Solarwinds and open source, blockchain and distributed trust
The following is commentary. I hosted a talk radio show about technology for years. Old habits are prone to longevity.
Differing viewpoints are cherished.
What would happen if there was another widespread compromise attributed to Solarwinds? Could the company survive?
In February, 2019, Greg Stuart warned on orangematter.solarwinds.com that open source projects carried greater security risks than proprietary software. Subsequent events suggest more questions than confirmation for the theory while suggesting mitigation at the same time.
Here’s a future press statement I’d like to read. Please understand what follows is fiction. I do not speak for Solarwinds and I suspect these ideas wouldn’t find support among Solarwinds’ upper management. Call this speculative fantasy or wishful thinking, but don’t call it news or mistake it for anything Solarwinds is considering.
FOR IMMEDIATE RELEASE
Solarwinds HQ, Austin, Texas — Solarwinds is committed to customers and their safety. To better serve that prime directive, we are immediately opening all source code for all Solarwinds products.
We’ve taken this bold step for several reasons.
We must acknowledge our source code is no longer secret. A deep understanding of our products facilitated recent compromises, for which Solarwinds remains in mourning. We will do everything in our power to rise stronger and safer than before.
Any charade of proprietary secrecy does little more than preserve the value of stolen information in hostile hands. As of now, that stolen property is no longer valuable barter for Russian hackers. They can’t profit from the black market. It’s easier, quicker, and more accurate to just get it from us for free.
The security of our products was never in the source code. When you rely on encryption, you are much better advised to use widely known, peer-reviewed encryption, not secret methods. The security is in the encryption key, not in the encryption method.
That philosophy, applied to Solarwinds, informs us that our algorithms, no matter how advanced, aren’t the core value of our products. The value of Solarwinds’ products is the strength of our developers and support engineers standing behind your particular implementation. We write code not for the ivory tower, but for your real world. We are ready to prove that day after day.
Yesterday, a customer with a problem could only report an issue. Today, that traditional level of support is augmented with the invitation to report improvements and fixes, not just complaints.
We can’t tell you zero day exploits won’t be discovered in any vendor’s code. What we can tell you is that opening our source grants us the possibility to implement, with your help, minus-1 day patches and improvements, a step ahead of future electronic trespassers.
Solarwinds grieves its code repositories were an attack vector, and this is another reason we’re opening our source.
We are pleased to announce anyone, whether or not a Solarwinds customer, is welcome to participate in our new blockchain based public repos. Just as opening our source gives our code greater strength, opening our repositories gives us geographic diversity and massive redundancy for product delivery. This power comes at no cost to our shareholders. Our new repos are all based on trusted open source software hosted by customers we’re working to keep satisfied.
Solarwinds will continue oversight. The value we bring is as much quality control and product support as engineering leadership. Updates come with proven provenance, line by line, thanks to blockchain technology. Hackers lose shadows in which they might operate, and there’s one more thing, too.
Our customers gain future-proofing. Should Solarwinds be unable to continue support for any product, community involvement will assure a smooth transition to whatever comes next.
More than anything else, that’s where Solarwinds devotes its energy. The future.
It is, unfortunately, not something we’re likely to read.
If I were in Solarwinds’ executive suites, I would push for this action. Acceptable compromises would include blockchain distribution of encrypted source code, keys available to top-tier customers, if full acceptance of open source was too much.
We might not see Solarwinds on this bandwagon, but big changes are always underway. Our lives will evolve because of distributed trust. COVID-19 taught us to appreciate a distributed workforce. Infrastructure decentralization is just beginning.
Banks, for example, will be affected by pure digital money in ways most of us haven’t thought of. When your local bank writes a loan, they aren’t just moving money around to suck up a little interest. Your bank is literally creating money.
Account holders deposit paychecks. For every ten dollars that come in, the bank is allowed to lend nine bucks back out. You’ve got ten bucks in your account and a borrower also has nine bucks that didn’t exist before. Ten bucks became nineteen.
That works because to you, the ten bucks is a ten dollar asset. To the bank, your money is a ten dollar liability. They borrowed ten bucks from you in exchange for a promise to pay back ten bucks on demand. If they re-loan nine and manage to repay you ten any time you want, no harm, no foul, and nine bucks was created out of thin air.
It doesn’t matter whether you hate banks or not, without them your city would crumble.
The same multiplication through lending can happen with electronic currency. Depositing a bitcoin at a bank would be taking it out of your wallet and transferring it to the bank’s. Then the bank could loan it back out.
But what’s the motivation? If my money is in the distributed ledger either in my name or in the bank’s, doesn’t it sound a little safer to leave it in my wallet?
Maybe lending clubs will appear on demand, ad-hoc virtual banks arising with opportunity. Individuals could pool their bitcoin assets for lending, much as a conventional bank serves to aggregate capital. That will probably have to happen. If lending ceases so does our economy.
There will be growing pains. We rightfully rebelled against redlining, where banks made prejudiced lending decisions. What’s going to keep redlining from roaring back to life in virtual banking?
You won’t have to wonder long. Soon, we’re going to be living that life. If we’re smart, we’ll get ready for cloud money in advance.
And if Solarwinds is smart, they will adapt, too.
Thanks for visiting, and be sure to check out other articles here. This piece was no more than musings on a winter day. Other work here showcases narrative writing and coding examples, each of which comes complete with documentation written for developers.
If by some chance these offerings ring a resonant chord or if your business could use a fresh voice in development, management, or on your writing staff, please drop me a line. I can be reached through the Get in Touch! link at the top of this page or by email to email@example.com.
Leadership, content, code, documentation, or commentary, I’m available to help.