I can only speculate, but:
-I had heard that the IBM PC effort wasn't exactly fully supported by the wider IBM, so they had to make do and potentially might have had to be willfully overly optimistic to rationalize their plan to have so much of the system defined by freely implementable standards
-They might have hubris that BIOS was 'hard', at least the business leadership I could easily imagine thinking that, and no one is going to second guess them.
-They might have assumed copyright would have protected the interfaces, rather than technical difficulty.

But it wasn't that they were careful not to do damage, they were careful, but the damage was yet to be seen.

I think it's hard to say, as no one can point to a party that would have likely otherwise caught it, except some guy that noticed that ssh session establishment was 'a bit off'. In fact, if his random usage of xz had been a couple weeks later, he probably wouldn't have investigated because the attackers had released a "fix" for the performance impact. This was from all appearances pure luck that this guy happened to have the noticeable xz impact and cared enough to dig in, and did so immediately rather than maybe waiting a couple of weeks and it would have been "fixed". A two week window between the relatively obvious and the fixed version that from what we can tell, *almost* passed without anyone getting suspicious, except for that one guy.

Many eyes worked this time, but *barely*.

As I recall, they had enabled everything to be done freely except the BIOS. They thought the BIOS would be a lock on the core platform, but enjoy a rich ecosystem of peripherals and suppliers. When companies cloned the BIOS, they did try to sue. Think it became quickly obvious that clean room cloning of the BIOS was too easy and nothing illegal about that.

It depends on how many people are inclined to agree with them and their relative importance to the mission of the company, which they won't know until they try.

By being fired and it becoming headline news, if a critical mass agree with them it might hurt Google's financials and teach the lesson that there's a business cost associated with that behavior. If that lesson is taught, and enough other suppliers learn the same lesson, it may make things harder for Netanyahu and perhaps a more moderate opponent prevails.

If being fired undermines the quality of the product, and you repeat this through enough suppliers, again, similar outcome, things are harder for IDF and Netanyahu opposition may be able to leverage that to a political victory.

In isolation, sure, the impact of a singular act like this is unlikely to have practical import. However if a critical mass of like minded folks act consistently, then it can effect change.

Don't know if that would have helped.

We see that the central complaint is that Microsoft was upselling "logging capabilities". Question is what, specifically, is he talking about? I wager it's not just logging, I'm sure even Microsoft provides at least those. I suspect it's about some sort of log analysis, since 'analytics' is a favorite upsell opportunity in the industry (Cisco paid $28 billion for Splunk for example).

Whether it's Linux or Microsoft technology, I'm wagering they'd still be complaining about not having adequate log analysis tools.

I suspect they got screwed by SolarWinds, they wanted more budget to mitigate this and got shot down as the headline was SolarWinds screwed up, not that Microsoft wouldn't include log analysis, and are pivoting to trying to embarass Microsoft into making those offerings included in the base tier.

Well, he's right here. This was an individual who happened to stumble into this who happened to be employed by Microsoft.

There's plenty to point to to suggest that Microsoft isn't worse than some competitors that people might suggest or even better in some regards, but the XZ situation has nothing to do with Microsoft technical or business leadership other than happenstance of employing the one guy.

Since the thread is about the XZ issue, this is an odd statement to make. They weren't careful, they got caught before it hit widespread deployment. It had barely been in a tagged xz release and only barely made it into the bleeding edge rolling test releases of select distributions. We have no information on what they would have done if it had lived long enough to be in widely deployed Ubuntu LTS, RHEL, SuSE, embedded implementations.

Funnily enough, they might have been foiled anyway, because at the same time, systemd was looking to stop linking to various external libraries including XZ, to reduce bloat. So even a systemd-patched OpenSSH still wouldn't have linked to XZ or load XZ ever if that change got folded in before XZ had a chance to inflict the attack.

Except that's not why it doesn't exist, and has even been proposed as a wayland protocol. Wayland doesn't claim "not a Wayland thing", but instead argues that, somehow, this is now simply impossible. Because it only handles rectangular 2D monitors aligned well with x and y axes. They bemoan that by it's nature, it can't be "optional" because if it is possible, then applications will bank on it, and thus "break" when an environment opts out of it. Because it's not perfect, they don't want it at all. All the while neglecting to make an acceptable counter proposal, just closing proposals as either being "inadequate" by failing to address the "what if it's an alien interface" concern, or "over complicated" if it strives to actually cover those hypothetical interfaces.

I'll confess they have something of a point, I was a developer on a project where this was desired, and it was a PITA under X desktop environments. When we requested coordinates, would they be honored, or shifted? Did the WM count including or excluding it's own decoration? What about panels with forced non-overlapping rules that would adjust our geometry? How much of the shift was due to decoration versus panels and what can we expect lower down the screen? What about if there's some scaling being applied and what does that do to our geometry? I'd love for a better solution to exist and would be happy for their "better idea" to be offered, but as it stands it's a matter of letting the perfect be the enemy of the good. Rejecting the imperfect but familiar solution in favor of the perfect solution no one can seem to come up with.

Again, that's not why it's not in Wayland, but let's entertain your line of thinking. It's not that there's a "speedlimit" authority, so it's more like:
-Some group says the speed limit should be 65 mph and puts up a sign
-Another group thinks the speed limit should be 160kph, and puts up their sign too
-Another group thinks there should be no upper speed limit, but a lower speed limit of 80 mph
-Another group thinks that it should be 200 kph, but measured relative to the relative movement of the air instead of ground speed.
So now you have to drive down this road, faced with a dizzying array of rules that are hard to follow and impossible to concurrently comply with, while driving alongside other folks trying to also decide which policies to follow.

Well, they got stuck with a few things that were awkward.
-Can't really "lock" the screen if a context menu is open. Due to limitations in how keyboard/pointer grab work and that being the only mechanism for screen locking to work
-Scaling is a bit limited, technically you don't have fractional scaling or per-monitor scaling in Xorg.
-X11 implementations struggle with strategies to avoid tearing.
-X11 model allows easy surreptitious screen scraping and keylogging.
-The X11 model for compositing basically made window managers responsible for rendering *anyway*, so the X11 server imposes some formality and still makes the compositor do the real work.

Now they likely could have fixed some of this (and patches exist for some of it), however given that as of the COMPOSITE extension, they basically made the window managers have to do more of the work anyway, it is understandable why they would pitch a scheme where the "mostly does nothing" X server is no longer a key part of the stack. Not merely new for the sake of being new, but being new in the face of an 'almost good enough' existing graphics stack has really caused it to fail to get the development that it sorely needed to be good on a reasonable time scale.

But the superfluity of occurrence is not an excuse to let them continue to grow. The noise increases as a function of grown of population, and technologies serving them.

Inter-disciplinary education helps. Examples:

Better 511/utility search services, disciplined procedure, careful installation site survey techniques might have helped.

Communications network infrastructure additions, including redundancy, faster outage detection through hearbeat fault sensing, rapid deployment for fiber fixes, all these could increase uptime and reliability.

Backup resources beyond in-circuit redundancy to alternate services can offset the down circuit(s). These mean a different IP transport, perhaps Starlink, backup copper, re-routed diffuse mesh architectures, etc.

We have more online media to cite such outages, and so these problems appear to occur with more visible frequency, but in reality, things have always been fucked up, and now that complexity is increasing, we need to try much harder, instead of just harder to think through the dependencies in emergency communication.

It's certainly categorically new and will have some applications, but there have been some rather persistent "oddities" that seem to limit the potential. Meanwhile some impossibly large amounts of money are being thrown as if the age of the artificial super intelligence is now a few months away.

Fully expect one of a few ways the scenario ends poorly for the big spenders:
-Turns out that our current approaches with any vaguely possible amount of resources will not provide qualitative experience significantly better than Copilot/ChatGPT today. It suddenly became an amazing demo from humble hilarious beginnings, but has kind of plateaued despite the massive spend, so this scenario wouldn't surprise me.
-A breakthrough will happen that gets to "magic" but with a totally different sort of compute resource than folks have been pouring money into, making all the spending to date pointless.
-The "ASI" breakthrough happens and completely upends the way the economy works and renders all the big spending moot.

As an employee, or as a believer in their cause? If they are a believer in their cause, given the circumstances, this seems exactly what they SHOULD do as a human being. Their employer is, in their view, being immoral in a way they cannot abide. This sort of protest is exactly a reasonable course.

Losing their jobs should be considered a likely outcome, but given what Google is doing then they should be willing to pay that price for the sake of their cause. They might have preferred an outcome where Google mends its ways, but at least everyone knows about the situation in the media and the protester is no longer a party to something their conscious doesn't like.

In theory, the FBI is limited to domestic operation. The DIA, CIA, NSA, DEA, etc., are charged with non-US operations.

There is no legal mechanism to tell $small_utility that they have to fix their likely expensive if ancient (must get depreciation and a long service life) equipment.

We don't have a second, fortified Internet that's immune from international traffic; it's the world wide web, not the SECURE web.

Worse, you can bet that the aforementioned agencies are far, far up the tailpipes of most Chinese infrastructure, despite much of it being newer than that in North America and the EU.

This is a game of chess, and having dormant malware waiting for action is just one more chess piece in a bigger game, and exercise for a different vector of warfare, just like the space arms race.

As you cite, finger pointing does nothing but prevent funding of active methods of helping both rich and poor utility IT infrastructure from identifying actual problems, and presenting and monitoring real remedies. Don't shoot the messengers, instead, get the politicians to agree on methods to goad the private utility sector into action; this removes at least one small piece from the chess board.

I mean, if they were *vaguely* protesting Israel's actions with respect to the Palestinians, maybe you have a point, though it's a good way to have your protests be utterly ignored and just be a "make yourself feel better" behavior rather than trying to encourage change.

But in this case, they were specifically protesting Google's direct involvement. So being deliberately disruptive at work would be pretty on point for such a protest. Now is Google within their reasonable rights to dismiss them? Sure, and if the cause means anything to the protesters, then the dismissal is a price that is worth it. It was disruptive in the short term, and google's chosen reaction brings the protest national coverage and makes clear what Google was doing and how they plan to continue doing things.

I'd say this is about as quality as a protest gets. They have the exposure (which a "tuck away and privately whine about Israel" would never do), they didn't vilify themselves by being wantonly disrespectful or violent jerks, and they didn't engage in self-harm that may trigger a mental health discussion to take things off point.

This makes for a pretty effective protest, among a sea of protests that are pretty bad.

They didn't actually harm anyone or anything, they put something on the line (their jobs), they raised awareness of the situation *and* Google's role in it.

Contrast with stupid stuff like random looting or tossing food at unrelated art.