Microsoft is seeking to join Linux private security board

[nanoguy]

In context: Microsoft has seen a big transformation under Satya Nadella, from a company culture and strategy where "Linux is cancer," to one that's increasingly embracing Linux and open source. The company is now looking to add its own contributions and strengthen Linux, which means it wants to be on the same level as a distro provider that can get early access to security vulnerabilities.

Microsoft’s relationship with the Linux community wasn’t exactly rosy under Ballmer, who is notorious for having hated Linux with a passion. Satya Nadella has been working to change that, and the company is a high-paying, platinum member of the Linux Foundation, a move that has been treated with skepticism by the community, given its anti-establishment inclinations.

In a new move, the company is looking to join the linux-distros and oss-security mailing lists, which are used by representatives from Linux distributions as a private channel where they can report and coordinate on security issues – which one depending on the severity and whether they’ve been disclosed to the public.

The application was made by Sasha Levin, and if approved would allow the Redmond giant to be part of private discussions on vulnerabilities and ongoing security issues. One of the criteria for membership is to have a Unix-like distro that makes use of open source components, and Levin mentioned Windows Subsystem for Linux 2 and Azure Sphere, which are still in public preview and slated for general availability in 2020.

Levin, who is an active contributor to the Linux Kernel, also noted that Microsoft’s Linux builds are not based on other distributions from members such as Ubuntu, Debian, Suse, Red Hat and Chrome OS, and that Greg Kroah-Hartman from the Linux Foundation can vouch for him.

In the context of a world where everything from tiny embedded devices to servers seems to run some form of Linux at its core, Microsoft has made the right choice of embracing it as an integral part of its strategy to remain relevant in the industry.

Permalink to story.

https://www.techspot.com/news/80722-microsoft-seeking-join-linux-private-security-board.html

 

[Impudicus]

Keep your friends close, and your enemies closer.

 

[psycros]

Embrace, extend and exterminate.

Keep your friends close, and your enemies closer.

"Embrace, extend and exterminate." Google watched Microsoft do this in the 90's and 2000's and proceeded to use Linux to beat them at their own game. Google has managed to avoid the kind of regulatory wrath Microsoft invoked back then by sticking to open Internet standards, but the way they handle Android is exactly how the old MS operated. To gain access to the Play Store an Android build must include all of Google's services and spyware and use only Google's app store (which doesn't stop sideloading or even using third party app repositories as long as you disable a lot of security, but..just no.) Where are the government watchdogs of the past who held Microsoft accountable for such anti-competitive actions?

Apple is doing mobile much better than anyone else right now. If you can afford the iPhone premium and you don't need a "back" button you'd be a fool to go with Google's mess. Frankly, I see little hope for change on that front so I won't even address it. The PC desktop is another matter. IMO the ideal future for PCs would be a single Linux distro that is built on the four S's: security, simplicity, speed and stability. One could argue that at least a couple of those S's work against each other, but they don't have to. Microsoft could completely change its image by fully embracing Linux and becoming the white knight reflection of Canocial. They could create their own distro that you can run any desktop on but includes their Linux versions of Office and whatever else make sense. Sure, there would be tons of skepticism but if they kept everything but the apps themselves fully open and it would assuage most of the community's concerns. It could open a door that nobody thought possible. Imagine five to ten years from now: "Windows L" is a desktop environment for X or Wayland or or whatever they finally settle on that includes the full Windows stack needed to make programs run perfectly on Linux. Its steadily combining all the best features from every version of Windows and communicates fully with the underlying Linux stack. Its $99 retail and is selling like mad because its the Rosetta stone of modern computing. Naturally, volume licenses can be had much cheaper. Amazon is starting to feel the hit because Azure is a click away from install via the "Windows Store" (assuming an actual window company doesn't have the trademark). Linux support becomes a much healthier business due to increased desktop popularity: licenses can be sold cheaper now thanks to the surge in market penetration and that only fuels purchases. Traditional Windows is still there and almost fully cross-compatible with Windows L thanks to an extended Windows Subsystem for Linux, and most Linux apps work flawlessly on it. Edge is a single build that works fine on both versions of the Windows desktop and is the #2 browser due to a rapidly growing addon community. Because Microsoft is now respecting user privacy and security their ad business is booming - no savvy marketer deals solely with Google now. An overly optimistic vision? Perhaps..but that doesn't mean it isn't acheivable if MS and the Linux world want to help each other in good faith.

 

[DelJo63]

OMG!!! N E V E R. The Unix/Linux community has it's own Secure Programming Initiative and doesn't need M$, Ballmer nor Nadella to pervert what has been working for over a decade.

What does C2 Security mean? see C2 Security

Class C2 is a security rating established by the U.S. National Computer Security Center (NCSC) and granted to products that pass Department of Defense (DoD) Trusted Computer System Evaluation Criteria (TCSEC) tests.
What is Class C2? - Definition from WhatIs.com - SearchSecurity

https://searchsecurity.techtarget.com/definition/Class-C2​

 

[onestepforward]

This is wrong, damn wrong!

 

[Curmudgeon34]

OMG!!! N E V E R. The Unix/Linux community has it's own Secure Programming Initiative and doesn't need M$, Ballmer nor Nadella to pervert what has been working for over a decade.

What does C2 Security mean? see C2 Security

Class C2 is a security rating established by the U.S. National Computer Security Center (NCSC) and granted to products that pass Department of Defense (DoD) Trusted Computer System Evaluation Criteria (TCSEC) tests.
What is Class C2? - Definition from WhatIs.com - SearchSecurity

[URL]https://searchsecurity.techtarget.com/definition/Class-C2[/URL]​

https://searchsecurity.techtarget.com/definition/Class-C2

https://searchsecurity.techtarget.com/definition/Class-C2

Linux hasn't had a great track record of security, and its holes are showing...

 

[DawidCyron]

OMG!!! N E V E R. The Unix/Linux community has it's own Secure Programming Initiative and doesn't need M$, Ballmer nor Nadella to pervert what has been working for over a decade.

What does C2 Security mean? see C2 Security

Class C2 is a security rating established by the U.S. National Computer Security Center (NCSC) and granted to products that pass Department of Defense (DoD) Trusted Computer System Evaluation Criteria (TCSEC) tests.
What is Class C2? - Definition from WhatIs.com - SearchSecurity

[URL]https://searchsecurity.techtarget.com/definition/Class-C2[/URL]​

https://searchsecurity.techtarget.com/definition/Class-C2

https://searchsecurity.techtarget.com/definition/Class-C2

Linux hasn't had a great track record of security, and its holes are showing...

Looking at it from this perspective, Windows has a much worse track record. Let's be honest here, Linux is safer and more secure than Windows.

 

[jpuroila]

Fun fact: Just recently, Ubuntu announced dropping support for 32-bit executables on x86(admittedly they backpedaled pretty quickly after huge backlash), effectively killing Wine and Steam support since many, many games are 32-bit and will never receive 64-bit versions. This happened shortly after Canonical received extra funding from Microsoft.

I'm pretty sure Microsoft is still playing the old Embrace, Extend, Extinguish game here.