It’s just insane how big of a dropped ball non-Western software development seems to be. If they’re not going to write and use their own software for everything, then don’t even bother using software! Even some outdated insecure system developed in the 80s would be better than using the latest US software for any kind of infrastructure.
I get why it’s still an issue, because it’s really hard to make an entire country of 1.4+ billion people all get on the same page about best practices on anything. Imagine getting American software developers to adopt stringent security practices. The last company I worked at we were still adopting TLS transport within the company VPN. So if there is a current push in the US to adopt modern security “hygiene” (security standards that the US created), then I can imagine how much harder it is for other countries. And there are a lot of things required to use the latest stuff. You have to have a good software development and release process so you can stay on top of security fixes. And that requires its own infrastructure. And that infrastructure requires its own infrastructure. And managing security-related stuff is a pain in the butt.
I often feel like server software is just a mistake in general and running software on devices other than personal computers should be kept to a minimum. Which is the opposite of how the software industry has developed. But maybe in the future, there will be some kind of acknowledgement and transition to more “local-first” software. Even free software enthusiasts fall into that trap because their expertise comes from the industry they work in which is all server-centric.
Email, for example, should be replaced with something more similar to Signal messaging system. More end-to-end encryption, etc. and most servers should act as simple routers or always-online caches of data in transit.
Servers are such a liability and the whole ecosystem is so messy and complicated. At least with desktop/phone programs it’s a bit easier to reason about their security (in some ways).
For sure, best way to secure data is not to connect it to the internet. Also very much agree that developing domestic software or at least using open source is a basic requirement for maintaining sovereignty. Hopefully China will accelerate their push to excise western proprietary software from their ecosystem.
It’s just insane how big of a dropped ball non-Western software development seems to be. If they’re not going to write and use their own software for everything, then don’t even bother using software! Even some outdated insecure system developed in the 80s would be better than using the latest US software for any kind of infrastructure.
I get why it’s still an issue, because it’s really hard to make an entire country of 1.4+ billion people all get on the same page about best practices on anything. Imagine getting American software developers to adopt stringent security practices. The last company I worked at we were still adopting TLS transport within the company VPN. So if there is a current push in the US to adopt modern security “hygiene” (security standards that the US created), then I can imagine how much harder it is for other countries. And there are a lot of things required to use the latest stuff. You have to have a good software development and release process so you can stay on top of security fixes. And that requires its own infrastructure. And that infrastructure requires its own infrastructure. And managing security-related stuff is a pain in the butt.
I often feel like server software is just a mistake in general and running software on devices other than personal computers should be kept to a minimum. Which is the opposite of how the software industry has developed. But maybe in the future, there will be some kind of acknowledgement and transition to more “local-first” software. Even free software enthusiasts fall into that trap because their expertise comes from the industry they work in which is all server-centric.
Email, for example, should be replaced with something more similar to Signal messaging system. More end-to-end encryption, etc. and most servers should act as simple routers or always-online caches of data in transit.
Servers are such a liability and the whole ecosystem is so messy and complicated. At least with desktop/phone programs it’s a bit easier to reason about their security (in some ways).
For sure, best way to secure data is not to connect it to the internet. Also very much agree that developing domestic software or at least using open source is a basic requirement for maintaining sovereignty. Hopefully China will accelerate their push to excise western proprietary software from their ecosystem.