa da tsabar kudin crypto na satar gida. Ɗayan irin wannan shirin shine taron-ruwa. Yana da lambar ƙeta da aka saka a cikinta don satar walat ɗin bitcoin da canja wurin ma'auni zuwa sabar Kuala Lumpur. An sami aukuwa iri ɗaya da yawa a cikin shekaru.
Tare da kowane irin wannan motsi, bangaskiya ga buɗaɗɗen software ya ƙare. Tunda tushen buɗe ido yana da matuƙar mahimmanci ga duniyar zamani, wannan yanayin rashin hankali ne.
Me za mu iya yi game da shi? Da kyau, abu ɗaya, ya kamata mu yi la'akari sosai lokacin da, idan har abada, ya kamata mu toshe amfani da lambar buɗe tushen.
More a aikace, dole ne mu fara fara amfani da Linux Foundation's Musanya Bayanan Fakitin Software (SPDX) da kuma Lissafin Kayayyakin Software (SBOM). Tare waɗannan za su gaya mana ainihin lambar da muke amfani da ita a cikin shirye-shiryenmu da kuma inda ta fito. Sa'an nan, za mu fi samun damar yanke shawara na ilimi.
A yau, mutane da yawa suna amfani da lambar buɗewa ba tare da sanin ainihin abin da suke gudana ba ko duba shi don matsaloli. Suna tsammanin duk yana da kyau da shi. Wannan bai taba zama zato mai wayo ba. A yau, wannan wauta ce.
Ko da duk waɗannan canje-canje na kwanan nan, buɗe tushen har yanzu yana da kyau kuma ya fi aminci fiye da madadin software na mallakar akwatin akwatin. Amma, dole ne mu bincika kuma mu tabbatar da lambar maimakon aminta da shi a makance. Shi ne kawai wayo abin yi ci gaba.
Labarun da suka shafi:
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
English
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba