Linux and Microsoft: a “deal with the devil”?

When Microsoft and the Linux Foundation announced that Azure certification will require passing a Linux exam, it caused a great disturbance in the Force. The FOSS Force, specifically. In a column, editor-in-chief Christine Hall called the partnership a “deal with the devil.” In a news roundup, Larry Cafiero said “[r]ather than throw the Microsoft that is treading water a life preserver, I still think throwing it an anchor would be more fitting.” Larry is a personal friend of mine, and he and Hall have both been covering open source since before I got my first computer. I can’t just dismiss their opinions out of hand.

Open source enthusiasts have every right to be leery of Microsoft. Former CEO Steve Ballmer famously said Linux is “a cancer” and the company was openly hostile to the Linux project specifically and open source generally for many years. And yet, Microsoft seems to be sincere in its efforts to participate in open source projects (even if it’s still a little bit two-left-footed).

Hall said Microsoft loves Linux “because [Microsoft] can sell it”. So what? Even Red Hat loves being able to sell Linux. Azure CTO Mark Russinovich told the audience at All Things Open this year “ if we don’t support Linux and open source in our cloud then we’ll be a Windows only cloud, and that would not be practical.” Yes, it’s absolutely in Microsoft’s self-interest to play nicely with the open source world. While the Year of the Linux on the Desktop is always just out of reach, Linux is firmly entrenched in the enterprise.

Microsoft may have (as of this writing), roughly 29 times the market capitalization of Red Hat, but it’s obvious that open source has “won”. And yet, elements of the community are stuck in the scrappy underdog mindset. If we want to pretend that we’re a meritocracy, we have to be willing to allow our former enemies to become…if not friends, then at least collaborators. If Microsoft is willing to play by the rules, then let’s let them.

Forget what Hall wrote earlier this month. Let’s go with what she said in October: “However, it might be time to tone down the anti-Microsoft rhetoric a bit and give them a little breathing room. If we give them enough rope, we can see if they hang themselves, or if they use it to strengthen their ties with the open source community.”

Cloud detente

Evident.io founder and CEO Tim Prendergast wondered on Twitter why other cloud service providers aren’t taking marketing advantage of the Xen vulnerability that lead Amazon and Rackspace to reboot a large number of cloud instances over a few-day period. Digital Ocean, Azure, and Google Compute Engine all use other hypervisors, so isn’t this an opportunity for them to brag about their security? Amazon is the clear market leader, so pointing out this vulnerability is a great differentiator.

Except that it isn’t. It’s a matter of chance that Xen is The hypervisor facing an apparently serious and soon-to-be-public exploit. Next week it could be Mircosoft’s Hyper-V. Imagine the PR nightmare if Microsoft bragged about how much more secure Azure is only to see a major exploit strike Hyper-V next week. It would be even worse if the exploit was active in the wild before patches could be applied.

“Choose us because of this Xen issue” is the cloud service provider equivalent of an airline running a “don’t fly those guys, they just had a plane crash” ad campaign. Just because your competition was unlucky this time, there’s no guarantee that you won’t be the lower next time.

I’m all for companies touting legitimate security features. Amazon’s handling of this incident seems pretty good, and I think they generally do a good job of giving users the ability to secure their environment. That doesn’t mean someone can’t come along and do it better. If there’s anything 2014 has taught us, it’s that we have a long road ahead of us when it comes to the security of computing.

It’s to the credit of Amazon’s competition that they’ve remained silent. It shows a great degree of professionalism. Digital Ocean’s Chief Technology Evangelist John Edgar had the best explanation for the silence: “because we’re not assholes mostly.”