VSCode is part of their Embrace Extend Extinguish strategy.
It embraced open standards.
Then extended them with proprietary plugins.
And then extinguished alternatives by making their plugins incompatible.
Why did they buy GitHub?
Well, it turns out to be massively relevant for AI.
VSCode is well integrated with not just GitHub, but also Copilot, and Devcontainers, all of which strengthen their proprietary grip.
But GitHub provides free hosting? And offers freemium GitHub Actions.
Open source software uses these free solutions, but in doing so make their technology mainstream, to an extent where even suggesting alternative is thought ridiculous, "just use github actions bro".
Speaking of tin foil hats, the CICD pipelines could make it possible to selectively infect binaries at the distribution level, which is virtually impossible to detect, especially if the signing keys are part of the pipeline, which I assume is almost everyone. This is critical militarily.
Cloudflare is another example of a militarily interesting freemium strategy, where a vast number of businesses have allowed a man-in-the-middle, which practically defeats TLS encryption, allowing surveillance. And, selectively and virtually impossible to prove, could hijack your cookies, and gain access to all kinds of things. And infect the binaries you download.
Which is to say that EEE strategy is extremely powerful and effective. Otherwise, why would companies surrender the security of their users so readily?
It embraced open standards. Then extended them with proprietary plugins. And then extinguished alternatives by making their plugins incompatible.
Why did they buy GitHub? Well, it turns out to be massively relevant for AI. VSCode is well integrated with not just GitHub, but also Copilot, and Devcontainers, all of which strengthen their proprietary grip.
But GitHub provides free hosting? And offers freemium GitHub Actions. Open source software uses these free solutions, but in doing so make their technology mainstream, to an extent where even suggesting alternative is thought ridiculous, "just use github actions bro".
Speaking of tin foil hats, the CICD pipelines could make it possible to selectively infect binaries at the distribution level, which is virtually impossible to detect, especially if the signing keys are part of the pipeline, which I assume is almost everyone. This is critical militarily.
Cloudflare is another example of a militarily interesting freemium strategy, where a vast number of businesses have allowed a man-in-the-middle, which practically defeats TLS encryption, allowing surveillance. And, selectively and virtually impossible to prove, could hijack your cookies, and gain access to all kinds of things. And infect the binaries you download.
Which is to say that EEE strategy is extremely powerful and effective. Otherwise, why would companies surrender the security of their users so readily?