prediction: use cloud deployments to fork critical GPL parts, restrict security updates that are required to their fork and implementation; control the rabble for a few years, issue press releases, and stall while they entrench it.
Prediction: we'll see a lot of small issues that don't matter. Copy writing will go to shit, notification numbers won't show up, website may even go down for an hour. Everyone will claim that this is because the best engineers left.
The company will stay up and the app will work fine ultimately. Everyone will claim this is because the best engineers who left wrote unbreakable code.
- If it's even mentioned (hopefully, given log4j topics), nobody will concretely commit to anything that would look like "funding those open source projects we all use internally, rely on, and just assume will be fine." Or putting serious resources to fuzzing, analyzing, and generally beating the hell out of packages like that, committing any fixes back upstream.
- Nobody will be willing to consider that the reason we're in this spot is because we've spent all our effort on complexity and new features instead of actually locking down and making bulletproof a smaller set of features. To borrow from Apple's recent issues as discussed in Project Zero's writings [0], I'm sure your support for an obscure Xerox compression algorithm was used never, or nearly so, in practice (in text messages!). However, your inclusion of it allowed a nice entry point for some absolutely nasty software. Perhaps, instead of supporting every format under the sun you can find, you can support the common ones only, and lock those down. No, instead, we can convert our facial expressions into animated animals and send them to people (I'm not sure I want to know how many weird corner cases that code has).
- Nothing will change, ransomware will continue, reporters trying to shine light on questionable countries will continue having their phones/laptops/watches/etc hacked to hell and back, and we'll continue stumbling forward in the complexity canyon that swallows everything that gets near it.
We could make major security improvements if we were willing to say, "Let's focus on the 20% of the features that make up 80% of the use, and turn the rest off by default." Simplify the software drastically, which then means we can simplify the hardware because performance isn't as critical. But the tech industry's internal structures are absolutely opposed to this - you're promoted for shipping new features, not maintaining things, and not doing weird low level security analysis and fuzzing.
I'm pretty damned pessimistic about the state of computer security, if it's not obvious.
Prediction: within a year this project will be dead due to the lack of uptake. It doesn't solve any real problems and uses a relatively obscure programming language. There's no way it will ever reach anything close to a critical mass.
Yeeeeahhh.... at the moment. They have gotten really aggressive about commercial licensing recently, and even a conservative extrapolation should give one pause.
Today they might limit themselves to forced registration, SEO, and spamming business contacts with carefully crafted statements designed to stir fear, uncertainty, and doubt around free licenses by strongly suggesting (without actually claiming) that commercial use without a commercial license is illegal. But tomorrow? Also, keep in mind that a business partner who isn't already familiar with Qt and LGPL is going to be about 10x more susceptible to the FUD. That's the whole idea.
My guess: 30% chance of an ugly fork and lots of drama in the next few years. Then, absent a change in direction, another 30% chance in the few years after that, and so on.
I will be gone by then, however in a couple of decades anything substantial based on GPL will be gone, and it will business as usual regarding UNIX wars.
My prediction is something will go horribly wrong, then they will go "see, we tried modern tech and it fucked us over", and they will commit to seeing their code and tech stack turn a century old before considering any updates.
Won't be surprised to see them use some form of blockchain-related or decentralised technology on the platform, given that everyone knows that they are already going to get banned by several web services they use on launch to keep it running.
I don't care what happens, but we'll see soon enough and that is where it is going.
It ends the same way it did the last time. A giant tech market crash, more market consolidation, and massive cultural change.
At this point, things move so fast that operating systems are shipped with known bugs, security flaws, and half baked ideas. They are then patched via over-the-net updates. I think this will stop. People will go back to more traditional development paradigms out of necessity. They also won’t completely trash code bases that have been patched to the point of being reliable and somewhat secure just to make a new thing no one wanted.
My only other prediction is that people will eventually be more conservative about picking tech stacks. They will want proven track records.
Here’s my quick and dirty prediction of what will happen with software in the future. The goal if this writeup is to collect feedback and spark discussion. Many of the statements can be purely wrong - please take them with a grain of salt.
reply