[HN Gopher] "I saw that you spun up an Ubuntu image in Azure"
___________________________________________________________________
"I saw that you spun up an Ubuntu image in Azure"
Author : fireball_blaze
Score : 901 points
Date : 2021-02-12 14:51 UTC (8 hours ago)
(HTM) web link (twitter.com)
(TXT) w3m dump (twitter.com)
| galacticaactual wrote:
| Yeah it's creepy. Creepier is the unadulterated vitriol, lashing
| out, and chaos surrounding Twitter mobs like this one.
| coding123 wrote:
| This isn't about Azure or Ubuntu.
|
| The next 40 years will be filled with special coders adding hooks
| into everything looking for new monetization channels. Be
| prepared for this same WTF moment every 5 minutes.
| tailspin2019 wrote:
| Hi,
|
| I noticed you posted a comment on Hacker News.
|
| Be sure to reach out if there's anything I can help with?
| paule89 wrote:
| Before clicking the link I saw a Clippy animation coming up in my
| Head.
| senormenor wrote:
| The message was sent on LinkedIn, right? Seems relevant to a
| discussion about LinkedIn that was on the HN front page just a
| few hours ago: https://news.ycombinator.com/item?id=26106810
| [deleted]
| ec664 wrote:
| Your first mistake was to use Azure
| suyash wrote:
| Microsoft is selling your data, welcome to Azure!
| markus_zhang wrote:
| De-cloud bros, everyone de-cloud. Going to create more jobs too.
| BlueTie wrote:
| As someone who works in tech sales - the real bullshit here is
| that this is some right-out-of-college 22 y/o entry level sales
| person (SDR) who was likely told to to take this list and message
| everyone on linkedin 1x1.
|
| The negative impact of this goes on his shoulders where the
| positive responses from this get passed off to someone else who
| is outside the blast radius.
|
| Stuff like this is the norm when sales is viewed as an extension
| of marketing ("we need more leads") and not as a function that
| helps companies coordinate the evaluation and purchase of
| software ("we need to find out if this is the right fit for
| them") and the ones who pay the highest price are at the lowest
| levels when it's executives who are giving the orders.
| michaelcampbell wrote:
| This feels like some modern day "Glengarry Glen Ross" type
| stuff.
| rchaud wrote:
| Modern day? The pressure of sales jobs never went away. Ask
| your local bank teller. Their jobs exist in this day and age,
| not to help Grampy who prefers interacting one-on-one, but to
| sell her credit cards, expensive chequing accounts and loans
| she doesn't need.
| aeturnum wrote:
| This reminds of of a 2019 paper on "moral crumple zones"[1]
| which talks about how the human component of automated systems
| are increasingly there to act as the focus for moral failures.
| Did your giant automated system do something bad? Blame the one
| human who was assigned to somehow stop that from happening, no
| matter how impossible that might be.
|
| [1] https://estsjournal.org/index.php/ests/article/view/260
| aftbit wrote:
| Also see Normal Accidents[1] which discusses "human error" as
| a PR cover for systems that are simply too complicated for
| unaided humans to monitor and understand.
|
| 1:
| https://www.goodreads.com/book/show/192408.Normal_Accidents
| aeturnum wrote:
| Normal Accidents is a real classic of the genre of disaster
| studies and points out some very useful realities for
| tightly coupled systems. Engineers building highly complex
| systems would do well to read the book and take its lessons
| to heart.
| SilasX wrote:
| Interesting, that's a great concept. But I'm not sure of the
| applicability to this case. I'd expect most people to feel
| icky contacting a lead on this basis, and so that feels like
| it's well within the kind of thing a low level employee
| should throw a red flag at.
| aeturnum wrote:
| The aspect that reminded me of the paper (and the concept)
| was how the low level employee can really only screw up. If
| they do well, then it's a credit to their boss, but if they
| do something wrong it's on them and they'll be fired.
| tt433 wrote:
| The film "Brazil" was mentioned on another comment on another
| story a few days ago that touched on this theme, very good
| movie.
| scoutt wrote:
| It could be also that the sales person did this on his own
| initiative for a couple of extra points. It might not be
| standard practice, but we'll never know.
| hobofan wrote:
| If a random sales person can easily go ahead and access PII
| on their own initiative, that's 1000x worse.
| WrtCdEvrydy wrote:
| $10 says there's an Excel sheet that's passed around with
| all of your info in it.
| hobofan wrote:
| Of course there is, but there shouldn't be. _Especially_
| in a bigger company like Canonical.
| disgruntledphd2 wrote:
| Yeah, they should definitely be using Libre office ;)
| that_guy_iain wrote:
| Your PII will be in their CRM and they will have access to
| their CRM. Literally all they need to do this is your name
| and linkedin. If you think sales people won't have access
| to names of potential leads then I am not sure what you
| think sales people do on outbound sales.
| hobofan wrote:
| Even in an CRM there should be checks on who can access
| what PII and when. There is a difference between "you are
| assigned 100 leads for the duration of lead
| qualification" and "you can yourself pick out leads (and
| can get access to their PII) out of any of the thousands
| of possible leads".
| that_guy_iain wrote:
| I think your expectations of how a company handles Leads
| are unrealistic. A company just needs to keep your data
| safe. A sales person having access to Leads makes
| complete sense. A sales person being able to see if a
| lead has been chased makes sense. A sales person being
| able to find Leads to chase that they are best qualified
| to chase makes sense.
| SilasX wrote:
| Yes, and MS claimed that their agreement with Canonical
| required them not to share that info with sales.
| that_guy_iain wrote:
| No it said not use that for marketing. And they didn't,
| the sales person said he would be the point of contact.
| They didn't market or try to sell him something in his
| message. He just send a request to be his contact.
| fireball_blaze wrote:
| > The negative impact of this goes on his shoulders
|
| Well, in this case, people are mad at Azure/MS and Canonical
| for betraying developer trust, not the individual salesperson.
| He's just a pawn in the game. It's not like this guy went
| rogue; this is his job.
|
| The system is setup in a creepy way to enable this type of
| upselling, which makes people uncomfortable. Whether or not
| Azure or Canonical change policies, we shall see.
| BlueTie wrote:
| > Well, in this case, people are mad at Azure/MS and
| Canonical for betraying developer trust, not the individual
| salesperson. He's just a pawn in the game. It's not like this
| guy went rogue; this is his job.
|
| It's still his linkedin profile plastered all over twitter
| right now though more than Azure's EULA/T&C's.
| aasasd wrote:
| Frankly, using a personal profile for work activity in this
| vein is just not a good idea. Regardless of whether
| Linkedin 'forbids' creating secondary accounts.
| fireball_blaze wrote:
| But no one is calling this guy a villain. For example, his
| name is not mentioned once in all these HN comments. It's
| not his fault.
|
| And indeed the Azure T&C's are definitely referenced a in
| the Twitter discussion with the OP. Such as:
|
| https://twitter.com/dezren39/status/1359726235929223168
| j3th9n wrote:
| No one is calling this guy the villain, but he is
| pictured as the villain.
| whimsicalism wrote:
| "On February 10th, a new Canonical Sales Representative
| contacted one of these developers via LinkedIn, with a
| poor choice of word. In light of this incident, Canonical
| will be reviewing its sales training and policies.""
|
| My reading of this statement is that they are
| scapegoating the guy.
| daveFNbuck wrote:
| I think an attempt to scapegoat would look more like "in
| violation of our established policies and rigorous
| training, a Canonical Sales Representative contacted one
| of these developers via LinkedIn."
|
| The actual quote acknowledges that the company's training
| and policies are at fault. I'd also expect a scapegoat to
| be publicly fired or disciplined, did they say that
| elsewhere?
| jacurtis wrote:
| > "On February 10th, a new Canonical Sales Representative
| contacted one of these developers via LinkedIn, with a
| poor choice of word. In light of this incident, Canonical
| will be reviewing its sales training and policies."
|
| This was their official statement regarding this matter.
| They provided this to The Register to defend their
| actions when this story got written up: https://www.there
| gister.com/2021/02/11/microsoft_azure_ubunt...
|
| Edit: Yes so just to be clear, according to their
| official statement they are scapegoating the salesman.
| They call him a "new Canonical Sales Rep" to imply he
| isn't experienced and made a mistake. The only
| responsibility that Canonical took is that they will
| "review its sales training".
| daveFNbuck wrote:
| The only blame they gave him was that he had a poor
| choice of words. They're not saying he went against
| training or policy. They're not saying that he's being
| disciplined or fired.
|
| Canonical said that they need to review their policies.
| To me, this implies that what he did was not against
| policy.
| johnsoft wrote:
| They are _trying_ to scapegoat the guy. Thankfully,
| people are not falling for it.
| cptskippy wrote:
| This. Typical Marketing and Sales tactics involve using
| the lowest level employee both because they're naive and
| because they have nothing to lose because they're already
| lowest on the pecking order.
| srndsnd wrote:
| I pulled up his LinkedIn. He started at Canoncial three
| weeks ago, fresh out of undergrad.
|
| I really hope he comes out of this unscathed.
| Topgamer7 wrote:
| It really depends on company culture. But there's
| probably a good chance this affects him at the company
| internally.
| fireball_blaze wrote:
| Perhaps. At the very least, it's gotta be uncomfortable
| for him.
| kodah wrote:
| > It's still his linkedin profile plastered all over
| twitter right now though more than Azure's EULA/T&C's.
|
| This is pretty disgusting that someone didn't think to
| cover his name or image while complaining about what is
| essentially privacy and having a central beef with two
| companies. That said, while it's disgusting to me, it can
| easily be shrugged off as "thoughtless" by others because
| privacy is not a mainstream concept.
| duxup wrote:
| I think LinkedIn is kinda ... tainted so mass spam is just
| considered par for the course on there, sadly. Nobody thinks
| twice about spamming on there.
|
| I log on there and it's all spam-ish content. And really all I
| want to know is what people I worked with are doing now / how
| they're doing....
| eznzt wrote:
| I think it really is a disgrace that his photo and name are out
| there linked to this. It's most likely not his fault.
| jnwatson wrote:
| I'm super confused as to why anybody thinks this is a problem.
| Generally, when one "buys" something from a "marketplace" the
| vendor gets to know who the buyer is. That the vendor asks the
| buyer if there's anything else they'd want to buy is par for the
| course.
| layoutIfNeeded wrote:
| >Generally, when one "buys" something from a "marketplace" the
| vendor gets to know who the buyer is.
|
| Ummm... no?
| IshKebab wrote:
| If you download a free Android app the developers don't get
| your email address.
| ryandrake wrote:
| What? When I buy something at a brick and mortar store, I don't
| expect the product's manufacturer to get my personal
| information. I don't even expect the store to get my personal
| information if I pay in cash.
|
| I don't want some "relationship" with a company just because I
| buy their product.
| soared wrote:
| Well... they do get your personal information along with tens
| of other companies involved in any transaction. Crm, payment
| processors, anti-fraud, manufacturers, etc.
|
| When you buy a product you agree to whatever terms there are,
| you only get to write terms if you're writing up a contract.
| jasonlotito wrote:
| Sure, but you did notice that they had a mailing list and
| gave them your name and email address and a bit more
| information so they could get back to you.
|
| This thread explains it in more detail:
| https://twitter.com/dezren39/status/1359726235929223168
|
| Seems pretty simple. No real story, other than the OP not
| paying attention.
| andrewzah wrote:
| "Why won't it read?!"
|
| That southpark episode, while disturbing, amusingly is spot
| on.
| TameAntelope wrote:
| Imagine...
|
| You buy a toaster, and someone from the toaster company comes
| to your house to try and sell you a microwave. "I see you
| like to warm foods, let's talk about some other ways our
| products can help you with that!"
|
| Wait, now I'm not confident that doesn't/didn't happen,
| geez...
| IfOnlyYouKnew wrote:
| I don't know why we need metaphors for situations that are
| this simple. But, in any case, the ,,Azure marketplace", as
| its name implies, acts as a middleman connecting buyers and
| sellers. In brick-and-mortar terms, it's closer to signing a
| cell phone contract with AT&T at an Apple Store.
| rchaud wrote:
| > I don't want some "relationship" with a company just
| because I buy their product.
|
| You've never needed warranty support before? I'm not aware of
| ways in which that works without them knowing who you are, or
| where they should mail the repaired product back to.
| CodesInChaos wrote:
| But that's only necessary if and when I open a support case
| with them, not merely because I bought the product.
| mint2 wrote:
| I take issue with it, but I haven't seen any other comment
| clearly state what I see the issue to be.
|
| The issue is the poster spun up the instance in the course of
| his job. Microsoft and canonical would be reasonable to share
| that job related info.
|
| But instead it appears that either they shared his personal
| info which would be unethical, or canonical takes the de-
| identified job info and then matches it with personal info.
|
| In most transactions between people acting as representatives
| of their business, it would be very creepy for one of the
| businesses to then get personal info on the representative of
| the other business like their social media accounts or home
| address, especially if they do it using secret/obfuscated
| manners rather than explicit asking.
| braveyellowtoad wrote:
| Hm in the corporate world, looking up people on LinkedIn is
| pretty par for the course. As a consultant with a large
| consulting firm, I meet with lots of different people. Since
| I have LinkedIn premium I can see who is looking at me. I'd
| say easily half the people I meet look me up before the
| meeting, and I do the same. It's just curiosity and trying to
| get some background.
|
| What would be weird is sending me a message through there
| before the meeting. If we are speaking using another channel
| (like work email accounts), stay on that channel. This is
| what has gone wrong in this case.
|
| No worries with sending a connection request after our
| meeting "nice to meet you today and looking forward to
| collaborating, cheers"
|
| As a side note it's always funny when we are in the middle of
| a meeting and a notification pops up that they have looked at
| my profile. It's like "hello... pay attention... I'm right
| here..."
| ojnabieoot wrote:
| If the email came over an Azure customer support system, or
| even to the corporate email used to sign up for the Azure
| account, then sure - I would personally find this very
| obnoxious and it being buried in the license agreement is
| suspicious, but not really that unethical. Crucially, this
| arrangement means Canonical could engage in marketing without
| MSFT sharing much personal data about Azure users.
|
| What's extremely unethical is contacting the person _over
| LinkedIn._ It 's extremely aggressive and a huge violation of
| boundaries, and proves that Microsoft is sharing personal
| information (names of users) with Canonical.
|
| If I buy something online from a store, I would expect a few
| spam emails. But it would be completely unacceptable if a sales
| representative showed up at my house (despite me only sharing
| my address for billing/shipping purposes). This is basically
| what happened to the Azure customer.
| jnwatson wrote:
| LinkedIn? The also-Microsoft-owned service where you can pay
| to send DMs to users?
|
| I have no idea what you're talking about regarding "huge
| violation of boundaries", because there are none on LinkedIn.
| I get multiple DMs a week from folks I don't know selling
| something.
| ojnabieoot wrote:
| I don't even use Azure or LinkedIn. But I'm extremely not
| interested in continuing a conversation with someone who is
| being deliberately ignorant and difficult. If your attitude
| is "consumers are not allowed to complain about any shitty
| marketing practice if I don't like the company involved"
| then congratulations, you are sooooo superior.
| nonotreally wrote:
| I dunno man. I'm struggling to see how this is catching
| anyone by surprise.
|
| I'm not endorsing more ad spam, but I'm really caught off
| guard that using a service with a real name/email and
| getting added to a CRM is generating this level of
| indignation.
|
| Do none of you guys work in corporate? I get
| Linkedin/email/phone spam all the time. This isn't new.
| The only interesting thing here is that the trigger and
| the response time were so short.
|
| Again, I'm not advocating for more of this or even saying
| I like it. I'm just saying "why are we all of a sudden
| upset about this?"
| theossuary wrote:
| I'm on board with the above poster, and you dismissing
| what they're saying as "deliberately ignorant" because it
| doesn't jive with your world view is a sad tactic to use
| when discussing something.
|
| As somebody who's listed products on the AWS marketplace,
| when you "subscribe" to a product you give them your
| information as due course. This is obvious, spelled out,
| and known across all the marketplaces. So I'll assume the
| part you take issue is, is with reaching out to the
| individual on LinkedIn instead of through Azure. I don't
| understand how in a world where companies cold call you
| after buying your phone number, and spam you with emails
| after you try to unsubscribe, suddenly messaging you on
| LinkedIn is over the line.
|
| It's strange, and I'm glad they're moving away from the
| practice, but to pretend it's this big privacy fiasco is
| disingenuous at best. They (Canonical) still have all
| your data, they're just being more subtle about it now.
| How is that better?
| lostdog wrote:
| This is the first time I've heard about subscribing being
| a privacy violation, so no, this is not "obvious."
| theossuary wrote:
| This isn't a big hard to read document:
| https://azure.microsoft.com/en-
| us/support/legal/marketplace-...
|
| 3a spells out what you're agreeing to share with the
| publisher of the product in the marketplace when you
| subscribe to it.
|
| Additionally the listings each link to their respective
| privacy policy _right underneath the subscribe button_ ,
| plainly in view above the fold.
|
| Finally, I've just attempted to subscribe to "Ubuntu
| Server" in the Azure Marketplace to see what it looks
| like, and it shows you a form with the information it's
| going to share with Ubuntu on the screen for you to
| modify before subscribing! So it seems like you arguing
| this isn't "obvious" is in bad faith, because it's
| obvious for any reasonable person who's actually used the
| marketplace.
| that_guy_iain wrote:
| > What's extremely unethical is contacting the person over
| LinkedIn.
|
| Umm the point of linkedin is to make professional contacts
| and a professional network.
|
| > But it would be completely unacceptable if a sales
| representative showed up at my house (despite me only sharing
| my address for billing/shipping purposes). This is basically
| what happened to the Azure customer.
|
| This would be like the sales rep turning up at your office
| during office hours and leaving a card for you.
|
| The person used a corporate account and the person was
| contacted via a method used to contact people about
| professional matters.
| burkaman wrote:
| Imagine you rented a car from Hertz on a work trip with a
| company card, and then Ford called your house.
| phendrenad2 wrote:
| Actually, if that happened, most people would be slightly
| annoyed, but not at the "wtf" level of this Tweet. Simply
| because it's a digital purchase, and it's "ye olde evil
| Microsoft", it's considered a "wtf" moment.
| autoditype wrote:
| I thought this was going to be a Clippy joke, but the truth was
| much more disturbing. Why is Microsoft sharing this level of
| information (from a corporate account) with third parties?
| agilob wrote:
| > Why is Microsoft sharing this level of information (from a
| corporate account) with third parties?
|
| Because why not, it's allowed by T&C
| IgorPartola wrote:
| Well I think we all know why. They make money from it. The
| question that's more relevant is how many of you are going to
| cancel your Azure accounts and move to a different host after
| seeing this and will it lose MS enough money to stop the
| practice. I'm taking bets that not enough will at 50:1 odds.
| throw1234651234 wrote:
| It will definitely keep me avoiding marketplace offerings.
| All we do on Azure is spin up VMs / K8S deployments /
| Connections to on Prem.
|
| The one time we tried to set up SendGrid "from the
| marketplace", it failed horribly.
| atraac wrote:
| We tried making three Sendgrids for every environment but
| we werent aware that Azure has a limit of two per
| subscription... We got 'banned' and cannot change any of
| their passwords, cannot login, remove them, reset in any
| way, Sendgrid support sends us to Azure support. On Azure
| support we got an guy who barely spoke english and
| prolonged the case with meaningless messages for over six
| months after which we gave up, issue was not resolved,
| we're stuck with two banned Sendgrid accounts within
| subscription. I guess spendings of 18k eur/month is not
| enough to get proper support.
| toyg wrote:
| Do you really think Ubuntu doesn't already have similar
| agreements with other cloud providers...?
|
| Azure is a big fish. If they managed to get that, they
| definitely got smaller ones.
| TameAntelope wrote:
| We're all a bunch of tech folks here, so has anyone gotten
| an email from Canonical after spinning up an Ubuntu
| instance in AWS or GCP?
|
| I've at least done this on AWS and have never seen anything
| from Canonical.
| rchaud wrote:
| Your data is still on their CRM. Perhaps a salesperson
| looked you up and decided to pass?
| TameAntelope wrote:
| Right, hence the open question.
| hvis wrote:
| I'm pretty sure it's the other way around, and Microsoft
| has similar agreements with most of its partners.
|
| Ubuntu's however, is a free OS, so any cloud hosting can
| use it without major repercussions even without any support
| contract with Canonical. Any cloud provider that doesn't
| like this agreement, doesn't have to make it.
| IgorPartola wrote:
| Then time to move off Ubuntu? I've been a big fan of it for
| a long time but it seems my servers will be moving to a BSD
| sooner rather than later.
| petschge wrote:
| You could also just use Debian instead of Ubuntu.
| IgorPartola wrote:
| But systemd :). Honestly the main servers I am thinking
| of moving use zfs and zfs on FreeBSD is more of a first
| class citizen than on Linux.
| mamcx wrote:
| How good is freebsd to host a typical PG + nginx + docker
| + Rust/Python backend? ie: Can I use last versions of
| everything and expect to work? I have always used ubuntu.
| andrewzah wrote:
| If you use docker heavily, *bsds are not an option. You
| do not need a *bsd just for ZFS, although it is supported
| quite nicely. I use zfs with proxmox for my server, which
| is debian based.
|
| I would recommend using debian buster. People lose their
| minds over systemd and it's ridiculous. Debian has been
| the best experience of any distro that I've used, and
| I've tried most of them. For my router I use openbsd.
| IgorPartola wrote:
| BSD has jails which are roughly equivalent to Docker and
| are older and more stable tech. I am also a big proponent
| of not needing Docker nearly as much as most people seem
| to think it's needed. Sure, if your stack revolves around
| a custom-compiled nginx version downloaded off some guy's
| FTP site then Docker is nice, but also why does your
| stack revolve around a custom-compiled nginx version
| downloaded off some guy's FTP site?
|
| The rest will run as well or better. FreeBSD is a more
| cohesive unit and by some claims is more performant than
| Linux.
|
| tl;dr: no it won't be a seamless move because the only
| seamless move would be from Ubuntu to Ubuntu. But if you
| are willing to explore tech that isn't the current in-
| vogue stack you will find some really cool stuff in BSD-
| land. And their rc.conf is a pleasure to work with
| compared to to the million config files you need to use
| on Ubuntu/systemd.
| andrewzah wrote:
| For people who use docker at work, avoiding it is simply
| not possible. Our stack revolves around images (not
| necessarily docker), so *bsds are dead in the water for
| me.
|
| Additionally, orchestrating is simplified with docker-
| compose vs managing many jails. I used to manage freebsd
| jails via cli in FreeNAS, but orchestration with docker-
| compose is much easier and trackable in git. Transferring
| between machines is as easy as setting up docker, git
| cloning, and setting secrets. [0] Podman solves some
| issue docker has, but using stuff like S6 [1] in
| containers helps a ton. Perhaps most importantly, docker
| images are reproducible (for the most part) while jails
| only have templates, so it's up to you to manage
| reproducibility.
|
| Don't get me wrong- OpenBSD and FreeBSD are amazing
| distros. OpenBSD has the best user experience in my
| opinion, which is why I use it for my router. But they
| suck for modern gaming and stuff like docker.
|
| "custom-compiled nginx version downloaded off some guy's
| FTP"
|
| This is a strawman argument. But, sometimes one might
| want custom compilation without installing a host of
| build tools on the host system. Or one might want to have
| a reproducible build not tied to the host system.
| Compilation may be expensive (like with ffmpeg) or the
| host may be underpowered like a Raspberry Pi. Etc.
|
| [0]: https://github.com/andrewzah/lilac-
| docker/tree/main/services
|
| [1]: https://skarnet.org/software/s6/
| IgorPartola wrote:
| I agree with your arguments in that if your stack is
| already built on Docker it's a lot to ask to move to a
| different system. But if you are choosing a new stack for
| a new project, why not look at alternatives to Docker?
| There are many and jails is a good one. Granted, I
| haven't looked much at orchestration tools for jails.
|
| As far as do you need Docker in the first place? Well
| maybe. One of my favorite orchestration and deployment
| systems I built was based on packaging everything as .deb
| files and running our own apt repo. Since all
| workstations ran Ubuntu and all servers ran Ubuntu
| getting our system up and running was as easy as adding
| our custom repo and running `apt-get install our-custom-
| project`. apt is great for resolving dependencies and
| this way we don't end up with a mess of files all over
| the place. Plus this way we got all the benefits of not
| having to update every container when a libssl update was
| required. Just run `apt-get update && apt-get
| (dist-)upgrade` and suddenly you are fully up to date and
| restarted.
|
| Orchestration on this system was accomplished by using
| puppet to set up the custom repo, install the packages,
| install all the current config files for the system
| services as well as our own, and starting all the
| services in order. Reproducible to the point where when
| one of our servers (we had a few pieces of beefy physical
| hardware) blew up, we simply set up a new one, ran the
| puppet manifests and were back to full capacity within
| like an hour. Mind you this was back in 2010-2012 and
| tooling has only gotten better since.
|
| This type of thing also allows you to nicely package any
| custom versions of software you want as well. Want a
| custom build of nginx? Go run the script that builds it
| and makes a .deb out of it, then upload to your repo. You
| aren't relying on some guy with a blog post to keep his
| server up. You aren't even affected by GitHub going down
| if you don't host your apt repo there. Or use it out of a
| PPA someone else maintains. But there is zero need to
| wget/make/make install with this setup. You aren't doing
| reproducible builds because it's a build once, run
| everywhere system. And it makes you very directly
| consider what your dependencies are. Do you really need
| that unmaintained library written in an esoteric language
| that requires a SPARC to compile? Docker allows you to
| hide bad dependencies behind the idea that they are
| inside a container so the harm they can cause is limited
| and the headache is localized. But that just treats
| symptoms, not the problem.
| andrewzah wrote:
| "Since all workstations ran Ubuntu and all servers ran
| Ubuntu"
|
| Admittedly our company is small (~5 fulltime devs), but
| we have: mac osx catalina, debian buster, debian
| bullseye, and ubuntu bionic beaver. So precompiling .debs
| won't work here. Docker gives us all a common ground,
| minus some wonky mac docker issues with DNS.
|
| Also, this assumes that one is using a server in the
| first place. We run our own kubernetes cluster that we
| automatically provision and deploy pods to, so there is
| no server to upload files to.
|
| "You aren't relying on some guy with a blog post to keep
| his server up. <...> And it makes you very directly
| consider what your dependencies are. Do you really need
| that unmaintained library written in an esoteric language
| that requires a SPARC to compile? Docker allows you to
| hide bad dependencies behind the idea that they are
| inside a container so the harm they can cause is limited
| and the headache is localized."
|
| Again, this is a strawman. You can butcher things with
| docker, or without docker. The same can happen with i.e.
| Ansible & Terraform (which we also use). I can, and do,
| analyze our images to see what we can reduce to. Most of
| our images are either on Scratch or Alpine Linux, thanks
| to multi-stage builds.
|
| Since each build is localized to a container, we can
| independently update images and not have to worry about
| dependency mismatches, or random directories being
| modified, etc.
|
| My opinion will be biased because I've written at least
| ~120 docker images in the last two months and spend a
| good bit of time tweaking and optimizing them.
| IgorPartola wrote:
| > Admittedly our company is small (~5 fulltime devs), but
| we have: mac osx catalina, debian buster, debian
| bullseye, and ubuntu bionic beaver. So precompiling .debs
| won't work here. Docker gives us all a common ground,
| minus some wonky mac docker issues with DNS.
|
| That does make it more difficult. Docker does sound like
| the common ground then.
|
| > Again, this is a strawman. You can butcher things with
| docker, or without docker. The same can happen with i.e.
| Ansible & Terraform (which we also use). I can, and do,
| analyze our images to see what we can reduce to. Most of
| our images are either on Scratch or Alpine Linux, thanks
| to multi-stage builds.
|
| It's a related argument. My point is that Docker allows
| you to take shortcuts too easily compared to other
| methods. And when you are faced with figuring out how to
| make your software work with widgetlib 1.0.4 provided by
| the system instead of widgetlib 1.0.5 which is what you
| originally built it for, you have a choice of packaging
| 1.0.5 yourself and potentially doing that improperly
| (make && make install inside a Docker container, paying
| no attention to dependencies or upgrades), or properly
| (by creating a standard reproducible build you can
| track). Docker allows you to take the shortcut easily.
| It's a powerful tool and it does allow you to create good
| images, but I have also seen some terrible ones (just
| like I've seen bad examples of .deb packages, but a lot
| fewer of them).
|
| Regardless, it's about how you work and how you structure
| things. I am coming around to Docker as a workflow, but I
| doubt I'll be creating 120 microservices to run one
| project anytime soon. Too many things to keep track of
| and update.
| jkaplowitz wrote:
| The zfs reason makes sense, but in recent releases Debian
| and Ubuntu take the same approach to systemd, so
| switching between those two wouldn't meaningfully change
| the init system situation. (I did see the smiley face;
| this comment is just in case that smiley is more self-
| deprecation than sarcasm, or for other readers.)
| IgorPartola wrote:
| I put the smiley there because just the other day I was
| defending systemd on a different HN discussion as a
| perfectly usable piece of software. I meant that I wanted
| to move off a system that uses systemd which would mean
| both Debian and Ubuntu. It has been a while since I've
| run a non-Linux server so part of it is to stretch my
| stead in muscles. Don't want to get rusty.
| 95e702cdcbd7d09 wrote:
| Other good reasons to move away from Ubuntu:
|
| * They show you ads on login
|
| * They periodically phone home with: Ubuntu version,
| kernel version, architecture, CPU model, curl/wget
| version, cloud (if applicable; aws/openstack/...). This
| is part of the delivery system of the ads mentioned
| above. See /etc/update-motd.d/50-motd-news for the actual
| script.
| BelenusMordred wrote:
| * Snap breaking all the things
| api_or_ipa wrote:
| It's enough for me to have an extremely bad taste in my
| mouth, that goes for both Azure and Canonical. On the topic
| of linux distros, we do use Ubuntu, mostly because that's
| often the least effort distro to spin up, but the choice of
| distro is fairly arbitrary nowadays, especially for Ubuntu.
| My current employer uses AWS so the question of switching
| platforms probably won't arise now, but whether it's at this
| company, a new company, or my own side projects, you can bet
| the decision over which platform to use will come up, and
| horror stories like this aren't easily forgotten.
| IfOnlyYouKnew wrote:
| It's not a ,,third party". The image spun up by the user is
| published to the Azure marketplace by Canonical.
| phreack wrote:
| It definitely gave me Clippy vibes, and suddenly thrust me into
| a Black Mirror type of situation where a current day Clippy
| would literally forward all of your work (keystrokes, open
| programs, files) to sales and ad representatives so they can
| sell you more stuff. Every day I'm more and more paranoid of
| big companies now!
| jlgaddis wrote:
| You realize that pretty much all of that happens when you use
| Windows 10, yes?
| ohthehugemanate wrote:
| The MS response in TFA is illuminating: terms for publishing an
| image on the marketplace are that MS will make certain
| information available to facilitate user support. Sales and
| Marketing are explicitly forbidden uses of this information.
| Canonical violated their Terms, in what is probably a GDPR
| violation of some kind if the user is in the EU.
|
| What's interesting is whatif any enforcement action comes of
| this. It's not like MSFT can restrict Ubuntu image use on
| Azure; Linux is literally the majority of their usage. Can they
| sue?
| jbob2000 wrote:
| This is incredibly common. I installed an analytics package on my
| personal heroku account for a side project and received an email
| on my enterprise email account from their sales department.
|
| My personal heroku account uses my personal email address, eg.
| jbob@gmail.com, but my enterprise account uses my full name, eg.
| jonathan.bob@bigco.com.
|
| There's a sneaky CRM tool floating around that is connecting the
| dots on people.
| bronson wrote:
| This is called data enrichment. It is a massive industry with
| boatloads of companies serving it. One of the more well known
| (outside of the credit bureaus) is Acxiom. Googling will get
| you pretty far.
|
| If you have money and a piece of personal info (just about any
| combo of name+zip, phone#, email addrs, credit card, tracking
| cookie, etc), these companies can quickly give you full
| personal details including income and housing history, mortgage
| status, email addresses used, employment history and full
| details on your employers, plus all these details on spouses
| and children, pretty much whatever you want. It's remarkable.
| csunbird wrote:
| I think it is apollo, they had linked my job email and personal
| email already.
| [deleted]
| McDyver wrote:
| He seems to have been using a corporate account, and then was
| contacted via a personal account.
|
| This goes to show that, when dealing with big corporations, even
| when you're paying, you're still the product.
| superkuh wrote:
| All I see is, "JavaScript is not available."
| IgorPartola wrote:
| You should probably enable JavaScript. Sounds like you broke
| your browser and half the web with it :)
| DocTomoe wrote:
| Or maybe he has a good reason to keep it turned off. Like
| avoiding giving people like spammers, scammers, marketers and
| websites that hire incompetent web developers attention they
| do not deserve.
| IgorPartola wrote:
| Right. But then stop complaining about it every chance you
| get. It's the equivalent of taking the steering wheel out
| of your car so if you get in an accident you don't hit your
| head on it, then complaining that streets have turns. For
| better or worse, the web now requires JS to function unless
| you restrict yourself to some very specific communities. If
| that's the case and you want to do that, good for you. But
| every HN thread seems to have a complainer about not being
| able to use a service that's built on top of JS.
| DocTomoe wrote:
| I disagree. Bad practices, like (linking to) websites
| that do not degrade gracefully, is worthwhile. Only by
| creating awareness, change can be invoked.
| boogies wrote:
| Exactly. IMO a much better analogy would be a vegetarian
| being presented with a purely carnivorous meal, meat with
| blood to drink, not being allowed a glass of water, and
| saying "all I see is meat". I may be mildly biased as a
| flexitarian, but I don't see that as being analogous to
| removing a steering wheel and complaining about road
| turns. Maybe analogous to boycotting fossil-fueled
| vehicles and complaining about a lack of walking paths,
| bicycle lanes, or charging ports.
| IgorPartola wrote:
| I would love to see a text editor, a spreadsheet editor,
| or a piece of mapping software that's as usable as Google
| Docs and Google Maps that you create with plain HTML :)
| [deleted]
| minikites wrote:
| Thanks for letting us know.
| bzb6 wrote:
| https://twitter.com/1990sLinuxUser/status/669488129150177280
| [deleted]
| maxk42 wrote:
| Microsoft I'd expect this from but what the heck was Canonical
| thinking??
| macksd wrote:
| Canonical has had PR problems with privacy before: submitting
| desktop searches to external services by default, including
| Amazon results, etc. At the end of the day they're trying to
| monetize Linux and they seem less focused on traditional
| enterprise relationships than Red Hat or SUSE.
| Blikkentrekker wrote:
| Please do not tell me you are so naive as to believe that
| Canonical would be above this?
|
| It has not gone unnoticed to me that many seem to think that,
| say, Canonical and Red Hat are not corporations in the
| traditional sense, for which the customer is prey.
| devmor wrote:
| Probably something along the lines of "Hello, I like money."
| withinboredom wrote:
| I've gotten cold calls from CoreOS spun up in Azure as well. This
| was years ago.
| AtlasBarfed wrote:
| Was this a custom-wrapped ubuntu image, or did someone pick the
| pre-configured ubuntu image managed by Canonical and Microsoft?
| holtalanm wrote:
| I will never use ubuntu again. There are plenty of other stable
| linux distros out there.
| fireball_blaze wrote:
| Side note... the user on Twitter that originally reported this
| had his account locked by Twitter for posting the LinkedIn
| message from the Canonical sales guy.
|
| https://twitter.com/LucaBongiorni/status/1359885001844744195
| throwaway077445 wrote:
| I love how being contacted by a salesman that is acting
| accordingly to the terms of the contract he accepted is BAD!
| but publishing a private message without consent and without
| obfuscating name and surname is RIGHT!
|
| Some devs have complete disconnect from reality.
|
| (ofc he screams #censorship)
| fireball_blaze wrote:
| He definitely should have blurred out the name of the
| salesperson in the original image.
| ubermonkey wrote:
| Nope, not morally. Once you send me a message, it's mine. I
| can tell anybody I want you sent me a message. I can post
| it publicly if I want.
| asien wrote:
| In fact no. Once I send you a message it's neither yours
| or mine, it's owned by the platform. Thus if the platform
| does not allow for << sharing >> without consent you must
| follow their instructions.
|
| Also if you believe privacy is a right, you should ask
| that person before sharing this digital content he
| created that has hid identity in it, otherwise you should
| hide it.
|
| For a paper letter it's obviously different, once you
| received it it's obviously yours.
| dredmorbius wrote:
| The _object_ may be yours. Copyright in the _contents_
| unless specifically assigned elsewhere (in many service
| agreements a _grant_ but not an _assignment_ is made to
| the service operator), remains with the author.
|
| Fair-use affirmative defence (under US law), fair dealing
| (UK),or equivalents elsewhere, may apply. Infringement
| claims, if any, would rest on thin grounds. Under the
| specific circumstances here, privacy claims likewise.
|
| There is no copyright protection in the _fact_ of
| communication. Nor in the details of who did so.
|
| Generally I'd argue for a legitimate public interest in
| sharing the communication in cases such as this.
| devmunchies wrote:
| taking a cue from Cancel Culture. Wants to inflict as much
| public shame and probably wants this rep to lose his job.
|
| In fact, by publishing his name you're giving the company an
| opportunity to throw him under the bus. It redirects
| culpability. Microsoft and Canonical should be the only
| focus.
| jackson1442 wrote:
| I personally have no qualms publicly posting corporate
| solicitations on the internet. Had it been a message of
| personal nature, it would be an entirely different story.
|
| Regardless, it seems abundantly clear that this is his _job_,
| and he is not at fault for following the directions of his
| corporate overlords. No one's saying to go trash his house,
| and all the information he posted (name, photo) is publicly
| attached to his linkedin profile that is accessible to any
| authenticated LinkedIn user.
| MattSayar wrote:
| Dumb question but, if his acct was locked, how did he post
| that?
| kevingadd wrote:
| Locks are temporary in almost every case on Twitter and will
| automatically release if you do what they want you to do
| (usually, delete it)
| matsemann wrote:
| Is it Azure sharing data, or the Ubuntu images phoning home?
|
| Edit: a comment here links to an article with more details. MS
| shares with Canonical. Bad on both parts I'd say, at least weird
| usage of the data.
| joezydeco wrote:
| Not if you purchase something from Canonical on MS's
| Marketplace. That's what marketplaces do.
| falcolas wrote:
| They shouldn't. The examples of cases where it's not the norm
| are spread throughout the comments.
|
| I'd say a reasonable person would not expect to do business
| with Azure and have all of their information forwarded off to
| Canonical.
|
| It's a scummy arrangement and execution on both sides.
| inetknght wrote:
| What was purchased from Canonical?
| db48x wrote:
| A free copy of Ubuntu, packaged specifically for use on
| Azure.
| inetknght wrote:
| That's not a purchase. Every dictionary I've read has
| described a purchase to include transferring money _and_
| ownership.
|
| Starting a VM isn't a purchase of Ubuntu. It's a rental
| of compute, storage, and network resources. Any other
| definition is, quite simply, wrong.
| IfOnlyYouKnew wrote:
| You need a better dictionary, or to stop making things
| up. The Oxford Dictionary, for example, defines purchase
| as merely "acquiring something".
|
| Legally, freedom of contract means the specifics of what
| is to be exchanged in a purchase are more or less
| unlimited.
|
| Even colloquially, many purchases happen without "money"
| changing hands. Paying with a voucher, for example, would
| seem to be a form of payment that doesn't involve actual
| money.
| inetknght wrote:
| > _You need a better dictionary_
|
| Indeed, perhaps.
|
| > _or to stop making things up._
|
| I didn't make it up but thanks for the insinuation.
|
| > _The Oxford Dictionary_
|
| I haven't spent $90 on the Oxford Dictionary because I
| haven't believed it to be necessary.
|
| > _defines purchase as merely "acquiring something"._
|
| Really? Tell that to Google which claims its definition
| comes from "Oxford Languages" [0]. I'm sure that's not
| quite the Oxford English Dictionary though.
|
| Google states: 1. acquire (something)
| by paying for it; buy. 2. haul in (a rope or
| cable) or haul up (an anchor) by means of a pulley,
| lever, etc.
|
| But that's just Google and we all know Google can be
| manipulated. Let's take the free definition from Merriam-
| Webster instead [1]. 1 a : to obtain by
| paying money or its equivalent
|
| Okay how about a third source? Dictionary.com [2] states:
| to acquire by the payment of money or its equivalent;
| buy.
|
| Finally, Cambridge at the fourth source, is where a
| monetary transaction isn't _directly_ part of the
| definition but it certainly is part of the supporting
| descriptions. verb: to buy something
| * She purchased her first house with the money.
| noun: something that you buy * How do you wish to
| pay for your purchases?
|
| So they're all free dictionaries so they're not as elite
| as the Oxford English Dictionary. But their definitions
| are fairly consistent. And, given that I _think_ that a
| purchase without money is actually a _barter_ then
| perhaps the Oxford English Dictionary isn 't as good of a
| source.
|
| You might want to learn about the definition of a rent by
| the way. It's a bit closer to what goes on with cloud
| instances.
|
| [0] https://www.google.com/search?q=define+purchase
|
| [1] https://www.merriam-webster.com/dictionary/purchase
|
| [2] https://www.dictionary.com/browse/purchase
|
| [3] https://dictionary.cambridge.org/us/dictionary/englis
| h/purch...
| donarb wrote:
| It's essentially a subscription, sometimes for a price,
| sometimes not. And it's more than just a Ubuntu distro,
| it's an Azure image that also contains code allowing the
| distro to run in Azure's system. Much like an AMI at
| Amazon.
|
| Anyone can bypass the marketplace by creating their own
| machine images, it's not too difficult.
| dspillett wrote:
| _> Any other definition is, quite simply, wrong._
|
| Then there are a great many definitions of there that are
| quite wrong. Many references to organising a service and
| so forth.
|
| This is probably one of those instances where the
| dictionary needs to catch up. A dictionary documents how
| language is used at the time of its compilation, it does
| not dictate how language will/should be used for all time
| forward.
| dspillett wrote:
| An instance of Ubuntu from a pre-prepared image, in
| exchange for $0.00 and your contact details.
|
| The pre-prepared image part does perpetually have value -
| it saves you installing from a standard ISO and Azure-
| ifying the result, or having your own image pre-prepared
| from earlier.
|
| It is a short while since I last spun up a fresh VM in
| Azure so I'm can't remember if this arrangement is made
| clear at all, though I do remember getting an email like
| the one discussed at least once last year.
| falcolas wrote:
| If this is so common (or valuable), why am I not charged
| for an image of Ubuntu optimized for Docker when I pull
| it from Docker hub?
|
| Or when I download the various usage-optimized ISOs from
| Canonical's own site?
|
| This is exceptional, and in exceptionally poor taste.
| mr_cyborg wrote:
| This is exactly how Docker works too - they recently rate
| limited anonymous accounts, and by signing up for the
| free plan you agree to very similar terms and conditions
| in return for a higher pull rate limit.
|
| Source: https://www.docker.com/legal/docker-privacy-
| policy
|
| See Section 3. Use of Information Collected
| swebs wrote:
| >I want to OPT-OUT this information sharing I was NOT aware of!
|
| Welcome to the world of Microsoft products.
| raesene9 wrote:
| The register article on this
| https://www.theregister.com/2021/02/11/microsoft_azure_ubunt...
| has responses from Canonical and MS, which shed a bit more light
| on the situation.
|
| The Canonical quote is the most illuminating :-
|
| "As per the Azure T&Cs, Microsoft shares with Canonical, the
| publisher of Ubuntu, the contact details of developers launching
| Ubuntu instances on Azure. These contact details are held in
| Canonical's CRM in accordance with privacy rules.
|
| "On February 10th, a new Canonical Sales Representative contacted
| one of these developers via LinkedIn, with a poor choice of word.
| In light of this incident, Canonical will be reviewing its sales
| training and policies."
| curtis3389 wrote:
| We all know that you can't trust Microsoft, but a lot of people
| blindly trust Canonical just because they create a Linux
| distro.
|
| I haven't trusted Canonical since I noticed their pattern of
| creating competing alternatives to new Linux standards instead
| of helping them (Mir & Wayland, Snap & Flatpack, Unity & Gnome
| 3). It'd be one thing if they were bringing better ideas and
| long-term support to their alternatives, but they just seem to
| be half-baked copies. I appreciate all they've done for the
| Linux ecosystem, but I'll stick with my Debian.
| BlueTemplar wrote:
| Yeah, stuff like this is why I only treat Ubuntu as a
| stepping stone.
|
| I even tried to install Debian while I'm still not really
| used to Linux, but the graphics card immediately crapped
| itself on boot, so it will have to wait...
| teddyh wrote:
| > _tried to install Debian_ [...] _but the graphics card
| immediately crapped itself on boot_
|
| https://fiendish.github.io/The-Debian-Gotham-Needs/
| _underfl0w_ wrote:
| This is kinda both hilarious _and_ helpful. Thanks for
| sharing.
| scaladev wrote:
| I guess you have an Nvidia card? The two other major
| vendors have mainline (therefore GPLed) drivers and
| basically work out of the box. Keep that in mind during
| your next hardware upgrade.
|
| Nvidia was the least terrible solution about 10 years ago
| (I have PTSD from installing binary blobs and editing
| Xorg.conf to make it work.) While others have improved
| tremendously and you don't have to do anything to get full
| 2D and 3D acceleration (just boot the system), the Nvidia
| experience(tm) hasn't changed much since then.
| Debug_Overload wrote:
| I'm not sure how many times this needs repeating, but Snap
| wasn't an "alternative" to Flatpak; the latter didn't even
| exist when the former was created. Many people arguing about
| this issue don't seem to get this.
| xorcist wrote:
| Launchpad, Bazaar, Upstart.
|
| Some of them nice projects in their own right, but it's hard
| the shake the feeling of NIH syndrome.
| fader wrote:
| Since Launchpad existed before Github, Bazaar before Git,
| and Upstart before systemd, I am not sure where the NIH
| feelings are coming from.
| andagainagain wrote:
| Mir and WAyland was because wayland couldn't do what they
| wanted technically.
|
| Snap came BEFORE flatpak. Flatpak was the "new competing
| standard" in that situation.
|
| And Gnome shell, quite frankly, sucked. IMO it still sucks,
| but back then it sucked WAY worse.
| toyg wrote:
| Yeah, I wouldn't put down Ubuntu's traditional attitude as
| "we'll copy something so we can own it" - it's more of a
| "we'll do whatever we think is better for the experience we
| provide, screw the community". Which is still misguided and
| fundamentally doomed to fail in the long run, but not as
| malicious as, say, Apple's moves.
|
| At the end of the day the scorecard reads:
|
| - Mir: failed
|
| - Unity: failed
|
| - Snap: mostly failing
|
| Meanwhile RedHat takes over stuff that doesn't work, makes
| it work a bit better, and pushes it on the whole ecosystem
| as "the" solution. And they win, and win, and win.
| O_H_E wrote:
| > - Snap: mostly failing
|
| As much as I hate Snap and remove it from my Kubuntu
| systems, I don't see where it is failing. I frankly see a
| lot more non-linux-focused vendors support to snap than
| flatpak. Could you expand on that point?
| bregma wrote:
| Mir is still going as one of the better Wayland
| compositors out there.
|
| Unity didn't fail: ongoing development on it was
| cancelled because there was no way to successfully
| monetize it. It was, and remains, one of the most
| successful desktops out there.
| merb wrote:
| > Unity: failed
|
| unity failed because they abadoned it, but it was way
| better than wayland+gnome. the problem was that it was
| based on gnome2 and had mir under its belt, so it
| would've been really really hard to somehow upgrade it
| rntksi wrote:
| For servers, I would trust Debian over Ubuntu/Canonical any
| day. The way their releases work, the default set of running
| services, etc.
|
| In general, I personally prefer the way Debian works (Debian
| the Project - not the Distro). It has a board of elected
| developers governing the project. I would prefer that over
| somewhat opaque functioning inside a company (Canonical).
|
| To cite as an example, here's how they decided on the
| question of init systems [1].
|
| [1]: https://www.debian.org/vote/2019/vote_002
| ljm wrote:
| Sending out a cold email is one thing (most of that ends up in
| spam anyway), but why the fuck are these people taking the
| contact details and plugging them into a social network?
|
| I don't agree with any of it, it's a violation of trust and
| burying it in small print doesn't change that. But having
| people reach out on their personal networks takes the cake.
| andagainagain wrote:
| Per the Azure's T&C? It's easy to blame Canonical here... but I
| that sounds like Azure's screw up, and Canonical accidentally
| revealing it.
| Waterluvian wrote:
| Forgive me. It's Friday.
|
| What was the poor choice of word?
|
| I get that the whole concept is poor. But what word or words?
| cowflik wrote:
| "I saw that you"
|
| (did something that you didn't expect me to see)
| Waterluvian wrote:
| So the poor word choice was revealing how he knew to reach
| out? So it's that he got caught?
| ThePhysicist wrote:
| Damn, I wasn't aware that they share this kind of information.
| Luckily I'm in Europe and I think here they'd need at least an
| additional opt-in to do stuff like that. That said I have to
| say "No thank you, please don't send all my data to the cloud"
| at least 5 times when installing Windows 10 these days, so I'm
| sure they definitely try. I haven't used Azure in a while
| though so I can't be sure.
|
| That's also why I use Sublime Text instead of VS Code and run a
| private Gitlab instance instead of developing on Github
| (barring open-source work, which I do in the open anyway), as
| I'm pretty sure MSFT will find an excuse to mine my telemetry
| data for their own benefit eventually.
| ec109685 wrote:
| A T&C is a terrible place to put this in. This should work like
| an account linking flow (e.g. sign on with Apple to a site),
| where Apple lists everything they share explicitly when you
| click login.
| alxlaz wrote:
| Azure is... really weird like that. Sometimes it feels like I'm
| working with Amway, not Microsoft.
|
| A few months ago I spent like a week or two playing with Azure
| Sentinel -- I'm a contractor for a company that develops some
| security solutions, and I was trying to see if and how the
| feature I was working on could be integrated with a SIEM.
| Sentinel, of course, was one of 'em.
|
| So I do my thing, then a few weeks pass, then out of the blue,
| one afternoon, my phone rings...
|
| ...and there's a Microsoft representative at the other end,
| asking me what I thought about Sentinel, if I encountered any
| difficulties with it, what my plans are and so on. She seemed
| to be working off a full report of my usage, too, as the
| questions were pretty specific.
|
| Thing is, my total usage of Microsoft Azure Sentinel was on the
| order of, what, 16-20 hours? spread across several months. I
| don't think I've issued 50 request in total, and I would've
| issued less than 5 if Log Analytics didn't take like forever to
| show my data on the free tier (not that I'm complaining, the
| price is unbeatable :P). I was on the free tier the whole time,
| it seemed like such a gimmick that I didn't even bother going
| through the company I was doing all this for.
|
| Either the Azure team is desperate for customers or they have
| more salespeople than Oracle has lawyers if they ended up
| calling a small fish like _me_.
| closeparen wrote:
| Microsoft is trying to position Azure into the world
| currently dominated by contractors visiting the Windows
| Server closets of Main Street businesses. This is how that
| world works.
| IgorPartola wrote:
| Wow. I just lost a whole lot of respect for Canonical. "If you
| read the document we expect nobody to read, you'd know that you
| sold your soul to us. We didn't mean for you to find that out
| but one of our salespeople got overeager and tried to sell you
| your soul back. He will be reprimanded. Can we all forget about
| this real quick?"
| rkangel wrote:
| This was my first response as well (it's not the data sharing
| that's the problem, it's that you noticed).
|
| Thinking about it though, a lot of it is a question of
| surprise and unknowns. I would find this message to be a lot
| better - "We see that you've taken advantage of the Ubuntu
| image that Canonical provide in the Azure Marketplace. I am
| available to you for (etc.)".
| inetknght wrote:
| > * I would find this message to be a lot better - "We see
| that you've taken advantage of the Ubuntu image*
|
| No. That's not better at all.
|
| The mere fact that Canonical has specific information to
| reach me when I am not a direct customer of Canonical is a
| complete violation of my privacy.
|
| Ubuntu is a free product. Canonical should not be able to
| find out if I (specifically me or my organization)
| allocates or runs 1 or 10000 instances of Ubuntu.
| ethbr0 wrote:
| The alternative is that Azure owns complete access to the
| customer. Which seems... well, an easy skip to App Store-
| esque rent seeking.
|
| So MS sharing "their" customer details with the image
| provider seems more generous than evil. Provided there's
| a "Do not share" config option somewhere.
| IgorPartola wrote:
| So if I write a piece of software that eventually makes
| it to Debian and Ubuntu, am I entitled to your name,
| address, phone number, email, and a data feed showing
| every time you start or stop your Ubuntu instances on
| Azure? After all, I am a third party software provider at
| that point. And look, Azure doesn't even have to tell you
| they are sending me all that stuff. It's in the TOS you
| didn't read!
| Blikkentrekker wrote:
| The issue is more so *why* Microsoft is sharing this
| information with Canonical. -- what does it obtain from
| it?
|
| Ubuntu is gratis, so Canonical can't have coerced
| Microsoft into doing so; it is quite probable that one
| approached the other to make a deal, and that Canonical
| is paying a certain fee for this information.
| kube-system wrote:
| The code is gratis. Although, partnership deals tend to
| go beyond simply sharing code, and into the realm of
| dedicating time and resources to working with each other.
| devlopr wrote:
| I wouldn't be surprised to learn Azure was paid (either
| money or developer time) and this is happening for other
| products. I would think twice before using Azure if I was
| concerned about my usage being shared.
| arminiusreturns wrote:
| It is. For example I've warned others about the eula
| shipped with Dell systems with Linux (Ubuntu) on them for
| similar reasons... and encourage people to do their own
| installion of images (containerized or otherwise).
| wizzwizz4 wrote:
| The code is more than just gratis; it's _libre_. This is
| Ubuntu, based on Debian GNU /Linux. (Yeah, okay, some of
| the code is merely gratis, but _most_ of it is libre.)
|
| I don't expect an OS based on an OS based on an OS based
| on a half-finished OS based on free software principles
| to have shady data-dealing attached, yet hidden from the
| people whose data is being dealt.
| kube-system wrote:
| My point is that it's not about the code at all.
| moron4hire wrote:
| You might not have expected it, but privacy protection is
| not any sort of obligation encoded in any extant concept
| of Free Software.
| gowld wrote:
| It has nothing to do with Free Software. I'd expect the
| same treatment if I were paying Microsoft to run Oracle
| for me.
| moron4hire wrote:
| So you didn't read the ToS, I take it? I did. I do
| whenever it's something important to the company's
| infrastructure. Canonical is the one at fault here for
| not adhering to Microsoft's guidelines. But Microsoft put
| the warning on the package.
|
| I mean, it's kind of ridiculous to think that you could
| do anything in a cloud environment system and not have
| your actions tracked. Hell, with automated load balancing
| and load-based billing, that's _literally_ what you 're
| signing up for.
| ethbr0 wrote:
| I think this is why this doesn't shock (shock!) me.
|
| We're talking about a curated, supported, official image
| here, right?
|
| If folks want to use a "MyUbuntuImage" they or someone
| else packaged and uploaded, more power to them.
|
| But by pulling a Canonical image, you have a relationship
| with Canonical. Expecting that relationship not to exist
| "because open source" seems to be misunderstanding who
| does what work.
|
| As to _whether_ this should be opt-in, done, etc. is
| another matter entirely. But the fact that it exists at
| all doesn 't feel particular shocking.
|
| It's not like we're talking about everyone who pulls a
| RedHat image's info being sent to Canonical!
| falcolas wrote:
| If I'm doing business with Azure, I would absolutely
| expect them to keep my data and behavior private. It's
| part of the reason why I would be paying them (instead of
| expecting something for free) in the first place.
| moron4hire wrote:
| It's not "free as in lying around on the ground", it's
| free as in "freedom". You have to agree to Canonical's
| "Terms of Service" to use Ubuntu, so you are a licensed
| customer of Canonical's.
|
| In this case, the license is the GPL, none of which has
| anything to say about privacy. Maybe this is a failure of
| the Free Software Foundation's to not include privacy
| protection in the GPL. Though even if they were to create
| a GPLv4, the Linux Kernel is still only licensed under
| v2, so distro implementors have no obligation to use a
| more restrictive license.
|
| AKA, "the cat is already out of the bag".
|
| In the OP's case, they additionally _are_ are customer of
| Microsoft 's, who explicitly stated they share this kind
| of information with their vendors.
| goodpoint wrote:
| > the license is the GPL, none of which has anything to
| say about privacy
|
| The anti-patent-trolling, anti-tivoization and copyleft
| provisions are there to protect developers and users.
|
| Additional clauses around privacy and security would be
| very nice.
|
| Unfortunately, corporate-sponsored FUD made a lot of
| people wary of the GPL - which is ironic, given its
| protective features.
| moron4hire wrote:
| People are coming into this thread, talking about "this
| should not happen cuz free software." And Free Software
| protections are just completely orthogonal to privacy
| protections.
|
| There is a certain level of reasoning where one might say
| that, if the software were truly libre, you could "just"
| fork it and rip out the parts you don't like. But because
| you clearly can't "just" do that, then the software must
| not be free.
|
| Yes. The software is not Libre.
|
| But it's not clear to me that this is the case because
| the system is hosted on Azure or the distro is Ubuntu.
| Your rights within a marketplace go only so far as you
| can throw your alternatives. Software, especially
| operating systems, are just too complex to expect the
| concept of Free Software to be sufficient to protect user
| privacy.
| j16sdiz wrote:
| I am not sure we should add privacy protection to
| software license.
|
| Debian Free software guideline does not allow
| discriminate against using debian for evil.
| moron4hire wrote:
| Oh, I definitely agree, I'm just trying to point out that
| a lot of people here are making assumptions about what
| "Free Software" means that literally nobody in the FOSS
| or Open Source movements have ever said were goals.
| goodpoint wrote:
| > nobody in the FOSS or Open Source movements have ever
| said were goals
|
| Citation needed. RMS, the FSF and many other orgs made
| public statements around privacy many times.
| moron4hire wrote:
| I think you're the one who needs to provide a citation,
| because I've read a lot of the literature on the FSF's
| website and not once does privacy come up.
|
| Now, I can't exhaustively prove a negative, but I think I
| can easily demonstrate that the FSF has never
| meaningfully expressed an opinion on privacy. Go to
| https://www.gnu.org/philosophy/philosophy.html, open
| every single page it links to in the body of the text,
| and search for the word "privacy". It does not show up in
| the body text of any of those documents. It shows up
| _once_ in a footnote that mentions a change that Samsung
| made had that "caused privacy concerns".
|
| The closest they get to even mentioning the concept of
| privacy is when they talk about the right to modify
| software and use those modifications "privately", which
| clearly does not mean anything about user privacy.
|
| If privacy were so big of a concern for the FSF, you'd
| think they'd talk about it in their official
| documentation on their philosophy, or put something about
| it in the ONE tool they have to have power over anyone:
| the GPL.
| goodpoint wrote:
| This is plain false. Debian routinely disables trackers
| and homecalling functions in the packaged software and
| even in the documentation.
| bialpio wrote:
| It is a violation of your privacy that you may have
| already agreed to - presumably MS mentions this in their
| ToS/privacy policy that this information will be shared.
| They just conveniently forget to remind you that when you
| deploy a VM...
|
| Another interesting question: aren't you a direct
| customer of Canonical here? When you buy stuff off of any
| marketplace or though a reseller, it seems to me you are
| a customer for multiple companies. Examples: buying an
| iPhone from AT&T, buying a laptop from Amazon, buying a
| Subaru through a dealer.
| saghm wrote:
| I think there's a difference here; you can get Ubuntu got
| free outside of Azure without being a customer of
| Canonical, but you can't get an iPhone from Apple for
| free from them just by going through a different channel
| ojnabieoot wrote:
| > Ubuntu is a free product. Canonical should not be able
| to find out if I (specifically me or my organization)
| allocates or runs 1 or 10000 instances of Ubuntu
|
| I agree with the message behind this and obviously
| Canonical and Microsoft are both being extremely gross.
|
| But Ubuntu as a binary image (or source code) is a very
| different product than a VM with Ubuntu pre-installed and
| pre-configured, which is what you paid for (and is why
| you got ensnared by their horrible anti-user license).
| throwawayboise wrote:
| Both Microsoft and Canonical are for-profit enterprises.
|
| To quote the old native american (?) fable: You knew what
| I was when you picked me up.
| bayindirh wrote:
| > Both Microsoft and Canonical are for-profit
| enterprises.
|
| I don't think that most of the people have a problem with
| that. The problem is being sucked-in to something without
| ever agreeing into.
|
| In the era of privacy sensitivity (which I think is
| healthy), being watched in a place and prodded from a
| different channel is disturbing.
|
| I don't mind people trying to reach me with the hope of
| sales based on information I've provided to them, but
| this is too far.
|
| Also it removes two veils from both companies at once:
| 1. It seems Microsoft still has sneaky tactics, but
| they're more invisible. 2. Canonical is somewhat
| more aggressive and greedy than it seems, and Ubuntu
| desktop is just a freemium product, or another capturing
| device for further vendor lock-in.
| inetknght wrote:
| > _But Ubuntu as a binary image (or source code) is a
| very different product than a VM with Ubuntu pre-
| installed._
|
| How? Why? If it's different in any meaningful way from
| just clicking "next" on the installer then it's no longer
| Ubuntu, and certainly not Canonical Ubuntu, that's pre-
| installed. It's become, at best, Microsoft-Ubuntu-
| Because-Microsoft-Added-Telemetry-For-Azure. Or it's
| Canoncical-Ubuntu-Configured-By-Microsoft-With-Azure-CLI-
| Preinstalled.
|
| It's not "Ubuntu" any more.
| hannasanarion wrote:
| You don't get to decide what is and isn't "Ubuntu",
| Canonical does. Did you likewise declare that Ubuntu
| isn't Ubuntu anymore when Canonical dropped Unity? or
| when they added snap? Or when they added or later removed
| the Amazon search plugin?
|
| When I'm paying for an official Azure version of Ubuntu
| on Azure, I darn well expect there will be a closer
| support relationship than the free desktop version.
| saghm wrote:
| > When I'm paying for an official Azure version of Ubuntu
| on Azure, I darn well expect there will be a closer
| support relationship than the free desktop version.
|
| Okay, but maybe other people don't want that if it
| entails their information being shared with a company
| they haven't initiated a business relationship with?
| [deleted]
| inetknght wrote:
| [deleted]
| ojnabieoot wrote:
| Just FYI, this is bad manners. I deleted the comment
| because I didn't want to continue the conversation and I
| especially didn't want to engage with you - specifically,
| your comments here and elsewhere indicate that you are
| frequently toxic and hostile.
|
| You deciding to resurrect the comment because you
| happened to see it before I deleted it is really not OK.
| It's the exact kind of toxic hostile, creepy interaction
| I was trying to avoid from you by deleting the comment!
| inetknght wrote:
| > _your comments here and elsewhere indicate that you are
| frequently toxic and hostile_
|
| I thought your comment was interesting and merited a
| reply for others to see and discuss. But I see you
| disagree so I've removed the content of my reply.
|
| Feel free to flag any comments you find particularly
| toxic or hostile. You can do that by clicking on the
| timestamp of the comment and clicking the `flag` link.
|
| Or even better, let me know (like you have done so here).
| I can't improve myself if I don't know there's a problem.
| vntok wrote:
| There's no problem with your comment so please do not
| "improve" yourself based on the parent; they should, not
| you.
| michaelmrose wrote:
| To be clear are we to suppose one has a right to say
| something and then insist others never bring up anything
| because one has at that point deleted?
|
| Furthermore is strenuous disagreement now toxic and
| hostile?
|
| Wouldn't it be more trivial to say I do not wish to
| engage and leave it at that? Ironically calling someone
| toxic hostile and creepy is... pretty toxic.
| inetknght wrote:
| > _are we to suppose one has a right to say something and
| then insist others never bring up anything because one
| has at that point deleted?_
|
| I think someone has the right to change their mind about
| something they've said. That's why I edited my comment to
| remove it.
|
| > _Furthermore is strenuous disagreement now toxic and
| hostile?_
|
| I don't think so. But I know that I sometimes get
| passionate about my opinions. I welcome someone's input
| to keep me friendly.
|
| > _Wouldn 't it be more trivial to say I do not wish to
| engage and leave it at that? Ironically calling someone
| toxic hostile and creepy is... pretty toxic._
|
| I would like to think better than that. I think it was
| good of @ojnabieoot to let me know that they thought I'd
| wronged them.
|
| Some people can feel very anxious or awkward to
| conversation for very good reasons. They can state
| opinions and then choose to retract their opinions for
| any reason -- even if the opinion is held but they choose
| to remove themselves from the conversation. I think
| that's a good thing to discuss but this isn't the venue
| to.
| nitrogen wrote:
| Erasing history and demanding others follow your lead is
| bad manners.
|
| Posting something and deleting it after it has been seen
| is basically gaslighting. Imagine the kinds of harassment
| people could get away with if they said rude things to
| coworkers on chat, then edited the messages to appear
| benign after the coworker responded to their hostility.
|
| That is why people quote the text of comments to which
| they want to reply.
| falcolas wrote:
| If you go to Ubuntu's web site, they will offer several
| distinct ISOs, each optimized for different usecases; and
| yet I'm not charged all of my personal information there
| either.
|
| Ditto the Ubuntu images on Docker Hub.
| taftster wrote:
| Right. If I can run Ubuntu on Docker without Canonical
| knowing, I should be able to run Ubuntu on Azure without
| Canonical knowing.
|
| This is a big misstep for Microsoft, from my point of
| view. I think it's less a reflection on Canonical,
| because once they have the information, it's ultimately
| going to be used. Microsoft just should not have agreed
| to the arrangement at all.
| aruggirello wrote:
| I'm all for Occam's Razor and don't usually buy corporate
| bullshit, but this comes to my mind:
|
| - Azure is the second largest cloud provider worldwide
|
| - Ubuntu is probably the most common Linux distro installed
| in the cloud
|
| - We never heard about another episode like this before
|
| Now if Canonical was allowing / encouraging this kind of
| behavior from their sales rep, I think we should have seen it
| happen in the wild before (like, a thousand times?) already;
| since it only happened once, I'm inclined to believe them.
| Also see [1]
|
| Now let me think: I'm not OK with Canonical accessing my
| contact information because I spin up a VM, but I'm also not
| OK with Microsoft sharing my contact information with
| Canonical. What's wrong with "let me call them if and when I
| need?" But I'm European so maybe a little too privacy
| focused.
|
| [1] BTW: let's say 99% Ubuntu VMs are spun to host some
| boring Wordpress site, nuvelle cuisine blog or leather shoe
| shop. What's the chance of an Ubuntu sales representative to
| ever make a sale this way? I guess it must be pretty slim, so
| he'd have to contact hundreds of potential customers to turn
| a few sales - something that would quickly get reported if it
| was a corporate business habit. This reinforces my first
| impression.
| bialpio wrote:
| We haven't heard about it before because other sales reps
| didn't admit to knowing that a customer has deployed
| something, and reached out to the customers under the guise
| of standard-looking sales pitch that got dismissed as
| regular kind of spam. That would be my take on it.
| hn_throwaway_99 wrote:
| I feel like you're missing the point. I wholeheartedly
| believe Canonical does _not_ encourage this kind of
| behavior from their sales rep, but only because it makes it
| obvious that they 're getting data from MS they really have
| no right to access, when they really intend for it to just
| stay hidden behind some voluminous terms of service.
|
| You know what they say, the definition of "gaffe" is when
| someone tells the truth.
| znpy wrote:
| > one of our salespeople got overeager and tried to sell you
| your soul back. He will be reprimanded.
|
| I wonder what have the consequences been for that guy.
| dylan604 wrote:
| Probably a promotion for failing upwards. At least, that's
| how precedence makes me feel about it.
| bregma wrote:
| Probably a "graduate trainee" who got a stern talking-to.
| SilasX wrote:
| >one of our salespeople got overeager and tried to sell you
| your soul back. He will be reprimanded.
|
| I don't think the (non-)apology even gave that much, just
| that the training/policies will be "reviewed", which is even
| weaker:
|
| >>In light of this incident, Canonical will be reviewing its
| sales training and policies.
| IgorPartola wrote:
| I speak enough corporate to know that this guy gets to be
| chewed out. They singled him out in their response and said
| he was new. If they stood behind this policy they would
| have basically diffused the responsibility without
| mentioning him by specifically. I could be wrong of course,
| but he cost a bunch of people a bunch of time and effort
| and unpleasantness so he'll get yelled at.
| rchaud wrote:
| They singled him out because the original tweet showed
| the salesperson's full name and picture. He might lose
| his job because he unintentionally showed everyone how
| the sausage of monetizing open source is made.
| hardolaf wrote:
| You had respect for Canonical after they put ads in the OS?
| yellowapple wrote:
| Canonical's been scummy for about a decade now. This is the
| same company that shoved Amazon results into local desktop
| searches, then responded to criticisms of that with "Don't
| trust us? We have root.".
|
| Pretty ironic considering the meaning of the word "ubuntu".
| badjeans wrote:
| Why Canonical? Isn't this a Microsoft feature?
| Someone1234 wrote:
| Both to be honest. Canonical shouldn't have asked, and
| Microsoft shouldn't have agreed.
|
| Neither one is an innocent party.
| Keyframe wrote:
| Shit companies in a shit business relation. Can't wait to
| see that marriage between the two.
| jacurtis wrote:
| Yes the fact that Microsoft shares this information is
| concerning. But Microsoft only provides the information to
| Canonical (according to the ToS) for technical assistance
| and product support, but not for Marketing purposes.
|
| Canonical is the one who violates trust here. Because they
| are using this information for marketing purposes, which
| they are not allowed to do under the information sharing
| agreement that they have with Microsoft.
|
| So yes, we could argue whether Microsoft should be
| providing the installation information in the first place.
| It should at the very least be opt-out (on by default with
| the ability to not share), and preferably it should
| actually be opt-in (off by default, check a box to allow).
| So there is a violation of trust going on here, but this
| isn't any different than every other major tech company is
| guilty of right now (not that it makes it right).
|
| But Canonical is the one that took the information and used
| it in a way that was never agreed to by either the person
| sharing the information (Microsoft) or by the user via the
| ToS (the ToS says that it is strictly for tech support, not
| for marketing). Canonical is the one that really
| overreached here.
| xorx wrote:
| You're obviously correct in the de jure sense, here. But
| there is also a matter of relationship expectation.
|
| An unstated assumption of using any "free" product is
| that it's not actually free. Canonical screwed up, to be
| sure, but I do think many of us just expect getting
| harassed by salespeople to be the cost of using a "free"
| product.
|
| Microsoft, on the other hand, charges me by the hour for
| using Azure. They've taken their pound of flesh, so my
| business expectation is that I'm going to be left the
| hell alone for anything other than billing matters. Them
| sharing the data in the first place, for something I've
| paid money for, FEELS like the bigger violation to me.
| danans wrote:
| > They've taken their pound of flesh,
|
| As an aside, "pound of flesh" doesn't mean "payment", it
| means "something that is one's legal right but is an
| unreasonable demand (esp in the phrase to have one's
| pound of flesh)", both in Shakespeare and in current
| usage.
|
| Unless you feel Microsoft's price is unreasonable and you
| have no other option, "pound of flesh" isn't the right
| expression.
|
| Something like "they've taken their cut" is more
| accurate.
| xorx wrote:
| Thank you for the aside!
|
| Too late to edit, though.
| danans wrote:
| Thanks for hearing it out!
| cogman10 wrote:
| Depends a lot on the free product.
|
| For a linux distro, my expectations are that it's "free"
| but support will cost you money. My expectation is not
| that it's "free" and the OS will spy on you and report
| back to HQ so sales can make more sales.
|
| If I don't give personal information on installation my
| expectation is the product is not harvesting or
| forwarding that information (For example, I expect that
| with Facebook, I don't expect that with GIMP).
|
| Both are certainly wrong IMO. MS for giving personal info
| to a 3rd party and Canonical for bundling spyware with
| their OS. Both are super icky.
| Spooky23 wrote:
| Its an example of a risk with cloud providers that isn't
| talked about often or is ignored. For example, why doesn't
| WalMart use AWS?
|
| Companies now leak alot of metadata about what they are
| doing. If a teeny company like Canonical is mining stuff
| like this, consider what Microsoft knows about how you use
| their products, and I'm sure your EA negotiation as a big
| company is at some level driven by what they know.
| IgorPartola wrote:
| Because Canonical's response was "oops you actually found
| out."
| ProAm wrote:
| This is the 'not on prem' tax that will be the norm going
| forward.
| Hizonner wrote:
| I'm under the impression that on-prem Ubuntu phones home.
| I guess maybe it can't guess your LinkedIn name, though.
| dron57 wrote:
| It's trivial to disable any telemetry considering it's
| open source:
|
| https://github.com/ubuntu/ubuntu-report
| detaro wrote:
| How is a Canonical rep contacting him purely a "Microsoft
| feature"?
| inetknght wrote:
| It means that Microsoft is providing information that
| they shouldn't.
| detaro wrote:
| And Canonical decided to take that data, search him on
| Linkedin and contact him. Seems reasonable to see that as
| a reason to loose respect for Canonical over.
| inetknght wrote:
| Don't get me wrong, what Canonical has done here also
| isn't good. But what they've done shouldn't have been
| _possible_ because Microsoft shouldn 't have given
| Canonical the information in the first place.
| bigbizisverywyz wrote:
| The question I have is what's in it for Microsoft, why
| did they even bother to do this in the first place? I
| can't believe there would be that big of a cash
| incentive.
| foolmeonce wrote:
| If this were Windows, I would expect Microsoft to pass it
| to an internal department that sells higher service
| contracts and then off to 3rd parties that provide the
| same for up to a week after you find the "don't share my
| data" checkbox.
|
| That (enterprise support) is a very important side
| business. Whether they got cash from other OSes or just
| set it up the same to fight an eventual Anti-Trust Case
| is anyone's guess.
| hn_throwaway_99 wrote:
| Again, the user's relationship was with Microsoft, not
| Canonical. Microsoft is the one who the user entrusted to
| protect their data, and they didn't.
| detaro wrote:
| how makes that Canonicals side of things better?
| inetknght wrote:
| It doesn't.
| bregma wrote:
| The user chose Microsoft's Azure product to run
| Canonical's Ubuntu product. The user has relationships
| with both vendors.
| [deleted]
| sly010 wrote:
| Well, what should we be more angry about? That Canonicals
| sales rep is using data in their CMS, or that Microsoft
| is selling data to third parties. The root cause seems to
| be Microsoft, not Canonical and (at least in my eye) the
| conclusion is not "don't trust Ubuntu", but "don't trust
| Azure".
| com2kid wrote:
| As stated above, MS isn't selling this information. They
| are providing it for customer support purposes.
|
| In the business world, having data marked "customer
| support only" is pretty common. There are quite a few
| laws acknowledging the difference. Importantly, the data
| is supposed to be kept separate and it sounds like
| Canonical screwed up here.
| marcinzm wrote:
| Someone giving you a gun doesn't absolve you of the crime
| of shooting someone with it or of keeping the gun.
|
| edit: The data doesn't just magically show up in
| Canonical's CRM. They spent time and effort establish an
| integration with Microsoft and then building processes on
| top of that data.
| phone8675309 wrote:
| The takeaway is "don't trust Ubuntu or Azure".
|
| It's like if you tell a friend that there's a key to your
| back door under the mat but to keep it a secret and
| instead of keeping the secret they tell a mutual friend
| about it and that mutual friend robs you since they know
| where the key is.
|
| You shouldn't trust the friend that told the your mutual
| friend where the key was and you shouldn't trust the
| mutual friend who robbed you.
|
| The friend who told your mutual friend may have done so
| for what they thought were useful reasons, like letting
| the mutual friend know so they could fix something for
| you while you're out, but they still violated your trust
| non matter what their intent was.
| markild wrote:
| Great, so their conclusion is "we should make this less obvious
| and creepy", not "we should probably stop doing this".
| jacurtis wrote:
| Yes, that is the big takeaway here and why I just lost a ton
| of respect for Canonical.
|
| In Canonical's statement they never regretted using the
| information to contact the user. The part they regretted was
| TELLING the user that they are monitoring the installs and
| linking those installs to personal contact details.
|
| Canonical promised to improve training to avoid those "poor
| choice of words", NOT to stop the practice. Basically they
| will train their staff to make it feel more serendipitous
| when they just so happen to reach out about selling an
| enterprise license moments after you install the VM on Azure.
| Canonical doesn't regret this sales practice and plans to
| keep using it. That's the scary part in this story.
| hackcasual wrote:
| That's marketing
| michaelt wrote:
| Once you decide your cloud platform will include a
| marketplace for paid, licensed enterprise software, this
| doesn't surprise me all that much (although it kinda sucks)
|
| I mean, is it even possible to buy an Oracle license without
| Oracle knowing who you are?
| macksd wrote:
| My first thought was that companies that are selling
| complementary services (and that's really the difference
| between Debian and Ubuntu here) are obviously going to have
| mutually beneficial affiliate agreements. The vast majority
| of us are probably working at companies that do that. Someone
| mentioned Oracle licensing enforcement and yeah, I wouldn't
| feel like a victim if I used bootleg copies of Oracle and the
| bootleg copy told them without me expecting it. I think in
| this case it should be clearer and opt out, but honestly -
| who among us is the least bit surprised that Canonical at
| least gets _some_ referral here?
|
| But where they specifically went wrong? Well one of them was
| absolutely the way the "point of contact" reached out. If my
| professional email was shared with you as part of a
| professional agreement, adding it to a mailing list to sell
| me on the paid version of what I used for free makes sense.
| Sending some of those specific details to my personal
| account, which by the way you aren't sure is actually me, is
| way over the line. The salesperson personally screwed up big
| time there for sure.
|
| The other thing is the granularity of the data, and that's
| also over the line. I read that agreement and think sure -
| they'll know our company has used their company. But specific
| actions taken by specific developers? There are users that
| avoid certain providers like the plague because in some way
| they're competitive, and even if they trust them not to
| directly compromise security measures, interfere and steal
| data - they still don't want a competitive company having
| insight into their costs, development, traffic, etc. This
| kills the trust you may have in Microsoft from that
| standpoint.
| toyg wrote:
| "oops, our dirty secret is out. But we won't do it again, guv!"
| rkangel wrote:
| Actually, to me the MS statement is the most illuminating and
| I'm guessing that Canonical is getting some grumpy calls from
| Microsoft.
|
| This is the last part of the Microsoft statement:
|
| "Our terms with our publishers allow them to provide customers
| with implementation and technical support for their products
| but restricts them from using contact details for marketing
| purposes"
|
| Canonical then tells us that this person was a _Sales
| Representative_ , and it is clear from the content that this is
| a message aimed towards selling. Canonical has broken
| Microsoft's terms. That said, I can't see where that legal
| restriction is (e.g. can't see anything like that in
| https://azure.microsoft.com/en-
| us/support/legal/marketplace-...).
| ballenf wrote:
| Very reminiscent of that Netflix tweet calling out a small
| group if people for some extraordinary binge watching.
|
| "The first rule of the the surveillance economy is don't talk
| about the surveillance."
| tfehring wrote:
| I guess I don't understand the quote from Microsoft's
| statement. Canonical provides "implementation and technical
| support," right? But they're not allowed to use user data
| from Microsoft to market those services? How else would that
| data even be useful for Canonical's "implementation and
| technical support" services?
| rkangel wrote:
| This is the full quote from MS, provided in The Register
| article:
|
| "Customer privacy and trust is our top priority at
| Microsoft. We do not sell any information to third-party
| companies and only share customer information with Azure
| Marketplace publishers when customers deploy their product,
| as outlined in our Terms and Conditions. Our terms with our
| publishers allow them to provide customers with
| implementation and technical support for their products but
| restricts them from using contact details for marketing
| purposes."
|
| My interpretation is:
|
| Every time you buy or use something from the Marketplace,
| MS will give your contact details to the Marketplace
| publisher. That publisher is then restricted in what they
| can do with the information. They may _not_ use it for
| Marketing, they _may_ use it to provide technical support.
| sorokod wrote:
| How more reasonable it would have been for Microsoft to
| provide the publishers details to consumers instead of
| the other way around.
|
| Interesting that this is not so.
| lotsofpulp wrote:
| Microsoft can earn more money this way (selling data for
| sales purposes), so their behavior meets my expectations.
| moron4hire wrote:
| But they aren't selling the data
| sorokod wrote:
| On the off chance you are not being sarcastic, do you
| think that Canonical got the data for free?
| sorokod wrote:
| Mine too, it is hilarious that they present this
| gratuitous data sharing as "this is normal/we are the
| victims as much as you are"
| [deleted]
| pbhjpbhj wrote:
| This sounds like plausible deniability to me. "We sell
| your details to companies whose products you're using -
| which would be really useful marketing information; but
| they say they don't use it for that, so we did what we
| need to."?
|
| Microsoft being lily-white (/s) would ensure they had
| GDPR-like positive consent from customers that they could
| pass on those customers info to specific third parties...
|
| The idea that companies keep some sort of information
| wall between their support and marketing departments is
| pretty ridiculous. MS have to be fully aware of this,
| surely.
|
| So, the story is Canonical taking part in the same crap
| as the more overtly crap companies, and just this one
| agent not being clever enough to keep their leads under
| wraps.
|
| GDPR obliges companies to provide information on all this
| parties PII has been passed to. Given cookie lists (or
| UBlock blocked files) are hundreds of companies long I'm
| surprised we're not getting reports of who is buying up
| all this info.
| tfehring wrote:
| Yeah, I agree with your interpretation and that makes
| sense from Microsoft's perspective. Just one open
| question that that raises: does a name and employer count
| as "contact details"? Do Microsoft's terms allow
| Canonical to reach out to someone on LinkedIn for
| marketing purposes as long as they don't look them up
| using the email address Microsoft gives them?
|
| And if the answer to that last question is no, what _can_
| Canonical do with the data that 's actually valuable to
| them? If I were given access to a database of sales leads
| that I was explicitly disallowed from contacting, I would
| actively avoid even accessing the data to avoid any
| accusation or perception that I violated those terms,
| just in case I independently got in touch with those same
| leads through a different channel.
| rkangel wrote:
| So I don't know the answers to your questions - but
| here's one interesting thing - according to GPDR your
| email address is personal information as you'd expect.
| However your _work_ email address is not. Companies can
| do all sorts of harvesting and collection on professional
| information that they can 't on personal.
| pc86 wrote:
| By waiting for someone to reach out for "implementation and
| technical support," at which point Canonical already has
| the data they need to investigate deeper? Not that that's
| even great, because 99% of the people who spin up a service
| will never contact Canonical and shouldn't have their info
| shared.
| tfehring wrote:
| Yeah, I thought about that possibility, but I'm skeptical
| because the usefulness of Canonical getting that data
| directly from Microsoft seems really minimal. Whatever
| data Microsoft is collecting from its clients (I'd think
| it's _at most_ metadata about base images, instance
| types, and maybe number of instances and usage patterns)
| should be trivial for those clients to provide to
| Canonical, if needed, if and when they initiate a support
| contract.
| dragonwriter wrote:
| > But they're not allowed to use user data from Microsoft
| to market those services? How else would that data even be
| useful for Canonical's "implementation and technical
| support" services?
|
| The data on who was doing what would be useful for
| _providing_ implementation and technical support to people
| _who has already contracted with Canonical_ for those
| services, both for providing the service and, depending on
| price structure, possibly for billing.
| saghm wrote:
| > The data on who was doing what would be useful for
| providing implementation and technical support to people
| who has already contracted with Canonical for those
| services
|
| So then why should everyone else who doesn't have any
| contact with Canonical have their data forwarded to them
| too? This should be opt-in rather then opt-out, let alone
| always happening with no way to opt out
| elygre wrote:
| "Ouch. Big bug. Let's contact the users who installed it
| from the azure marketplace. Good thing we got their names
| when they installed it!"
| RobLach wrote:
| "Ubuntu Server on Azure best practices guide.pdf"
| jacurtis wrote:
| > "On February 10th, a new Canonical Sales Representative
| contacted one of these developers via LinkedIn, with a poor
| choice of word. In light of this incident, Canonical will be
| reviewing its sales training and policies."
|
| The part I find the most enlightening (ie: disturbing) is
| that Canonical's only regret is that the sales rep used "a
| poor choice of word" and they will train their salespeople
| better.
|
| I assume the "poor choice of word" was when the salesman
| said, "I saw that you spun up an Ubuntu instance". Was
| Canonical's biggest regret that the salesmen INFORMED the
| user that they are monitoring installs and linking them to
| contact information?
|
| Canonical never said "oh the salesperson wasn't supposed to
| market to you with this information", instead they basically
| said, the salesman wasn't supposed to TELL YOU that we are
| monitoring what you install and linking it to personal
| contact details.
| thom_nic wrote:
| > the salesman wasn't supposed to TELL YOU that we are
| monitoring what you install
|
| Exactly. The old "I'm sorry I got caught" and not "I'm
| sorry I did it."
| reaperducer wrote:
| We can do better(tm)
| tohmasu wrote:
| Legal wishes to remind you that that statement always
| needs this accompanying statement.
|
| _The word "better" does not imply a commitment towards
| customers and/or investors. *The word "do" should not be
| seen as referring to the taking of any specific course of
| action which may or may not yield tangible change. *The
| word "can" does not signify a concrete ability and is not
| forward-looking. *The word "We" should not be interpreted
| as Canonical Ltd. nor any of its subsidiaries or
| affiliated entities._
| NullPrefix wrote:
| Reminds of the famous Bill Clinton qoute
|
| >It Depends on what the meaning of the word is is
|
| https://www.youtube.com/watch?v=j4XT-l-_3y0
| raverbashing wrote:
| Yeah, the only acceptable choice of words in this case
| would be: none.
| LegitShady wrote:
| It's all about plausible deniability.
| qeternity wrote:
| Or as law enforcement call it: parallel construction.
|
| The sales rep was probably expected to reach out claiming
| some other reason, making it look like the standard
| LinkedIn spam, but in reality much more targeted.
| SilasX wrote:
| Yep, and the purported "retraining" will probably be more
| like, "use a vaguer or falser pretense to cold-call".
| jedberg wrote:
| > That said, I can't see where that legal restriction is
|
| It's probably part of the contract between MS and Canonical.
| rkangel wrote:
| Which is a problem. I'm much happier if that restriction
| both exists and is enforced. If we can't see that contract,
| then it's all based on trust, and trusting tech companies
| with personal information has not gone well so far.
| duxup wrote:
| I think the Marketplace quote is worth noting too:
|
| >A look at the terms for the Azure Marketplace throws up this
| sentence: "If you purchase or use a Marketplace Offering, we
| may share with the Publisher of such Offering your contact
| information and details about the transaction and your usage."
|
| So the publisher of something on their Marketplace gets some
| information.
|
| This doesn't seem 'that' weird (well the linked in contact
| does) as it seems semi related to ... say apps and app stores
| and etc.
|
| Edit: I'm not justifying the policy, but I am noting that on a
| marketplace with third parties, this seems pretty standard /
| something you should always consider when you install something
| from a third party.
| aendruk wrote:
| In this case it's not obvious that you're participating in a
| "marketplace". Look at the screenshot of VM creation:
|
| https://twitter.com/LucaBongiorni/status/1359737285118410752
|
| If we accept that the Ubuntu image is a marketing device then
| this screen is using dark patterns.
| hn_throwaway_99 wrote:
| But I think that these comments from the Twitter thread are
| very valid:
|
| > I belive you spun up the VM based on an image from the
| Azure Marketplace, specifically one from Ubuntu. That is not
| a microsoft image, you accepted an offer from Ubuntu and now
| they contact you to follow up. That's my understanding of the
| situation. Hopefully someone can clarify
|
| > Where exactly it is visible any ToS?! As soon as I clicked
| on "add new VM", the first option suggested was Ubuntu 18.04.
| I didn't dig into the Azure Marketplace. I just picked the
| first option available since I quickly need a linux-based
| test VM.
|
| I mean, I'm not as familiar with the AWS marketplace, but I
| use the GCP marketplace, and when I choose an offering from
| that marketplace it's very clear I'm just buying a
| prepackaged solution from another vendor, and I'd expect that
| other vendor gets my info. IMO this is _very_ different from
| choosing the OS for your VM from a dropdown.
| btown wrote:
| I think this is one of the points that the _spirit_ of GDPR
| and similar legal frameworks gets right: users have the
| right to opt-in, without service being degraded if they don
| 't, to data sharing unless that data sharing is "necessary"
| to fulfill the transaction (I believe this is the basis for
| "legitimate interest").
|
| If I'm buying a SaaS or DBaaS from a vendor over a
| marketplace, or launching a metrics collector where phoning
| those metrics home is a core value prop, I'd be fine to be
| told that sharing information with the end operator, not
| just the marketplace, is necessary to fulfill the
| transaction. And there should be contracts in place to
| ensure my data's not used for unrelated purposes. If the
| operator breaches those contracts, the operator is liable.
|
| But in what possible way is "using a pre-packaged Linux
| distribution" a transaction where sharing information with
| the packager is "necessary?"
|
| I have no doubt that Microsoft's lawyers have covered their
| posteriors here. But the spirit of these regulations would
| be that users don't have the expectation that they're
| opting into Canonical getting their info just because they
| use a bog-standard Ubuntu distro. Users didn't knowingly
| consent to this.
|
| (EDIT: not a lawyer, not legal advice)
| joezydeco wrote:
| This is the real answer. I almost did the same thing but
| decided to spin up my own image instead of buying a prepacked
| one from the Marketplace.
| duxup wrote:
| Exactly, I'm not so much cool with the policy here, but
| absolutely we should think about what we want and take
| appropriate actions like you did if we want to avoid it.
| joezydeco wrote:
| Well, my reason was also because I was having so much
| trouble trying to find a machine+zone+disk setup that was
| available _and_ under my $50 /month budget since I'm
| running on MSDN subscription credit. What a freaking pain
| in the ass.
| IgorPartola wrote:
| You buy a dishwasher from Best Buy. They send your name and
| address to Maytag. You buy soap from Walmart. They send your
| name and address to Johnson & Johnson. You buy a sandwich at
| your local deli. They send your name and address to Boar's
| Head. Cool?
| duxup wrote:
| I don't know if it is cool, but I wouldn't be surprised.
|
| The idea that a AWS or Aszure market place with third
| parties involved is different than say my example, an App
| store with third parties seems like a good way to think
| about it.
|
| I'm not justifying the policy, but I am noting the context
| isn't that different and how we should think about it.
| IgorPartola wrote:
| That's fair. I guess if Canonical is selling something
| directly by using Azure's storefront that's a different
| thing. Still, their response to this is pretty terrible.
| stevehawk wrote:
| Cool? no. The reality? Almost certainly.
| csours wrote:
| > You buy a dishwasher from Best Buy. They send your name
| and address to Maytag.
|
| For warranty purposes of course
|
| > You buy soap from Walmart. They send your name and
| address to Johnson & Johnson.
|
| In case they need to recall the soap
|
| > You buy a sandwich at your local deli. They send your
| name and address to Boar's Head. Cool?
|
| So you can get some cool Boar's Head swag!
|
| Just kidding of course. We need much better data privacy
| protection.
| SilasX wrote:
| Those actually seem reasonable (other than the swag one)
| _if and only if_ that info is locked away on a need-to-
| know-basis, it's used for precisely that purpose, and
| regulators vigorously punish any sharing or release. The
| GDPR seems like a good step in that direction.
| IgorPartola wrote:
| > So you can get some cool Boar's Head swag!
|
| I can't even imagine what that might be. But technical
| support for my sandwich making needs would be fun. Kind
| of how Butterball (I think it's them) has a help line on
| Thanksgiving for cooking turkeys. They made the news a
| few years ago by hiring men to work the phones because
| they learned that men cook more frequently now but feel
| uncomfortable asking women for advice. I had a good
| chuckle at that.
| ethbr0 wrote:
| I have a sneaking suspicion Boar's Head et al. know
| sandwich making secrets that would substantially improve
| my lunches.
|
| I mean, you do anything for long enough, you get good at
| it. Especially if you're soliciting feedback from even
| more people who are doing it.
|
| I think somewhere out there there's a story of a Brita
| customer support rep tracking down a filtration engineer
| to get a technical answer to how long one could filter
| and drink urine for.
| dylan604 wrote:
| >I can't even imagine what that might be.
|
| A mounted boar's head to mount on the wall that makes
| grunting sounds when it's sammich time. But being HN,
| it'll also have cameras for eyes (3d) and microphones in
| the ears so that it knows when it is time to re-order
| more product. Maybe it'll link with Alexa/Siri/GHome with
| an articulated mouth so that it makes it look like it is
| Alexa. If you place it where it can see the contents of
| your fridge and/or pantry, it will be able to
| automatically order food for you.
|
| The lack of imagination these days... /s
| 95e702cdcbd7d09 wrote:
| Up until a few years ago, something similar used to happen
| when you bought a TV set here in Sweden.
|
| If you bought one, your information was shared with the
| entity ("Radiotjanst") in charge of collecting the
| mandatory TV fee (funding public service radio and TV
| programming).
|
| The fee is now collected as tax instead, so that's no
| longer the case.
| cycomanic wrote:
| Except we are talking about licencing here, not buying. If
| one likes it or not, buying of physical or non-physical
| goods has long been very different (I'm not supporting it,
| but it's the reality.)
| retzkek wrote:
| > You buy a dishwasher from Best Buy. They send your name
| and address to Maytag... Cool?
|
| Since most appliance manufacturers require you registering
| your product with them for warranty service, yes, please
| take care of that for me (many appliance stores do). Now
| _should_ Maytag require that registration? If it makes for
| a quicker and smoother warranty service process then I'm
| okay with it - better than needing to dig up a receipt in
| three years, only to find that the thermal printing has
| faded.
| [deleted]
| lotsofpulp wrote:
| > Since most appliance manufacturers require you
| registering your product with them for warranty service,
| yes, please take care of that for me (many appliance
| stores do)
|
| Manufacturers legally have to honor their warranty
| regardless of you giving them your information. They
| don't exactly say you won't be covered by warranty if you
| don't "register", because they legally can't.
| IgorPartola wrote:
| There is a difference between you checking off a box that
| says "send my info to Maytag" and BestBut just doing it
| and then when you find out about it Maytag saying "you
| weren't supposed to find out".
| ryandrake wrote:
| The difference, as usual, is: consent and control. 1. the
| user did not provide affirmative informed consent (it was
| buried in a ToS doc that nobody reads) and 2. the user
| has no meaningful control of the sharing.
| chias wrote:
| Pretty much. What do you think "loyalty" cards are actually
| for?
| IgorPartola wrote:
| I am somewhat OK setting up a loyalty card with a grocery
| store. I am much less OK with that info being shared. But
| also grocery stores tend not to check your info when you
| sign up so I have a whole lot of cards in the name of
| e.g. Deez Nuts.
| biot wrote:
| The distinction here is when it's a marketplace. You buy a
| product from a third-party vendor on Amazon. Amazon sends
| details of your purchase to the third-party vendor for
| fulfillment. Cool.
| IgorPartola wrote:
| I don't know how I feel about that. Am I doing business
| with Amazon or the third party? If it's the third party,
| I want it to be crystal clear that they are the ones who
| will get my info. And if it's not crystal clear and I
| find out and their response is "oops, you weren't really
| supposed to notice that"...
|
| Again, think of the grocery store example: you go in,
| there is a Boar's Head counter where they sell
| sandwiches. You grab a sandwich and head to the checkout
| line. You pay the grocery store worker who is wearing a
| grocery store shirt and get a grocery store receipt that
| says you just bought a $5 sandwich and used your grocery
| store loyalty card. Do you expect that Boar's Head will
| get the details of your loyalty card, which sandwich you
| bought, what else you bought, etc. even if the back of
| the receipt says in fine print that the grocery store
| _may_ share that information with someone?
|
| If Boar's Head had their own clerk and their own cash
| register you'd be doing business with them. But then it
| would be clear cut, right? The fact that the grocery
| store is processing the payments and presenting it as
| essentially they are reselling Boar's Head products would
| imply that Boar's Head is not involved in your individual
| transaction.
|
| If this is a service you are buying from Boar's Head but
| they simply use the grocery store's cash registers,
| accounting, inventory, etc. then I would argue it's on
| the grocery store and Boar's Head to make it crystal
| clear who you are doing business with, or else you run
| into situations like this. And if a situation like the
| one that started this whole debacle happens, their
| response should be "We are sorry. We never made it
| crystal clear why we get this information. You see, we
| are partners with the grocery store and when you buy our
| delicious sandwiches from your local Piggly Wiggly you
| are actually doing business with us. We know it's in the
| grocery store's TOS, but we think it should be clear that
| you are actually our customer as well when you transact
| business with them for our goods. This is to provide
| benefits X, Y, and Z. If you don't want to do business
| with both Piggly Wiggly and us, here are some
| alternatives to get our delicious sandwiches elsewhere
| and some recipes to make your own. In addition, this
| incident happened because our sales staff was not
| properly trained on how we should use our customer data.
| We are going to review our privacy policies and publish
| an update in six weeks or sooner with what we will be
| doing going forward. If you have any concerns, please
| contact me directly. XOXO CEO of Boar's Head."
| gowld wrote:
| Why is it OK for "Grocery Store" to see your data, but
| not "Boar's Head"? Corporations aren't people. The
| boundaries are imagianry?
| IgorPartola wrote:
| Where did you get the idea that I think corporations are
| people?
|
| It's OK for the grocery store to see my data for because
| I explicitly consented for them to do that when I gave
| them my name and address when I filled out the loyalty
| form. Same way that I need to give some info to Azure to
| create an account, right? They aren't an anonymous
| service. But it's an active opt-in situation. You give
| them your info. They don't just take it.
| grasseh wrote:
| I know this is meant as a rhetoric, but it sounds like car
| sales. I bought a car last year. They sent my name and
| address to Sirius XM and now I'm getting spammed by
| marketing calls + marketing physical mail for Sirius XM
| when I don't need such service. I have a phone and all my
| music on it. It's already something that happens in the
| non-software world and it's definitely annoying there too!
| plorg wrote:
| In the car of Sirius it's pretty amazing the lengths
| they'll go. They send out a Customer Agreement with a
| welcome packet when they activate a trial subscription
| for a particular unit (usually when you buy a car, new or
| used, but I've received it on my car that I bought 4
| years previously). That agreement, it claims, has the
| power of contract, and will be binding on the customer as
| soon as the service is activated or the customer receives
| they're policy. Of particular offense to me, it subjects
| the customer to binding arbitration (for a trial
| subscription the customer never requested or
| affirmatively agreed to). They've literally gone to the
| Supreme Court (and lost) arguing that a trial user could
| not sue for their nuisance mail because of the
| arbitration clause. The agreement states that it remains
| in effect unless the customer cancels their (trial)
| subscription within 7 days of activation, and only by
| phone.
|
| In my most recent case I received such a packet 6 days
| after the date they said they activated the service. I
| called the same day and told the agent I wanted to cancel
| my trial subscription, citing specifically that I did not
| want the service and refused the terms of the agreement.
| The retention script (which is the same no matter which
| agent you talk with) is, "well you can keep the trial
| going and it will just expire", and repeat it several
| times. You have to be persistent and use the language
| "cancel my subscription", or you will get nowhere.
| daveFNbuck wrote:
| If the trial contract isn't enforceable, why bother
| canceling?
| plorg wrote:
| I want them to stop sending me nuisance mail whether or
| not the contract is enforceable.
| daveFNbuck wrote:
| Did canceling stop it? They still have your contact
| information and they still know you have a satellite
| radio in your car.
| plorg wrote:
| I still received mail sent before I cancelled, I received
| a piece of mail acknowledging a cancellation and offering
| a new, discounted subscription. I believe I received at
| least one more piece of mail.
|
| To be clear, I do not think any of my efforts will get my
| contact info out of their databases. Auto purchases are
| recorded publicly (at least in my state).
|
| My comment above was about the extent to which Sirius, as
| a company, puts up hurdles to protect their nuisance
| practices, including shrouding them with legal claims
| that they will defend at the highest levels of
| jurisprudence. They lost their case in 2014 and updated
| the language in their agreement, presumably to address
| the weakness of their previous agreement, since it still
| claims to bind the customer without any action on their
| part.
|
| In any case, I do not want to derail this thread any
| further.
| IgorPartola wrote:
| That specific one really sucks. Every time I've bought a
| car that had a satellite radio I got spammed for like two
| years by Sirius XM. How are they still in business?
| WrtCdEvrydy wrote:
| Sometimes it's just public records... I know someone
| fucked up if they use the wrong last name. Makes it easy
| to filter out spam.
| ComputerGuru wrote:
| AWS has the same. If you treat it as an actual marketplace
| with individual images uploaded and licensed by their IP
| owners and not as "images of popular distros hosted by
| Microsoft" then it really does make sense. They're not
| resellers, they're just facilitating the marketplace.
| duxup wrote:
| I remember when Docker had some bad images show up.
|
| There was much concern, but this isn't THAT different than
| any other marketplace. Gotta treat it that way.
| hrktb wrote:
| > app stores
|
| We should praise Apple for not giving our identifying info to
| app developers.
| Abishek_Muthian wrote:
| I wonder whether the LinkedIn profile of the customer was
| directly handed out to the Canonical by MS, because invite by
| email on LinkedIn cannot send 'custom invite message',
| Canonical Agent seems to have manually sent an invite with
| custom message which leaves us with two possibilities -
|
| 1. Agent had enough details at hand to confirm that the
| LinkedIn profile was indeed that of the customer.
|
| 2. Access to LinkedIn profile itself (e.g. profile URL).
|
| If 2. how did MS make that association? AFAIK there's no
| mechanism for the user to connect LinkedIn profile to Azure or
| vice versa.
|
| P.S. I know MS owns LinkedIn.
| detaro wrote:
| He stated the LinkedIn profile was under a different email
| (makes sense, not corporate one). I'd guess 1: name+company
| matching was enough.
| hobofan wrote:
| Isn't that even possibly illegal? I mean contacting someone
| on a personal channel for unsolicited B2B sales?
| adambyrtek wrote:
| Sadly, I get B2B marketing spam like that all the time as
| CTO, so I'm definitely not as shocked as others in this
| thread.
| gowld wrote:
| How is LinkedIn a "personal" channel, and why would it be
| illegal anyway? Direct marketing isn't illegal.
| hobofan wrote:
| Depending on the jurisdiction it might be. E.g. in
| Germany cold calls (actual phone calls) even for B2B are
| only legal under certain conditions (generally either
| preexisting registration of intent, or if it's common in
| the specific industry). I'm not sure what the regulations
| regarding cold e-mail or messaging are, though.
| fortran77 wrote:
| Given that "everyone" in the community probably blocked this
| guy on LinkedIn, I'm not sure he's going to have much luck as a
| salesman going forward.
| peanut_worm wrote:
| Looks like i'm switching to Debian this weekend, what a stupid
| company lol
| waynesonfire wrote:
| Under CCPA, can CA residents opt out of this?
| api_or_ipa wrote:
| Time to update the old joke: "Ubuntu is an ancient African word
| that means 'steals all your information'".
| sudenmorsian wrote:
| > Essentially you're agreeing to a EULA of some sorts, that
| "offer", and the offer has terms which include a reporting back
| to publisher. Imagine Oracle using this to capture enterprises
| that are skirting their license empire.
|
| https://twitter.com/dezren39/status/1359726235929223168?s=20
| maltalex wrote:
| FWIW, I have dozens of Ubuntu VMs on Azure. Never got an email
| like this.
| impostervt wrote:
| Great, one more type of message to ignore on LinkedIn.
| criddell wrote:
| Do people actually check their messages on LinkedIn?
| larntz wrote:
| I feel like something similar happened with me middle of last
| year. I was studying for an Azure certification and deployed a
| few ubuntu servers. Around that time I received an email from
| someone named Aldo with 'Business Development' in their email
| signature.
|
| We don't use anything from conanical at work and I've never
| signed up for anything from them that I recall. I remember at the
| time thinking it was weird to get this email when I had never
| before used an ubuntu server in azure. I certainly never
| expressed any interest in "running ubuntu in a secure manner on
| Azure" to anyone.
|
| I received the email on June 6, 2020, and then several follow up
| emails when I didn't respond.
|
| This was the message:
|
| > With 85% of enterprises having either a mandate, preference or
| exploration of open source technology I've connected with many
| individuals, while working from home, who have reached out to
| discuss how we provide proactive security for Ubuntu deployments
| in the cloud. I understand you have similar interests around
| running Ubuntu in a secure manner on Azure.
|
| > Ubuntu Pro, our carefully optimized image for production public
| cloud environments, provides all-inclusive patching for over
| 30,000 packages (for up to 10 years), FIPS 401-2 certification
| and Automated security profiles including CIS and DISA STIG.
|
| > That is just a handful of ways we keep companies safe and I was
| hoping to show you more. How does your schedule look this week,
| or the next, for a quick chat?
| moonbug wrote:
| Nerd gets a product from a marketplace, us surprised to be
| contacted by a salesman.
| somehnguy wrote:
| I installed Ubuntu onto a physical machine recently because I
| needed to use a Linux package for something real quick.
|
| Upon trying to install the incredibly common package I was given
| some error about it not existing and some nonsense about using
| snaps. I don't care about learning how to use snaps, I just want
| to get something done. I quickly installed Debian instead and got
| back to doing the work I needed to do. It really soured my
| opinion of Ubuntu - a distro I first used back when they were
| still mailing out CDs.
|
| This furthers my negative opinion of Canonical and solidifies my
| position that I'll never use Ubuntu again. Debian it is for me if
| I need Linux.
| simosx wrote:
| Most likely you tried to run a command, this command was part
| of a package that has not been installed, and Ubuntu suggested
| to you to install a specific deb or snap package.
|
| There is a usability package 'command-not-found', which is a
| handler for the shell and runs when the command you tried to
| run, was not found.
|
| You mentioned though that you tried to install a package, the
| package was not found and got a suggestion to use snaps or
| something. There is no such thing as far as I know.
|
| There are two packages, 'chromium-browser' and 'lxd'. In Ubuntu
| 20.04, both these packages are now only available as snap
| packages. If you try to install them with `apt install`, you
| get a notification that they are now only available as snap
| packages, and the installer transparently installs the snap
| package for you. This has been discussed a lot before
| implementing, and also here. The gist is that when you `sudo
| apt install chromium-browser`, you want the installation to
| work, not get an error message to run `sudo snap install
| chromium` instead.
| ducktective wrote:
| Well, personally, I'd have very much preferred an abrupt
| error and a recommendation to install the thing with snap.
| After all `apt` is reserved for apt-managed applications not
| some general "install-please" meta command. I thought failing
| fast and general transparency was a Linux/UNIX motto.
|
| Just my 2c. I'm not well-versed in sysadmin stuff.
| somehnguy wrote:
| I didn't try to run a command, I ran this exact script:
| https://github.com/ct-Open-Source/tuya-
| convert/blob/master/i...
|
| Actually you could be right - that script does run `python3`
| after apt-get'ing everything it needs. Anyway..
|
| I didn't look into it any further because I didn't feel like
| investing any time into learning the 'Ubuntu way'.
|
| I installed Debian instead and it worked perfectly without
| any grief. It also worked perfectly on PopOS when I used it a
| few days later on a different machine.
|
| Canonical can make whatever changes they want of course, I've
| just become increasingly less patient when it comes to
| machines not acting how I have come to expect. So I'll just
| stick to what works. Oh man - I'm becoming one of those old
| dudes...
| slim wrote:
| I used to be a ubuntu user from the time they were mailing cds
| like you. I abandoned ubuntu for debian when they started doing
| strange things with my desktop like putting the window controls
| on the wrong side of the window for no other reason than user
| lock in.
|
| Last week my son installed ubuntu on his cheap tablet pc. it
| worked flawlessly : wifi, sound, track pad and even touch
| screen. on screen keyboard worked. even the wacom tablet worked
| out of the box. when he was on windows he had to install a
| driver for it to work!
|
| so I guess I'm not mad at ubuntu anymore. it's just not for me.
| or any linux geek. it's for windows users.
| shadowgovt wrote:
| > putting the window controls on the wrong side of the window
| for no other reason than user lock in.
|
| How does that cause user lock-in?
| simosx wrote:
| Those windows controls on the left was the result of UI
| experiments. The mouse travels less when the controls are on
| the left. Imagine launching an application with the launcher
| on the left, and when you want to close to close the
| application, you have to move the mouse aaalllll the way to
| the right. It is not a breathtaking innovation as OS/X had
| been doing it already.
|
| You can learn to use the windows controls on the left. I got
| used to using them and it takes a few days to feel at home.
| When sadly Ubuntu switched back to GNOME Shell and reverted
| this change, it felt really unnatural to have those windows
| controls on the wrong side. Still, you get used to it after a
| few days.
| mdoms wrote:
| > it's for windows users
|
| Honestly as a half-half Windows user the stupid window
| controls on the wrong side is a big enough turn-off for me
| that I won't even consider Ubuntu. I think it's for Mac
| users.
| tailspin2019 wrote:
| I too have started to notice some increased "friction" when
| trying to setup Ubuntu these days.
|
| Like you, I don't care about "snaps" (though in my ignorance
| I'm willing to accept I may be missing out on something
| useful...)
|
| Even when you go to their Download page for Server, the first
| option is not a download link but some blurb about "Multipass"
| which I'm pretty sure is not what the majority of people are
| looking for when they click a menu option called "Download" for
| a server OS.
|
| But this LinkedIn crap is just awful and surprises me coming
| from Canonical.
| simosx wrote:
| That's the page, https://ubuntu.com/download/server
|
| You get three options to run Ubuntu server.
|
| The first option is to run Ubuntu server in a VM, and most
| users will want to run Ubuntu server in a VM. Multipass is a
| tool that helps you run Ubuntu server in a VM. Multipass is
| just a front-end for KVM when you use a Linux distribution.
| If you use Windows, it is a front-end for Hyper-V, etc.
|
| The second option is to perform a manual installation, which
| means that you get the ISO and do your thing.
|
| Between the two, most people would want to install Ubuntu
| Server in a VM rather than on baremetal. I think it makes
| sense to put that first. If a person is a power-user, then
| can read on and select Option 2.
|
| I see that there is a perceived negativity on anything Ubuntu
| that if something is different, it is perceived as something
| bad is happening.
| stonesweep wrote:
| Canonical now goes far, far (far) out of their way to hide
| the normal ISO installers. I mean, they try and bury them
| so deep that I can only find them now by googling for the
| name of the ISO I already have. Find your path to this page
| easily from the landing pages:
| http://cdimage.ubuntu.com/ubuntu-legacy-
| server/releases/foca...
| lord_erasmus wrote:
| What search engine are you using ? The first result when
| typing "ubuntu iso" in Google leads to a page where the
| first button is a link to a direct download. For "ubuntu
| server iso" it's pretty much the same, with just one
| extra click
| stonesweep wrote:
| We are not talking about the same thing - those first
| hits are the "Live" ISO not the actual installation ISO;
| the "Legacy" (their word) installation ISO is the 7th
| link down on Google for "ubuntu server iso" below the
| Google injected "People also ask:" with a bunch of
| whatever you call those things they put there (forum and
| mailing list links usually).
| tailspin2019 wrote:
| I agree that most people will want to run Ubuntu server in
| a VM.
|
| I don't agree that Multipass is the obvious default way
| that most people will want do this, given that Multipass is
| clearly aimed at local workstations for dev/testing and not
| actually _servers_.
|
| I'm working on the assumption that "Ubuntu Server" is
| designed primarily for servers, and Multipass, by its own
| description page is categorically not designed for servers.
| It's for a secondary use-case of running a test environment
| locally on a dev machine.
|
| My point was that it seems strange to push a secondary use-
| case as the first option on the download page.
|
| I'm not saying this is absolutely terrible, but it was just
| an example of some seemingly unnecessary friction being
| introduced.
|
| From the Multipass info page: [0] > "Ubuntu VMs on demand
| for any workstation"
|
| [0] https://multipass.run
| Hasz wrote:
| I've used snap for setting up a Nextcloud server. It was
| honestly pretty easy, and it auto updates. I'm normally not a
| fan of autoupdates, but for a publicly accessible service, it
| is appreciated.
|
| However, I've never packaged anything for snap, so not sure
| how it is to use.
| Wxc2jjJmST9XWWL wrote:
| I seriously don't get the hate... snaps are easy to manage,
| probably more secure than adding a bunch of PPAs (what many are
| doing blindly as soon as apt fails them), and I didn't notice
| any performance hits using them. And it seems like it's
| probably far easier to simply create and maintain a snap than
| the alternatives. If this means creators distributing and
| packaging their programs on their own more often rather than
| unreliable package maintainers being in the driver's seat,
| what's to lose here exactly? From the user's perspective the
| interface is also very lean and clutter free.
|
| $ snap search x
|
| $ snap list
|
| $ snap info x
|
| $ sudo snap install x
|
| I've interacted with snaps to a bare minimum, and I am sure all
| of those are correct. I am sorry, but "some nonsense about
| using snaps" -> "I quickly installed Debian" -> "this furthers
| my negative opinion of Canonical".
|
| Talk about Canonical getting a bad rep for pretty much
| everything they do...
| somehnguy wrote:
| You might be right about snaps being great. I'm not giving
| them a fair shot, you're completely right about that.
|
| Here is the thing from my perspective though - I have never
| had any trouble with apt that has made me think 'I wish to
| use something else'. Apt works. It does what I expect it to.
|
| When you're just trying to get something that should be
| simple done the last thing you want to do is spend a bunch of
| time learning a new system that you didn't even ask for.
|
| When I try to use a project that includes a quick startup
| script that is rendered broken by something I don't even
| want...well I just move on. No big deal really, I'll just use
| Debian and if eventually I hit a point where I want something
| else I'll give it a try on my own time/terms. Not in the
| middle of trying to do something else.
| hedora wrote:
| "Do not sell my personal information."
| tus88 wrote:
| They aren't. Ubuntu sells commercial support and you bought it
| when you spun up the image. Ubuntu has the right to know basic
| details about the customer.
| divbzero wrote:
| "I saw that you spun up an Ubuntu image in Azure. I'll be your
| contact for anything Linux-related in the enterprise. Are you
| sure you didn't intend to spin up a Debian image instead?"
| balthasar wrote:
| I mean just the idea of spinning up linux on Mircrosoft's cloud
| is pretty funny in and of its self.
| nonotreally wrote:
| I think you may be underestimating how big Azure is and how
| much Linux they do.
|
| Although it is fun to think about the 90s version of MS
| embracing linux to this degree.
|
| https://cloudwars.co/microsoft/microsoft-wallops-amazon-in-2...
|
| https://build5nines.com/linux-is-most-used-os-in-microsoft-a...
| schnevets wrote:
| Early in my career, I worked for a tiny company that exclusively
| built plug-ins for a specific SAAS platform. I noticed there was
| a public-facing page where one could search for any customer of
| this SAAS platform, so I built a scraper that would auto-search
| names, main URLs, and ticker symbols for every company on the S&P
| 500 into this search.
|
| I demoed it with 5 companies to a member of the sales team, and
| he politely asked me to remove the script from the company
| laptop, and seemed to be annoyed at my script kiddie antics. He
| said it was nearly impossible to build a lead out of that kind of
| information, and that any shop that would try and use that kind
| of poisoned fruit would quickly tarnish their reputation.
| ufmace wrote:
| That sounds like a quality sales team. Things like the OP tend
| to happen when you take inexperienced and desperate sales
| people and make them work on straight commission with no
| mentorship. Exactly as the person you spoke to feared, this has
| tarnished the reputation of the entire Canoical organization,
| which is exactly why you don't do that.
| duxup wrote:
| >He said it was nearly impossible to build a lead out of that
| kind of information, and that any shop that would try and use
| that kind of poisoned fruit would quickly tarnish their
| reputation.
|
| I think one of the caveats to that is good sales folks probably
| would do exactly as you describe. But there's always good sales
| folks who are making sales, and then the desperate ones who
| have nothing but time on their hands to try other things simply
| because they have time on their hands or are desperate.
|
| There are always starving dogs out there.
| [deleted]
| drummer wrote:
| +10 for the Stallman triggered meme in that thread
| njkleiner wrote:
| It's a real shame, Ubuntu used to be my go-to distro, but for me
| this is the last straw in the history of shady things Canonical
| has done.
|
| One of the things I liked most about Ubuntu is that the
| installation process is incredibly easy and everything "just
| works". Does anyone know a good alternative?
|
| I'd love to go all in on Alpine, but using it on the desktop
| doesn't exactly spark joy.
| JaggedJax wrote:
| There's going to be a lot of personal preference involved, but
| I've moved to Pop! OS which is still Ubuntu/Debian based but
| very clean, easy to install and use, and we'll supported.
| jeofken wrote:
| NixOS sparks joy for me, especially when reverting do different
| systems like you would git checkout a commit
| kache_ wrote:
| Arch linux.
| scrollaway wrote:
| Desktop: I don't know a single person who went to Arch Linux
| and regretted it. There is a slight learning curve but nothing
| a HN reader couldn't deal with.
|
| "Just works" type desktop: Don't use linux. Personally, Arch is
| my go-to desktop and IMO if you can't deal with that, just use
| macOS or something. There's lots of things that don't "just
| work" on Linux even today. Bluetooth audio for example has a
| lot of problems and those will be present cross-distro.
|
| The distros have less and less meaning nowadays, they're just
| what software is shipped in repos and initially. Ubuntu does a
| lot of custom shit so you want to stay away from them. Debian
| is constantly out of date but if you don't mind that it's still
| a solid distro. Fedora has always been pretty good as well but
| imo is straight up worse than Arch for sort-of-the-same
| philosophy.
| njkleiner wrote:
| Thanks for the suggestions!
|
| > "Just works" type desktop: Don't use linux.
|
| That's why I preferred Ubuntu, it felt like a good compromise
| between a Linux system and ease of use (or rather ease of
| setup).
|
| > Just use macOS or something. There's lots of things that
| don't "just work" on Linux even today.
|
| That's actually what I'm currently doing, for pretty much
| that exact reason.
|
| That said, I really want to switch to Linux as my primary OS
| again, I guess I'll give Arch a try.
|
| > The distros have less and less meaning nowadays.
|
| That's a good point.
| simosx wrote:
| It is weird that _this_ is your "last straw". Most likely you
| haven't used Ubuntu for a very long time and just want to
| influence others to switch away from Ubuntu.
| njkleiner wrote:
| > It is weird that this is your "last straw".
|
| Why? Could you point me to some other straws I've missed?
|
| > Most likely you haven't used Ubuntu for a very long time.
|
| It's true that Ubuntu has not been my primary OS for a while,
| perhaps I should've been more clear.
|
| I _am_ still using it on various laptops and servers (and
| have been meaning to switch back to it for daily use), which
| is why I'm annoyed at the prospect of having to deal with
| finding an alternative.
| notreallyauser wrote:
| Two or three ago I spun up a quick Windows VM in Azure for about
| 20 cents worth of testing.
|
| Shortly afterwards I had a missed phone call and then a follow-up
| email from an Azure salesman inviting me to schedule time to
| discuss my interest in the platform. I declined and asked to be
| opted out of anything like that in future, and actually received
| a pretty unprofessional response to that.
|
| So even if Ubuntu aren't allowed to do this kind of thing, MS
| certainly have themselves in the past.
| iotku wrote:
| Didn't appear to be on the advertising side of things (yet...),
| but I had a similar experience when renewing some free Azure
| credits (from Microsoft Dreamspark or whatever they're calling
| it now).
|
| I kinda figured it was just verifying I was a human, but I've
| provisioned 10~ or so other VPSes and dedicated servers with a
| few different providers and never got a phonecall so it was
| unexpected.
| tus88 wrote:
| Err that's what happens when you are a customer...the seller gets
| to know you.
|
| Customer? Yes, you are paying Ubuntu for patches and updates.
| That service is not free.
| GekkePrutser wrote:
| Lol a similar thing happened to me recently. I spun up a Windows
| VM on Azure because I had $50 monthly Azure credit with my MSDN
| anyway which I've never used yet. Immediately I get an email from
| a sales contact asking me if I need help (and who kept repeating
| when I didn't reply).
|
| It's indeed annoying. It's not as bad as this example because
| it's the same company I already deal with, which actually makes
| this legal in Europe. But as someone who is (admittedly) very
| anti-commercial it annoys me.
|
| The strong ties between MS and Canonical are also one of the
| reasons I dropped Ubuntu from my private life.
|
| Another thing that really annoys me about this is that MS removed
| the "block sender" option in their "New and redesigned!!" version
| of Outlook for Mac. In many ways the UI of the new version is
| much better but I strongly relied on that version. They kept the
| "mark as spam" but it doesn't guarantee that sender is forever
| blocked.
| glennvtx wrote:
| I read this is clippy's voice.
| Koshkin wrote:
| We all now know that with these guys _you_ are the product. That
| 's why I prefer Debian.
| jcpham2 wrote:
| Last time I spun up an Azure instance someone from Microsoft
| sales called or emailed me. I don't really understand the issue;
| the behavior is expected except one company shares marketable
| data with another and because Linux.
| andred14 wrote:
| Can't even read this as I was banned from Twitter for doing
| nothing but sharing truth and facts.
|
| This should alarm you and motivate you to ditch Twitter for other
| alternatives.
| glennvtx wrote:
| I read this in clippy's voice.
| awinter-py wrote:
| interesting to me that the TOS part of this discussion is being
| prosecuted via screenshots. Most legal disputes online presumably
| have an element of proving a clickwrap paper trail -- I wonder if
| there's demand for better tools for capturing what prompts were
| shown?
| waylandsmithers wrote:
| Wow- and I thought it was weird and inappropriate when I got a
| linkedin message from a MongoDB rep basically saying "Hey! I'm
| the account manager for your company so let me know if you need
| help with anything Mongo related!" (subtext being, how can I
| convince you to use (more) mongo services on your project)
| soared wrote:
| I mean the job of an account manager is supporting the client.
| I don't know how you can contort that into something to be mad
| about.
| SilasX wrote:
| Because they didn't contact the user through the channel the
| user authorized the sales rep to content them through. Same
| as if (in the old days) they looked up your home number from
| the phone book and called you at home instead of at the work
| number you gave them.
| briman314 wrote:
| No doubt that's the subtext but this happens EVERYWHERE. Have
| you ever downloaded a whitepaper for any vendor and then get
| harrassed with 4-5 times about talking about it?
|
| That sounds gentle in comparison. I would use the opportunity
| to ask for free swag or training if it was possible. :)
| ismaildonmez wrote:
| apt-get --purge remove clippy
| pts_ wrote:
| So what? It costs half of Windows rents and guess what .net can
| now run on Linux.
| hda111 wrote:
| It's time to switch to fedora on server
| balozi wrote:
| That's like fleeing CentOS for Oracle Linux.
___________________________________________________________________
(page generated 2021-02-12 23:01 UTC)