Sophos Cloud Optix
It’s official: Microsoft has bought open-source developers’ beloved code-collaboration site, GitHub, for $7.5 billion in stock…
…a figure that basically transfers into ~”free”~ if stock market watchers are reading it right, particularly when it comes to encouraging more of those 28 million GitHub developers to build more cloud applications.
Hello, Microsoft Azure! That’s Microsoft’s cloud computing service, where customers rent digital resources and applications on demand and where, as the Wall Street Journal notes, Microsoft is racing to catch up to industry leader Amazon.
Microsoft says that GitHub developers work on code that sits in 85 million storage spaces, called repositories, used by people in nearly every country, from mega-corporations to wee startups. In other words, it’s an insanely popular, cloud-based Git repository with lots of bells and whistles for managing collaborative, open-source software projects. GitHub offers a free version to developers who commit to sharing code, though it began charging for private storage on the service six months after its launch. It charges corporate customers to host and run software projects: a service that includes security and identity-management features.
Microsoft has come a long way in the past 10 years, since former chief Steve Ballmer called open-source a malignant cancer: the company now says that it’s the most active organization on GitHub, with more than 200 million “commits” – in other words, updates – made to projects.
Git and GitHub are pillars of the way that much of the world’s software is developed these days, but their roots lay in the open-source and anti-Microsoft culture. Therefore, it’s hardly surprising that having the beloved site acquired by the former enemy of open-source code is inspiring a bit of developer kickback, fear and loathing.
#KnockKnock #Microsoft is here #GitHub pic.twitter.com/9e5clgU3hq
— Vladimir Tasev (@TasevVladimir) June 5, 2018
Microsoft CEO Satya Nadella said on Monday that the acquisition is about empowering developers. Here’s how:
- Microsoft says it’s going to “empower developers at every stage of the development lifecycle – from ideation to collaboration to deployment to the cloud.” It’s keeping GitHub as an open platform that any developer can plug into and extend. Developers will still get to use “the programming languages, tools and operating systems of their choice for their projects – and will still be able to deploy their code on any cloud and any device.”
- Microsoft plans to accelerate enterprise developers’ use of GitHub, with its direct sales and partner channels and access to its global cloud infrastructure and services.
- Microsoft says it’s bringing its developer tools and services to new audiences.
Forget about that cancer thing! Microsoft wants to be judged on its recent track record with open-source: it’s all in!
We have been on a journey with open source, and today we are active in the open source ecosystem, we contribute to open source projects, and some of our most vibrant developer tools and frameworks are open source. When it comes to our commitment to open source, judge us by the actions we have taken in the recent past, our actions today, and in the future.
The response from an awful lot of the open-source community: HA!
The backlash has included hundreds of developers who’ve expressed their disappointment on forums and social media.
Slashdot talked to one software developer and student, Sean, who said that he doesn’t trust Microsoft and thinks that a deal of this size isn’t in the open-source community’s best interests.
[Microsoft has] shown time and time again that they can’t be trusted.
Sean and others think that it’s likely that sooner or later, Microsoft will start a telemetry program on the code repository so it can add tracking and possibly even ads to all GitHub sites. Maybe it will even try to use GitHub in order to push LinkedIn, which is another Microsoft company.
On Sunday, Ryan Hoover, the founder of ProductHunt, said that he’s hearing a lot of unhappiness about the sale:
Anecdotally, the developer community is very unapproving of this move. I’m curious how Microsoft manages this and how GitHub changes (or doesn’t change). https://t.co/L8f4hAas0H
— Ryan Hoover (@rrhoover) June 3, 2018
But besides the many, many memes about Clippy, Microsoft’s long-gone, happy paperclip assistant, dropping in to comment on developers’ work…
Microsoft's acquiring GitHub?
— Naked Security (@NakedSecurity) June 4, 2018
Finally, we're going to get some help with that impenetrable git syntax! pic.twitter.com/P2sg9WjbBi
…there’s also plenty of support for the move. On Hacker News, for example, EnderMB said they weren’t surprised at the news, given the way things have been going at GitHub:
Restructures, scandals, and some crazy comments over the few years has led me to believe that GitHub probably isn’t the same company that the development community embraced. For that reason, I can’t see Microsoft doing a “Skype” and merging GitHub into their platforms. Developers are fickle, and if Microsoft mess with GitHub then it’s not only a huge blow to the relations they’ve been trying to build for the past few years, it’s a guaranteed way to see developers flock to the next big service (i.e. GitLab).
Since Nadella took over from Ballmer in 2014, things have changed quite a bit, and it’s not too hard to believe in his statement about Microsoft being “all in” on open source. As Motherboard points out, embracing open source fits in with his plan to remake the company into a leader in cloud computing and artificial intelligence.
But no matter what Microsoft has done in recent years, this is a story about lingering attitudes toward the company. To the minds of many, Microsoft is evil and insecurity personified because of what it did in the 90s and early 2000s. In spite of its early 2000s security-first restructure – the Trustworthy Computing initiative – the company’s reputation for poor security is based on what went before that, so it’s 16 years old.
Gates followed through on his Trustworthy Computing memo (obviously, it took a while) and it’s been dialing up the security ever since.
One example is Microsoft’s healthier approach to privacy than Google or Facebook. In 2012, it outwitted its competitors with Do Not Track, both sticking to its intention of having Do Not Track on by default in IE10 and also being true to the W3C working group’s standard of not sending a Tracking Preference signal without a user’s explicit consent… and it did so by giving users an easy way to switch off DNT and thereby getting their explicit consent …and thereby sidestepping Google and Facebook’s opposition to DNT.
This has been a season of firsts in the Microsoft/open source evolution. As Linus Torvalds once famously quipped, “If Microsoft ever does applications for Linux it means I’ve won.” Well, back in April it was left to ZDNet’s Steven J. Vaughn-Nichols to point out – “He’s won” – as Microsoft, after 43 years, announced its first Linux product – a Linux kernel in the new Linux-based Azure Sphere.
Vaughn-Nichols pointed out that Microsoft has long been building applications for Linux: for one, in 2016, the company released SQL Server on Linux.
From ZDNet:
Microsoft has also completely embraced Linux on its Azure cloud. By late 2017, over 40 percent of all virtual machines on Azure were Linux. Today, Microsoft supports over half-a-dozen Linux distros on Azure. This includes CentOS, CoreOS, Debian, Oracle Linux, Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise Server (SLES), openSUSE, and Ubuntu.
…and those are just some examples of Microsoft playing well with open-source projects. All these years of embracing open source must mean something. But there’s no doubt it’s going to take a long time to turn anti-Microsoft attitudes around.
As the reaction to the GitHub news goes to show, many developers don’t like change very much.
Readers, your thoughts?
The Do Not Track standard requires that a user explicitly enable it, and when Microsoft enabled it by default, that became the #1 reason why sites said they would ignore the header. (They probably would have decided to ignore it anyway, but Microsoft gave them an excuse.) This sort of behavior where Microsoft ignores standards and does its own thing is one of the reasons why people worry about its acquisition of GitHub. Would you pay $7.5 billion for something and then just leave it as is?
Did you read the article? It is actually the opposite. Lame comment.
It SHOULD have been enabled by default. The standard model should be explicit opt-in, not explicit opt-out. Especially since the model is so broken and you can accidentally opt yourself right back out again by clearing cookies.
But of course, as you said, everybody ignores it anyway.
Thus ad- and tracker-blocking plugins. The Ad industry ultimately has brought this upon itself.
I’ll be surprised if there isn’t a near complete migration to a new hub. Corporate policies and politics are one reason people were on github and not at MS offices.
I’m disappointed in this followed closely by concerned. The Ballmer days of Microsoft are pretty well burned into my brain and I have a hard time believing that the company has changed all that much. For my part, I will check out GitLab.
I’m with you. Microsoft still has unmanaged anti-user issues – there was even an article here about them designing links to ignore the user chosen browser – so it’s hard to see how they should be trusted with something as user based as Github.
Some people are saying that Microsoft is not an evil company anymore, they are nice to open source, and everything is different under Satya Nadella.
I would point out that Microsoft was fairly evil and deceptive in tricking end users to upgrade their computers to Windows 10, and since then to force them to update to each major release. Windows 10 has a lot of privacy busting telemetry built in, that home users can’t fully turn off, and Microsoft have never fully explained. This bad practice is recent, ongoing and definitely under Nadella’s watch.
In other words, I still don’t trust them, and I will be assuming that they will scrape an analyse anything I upload to Github regardless of if it is marked as private. At the very least I would expect my Github and LinkedIn accounts to become linked, and my demonstrated skills and interests from Github to become available to recruiters in LinkedIn.
Poor old Microsoft :-) In days of yore, everyone dumped on them for charging big money for every OS upgrade, calling them money-grabbers. Why did you have to pay for Vista/7/8 when you only recently bought XP/Vista/7? (This was complicated further by the fact that your original Windows came as good as free with your PC, in OEM form, while the upgrade was basically ‘buy again from scratch’.)
When they offered Windows 10 for free, albeit in a fashion that was confusingly inept…
https://nakedsecurity.sophos.com/2016/05/25/the-windows-10-update-that-you-almost-cant-refuse/
…everyone dumped on them for being money-grabbers.
People aren’t dumping on them for being money-grabbers. People are dumping on them for A) not allowing opting out of telemetry, B) not letting you choose when or if to install updates and C) basically sneaking 10 onto millions of systems (people went to bed with a windows 7 system and woke up to it having upgraded (or even bricked itself trying) to windows 10)… and many other things. I’ve never had to run anti-malware software to protect myself from my OS before, but now i do.
Opting out of Windows 10 telemetry is actually both easy and perfectly clear at install time. It may have taken a lot of bleating to get the user experience right, but the company *did* listen (and it was never the case that you were not allowed to opt out, though it wasn’t as obvious as IMO it ought to have been at first).
And, yes, a lot of the dumping was to do with money…
No, it isn’t, and no, you didn’t. You only thought you did. I did a test-install of MS10 on one of my computers, and attached it through a wrt router. I gave the router two IP ranges to block: Microsoft and the NSA. Although other control group laptops could browse the internet just fine through the router, a “telemetry off, all tracking off, all callbacks to microsoft off” windows 10 laptop simultaneously claimed “there was no internet connect” and my router ABOVE the wrt showed over 20x the traffic STILL going to microsoft from the windows 10 box than from the windows 7 machine sitting next to it.
I’m not sure there is an “absolutely all callbacks to Microsoft off” option (short of disconnecting), but that’s hardly outrageous in an era where security is expected to be always on and always up-to-date.
I’d be interested to know what you thought the traffic was. If Microsoft really is leaking personal data when it says it won’t, that’s serious… but why would it take the risk of being caught?
I haven’t seen any meaningful indication that Microsoft now is actually much different than Microsoft of old. They talk nicer, but when you look at their actions even over the past couple of years, they sure look like the same old Microsoft to me.
I’ve already removed my projects from Github, and won’t touch it with a ten foot pole.
World-ending IIS bugs per week is a pretty good yardstick IMO.
Microsoft security circa 1998 vs 2018 is chalk and cheese.
Nah. The old Microsoft was a brawler, but they were up-front about privacy and while they had some security gafs, they cared about security. They’re straddling the line now between a product company and a pure tracking/marketing play (like Facebook).
Maybe they need to access private repos 😀
Lets get rid of the cookie once and for all. Who is on board?
Migrated my modest few projects from GitHub to GitLab in 15 minutes. Really easy:
1. Open account on GitLab if you haven’t already
2. For each project:
2.1. Create same name project on GitLab (gets git@gitlab…name.git)
2.2. In your terminal:
git clone git@github…name.git
cd name
git remote add gitlab git@gitlab…name.git
git push gitlab
Done
You can leave a message on your existing projects on GitHub where they can find them at new addresses
Feeling free again ✌(◕‿-) ✌
There’s “open source” and there’s “Microsoft’s open source” – try downloading the “open source” version of Visual Studio and have a look inside. They didn’t even try to hide the binary blobs and have helpfully called them “binary blob”. Are we to assume that as long as some of the code is “open source” then you can actually call it “open source” – only Microsoft logic could come up with that. I suspect that most of the code that Microsoft will put on Github will fall under the category of partially open source – time will tell. If they start putting trackers in the code or worse get the compiler to add their own code into your projects then they are going to get quite a lot of push back. Disassembler on stand by.
Trackers galore. Can confirm.
Here’s a test I did…
Hook Win10 box up to a wrt router. Block microsoft IP ranges, and set it to alert you when they’re attempted… turn “off” windows telemetry. Watch your alert inbox blowup.
Mozilla is on GitHub
open source isn’t a real thing! ( after all )
soon enough distribution of large ” documents ” or large instances of digital documents/software/items ( even linux distributions ), will no longer be possible unless holding a account with a ” business license ” to access telecoms infrastructure and for the purpose of reaching consumers or even using the net for XLarge ( in size ) data/network traffic allowance each month, ” upstream flow only “.
Downstream network traffic will still be unlimited and requiring a standard end-user license ( for personal and non-commercial use ) however internet/network connections with unlimited data for upstream traffic, will require a business license ( similar to TV license fees for businesses and companies/trades ) and also a subscription with ” cuts ” of data traffic allowance.<- revision required ]