Techrights

It's Not as Bad as Microsoft Wants You to Believe

Posted by Roy Schestowitz on Mar 31, 2024

So it seems like a lot of the xz commotion (from Microsoft staff [1, 2]) serves to distract from Microsoft Exchange, and most users - well over 90% of them - don't use that version of xz anyway:

The alarmist media coverage omits such important points. It also blames "Linux" instead of a project in Microsoft's GitHub (proprietary). Yes, systemd too.

And "since Poettering is the ultimate cause of the current PR and security disaster," an associate notes, "and he is employed at Microsoft officially on top of all the years he was working unofficial for them against Linux..."

So it's Microsoft at several levels.

Don't be too alarmed.

For instance, SLE*, RHEL, CentOS/Rocky/Oracle's Unbreakable, and Debian users are not impacted at all.

How many people even use a beta of Fedora or Tumbleweed or Arch's latest?

Control the narrative, control the world's communications/language:

Debian Security Advisory DSA-5649-1: Right now no Debian stable versions are known to be affected.

SN on xz

LWN on xz

Microsoft HEARTbleeds Linux

Microsoft HEARTbleeds Linux.

If nobody has yet identified an intentional attempt at sabotage and a name of a person who deliberately did this, is this a "backdoor"? Or misreporting?

Microsoft, which has actual back doors (deliberate!), likes to misuse that term in relation to "Linux". We covered some examples several months ago, e.g. [1, 2]. █