Voluntary Programming to Help Humanity!
Are you a good programmer/cryptographer? Then you should do some voluntary programming/bug hunting on critical open source software, for free, to help out humanity.
By 2017 really our digital lives are under constant attack by hackers, exploiters, but we rely on a handful of tools to protect our digital security, which often, do have bugs, even if they are open source, the complexity of these projects is enormous and the handful of developers are working very hard on them, but they can't see everything. The more eyes the better, so if you are a talented programmer or cryptographic expert, you should really look into these, for free, in order to help humanity progress.
In the 21 century the heroes are the programmers and the cryptographers who are securing our digital safety day by day. So if you want to help out humanity, and you are talented enough to help, then the choice is yours whether you want to help people or not. So if you have spare time you could use that time to analyze the source code of critically important software and find and fix bugs.
Here are a the most critical softwares that need constant auditing and analyzing (by order of importance in my opinion):
1) Linux Kernel
This is the numero uno, most important software in the world, the kernel of the Linux operating system, the core of it. I don't have to stress how crucial it is for this software to work properly and without bugs. Linux is used by a myriad of financial institutions, cryptocurrency projects, and anyone else who is serious about security. So it is the utmost importance for this software to work properly and without bugs. It definitely needs a lot of auditing and people analyzing the code to ensure the security.
- Website: https://www.kernel.org
2) Debian
Debian is the most secure Linux based operating system, and many forks and offsprings depend on it. Most serious programmers, security experts, probably use Debian or a Debian based operating system for work. So it is very important for this OS to work safely and without bugs. It needs constant review and analysis of it’s source code to eliminate bugs.
- Website: https://www.debian.org
3) OpenSSL
OpenSSL is the backbone of the encrypted Internet (HTTPS). It's a library that provides server operators with encryption tools for Internet traffic. More than 54% of the entire Internet relies on this library, so it's extremely important for this to work well and provide secure encryption, otherwise surveillance, identity theft and server hacks could occur. OpenSSL had numerous security vulnerabilities like the Heartbleed fiasco or the Predictable Keys incident. So it really needs more people, more programmers and cryptographers auditing it, to ensure this never happens again.
- Website: https://www.openssl.org
4) Mozzilla Firefox
Needs no introduction. Firefox is the most used open source Internet browser. And the security of it is crucial for millions of browser users. People's bank accounts, online cryptocurrency wallets, or even your Steemit account is in jeopardy if the browser were to have a serious bug in it. So it's extremely important for this software to be bug free and very secure.
- Website: https://www.mozilla.org
5) GnuPG
GnuPG or commonly known as GPG is an e-mail encryption and cryptographic identity management system, that is used by many software developers to prove the identity of themselves and verify the integrity of the software they compile from the source code. It's crucial for this software to stay secure, both for programmers and for careful people. Since if you want to ensure the integrity of your files and downloads, you will have to rely on this. So bugs and vulnerabilities are unacceptable. Cryptocurrency projects also heavily rely on this software.
- Website: https://www.gnupg.org
6) Veracrypt
Veracrypt is a swiss knife for encryption, both full disk and container encryption and it also provides various other cryptographic services like hidden containers using Steganography. It’s a very important software for literally anyone who wants to encrypt their stuff like Bitcoin wallets with an additional layer of encryption. I use it daily, so it’s crucial for this software to be kept safe and secure and bug free.
- Website: https://www.veracrypt.fr
7) NoScript
Noscript is a browser addon that blocks or filters Javascript, Flash, Silverlight, WebGL or other problematic software that could potentially expose you to malware. The security vulnerabilities of Flash are well known, it has became so infamous that it even got discontinued and people now switch to HTML5. The others are no better either, so Noscript helps the average internet users to stay safe, even when visiting questionable websites that are full of malware. It is very important for this tool to work correctly, so it needs good developers and bughunters.
- Website: https://noscript.net
8) The Tor Project
Tor is a privacy network, that routes your Internet traffic anonymously, thus defending people against network surveillance. It's comparable to a VPN but it's more secure. So for privacy fans out here this software can be very useful, but only if it works correctly, so all bugs have to be eliminated.
- Website: https://www.torproject.org
9) OpenVPN
OpenVPN is an open source software and protocol to provide people with VPN services through a VPN provider. Most VPN providers are based on this software, so it is very important for people to make sure this software works as it should.
- Website: https://openvpn.net
10) Nginx
You have probably seen the “502 Bad Gateway” nginx error a million times. Nginx is a webserver, reverse proxy, load balancer or HTTP cache, depending on it’s use. It is used by most websites on the internet, so it’s important to keep this software bug free.
- Website: https://nginx.org
11) OTR
OTR is a secure communication software/addon that can be used together with Pidgin instant messenger or in chatrooms, to provide encrypted communication, resistance to surveillance, cross-platform, and very efficiently. It’s an important tool for communication security, so it has to be kept bug free.
- Website: https://otr.cypherpunks.ca/
This is my list of critical softwares that need to be kept safe, and bug free. So if you have time and skills to work on these then please do it, you can literally help out the entire humanity, just by analyzing and reviewing code. The heroes of the 21 century are the coders and cryptographers that keep people safe!
If you can’t code but still wish to help out humanity, you can donate to OSTIF a non-profit fund that basically does this, it funds developers who audit and fix bugs on most of the softwares listed above:
I find what usually happens is that your help goes unnoticed or is just shit-canned.
You have to have an in. Have talked with the people on the development team. Become accredited with them. Then you could actually get to some coding.
I have tried on this platform... but the developers don't actually seem to be here. All of my suggestions of how to fix certain pieces have fallen on deaf ears.
So, I would love to see a follow up post on getting on any of the above teams.
Well yes usually the dev team is closed or is picky about recruiting new members due to infiltrators, people have to be vetted before joining the development team.
But that doesn't mean that you cant check and analyze the code. The latest source code is always available for public test, and most of the time the bug is there for a long time, it's just it's not discovered. It's almost never the latest commit that breaks things it's always an older bug.
So you can just download the latest source code and play around with it, check the portions that handles encryption. I myself have verified the Electrum source code, although I am an amateur programmer, I have already found a bug in the key generation algo and reported it to the developer.
With the Linux kernel and things like that it's more complicated. But things like Noscript or the OTR plugin can be easily audited and reviewed by essentially anyone who has a decent amount of programming expeirence.
Of course I could have listed here Bitcoin, or the secp256k1 library but I think those are already analyzed by a myriad of people.
Meanwhile most of these tools mentioned in the article are just as important but have a small development team, since they are nonprofit and get little attention, yet everyone uses it. So I think the project I listed really need more review.