I think Microsoft stopped being the "darling" in 1994 when they got sued by Stacker and had to pay $120 million for stealing their source code and using it in their own product.
there's laws on the books in China that says that every company operating in China must aid and abet the Chinese government in espionage against the rest of the world. given those facts, I find it deeply troubling to be using anything coming out of China, especially a program that runs in the context of a Linux terminal on a machine that might have something important on it. I'd argue it's a back door waiting to happen, if not sooner than obviously later.
As a European I have to admit I am these days more worried about the US than China. See yesterday's article about the US government forcing Microsoft to give them lists of Dutch government officials. Utter madness. At least the Chinese mainly care about the money and power levers, the US about strange worlds of revenge and manipulation, trying to change or influence your government. E.g. which of the two countries has put crippling personal sanctions on staff of the international criminal court?
Honestly I'd love to love the US again, but basically after Obama things have just gone down and down and no soul will trust the US again in the next generation or two.
The situation you reference is related to a specific investigation by US congress requesting documents about potentially illegal censorship actions by EU officials from a specific company (microsoft). The difference is that the laws in china are broadly defined to include giving all intellectual property of anyone back to the government with no oversight, for the purposes of espionage.
The former relates to a specific investigation about potential criminal activity, the latter relates to broad illegal activity committed by the government itself unrelated to any specific case.
The US has no laws on the books forcing companies to wantonly give intellectual property and other espionage level material back to the government. If they did, no one would use cloud providers.
To avoid this, you can run your own hosted machine in a colocation facility, because in the US, people do have reduced rights when their data is controlled by a third party versus being controlled by themselves. Its the same as if the data was in your house, they would need a search warrant to obtain it, but when its at a Azure or AWS datacenter not controlled by you, your privacy rights are reduced by doing this.
I think many are trying to move away from US providers actually. FISA section 702 and the current administrations liberties taken towards international law are not helping. The trust problem is real.
Not sure I’d trust China with anything onshore. But offshore, it does seem they play by the rules, because it pragmatically serves the stability of the people. China has not started wars in the past 50 years or so. By that logic one may assume they’d not abuse the arguably broad powers over Chinese firms abroad to risk one now.
In a world where rules are increasingly less important how states use power matters more to me than how they claim to be monitored.
Besides the language barrier it’s actually also just simpler to do business with the Chinese. There are issues like censorship but they are known & can be routed around. It’s best to just ignore the US and move your business elsewhere.
so govt forcing a private coroporation being a big deal that a its on the worldwide news is more scary to you than an implicit mandate that china forces on its companies?
The four biggest (obvious) backdoor countries in the world in no particular order the United States, Israel, Russia, China. Honorable mentions, North Korea, Ukraine…
I forbidden from working on the company code with DS, but if I have a private something that looks pretty much like one of the thousands repositories put there, it doesn't matter that much.
I just can't get past the deepseek-CCP connection... as good as it might be I'd wonder when your machine gets backdoored by the CCP or at least your data gets stolen
you dont have to go look at the Google Graveyard [0] to understand that you might try a google product one day or month to have it either disappear or become a different product incompatible with the first the next month. They have been known for this for at least decades now.
Gemini CLI was fun for five minutes of testing until it tried to rewrite my whole code base.
yeah when I read these RCE reports about public-facing software that I know about I usually upgrade them within minutes of reading the report that's why I read these reports and you really have to take them seriously because otherwise your machine gets compromised, sooner rather than later... it seems like lately there's been no advance notice on a lot of these RCE exploits that are publicly released, I mean come on guys at least give us a few minutes to upgrade our software before releasing the exploit, it feels like the late 1980s early 1990s when there was no guardrails on disclosure, i.e. all the remotely exploitable sendmail bugs. people who fail to read these reports or read them too late wind up having millions of machines being compromised because of it. currently nginx has about a 39% - 43% share of the public facing web server market today, so its pretty serious.
it could also be common sense.. you live in a noisy city and you are wondering what the noise is.... maybe it could be the city itself? how about sleep in a different smaller town and then ask yourself the same question, you'll probably get a different answer.
I'm not sure if things are really that simple, at least from my personal experience. I think the quality of noise and noise floor can make a difference
Facebook the web site reminds me of a really bad implementation of MySpace. MySpace was better, even in 2003. There are hundreds of usability bugs that exist on various parts of the platform that for over a decade remain unfixed. For a company that has 78,000 employees, you would think one of them might want to dig in and fix the web interface bugs. What's weird is in the age of Claude Code, it would probably take one software engineer a week to fix all of them, so its really pure incompetence. I think they spend more time on automation around restricting the usage of the platform that they forgot about the user interface bugs that plague it.
Also, avoid using Meta Pay aka Facebook Payments, where a user can send a payment to another user via the Messenger app. Someone sent me money a few weeks ago, and a two weeks alter they still have the payment marked as "Completed" on the sending side, and "Cancelled" on the receiving side. I told the sender to just do a chargeback with their bank because Facebook basically stole the money. Don't use Meta Pay for sending payments to anyone. Then when you try to open a "case" about it, you call a call center in Indonesia and the people have no access to see anything about the transaction, they just send it up the chain, only to have an automated response telling you to do something that the web site doesn't even offer as an option. I don't think there is any humans in the loop, besides the Indonesian call center that has no access to any of what you're calling about.
reply