Nothing has changed since then, except that folks are getting a wee bit more concerned about their privacy now that President Donald Trump is in charge of the US. You may have noticed that he and his regime love getting their hands on other people’s data.
Privacy isn’t the only issue. Can you trust Microsoft to deliver on its service promises under American political pressure? Ask the EU-based International Criminal Court (ICC) which after it issued arrest warrants for Israeli Prime Minister Benjamin Netanyahu for war crimes, Trump imposed sanctions on the ICC. Soon afterward, ICC’s chief prosecutor, Karim Khan, was reportedly locked out of his Microsoft email accounts. Coincidence? Some think not. Microsoft denies they had anything to do with this.
Reminder that a lot of linux is American based. How long before linux itself gets targetted by the American regime?
Also a lot of the little program bees that make up your favorite linux distros are hosted on github, Microsoft owned.
Your options for a normal person’s desktop are a fork of Mint (Ireland), OpenSuSE (Germany), or Ubuntu (UK?).
Not a good idea, but github is based on git, and git is completely decentral, a developer can move or backup his or her code in minutes.
For example to a FLOSS site hosted in Germany, Codeberg.
I closed my own github account the week after I learned about Microsoft’s purchase.
I think in the future, it is advisable to use larger distributions where a lot of eyes look at, like Debian. And avoid software that can not be inspected.
Well, nobody knows what will happen, but let’s just assume that the US goverment, POTUS and such, catches a bad case of Alzheimer’s, fuelled by reading Mussolinis memoirs and goes full retard. What could happen?
Larger open source projects with many people contributing are in most cases geographically distributed. If the US government tried to “own” their github repo, well, they already have the full source code and git repo of the project on each contributor’s linux machine.
Linux as a project can’t be taken hostage, that would be like trying to imprison the ocean. But imdividual open source developers can, and sadly I think this is what is going to happen. Developers are people, too, and quite a few are Americans. While there are certainly a few nutjobs, I think the general goals of the open source movement are just totally incompatible with the authoritarian drift of current US politics - the GNU Manifest is pretty much a child of the American Civil Rights movement. It may well happen that in the next decade, many sweet American People will need our help and protection as much as people from other parts of the world have needed since the World War.
The other thing is that in the less nice world we are facing for the next time, we probably wont be able to take trust and good intentions as granted, neither in technology nor in code. This will affect every piece of digital technology.
Linux has tools to deal with that, for example kernel code is signed, with signatures based on a web of trust, a decentral PKI. And more projects should do it. If your data is truly sensitive, you should have a look at GNU Guix and similar projects.
If it comes to full-scale fascism in the leading technological nation, this will certainly be a big challenge for our technological civilization. But we will overcome that. It will not work because fascism is regressive and it tries to turn the clocks back in a world if progress.
This reminds me of the time when Debian broke their OpenSSL and for two years, ssh keys generated on Debian were basically taken from a pool of only 32k different keys…
That time it was an honest mistake, but it would actually have been a very efficient attack too if it had been intentional. Imagine succeeding at getting your target to use private keys for ssh or ssl etc. from a tiny pool that makes something usually impossible to brute force suddenly trivial. And nobody noticed it for two years.
Well, in the case of closed-source software, you can be dead-sure it is already subverted. As are probably most networks.
In general, I think Linux’ many-eyes principle works quite well, just think in the case of the xz-utils backdoor which was caught before it reached large distributions.
I think the much larger risk hidden in plain sight is the amount of private and confidential data which is extracted and gathered from Windows and smart phone OSes. Doing that against the wish of the users makes it not better than malware.