"As per the Azure T&Cs, Microsoft shares with Canonical, the publisher of Ubuntu, the contact details of developers launching Ubuntu instances on Azure. These contact details are held in Canonical’s CRM in accordance with privacy rules.
"On February 10th, a new Canonical Sales Representative contacted one of these developers via LinkedIn, with a poor choice of word. In light of this incident, Canonical will be reviewing its sales training and policies."
Actually, to me the MS statement is the most illuminating and I'm guessing that Canonical is getting some grumpy calls from Microsoft.
This is the last part of the Microsoft statement:
"Our terms with our publishers allow them to provide customers with implementation and technical support for their products but restricts them from using contact details for marketing purposes"
Canonical then tells us that this person was a Sales Representative, and it is clear from the content that this is a message aimed towards selling. Canonical has broken Microsoft's terms. That said, I can't see where that legal restriction is (e.g. can't see anything like that in https://azure.microsoft.com/en-us/support/legal/marketplace-...).
> "On February 10th, a new Canonical Sales Representative contacted one of these developers via LinkedIn, with a poor choice of word. In light of this incident, Canonical will be reviewing its sales training and policies."
The part I find the most enlightening (ie: disturbing) is that Canonical's only regret is that the sales rep used "a poor choice of word" and they will train their salespeople better.
I assume the "poor choice of word" was when the salesman said, "I saw that you spun up an Ubuntu instance". Was Canonical's biggest regret that the salesmen INFORMED the user that they are monitoring installs and linking them to contact information?
Canonical never said "oh the salesperson wasn't supposed to market to you with this information", instead they basically said, the salesman wasn't supposed to TELL YOU that we are monitoring what you install and linking it to personal contact details.
Legal wishes to remind you that that statement always needs this accompanying statement.
The word "better" does not imply a commitment towards customers and/or investors.
*The word "do" should not be seen as referring to the taking of any specific course of action which may or may not yield tangible change.
*The word "can" does not signify a concrete ability and is not forward-looking.
*The word "We" should not be interpreted as Canonical Ltd. nor any of its subsidiaries or affiliated entities.
Except he had a perfectly legitimate point there, as far as I understand, he just utterly botched the explanation.
There's a big difference between "is" and "was". Which is what he should have said. There were no semantic games in that particular statement, in stark contrast to some of the other things he said.
For the record, while in the midst of discovering a possible breach of contract with a company the size of Microsoft, it would be very good form, from a legal perspective, not to risk further jeopardy by openly saying that you've breached your contract. While lawyers are often distasteful to HN readers, they do have immense value in these situations, and they are completely correct to say "do not admit error at this time, not until we've formally analyzed it, post-mortemed it, and resolved our contractual obligations to Microsoft". Yes, y'all may want them to self-flagellate, but I'd rather see them honor their contracts and respect their lawyers first. They already admitted that they behaved inappropriately. The rest is just icing on the cake.
I like how the vocabulary you use imply there is something highly nefarious happening here whereas it is all fairly standard direct marketing based on an exchange of data clearly highlighted in the TOS.
I don't really understand why everyone is up in arms here. In this case, Microsoft is basically a reseller. They told Canonical that they sold one of their product to a customer and Canonical reached out on LinkedIn, a professional social network. It all seems fair game to me. This is not some creepy internet tracking using dubious way to segment people. This is basic direct marketing in a B2B context.
Unless you're the kind of person that actually sits and reads the EULA prior to hitting OK every single time, I'd say it makes complete sense people are up in arms. There is a difference between legally defensible and reasonable expectations.
It is actually completely unacceptable on what is advertised as a secure platform to engage in targeted marketing AT ALL. If any information about what my company is doing on your platform is shared to other companies, then you are not secure by any definition of the word that I'm aware of. It is not for you to judge what information is valuable or damaging for us.
> It is actually completely unacceptable on what is advertised as a secure platform to engage in targeted marketing AT ALL. If any information about what my company is doing on your platform is shared to other companies, then you are not secure by any definition of the word that I'm aware of. It is not for you to judge what information is valuable or damaging for us.
Security and data sharing have nothing in common. It is perfectly acceptable to share customers list when you are resellers if you clearly state you will do so in the contract. It doesn't become true because you write it in all cap and say it is not for me to judge. If you so value your company information, maybe you should start reading what you sign.
Once again, we are not talking about an unreadable EULA for personal software. Azure is a platform geared towards professional. Nothing creepy is happening here. That's Canonical reaching out and giving a potential customer a point of contact if they ever need support. This has nothing to do with broad data collection and spying and is perfectly reasonable. I don't understand why some commenters here find the idea of talking with an actual human being so traumatic.
Not who you are replying to, but I'd imagine your point:
> If you so value your company information, maybe you should start reading what you sign.
Is exactly what people are up in arms about. Even reading the EULA, you may not expect Microsoft to permit data sharing in this way. And if this is entirely unacceptable for you, then it's time to leave Microsoft.
Or you can make noise about it online like this, and cause Microsoft to realise this sharing will lose them customers. I doubt the data is worth the churn, and Microsoft will likely change the policy rather than lose the customers.
>"This is basic direct marketing in a B2B context. It's all pretty tame."
Well maybe it is ok from that perspective. However my personal reaction as a customer to such sales approach would simple be something in line of GFY to that salesperson.
Or as law enforcement call it: parallel construction.
The sales rep was probably expected to reach out claiming some other reason, making it look like the standard LinkedIn spam, but in reality much more targeted.
As I recall their tweet did not indicate that they had direct access to the identity (such as name or address) of those people. I think they mentioned their municipality?
Of course they have the raw data, but it's possible the people who sent that tweet just have access to a database that contains only anonymized data.
I guess I don't understand the quote from Microsoft's statement. Canonical provides "implementation and technical support," right? But they're not allowed to use user data from Microsoft to market those services? How else would that data even be useful for Canonical's "implementation and technical support" services?
This is the full quote from MS, provided in The Register article:
"Customer privacy and trust is our top priority at Microsoft. We do not sell any information to third-party companies and only share customer information with Azure Marketplace publishers when customers deploy their product, as outlined in our Terms and Conditions. Our terms with our publishers allow them to provide customers with implementation and technical support for their products but restricts them from using contact details for marketing purposes."
My interpretation is:
Every time you buy or use something from the Marketplace, MS will give your contact details to the Marketplace publisher. That publisher is then restricted in what they can do with the information. They may not use it for Marketing, they may use it to provide technical support.
Yeah, I agree with your interpretation and that makes sense from Microsoft's perspective. Just one open question that that raises: does a name and employer count as "contact details"? Do Microsoft's terms allow Canonical to reach out to someone on LinkedIn for marketing purposes as long as they don't look them up using the email address Microsoft gives them?
And if the answer to that last question is no, what can Canonical do with the data that's actually valuable to them? If I were given access to a database of sales leads that I was explicitly disallowed from contacting, I would actively avoid even accessing the data to avoid any accusation or perception that I violated those terms, just in case I independently got in touch with those same leads through a different channel.
So I don't know the answers to your questions - but here's one interesting thing - according to GPDR your email address is personal information as you'd expect. However your work email address is not. Companies can do all sorts of harvesting and collection on professional information that they can't on personal.
If they discover a huge security problem with the distribution you installed, they can contact you and help you upgrade to a non-vulnerable version? This like like what "technical support" is supposed to mean
Yes? Its pretty evident that when you publish a marketplace app, the details of those that installed it are automatically stored for use by the vendor. All of the statements above align with this, unless you're insinuating that Microsoft are liars.
This sounds like plausible deniability to me. "We sell your details to companies whose products you're using - which would be really useful marketing information; but they say they don't use it for that, so we did what we need to."?
Microsoft being lily-white (/s) would ensure they had GDPR-like positive consent from customers that they could pass on those customers info to specific third parties...
The idea that companies keep some sort of information wall between their support and marketing departments is pretty ridiculous. MS have to be fully aware of this, surely.
So, the story is Canonical taking part in the same crap as the more overtly crap companies, and just this one agent not being clever enough to keep their leads under wraps.
GDPR obliges companies to provide information on all this parties PII has been passed to. Given cookie lists (or UBlock blocked files) are hundreds of companies long I'm surprised we're not getting reports of who is buying up all this info.
> But they're not allowed to use user data from Microsoft to market those services? How else would that data even be useful for Canonical's "implementation and technical support" services?
The data on who was doing what would be useful for providing implementation and technical support to people who has already contracted with Canonical for those services, both for providing the service and, depending on price structure, possibly for billing.
> The data on who was doing what would be useful for providing implementation and technical support to people who has already contracted with Canonical for those services
So then why should everyone else who doesn't have any contact with Canonical have their data forwarded to them too? This should be opt-in rather then opt-out, let alone always happening with no way to opt out
By waiting for someone to reach out for "implementation and technical support," at which point Canonical already has the data they need to investigate deeper? Not that that's even great, because 99% of the people who spin up a service will never contact Canonical and shouldn't have their info shared.
Yeah, I thought about that possibility, but I'm skeptical because the usefulness of Canonical getting that data directly from Microsoft seems really minimal. Whatever data Microsoft is collecting from its clients (I'd think it's at most metadata about base images, instance types, and maybe number of instances and usage patterns) should be trivial for those clients to provide to Canonical, if needed, if and when they initiate a support contract.
Which is a problem. I'm much happier if that restriction both exists and is enforced. If we can't see that contract, then it's all based on trust, and trusting tech companies with personal information has not gone well so far.
Wow. I just lost a whole lot of respect for Canonical. “If you read the document we expect nobody to read, you’d know that you sold your soul to us. We didn’t mean for you to find that out but one of our salespeople got overeager and tried to sell you your soul back. He will be reprimanded. Can we all forget about this real quick?”
Canonical's been scummy for about a decade now. This is the same company that shoved Amazon results into local desktop searches, then responded to criticisms of that with "Don't trust us? We have root.".
Pretty ironic considering the meaning of the word "ubuntu".
I'm all for Occam's Razor and don't usually buy corporate bullshit, but this comes to my mind:
- Azure is the second largest cloud provider worldwide
- Ubuntu is probably the most common Linux distro installed in the cloud
- We never heard about another episode like this before
Now if Canonical was allowing / encouraging this kind of behavior from their sales rep, I think we should have seen it happen in the wild before (like, a thousand times?) already; since it only happened once, I'm inclined to believe them. Also see [1]
Now let me think: I'm not OK with Canonical accessing my contact information because I spin up a VM, but I'm also not OK with Microsoft sharing my contact information with Canonical. What's wrong with "let me call them if and when I need?" But I'm European so maybe a little too privacy focused.
[1] BTW: let's say 99% Ubuntu VMs are spun to host some boring Wordpress site, nuvelle cuisine blog or leather shoe shop. What's the chance of an Ubuntu sales representative to ever make a sale this way? I guess it must be pretty slim, so he'd have to contact hundreds of potential customers to turn a few sales - something that would quickly get reported if it was a corporate business habit. This reinforces my first impression.
We haven't heard about it before because other sales reps didn't admit to knowing that a customer has deployed something, and reached out to the customers under the guise of standard-looking sales pitch that got dismissed as regular kind of spam. That would be my take on it.
I feel like you're missing the point. I wholeheartedly believe Canonical does not encourage this kind of behavior from their sales rep, but only because it makes it obvious that they're getting data from MS they really have no right to access, when they really intend for it to just stay hidden behind some voluminous terms of service.
You know what they say, the definition of "gaffe" is when someone tells the truth.
This was my first response as well (it's not the data sharing that's the problem, it's that you noticed).
Thinking about it though, a lot of it is a question of surprise and unknowns. I would find this message to be a lot better - "We see that you've taken advantage of the Ubuntu image that Canonical provide in the Azure Marketplace. I am available to you for (etc.)".
> * I would find this message to be a lot better - "We see that you've taken advantage of the Ubuntu image*
No. That's not better at all.
The mere fact that Canonical has specific information to reach me when I am not a direct customer of Canonical is a complete violation of my privacy.
Ubuntu is a free product. Canonical should not be able to find out if I (specifically me or my organization) allocates or runs 1 or 10000 instances of Ubuntu.
> Ubuntu is a free product. Canonical should not be able to find out if I (specifically me or my organization) allocates or runs 1 or 10000 instances of Ubuntu
I agree with the message behind this and obviously Canonical and Microsoft are both being extremely gross.
But Ubuntu as a binary image (or source code) is a very different product than a VM with Ubuntu pre-installed and pre-configured, which is what you paid for (and is why you got ensnared by their horrible anti-user license).
> But Ubuntu as a binary image (or source code) is a very different product than a VM with Ubuntu pre-installed.
How? Why? If it's different in any meaningful way from just clicking "next" on the installer then it's no longer Ubuntu, and certainly not Canonical Ubuntu, that's pre-installed. It's become, at best, Microsoft-Ubuntu-Because-Microsoft-Added-Telemetry-For-Azure. Or it's Canoncical-Ubuntu-Configured-By-Microsoft-With-Azure-CLI-Preinstalled.
You don't get to decide what is and isn't "Ubuntu", Canonical does. Did you likewise declare that Ubuntu isn't Ubuntu anymore when Canonical dropped Unity? or when they added snap? Or when they added or later removed the Amazon search plugin?
When I'm paying for an official Azure version of Ubuntu on Azure, I darn well expect there will be a closer support relationship than the free desktop version.
> When I'm paying for an official Azure version of Ubuntu on Azure, I darn well expect there will be a closer support relationship than the free desktop version.
Okay, but maybe other people don't want that if it entails their information being shared with a company they haven't initiated a business relationship with?
But the servers are running Canonical software. Just because it's GPL'd doesn't mean that Canonical doesn't own it or that you have no relationship with them by using it. You are paying them a license fee to get the azure image, after all.
To say that you have no business relationship with Canonical while paying Canonical to use Canonical software with official Canonical technical support is absurd to the highest degree.
Just FYI, this is bad manners. I deleted the comment because I didn't want to continue the conversation and I especially didn't want to engage with you - specifically, your comments here and elsewhere indicate that you are frequently toxic and hostile.
You deciding to resurrect the comment because you happened to see it before I deleted it is really not OK. It's the exact kind of toxic hostile, creepy interaction I was trying to avoid from you by deleting the comment!
> your comments here and elsewhere indicate that you are frequently toxic and hostile
I thought your comment was interesting and merited a reply for others to see and discuss. But I see you disagree so I've removed the content of my reply.
Feel free to flag any comments you find particularly toxic or hostile. You can do that by clicking on the timestamp of the comment and clicking the `flag` link.
Or even better, let me know (like you have done so here). I can't improve myself if I don't know there's a problem.
Erasing history and demanding others follow your lead is bad manners.
Posting something and deleting it after it has been seen is basically gaslighting. Imagine the kinds of harassment people could get away with if they said rude things to coworkers on chat, then edited the messages to appear benign after the coworker responded to their hostility.
That is why people quote the text of comments to which they want to reply.
To be clear are we to suppose one has a right to say something and then insist others never bring up anything because one has at that point deleted?
Furthermore is strenuous disagreement now toxic and hostile?
Wouldn't it be more trivial to say I do not wish to engage and leave it at that? Ironically calling someone toxic hostile and creepy is... pretty toxic.
> are we to suppose one has a right to say something and then insist others never bring up anything because one has at that point deleted?
I think someone has the right to change their mind about something they've said. That's why I edited my comment to remove it.
> Furthermore is strenuous disagreement now toxic and hostile?
I don't think so. But I know that I sometimes get passionate about my opinions. I welcome someone's input to keep me friendly.
> Wouldn't it be more trivial to say I do not wish to engage and leave it at that? Ironically calling someone toxic hostile and creepy is... pretty toxic.
I would like to think better than that. I think it was good of @ojnabieoot to let me know that they thought I'd wronged them.
Some people can feel very anxious or awkward to conversation for very good reasons. They can state opinions and then choose to retract their opinions for any reason -- even if the opinion is held but they choose to remove themselves from the conversation. I think that's a good thing to discuss but this isn't the venue to.
If you go to Ubuntu's web site, they will offer several distinct ISOs, each optimized for different usecases; and yet I'm not charged all of my personal information there either.
Right. If I can run Ubuntu on Docker without Canonical knowing, I should be able to run Ubuntu on Azure without Canonical knowing.
This is a big misstep for Microsoft, from my point of view. I think it's less a reflection on Canonical, because once they have the information, it's ultimately going to be used. Microsoft just should not have agreed to the arrangement at all.
> Both Microsoft and Canonical are for-profit enterprises.
I don't think that most of the people have a problem with that. The problem is being sucked-in to something without ever agreeing into.
In the era of privacy sensitivity (which I think is healthy), being watched in a place and prodded from a different channel is disturbing.
I don't mind people trying to reach me with the hope of sales based on information I've provided to them, but this is too far.
Also it removes two veils from both companies at once:
1. It seems Microsoft still has sneaky tactics, but they're more invisible.
2. Canonical is somewhat more aggressive and greedy than it seems, and Ubuntu desktop is just a freemium product, or another capturing device for further vendor lock-in.
The alternative is that Azure owns complete access to the customer. Which seems... well, an easy skip to App Store-esque rent seeking.
So MS sharing "their" customer details with the image provider seems more generous than evil. Provided there's a "Do not share" config option somewhere.
If I'm doing business with Azure, I would absolutely expect them to keep my data and behavior private. It's part of the reason why I would be paying them (instead of expecting something for free) in the first place.
So if I write a piece of software that eventually makes it to Debian and Ubuntu, am I entitled to your name, address, phone number, email, and a data feed showing every time you start or stop your Ubuntu instances on Azure? After all, I am a third party software provider at that point. And look, Azure doesn’t even have to tell you they are sending me all that stuff. It’s in the TOS you didn’t read!
If I choose to run an image maintained by IgorPartola, sure!
If I download packages and Ubuntu, and assemble my own image, or use one assembled by another org, probably not.
I think the disconnect is that for me, image packaging and updating is work, and that work has an author, and the author is deserving of certain rights others are not.
If Azure is auto-pulling Ubuntu images, building containers, and publishing themselves, then that's a different story.
The issue is more so *why* Microsoft is sharing this information with Canonical. — what does it obtain from it?
Ubuntu is gratis, so Canonical can't have coerced Microsoft into doing so; it is quite probable that one approached the other to make a deal, and that Canonical is paying a certain fee for this information.
The code is gratis. Although, partnership deals tend to go beyond simply sharing code, and into the realm of dedicating time and resources to working with each other.
I think this is why this doesn't shock (shock!) me.
We're talking about a curated, supported, official image here, right?
If folks want to use a "MyUbuntuImage" they or someone else packaged and uploaded, more power to them.
But by pulling a Canonical image, you have a relationship with Canonical. Expecting that relationship not to exist "because open source" seems to be misunderstanding who does what work.
As to whether this should be opt-in, done, etc. is another matter entirely. But the fact that it exists at all doesn't feel particular shocking.
It's not like we're talking about everyone who pulls a RedHat image's info being sent to Canonical!
The code is more than just gratis; it's libre. This is Ubuntu, based on Debian GNU/Linux. (Yeah, okay, some of the code is merely gratis, but most of it is libre.)
I don't expect an OS based on an OS based on an OS based on a half-finished OS based on free software principles to have shady data-dealing attached, yet hidden from the people whose data is being dealt.
Free software is about user empowerment, and the ability for users to be hackers if they want to (or employ people to make changes on their behalf). “Sike, we've been stalking you and you can't do anything about it” is antithetical to this ideal.
Privacy protection is not an obligation, but transparency and openness is. Yes, you're not contractually required to not make a separate computer system that's proprietary and closed and disempowering, but that's so pedantic as to be malicious.
So you didn't read the ToS, I take it? I did. I do whenever it's something important to the company's infrastructure. Canonical is the one at fault here for not adhering to Microsoft's guidelines. But Microsoft put the warning on the package.
I mean, it's kind of ridiculous to think that you could do anything in a cloud environment system and not have your actions tracked. Hell, with automated load balancing and load-based billing, that's literally what you're signing up for.
I wouldn't be surprised to learn Azure was paid (either money or developer time) and this is happening for other products. I would think twice before using Azure if I was concerned about my usage being shared.
It is. For example I've warned others about the eula shipped with Dell systems with Linux (Ubuntu) on them for similar reasons... and encourage people to do their own installion of images (containerized or otherwise).
It's not "free as in lying around on the ground", it's free as in "freedom". You have to agree to Canonical's "Terms of Service" to use Ubuntu, so you are a licensed customer of Canonical's.
In this case, the license is the GPL, none of which has anything to say about privacy. Maybe this is a failure of the Free Software Foundation's to not include privacy protection in the GPL. Though even if they were to create a GPLv4, the Linux Kernel is still only licensed under v2, so distro implementors have no obligation to use a more restrictive license.
AKA, "the cat is already out of the bag".
In the OP's case, they additionally are are customer of Microsoft's, who explicitly stated they share this kind of information with their vendors.
Oh, I definitely agree, I'm just trying to point out that a lot of people here are making assumptions about what "Free Software" means that literally nobody in the FOSS or Open Source movements have ever said were goals.
I think you're the one who needs to provide a citation, because I've read a lot of the literature on the FSF's website and not once does privacy come up.
Now, I can't exhaustively prove a negative, but I think I can easily demonstrate that the FSF has never meaningfully expressed an opinion on privacy. Go to https://www.gnu.org/philosophy/philosophy.html, open every single page it links to in the body of the text, and search for the word "privacy". It does not show up in the body text of any of those documents. It shows up once in a footnote that mentions a change that Samsung made had that "caused privacy concerns".
The closest they get to even mentioning the concept of privacy is when they talk about the right to modify software and use those modifications "privately", which clearly does not mean anything about user privacy.
If privacy were so big of a concern for the FSF, you'd think they'd talk about it in their official documentation on their philosophy, or put something about it in the ONE tool they have to have power over anyone: the GPL.
I think you misunderstand. Debian doesn't have restrictions on how end users use their software. They do however make an effort to ensure the software they distribute is high-quality and doesn't do bad things to the user.
People are coming into this thread, talking about "this should not happen cuz free software." And Free Software protections are just completely orthogonal to privacy protections.
There is a certain level of reasoning where one might say that, if the software were truly libre, you could "just" fork it and rip out the parts you don't like. But because you clearly can't "just" do that, then the software must not be free.
Yes. The software is not Libre.
But it's not clear to me that this is the case because the system is hosted on Azure or the distro is Ubuntu. Your rights within a marketplace go only so far as you can throw your alternatives. Software, especially operating systems, are just too complex to expect the concept of Free Software to be sufficient to protect user privacy.
The idea is that, if free software principles were widely followed, this kind of spying could never be built in the first place. It'd be like a rice cooker that refuses to cook a full portion if you're putting on weight, or a washing machine that won't turn on during peak energy hours; a bizarre, unprecedented imposition on the principle that you should be able to do what you want with your stuff.
It is a violation of your privacy that you may have already agreed to - presumably MS mentions this in their ToS/privacy policy that this information will be shared. They just conveniently forget to remind you that when you deploy a VM...
Another interesting question: aren't you a direct customer of Canonical here? When you buy stuff off of any marketplace or though a reseller, it seems to me you are a customer for multiple companies. Examples: buying an iPhone from AT&T, buying a laptop from Amazon, buying a Subaru through a dealer.
I think there's a difference here; you can get Ubuntu got free outside of Azure without being a customer of Canonical, but you can't get an iPhone from Apple for free from them just by going through a different channel
I think I'm missing something... Ubuntu is developed by Canonical, right? Just because you do not pay for it when you get it outside of Azure does not mean you are not their customer?
Doesn't customer imply a paying relationship? If I put some code online and let people use my software I'd say that makes them at most my users, not consumers.
When you get it a certain way through Azure you both enter a contractual agreement with each other, and that does make you a customer.
I think requiring payment is a bit too strict requirement to define a customer. Your users still agree to your license, so there is a relationship established, you may just not get any benefit from it (monetary or otherwise). Even in your license you likely have to be explicit that "software is provided as-is" and you aren't responsible for it misbehaving - otherwise your customers/users could try to sue you. Just because you don't pay for Ubuntu doesn't mean Canonical does not get anything out of you deploying it. Do they gather any kind of data about users' behavior?
I speak enough corporate to know that this guy gets to be chewed out. They singled him out in their response and said he was new. If they stood behind this policy they would have basically diffused the responsibility without mentioning him by specifically. I could be wrong of course, but he cost a bunch of people a bunch of time and effort and unpleasantness so he'll get yelled at.
They singled him out because the original tweet showed the salesperson's full name and picture. He might lose his job because he unintentionally showed everyone how the sausage of monetizing open source is made.
Yes the fact that Microsoft shares this information is concerning. But Microsoft only provides the information to Canonical (according to the ToS) for technical assistance and product support, but not for Marketing purposes.
Canonical is the one who violates trust here. Because they are using this information for marketing purposes, which they are not allowed to do under the information sharing agreement that they have with Microsoft.
So yes, we could argue whether Microsoft should be providing the installation information in the first place. It should at the very least be opt-out (on by default with the ability to not share), and preferably it should actually be opt-in (off by default, check a box to allow). So there is a violation of trust going on here, but this isn't any different than every other major tech company is guilty of right now (not that it makes it right).
But Canonical is the one that took the information and used it in a way that was never agreed to by either the person sharing the information (Microsoft) or by the user via the ToS (the ToS says that it is strictly for tech support, not for marketing). Canonical is the one that really overreached here.
You're obviously correct in the de jure sense, here. But there is also a matter of relationship expectation.
An unstated assumption of using any "free" product is that it's not actually free. Canonical screwed up, to be sure, but I do think many of us just expect getting harassed by salespeople to be the cost of using a "free" product.
Microsoft, on the other hand, charges me by the hour for using Azure. They've taken their pound of flesh, so my business expectation is that I'm going to be left the hell alone for anything other than billing matters. Them sharing the data in the first place, for something I've paid money for, FEELS like the bigger violation to me.
For a linux distro, my expectations are that it's "free" but support will cost you money. My expectation is not that it's "free" and the OS will spy on you and report back to HQ so sales can make more sales.
If I don't give personal information on installation my expectation is the product is not harvesting or forwarding that information (For example, I expect that with Facebook, I don't expect that with GIMP).
Both are certainly wrong IMO. MS for giving personal info to a 3rd party and Canonical for bundling spyware with their OS. Both are super icky.
Well, in the case it's not from the OS, but purely from Azure.
And you're selling the information in order to get tech support from Canonical, otherwise you can get it without selling your info (but won't really receive tech support).
As an aside, "pound of flesh" doesn't mean "payment", it means "something that is one's legal right but is an unreasonable demand (esp in the phrase to have one's pound of flesh)", both in Shakespeare and in current usage.
Unless you feel Microsoft's price is unreasonable and you have no other option, "pound of flesh" isn't the right expression.
Something like "they've taken their cut" is more accurate.
Its an example of a risk with cloud providers that isn't talked about often or is ignored. For example, why doesn't WalMart use AWS?
Companies now leak alot of metadata about what they are doing. If a teeny company like Canonical is mining stuff like this, consider what Microsoft knows about how you use their products, and I'm sure your EA negotiation as a big company is at some level driven by what they know.
And Canonical decided to take that data, search him on Linkedin and contact him. Seems reasonable to see that as a reason to loose respect for Canonical over.
Don't get me wrong, what Canonical has done here also isn't good. But what they've done shouldn't have been possible because Microsoft shouldn't have given Canonical the information in the first place.
The question I have is what's in it for Microsoft, why did they even bother to do this in the first place? I can't believe there would be that big of a cash incentive.
If this were Windows, I would expect Microsoft to pass it to an internal department that sells higher service contracts and then off to 3rd parties that provide the same for up to a week after you find the "don't share my data" checkbox.
That (enterprise support) is a very important side business. Whether they got cash from other OSes or just set it up the same to fight an eventual Anti-Trust Case is anyone's guess.
Well, what should we be more angry about? That Canonicals sales rep is using data in their CMS, or that Microsoft is selling data to third parties. The root cause seems to be Microsoft, not Canonical and (at least in my eye) the conclusion is not "don't trust Ubuntu", but "don't trust Azure".
Someone giving you a gun doesn't absolve you of the crime of shooting someone with it or of keeping the gun.
edit: The data doesn't just magically show up in Canonical's CRM. They spent time and effort establish an integration with Microsoft and then building processes on top of that data.
As stated above, MS isn't selling this information. They are providing it for customer support purposes.
In the business world, having data marked "customer support only" is pretty common. There are quite a few laws acknowledging the difference. Importantly, the data is supposed to be kept separate and it sounds like Canonical screwed up here.
It’s like if you tell a friend that there's a key to your back door under the mat but to keep it a secret and instead of keeping the secret they tell a mutual friend about it and that mutual friend robs you since they know where the key is.
You shouldn’t trust the friend that told the your mutual friend where the key was and you shouldn’t trust the mutual friend who robbed you.
The friend who told your mutual friend may have done so for what they thought were useful reasons, like letting the mutual friend know so they could fix something for you while you’re out, but they still violated your trust non matter what their intent was.
We all know that you can't trust Microsoft, but a lot of people blindly trust Canonical just because they create a Linux distro.
I haven't trusted Canonical since I noticed their pattern of creating competing alternatives to new Linux standards instead of helping them (Mir & Wayland, Snap & Flatpack, Unity & Gnome 3). It'd be one thing if they were bringing better ideas and long-term support to their alternatives, but they just seem to be half-baked copies. I appreciate all they've done for the Linux ecosystem, but I'll stick with my Debian.
Yeah, I wouldn't put down Ubuntu's traditional attitude as "we'll copy something so we can own it" - it's more of a "we'll do whatever we think is better for the experience we provide, screw the community". Which is still misguided and fundamentally doomed to fail in the long run, but not as malicious as, say, Apple's moves.
At the end of the day the scorecard reads:
- Mir: failed
- Unity: failed
- Snap: mostly failing
Meanwhile RedHat takes over stuff that doesn't work, makes it work a bit better, and pushes it on the whole ecosystem as "the" solution. And they win, and win, and win.
As much as I hate Snap and remove it from my Kubuntu systems, I don't see where it is failing. I frankly see a lot more non-linux-focused vendors support to snap than flatpak. Could you expand on that point?
It took years to get any sort of buy-in from app-developers, and I know quite a few users who are actively running from it. Just last week I helped a friend who was surprised and somewhat disgusted by the fact that certbot seems to have embraced it.
It’s not a question of which one will succeed between snap and flatpak, it’s whether the ecosystem really needs either one of those.
unity failed because they abadoned it, but it was way better than wayland+gnome.
the problem was that it was based on gnome2 and had mir under its belt, so it would've been really really hard to somehow upgrade it
Mir is still going as one of the better Wayland compositors out there.
Unity didn't fail: ongoing development on it was cancelled because there was no way to successfully monetize it. It was, and remains, one of the most successful desktops out there.
Everybody knows how the FOSS ecosystem works: if you don’t get buy-in from the community, a project dies. Unity wasn’t adopted by the community, and as soon as sugar-daddy money ran out, it died. That’s what failure looks like on the Linux desktop.
Unity had fantastic buy-in from the community. There were more installations of Unity 7 than there were of Gnome 3 or KDE 4 back when it was still being distributed.
If your definition of community is "people who develop desktop environments for open source software" then you're already limiting the size of your community to a few dozen or so individuals, and we had a few dozen contributors to Unity so I'm not convinced of the strength of this argument.
If your definition of community is "people who don't use Unity" then of course "everybody knows" that's trivially true. Some people also know it's a tautology.
Exactly right! And if the ONLY goal was compatibility, we all should be using appimage over snap. But snap was and is trying to promise more in terms of end-user security and transactional updates from the vendor. So there is a legitimate reason to make something new.
For servers, I would trust Debian over Ubuntu/Canonical any day. The way their releases work, the default set of running services, etc.
In general, I personally prefer the way Debian works (Debian the Project - not the Distro). It has a board of elected developers governing the project. I would prefer that over somewhat opaque functioning inside a company (Canonical).
To cite as an example, here's how they decided on the question of init systems [1].
I'm not sure how many times this needs repeating, but Snap wasn't an "alternative" to Flatpak; the latter didn't even exist when the former was created. Many people arguing about this issue don't seem to get this.
Yeah, stuff like this is why I only treat Ubuntu as a stepping stone.
I even tried to install Debian while I'm still not really used to Linux, but the graphics card immediately crapped itself on boot, so it will have to wait...
I guess you have an Nvidia card? The two other major vendors have mainline (therefore GPLed) drivers and basically work out of the box. Keep that in mind during your next hardware upgrade.
Nvidia was the least terrible solution about 10 years ago (I have PTSD from installing binary blobs and editing Xorg.conf to make it work.) While others have improved tremendously and you don't have to do anything to get full 2D and 3D acceleration (just boot the system), the Nvidia experience™ hasn't changed much since then.
I think the Marketplace quote is worth noting too:
>A look at the terms for the Azure Marketplace throws up this sentence: "If you purchase or use a Marketplace Offering, we may share with the Publisher of such Offering your contact information and details about the transaction and your usage."
So the publisher of something on their Marketplace gets some information.
This doesn't seem 'that' weird (well the linked in contact does) as it seems semi related to ... say apps and app stores and etc.
Edit: I'm not justifying the policy, but I am noting that on a marketplace with third parties, this seems pretty standard / something you should always consider when you install something from a third party.
But I think that these comments from the Twitter thread are very valid:
> I belive you spun up the VM based on an image from the Azure Marketplace, specifically one from Ubuntu. That is not a microsoft image, you accepted an offer from Ubuntu and now they contact you to follow up.
That's my understanding of the situation. Hopefully someone can clarify
> Where exactly it is visible any ToS?! As soon as I clicked on "add new VM", the first option suggested was Ubuntu 18.04. I didn't dig into the Azure Marketplace. I just picked the first option available since I quickly need a linux-based test VM.
I mean, I'm not as familiar with the AWS marketplace, but I use the GCP marketplace, and when I choose an offering from that marketplace it's very clear I'm just buying a prepackaged solution from another vendor, and I'd expect that other vendor gets my info. IMO this is very different from choosing the OS for your VM from a dropdown.
I think this is one of the points that the spirit of GDPR and similar legal frameworks gets right: users have the right to opt-in, without service being degraded if they don't, to data sharing unless that data sharing is "necessary" to fulfill the transaction (I believe this is the basis for "legitimate interest").
If I'm buying a SaaS or DBaaS from a vendor over a marketplace, or launching a metrics collector where phoning those metrics home is a core value prop, I'd be fine to be told that sharing information with the end operator, not just the marketplace, is necessary to fulfill the transaction. And there should be contracts in place to ensure my data's not used for unrelated purposes. If the operator breaches those contracts, the operator is liable.
But in what possible way is "using a pre-packaged Linux distribution" a transaction where sharing information with the packager is "necessary?"
I have no doubt that Microsoft's lawyers have covered their posteriors here. But the spirit of these regulations would be that users don't have the expectation that they're opting into Canonical getting their info just because they use a bog-standard Ubuntu distro. Users didn't knowingly consent to this.
You buy a dishwasher from Best Buy. They send your name and address to Maytag. You buy soap from Walmart. They send your name and address to Johnson & Johnson. You buy a sandwich at your local deli. They send your name and address to Boar’s Head. Cool?
I know this is meant as a rhetoric, but it sounds like car sales.
I bought a car last year. They sent my name and address to Sirius XM and now I'm getting spammed by marketing calls + marketing physical mail for Sirius XM when I don't need such service. I have a phone and all my music on it. It's already something that happens in the non-software world and it's definitely annoying there too!
In the car of Sirius it's pretty amazing the lengths they'll go. They send out a Customer Agreement with a welcome packet when they activate a trial subscription for a particular unit (usually when you buy a car, new or used, but I've received it on my car that I bought 4 years previously). That agreement, it claims, has the power of contract, and will be binding on the customer as soon as the service is activated or the customer receives they're policy. Of particular offense to me, it subjects the customer to binding arbitration (for a trial subscription the customer never requested or affirmatively agreed to). They've literally gone to the Supreme Court (and lost) arguing that a trial user could not sue for their nuisance mail because of the arbitration clause. The agreement states that it remains in effect unless the customer cancels their (trial) subscription within 7 days of activation, and only by phone.
In my most recent case I received such a packet 6 days after the date they said they activated the service. I called the same day and told the agent I wanted to cancel my trial subscription, citing specifically that I did not want the service and refused the terms of the agreement. The retention script (which is the same no matter which agent you talk with) is, "well you can keep the trial going and it will just expire", and repeat it several times. You have to be persistent and use the language "cancel my subscription", or you will get nowhere.
I still received mail sent before I cancelled, I received a piece of mail acknowledging a cancellation and offering a new, discounted subscription. I believe I received at least one more piece of mail.
To be clear, I do not think any of my efforts will get my contact info out of their databases. Auto purchases are recorded publicly (at least in my state).
My comment above was about the extent to which Sirius, as a company, puts up hurdles to protect their nuisance practices, including shrouding them with legal claims that they will defend at the highest levels of jurisprudence. They lost their case in 2014 and updated the language in their agreement, presumably to address the weakness of their previous agreement, since it still claims to bind the customer without any action on their part.
In any case, I do not want to derail this thread any further.
That specific one really sucks. Every time I’ve bought a car that had a satellite radio I got spammed for like two years by Sirius XM. How are they still in business?
> You buy a dishwasher from Best Buy. They send your name and address to Maytag... Cool?
Since most appliance manufacturers require you registering your product with them for warranty service, yes, please take care of that for me (many appliance stores do). Now _should_ Maytag require that registration? If it makes for a quicker and smoother warranty service process then I'm okay with it - better than needing to dig up a receipt in three years, only to find that the thermal printing has faded.
There is a difference between you checking off a box that says “send my info to Maytag” and BestBut just doing it and then when you find out about it Maytag saying “you weren’t supposed to find out”.
The difference, as usual, is: consent and control. 1. the user did not provide affirmative informed consent (it was buried in a ToS doc that nobody reads) and 2. the user has no meaningful control of the sharing.
> Since most appliance manufacturers require you registering your product with them for warranty service, yes, please take care of that for me (many appliance stores do)
Manufacturers legally have to honor their warranty regardless of you giving them your information. They don’t exactly say you won’t be covered by warranty if you don’t “register”, because they legally can’t.
Really? This happened to me at least ten times, and I'm not even American, just sometime buy devices directly from the US. For example, my LG phone comes with an additional year if you register your device.
I don't know if it is cool, but I wouldn't be surprised.
The idea that a AWS or Aszure market place with third parties involved is different than say my example, an App store with third parties seems like a good way to think about it.
I'm not justifying the policy, but I am noting the context isn't that different and how we should think about it.
That’s fair. I guess if Canonical is selling something directly by using Azure’s storefront that’s a different thing. Still, their response to this is pretty terrible.
I can’t even imagine what that might be. But technical support for my sandwich making needs would be fun. Kind of how Butterball (I think it’s them) has a help line on Thanksgiving for cooking turkeys. They made the news a few years ago by hiring men to work the phones because they learned that men cook more frequently now but feel uncomfortable asking women for advice. I had a good chuckle at that.
A mounted boar's head to mount on the wall that makes grunting sounds when it's sammich time. But being HN, it'll also have cameras for eyes (3d) and microphones in the ears so that it knows when it is time to re-order more product. Maybe it'll link with Alexa/Siri/GHome with an articulated mouth so that it makes it look like it is Alexa. If you place it where it can see the contents of your fridge and/or pantry, it will be able to automatically order food for you.
I have a sneaking suspicion Boar's Head et al. know sandwich making secrets that would substantially improve my lunches.
I mean, you do anything for long enough, you get good at it. Especially if you're soliciting feedback from even more people who are doing it.
I think somewhere out there there's a story of a Brita customer support rep tracking down a filtration engineer to get a technical answer to how long one could filter and drink urine for.
Those actually seem reasonable (other than the swag one) if and only if that info is locked away on a need-to-know-basis, it’s used for precisely that purpose, and regulators vigorously punish any sharing or release. The GDPR seems like a good step in that direction.
For recalls the customer could subscribe to a public recall channel and warranty can be handled on a machine-identity basis (at least until the warranty actually kicks in) so none of those really require personal data upfront.
Up until a few years ago, something similar used to happen when you bought a TV set here in Sweden.
If you bought one, your information was shared with the entity ("Radiotjänst") in charge of collecting the mandatory TV fee (funding public service radio and TV programming).
The fee is now collected as tax instead, so that's no longer the case.
Except we are talking about licencing here, not buying. If one likes it or not, buying of physical or non-physical goods has long been very different (I'm not supporting it, but it's the reality.)
I am somewhat OK setting up a loyalty card with a grocery store. I am much less OK with that info being shared. But also grocery stores tend not to check your info when you sign up so I have a whole lot of cards in the name of e.g. Deez Nuts.
The distinction here is when it’s a marketplace. You buy a product from a third-party vendor on Amazon. Amazon sends details of your purchase to the third-party vendor for fulfillment. Cool.
I don't know how I feel about that. Am I doing business with Amazon or the third party? If it's the third party, I want it to be crystal clear that they are the ones who will get my info. And if it's not crystal clear and I find out and their response is "oops, you weren't really supposed to notice that"...
Again, think of the grocery store example: you go in, there is a Boar's Head counter where they sell sandwiches. You grab a sandwich and head to the checkout line. You pay the grocery store worker who is wearing a grocery store shirt and get a grocery store receipt that says you just bought a $5 sandwich and used your grocery store loyalty card. Do you expect that Boar's Head will get the details of your loyalty card, which sandwich you bought, what else you bought, etc. even if the back of the receipt says in fine print that the grocery store may share that information with someone?
If Boar's Head had their own clerk and their own cash register you'd be doing business with them. But then it would be clear cut, right? The fact that the grocery store is processing the payments and presenting it as essentially they are reselling Boar's Head products would imply that Boar's Head is not involved in your individual transaction.
If this is a service you are buying from Boar's Head but they simply use the grocery store's cash registers, accounting, inventory, etc. then I would argue it's on the grocery store and Boar's Head to make it crystal clear who you are doing business with, or else you run into situations like this. And if a situation like the one that started this whole debacle happens, their response should be "We are sorry. We never made it crystal clear why we get this information. You see, we are partners with the grocery store and when you buy our delicious sandwiches from your local Piggly Wiggly you are actually doing business with us. We know it's in the grocery store's TOS, but we think it should be clear that you are actually our customer as well when you transact business with them for our goods. This is to provide benefits X, Y, and Z. If you don't want to do business with both Piggly Wiggly and us, here are some alternatives to get our delicious sandwiches elsewhere and some recipes to make your own. In addition, this incident happened because our sales staff was not properly trained on how we should use our customer data. We are going to review our privacy policies and publish an update in six weeks or sooner with what we will be doing going forward. If you have any concerns, please contact me directly. XOXO CEO of Boar's Head."
Where did you get the idea that I think corporations are people?
It's OK for the grocery store to see my data for because I explicitly consented for them to do that when I gave them my name and address when I filled out the loyalty form. Same way that I need to give some info to Azure to create an account, right? They aren't an anonymous service. But it's an active opt-in situation. You give them your info. They don't just take it.
Exactly, I'm not so much cool with the policy here, but absolutely we should think about what we want and take appropriate actions like you did if we want to avoid it.
Well, my reason was also because I was having so much trouble trying to find a machine+zone+disk setup that was available and under my $50/month budget since I'm running on MSDN subscription credit. What a freaking pain in the ass.
AWS has the same. If you treat it as an actual marketplace with individual images uploaded and licensed by their IP owners and not as “images of popular distros hosted by Microsoft” then it really does make sense. They’re not resellers, they’re just facilitating the marketplace.
My first thought was that companies that are selling complementary services (and that's really the difference between Debian and Ubuntu here) are obviously going to have mutually beneficial affiliate agreements. The vast majority of us are probably working at companies that do that. Someone mentioned Oracle licensing enforcement and yeah, I wouldn't feel like a victim if I used bootleg copies of Oracle and the bootleg copy told them without me expecting it. I think in this case it should be clearer and opt out, but honestly - who among us is the least bit surprised that Canonical at least gets some referral here?
But where they specifically went wrong? Well one of them was absolutely the way the "point of contact" reached out. If my professional email was shared with you as part of a professional agreement, adding it to a mailing list to sell me on the paid version of what I used for free makes sense. Sending some of those specific details to my personal account, which by the way you aren't sure is actually me, is way over the line. The salesperson personally screwed up big time there for sure.
The other thing is the granularity of the data, and that's also over the line. I read that agreement and think sure - they'll know our company has used their company. But specific actions taken by specific developers? There are users that avoid certain providers like the plague because in some way they're competitive, and even if they trust them not to directly compromise security measures, interfere and steal data - they still don't want a competitive company having insight into their costs, development, traffic, etc. This kills the trust you may have in Microsoft from that standpoint.
Yes, that is the big takeaway here and why I just lost a ton of respect for Canonical.
In Canonical's statement they never regretted using the information to contact the user. The part they regretted was TELLING the user that they are monitoring the installs and linking those installs to personal contact details.
Canonical promised to improve training to avoid those "poor choice of words", NOT to stop the practice. Basically they will train their staff to make it feel more serendipitous when they just so happen to reach out about selling an enterprise license moments after you install the VM on Azure. Canonical doesn't regret this sales practice and plans to keep using it. That's the scary part in this story.
Once you decide your cloud platform will include a marketplace for paid, licensed enterprise software, this doesn't surprise me all that much (although it kinda sucks)
I mean, is it even possible to buy an Oracle license without Oracle knowing who you are?
Azure is... really weird like that. Sometimes it feels like I'm working with Amway, not Microsoft.
A few months ago I spent like a week or two playing with Azure Sentinel -- I'm a contractor for a company that develops some security solutions, and I was trying to see if and how the feature I was working on could be integrated with a SIEM. Sentinel, of course, was one of 'em.
So I do my thing, then a few weeks pass, then out of the blue, one afternoon, my phone rings...
...and there's a Microsoft representative at the other end, asking me what I thought about Sentinel, if I encountered any difficulties with it, what my plans are and so on. She seemed to be working off a full report of my usage, too, as the questions were pretty specific.
Thing is, my total usage of Microsoft Azure Sentinel was on the order of, what, 16-20 hours? spread across several months. I don't think I've issued 50 request in total, and I would've issued less than 5 if Log Analytics didn't take like forever to show my data on the free tier (not that I'm complaining, the price is unbeatable :P). I was on the free tier the whole time, it seemed like such a gimmick that I didn't even bother going through the company I was doing all this for.
Either the Azure team is desperate for customers or they have more salespeople than Oracle has lawyers if they ended up calling a small fish like me.
Microsoft is trying to position Azure into the world currently dominated by contractors visiting the Windows Server closets of Main Street businesses. This is how that world works.
I wonder whether the LinkedIn profile of the customer was directly handed out to the Canonical by MS, because invite by email on LinkedIn cannot send 'custom invite message', Canonical Agent seems to have manually sent an invite with custom message which leaves us with two possibilities -
1. Agent had enough details at hand to confirm that the LinkedIn profile was indeed that of the customer.
2. Access to LinkedIn profile itself (e.g. profile URL).
If 2. how did MS make that association? AFAIK there's no mechanism for the user to connect LinkedIn profile to Azure or vice versa.
Depending on the jurisdiction it might be. E.g. in Germany cold calls (actual phone calls) even for B2B are only legal under certain conditions (generally either preexisting registration of intent, or if it's common in the specific industry). I'm not sure what the regulations regarding cold e-mail or messaging are, though.
Damn, I wasn't aware that they share this kind of information. Luckily I'm in Europe and I think here they'd need at least an additional opt-in to do stuff like that. That said I
have to say "No thank you, please don't send all my data to the cloud" at least 5 times when installing Windows 10 these days, so I'm sure they definitely try. I haven't used Azure in a while though so I can't be sure.
That's also why I use Sublime Text instead of VS Code and run a private Gitlab instance instead of developing on Github (barring open-source work, which I do in the open anyway), as I'm pretty sure MSFT will find an excuse to mine my telemetry data for their own benefit eventually.
A T&C is a terrible place to put this in. This should work like an account linking flow (e.g. sign on with Apple to a site), where Apple lists everything they share explicitly when you click login.
Sending out a cold email is one thing (most of that ends up in spam anyway), but why the fuck are these people taking the contact details and plugging them into a social network?
I don't agree with any of it, it's a violation of trust and burying it in small print doesn't change that. But having people reach out on their personal networks takes the cake.
As someone who works in tech sales - the real bullshit here is that this is some right-out-of-college 22 y/o entry level sales person (SDR) who was likely told to to take this list and message everyone on linkedin 1x1.
The negative impact of this goes on his shoulders where the positive responses from this get passed off to someone else who is outside the blast radius.
Stuff like this is the norm when sales is viewed as an extension of marketing ("we need more leads") and not as a function that helps companies coordinate the evaluation and purchase of software ("we need to find out if this is the right fit for them") and the ones who pay the highest price are at the lowest levels when it's executives who are giving the orders.
> The negative impact of this goes on his shoulders
Well, in this case, people are mad at Azure/MS and Canonical for betraying developer trust, not the individual salesperson. He's just a pawn in the game. It's not like this guy went rogue; this is his job.
The system is setup in a creepy way to enable this type of upselling, which makes people uncomfortable. Whether or not Azure or Canonical change policies, we shall see.
> Well, in this case, people are mad at Azure/MS and Canonical for betraying developer trust, not the individual salesperson. He's just a pawn in the game. It's not like this guy went rogue; this is his job.
It's still his linkedin profile plastered all over twitter right now though more than Azure's EULA/T&C's.
"On February 10th, a new Canonical Sales Representative contacted one of these developers via LinkedIn, with a poor choice of word. In light of this incident, Canonical will be reviewing its sales training and policies.""
My reading of this statement is that they are scapegoating the guy.
This. Typical Marketing and Sales tactics involve using the lowest level employee both because they're naive and because they have nothing to lose because they're already lowest on the pecking order.
I think an attempt to scapegoat would look more like "in violation of our established policies and rigorous training, a Canonical Sales Representative contacted one of these developers via LinkedIn."
The actual quote acknowledges that the company's training and policies are at fault. I'd also expect a scapegoat to be publicly fired or disciplined, did they say that elsewhere?
> "On February 10th, a new Canonical Sales Representative contacted one of these developers via LinkedIn, with a poor choice of word. In light of this incident, Canonical will be reviewing its sales training and policies."
Edit: Yes so just to be clear, according to their official statement they are scapegoating the salesman. They call him a "new Canonical Sales Rep" to imply he isn't experienced and made a mistake. The only responsibility that Canonical took is that they will "review its sales training".
The only blame they gave him was that he had a poor choice of words. They're not saying he went against training or policy. They're not saying that he's being disciplined or fired.
Canonical said that they need to review their policies. To me, this implies that what he did was not against policy.
> It's still his linkedin profile plastered all over twitter right now though more than Azure's EULA/T&C's.
This is pretty disgusting that someone didn't think to cover his name or image while complaining about what is essentially privacy and having a central beef with two companies. That said, while it's disgusting to me, it can easily be shrugged off as "thoughtless" by others because privacy is not a mainstream concept.
Frankly, using a personal profile for work activity in this vein is just not a good idea. Regardless of whether Linkedin ‘forbids’ creating secondary accounts.
This reminds of of a 2019 paper on "moral crumple zones"[1] which talks about how the human component of automated systems are increasingly there to act as the focus for moral failures. Did your giant automated system do something bad? Blame the one human who was assigned to somehow stop that from happening, no matter how impossible that might be.
Also see Normal Accidents[1] which discusses "human error" as a PR cover for systems that are simply too complicated for unaided humans to monitor and understand.
Normal Accidents is a real classic of the genre of disaster studies and points out some very useful realities for tightly coupled systems. Engineers building highly complex systems would do well to read the book and take its lessons to heart.
Interesting, that’s a great concept. But I’m not sure of the applicability to this case. I’d expect most people to feel icky contacting a lead on this basis, and so that feels like it’s well within the kind of thing a low level employee should throw a red flag at.
The aspect that reminded me of the paper (and the concept) was how the low level employee can really only screw up. If they do well, then it's a credit to their boss, but if they do something wrong it's on them and they'll be fired.
It could be also that the sales person did this on his own initiative for a couple of extra points. It might not be standard practice, but we'll never know.
Your PII will be in their CRM and they will have access to their CRM. Literally all they need to do this is your name and linkedin. If you think sales people won't have access to names of potential leads then I am not sure what you think sales people do on outbound sales.
Even in an CRM there should be checks on who can access what PII and when. There is a difference between "you are assigned 100 leads for the duration of lead qualification" and "you can yourself pick out leads (and can get access to their PII) out of any of the thousands of possible leads".
I think your expectations of how a company handles Leads are unrealistic. A company just needs to keep your data safe. A sales person having access to Leads makes complete sense. A sales person being able to see if a lead has been chased makes sense. A sales person being able to find Leads to chase that they are best qualified to chase makes sense.
No it said not use that for marketing. And they didn't, the sales person said he would be the point of contact. They didn't market or try to sell him something in his message. He just send a request to be his contact.
The legal difference is important. No court would ever agree that “I’m your point of contact” is marketing anything. And since it was about the legal agreement between Microsoft and Cannonical the legal difference is anything but pedantic.
Courts look at the intent of contracts in the minds of the signers, not hyper literal readings of fixed-in-stone words. When both MS and Canonical agree that this breached acceptable usage, it’s time to give up that fight.
Neither company as far as I can tell agreed to that. Cannonical said it was a poor choice of words and in light of that review their policies. Aka tell people not to be so creepy. Microsoft just stated what the terms were. Unless there have been new statements released which I doubt since legal would probably have a fit if someone did that.
As I said no court would ever agree that “I’m your point of contact” is marketing.
> is that this is some right-out-of-college 22 y/o entry level sales person (SDR) who was likely told to to take this list and message everyone on linkedin 1x1.
We don't know that
It could also have been that this person, just in the company and wanting to make a sale has used leads he wasn't supposed to act on.
I can definitely see an inexperienced person doing that kind of mistake. Not blaming the guy, he was just trying to do his job and meet his targets.
But I've seen a lot of "stupid" things done by new people at a company with various degrees of "making the customer or other departments annoyed" (in sales and in technical positions)
I like this distinction that you’ve made between marketing and sales. As a technically minded person in a business development roll, I’d like to know more about it. Do you have any resources that you can suggest?
Modern day? The pressure of sales jobs never went away. Ask your local bank teller. Their jobs exist in this day and age, not to help Grampy who prefers interacting one-on-one, but to sell her credit cards, expensive chequing accounts and loans she doesn't need.
Early in my career, I worked for a tiny company that exclusively built plug-ins for a specific SAAS platform. I noticed there was a public-facing page where one could search for any customer of this SAAS platform, so I built a scraper that would auto-search names, main URLs, and ticker symbols for every company on the S&P 500 into this search.
I demoed it with 5 companies to a member of the sales team, and he politely asked me to remove the script from the company laptop, and seemed to be annoyed at my script kiddie antics. He said it was nearly impossible to build a lead out of that kind of information, and that any shop that would try and use that kind of poisoned fruit would quickly tarnish their reputation.
>He said it was nearly impossible to build a lead out of that kind of information, and that any shop that would try and use that kind of poisoned fruit would quickly tarnish their reputation.
I think one of the caveats to that is good sales folks probably would do exactly as you describe. But there's always good sales folks who are making sales, and then the desperate ones who have nothing but time on their hands to try other things simply because they have time on their hands or are desperate.
That sounds like a quality sales team. Things like the OP tend to happen when you take inexperienced and desperate sales people and make them work on straight commission with no mentorship. Exactly as the person you spoke to feared, this has tarnished the reputation of the entire Canoical organization, which is exactly why you don't do that.
Side note... the user on Twitter that originally reported this had his account locked by Twitter for posting the LinkedIn message from the Canonical sales guy.
I love how being contacted by a salesman that is acting accordingly to the terms of the contract he accepted is BAD! but publishing a private message without consent and without obfuscating name and surname is RIGHT!
I personally have no qualms publicly posting corporate solicitations on the internet. Had it been a message of personal nature, it would be an entirely different story.
Regardless, it seems abundantly clear that this is his _job_, and he is not at fault for following the directions of his corporate overlords. No one's saying to go trash his house, and all the information he posted (name, photo) is publicly attached to his linkedin profile that is accessible to any authenticated LinkedIn user.
Agreed; while redacting the name and photo would be the cordial thing to do, I don't believe these actions warrant a ban. There is a difference between posting the name of someone who didn't make an effort to be public, and the name of someone who has a public profile on a public social network (Linkedin) in the course of an unsolicited communication.
Think it through for a second; if he had, instead of posting the name and avatar of the user in the screenshot, at-tagged the sales rep's Twitter account; would he have gotten banned? I think not. That's totally normal behavior on Twitter; it happens a billion times every day. And its exactly the same thing.
Twitter has, in the past, left Trump's account up for far, far worse offenses. They need to get their act together. The word I'm hearing around Wall Street is that Twitter's moderation strategy is one of the bigger reasons why the company is so undervalued, and investors are becoming concerned that there's too much Emotion, not enough Process, in their decision making, well, process. Its a critical thing to get right in a social media platform; too little and you get Parler or russian election interference, too much and it becomes unusable. Twitter is getting it wrong; very very wrong.
Only at the most primitive level of morality. Over that basic layer, I'd still consider how the publication of the message may affect the other person.
For example: Do you think it's morally OK to publish nudes that your partner sends you? I don't think it should be illegal, but only a massive asshole would publish their (ex) partner's nudes.
Morally, to each their own. But legally it certainly depends. In France you can't for private conversations, for example. I don't know if this one would qualify.
In fact no. Once I send you a message it’s neither yours or mine, it’s owned by the platform. Thus if the platform does not allow for « sharing » without consent you must follow their instructions.
Also if you believe privacy is a right, you should ask that person before sharing this digital content he created that has hid identity in it, otherwise you should hide it.
For a paper letter it’s obviously different, once you received it it’s obviously yours.
The object may be yours. Copyright in the contents unless specifically assigned elsewhere (in many service agreements a grant but not an assignment is made to the service operator), remains with the author.
Fair-use affirmative defence (under US law), fair dealing (UK),or equivalents elsewhere, may apply. Infringement claims, if any, would rest on thin grounds. Under the specific circumstances here, privacy claims likewise.
There is no copyright protection in the fact of communication. Nor in the details of who did so.
Generally I'd argue for a legitimate public interest in sharing the communication in cases such as this.
taking a cue from Cancel Culture. Wants to inflict as much public shame and probably wants this rep to lose his job.
In fact, by publishing his name you're giving the company an opportunity to throw him under the bus. It redirects culpability. Microsoft and Canonical should be the only focus.
I thought this was going to be a Clippy joke, but the truth was much more disturbing. Why is Microsoft sharing this level of information (from a corporate account) with third parties?
Well I think we all know why. They make money from it. The question that’s more relevant is how many of you are going to cancel your Azure accounts and move to a different host after seeing this and will it lose MS enough money to stop the practice. I’m taking bets that not enough will at 50:1 odds.
* They periodically phone home with: Ubuntu version, kernel version, architecture, CPU model, curl/wget version, cloud (if applicable; aws/openstack/...). This is part of the delivery system of the ads mentioned above. See /etc/update-motd.d/50-motd-news for the actual script.
The zfs reason makes sense, but in recent releases Debian and Ubuntu take the same approach to systemd, so switching between those two wouldn't meaningfully change the init system situation. (I did see the smiley face; this comment is just in case that smiley is more self-deprecation than sarcasm, or for other readers.)
I put the smiley there because just the other day I was defending systemd on a different HN discussion as a perfectly usable piece of software. I meant that I wanted to move off a system that uses systemd which would mean both Debian and Ubuntu. It has been a while since I’ve run a non-Linux server so part of it is to stretch my stead in muscles. Don’t want to get rusty.
How good is freebsd to host a typical PG + nginx + docker + Rust/Python backend? ie: Can I use last versions of everything and expect to work? I have always used ubuntu.
If you use docker heavily, *bsds are not an option. You do not need a *bsd just for ZFS, although it is supported quite nicely. I use zfs with proxmox for my server, which is debian based.
I would recommend using debian buster. People lose their minds over systemd and it's ridiculous. Debian has been the best experience of any distro that I've used, and I've tried most of them. For my router I use openbsd.
BSD has jails which are roughly equivalent to Docker and are older and more stable tech. I am also a big proponent of not needing Docker nearly as much as most people seem to think it's needed. Sure, if your stack revolves around a custom-compiled nginx version downloaded off some guy's FTP site then Docker is nice, but also why does your stack revolve around a custom-compiled nginx version downloaded off some guy's FTP site?
The rest will run as well or better. FreeBSD is a more cohesive unit and by some claims is more performant than Linux.
tl;dr: no it won't be a seamless move because the only seamless move would be from Ubuntu to Ubuntu. But if you are willing to explore tech that isn't the current in-vogue stack you will find some really cool stuff in BSD-land. And their rc.conf is a pleasure to work with compared to to the million config files you need to use on Ubuntu/systemd.
For people who use docker at work, avoiding it is simply not possible. Our stack revolves around images (not necessarily docker), so *bsds are dead in the water for me.
Additionally, orchestrating is simplified with docker-compose vs managing many jails. I used to manage freebsd jails via cli in FreeNAS, but orchestration with docker-compose is much easier and trackable in git. Transferring between machines is as easy as setting up docker, git cloning, and setting secrets. [0] Podman solves some issue docker has, but using stuff like S6 [1] in containers helps a ton. Perhaps most importantly, docker images are reproducible (for the most part) while jails only have templates, so it's up to you to manage reproducibility.
Don't get me wrong- OpenBSD and FreeBSD are amazing distros. OpenBSD has the best user experience in my opinion, which is why I use it for my router. But they suck for modern gaming and stuff like docker.
"custom-compiled nginx version downloaded off some guy's FTP"
This is a strawman argument. But, sometimes one might want custom compilation without installing a host of build tools on the host system. Or one might want to have a reproducible build not tied to the host system. Compilation may be expensive (like with ffmpeg) or the host may be underpowered like a Raspberry Pi. Etc.
I agree with your arguments in that if your stack is already built on Docker it's a lot to ask to move to a different system. But if you are choosing a new stack for a new project, why not look at alternatives to Docker? There are many and jails is a good one. Granted, I haven't looked much at orchestration tools for jails.
As far as do you need Docker in the first place? Well maybe. One of my favorite orchestration and deployment systems I built was based on packaging everything as .deb files and running our own apt repo. Since all workstations ran Ubuntu and all servers ran Ubuntu getting our system up and running was as easy as adding our custom repo and running `apt-get install our-custom-project`. apt is great for resolving dependencies and this way we don't end up with a mess of files all over the place. Plus this way we got all the benefits of not having to update every container when a libssl update was required. Just run `apt-get update && apt-get (dist-)upgrade` and suddenly you are fully up to date and restarted.
Orchestration on this system was accomplished by using puppet to set up the custom repo, install the packages, install all the current config files for the system services as well as our own, and starting all the services in order. Reproducible to the point where when one of our servers (we had a few pieces of beefy physical hardware) blew up, we simply set up a new one, ran the puppet manifests and were back to full capacity within like an hour. Mind you this was back in 2010-2012 and tooling has only gotten better since.
This type of thing also allows you to nicely package any custom versions of software you want as well. Want a custom build of nginx? Go run the script that builds it and makes a .deb out of it, then upload to your repo. You aren't relying on some guy with a blog post to keep his server up. You aren't even affected by GitHub going down if you don't host your apt repo there. Or use it out of a PPA someone else maintains. But there is zero need to wget/make/make install with this setup. You aren't doing reproducible builds because it's a build once, run everywhere system. And it makes you very directly consider what your dependencies are. Do you really need that unmaintained library written in an esoteric language that requires a SPARC to compile? Docker allows you to hide bad dependencies behind the idea that they are inside a container so the harm they can cause is limited and the headache is localized. But that just treats symptoms, not the problem.
"Since all workstations ran Ubuntu and all servers ran Ubuntu"
Admittedly our company is small (~5 fulltime devs), but we have: mac osx catalina, debian buster, debian bullseye, and ubuntu bionic beaver. So precompiling .debs won't work here. Docker gives us all a common ground, minus some wonky mac docker issues with DNS.
Also, this assumes that one is using a server in the first place. We run our own kubernetes cluster that we automatically provision and deploy pods to, so there is no server to upload files to.
"You aren't relying on some guy with a blog post to keep his server up. <...> And it makes you very directly consider what your dependencies are. Do you really need that unmaintained library written in an esoteric language that requires a SPARC to compile? Docker allows you to hide bad dependencies behind the idea that they are inside a container so the harm they can cause is limited and the headache is localized."
Again, this is a strawman. You can butcher things with docker, or without docker. The same can happen with i.e. Ansible & Terraform (which we also use). I can, and do, analyze our images to see what we can reduce to. Most of our images are either on Scratch or Alpine Linux, thanks to multi-stage builds.
Since each build is localized to a container, we can independently update images and not have to worry about dependency mismatches, or random directories being modified, etc.
My opinion will be biased because I've written at least ~120 docker images in the last two months and spend a good bit of time tweaking and optimizing them.
> Admittedly our company is small (~5 fulltime devs), but we have: mac osx catalina, debian buster, debian bullseye, and ubuntu bionic beaver. So precompiling .debs won't work here. Docker gives us all a common ground, minus some wonky mac docker issues with DNS.
That does make it more difficult. Docker does sound like the common ground then.
> Again, this is a strawman. You can butcher things with docker, or without docker. The same can happen with i.e. Ansible & Terraform (which we also use). I can, and do, analyze our images to see what we can reduce to. Most of our images are either on Scratch or Alpine Linux, thanks to multi-stage builds.
It's a related argument. My point is that Docker allows you to take shortcuts too easily compared to other methods. And when you are faced with figuring out how to make your software work with widgetlib 1.0.4 provided by the system instead of widgetlib 1.0.5 which is what you originally built it for, you have a choice of packaging 1.0.5 yourself and potentially doing that improperly (make && make install inside a Docker container, paying no attention to dependencies or upgrades), or properly (by creating a standard reproducible build you can track). Docker allows you to take the shortcut easily. It's a powerful tool and it does allow you to create good images, but I have also seen some terrible ones (just like I've seen bad examples of .deb packages, but a lot fewer of them).
Regardless, it's about how you work and how you structure things. I am coming around to Docker as a workflow, but I doubt I'll be creating 120 microservices to run one project anytime soon. Too many things to keep track of and update.
I'm pretty sure it's the other way around, and Microsoft has similar agreements with most of its partners.
Ubuntu's however, is a free OS, so any cloud hosting can use it without major repercussions even without any support contract with Canonical. Any cloud provider that doesn't like this agreement, doesn't have to make it.
It's enough for me to have an extremely bad taste in my mouth, that goes for both Azure and Canonical. On the topic of linux distros, we do use Ubuntu, mostly because that's often the least effort distro to spin up, but the choice of distro is fairly arbitrary nowadays, especially for Ubuntu. My current employer uses AWS so the question of switching platforms probably won't arise now, but whether it's at this company, a new company, or my own side projects, you can bet the decision over which platform to use will come up, and horror stories like this aren't easily forgotten.
We tried making three Sendgrids for every environment but we werent aware that Azure has a limit of two per subscription... We got 'banned' and cannot change any of their passwords, cannot login, remove them, reset in any way, Sendgrid support sends us to Azure support. On Azure support we got an guy who barely spoke english and prolonged the case with meaningless messages for over six months after which we gave up, issue was not resolved, we're stuck with two banned Sendgrid accounts within subscription. I guess spendings of 18k eur/month is not enough to get proper support.
It definitely gave me Clippy vibes, and suddenly thrust me into a Black Mirror type of situation where a current day Clippy would literally forward all of your work (keystrokes, open programs, files) to sales and ad representatives so they can sell you more stuff. Every day I'm more and more paranoid of big companies now!
Then why do the T&C contain such garbage, and why do people "accept" them (the answer to the last question being that most probably don't read them... well that strategy has its limits, for both parties apparently...)
The MS response in TFA is illuminating: terms for publishing an image on the marketplace are that MS will make certain information available to facilitate user support. Sales and Marketing are explicitly forbidden uses of this information. Canonical violated their Terms, in what is probably a GDPR violation of some kind if the user is in the EU.
What's interesting is whatif any enforcement action comes of this. It's not like MSFT can restrict Ubuntu image use on Azure; Linux is literally the majority of their usage. Can they sue?
I installed Ubuntu onto a physical machine recently because I needed to use a Linux package for something real quick.
Upon trying to install the incredibly common package I was given some error about it not existing and some nonsense about using snaps. I don't care about learning how to use snaps, I just want to get something done. I quickly installed Debian instead and got back to doing the work I needed to do. It really soured my opinion of Ubuntu - a distro I first used back when they were still mailing out CDs.
This furthers my negative opinion of Canonical and solidifies my position that I'll never use Ubuntu again. Debian it is for me if I need Linux.
I too have started to notice some increased “friction” when trying to setup Ubuntu these days.
Like you, I don’t care about “snaps” (though in my ignorance I’m willing to accept I may be missing out on something useful...)
Even when you go to their Download page for Server, the first option is not a download link but some blurb about “Multipass” which I’m pretty sure is not what the majority of people are looking for when they click a menu option called “Download” for a server OS.
But this LinkedIn crap is just awful and surprises me coming from Canonical.
The first option is to run Ubuntu server in a VM, and most users will want to run Ubuntu server in a VM. Multipass is a tool that helps you run Ubuntu server in a VM. Multipass is just a front-end for KVM when you use a Linux distribution. If you use Windows, it is a front-end for Hyper-V, etc.
The second option is to perform a manual installation, which means that you get the ISO and do your thing.
Between the two, most people would want to install Ubuntu Server in a VM rather than on baremetal. I think it makes sense to put that first. If a person is a power-user, then can read on and select Option 2.
I see that there is a perceived negativity on anything Ubuntu that if something is different, it is perceived as something bad is happening.
Canonical now goes far, far (far) out of their way to hide the normal ISO installers. I mean, they try and bury them so deep that I can only find them now by googling for the name of the ISO I already have. Find your path to this page easily from the landing pages: http://cdimage.ubuntu.com/ubuntu-legacy-server/releases/foca...
What search engine are you using ? The first result when typing "ubuntu iso" in Google leads to a page where the first button is a link to a direct download.
For "ubuntu server iso" it's pretty much the same, with just one extra click
We are not talking about the same thing - those first hits are the "Live" ISO not the actual installation ISO; the "Legacy" (their word) installation ISO is the 7th link down on Google for "ubuntu server iso" below the Google injected "People also ask:" with a bunch of whatever you call those things they put there (forum and mailing list links usually).
Doesn't the live cd present a boot menu with a direct install option like others do? If not, that's even more annoying; it already requires a DVD these days because they have to include too much software, they should certainly be able to include a tui installer.
I've read that starting with 21.xx they won't even produce ISO media with the normal installer on it, we'll get the Live version and nothing else. Time will tell.
I agree that most people will want to run Ubuntu server in a VM.
I don’t agree that Multipass is the obvious default way that most people will want do this, given that Multipass is clearly aimed at local workstations for dev/testing and not actually servers.
I’m working on the assumption that “Ubuntu Server” is designed primarily for servers, and Multipass, by its own description page is categorically not designed for servers. It’s for a secondary use-case of running a test environment locally on a dev machine.
My point was that it seems strange to push a secondary use-case as the first option on the download page.
I’m not saying this is absolutely terrible, but it was just an example of some seemingly unnecessary friction being introduced.
From the Multipass info page: [0]
> “Ubuntu VMs on demand for any workstation”
I've used snap for setting up a Nextcloud server. It was honestly pretty easy, and it auto updates. I'm normally not a fan of autoupdates, but for a publicly accessible service, it is appreciated.
However, I've never packaged anything for snap, so not sure how it is to use.
I seriously don't get the hate... snaps are easy to manage, probably more secure than adding a bunch of PPAs (what many are doing blindly as soon as apt fails them), and I didn't notice any performance hits using them. And it seems like it's probably far easier to simply create and maintain a snap than the alternatives. If this means creators distributing and packaging their programs on their own more often rather than unreliable package maintainers being in the driver's seat, what's to lose here exactly? From the user's perspective the interface is also very lean and clutter free.
$ snap search x
$ snap list
$ snap info x
$ sudo snap install x
I've interacted with snaps to a bare minimum, and I am sure all of those are correct. I am sorry, but "some nonsense about using snaps" -> "I quickly installed Debian" -> "this furthers my negative opinion of Canonical".
Talk about Canonical getting a bad rep for pretty much everything they do...
You might be right about snaps being great. I'm not giving them a fair shot, you're completely right about that.
Here is the thing from my perspective though - I have never had any trouble with apt that has made me think 'I wish to use something else'. Apt works. It does what I expect it to.
When you're just trying to get something that should be simple done the last thing you want to do is spend a bunch of time learning a new system that you didn't even ask for.
When I try to use a project that includes a quick startup script that is rendered broken by something I don't even want...well I just move on. No big deal really, I'll just use Debian and if eventually I hit a point where I want something else I'll give it a try on my own time/terms. Not in the middle of trying to do something else.
I used to be a ubuntu user from the time they were mailing cds like you. I abandoned ubuntu for debian when they started doing strange things with my desktop like putting the window controls on the wrong side of the window for no other reason than user lock in.
Last week my son installed ubuntu on his cheap tablet pc. it worked flawlessly : wifi, sound, track pad and even touch screen. on screen keyboard worked. even the wacom tablet worked out of the box. when he was on windows he had to install a driver for it to work!
so I guess I'm not mad at ubuntu anymore. it's just not for me. or any linux geek. it's for windows users.
Those windows controls on the left was the result of UI experiments. The mouse travels less when the controls are on the left. Imagine launching an application with the launcher on the left, and when you want to close to close the application, you have to move the mouse aaalllll the way to the right.
It is not a breathtaking innovation as OS/X had been doing it already.
You can learn to use the windows controls on the left. I got used to using them and it takes a few days to feel at home.
When sadly Ubuntu switched back to GNOME Shell and reverted this change, it felt really unnatural to have those windows controls on the wrong side. Still, you get used to it after a few days.
Honestly as a half-half Windows user the stupid window controls on the wrong side is a big enough turn-off for me that I won't even consider Ubuntu. I think it's for Mac users.
Most likely you tried to run a command, this command was part of a package that has not been installed, and Ubuntu suggested to you to install a specific deb or snap package.
There is a usability package 'command-not-found', which is a handler for the shell and runs when the command you tried to run, was not found.
You mentioned though that you tried to install a package, the package was not found and got a suggestion to use snaps or something. There is no such thing as far as I know.
There are two packages, 'chromium-browser' and 'lxd'. In Ubuntu 20.04, both these packages are now only available as snap packages. If you try to install them with `apt install`, you get a notification that they are now only available as snap packages, and the installer transparently installs the snap package for you. This has been discussed a lot before implementing, and also here. The gist is that when you `sudo apt install chromium-browser`, you want the installation to work, not get an error message to run `sudo snap install chromium` instead.
Well, personally, I'd have very much preferred an abrupt error and a recommendation to install the thing with snap.
After all `apt` is reserved for apt-managed applications not some general "install-please" meta command.
I thought failing fast and general transparency was a Linux/UNIX motto.
Just my 2c. I'm not well-versed in sysadmin stuff.
Actually you could be right - that script does run `python3` after apt-get'ing everything it needs. Anyway..
I didn't look into it any further because I didn't feel like investing any time into learning the 'Ubuntu way'.
I installed Debian instead and it worked perfectly without any grief. It also worked perfectly on PopOS when I used it a few days later on a different machine.
Canonical can make whatever changes they want of course, I've just become increasingly less patient when it comes to machines not acting how I have come to expect. So I'll just stick to what works. Oh man - I'm becoming one of those old dudes...
I feel like something similar happened with me middle of last year. I was studying for an Azure certification and deployed a few ubuntu servers. Around that time I received an email from someone named Aldo with 'Business Development' in their email signature.
We don't use anything from conanical at work and I've never signed up for anything from them that I recall. I remember at the time thinking it was weird to get this email when I had never before used an ubuntu server in azure. I certainly never expressed any interest in "running ubuntu in a secure manner on Azure" to anyone.
I received the email on June 6, 2020, and then several follow up emails when I didn't respond.
This was the message:
> With 85% of enterprises having either a mandate, preference or exploration of open source technology I've connected with many individuals, while working from home, who have reached out to discuss how we provide proactive security for Ubuntu deployments in the cloud. I understand you have similar interests around running Ubuntu in a secure manner on Azure.
> Ubuntu Pro, our carefully optimized image for production public cloud environments, provides all-inclusive patching for over 30,000 packages (for up to 10 years), FIPS 401-2 certification and Automated security profiles including CIS and DISA STIG.
> That is just a handful of ways we keep companies safe and I was hoping to show you more. How does your schedule look this week, or the next, for a quick chat?
An instance of Ubuntu from a pre-prepared image, in exchange for $0.00 and your contact details.
The pre-prepared image part does perpetually have value - it saves you installing from a standard ISO and Azure-ifying the result, or having your own image pre-prepared from earlier.
It is a short while since I last spun up a fresh VM in Azure so I'm can't remember if this arrangement is made clear at all, though I do remember getting an email like the one discussed at least once last year.
This is exactly how Docker works too - they recently rate limited anonymous accounts, and by signing up for the free plan you agree to very similar terms and conditions in return for a higher pull rate limit.
Then there are a great many definitions of there that are quite wrong. Many references to organising a service and so forth.
This is probably one of those instances where the dictionary needs to catch up. A dictionary documents how language is used at the time of its compilation, it does not dictate how language will/should be used for all time forward.
(is it just my terrible coordination with this slide keyboard and lack of attention to see errors as they happen, or is android's auto carrot getting less & less reliable?)
You're not really wrong, but I understand that on Azure it's explicitly framed as a marketplace where you can purchase software to run on the computers you're renting. Much of that software, however, has no monetary cost. It's simply a quick and easy way to get the correct software from the correct vendor without going through the effort of preparing the disk images yourself.
It's essentially a subscription, sometimes for a price, sometimes not. And it's more than just a Ubuntu distro, it's an Azure image that also contains code allowing the distro to run in Azure's system. Much like an AMI at Amazon.
Anyone can bypass the marketplace by creating their own machine images, it's not too difficult.
You need a better dictionary, or to stop making things up. The Oxford Dictionary, for example, defines purchase as merely "acquiring something".
Legally, freedom of contract means the specifics of what is to be exchanged in a purchase are more or less unlimited.
Even colloquially, many purchases happen without "money" changing hands. Paying with a voucher, for example, would seem to be a form of payment that doesn’t involve actual money.
I didn't make it up but thanks for the insinuation.
> The Oxford Dictionary
I haven't spent $90 on the Oxford Dictionary because I haven't believed it to be necessary.
> defines purchase as merely "acquiring something".
Really? Tell that to Google which claims its definition comes from "Oxford Languages" [0]. I'm sure that's not quite the Oxford English Dictionary though.
Google states:
1. acquire (something) by paying for it; buy.
2. haul in (a rope or cable) or haul up (an anchor) by means of a pulley, lever, etc.
But that's just Google and we all know Google can be manipulated. Let's take the free definition from Merriam-Webster instead [1].
1 a : to obtain by paying money or its equivalent
Okay how about a third source? Dictionary.com [2] states:
to acquire by the payment of money or its equivalent; buy.
Finally, Cambridge at the fourth source, is where a monetary transaction isn't directly part of the definition but it certainly is part of the supporting descriptions.
verb: to buy something
* She purchased her first house with the money.
noun: something that you buy
* How do you wish to pay for your purchases?
So they're all free dictionaries so they're not as elite as the Oxford English Dictionary. But their definitions are fairly consistent. And, given that I think that a purchase without money is actually a barter then perhaps the Oxford English Dictionary isn't as good of a source.
You might want to learn about the definition of a rent by the way. It's a bit closer to what goes on with cloud instances.
I'm super confused as to why anybody thinks this is a problem. Generally, when one "buys" something from a "marketplace" the vendor gets to know who the buyer is. That the vendor asks the buyer if there's anything else they'd want to buy is par for the course.
If the email came over an Azure customer support system, or even to the corporate email used to sign up for the Azure account, then sure - I would personally find this very obnoxious and it being buried in the license agreement is suspicious, but not really that unethical. Crucially, this arrangement means Canonical could engage in marketing without MSFT sharing much personal data about Azure users.
What's extremely unethical is contacting the person over LinkedIn. It's extremely aggressive and a huge violation of boundaries, and proves that Microsoft is sharing personal information (names of users) with Canonical.
If I buy something online from a store, I would expect a few spam emails. But it would be completely unacceptable if a sales representative showed up at my house (despite me only sharing my address for billing/shipping purposes). This is basically what happened to the Azure customer.
> What's extremely unethical is contacting the person over LinkedIn.
Umm the point of linkedin is to make professional contacts and a professional network.
> But it would be completely unacceptable if a sales representative showed up at my house (despite me only sharing my address for billing/shipping purposes). This is basically what happened to the Azure customer.
This would be like the sales rep turning up at your office during office hours and leaving a card for you.
The person used a corporate account and the person was contacted via a method used to contact people about professional matters.
LinkedIn? The also-Microsoft-owned service where you can pay to send DMs to users?
I have no idea what you're talking about regarding "huge violation of boundaries", because there are none on LinkedIn. I get multiple DMs a week from folks I don't know selling something.
I don't even use Azure or LinkedIn. But I'm extremely not interested in continuing a conversation with someone who is being deliberately ignorant and difficult. If your attitude is "consumers are not allowed to complain about any shitty marketing practice if I don't like
the company involved" then congratulations, you are sooooo superior.
I'm on board with the above poster, and you dismissing what they're saying as "deliberately ignorant" because it doesn't jive with your world view is a sad tactic to use when discussing something.
As somebody who's listed products on the AWS marketplace, when you "subscribe" to a product you give them your information as due course. This is obvious, spelled out, and known across all the marketplaces. So I'll assume the part you take issue is, is with reaching out to the individual on LinkedIn instead of through Azure. I don't understand how in a world where companies cold call you after buying your phone number, and spam you with emails after you try to unsubscribe, suddenly messaging you on LinkedIn is over the line.
It's strange, and I'm glad they're moving away from the practice, but to pretend it's this big privacy fiasco is disingenuous at best. They (Canonical) still have all your data, they're just being more subtle about it now. How is that better?
3a spells out what you're agreeing to share with the publisher of the product in the marketplace when you subscribe to it.
Additionally the listings each link to their respective privacy policy right underneath the subscribe button, plainly in view above the fold.
Finally, I've just attempted to subscribe to "Ubuntu Server" in the Azure Marketplace to see what it looks like, and it shows you a form with the information it's going to share with Ubuntu on the screen for you to modify before subscribing! So it seems like you arguing this isn't "obvious" is in bad faith, because it's obvious for any reasonable person who's actually used the marketplace.
I dunno man. I'm struggling to see how this is catching anyone by surprise.
I'm not endorsing more ad spam, but I'm really caught off guard that using a service with a real name/email and getting added to a CRM is generating this level of indignation.
Do none of you guys work in corporate? I get Linkedin/email/phone spam all the time. This isn't new. The only interesting thing here is that the trigger and the response time were so short.
Again, I'm not advocating for more of this or even saying I like it. I'm just saying "why are we all of a sudden upset about this?"
What? When I buy something at a brick and mortar store, I don't expect the product's manufacturer to get my personal information. I don't even expect the store to get my personal information if I pay in cash.
I don't want some "relationship" with a company just because I buy their product.
Well... they do get your personal information along with tens of other companies involved in any transaction. Crm, payment processors, anti-fraud, manufacturers, etc.
When you buy a product you agree to whatever terms there are, you only get to write terms if you’re writing up a contract.
I don’t know why we need metaphors for situations that are this simple. But, in any case, the „Azure marketplace“, as its name implies, acts as a middleman connecting buyers and sellers. In brick-and-mortar terms, it’s closer to signing a cell phone contract with AT&T at an Apple Store.
You buy a toaster, and someone from the toaster company comes to your house to try and sell you a microwave. "I see you like to warm foods, let's talk about some other ways our products can help you with that!"
Wait, now I'm not confident that doesn't/didn't happen, geez...
> I don't want some "relationship" with a company just because I buy their product.
You've never needed warranty support before? I'm not aware of ways in which that works without them knowing who you are, or where they should mail the repaired product back to.
Sure, but you did notice that they had a mailing list and gave them your name and email address and a bit more information so they could get back to you.
I take issue with it, but I haven’t seen any other comment clearly state what I see the issue to be.
The issue is the poster spun up the instance in the course of his job. Microsoft and canonical would be reasonable to share that job related info.
But instead it appears that either they shared his personal info which would be unethical, or canonical takes the de-identified job info and then matches it with personal info.
In most transactions between people acting as representatives of their business, it would be very creepy for one of the businesses to then get personal info on the representative of the other business like their social media accounts or home address, especially if they do it using secret/obfuscated manners rather than explicit asking.
Hm in the corporate world, looking up people on LinkedIn is pretty par for the course. As a consultant with a large consulting firm, I meet with lots of different people. Since I have LinkedIn premium I can see who is looking at me. I’d say easily half the people I meet look me up before the meeting, and I do the same. It’s just curiosity and trying to get some background.
What would be weird is sending me a message through there before the meeting. If we are speaking using another channel (like work email accounts), stay on that channel. This is what has gone wrong in this case.
No worries with sending a connection request after our meeting “nice to meet you today and looking forward to collaborating, cheers”
As a side note it’s always funny when we are in the middle of a meeting and a notification pops up that they have looked at my profile. It’s like “hello... pay attention... I’m right here...”
Actually, if that happened, most people would be slightly annoyed, but not at the "wtf" level of this Tweet. Simply because it's a digital purchase, and it's "ye olde evil Microsoft", it's considered a "wtf" moment.
The wtf level would probably depend on with what and how Ford contacted you.
If their message went: "We saw you drove to XYZ using our model Y", addressed to a private contact line of yours, then that would also lead to quite a few "wtf?" along the lines of "What data is Hertz sharing with Ford?"
> Essentially you're agreeing to a EULA of some sorts, that "offer", and the offer has terms which include a reporting back to publisher. Imagine Oracle using this to capture enterprises that are skirting their license empire.
Two or three ago I spun up a quick Windows VM in Azure for about 20 cents worth of testing.
Shortly afterwards I had a missed phone call and then a follow-up email from an Azure salesman inviting me to schedule time to discuss my interest in the platform. I declined and asked to be opted out of anything like that in future, and actually received a pretty unprofessional response to that.
So even if Ubuntu aren't allowed to do this kind of thing, MS certainly have themselves in the past.
Didn't appear to be on the advertising side of things (yet...), but I had a similar experience when renewing some free Azure credits (from Microsoft Dreamspark or whatever they're calling it now).
I kinda figured it was just verifying I was a human, but I've provisioned 10~ or so other VPSes and dedicated servers with a few different providers and never got a phonecall so it was unexpected.
The next 40 years will be filled with special coders adding hooks into everything looking for new monetization channels. Be prepared for this same WTF moment every 5 minutes.
This is incredibly common. I installed an analytics package on my personal heroku account for a side project and received an email on my enterprise email account from their sales department.
My personal heroku account uses my personal email address, eg. jbob@gmail.com, but my enterprise account uses my full name, eg. jonathan.bob@bigco.com.
There's a sneaky CRM tool floating around that is connecting the dots on people.
This is called data enrichment. It is a massive industry with boatloads of companies serving it. One of the more well known (outside of the credit bureaus) is Acxiom. Googling will get you pretty far.
If you have money and a piece of personal info (just about any combo of name+zip, phone#, email addrs, credit card, tracking cookie, etc), these companies can quickly give you full personal details including income and housing history, mortgage status, email addresses used, employment history and full details on your employers, plus all these details on spouses and children, pretty much whatever you want. It's remarkable.
It's a real shame, Ubuntu used to be my go-to distro, but for me this is the last straw in the history of shady things Canonical has done.
One of the things I liked most about Ubuntu is that the installation process is incredibly easy and everything "just works". Does anyone know a good alternative?
I'd love to go all in on Alpine, but using it on the desktop doesn't exactly spark joy.
Desktop: I don't know a single person who went to Arch Linux and regretted it. There is a slight learning curve but nothing a HN reader couldn't deal with.
"Just works" type desktop: Don't use linux. Personally, Arch is my go-to desktop and IMO if you can't deal with that, just use macOS or something. There's lots of things that don't "just work" on Linux even today. Bluetooth audio for example has a lot of problems and those will be present cross-distro.
The distros have less and less meaning nowadays, they're just what software is shipped in repos and initially. Ubuntu does a lot of custom shit so you want to stay away from them. Debian is constantly out of date but if you don't mind that it's still a solid distro. Fedora has always been pretty good as well but imo is straight up worse than Arch for sort-of-the-same philosophy.
There's going to be a lot of personal preference involved, but I've moved to Pop! OS which is still Ubuntu/Debian based but very clean, easy to install and use, and we'll supported.
It is weird that this is your "last straw". Most likely you haven't used Ubuntu for a very long time and just want to influence others to switch away from Ubuntu.
Why? Could you point me to some other straws I've missed?
> Most likely you haven't used Ubuntu for a very long time.
It's true that Ubuntu has not been my primary OS for a while, perhaps I should've been more clear.
I _am_ still using it on various laptops and servers (and have been meaning to switch back to it for daily use), which is why I'm annoyed at the prospect of having to deal with finding an alternative.
Lol a similar thing happened to me recently. I spun up a Windows VM on Azure because I had $50 monthly Azure credit with my MSDN anyway which I've never used yet. Immediately I get an email from a sales contact asking me if I need help (and who kept repeating when I didn't reply).
It's indeed annoying. It's not as bad as this example because it's the same company I already deal with, which actually makes this legal in Europe. But as someone who is (admittedly) very anti-commercial it annoys me.
The strong ties between MS and Canonical are also one of the reasons I dropped Ubuntu from my private life.
Another thing that really annoys me about this is that MS removed the "block sender" option in their "New and redesigned!!" version of Outlook for Mac. In many ways the UI of the new version is much better but I strongly relied on that version. They kept the "mark as spam" but it doesn't guarantee that sender is forever blocked.
Wow- and I thought it was weird and inappropriate when I got a linkedin message from a MongoDB rep basically saying "Hey! I'm the account manager for your company so let me know if you need help with anything Mongo related!" (subtext being, how can I convince you to use (more) mongo services on your project)
Because they didn’t contact the user through the channel the user authorized the sales rep to content them through. Same as if (in the old days) they looked up your home number from the phone book and called you at home instead of at the work number you gave them.
No doubt that's the subtext but this happens EVERYWHERE. Have you ever downloaded a whitepaper for any vendor and then get harrassed with 4-5 times about talking about it?
That sounds gentle in comparison. I would use the opportunity to ask for free swag or training if it was possible. :)
I have always wanted to switch away from Ubuntu to Debian but have been wary of losing the convenience of "it just works" (perhaps irrationally so since Ubuntu is based on Debian). That's why I switched to Pop! OS because of their even better seamless integration for switching between Nvidia and intel graphics. Will I lose these conveniences on Debian? Has anyone done such a switch and can share their experience?
So somebody started using software sold by a for-profit company and was surprised when that company wanted to follow-up? Is it really that hard to politely say "no thanks, I'm good"? Or just ignore the message completely? Must every annoyance in life be cause for inciting a Twitter mob?
Databricks does the same thing on Azure.
I have had multiple customers contacted directly by Databricks sales. At each incident, I have had the customer complain to me about it.
Love the technology, but I no longer trust the organisation
Last time I spun up an Azure instance someone from Microsoft sales called or emailed me. I don’t really understand the issue; the behavior is expected except one company shares marketable data with another and because Linux.
Oh! All Cloud hosting providers that have Ubuntu available provide Canonical with some information. I didn't realize that it was so personal! I'd heard that this information was used for licensing payments.
Canonical has had PR problems with privacy before: submitting desktop searches to external services by default, including Amazon results, etc. At the end of the day they're trying to monetize Linux and they seem less focused on traditional enterprise relationships than Red Hat or SUSE.
Please do not tell me you are so naïve as to believe that Canonical would be above this?
It has not gone unnoticed to me that many seem to think that, say, Canonical and Red Hat are not corporations in the traditional sense, for which the customer is prey.
“I saw that you spun up an Ubuntu image in Azure. I’ll be your contact for anything Linux-related in the enterprise. Are you sure you didn’t intend to spin up a Debian image instead?”
interesting to me that the TOS part of this discussion is being prosecuted via screenshots. Most legal disputes online presumably have an element of proving a clickwrap paper trail -- I wonder if there's demand for better tools for capturing what prompts were shown?
The message was sent on LinkedIn, right? Seems relevant to a discussion about LinkedIn that was on the HN front page just a few hours ago: https://news.ycombinator.com/item?id=26106810
Or maybe he has a good reason to keep it turned off. Like avoiding giving people like spammers, scammers, marketers and websites that hire incompetent web developers attention they do not deserve.
Right. But then stop complaining about it every chance you get. It’s the equivalent of taking the steering wheel out of your car so if you get in an accident you don’t hit your head on it, then complaining that streets have turns. For better or worse, the web now requires JS to function unless you restrict yourself to some very specific communities. If that’s the case and you want to do that, good for you. But every HN thread seems to have a complainer about not being able to use a service that’s built on top of JS.
I disagree. Bad practices, like (linking to) websites that do not degrade gracefully, is worthwhile. Only by creating awareness, change can be invoked.
Exactly. IMO a much better analogy would be a vegetarian being presented with a purely carnivorous meal, meat with blood to drink, not being allowed a glass of water, and saying “all I see is meat”. I may be mildly biased as a flexitarian, but I don’t see that as being analogous to removing a steering wheel and complaining about road turns. Maybe analogous to boycotting fossil-fueled vehicles and complaining about a lack of walking paths, bicycle lanes, or charging ports.
If we are playing with analogies, it’s like riding a horse and getting annoyed at the lack of horse lanes on the highway. Being a vegetarian is a perfectly valid alternative in the modern world. Probably easier being a vegetarian now than ever before. On the other hand a web without JS is for all intents and purposes obsolete technology. Not saying that it’s good or bad, just that such is the reality of things. It would be easier to convince people to ride horses instead of driving cars than to convince even a large majority of websites and we apps to stop using JS.
Book proposal: Richard H. Thaler, Cass R. Sunstein: Nudge - Improving Decisions about Health, Wealth, and Happiness
Websites should not use JS to load static content, obsolete or not, this is a bad practice. By nudging website owners and -developers (and let's be honest: Framework devs), we can improve on such lack of common sense.
I would love to see a text editor, a spreadsheet editor, or a piece of mapping software that's as usable as Google Docs and Google Maps that you create with plain HTML :)
The Canonical quote is the most illuminating :-
"As per the Azure T&Cs, Microsoft shares with Canonical, the publisher of Ubuntu, the contact details of developers launching Ubuntu instances on Azure. These contact details are held in Canonical’s CRM in accordance with privacy rules.
"On February 10th, a new Canonical Sales Representative contacted one of these developers via LinkedIn, with a poor choice of word. In light of this incident, Canonical will be reviewing its sales training and policies."