Language Selection

English French German Italian Portuguese Spanish

Microsoft

Steven J. Vaughan-Nichols on Microsoft Gaining Greater Control Over Linux

Filed under
GNU
Linux
Server
Microsoft
  • Microsoft asks to join private Linux security developer list

    All of which makes good sense. Besides, Levin revealed in a follow-up note to the discussion that: "the Linux usage on our cloud has surpassed Windows, as a by-product of that MSRC has started receiving security reports of issues with Linux code both from users and vendors. It's also the case that issues that are common for Windows and Linux (like those speculative hardware bugs)."

    Greg Kroah-Hartman, the Linux stable branch kernel maintainer, vouched for Levin. "He is a long-time kernel developer and has been helping with the stable kernel releases for a few years now, with full write permissions to the stable kernel trees."

    Indeed, Kroah-Hartman had "suggested that Microsoft join linux-distros a year or so ago when it became evident that they were becoming a Linux distro, and it is good to see that they are now doing so".

  • Microsoft developer reveals Linux is now more used on Azure than Windows Server

    It's now a Linux world -- even at Microsoft headquarters in Redmond, Washington.

VMware Openwashing and Microsoft Entryism/EEE

Filed under
Microsoft
OSS
  • Darren Hart | Sr Director / Open Source Technology Center At VMware

    In this interview, Darren Hart, Sr Director / Open Source Technology Center at VMware talks about how Open Source has democratized the development of new platforms.

  • Microsoft Seeks To Join the Official Linux-Distros Mailing List [Ed: See the comments here. People are not as foolish as Microsoft hoped, in spite of the expensive lying campaign of Microsoft.]
  • Microsoft is seeking to join Linux private security board [Ed: EEE. Classic EEE. Who welcomes it? The Novell facilitator of Microsoft, Greg K-H. Now in the "Linux" Foundation.]

    The application was made by Sasha Levin, and if approved would allow the Redmond giant to be part of private discussions on vulnerabilities and ongoing security issues. One of the criteria for membership is to have a Unix-like distro that makes use of open source components, and Levin mentioned Windows Subsystem for Linux 2 and Azure Sphere, which are still in public preview and slated for general availability in 2020.

Microsoft Entryism and Openwashing

Filed under
Microsoft
OSS
  • 2001: Linux is cancer, says Microsoft. 2019: Hey friends, ah, can we join the official linux-distros mailing list, plz? [Ed: Just more infiltration, entryism. They try to sell Windows and Azure. See comments on this article, e.g.: "You're assuming #Microsoft has good intentions. Instead, they've decided it's easier to suck the marrow from the bones if they can sneak inside the host under a flag of truce, like many other common parasites."]

    Sasha Levin, who describes himself as a "Linux kernel hacker" at the beast of Redmond, made the application for his employer to join the list, which if approved would allow Microsoft to tap into private behind-the-scenes chatter about vulnerabilities, patches, and ongoing security issues with the open-source kernel and related code. These discussions are crucial for getting an early heads up, and coordinating the handling and deployment of fixes before they are made public.

  • SUSE Linux Enterprise Server 15 SP1 is now available on the Microsoft Store [Ed: To Microsoft it seems like GNU/Linux is just something you run under Windows, with Microsoft's permission]
  • Microsoft launches Windows Terminal app in Preview and it's ruddy open source

    The change is certainly overdue. The most recent attempt to update from the original version was in 2006 with the launch of Powershell. Since then, Microsoft has attempted to patch up both, with CMD getting copy/paste support a couple of years ago (about 20 years late, in our humble opinion) and an aborted attempt to make Powershell the default for Windows 10, which nobody asked for and few wanted.

  • MongoDB’s CEO on Open Source, Taking on Oracle, and Scaling Up

    “MongoDB was built by MongoDB. There was no prior art. We didn’t open source it for help; we open sourced it as a freemium strategy”

Microsoft's Work With ICE and Linux Foundation's Work With GSMA

Filed under
Microsoft
  • Hitler Refresh

    As shown with Gab and hate speech, violating Microsoft service agreements can have damning operational consequences for offending parties. But when it comes to providing the same services and more to government agencies that are actively separating refugee and immigrant families from their children at US borders while further holding them indefinitely concentration camps fit for no human (re: an act of genocide), Microsoft appears to have forgotten about their own service agreement. Despite such actions blatantly violating the same service agreement as Gab and virtually every acceptable code of ethics to boot, Microsoft is mum on the matter and continues to offer services to ICE, CBP, and their contractors to this day.

    Although Microsoft has already taken some flack on an ethical basis for empowering these agencies with services such as server hosting and email while they simultaneously treat families and their children inhumanely, it seemingly went overlooked that these agencies are violating Microsoft’s own service terms. Sure, partaking in genocide isn’t directly outlawed in Microsoft’s service agreement, but exploiting, harming, or threatening harm to children is expressly prohibited and is something that Microsoft can help fix in short order by simply holding some our own government agencies to the same standard as a disgraced social nutwork.

  • Linux Foundation and the GSMA Announce Partnership to Further Align NFVi Efforts

    LF Networking (LFN) and the GSMA today announced a partnership to create a common industry framework for Network Functions Virtualization Infrastructure (NFVi). Hosted by the GSMA and created with input from the Linux Foundation, the Common NFVi Telco Taskforce (CNTT) will operate as an open committee responsible for creating and documenting a Common NFVi Framework. An industry-aligned NFVi framework helps accelerate deployment across the entire telecommunications stack, from infrastructure to Virtual Network Functions (VNFs). 

    “Operators are undergoing a period of significant digital transformation by migrating their networks from a physical to a virtualized or cloud environment. However, this is a challenging and time-consuming process involving integrating multiple different vendors into a common infrastructure,” said Alex Sinclair, Chief Technology Officer, GSMA. “By following a common approach and framework, operators will vastly reduce the time and costs associated with integration and accelerate adoption and deployment.” 

GAFAM and 'Cloud': Google, Microsoft, Amazon and GitHub

Filed under
Google
Microsoft
  • Daniel Stenberg: Google to reimplement curl in libcrurl

    By throwing a lot of man power on it. As the primary author and developer of the libcurl API and the libcurl code, I assume that Cronet works quite differently than libcurl so there’s going to be quite a lot of wrestling of data and code flow to make this API work on that code.

    The libcurl API is also very versatile and is an API that has developed over a period of almost 20 years so there’s a lot of functionality, a lot of options and a lot of subtle behavior that may or may not be easy or straight forward to mimic.

    The initial commit imported the headers and examples from the curl 7.65.1 release.

  • Microsoft, you should look away now: Google's cloud second only to AWS in dev survey [Ed: Longtime Microsoft booster Tim Anderson  on Azure being a failure after so many entryism attempts and underhanded tactics]

    Coders use Google Cloud Platform (GCP) more than Microsoft Azure, though Amazon Web Services (AWS) has a comfortable lead, according to a Developer Ecosystem survey conducted by tools vendor JetBrains.

    Developer usage is 67 per cent AWS versus 28 per cent GCP and 21 per cent Azure, according to the new survey. Unfortunately, the question was posed in a different way in the 2018 survey, adding on-premises into the mix, but last year Azure and GCP had equal share after AWS.

    The survey had 19,000 participants invited via "Twitter ads, Facebook ads, Google Adwords and JetBrains' own communication channels," the tools vendor said, though "only the responses of 6,993 respondents were included in the report." Responses were removed to reduce bias, yet it warned "some bias may be present as JetBrains users may have been more willing on average to compete the survey".

  • Get your coat, you've pulled a Pull Panda: GitHub goes home with code collab specialists [Ed: Notice how Microsoft only takes GitHub in more of a proprietary software direction. That says a lot – they have plans and they’re really detrimental to FOSS]

NSA Back Doors in Windows Causing Chaos While Media is Obsessing Over DoS Linux Bug

Filed under
Microsoft
Security
  • U.S. Government Announces Critical Warning For Microsoft Windows Users

    The United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has gone public with a warning to Microsoft Windows users regarding a critical security vulnerability. By issuing the "update now" warning, CISA has joined the likes of Microsoft itself and the National Security Agency (NSA) in warning Windows users of the danger from the BlueKeep vulnerability.

    This latest warning, and many would argue the one with most gravitas, comes hot on the heels of Yaniv Balmas, the global head of cyber research at security vendor Check Point, telling me in an interview for SC Magazine UK that "it's now a race against the clock by cyber criminals which makes this vulnerability a ticking cyber bomb." Balmas also predicted that it will only be "a matter of weeks" before attackers started exploiting BlueKeep.

    The CISA alert appears to confirm this, stating that it has, "coordinated with external stakeholders and determined that Windows 2000 is vulnerable to BlueKeep." That it can confirm a remote code execution on Windows 2000 might not sound too frightening, this is an old operating system after all, it would be unwise to classify this as an exercise in fear, uncertainty and doubt. Until now, the exploits that have been developed, at least those seen in operation, did nothing more than crash the computer. Achieving remote code execution brings the specter of the BlueKeep worm into view as it brings control of infected machines to the attacker.

  • Netflix uncovers SACK Panic vuln that can bork Linux-based systems

CERN Is Working To Move Further Away From Microsoft Due To License Costs Going Up By 10x

Filed under
GNU
Linux
Server
Microsoft

CERN, The European Organization for Nuclear Research that is home to the Large Hadron Collider and a lot of other experiments, is experimenting with moving further away from Microsoft products. Due to Microsoft license fee increases affecting their work in the research laboratory and its budget, they established the Microsoft Alternatives "MAlt" project.

CERN had already long been involved with developing Scientific Linux (now shifting to CentOS) but they have still been reliant upon Microsoft products in other areas, on some Windows systems as well as using the likes of Skype for Business.

Read more

Also today: Ubuntu preinstalled by Lenovo.

Microsoft/Linux 'Crossover'

Filed under
Linux
Microsoft
  • Chuwi AeroBook review: A successful move upmarket

    If given the choice I'd actually prefer a cheaper 128GB eMMC option and to add my own SSD. Why? Because the AeroBook works beautifully with Linux. I tried both Ubuntu 19.04 and the Intel-backed Clear Linux distro on the AeroBook and they ran faultlessly.

  • Bodhi is getting ready for rawhide gating [Ed: Bodhi is spyware and it is hosted on Microsoft GitHub i.e. NSA PRISM. If Fedora and Red Hat spread it further, it will damage their credibility]
  • Linux Foundation to Host the Accord Project to Develop Open Source Framework for Smart Legal Contracts [Ed: Dan Selman, whom LF has just made co-director of the Accord Project, apparently works or worked for Microsoft (or maybe it's another person with the same name). Zemlin PAC may be dead anyway. Stick a fork in it. This new group has nothing to do with “Linux"; Everything to do with 'IP' boosters Intel, IBM and Microsoft (see who’s cited in this press release).]

    The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the launch of the Accord Project as a Linux Foundation project. The Accord Project is a nonprofit organization that builds open source code and documentation to maintain a common and consistent legal and technical foundation for contract management. The project comprises all the software necessary to author, edit and execute smart legal contracts in a standardized way. Many of the world's largest global law firms have signed on, as well as leading industry bodies and technology companies such as DocuSign, IBM, IEEE and R3.

    Smart contracts are showing promise for simplifying complexities in supply chain management and other contract-heavy areas of technology development, but they also introduce requirements for interoperability and consistency. The Accord Project provides a globally interoperable approach for creating contracts that bind legally enforceable natural language text to executable business logic. With an increased focus on enterprise digitalization, adoption of blockchain technologies and the growth of the API economy, the usage of computable agreements is rapidly increasing. Having a common format for “computable” legal agreements is an important cornerstone for the future of commercial relationships. One of the main purposes of Accord Project is to provide a vendor-neutral “.doc” format for smart legal agreements

Microsoft Layoffs/Closures, UEFI Trap Upgraded, Microsoft Puff Pieces (Lies) Emerge

Filed under
Microsoft
  • What's in store for Microsoft's US pop-up shops? Not much, they're being closed

    Microsoft has quietly swung the axe on a chunk of its retail operation, with "speciality stores" in America bearing the brunt of the blade.

    All 17 of Microsoft's kiosk-sized stores were disappeared from the company's website over the weekend, leaving some of the US states that had at least enjoyed a stub of retail presence from the Windows giant bereft of the limited line-up of stock available at the outlets.

    And, more importantly, somewhere to take their Surfaces to when the things break down.

    Disgruntled employees have taken to the usual social media outlets, with one posting on Reddit: "We had no notice beforehand by the way. They told us that on Sunday morning, we had a mandatory meeting Sunday night then told us we were all terminated. It's horrible to be treated that poorly after years of work."

  • UEFI 2.8 Specification Released With REST & Memory Cryptography [Ed: Intel continues its attacks, with Microsoft, on general-purpose computing, and it is disguised as a 'forum']

    The UEFI Forum today announced the release of the UEFI 2.8 specification.

    New to UEFI 2.8 for platform firmware is support for the REST software architecture as well as memory cryptography.

    The UEFI Forum is hoping the REST support will lead to better interoperability.

  • Open-Source ‘Great Satan’ No More, Microsoft Wins Over Skeptics [Ed: Watch out in the face of Microsoft PR. It looks like Bloomberg does a whole bunch of lies for them right now. Advertising as articles? That certainly matches their latest wave of PR campaigns. There's more from Bloomberg this past week. A Microsoft public relations machine this month? Cui bono and who's paying who? Now, for instance, it's also Shira Ovide pretending Bing matters. Marketing as 'news'. "Shira Ovide is a Bloomberg Opinion columnist covering technology. She previously was a reporter for the Wall Street Journal." They're well known for Microsoft boosting and Google bashing because of their owner.]

Facebook, Not Microsoft, Is the Main Threat to Open Source

Filed under
Microsoft

Facebook is under a lot of scrutiny and pressure at the moment. It's accused of helping foreign actors to subvert elections by using ads and fake accounts to spread lies—in the US, for example—and of acting as a conduit for terrorism in New Zealand and elsewhere. There are calls to break up the company or at least to rein it in.

In an evident attempt to head off those moves, and to limit the damage that recent events have caused to Facebook's reputation, Mark Zuckerberg has been publishing some long, philosophical posts that attempt to address some of the main criticisms. In his most recent one, he calls for new regulation of the online world in four areas: harmful content, election integrity, privacy and data portability. The call for data portability mentions Facebook's support for the Data Transfer Project. That's clearly an attempt to counter accusations that Facebook is monopolistic and closed, and to burnish Facebook's reputation for supporting openness. Facebook does indeed use and support a large number of open-source programs, so to that extent, it's a fair claim.

Read more

From same author today: Facebook Fails To Block EU Court Case That Could Rule Against Most Transatlantic Data Flows

Syndicate content

More in Tux Machines

OSS Leftovers

  • Meet the newest Collaborans!

    What better way to start the new year than by highlighting the newest members of our engineering and administrative teams who joined in Q4 2019! Based in Italy, Portugal, the United Kingdom and Greece, these newest Collaborans join our worldwide team of highly skilled engineers, developers and managers who all share a common passion for technology and Open Source.

  • MariaDB X4 brings smart transactions to open source database

    MariaDB has come a long way from its MySQL database roots. The open source database vendor released its new MariaDB X4 platform, providing users with "smart transactions" technology to enable both analytical and transactional databases. MariaDB, based in Redwood City, Calif., was founded in 2009 by the original creator of MySQL, Monty Widenius, as a drop-in replacement for MySQL, after Widenius grew disillusioned with the direction that Oracle was taking the open source database. Oracle acquired MySQL via its acquisition of Sun Microsystems in 2008. Now, in 2020, MariaDB still uses the core MySQL database protocol, but the MariaDB database has diverged significantly in other ways that are manifest in the X4 platform update. The MariaDB X4 release, unveiled Jan. 14, puts the technology squarely in the cloud-native discussion, notably because MariaDB is allowing for specific workloads to be paired with specific storage types at the cloud level, said James Curtis, senior analyst of data, AI and analytics at 451 Research.

  • SecureMyEmail makes really private email surprisingly simple

    The service also allows seamless, key-free transmission to other SecureMyEmail subscribers and to others who use PGP software such as the PGP-compatible free-software GNU Privacy Guard.

  • Copy-left behind: Permissive MIT, Apache open-source licenses on the up as developers snub GNU's GPL

    Permissive open-source software licenses continue to gain popularity at the expense of copyleft licenses, according to a forthcoming report from WhiteSource, a biz that makes software licensing management tools. Permissive licenses include the MIT and Apache 2.0 licenses and are known as such because the permit licensors to do more or less what they want with the covered software, with minimal caveats, and without imposing obligations like sharing code revisions. Copyleft licenses like GPLv2, GPLv3, and LGPLv2.1 convey similar freedom, while, to put it simply, requiring that licensors not release versions or derivatives of the licensed code that restrict said freedom.

Programming: Rust, C and Python

  • Announcing Better Support for Fuzzing with Structured Inputs in Rust

    Today, on behalf of the Rust Fuzzing Authority, I’d like to announce new releases of the arbitrary, libfuzzer-sys, and cargo fuzz crates. Collectively, these releases better support writing fuzz targets that take well-formed instances of custom input types. This enables us to combine powerful, coverage-guided fuzzers with smart test case generation. Install or upgrade cargo fuzz with: cargo install --force cargo-fuzz To upgrade your fuzz targets, bump your libfuzzer-sys dependency to 0.2.0 on crates.io. That should be all that’s needed for most cases. However, if you were already using Arbitrary inputs for your fuzz target, some changes will be required. See the upgrading fuzz targets section below for more details.

  • C vs. Rust: Which to choose for programming hardware abstractions

    Rust is an increasingly popular programming language positioned to be the best choice for hardware interfaces. It's often compared to C for its level of abstraction. This article explains how Rust can handle bitwise operations in a number of ways and offers a solution that provides both safety and ease of use.

  • Leysin Winter sprint 2020: Feb 28 - March 7th

    The next PyPy sprint will be in Leysin, Switzerland, for the fourteenth time. This is a fully public sprint: newcomers and topics other than those proposed below are welcome.

  • Use this Python script to find bugs in your Overcloud

    OpenStack stores and manages a bunch of log files on its Overcloud nodes and Undercloud host. Therefore, it's not easy to use OSP log files to investigate a problem you're having, especially when you don't even know what could have caused the problem. If that's your situation, LogTool makes your life much easier! It saves you the time and work it would otherwise take to investigate the root cause manually. Based on a fuzzy string matching algorithm, LogTool provides all the unique error and warning messages that have occurred in the past. You can export these messages for a particular time period, such as 10 minutes ago, an hour ago, a day ago, and so on, based on timestamp in the log.

Proprietary Stuff and Openwashing

  • Apple may have to abandon Lightning connector cable

    The cable is used to charge and sync many Apple devices, such as the iPhone.

    But members of the European Parliament urged the European Commission on Monday to force tech giants to adopt a single universal charging method.

  • Confidential computing promises secure cloud apps

    Enterprises, governments and other organizations all sit on vast troves of data that cannot be processed due to security and privacy concerns. To address this limitation, researchers and vendors have developed various confidential computing techniques to safely process sensitive data. Confidential computing is particularly important for organizations in heavily regulated industries or sectors where opportunities for running workloads on the public cloud are severely limited, such as government, telecommunications, healthcare and banking. Confidential computing protects data at rest, which enables organizations to deploy sensitive workloads off premises and provides further protection to sensitive workloads on premises. [..]. "If projects and products can show regulators and legislators that the levels of security are sufficient to meet their requirements, then deployment to public clouds becomes plausible for a great many more applications and use cases," said Mike Bursell, chief security architect at Red Hat.

  • Akraino Edge Stack Enables Connected Car, AR/VR, AI Edge, and Telco Access Edge Application Use Cases

    LF Edge, an umbrella organization within the Linux Foundation that aims to establish an open, interoperable framework for edge computing independent of hardware, silicon, cloud, or operating system, today announced the availability of Akraino Edge Stack Release 2 (“Akraino R2”). Akraino’s second release furthers the power of intelligent edge with new and enhanced deployable, self-certified blueprints for a diverse set of edge use cases. Launched in 2018, and now a Stage 3 (or “Impact” stage) project under the LF Edge umbrella, Akraino Edge Stack is creating an open source software stack that supports a high-availability cloud stack optimized for edge computing systems and applications. Designed to improve the state of edge cloud infrastructure for enterprise edge, over-the-top (OTT) edge, and carrier edge networks, it offers users new levels of flexibility to scale edge cloud services quickly, to maximize the applications and functions supported at the edge, and to help ensure the reliability of systems that must be up at all times. “The Akraino community has grown rapidly in the past year, and now includes contributions from 70 percent of LF Edge Premium member companies and countless other ecosystem partners beginning to deploy the blueprints across the globe,” said Arpit Joshipura, general manager, Networking, Automation, Edge and IoT, the Linux Foundation. “With R2, strong community collaboration brings even more blueprints to the ecosystem that support current and future technology at the open source edge.”

  • Microsoft: Application Inspector is now open source, so use it to test code security

Security Leftovers

  • Study Shows The Internet Is Hugely Vulnerable To SIM Hijacking Attacks

    U.S. Wireless carriers are coming under heavy fire for failing to protect their users from the practice of SIM hijacking. The practice usually involves conning or bribing a wireless employee to port a victim's cell phone number right out from underneath them, letting the attacker then pose as the customer to potentially devastating effect. Carriers are facing numerous lawsuits from victims who say attackers used the trick to first steal their identity, then millions in cryptocurrency, or even popular social media accounts.

  • Restoring DNS Privacy

    Stefan and I have been taking last week to add DNS over TLS into IPFire - another step to make DNS more private. Here is what we have done. Cleaning up some mess IPFire has multiple places where DNS servers could be configured. If you were using PPP for your Internet connection, you would have set this up with your dialup settings. If you were using a static IP address, then you would have set up the DNS servers with it in the setup. If you were using DHCP, you had a page on the web user interface to go to. This is not only confusing for the user, but also there were the places in the code where those settings were applied. Now, we have created an entire new page which combines all of it together! You will have a list where you can set all DNS servers and set new settings. [...] This will be release with Core Update 140. Amongst the many new features, we have removed a lot of code that has caused us a lot of trouble in the past and rewritten many things entirely from scratch.

  • Security updates for Friday

    Security updates have been issued by Arch Linux (chromium), Fedora (gnulib, ImageMagick, jetty, ocsinventory-agent, phpMyAdmin, python-django, rubygem-rmagick, thunderbird, and xar), Mageia (e2fsprogs, kernel, and libjpeg), openSUSE (icingaweb2), Oracle (git, java-11-openjdk, and thunderbird), Red Hat (.NET Core), Scientific Linux (git, java-11-openjdk, and thunderbird), SUSE (fontforge and LibreOffice), and Ubuntu (kamailio and thunderbird).