Microsoft is seeking to join Linux private security board
Microsoft's relationship with the Linux community wasn't exactly rosy under Ballmer, who is notorious for having hated Linux with a passion. Satya Nadella has been working to change that, and the company is a high-paying, platinum member of the Linux Foundation, a move that has been treated with skepticism by the community, given its anti-establishment inclinations.
In a new move, the company is looking to join the linux-distros and oss-security mailing lists, which are used by representatives from Linux distributions as a private channel where they can report and coordinate on security issues – which one depending on the severity and whether they've been disclosed to the public.
[...] [Sasha] Levin, who is an active contributor to the Linux Kernel, also noted that Microsoft's Linux builds are not based on other distributions from members such as Ubuntu, Debian, Suse, Red Hat and Chrome OS, and that Greg Kroah-Hartman from the Linux Foundation can vouch for him.
(Score: 2) by jmorris on Saturday June 29 2019, @06:27PM (18 children)
Microsoft now distributes Linux as part of Windows 10. Including the actual kernel and a lot of GNU stuff. That instantly makes them the largest "distro" ever. So of course they need to be brought into the security loop. How is this even debatable?
(Score: 2, Informative) by Anonymous Coward on Saturday June 29 2019, @06:37PM (5 children)
If you count Android as a distro, Android's probably the largest: https://venturebeat.com/2019/05/07/android-passes-2-5-billion-monthly-active-devices/ [venturebeat.com]
(Score: 2) by JoeMerchant on Saturday June 29 2019, @07:57PM (2 children)
I've ignored Android until recently. Back in '06 I briefly toyed with iOS, but when I found out that it was so locked down that I couldn't write a functional alarm clock app without rooting the phone, I walked away from it.
Now, I'm trying to do things like transmit the phone's Lat/Lon to an internet server (not without the user's knowledge), and Android is really really annoying in that respect. Even after you have acquired the necessary permissions, there are hoops and hoops to jump through to keep the app active and transmitting - and the rules seem to change / break old solutions with every new release.
I know all about "it's for the good of the community" thinking, but - my community WANTS a smartwatch that can crank up real-time high precision tracking when desired, without making the wearer do a bunch of stuff to make it work. The hardware is more than good enough to do what we want, Android is a major source of frustration in making a working implementation.
🌻🌻 [google.com]
(Score: 2) by Dr Spin on Sunday June 30 2019, @12:37PM (1 child)
Google is a major source of frustration
FTFY
Warning: Opening your mouth may invalidate your brain!
(Score: 2) by JoeMerchant on Sunday June 30 2019, @02:30PM
>Google is a major source of frustration
No different from Apple - actually, they've kind of converged over the last 12-13 years, Apple opened up a little while Google has been ratcheting down.
The frustrating part is that they, respectively, basically own the hardware. I'm not yet ready to root the devices just to get the functionality I'm after, but if they piss me off any more I may end up going there.
🌻🌻 [google.com]
(Score: 2) by jmorris on Saturday June 29 2019, @10:45PM (1 child)
Android ONLY uses the kernel. When people speak of a Linux distribution they generally mean Linux+GNU+X. They explicitly replaced all of the GNU and X in Android, GNU to avoid the GPL and X because they wanted a simpler replacement. Microsoft ships an actual Linux distribution, including a fairly recognizable userspace. They are still struggling against the inevitable shipment of an X server and clients but we know what the future looks like.
(Score: 2) by Pino P on Tuesday July 02 2019, @02:47AM
I'm of the opinion that X Window System is a more salient part of the desktop Linux stack than GNU is, as a lot of applications made for X11/Linux run just as easily in GNU-free environments such as Alpine Linux with X.Org [alpinelinux.org].
(Score: 5, Informative) by JoeMerchant on Saturday June 29 2019, @07:51PM (3 children)
With a history that openly includes: Embrace, Extend, Extinguish, they've really set themselves up to be shunned by all open projects.
🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Saturday June 29 2019, @09:15PM
Based on their request, this is now Embrace, Extend, Email, Extinguish. Alas, the times they are a changin'.
(Score: 0) by Anonymous Coward on Sunday June 30 2019, @02:13AM (1 child)
2016: MS introduces WSL
2019: MS introduces WSL2
2022: MS Creates its first Franken-Linux distribution, tainted with their proprietary code.
2022: "Dual Boot" Linux developers find themselves more comfortable writing Linux software directly under Windows.
2023: Linux software starts adopting closed source material (GUI, etc) by Microsoft.
2025: Most Linux software now either requires WSL to run or asks for it for higher performance.
2038: Y2K38 clock bug strikes, but nobody notices because Linux has been dead since 2030.
Time will tell, though in the meantime I won't touch WSL even with a 20 miles pole.
(Score: 3, Informative) by JoeMerchant on Monday July 01 2019, @02:42AM
I've got a whole team of developers already pulling this shit... using Visual Studio or whatever they call it now and remote debugging on the Linux target. They don't even realize how they've sold their souls by training to the MS tools and not learning the native ones.
🌻🌻 [google.com]
(Score: 2) by fido_dogstoyevsky on Sunday June 30 2019, @12:02AM (4 children)
It isn't debatable. Or do you really believe the days of EEE are gone?
It's NOT a conspiracy... it's a plot.
(Score: 2) by jmorris on Sunday June 30 2019, @05:59AM (3 children)
Even with Gates and Balmer gone it would be as foolish to think Microsoft has good intentions as to think IBM/RedHat do. But they get security updates. This is about who gets a heads up on security problems so everyone can release a fix at the same time. Microsoft has more seats deployed now than RedHat, weird as it is to type that. No way they get left out of the security loop.
(Score: 4, Interesting) by fido_dogstoyevsky on Sunday June 30 2019, @09:42AM (2 children)
Even with gates and balmer gone, microsoft have done nothing to prove that they are no longer the sworn* enemy. Until they do** it's best to assume they'll use anything (eg a heads up on a security problem) to sabotage Linux in particular and FLOSS in general. They should get left out of the loop, because they're completely untrustworthy.
*They're the ones who declared war.
**They want trust? They can relicense all their software under the GPL as a show of good faith. I'm not holding my breath.
It's NOT a conspiracy... it's a plot.
(Score: 2) by Pino P on Tuesday July 02 2019, @02:52AM (1 child)
Not "all", but Microsoft has slowly been relicensing much of its software under GPL-compatible licenses. .NET 5, for example, is under the same MIT license as Expat.
(Score: 2) by fido_dogstoyevsky on Thursday July 04 2019, @11:41AM
When they relicence windows I'll stop and take notice, and see how they follow up. Anything else is just (and I really can't resist) window dressing.
No, I don't really expect them to. But their past behaviour requires nothing less; if they want trust.
It's NOT a conspiracy... it's a plot.
(Score: 1) by jmichaelhudsondotnet on Sunday June 30 2019, @02:47PM
It sounds to me like you are trying to shift the overton window in order to eliminate a discussion rather than facing the facts of that discussion.
Microsoft has no credibility on the issue of security, whatsoever.
That it is why it is worth 'debating' whether or not Microsoft has any business helping with 'security.'
The entire field of 'security' is based upon trust. If you have none of this trust, then get out.
Large companies want to lose our trust and then buy it back with marketing, but some of us, clearly not including you, are not influenced by marketing and prefer Actual History when making decisions on who to trust.
A german shepherd would have more use on a linux security committee simply because it hasn't told me any lies.
"The Institution Responsible for Windows XP and Small Business Server 2003 and Internet Explorer 6 would like to contribute to the security discussion"
And you say this is not debatable? You want to laugh off questions? haha?
Do you realize at the time windows xp was being created there were people making linux secure, in their spare time, and now you put those same groups of people on the same level?
If find it difficult any human being could make a comment so wrong as yours. Enjoy that sensastion.
(Score: 4, Touché) by Bot on Sunday June 30 2019, @04:30PM
The mafia now recycles money as part of the financial system. Including banks insurance corporations. That instantly makes them the largest institution ever. So of course they need to be brought into the justice loop. How is this even debatable.
Linux ecosystem is mostly Free software.
Microsoft is ALL about making money out of software, one way or another.
Microsoft has strategically used insecure and or pirated and or badly updated software for the above goal.
They haven't been laughed off the proposal only because a fair lot of other people with pupils shaped like $$$ have already smelled the opportunities free software yields.
Account abandoned.
(Score: 0) by Anonymous Coward on Monday July 01 2019, @03:24AM
So, Greg KH personally vouched for him. If anyone is familiar with the whole Microsoft vs. FLOSS situation, it is him. It is also worth noting that Microsoft has multiple people on the private kernel.org lists, including security, and has had them for quite some time. In addition, security issues affecting hardware and driver already include Microsoft directly because of the cross-platform issues they cause.
(Score: 0) by Anonymous Coward on Saturday June 29 2019, @06:44PM (1 child)
It's weird for Microsoft to support Linux, but is it really weirder than when IBM did?
I think the biggest problem is just that Linux community members don't want to be embraced too much, lest they find themselves extended and extinguished. Microsoft is more predictable as an enemy than a friend.
(Score: 1) by RandomFactor on Saturday June 29 2019, @07:46PM
I'm not sure there's a distinction to be drawn in this case.
В «Правде» нет известий, в «Известиях» нет правды
(Score: 0) by Anonymous Coward on Saturday June 29 2019, @06:56PM (2 children)
Remember, the 3 Es...
A mask on the monster, does not make it any less of a monster.
(Score: 3, Funny) by Anonymous Coward on Saturday June 29 2019, @08:02PM
...but beer googles sure do.
(Score: 0) by Anonymous Coward on Sunday June 30 2019, @02:47AM
Garish makeup on the monster, does not make it any less of a monster.
There, FTFY.
(Score: 0) by Anonymous Coward on Saturday June 29 2019, @08:07PM (3 children)
So that crackers and script kiddies can't find out what is happening. Not to create a private club to exclude members who could be trusted to be responsible.
(Score: 2) by JNCF on Saturday June 29 2019, @11:28PM (2 children)
I get that realistically the NSA already has access to these mailing lists, but I can still see arguing that _NSAKEY rules out Microsoft being trusted with responsibility in terms of security. I'm not convinced by their denial, and would actually respect a "no comment" more as they would at least not be lying to the consumer. I would rather trust a rat with a wheel of cheese; the rat will eat the cheese, but he won't lie to me about it.
(Score: 0) by Anonymous Coward on Sunday June 30 2019, @01:05AM (1 child)
In America, you do not have a choice to not cooperate on a legal intercept request.
(Score: 2) by JNCF on Sunday June 30 2019, @02:17AM
You aren't compelled to lie about it though, even if telling the whole truth is legally forbidden.
(Score: 0) by Anonymous Coward on Saturday June 29 2019, @10:33PM
Come on, who isn't thinking it?
(Score: 2) by Runaway1956 on Sunday June 30 2019, @02:20AM
Bottom line is that MS pwns every computer on which a MS system is installed. That pwnage increases with time. MS drives the update cycle, and we are all aware of the forced updates from Win7 to Win10. The average user can't block updates, if he is even aware of what any given update intends to do. Telemetry, advertising, tracking, bug reporting, etc ad nauseum gives MS full control over a MS computer.
*nix computers are pwned by whoever has root. Whether that is the home user, or the IT guy who administers a thousand computers, root is God. If God is careless, he may end up sharing God powers with someone else, but chances are, it isn't Microsoft.
Maybe if MS were to resurrect Clippy, and put him inside of MS Linux, I might be tempted to take a look at him. I can't imagine actually USING a MS Linux though. I despise MS so much, that I won't even consider using their crap search engine. Install browser, check search engines, delete Bing, delete Yahoo, delete Amazon, delete AOL, make Duck default, install Yandex, - it's just routine.
(Score: 0) by Anonymous Coward on Sunday June 30 2019, @06:03AM (1 child)
Erm, the oss-security mailing list is public and anyone can subscribe or post messages. Seriously, if you're going to fearmonger about this at least get the basic facts right...
(Score: 0) by Anonymous Coward on Sunday June 30 2019, @07:02AM
To expand what you said. While it is true that the oss-security mailing list is public, a specific Microsoft developer is actually applying for the linux-distros list. That list is closed to everyone but a select list of people because it is specifically for the discussion of security issues not made public due to an embargo. In order to join, you have to post an application to the public oss-security list and be approved after meeting 9 requirements to join. But here it is from the cat's own mouth: https://oss-security.openwall.org/wiki/mailing-lists/distros [openwall.org]
(Score: 5, Insightful) by Azuma Hazuki on Sunday June 30 2019, @01:53PM (4 children)
Not just no, but hell to the fuck no. This has the potential to be the single most devastating "embrace, extend, extinguish" campaign MS has ever pulled off, *and we are letting them do it?* No. No, no, no. Might as well rip your skin off and go rolling around on the ground in a park full of used syringes. MS cannot be trusted with this.
I am "that girl" your mother warned you about...
(Score: 2) by digitalaudiorock on Sunday June 30 2019, @03:45PM
You're not kidding. Anyone involved in the "Linux Community" that even wants a "relationship" with MS needs to get the fuck out.
If MS had ANY real desire to actually be a part of the rest of the tech world, why is it that, for example, after all these decades they're still the ONLY OS without any form of a built in ssh server?! The whole OS is a mistake from the ground up in ways that still never cease to amaze me more every time I deal with it. Fuck them.
(Score: 2) by canopic jug on Monday July 01 2019, @01:32PM (2 children)
MS cannot be trusted with this.
Definitely. Unfortunately the second in command, Greg K-H, has been a turncoat for a very long time and will be abusing his position to ensure that M$ does get in.
I expect to see Linus himself eventually ejected in the not so distant future, or meet with an accident like many others have. I would love to be wrong, but that's the direction things have been heading for more than a few years there at the Linux Foundation. Maybe he can take his trademarks and source code and fork. His fork would then become the real Linux and he could exercise a little more discretion as to CoCs and who he lets in. He does own the trademark himself and could conceivably do that, if he has the funding and the desire to make the effort. He is getting up to the age where people often value stability and seek to reduce turbulence, though.
Money is not free speech. Elections should not be auctions.
(Score: 0) by Anonymous Coward on Monday July 01 2019, @05:31PM (1 child)
My impression is that Linus is a "pragmatist" just like Greg K-H. He already said that MS hate is a mental disease, or some thing to that effect. i think you'll be underwhelmed by his response.
(Score: 2) by canopic jug on Tuesday July 02 2019, @03:40AM
He already said that MS hate is a mental disease, or some thing to that effect.
That's taken out of context. Remember that he earlier said,
" So I've never seen it as a ''Linus versus Bill'' thing. I just can't see myself in the position of the nemesis, since I just don't care enough. To be a nemesis, you have to actively try to destroy something, don't you? Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect. [nytimes.com]"
More recently he went off on M$ appeasers:
So if they get in the way enough and he stops having fun, he'll either retire or else take his ball and go elsewhere since it's his ball. I think that if he were to walk, enough people would follow him that it could work. However, a third factor is how much he is in fear for his life. He is at the epicenter of the world's most powerful technology and one of the world's most influential institutions. I suspect that only his high profile and relative neutrality has prevented him from ending up like Ian Murdock or many others.
Money is not free speech. Elections should not be auctions.