488 private links
cybershow • April 3, 2024 5:23 PM
@ Nick Alcock
Hey Nick, I do appreciate the compliment, but you are too kind, I am not sure it is possible to ever be too paranoid in this
business 🙂 In my tradition we call it radical scepticism.
...
Regardless then the perhaps ridiculous accusation of whether and how Microsoft caused this issue, the question of how could Microsoft benefit from it is a separate, good and worthy one I am pleased you ask.
The story of the backdoor so far is two-fold. It’s a technically great hack one has to admire, with undetectable RCE in the auth phase of the most used critical protocol. Hats-off!
But it’s also a story of sinister social engineering. A dark night. A lonely and isolated maintainer. Some well meaning visitors drop by “to help”…
What we’re left talking about is the very nature of open source development, of supply chains and trust models. Perhaps a long-overdue conversation, no?
But who have positioned themselves “to help”?
Who have replaced the entire pre-2010 ecosystem of individual and autonomous development with a single GitHub?
Who might we expect to soon come riding in on a white stallion with “solutions” to the vulnerability of FOSS supply chains? To protect the lonesome, unpaid, overworked and socially unskilled FOSS maintainer?
most respectfully. //
Winter • April 4, 2024 5:08 AM
@cybershow
Regardless then the perhaps ridiculous accusation of whether and how Microsoft caused this issue, the question of how could Microsoft benefit from it is a separate, good and worthy one I am pleased you ask.
Microsoft ships Linux as part of WSL. The targeted Linux distributions are the main deployments on Azure. Azure generated $45B of revenue (23%)[1]. That is more than Office or Windows. Azure is the biggest growth market for MS. AFAIK, MS have nothing to replace Linux available.
This means that anything that damages Linux will damage Azure and hence, MS’ bottom line. I find your “attribution” rather unrealistic.
[1] 2022 ‘https://www.kamilfranek.com/microsoft-revenue-breakdown/
