Bonum Certa Men Certa

[Video] How the Media Blamed SSH and Linux (for Nearly a Whole Fortnight!) Instead of Microsoft's GitHub and Systemd

posted by Roy Schestowitz on Apr 11, 2024,
updated Apr 11, 2024

k Video download link | md5sum 0343d2a5fb805701dab56eb12ef302ac
How Media Failed at XZ Coverage
Creative Commons Attribution-No Derivative Works 4.0

Preview for How Media Failed at XZ Coverage

Introduction

THIS MORNING we made some new videos. We recorded 3 videos in total, but this one is the worst of them all for purely technical reasons. It ends after about 33 minutes even though the original plan was to go through almost 150 titles/articles, illuminating the way the media likes to smear "Linux" and illustrating the dishonesty of so-called 'journalists' (parrots and stenographers). After the technical issues I thought of recording a "part 2", but eventually it seemed like enough material had been covered and, at the very least in order to avoid repetition, it was probably OK to just leave things (fine as is). It deals with a small sub-sample of coverage we've gradually collected in a roughly chronological order, showing how FUD gets recycled and sometimes upcycled.

As noted here last week, some ludicrous articles went as far as praising Microsoft, reiterating the lie that it "loves Linux" (it loves using "Linux" for distraction) and framing Microsoft as some sort of authority/expert at security.

The Present

The "xz" (or "Xz" or "XZ" or the name of the encapsulating package; most of the media went for more familiar "brands") story and/or the hype isn't over per se, but I saw that "XZ BS" only once yesterday and my wife also saw it once (another example, some blog in Planet Fedora). So now it's probably safe to take stock of the whole thing. Tomorrow this thing turns 14 days ("officially"). And prior Techrights articles set aside - as most of them over a week old with a high view count already - we take a fresher look at these things. This long page (no JavaScript or bloat) was updated about 50 times and some people asked why we keep updating it so often (several times per day). "What we are describing here will be covered in my upcoming video about xz," I said, "I just wait for "the news" to calm down a bit..."

So let's look back and consider what had been published until yesterday's "trickle" ('only' 2 instances in one day). The longer version of it is in the video at the top.

Microsoft Not to the Rescue

Microsoft-connected sites have said a whole bunch of lies. Some of them were covered here a week ago, so we would rather not air those lies again.

To give one example, Risky Business (RB, or Australia's RiskyBiz where Microsoft's mouthpieces like Brett Winterford [1, 2] work) had three recordings on xz [1, 2, 3], "casting aspersions at SSH in general (they hate SSH and campaign against it) and blame Linux specifically and the OSS development model in general," an associate has noted. "Again, if distros had the minimum of three developers per subproject, the Xz breach would have been harder to pull off. However, when the same technique is tried against proprietary softer, there is basically no chance at detection."

This associate keeps saying that we "need to pound the drum on the benefits of OSS (and especially FOSS) and the same attack against proprietary would slide by undetected."

Richard Stallman covered this already, even close to 2 decades ago [1, 2]. Stallman said it many times; he spoke of how someone had been arrested for trying to put backdoors from within Microsoft on behalf of Al-Qaeda. No kidding!

I spoke to another person last week. "Something that's changed culturally, at least in the US, which Microsoft seems way ahead in exploiting, is vanity and need for popularity among the new gen tech devs," he said. We have said this for years!

"Instead of coders just scratching an itch and putting up a project in case a few dozen people find it useful, Github has set up a pageant, a frenzy of egotistical self-promotion, with badges and "likes" and ways to track activity and whatnot. The recent tech layoffs and it's proximity to Linked-In is amplifying that desperation."

And the media tells them that's the right thing to do. We covered many examples in the past. Sometimes you cannot even apply for things unless you provide a GitHub (i.e. Microsoft) handle.

"Microsoft wanna set themselves up as a Dickensian workhouse with Nancy and Bill Sikes (Gates) ruling a gang of kids who will pick pockets and write code for gruel," the person told me. "When I interview young devs now, instead of giving me a a URL to their domain, or even a written CV, they just give me their GitHub ID. I say, "So you already work for Microsoft?".

That's a good line!

On the upside, those are easy to reject promptly and upfront. If this is how they develop and write code, maybe they lack a lot of basic skills.

"Anyway," the person told me, "what concerns me is the terrifying cybersecurity implications of this."

So today I will explain what this media frenzy served to distract from. I want to focus on why GitHub is actually part of the problem here. We also need to remind readers what Microsoft is ALWAYS hoping to distract from. Aside from tributes to Ross Anderson, who valued real security, Microsoft distracted from at least 3 major security blunders. We'll revisit this towards the end of this article.

"Regarding the Xz-based FUD," an associate stresses, "the fact that many projects (curl, linux, etc) actually issue their own CVEs is a major improvement. There is an article about that and this fact should be folded somehow into the eventual Xz round-up."

Also see "Verified curl" from yesterday. "Conceivably," Daniel wrote, "the xz attackers have infiltrated more than one other Open Source project to cover their bases. Which ones?"

Daniel is the founder of curl going back 2.5 decades and he already wrote about what would happen if he "fell under a bus".

A Theory

Is there a "bigger story" here? Check where the CSO of GitHub came from! Spoiler: 20 years inside NSA. Is there a US state role in the revelation?

Hard to tell.

Here is a hypothetical possibility.

It is not at all unthinkable that the massively-staffed NSA (or sibling agency/partner in the US; they're malicious and they are as big as megacorporations), with staff dedicated to audits and back doors, informed GitHub (i.e. Microsoft) of what had happened some time earlier. The CSO of GitHub is a 20-year NSA veteran and Microsoft knew that right after Easter it would get blasted by official authorities for getting clients cracked by China, not to mention getting cracked itself (also by China). So they could pass on some details to a Microsoft employee (not high-level and not particularly well known) on Friday before the holiday and days before the release of the 'dreadful' report (to Microsoft; it knew it was coming as there was a degree of cooperation with the investigation, ultimately castigating the company), promptly weaponising sensationalist language to occupy news searches for "China" and "security" while at the same time smearing "Linux" (not GitHub or systemd), even if it's over some beta releases that few people use, casually and swiftly while having the audacity to paint Microsoft not just as security expert but also "saviour" of "Linux". Yes! All this while in fact the real China breach was the fault of Microsoft and the impending report spoke of a tall chain/cascade of failures, showing sheer incompetence and neglect at Microsoft, leading up to the actual breach that cost a lot to the US government (espionage). Microsoft tried to cover up this breach until the government demanded and pressured it to admit what had happened. It turned out to be worse than initially assumed/believed/seen on the surface. So if Microsoft used its staff as "mules" for inversion/invention of narratives, aided by lazy "media", that would need substantial proof. We might never have that.

Anyway, that's just a theory. Plausible? Needs proof.

What It Still Distracts From

Even days later the Microsoft-connected (or sponsored) publishers are spamming the media with "China" stuff that isn't the above-mentioned breach. Days ago Microsoft was accusing China of fakes (calling everything "AI"). One example is "Chinese hackers turn to AI to meddle in elections" and it misrepresents Microsoft as an authority in this domain. In reality, Microsoft is the very source (or generator) of these fakes. So Microsoft has quite some audacity weighing in on this.

This is only one way in which Microsoft is distracting from the report about how China cracked Microsoft's entire infrastructure. That's a fact and the US Government blasted it for it only days earlier until ~2 days ago (the video above covers this). Here is an example from 5 days ago:

China is ramping up use of AI-generated content and fake social control media accounts to inflame division in the United States and elsewhere, according to the latest report from Microsoft’s threat center.

In relation to Asia (it's not known if the crack in the case of xz can be attributed to China, but it's likely someone in Asia), there's also pure noise like this. The "India" stuff and lots more like this "Hey Hi" (AI) nonsense stole the thunder - to the point nobody spoke or said anything about how Microsoft failed the whole nation. Articles about India, Microsoft, Modi, and Bill Gates help distract from high usage of GNU/Linux in India.

Earlier this week we saw that Microsoft had managed to (once again!) engineer a security blunder for itself. To quote a new piece or an article by Sam Varghese:

A suspected Russian intrusion into Microsoft's corporate systems, which was disclosed in January, also affected US federal government systems, according to the US Cybersecurity and Infrastructure Security Agency.

Also see "US Cyber Safety Review Board on the 2023 Abusive Monopolist Microsoft Exchange Hack" and this morning's pick from Federal News Network, stating: "Oregon Senator fed up with data breaches, blasts Big Tech, demands mandatory standards Sen. Ron Wyden (D-Ore) cites a Cyber Safety Review Board report that blames Microsoft's inadequate cybersecurity culture."

This is what Microsoft wants nobody to pay any attention to. Please keep the eyes on the ball.

Other Recent Techrights' Posts

Censorship as Signal of Opportunity for Reform
It remains sad and ironic that Wikileaks outsourced so much of its official communications to Twitter (now X)
The World Wide Web Has Been Rotting for Years (Quality, Accuracy, and Depth Consistently Decreasing)
In the past people said that the Web had both "good" and "bad" and that the good outweighed the bad
Comoros: Windows Plunges to Record Low of About 6% in Country of a Million People (in 2010 Windows Was 100%)
Many of these people earn a few dollars a day; they don't care for Microsoft's "Hey Hi PC" hype
The Mail (MX) Server Survey for July 2024 Shows Microsoft Collapsing to Only 689 Servers or 0.17% of the Whole (It Used to be About 25%)
Microsoft became so insignificant and the most astounding thing is how the media deliberate ignores it or refuses to cover it
Windows Down From 98.5% to 22.9% in Hungary
Android is up because more people buy smaller mobile devices than laptops
Microsoft Windows in Algeria: From 100% to Less Than 15%
Notice that not too long ago Windows was measured at 100%. Now? Not even 15%.
Microsoft Windows "Market Share" in New Zealand Plunges to 25%
Android rising
SUSE Goes Aryan: You May Not Use the Germanic Brand Anymore (It's Monopolised by the Corporation)
Worse than grammar Nazis
Gratis But Not Free as in Freedom: How Let's Encrypt is Dying in Geminispace
Let's Encrypt is somewhat of a dying breed where the misguided CA model is shunned
 
Backlash and Negative Press After Microsoft Tells Diversity, Equity, and Inclusion (DEI) People to DIE
Follow-up stories
Links 17/07/2024: School Budget Meltdown and Modern Cars as Tracking Nightmares
Links for the day
This Should Certainly be Illegal, But the Person Who Helped Microsoft Do This is Still Attacking the Critics of It
perhaps time for an "I told you so post"
[Meme] A Computer With an Extra Key on the Keyboard Isn't Everyone's Priority
(so your telling me meme)
Africa as an Important Reminder That Eradicating Microsoft Doesn't Go Far Enough
Ideally, if our top goal is bigger than "get rid of Microsoft", we need to teach people to choose and use devices that obey them, not GAFAM
Billions of Computers Run Linux and Many Use Debian (or a Derivative of It)
many devices never get updated or even communicate with the Net, so exhaustive tallies are infeasible
[Meme] Microsoft is Firing
Don't worry, Microsoft will have some new vapourware coming soon
More DEI (or Similar) Layoffs on the Way, According to Microsoft Team Leader
What happened shortly before Independence Day wasn't the end of it, apparently
[Meme] Many Volunteers Now Realise the "Open" in "OpenSUSE" or "openSUSE" Was Labour-Mining
Back to coding, packaging and testing, slaves
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, July 16, 2024
IRC logs for Tuesday, July 16, 2024
[Meme] Ein Factory
A choice between "masters" (or "master race") is a false choice that results in mass exploitation and ultimately eradication (when there's little left to exploit)
Links 17/07/2024: Open Source Initiative Lies and Dark Net Thoughts
Links for the day
Media Distorting Truth to Promote Ignorance
online media is rapidly collapsing
Android Rises to New Highs of Almost 80% in Cameroon
How many dozens of nations will see Windows at under 10% this coming winter?
Links 16/07/2024: TikTok Ban in Europe and Yandex Split
Links for the day
Gemini Links 16/07/2024: On Packrafting and on Trump Shot
Links for the day
[Meme] Firefox Users Who Think They Know Better Than Mozilla
Enjoy Firebook
Firefox Used to Have About Half the Market in Switzerland, But It Doesn't Stand a Chance Anymore (Chrome Surging This Summer)
Mozilla has managed to alienate some of the biggest fans of Firefox
Microsoft's Biggest Losses Are in Europe This Summer
Microsoft's ability to milk a relatively rich Europe is fast diminishing
How to Make Software Suck and Discriminate Against People at the Same Time
ageism glorified
Bing Was at 2.6% in Russia When LLM Hype Started. Now It's Down to 0.8% (for 3 Months in a Row Already)
The sharp fall of Bing may mean that exiting the Russian market won't matter to anybody
[Meme] Microsoft Seems to be Failing to Comply With WARN Act (by Refusing to Announce Mass Layoffs as They Happen)
since when does Microsoft obey the law anyway?
Microsoft Layoffs Are Still Too Frequent to Keep Abreast of and Properly (or Exhaustively) Classify
The "HR" department knows what's happening, but whistleblowers from there are rare
Bahamas Joined the "5% Windows" Club
statCounter only traces back about 1 in 20 Web requests to Windows
Links 16/07/2024: Salesforce Layoffs and Microsoft's DMARC Fail
Links for the day
Antenna Abuse and Gemini Abuse (Self-hosting Perils)
Perhaps all this junk is a sign of Gemini growing up
Possibly Worse Than Bribes: US Politicians and Lawmakers Who Are Microsoft Shareholders
They will keep bailing out Microsoft to bail themselves out
The Software Freedom Conservancy Folks Don't Even Believe in Free Speech and They Act As Imposters (Also in the Trademark Arena/Sense)
Software Freedom Conservancy was already establishing a reputation for itself as a G(I)AFAM censor/gatekeeper
Djibouti Enters the Windows "10% Club" (Windows Was 99% in 2010)
In Africa in general Microsoft lost control
GNU/Linux Share Doubled in the United States of America (USA) in the Past 12 Months
Or so says statCounter
Even in North Korea (Democratic People's Republic Of Korea) Google Said to Dominate, Microsoft Around 1%
Google at 93.26%
[Meme] The Red Bait (Embrace... Extinguish)
They set centos on fire, then offer a (de facto) proprietary substitute for a fee
Shooting the Messenger to Spite the Message
segment of a Noam Chomsky talk
[Video] Boston Area Assange Defense (Yesterday)
It was published only hours ago
Guinea: Windows Down From 99.3% to 2.7% 'Market Share'
Guinea is not a small country
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, July 15, 2024
IRC logs for Monday, July 15, 2024
What's Meant by "Antenna Abuse" (Gemini)
syndication is not a monopoly in Gemini and if one doesn't condone political censorship, then one can create one's own syndication service/capsule
Microsoft Layoffs and Entire Unit Termination: Diversity, Equity, and Inclusion
What an announcement to make just before Independence Day
Links 16/07/2024: Old Computer Challenge and One Page Dungeon Contest
Links for the day
Microsoft Falls Further and Closer Towards 10% (Windows "Market Share") in Kuwait
more countries entering the "single-digit Windows" (under 10%) club
Gemini Links 15/07/2024: Antenna's Pro-Hamas Bias Revisited and Old Computer Challenge
Links for the day
[Video] Julian Assange, Over One Decade Ago, Cautioning About What the Internet Had Truly Become
video is not new
Homage to Malta
Malta is probably easy for Microsoft to bribe
IRC at 16
Logging has been used for us and against us
In Malta, Android/Linux Has Overtaken Microsoft Windows (According to statCounter)
statCounter milestone?
Links 15/07/2024: China’s Economic Problems, Boeing Under Fire
Links for the day
500 Days' Uptime Very Soon
Good luck doing that with Windows...
Windows Falls Below 20% in Tunisia
A month ago we wrote about GNU/Linux in Tunisia
Links 15/07/2024: Google Wants Wiz and Why "Sports Ruin Everything"
Links for the day
Gemini Links 15/07/2024: Old Computer Challenge and Sending Files via NNCP
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, July 14, 2024
IRC logs for Sunday, July 14, 2024