this post was submitted on 21 Apr 2024
471 points (95.7% liked)

Technology

58144 readers
4513 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
471
Why Microsoft is a national security threat (www.theregister.com)
submitted 5 months ago by [email protected] to c/[email protected]
99 comments fedilink hide all child comments
top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 7 points 4 months ago

Let me explain...the same people that brought you windows 3, 95, 98, 2000, nt, XP, etc now want to obtain everything you type via an AI tool they created.

They would know all your health history, everything you scan, your photos relating to family and work secrets, etc. for the corporate, they would know who from LinkedIn will get the job and who will be fired. They will know about layoffs and about business secrets and success. Etc.

It's pretty simple. Rather than just a keylogger, Microsoft wants you to use a smart keylogger that they control. How is that not the dumbest thing to ever use at work? It's gotta be the biggest IT security failure ever.

[–] [email protected] 21 points 5 months ago

Now for all governments in the world: install Linux already and get it over with. Cut your dependence on an abusive and crappy software vendor

[–] [email protected] 13 points 5 months ago (3 children)

Which then raises the question: why isn't the US using open source software everywhere, paying the same -or very likely - much less to maintain and expand said software? Can you imagine the money stream towards thousands of devs fixing any (but, feature or security) issue, which they would already do for free? Finally some recognition and so on.

Finally they'd have software that they can trust and rely upon, it'll kill one huge company and spawn hundreds of smaller companies. Win-win all around

[–] [email protected] 5 points 5 months ago

If its anything like the private sector its a mostly a liability thing. If something is wrong with the program, you can sue the vendor. With open source... Thats a lot harder to do. Large groups wont use the thing if you cant put the blame on someone else when it breaks.

[–] [email protected] -1 points 5 months ago (2 children)

Because open source doesn't have support contracts

[–] [email protected] 1 points 4 months ago

Really? Maybe ask redhat? Ubintu? And those are the large ones, there are loads of companies that give support contracts.

[–] [email protected] 3 points 5 months ago

I'm sure there are other companies, but here's Red Hat's Support options.

[–] [email protected] 10 points 5 months ago (2 children)

Because there is seldom a good replacement for the majority of software that enterprises use.

[–] [email protected] 2 points 5 months ago

As much as I like FOSS it's significantly harder to fund.

With proprietary you keep the source code, ship the app, collect data & sell it, and charge for a premium /subscription. They then use that money to fund talented devs and give them deadlines to make good software.

With FOSS it's largely contribution work by people who work on it in their free time. They use donations or paying for enterprise support, and if they do add a subscription service / premium version you can just modify the code and get it for free.

That's largely why FOSS software is behind, what's the direct incentive for someone to make it good?

[–] [email protected] 2 points 5 months ago (1 children)

An administration that were really looking to liberate itself of proprietary software and develop a sustainable policy would analyze its needs and look for software that matches them, not shape their needs around the proprietary software they're already using.

If you start by thinking "what software does things exactly the same as this one I'm using" of course you'll never move on. Microsoft obfuscates their software on purpose so you can never find 100% compatible stuff.

[–] [email protected] 1 points 4 months ago

You're living in a fantasy land. The software you're referencing, largely doesn't exist how a corporate environment utilizes it. Even just excel, the employees need it, you can't teach someone 5 years from retirement a new spreadsheet program. Sure you could buy licenses from MS, but I bet if big organizations started doing it, they would stop. Or only sell the entire MS suite at some insane price. Adobe? Haha

[–] [email protected] 11 points 5 months ago (1 children)

I'd focus on enforcing standards and interoperability first, in a serious an highly punitive fashion for offenders.

If you can read/write your spreadsheet using any spreadsheet tool or OS you're half-way there and will've severely hampered the old embrace-extend-extinguish (it's still a thing).

[–] [email protected] 4 points 5 months ago (1 children)

Unfortunately the ISO certification process for office document formats was subverted by Microsoft to require their OOXML formats instead of the ODF (Open Document Format) that was being prepared for this role. And then they continued by not implementing the certified format correctly in Office anyway.

As a result it's virtually impossible for any law-abiding, taxpayer-answering government to argue for adopting ODF over OOXML

It's also impossible to find any other software that supports existing documents, because Microsoft introduces differences from the spec on purpose and any software that tries to stick to the official OOXML format can't process them 100% correctly.

Any government that wants to wean itself off Microsoft documents would have to first conduct an investigation, explain why ODF is the better format, demonstrate that Microsoft doesn't follow their own spec, then accept the fact they're gonna partially lose their existing documents if they move away, and only then they'd be able to start the process of looking for ODF-supporting software and companies, and convert their docs and processes.

[–] [email protected] 3 points 5 months ago

demonstrate that Microsoft doesn't follow their own spec

I genuinely feel bad for MS devs because of all of the garbage that they have to deal with because of scummy management and the Balmer years.

[–] [email protected] 0 points 5 months ago

Bad procurement is a national security threat

[–] [email protected] 1 points 5 months ago

Duh!

[–] [email protected] 69 points 5 months ago* (last edited 5 months ago)

Its kind of funny to me that by pushing data harvesting of OS's and office data then selling it to 3rd parties Microsoft has probably become the biggest security threat to the US government, maybe ever. And its all because the US refuses to pass basic consumer privacy protections.

[–] [email protected] 20 points 5 months ago (2 children)

The US at least has some degree of control over Microsoft. How much worse is that the EU is still not developing an own OS/distro?

[–] [email protected] 20 points 5 months ago* (last edited 5 months ago) (1 children)
  1. SUSE is an in germany founded company (now in Luxembourg)
  2. https://www.sovereigntechfund.de/
  3. Not having a government directly develop a "blessed OS" is probably for the better
[–] [email protected] 3 points 5 months ago* (last edited 5 months ago) (1 children)

I am not talking about a OS for the general public, but specifically for the administration.

And this will work much better with a unified attempt. If the EU would be taking OpenSuse for this, this would basically be the end of OpenSuses independence... I'd like it to be GNU/Linux based though.

[–] [email protected] 1 points 5 months ago

Wouldn't they just get enterprise SUSE licenses instead? Why bother with openSUSE?

[–] [email protected] 13 points 5 months ago (1 children)

There were grassroots movements like the Limux project (Munich using a custom Linux distribution). But that got shut down by Microsoft bribery (not confirmed, but MS did build a new headquarters in Munich...).

[–] [email protected] 4 points 5 months ago* (last edited 5 months ago)

Yeah, that was a shame. But I really think we'd need a shared OS for all administration units of the EU (from EU level down to munipiality levels). Would be much easier as the private sector could also adjust to it.

[–] [email protected] 18 points 5 months ago* (last edited 4 months ago)

Whoever uses Microsoft products should be aware from the start that security is a low priority for them. If you can accept the risk, fine. If you can't, think about the consequences.

load more comments
view more: next ›