Bonum Certa Men Certa

[Video] How the Media Blamed SSH and Linux (for Nearly a Whole Fortnight!) Instead of Microsoft's GitHub and Systemd

posted by Roy Schestowitz on Apr 11, 2024,
updated Apr 11, 2024

k Video download link | md5sum 0343d2a5fb805701dab56eb12ef302ac
How Media Failed at XZ Coverage
Creative Commons Attribution-No Derivative Works 4.0

Preview for How Media Failed at XZ Coverage


THIS MORNING we made some new videos. We recorded 3 videos in total, but this one is the worst of them all for purely technical reasons. It ends after about 33 minutes even though the original plan was to go through almost 150 titles/articles, illuminating the way the media likes to smear "Linux" and illustrating the dishonesty of so-called 'journalists' (parrots and stenographers). After the technical issues I thought of recording a "part 2", but eventually it seemed like enough material had been covered and, at the very least in order to avoid repetition, it was probably OK to just leave things (fine as is). It deals with a small sub-sample of coverage we've gradually collected in a roughly chronological order, showing how FUD gets recycled and sometimes upcycled.

As noted here last week, some ludicrous articles went as far as praising Microsoft, reiterating the lie that it "loves Linux" (it loves using "Linux" for distraction) and framing Microsoft as some sort of authority/expert at security.

The Present

The "xz" (or "Xz" or "XZ" or the name of the encapsulating package; most of the media went for more familiar "brands") story and/or the hype isn't over per se, but I saw that "XZ BS" only once yesterday and my wife also saw it once (another example, some blog in Planet Fedora). So now it's probably safe to take stock of the whole thing. Tomorrow this thing turns 14 days ("officially"). And prior Techrights articles set aside - as most of them over a week old with a high view count already - we take a fresher look at these things. This long page (no JavaScript or bloat) was updated about 50 times and some people asked why we keep updating it so often (several times per day). "What we are describing here will be covered in my upcoming video about xz," I said, "I just wait for "the news" to calm down a bit..."

So let's look back and consider what had been published until yesterday's "trickle" ('only' 2 instances in one day). The longer version of it is in the video at the top.

Microsoft Not to the Rescue

Microsoft-connected sites have said a whole bunch of lies. Some of them were covered here a week ago, so we would rather not air those lies again.

To give one example, Risky Business (RB, or Australia's RiskyBiz where Microsoft's mouthpieces like Brett Winterford [1, 2] work) had three recordings on xz [1, 2, 3], "casting aspersions at SSH in general (they hate SSH and campaign against it) and blame Linux specifically and the OSS development model in general," an associate has noted. "Again, if distros had the minimum of three developers per subproject, the Xz breach would have been harder to pull off. However, when the same technique is tried against proprietary softer, there is basically no chance at detection."

This associate keeps saying that we "need to pound the drum on the benefits of OSS (and especially FOSS) and the same attack against proprietary would slide by undetected."

Richard Stallman covered this already, even close to 2 decades ago [1, 2]. Stallman said it many times; he spoke of how someone had been arrested for trying to put backdoors from within Microsoft on behalf of Al-Qaeda. No kidding!

I spoke to another person last week. "Something that's changed culturally, at least in the US, which Microsoft seems way ahead in exploiting, is vanity and need for popularity among the new gen tech devs," he said. We have said this for years!

"Instead of coders just scratching an itch and putting up a project in case a few dozen people find it useful, Github has set up a pageant, a frenzy of egotistical self-promotion, with badges and "likes" and ways to track activity and whatnot. The recent tech layoffs and it's proximity to Linked-In is amplifying that desperation."

And the media tells them that's the right thing to do. We covered many examples in the past. Sometimes you cannot even apply for things unless you provide a GitHub (i.e. Microsoft) handle.

"Microsoft wanna set themselves up as a Dickensian workhouse with Nancy and Bill Sikes (Gates) ruling a gang of kids who will pick pockets and write code for gruel," the person told me. "When I interview young devs now, instead of giving me a a URL to their domain, or even a written CV, they just give me their GitHub ID. I say, "So you already work for Microsoft?".

That's a good line!

On the upside, those are easy to reject promptly and upfront. If this is how they develop and write code, maybe they lack a lot of basic skills.

"Anyway," the person told me, "what concerns me is the terrifying cybersecurity implications of this."

So today I will explain what this media frenzy served to distract from. I want to focus on why GitHub is actually part of the problem here. We also need to remind readers what Microsoft is ALWAYS hoping to distract from. Aside from tributes to Ross Anderson, who valued real security, Microsoft distracted from at least 3 major security blunders. We'll revisit this towards the end of this article.

"Regarding the Xz-based FUD," an associate stresses, "the fact that many projects (curl, linux, etc) actually issue their own CVEs is a major improvement. There is an article about that and this fact should be folded somehow into the eventual Xz round-up."

Also see "Verified curl" from yesterday. "Conceivably," Daniel wrote, "the xz attackers have infiltrated more than one other Open Source project to cover their bases. Which ones?"

Daniel is the founder of curl going back 2.5 decades and he already wrote about what would happen if he "fell under a bus".

A Theory

Is there a "bigger story" here? Check where the CSO of GitHub came from! Spoiler: 20 years inside NSA. Is there a US state role in the revelation?

Hard to tell.

Here is a hypothetical possibility.

It is not at all unthinkable that the massively-staffed NSA (or sibling agency/partner in the US; they're malicious and they are as big as megacorporations), with staff dedicated to audits and back doors, informed GitHub (i.e. Microsoft) of what had happened some time earlier. The CSO of GitHub is a 20-year NSA veteran and Microsoft knew that right after Easter it would get blasted by official authorities for getting clients cracked by China, not to mention getting cracked itself (also by China). So they could pass on some details to a Microsoft employee (not high-level and not particularly well known) on Friday before the holiday and days before the release of the 'dreadful' report (to Microsoft; it knew it was coming as there was a degree of cooperation with the investigation, ultimately castigating the company), promptly weaponising sensationalist language to occupy news searches for "China" and "security" while at the same time smearing "Linux" (not GitHub or systemd), even if it's over some beta releases that few people use, casually and swiftly while having the audacity to paint Microsoft not just as security expert but also "saviour" of "Linux". Yes! All this while in fact the real China breach was the fault of Microsoft and the impending report spoke of a tall chain/cascade of failures, showing sheer incompetence and neglect at Microsoft, leading up to the actual breach that cost a lot to the US government (espionage). Microsoft tried to cover up this breach until the government demanded and pressured it to admit what had happened. It turned out to be worse than initially assumed/believed/seen on the surface. So if Microsoft used its staff as "mules" for inversion/invention of narratives, aided by lazy "media", that would need substantial proof. We might never have that.

Anyway, that's just a theory. Plausible? Needs proof.

What It Still Distracts From

Even days later the Microsoft-connected (or sponsored) publishers are spamming the media with "China" stuff that isn't the above-mentioned breach. Days ago Microsoft was accusing China of fakes (calling everything "AI"). One example is "Chinese hackers turn to AI to meddle in elections" and it misrepresents Microsoft as an authority in this domain. In reality, Microsoft is the very source (or generator) of these fakes. So Microsoft has quite some audacity weighing in on this.

This is only one way in which Microsoft is distracting from the report about how China cracked Microsoft's entire infrastructure. That's a fact and the US Government blasted it for it only days earlier until ~2 days ago (the video above covers this). Here is an example from 5 days ago:

China is ramping up use of AI-generated content and fake social control media accounts to inflame division in the United States and elsewhere, according to the latest report from Microsoft’s threat center.

In relation to Asia (it's not known if the crack in the case of xz can be attributed to China, but it's likely someone in Asia), there's also pure noise like this. The "India" stuff and lots more like this "Hey Hi" (AI) nonsense stole the thunder - to the point nobody spoke or said anything about how Microsoft failed the whole nation. Articles about India, Microsoft, Modi, and Bill Gates help distract from high usage of GNU/Linux in India.

Earlier this week we saw that Microsoft had managed to (once again!) engineer a security blunder for itself. To quote a new piece or an article by Sam Varghese:

A suspected Russian intrusion into Microsoft's corporate systems, which was disclosed in January, also affected US federal government systems, according to the US Cybersecurity and Infrastructure Security Agency.

Also see "US Cyber Safety Review Board on the 2023 Abusive Monopolist Microsoft Exchange Hack" and this morning's pick from Federal News Network, stating: "Oregon Senator fed up with data breaches, blasts Big Tech, demands mandatory standards Sen. Ron Wyden (D-Ore) cites a Cyber Safety Review Board report that blames Microsoft's inadequate cybersecurity culture."

This is what Microsoft wants nobody to pay any attention to. Please keep the eyes on the ball.

Other Recent Techrights' Posts

Attempts to Sink the Free Software Movement (Under the Guise of Saving It)
We can see who's being drowned
Microsoft-Connected Sites Trying to Shift Attention Away From Microsoft's Megabreach Only Days Before Important If Not Unprecedented Grilling by the US Government?
Why does the mainstream media not entertain the possibility a lot of these talking points are directed out of Redmond?
[Video] Microsoft's Attack on Education
Microsoft's cult-like activities and overt entryism
Microsoft Windows Used to Have Nearly 100% in China and Now Google Has 50% (With Android)
Will China bring about a faster "fall" for Microsoft?
[Meme] Escalating After Failures
4 stages of cancel culture
Red Hat Had 2+ Days to Deny Reports of Impending Layoffs. But Red Hat Chose to Keep Silent.
Red Hat DOES NOT deny layoffs on the way
Microsoft-Connected Person Was Threatening to Sue Me and to Sue My Wife (Because His Feelings Were Hurt After Had He Spent More Than a Decade Defaming Me and Violating My Family's Dignity, Privacy)
litigation was chosen and we shall defend everything we wrote
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, May 21, 2024
IRC logs for Tuesday, May 21, 2024
Czech Republic: Windows Down From 98% to 43%, GNU/Linux Rises to Over 3%
modest gains for GNU/Linux
Links 22/05/2024: Pixar Layoffs and More Speculation About Microsoft Shutdowns/Layoffs (Ninja Theory)
Links for the day
Gemini Links 21/05/2024: Caesar II for MS-DOS and Reinventing the Assertion Wheel
Links for the day
Internal Memos/Communications Hinting at "a New, But Masked, Round of Layoffs" at Red Hat
A negative outlook heads of a long weekend
Nigeria: Windows Down to 6%, Android at All-Time High of 77%
Google is becoming the "new monopoly" in some places
[Meme] Money In, No Money Out (Granting Loads of Invalid European Patents)
EPO production?
Staff Representation at the EPO Has Just Explained to Heads of Delegations (National Delegates) Why the EPO's Financial Study is Another Hoax
Here we are again 5 years later
Canonical and Red Hat Are Not Competing With Microsoft Anymore
What a shame they hired so many people from Microsoft...
Links 21/05/2024: "Hating Apple Goes Mainstream", Lots of Coverage About Julian Assange Ruling
Links for the day
Gemini Links 21/05/2024: Losing Fats and Modern XMPP
Links for the day
Pursuing a Case With No Prospects (Because It's "Funny")
the perpetrators are taking a firm that's considered notorious
GNU/Linux Growing Worldwide (the Story So Far!)
Microsoft is unable to stop GNU/Linux
GNU/Linux in Honduras: From 0.28% to 6%
Honduras remains somewhat of a hotspot
Good News From Manchester and London, Plus High Productivity in Techrights
what has happened and what's coming
[Video] The 'Linux' Foundation Cannot be Repaired Anymore (It Sold Out)
We might need to accept that the Linux Foundation lost its way
Links 21/05/2024: Tesla Layoffs and Further Free Speech Perils Online
Links for the day
Gemini Links 21/05/2024: New Gemini Reader and Gemini Games
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, May 20, 2024
IRC logs for Monday, May 20, 2024
Red Hat Loves Microsoft Monopoly (and Proprietary Surveillance With Back Doors)
full posting history in
[Video] Just Let Julian Assange Go Back to Australia
Assange needs to be freed
The WWW declares the end of Google
Reprinted with permission from Cyber|Show
Gemini Links 20/05/2024: CMSs and Lua "Post to" Script Alternative
Links for the day
Windows Has Fallen Below 5% in Iraq, GNU/Linux Surged Beyond 7% Based on statCounter's Stats
Must be something going on!
Brodie Robertson - Never Criticise The Linux Foundation Expenses (With Transcript)
Transcript included
Links 20/05/2024: Protests and Aggression by Beijing
Links for the day
Can an election campaign succeed without social media accounts?
Reprinted with permission from Daniel Pocock
Read "Google Is Not What It Seems" by Julian Assange
In this extract from his new book When Google Met Wikileaks, WikiLeaks' publisher Julian Assange describes the special relationship between Google, Hillary Clinton and the State Department -- and what that means for the future of the internet
Fact check: relation to Julian Assange, founded Wikileaks at University of Melbourne and Arjen Kamphuis
Reprinted with permission from Daniel Pocock
Julian Assange: Factual Timeline From an Online Friend
a friend's account
Breaking News: Assange Wins Right to Challenge Extradition to the US
This is great news, but maybe the full legal text will reveal some caveat
Gambia: Windows Down to 5% Overall, 50% on Desktops/Laptops
Windows was measured at 94% in 2015
Links 20/05/2024: Microsoft Layoffs and Shutdowns, RTO as Silent Layoffs
Links for the day
The Issue With Junk Traffic in Geminispace (Gemini Protocol)
Some people have openly complained that their capsule was getting hammered by bot
Peter Eckersley, Laura Smyth & the rushed closure of dial-up Internet in Australian universities
Reprinted with permission from Daniel Pocock
Brittany Day, Plagiarist in Chief (Chatbot Slinger)
3 articles in the front page of right now are chatbot spew
Guardian Digital, Inc ( Has Resorted to Plagiarism by Chatbots, Flooding the World Wide Web With Fake 'Articles' Wrongly Attributed to Brittany Day
[Meme] Bullying the Victims
IBM: crybully of the year 2024
Ian.Community Should be Safer From Trademark Censorship
We wish to discuss this matter very quickly
Microsoft and Its Vicious Attack Dogs (Attacking Women or Wives in Particular)
Sad, pathetic, destructive people
Upcoming Series About the Campaign to 'Disappear' the Father of GNU/Linux
Today we have Julian Assange's fate to focus on
A Month From Now Gemini Protocol Turns 5
June 20
Colombia: From Less Than 0.5% to Nearly 4% for GNU/Linux
it's not limited to this one country
Rumour: Well Overdue Red Hat Layoffs to be Announced in About 3 Days
we know they've planned the layoffs for a while
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, May 19, 2024
IRC logs for Sunday, May 19, 2024
Gemini Links 20/05/2024: Updated Noto Fontpacks and gemfeed2atom
Links for the day