When so many spooks come out against it, that's how you know you're doing the right thing. Let's unpack their statements a bit.

You're not realistically going to magically prevent any of those things with more spying. At best, you might catch the occasional low-hanging fruit, and even then, only if you do incredibly invasive levels of widespread spying on everyone. The right way to prevent those things is by infiltrating the relevant community. People who say otherwise are kidding themselves.

First, their claim isn't even true at a superficial level. Since at least 1961, we have been compelled by law to recognize diplomatic couriers and the contents of their bags as beyond the reach of law enforcement.

Second, our societies have always tolerated spaces that are at least by default beyond the reach of law enforcement, which allow law enforcement to peer into those spaces only after establishing probable cause.

Recent behavior by law enforcement agencies has thrown out the entire notion of probable cause, creating mass spying programs that sniff all the traffic going into and out of various organizations en masse. That, combined with parallel construction and courts being lax at enforcing the fruit of the poisonous tree doctrine, has resulted in substantial violations of the public's right to privacy.

End-to-end encryption is necessary entirely because law enforcement has repeatedly shown an unwillingness to respect the bounds of privacy that a free society requires. And the fact that law enforcement's irrational "slurp everything up and sort through it later" approach has resulted in everyone encrypting everything is not the fault of the "everyone encrypting everything". It is the fault of law enforcement being utterly egregious and unscrupulous in their behavior.

There are consequences for actions, and when governments show that they are untrustworthy on an ongoing basis, people stop trusting them. Welcome to the real world, kids.

They're "getting into" power generation? That makes it sound like this is something brand new. I remember when Apple put in its first natural gas cogeneration plant to take its build infrastructure off the grid, back around 2002 or 2003, I think. Google has massive generators around a bunch of its buildings, presumably for the same reason. Big tech has been in the energy business quite literally for decades at this point.

I wish, and I would welcome it if they did.

However, as one of the foremost SELinux advocates in its early days, I doubt that the government of all places has the capability to do so. Few sysadmins can configure SELinux halfway decently (i.e. beyond the default policies) and the government (outside the military and secret services) isn't a good tech employer.

Also, MS is far more than the OS. With Office and a bunch of other tools, plus lots of custom software made only for Windows, the entrechnment is really, really deep.

That's *with* time-of-use metering. I'm pretty sure the price for EV metering has roughly tripled in the last five years. And only about 11 to 16 cents of that is the actual generation cost. The rest of it is profit for PG&E. The only way to get reasonably priced power in California is to build your own power plant, which will bring your price down to about 17 cents per kWh, and even that isn't much below the price of gasoline.

For a state that's desperate to push electrification, the state's utility regulators sure don't seem to be on board. That's probably why EV sales dropped last quarter for the first time in years.

We really need to break up the PG&E monopoly or let the state buy it and run it. It has never been more clear that regional-scale for-profit utility monopolies just don't work and can never work no matter how regulated they might be.

I can only speculate, but:
-I had heard that the IBM PC effort wasn't exactly fully supported by the wider IBM, so they had to make do and potentially might have had to be willfully overly optimistic to rationalize their plan to have so much of the system defined by freely implementable standards
-They might have hubris that BIOS was 'hard', at least the business leadership I could easily imagine thinking that, and no one is going to second guess them.
-They might have assumed copyright would have protected the interfaces, rather than technical difficulty.

Good flick if you want to get a feel for how Pharma sales work.

I'm surprised it hasn't be Pfbanned yet based on who it highlights.

But it wasn't that they were careful not to do damage, they were careful, but the damage was yet to be seen.

I think it's hard to say, as no one can point to a party that would have likely otherwise caught it, except some guy that noticed that ssh session establishment was 'a bit off'. In fact, if his random usage of xz had been a couple weeks later, he probably wouldn't have investigated because the attackers had released a "fix" for the performance impact. This was from all appearances pure luck that this guy happened to have the noticeable xz impact and cared enough to dig in, and did so immediately rather than maybe waiting a couple of weeks and it would have been "fixed". A two week window between the relatively obvious and the fixed version that from what we can tell, *almost* passed without anyone getting suspicious, except for that one guy.

Many eyes worked this time, but *barely*.

Musical.ly was tiny when they acquired it. They got the vast majority of their userbase organically.

A bunch of stuff about it was really amateurish. The valgrind errors, using the same account for multiple parts of the attack, using sockpuppets who had no presence outside shilling for "JiaTan". I'd expect better from any competent government agency.

As I recall, they had enabled everything to be done freely except the BIOS. They thought the BIOS would be a lock on the core platform, but enjoy a rich ecosystem of peripherals and suppliers. When companies cloned the BIOS, they did try to sue. Think it became quickly obvious that clean room cloning of the BIOS was too easy and nothing illegal about that.

It depends on how many people are inclined to agree with them and their relative importance to the mission of the company, which they won't know until they try.

By being fired and it becoming headline news, if a critical mass agree with them it might hurt Google's financials and teach the lesson that there's a business cost associated with that behavior. If that lesson is taught, and enough other suppliers learn the same lesson, it may make things harder for Netanyahu and perhaps a more moderate opponent prevails.

If being fired undermines the quality of the product, and you repeat this through enough suppliers, again, similar outcome, things are harder for IDF and Netanyahu opposition may be able to leverage that to a political victory.

In isolation, sure, the impact of a singular act like this is unlikely to have practical import. However if a critical mass of like minded folks act consistently, then it can effect change.

Don't know if that would have helped.

We see that the central complaint is that Microsoft was upselling "logging capabilities". Question is what, specifically, is he talking about? I wager it's not just logging, I'm sure even Microsoft provides at least those. I suspect it's about some sort of log analysis, since 'analytics' is a favorite upsell opportunity in the industry (Cisco paid $28 billion for Splunk for example).

Whether it's Linux or Microsoft technology, I'm wagering they'd still be complaining about not having adequate log analysis tools.

I suspect they got screwed by SolarWinds, they wanted more budget to mitigate this and got shot down as the headline was SolarWinds screwed up, not that Microsoft wouldn't include log analysis, and are pivoting to trying to embarass Microsoft into making those offerings included in the base tier.

Well, he's right here. This was an individual who happened to stumble into this who happened to be employed by Microsoft.

There's plenty to point to to suggest that Microsoft isn't worse than some competitors that people might suggest or even better in some regards, but the XZ situation has nothing to do with Microsoft technical or business leadership other than happenstance of employing the one guy.