Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

In the case of msft/crowdstrike isn't this exactly the opposite of what HN rallies against? The users installed crowdstrike on their own machines. Why should microsoft be the arbiter of what a user can do to their own system?


They automatically occupy that position because in practice no user of a microsoft system can audit the entire "supply chain" of that system, unlike one built from open-source components. Any "control" someone has over "their own" system is ultimately incomplete when there is a company that owns and controls the operating system itself and has the sole power to both fix and inspect it


>no user of a microsoft system can audit the entire "supply chain" of that system,

Yes you can, you can access the source code to audit it.

https://en.wikipedia.org/wiki/Shared_Source_Initiative


Microsoft determines who they give root access signing keys to


Because the EU required them to.


I’ve read that story, it inspired my question. Such a requirement wouldn’t be out of bounds with the regulation




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: