On June 9th when Microsoft had just purchased github.com, I wrote about how I thought this was something tragic for the world of open source. This morning I awoke to several new security notifications from my repositories there (requiring about an hour of my time to adjust my code):
“We found a potential security vulnerability in a repository for which you have been granted security alert access. Known low severity security vulnerability detected in
debug < 2.6.9 defined in
On the surface, one might think that Microsoft is trying to make the world a better place. You might think this if you’re an optimist or a friend of them, perhaps. Maybe Microsoft cares about security so much that—having just purchased github—they now want to ratchet up the quality of the collection of software as stored there by most people who don’t like them…?
But if you’re a pessimist or if you’re someone who doesn’t like Microsoft, could there be another reason behind this new diligence they’re trying to bring to code security? It’s not like Microsoft has a great track record in writing bug-free or network-safe code themselves.
“It’s not like Microsoft has a great track record in writing bug-free or network-safe code themselves.”
Richard Nixon was known to do something termed ratfucking in the political world. Wiki even has a page on the subject. It means “political sabotage or dirty tricks”. It would eventually result in his impeachment. In some college circles, a mean-spirited prank is part of the playing field. To me, it feels like many of the players inside Microsoft are the same type of people, those who have no qualms destroying the competition, tripping them up and generally exercising a “whatever it takes” attitude toward their so-called success.
Microsoft’s internal methods:
Steal their air
In a lawsuit, the U.S. Department of Justice turned up an internal tactic used inside Microsoft which describes what they do when they feel that a competitor needs to be removed: “embrace, extend and extinguish”. In other words, 1) embrace open source by buying the main storehouse for its code, 2) create products such as Visual Studio Code which replaces similar free editors and 3) gradually remove the competition by getting rid of it now that you’re in a controlling position.
Appeal to fear
Another tactic they use in the market space is to promote fear with respect to anything the competition could provide. We’re seeing this now in the pseudo-warnings being auto-generated by github.
What this is
What we’re seeing is a direct and strategic beginning to Microsoft’s move to embrace, extend and extinguish github and yet it’s open source itself who is their ultimate target.
The future of gihub and open source
Expect more of the same: dirty politics related to the leading repository site of what Microsoft views as their competition.