Announcement

**kpedersen** · 29 March 2021, 01:18 PM

Originally posted by birdie View Post

Microsoft to my best knowledge has seen close to zero compromises for its 40 years history.

Originally posted by torsionbar28 View Post

Who told you that? Hint: SaaS is not a security cure-all. If history is any guide, there is a trend of a "security: not my problem" mindset within organizations who switch to SaaS... often to their detriment.

Haha certainly not. I probably wasn't clear, my apologies. If you have seen my other threads you will see that I am certainly not a fan of the "just use someone elses sever and dig your head in the sand" mindset.

Instead I was mainly suggesting that Microsoft itself was the biggest risk to security than any other criminal.

Originally posted by sandy8925 View Post

It's possible to sign commits too, so there's one good method of ensuring authenticity of code. I don't think Microsoft will do something evil like introducing malicious commits, but "accidentally" deleting the repo or slowing access to it and causing pandemonium is totally within their reach.

This is a good point. However I am sure Microsoft will revel in the fact that not many people will do this. Microsoft can't wait to inflict their incompetence on the world.

**birdie** · 29 March 2021, 01:31 PM

Originally posted by kpedersen View Post

Keep researching.

I've given you a decent number of open source projects which have been breached recently and your argument is "keep researching"? LMAO, your argumentation skills are truly stellar.

Originally posted by kpedersen View Post

Instead I was mainly suggesting that Microsoft itself was the biggest risk to security than any other criminal..

Almost all governments of the world, including CIA/NSA/FBI use nothing but Microsoft products for their corporate infrastructures and so far it's been an excellent ride. You're clearly a master of making things up.

I've added you to my deny-list (a policially correct term) because I'm tired of your BS.

**Volta** · 29 March 2021, 01:40 PM

Originally posted by birdie View Post

not Microsoft servers or infrastructure.

M$ servers running Linux.

**aht0** · 29 March 2021, 01:45 PM

Originally posted by misp View Post

Do you disagree with that statement or are annoyed by people complaining about github?

Rather, annoyed by neo-marxist flatearther snowflakes assigning moral values on business entities.

**Volta** · 29 March 2021, 01:45 PM

Originally posted by birdie View Post

Almost all governments of the world, including CIA/NSA/FBI use nothing but Microsoft products for their corporate infrastructures and so far it's been an excellent ride.

Good joke. They're using this crap only on desktops. In serious computing there's mainly Linux (and few unixes). Nobody sane runs micro$oft broken, insecure spyware, because this is how it ends:

https://www.forbes.com/sites/daveywi...xposed-online/

https://www.forbes.com/sites/daveywi...billion-sting/

PS. what's more important windows is in maintenance mode, just like slowlaris, so it doesn't have bright future.

**aht0** · 29 March 2021, 02:02 PM

He is right tho, US government agencies use overwhelmingly Windows in their workstations, some branches even XP with MS-provided updates.
Also remember reading about them getting Intel cpu's with specific designs (whatever the minix-based shit normally coming with Intel cpu's is disabled for them).

**60Hz** · 29 March 2021, 02:22 PM

Originally posted by birdie View Post

In all fairness Microsoft has been managing security updates recently quite well and I haven't heard that their infrastructure has been compromised lately or ever.

Meanwhile Open Source projects get compromised on a monthly basis if not more often.

Perhaps you need to see the world as it is, not as you believe it is.

This message brought to you by our local proprietary software shill.

Originally posted by birdie View Post

Someone is again deleting my comments even though I've long stopped with personal attacks. Sigh. OK, I'm out of this discussion.

Take your meds, schizo.

**linuxgeex** · 29 March 2021, 02:25 PM

Originally posted by kpedersen View Post

Lets have a dumb naive comment on how putting all your eggs in someone elses server (especially Microsoft's) is a good idea.

Edit: Oh, birdie beat me to it

Now Microsoft is the only malicious entity that can sabotage the PHP source.

That might be true if M$ had a decent track record when it comes to security lol. So now they've moved to a platform which is a much fatter, juicier target, and they still don't know what the original attack vector was. Hilarious. So if it's simply their private keys which are compromised and they don't fix their security culture, then they are doomed to repeat the same compromise.

**kpedersen** · 29 March 2021, 02:40 PM

Originally posted by birdie View Post

I've given you a decent number of open source projects which have been breached recently and your argument is "keep researching"? LMAO, your argumentation skills are truly stellar.

The question was what *Microsoft* servers have been breached.

So, keep researching.

Originally posted by linuxgeex View Post

That might be true if M$ had a decent track record when it comes to security lol. So now they've moved to a platform which is a much fatter, juicier target, and they still don't know what the original attack vector was. Hilarious. So if it's simply their private keys which are compromised and they don't fix their security culture, then they are doomed to repeat the same compromise.

Heh, yeah, torsionbar28 picked up on that too. Correctly so because my post was fairly lazy. I certainly don't believe that malicious entities will no longer be able to compromise the PHP source code (Haha, that impenetrable Microsoft forcefield!). I guess I was stating that Microsoft was simply the biggest malicious entity around

.

Edit: I tweaked my original post. I feel I had mistakenly given Microsoft some credit when they are basically a danger to our industry. I also believe they are out of their depth with GitHub and their incompetence will show sooner rather than later.

**timrichardson** · 29 March 2021, 05:26 PM

Originally posted by birdie View Post

In all fairness Microsoft has been managing security updates recently quite well and I haven't heard that their infrastructure has been compromised lately or ever.

Meanwhile Open Source projects get compromised on a monthly basis if not more often.

Perhaps you need to see the world as it is, not as you believe it is.

There is nothing Microsoft in GitHub's tech stack. It's open source, so there is a contradiction in your claim: GitHub can't be secure if open source is insecure.
GitHub tech stack: https://stackshare.io/github/github

Announcement

PHP's Git Server Compromised, Now Switching To GitHub

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment