FSF Urges Moving Off Microsoft's GitHub to Protest Windows 11's Requiring TPM 2.0 (fsf.org)
- Reference: 0175829649
- News link: https://news.slashdot.org/story/25/01/05/0327209/fsf-urges-moving-off-microsofts-github-to-protest-windows-11s-requiring-tpm-20
- Source link: https://www.fsf.org/blogs/community/keep-putting-pressure-on-microsoft
Or, [2]as BleepingComputer put it , Microsoft "made it abundantly clear... that Windows 10 users won't be able to upgrade to Windows 11 unless their systems come with TPM 2.0 support." (This despite the fact that Statcounter Global data "shows that more than 61% of all Windows systems worldwide [3]still run Windows 10 .") They add that Microsoft "announced on October 31 that Windows 10 home users [4]will be able to delay the switch to Windows 11 for one more year if they're willing to pay $30 for Extended Security Updates."
But last week the Free Software Foundation's campaigns manager delivered a message on the FSF's official blog: " [5]Keep putting pressure on Microsoft ."
> Grassroots organization against a corporation as large as Microsoft is never easy. They have the advertising budget to claim that they "love Linux" (sic), not to mention the money and political willpower to corral free software developers from around the world on their nonfree platform Microsoft GitHub. This year's [6]International Day Against DRM took aim at one specific injustice: their requiring a hardware TPM module for users being forced to "upgrade" to Windows 11. As Windows 10 will soon stop receiving security updates, this is a (Microsoft-manufactured) problem for users still on this operating system. Normally, offloading cryptography to a different hardware module could be seen as a good thing — but with nonfree software, it can only spell trouble for the user...
>
> What's crucial now is to keep putting pressure on Microsoft, whether that's through switching to GNU/Linux, avoiding new releases of their software, or actions as simple as moving your projects off of Microsoft GitHub. If you're concerned about e-waste or have friends who work to combat climate change, getting them together to tell them about free software is the perfect way to help our movement grow, and free a few more users from Microsoft's digital restrictions. If you're concerned about e-waste or have friends who work to combat climate change, getting them together to tell them about free software is the perfect way to help our movement grow, and free a few more users from Microsoft's digital restrictions.
[1] https://techcommunity.microsoft.com/blog/windows-itpro-blog/tpm-2-0-%E2%80%93-a-necessity-for-a-secure-and-future-proof-windows-11/4339066
[2] https://www.bleepingcomputer.com/news/microsoft/microsoft-says-having-a-tpm-is-non-negotiable-for-windows-11/
[3] https://gs.statcounter.com/os-version-market-share/windows/desktop/worldwide
[4] https://www.bleepingcomputer.com/news/microsoft/microsoft-wants-30-if-you-want-to-delay-windows-11-switch/
[5] https://www.fsf.org/blogs/community/keep-putting-pressure-on-microsoft
[6] https://dayagainstdrm.org/
I've moved off Github (Score:4, Interesting)
I don't use Github, because I don't want them to strip the copyright from my source code -- which I think is a bigger issue than requiring TPM for a piece of software.
That protest has accomplished absolutely fuck-all.
Point me to a better solution then... (Score:2)
Please, point to me a better solution for an enterprise system, especially one that works in the cloud, or on prem, with arguably one of the best ways to keep it maintained as an appliance... and it even works well on Proxmox.
GitLab is sort of there, but not really. BitBucket... Ten years ago, it was a decent solution. However, after Atlassian's redoing of licenses, IMHO, it just has fallen behind. Even Amazon knows this and has stopped offering CodeCommit to new accounts.
Gitea/GOGS are good for small pr
Re: (Score:2)
Why are people so allergic to running their own git server?
Re: (Score:3)
In a lot of companies, they have a cloud first initiative. If a new service or app comes along, it has to be done in the cloud, as opposed to on-prem. The ironic thing is that GitHub Enterprise is insanely easy to get working. Proxmox, VMWare, Hyper-V, or AWS, one can stand up one of their appliances.
I wish that were not the case, because almost every company needs a Git server, and ideally, it should be on-prem for sanity's sake.
Re: (Score:2)
Which is utterly stupid. There are plenty of situations where demanding stuff happen "in the cloud" is a detriment. I'll throw this one out there: EPIC, one of the most common electronic health records out there, has a function where medical records are somehow stored "in the cloud." Well, if there was proper access control, maybe it would be okay. However, I was working at a clinic in Wisconsin not long ago, and looked up a new patient. Now, by all accounts, maybe I should get access to the medical records
Re: (Score:1)
What if you did something Microsoft didn't like? What if your country got sanctioned and you were booted off the site? Does your whole enterprise crumble?
If you're really an "enterprise" that works with code, and you couldn't figure out how to run your own git server, what are you even doing?
Re: (Score:2)
> GHE (GitHub Enterprise) offers a ton of functionality, be it runners, issue tracking, even wiki pages, and on the backend, is easily backed up, either via snapshots [too boring, stopped reading]
Build agents are everywhere, both integrated with code hub solutions, and separately. A separate one isn't hard to integrate in with your code hub of choice. Setting up one or a hundred wiki's is about ten minutes work. Github is, if anything, slightly more convenient, but adding the word "enterprise" doesn't make it that. If you're an enterprise outfit and can't manage to own your own solution then you're not an enterprise outfit. Jesus, it's basically snapping together a duplo tower from blocks.
Your j
Re: (Score:2)
Basically you already have your answer. GitLab is great, Gitea is fine, and BitBucket is ass.
Better solution.. Don't use Windows? (Score:2)
If you're being forced to use windows due to some kind of vendor lock-in, you've already lost. Unless you're using specific engineering software your app is probably already cross platform and/or usable under WINE/Proton. If you're using engineering software you can probably afford whatever the microsoft tax costs you.
Given a USB stick with Debian 12 or Ubuntu on it most 16 year old high school kids can probably upgrade/crossgrade all the computers in a computer lab/church/non profit in an afternoon
Re: (Score:3)
What do you use as an alternative? How well does it work for you?
Re: (Score:2)
I use Debian 12 and Chrome except for Steam VR and Autodesk Fusion which run on an old shitty install of windows 10 on an SSD that's floated between countless desktop and laptops over the last ~12 years. I only need to boot in to windows maybe twice a month
Re: Better solution.. Don't use Windows? (Score:2)
Or even worse, being dependent on a legacy Windows software using features that Wine never bothered to implement for decades?
I'm speaking about DOS-style file locking and sharing, a feature introduced in DOS 3.0 around 1985 or so. I'm aware of people who STILL run the aforementioned software in Windows NT 4.0 virtual machines under Linux, so it's definitely not a bleeding edge feature either. But WINE can't or won't implement it. Users of that software aren't willing to lose it, even if it means staying on
TPM 2 (Score:3)
I doubt this form of protest will do very much, but I agree with the sentiment about putting pressure on Microsoft on the TPM 2 requirements.
This is going to create so much hardware waste much sooner. Hardware that is in perfect working order.
Only two of my Intel PCs meet the requirements for Windows 11. Some of my other hardware has 16GB of RAM , i7 & SSD, but Microsoft doesn't want them to run Windows 11.
Gone are the days when hardware has a 2-3 year lifespan. My daily choice is a 13" Dell XPS 13 - which is nearly 8 years old. Beautiful screen (3200x1800), 16GB RAM, SSD, i7 processor. I run Visual Studio & SQL Server on it daily. I use ThrottleStop to slow it down and keep it a little cooler on my lap - but it was a fantastic purchase.
This TPM 2 requirement is just going to mean I will migrate more of my home environment to Linux.
I also use Defender Control to periodically disable Microsoft's antivirus - a problem of their own creation. All disk IO being run through that slows down disk access and increases CPU usage. And what about CompatTelRunner.exe using 100% of one of your CPU cores for extended periods to send telemetry to Microsoft? Maybe Microsoft should focus on fixing more important issues.
Re: (Score:2)
The hardware waste will only be business users and any PC that is reasonably decent will find itself brought up by people/organisations who don't care about Win 11. Most home users, unless they actually want a new PC, will simply keep using Win 10 even if it is not supported, they don't care about updates, as long as they can accessing Facebook. The number of home Windows users who actually care security is probably equally as small as the number of us Linux users.
Maybe this will mean I can get a cheap
Why do people use GitHub anyway? (Score:2)
For open-source stuff, sure, use GitHub or GitLab. Personally, I prefer GitLab just because it's not Microsoft.
For anything commercial, why are you storing your repositories on someone else's computer ? If it's proprietary, it should be running on your own, closed Git server. If you want to put that in the cloud, fine. The point is: if it's your own server, you can lock down access. If it's GitHub, you cannot - Microsoft can and will peek. Assume the same for all other public Git platforms.
Re: (Score:2)
The nice thing about GitLab and GitHub is that they can be used on prem. No worries about cloud stuff.
This is something I agree with, but I am surprised how many companies don't really care that the cloud is someone else's server that they don't have any physical control over. They use it because it is easy, and they can assume the cloud provider is 100% secure on their side with the shared responsibility models.
I do have a public GitHub repository, but that is for stuff I'm distributing. Anything privat
Why GitHub? (Score:1)
Wouldn't it be a better campaign to urge Windows users to keep using their existing hardware with linux instead...?
Re: (Score:2)
Not speaking in any way for the FSF here and I haven't checked what they say, but GitHub is very strategic to Microsoft's plans for the future. Microsoft spends a huge amount on their own developers and also on supporting outside developers. They very much want to replace most of those with non software people using AI to convert their ideas to software wherever reasonable. In order to do that they need access to the workings of competent programmers. GitHub, which has a huge repository of code, linked with
Re: (Score:2)
Yes, that would make far more sense, but will be equally ineffective at getting M$ attention. It would simply be good advise that most people will ignore because, what was this years stock excuse, games? No actually I think this years excuse is a special program that is only available for Windows. I'm sure next year's excuse will something to do with AI.
merry clickbait to y'all (Score:2)
how does the most humble "drop in a bucket that counts" suggestion, the last in a string of examples of possible actions to pressure microsoft ...
> keep putting pressure on Microsoft, whether that's through switching to GNU/Linux, avoiding new releases of their software, or actions as simple as moving your projects off of Microsoft GitHub.
... become the main rallying cry in an imaginary crusade? well, kudos to editor david for outdoing himself in the black magic of obnoxious and cringey clickbaiting.
that said, while microsoft's decision was clearly backhanded and does have implications on the ability to run free software on those machines, i don't really see how that's an interesting fight for the
github sucks (Score:2)
And that's a much better reason to move off of it than the link to a TPM being required to install Windows 11.
What I thinks sucks the most about it is the bug / issue tracker. Way back in the late 1990s, bugzilla was already far more advanced than anything github has today. Frankly, I have never seen a bug tracking system as bad at github's, and I have seen many over the decades.
The worst thing about the github issue tracker are the rampant bots. They allow issues that are valid, with plenty of detail to re
Was the FSF New Years Resolution to be stupid? (Score:2)
What is the alternative to requiring the use of the widely implemented and open standard known as TPM? A Microsoft developed, Microsoft controlled, Microsoft owned security module in every PC? HELL THE **** NO!
It's 2025 now. We've shown time and time again that hardware security is something that is starting to become necessary. If the FSF were consistent they'd also boycott everything to do with Apple Secure Enclave, ARM TrustZone (used by Android). And I think you'll find when the FSF goes against all for
TPM underpins modern auth (Score:2)
ANYONE arguing against hardening devices for such puerile reasons is either a raving idiot or really keen to weaken authentication.
The FSF should kindly STFU and go play with something shiny whilst licking varnish.
Nice top see the /. FUD maniacs are waggling their ignorance sticks again just because the clickbait included Microsoft.
Move off Github to Protest TPM?? (Score:1)
Lol. Good luck with that.
Re: (Score:2)
Isn't there a crack/hack/workaround/reacharound?
Re: (Score:1)
When you're a star company you can grab customers by the TPM.
Re: (Score:2)
As I believe Bill Gates once said, Microsoft would much rather you were on a pirated (their misleading term for unlicensed copying) copy of Windows than on a legal copy of Linux. Better to install something else.
Re: (Score:2)
I guess that shows how confident M$ is then. They clearly believe they can force the masses to do their bidding and still count on being paid more and more for it ... Reminds me of Inkjet printers.