Likely done by an eager intern back then as a binary drop and never properly integrated into whatever build system Windows uses.
Nevertheless, as a consumer, I appreciate having curl in-box (no matter how out-of-date). Came in handy when I wanted to firewall the heck out of Windows 11 and strip out every unwanted component (including the only browser, Edge). Of course, later found out that curl.exe complains about ssl certificates if you firewall / block whatever Windows service does certificate validation, but luckily PowerShell has a built-in wget command as well for downloading which doesn't seem to care as much :)
Well, if you really want to strip all unwanted components, take a look at WinGet. Everything (by everything, I mean everything) is just a winget uninstall away
I know its a joke, but programming is not the only essence people have to use a windows system.
There is entire Adobe Suite, and many windows exclusive softwares sometimes mandatory.
BTW, the Wget that comes built-in with Powershell is not GNU Wget. But a weird abomination from Microsoft. They just call it Wget despite it having nothing to do with the original
Yes, that's the one. I wanted to start with a fully firewalled system and explicitly allow URLs as I go along. I needed to eventually allow that one through to get to a functional state (with Windows Update and MS Store running).
While it's not good to ship outdated client libraries & software, it would be much worse to distribute an old OpenSSH release... Can anybody with a Windows 10/11 box check the version they supply? That, to me, would be a much more serious problem.
Perhaps - but Apple has used very old core utilities for a very long time (licensing issues) but ensures they get security updates. Until recently, they used, what, bash from 2006?
Nah, there are all sorts of missing features, some of which were added over a decade ago. With a few small exceptions and modifications much of the Unix base has been quite dead for a long time.
The suggestion being made is that bugs and vulnerabilities are being fixed without adding new features, in order to provide a safe but very stable feature set.
Well people (including me) are bashing Apple for this deviation. Also it has been a constant consideration when linking/shipping binaries in production. So I feel it is fine to bash Microsoft for doing the same thing.
Perhaps Microsoft has an ABI reason for doing so? I can't imagine why else.
It already has the Linux kernel, a Wayland compositor, PTYs, symlinks, POSIX compliant filesystem and now a package manager. Clearly, they are interested in moving the gap.
Jokes aside, I don’t really think it’s a possibility in the near or mid future, but if Microsoft ever did show signs of pivoting towards a Linux-based Windows successor, I only pray that the NT kernel source code may be open sourced under a decently liberal license. No matter how late in time that move occurs, it will still be a boon for preserving an entire era of computing.
It will never be fully open. They got all of the three letter agencies to cooperate with... that's why they want to stay on the CPU as primary OS next to Unix on the secondary processor Intel provides called Active Management Technology (AMT). This hardware and firmware for remote out-of-band management is running the Intel Management Engine, a separate microprocessor not exposed to the user, in order to monitor, maintain, update, upgrade, and repair them using mesh networks.
And with windows 11 requiring certain processors, I'm pretty sure Intel built something even more interesting into those ones which will make AMT look like childsplay.
They could just become a BSD, like Apple did. Nothing they're doing with linux wouldn't work with some future Microsoft BSD that kept backwards Windows compatibility as a Wine-type shell. They do that, they can close up whatever they want, just like Apple.
I do think that a lot of the recent developments paves the way for that and even if MS is t necessarily having that even on the long-term roadmap, it’s makes strategic sense for them to make that door open and a realistic proposal.
Or at least POSIX, even if not specifically Linux.
Please God no. I say this as someone with a Surface Laptop running Windows 11 and a Dell laptop running Ubuntu 20.4 sitting in front of me. The windows 11 experience has been great, flawless even. Yes there are some advertisements creeping into it, but they can be turned off, and Ubuntu doesn’t exactly have a clean track record here.
But in terms of the Dell, it is 2021 and I am still having issues with power management on Ubuntu. I will pick up the laptop and it will often be dead despite hibernating, leaving all my work closed and instant on a dream. I’m sorry but how is this still a problem? You can open up old threads on /. from the OS wars of the 2000s and see these same issues brought up. Linux has trouble with external and multiple displays, trouble with power management, trouble with wireless on and on.
And I’m sure someone will comment here about how these things can be fixed with enough elbow grease , but again, it’s 2021 and it’s still an issue. Can these issues really be fixed? Could Microsoft fix it if they take swing at it? Will Linux distros have decent power management by 2040? Honestly can’t say at this point, guessing no.
Moreover, is this something we really want? I mean, people were plenty happy when Chrome dethroned IE, but look at where we are now. The king is dead, long live the king. Having multiple competing kernels is a good thing for everyone IMO. We should actually be rooting for the Windows kernel to stay alive, as it is the underdog at this point in terms of usage and deployment -- aint no Windows machines on Mars (I don't know if that's strictly true actually, I just assume).
EDIT: I am amused that the first three replies are arguments that would have fit right into those old OS wars: MS has the money; hardware vendors are targeting Windows because it's popular; have you tried upgrading? I'm not picking on you folks, these are not bad arguments. These are perfectly valid points. But what I'm saying is that it's been 20 years since I've seen these arguments first made, and they still need to be made. That's a problem.
For instance, yes I've upgraded. It's not fixed. Yes I've tried to troubleshoot it. I can't fix it. Yes MS has a lot of money and power, but it's also been 20 years, so that excuse has worn thin. Yes hardware vendors target Windows, but this is a Dell machine, they targeted Ubuntu.
Why can't the Linux community move the needle on these issues, and if they can't why should we want Windows assimilated into that ecosystem? They have their own kernel that is technologically distinct and in many ways superior (other ways inferior). What do we gain by Windows being Linux? Let them be their own thing.
> The windows 11 experience has been great, flawless even. Yes there are some advertisements creeping into it, but they can be turned off, and Ubuntu doesn’t exactly have a clean track record here.
You're treading awfully close to a false equivalence. Ubuntu made this mistake what once? Microsoft is continuing to do and doubling down. Also, it is impossible to turn off all the ads (let alone all the privacy invading "telemetry") in Windows without shelling out $3/month (e.g. video ads in Solitaire). There is a world of difference between the two. Let's not pretend they're anything akin, especially today.
> Can these issues really be fixed? Could Microsoft fix it if they take swing at it?
While power management in Linux is worse, it is also very patchy in Windows. I frequently find my new Windows machine dead as well. I think this is more an issue with the ACPI standard.
> Why can't the Linux community move the needle on these issues, and if they can't why should we want Windows assimilated into that ecosystem?
Pretending that major progress hasn't been made (especially wireless) is simply ignoring reality. With respect to wireless, I think the Windows and Linux situations are comparable. Linux lacks a few drivers but is overall more reliable. Also, I would point out that you're somewhat drawing a false equivalence since Windows makes both the hardware and software in your Surface. You should compare your Surface experience with a System76 machine, that would be a more accurate comparison.
And... Ubuntu is not linux. Ubuntu is one flavor and, being open source, when canonical made a mistake we could all drop their software and use something else. When Microsoft makes mistakes we don't have much choice but to wait/pray they address the situation before it bites us.
> Ubuntu made this mistake what once? Microsoft is continuing to do and doubling down.
Well, my point was not that they were the same, but that Canonical has engaged in behavior I find unsavory in the past (indeed in my opinion far more unsavory than what Microsoft has done with Windows 11, but that's just my opinion), so I can no longer trust them to engage in this behavior in the future.
> Pretending that major progress hasn't been made (especially wireless) is simply ignoring reality.
The reality I live with is that I still can't connect to my University's wireless network using my Ubuntu machine, but it works fine on Windows and MacOS and has for decades.
> Also, I would point out that you're somewhat drawing a false equivalence since Windows makes both the hardware and software in your Surface.
I've owned machines from all manufacturers you could care to list and even when a HW vendor is trying really really hard to offer the fully integrated, seamless experience that Windows and MacOS offer, they still can't get it right. For instance, the Dell machine I have right now is one of them. Dell has been selling Ubuntu computers for 14 years and they can't get their power setting right.
I love Linux. I use it every day. My job wouldn't be possible without it. My passions wouldn't be possible without it. But we need Windows to not be Linux because honestly Windows is still setting the bar in many regards.
IMO, The difference being overlooked here is that the reason windows is so smooth is because it’s cost effective to target it when you’re making hardware.
If MS pivoted to a Linux Kernel, then all that hardware will quickly get better support for it. Hardly anyone does this today because the juice isn’t worth the squeeze (yet).
> then all that hardware will quickly get better support for it
Google has infinite money, a golden membership of Linux foundation, they ship Linux-based OS used by billions of people. Even they can’t support Linux kernel, instead they are supporting many thousands of lines of code of kernel patches for their Android.
I think the reason is Linux architecture. Specifically, the fact Linux insists drivers are compiled into the kernel, instead of providing an ABI for them.
Google has money. Unfortunately it has no HW design expertise. They could do what IBM did in the 80's: create a platform. But it is too much for google. And, taking into account the crap they make, it is better that way.
Anyway, I've been lucky for system suspend/resume to work just fine on all my workstations over the last 12 years or so. It would be quite annoying otherwise.
If the Linux community had the amount of elbow grease that Microsoft and hardware/software vendors have at their disposal, especially the unsexy issues... we'd be probably writing these comments from our Mars habitats.
If the Linux commnunity could stop with the idea that people who want easy to use software are inferior, and spending their combined developer efforts on making hundreds of new Linux distributions and media players and text editors, there's certainly enough combined elbow grease gone into Linux software over the past decade to fix suspend/resume or audio playing or multiple screens of different DPI. What there isn't is commercial motivation to do so, which isn't Microsoft's fault anymore than it is Apple's fault, a company which has built a pretty good Unix-on-laptop experience.
> What there isn't is commercial motivation to do so
Yes, is what my comment I about. Commercial motivation (aka "pay me") is exactly what we need, and what we don't have.
> If the Linux commnunity could stop with the idea that people who want easy to use software are inferior
You must be confusing the Linux community with the Linux subreddit or ricing forums. Or you have lost checked the community vibes some 17 years ago. There's certainly no such thing happening broadly today. We want easy to use software, because that means we can get our parents and grandparents off of Windows.
> there's certainly enough combined elbow grease gone into Linux software over the past decade to fix suspend/resume or audio playing or multiple screens of different DPI
No, definitely not enough. There's no fundamental reason (beyond X11 weirdness - which may get replaced by a heavily reworked Wayland in this hypothetical scenario - but I digress) why suspend, audio, multi-monitor and power modes cannot work on Linux as well as they do on Windows. Suspend, multi-monitor and power modes are things that frequently rely on quirky hardware modes and there's no substitute to fixing that other than documentation and manpower.
Audio is better - pipewire seems to be the bringer of much-needed change, and I can actually connect to a Bluetooth headset in A2DP mode almost reliably. This was unthinkable a decade ago.
> and spending their combined developer efforts on making hundreds of new Linux distributions and media players and text editors
1) Explain how the development of new text editors seems to be talking up a significant chunk of available volunteer manpower? Even Emacs and vim couldn't possibly take up such a large chunk of the available manpower, since they are hard to even use and let alone hack on.
2) "hundreds of Linux distributions" is a myth and has been one for a very long time. The fact of the matter is that nearly every new user only needs to try three major distros: Ubuntu, Linux Mint and Fedora. If they are very picky, add another four to the list. If they don't care, pick one for them and they won't complain.
3) not enough "combined developer efforts" is the problem - and could be solved with funding for specific goals, like the Asahi Linux project did to get Linux working on M1 silicon.
> "Explain how the development of new text editors seems to be talking up a significant chunk of available volunteer manpower? Even Emacs and vim couldn't possibly take up such a large chunk of the available manpower, since they are hard to even use and let alone hack on."
These aren't springing out of nowhere, these are all massive amounts of duplicated human effort reinventing wheels over and over.
> "2) "hundreds of Linux distributions" is a myth and has been one for a very long time. The fact of the matter is that nearly every new user only needs to try three major distros"
Distrowatch tracks at least 276 different distributions and those are likely only a subset of all that have ever been created and released. It's bad enough to consider the duplication of effort, even worse if you only three matter.
All that wheel reinvention while important things were just crying out for available effort, right?
> "There's certainly no such thing happening broadly today. We want easy to use software, because that means we can get our parents and grandparents off of Windows."
Even while denying it, your own example is that easy to use software is for people who can't use computers. It's not for the likes of you. It's like a construction company that thinks power tools are for grandmas and handtools are for workers, it makes no sense at all.
> The windows 11 experience has been great, flawless even. Yes there are some advertisements creeping into it, but they can be turned off, and Ubuntu doesn’t exactly have a clean track record here.
These are choices someone once made, and not technical decisions anyway. Windows could become a Linux, BSD, or Plan9 distro and they could make the exact same choices.
I don't know what the current state is, but the last time I tried pre-installed Windows that came with my laptop it kept bugging me about Edge when I was using Firefox. I thought that was rather rude – I'm doing work, don't bug me with pointless nonsense – so I replaced Windows with Linux and that was all of my 20 minutes of Windows 10 experience. I was not impressed.
But again, these are not technical issues. I don't really care what kernel my system is running; I care about not having my work interrupted with spam built in to the system.
I have the exact same power issues with my Dell XPS laptop running Windows 10, and a few more. I think my favorite is when I have to restart the computer before it will shut down.
Point is, Windows is no guarantee of a functioning system.
Sure it's not. But over 20 years and more technology I'd like to admit, the number of times I've had to deal with these issues on my Windows machines I can count on one hand. On my Linux machines.... well, I'm going to need more limbs.
Or maybe windows issues just fly under your radar, but the linux ones don't.
For example, just yesterday, I was figuring out why Quick Settings in Windows 11 do not show up on a machine upgraded from Windows 10 (without that, you have to go to Settings app to connect to wifi or turn on/off a vpn). Turns out, if you disabled Action Center in Windows 10, then there's no Quick Settings in Windows 11 for you and no way to enable it back, save for manually editing registry.
In my experience, most windows users would not consider the above as an issue they had to deal... in windows. But in Ubuntu, they definitely would. Maybe it is the difference between familiar and unfamiliar territory.
Linux. I've had machines with Ubuntu, Gentoo, Arch, Suse, Mint, and Fedora as well as some more specialized operating systems for particular specialty hardware. Actually Suse was my intro to Linux.
I haven't used ubuntu on any box I personally use in a while, so take it with a grain of salt, but it seems like it's the only distro all the "X didn't work on linux for me" complaints seem to be about. Experiences dealing with it on projects locked into e.g. proprietary Nvidia SDKs or whatever have involved a lot of head-scratching about what they consider "sane defaults" and headaches around package compatibility. All things considered I'm starting to think Ubuntu specifically has kinda jumped the shark as a distro
For what it's worth, I haven't had serious ACPI issues on Arch on any device for about a decade. Might be worth seeing what else is out there, if these sorts of pain points are cropping up for you a lot. Rolling-release also has the advantage of never having to fully reinstall the OS unless you really go and break something. I've had bad luck with in-distro upgrades breaking horribly whether it's debian or fedora or what have you, but rolling-release installs have lasted me... I think the longest one was 12 years? An old webserver that finally lost too many hardware components to function after a lifetime of heavy use. I've heard good things about NixOS from friends, though I'm a little leery of "immutable configs". I'm not trying to be a snob here, but Ubuntu ain't the only game in town, and it sounds like a lot of people try it and decide linux just doesn't work, so I haven't recommended it to anyone in years, and I should probably start actively steering them off it
Of course, another salient possibility is that as the most famous linux distro, it's what people who've installed linux without any real intention to use it - or perhaps more charitably without understanding that unfamiliarity is a real switching cost and give up immediately - have tried
What you seem to envision is Microsoft strictly becoming a Linux distro and throwing away all their external display management code, for example. I don't think that's ever going to happen. I don't think Microsoft will ever join an existing user interface; they'll bring over their own.
What seems to be happening is that Microsoft is laying the groundwork, ever so slowly, to sit their user interface on top of Linux, without sacrificing any backward compatibility or loss of functionality.
The success of Android and Chrome OS shows that it is possible to fix these issues if you completely disregard the existing community. I would expect a Microsoft Linux to be as solid as Windows with several custom components. The existing Linux desktop is a fun toy, but as you noted its quality is still exactly where it was 20 years ago - up shit creek.
> I will pick up the laptop and it will often be dead despite hibernating
You have to change the default sleep state from 's2idle' to 'deep'. I can't remember what config file I changed to make that permanent since I did it so long ago, but it should be a quick Google away.
MS doesn't want to fix Linux, it just wants its devs to buy Windows computers. Most Linux users these days are web developers who use MacOS. MS wants that market. It could care less about Linux as an OS or ecosystem.
> Linux has trouble with external and multiple displays, trouble with power management, trouble with wireless on and on.
What version of Ubuntu were you using, out of curiosity? The issues may have been fixed now.
As a personal anecdote, I have never had problems with multiple displays on Fedora 34. It was just plug and play with Nouveau. Although I am still trying to figure out how to enable Hibernation in GNOME: I personally use the feature a lot.
Variable DPI is still an issue though? I haven’t figured out a way to have things seamless and nice with both a 4K screen and a 19” 720p at the same time.
Multi-monitor high-DPI will probably never work well in Xorg, but most Wayland compositors support it just fine. I switched to Sway a few months back and it's great. Unlike in Windows, when a window straddles a high-DPI and lo-DPI monitor, it's not big on one monitor or small on the other. It stays the same virtual size on both and the window contents quietly re-renders itself in high or low DPI when it's dragged between them.
This is what's really annoying about the new Windows team. They often are so obsessed with doing new cool things to win back users, they often fail where Microsoft has traditionally proven superior: Careful, well-planned steps that maintain the utmost security and process.
WinGet, for example, was entirely automated approval for changes to app installs.
It took so much time to convince them was easy to compromise, and then they implemented some community moderators instead of hiring an app review team.
Killing C++/CX and replacing it with a developer experience akin to using VC++ 6.0 with ATL 3.0, or leave .NET Native to roten, is hardly the way to win back users.
It's important to understand that you can't go by major version numbers in most fixed-release, long term support Linux Operating Systems, like RHEL, Debian, or Ubuntu. There is often deeper investigation needed.
Lost count of how many times I’ve had to fix software that checked kernel version numbers instead of wether a particular symbol exists. It often breaks when compiled on Redhat because they backport so many patches to old kernel versions.
Red Hat's business model is that they ship a defined set of components and patch those components as needed for years without breaking compatibility.
Red Hat explicitly will not ship a component unless they can build it from source and update it, and have confidence that they can continue to do so for the life of the OS version.
That's what being a responsible "enterprise" operating system vendor means.
Older releases aren't the problem as long as they're maintained, which RH devs are good doing so.
Taking a 4+ year old release and not applying any patches even if upstream did their due diligence with informing users about a lot of fixed stuff and then shipping that by default is rather unacceptable by the OS distro vendor though.
The core value proposition of suse, red hat, ubuntu lts is binary compatible drop in replacements to a froze version. Which has been created and received tons of back ported bug fixes during it's 3-9 months curing process aka beta program. So security updates keep coming and are fixed, while your application does not need to be forward ported, and has a rock solid foundation underneath.
So the components are deliberately old. And bug fixed. And security maintained.
So unless Apple has some patches on top of that, as curl's website says, there are 22 vulns. in that 2.5 yo version.[1]
That version of bash is from about when the copyright indicates, i.e., 14 years ago. Thankfully there probably isn't a good exploit path for bash that doesn't already involve one being able to run code, but still, as a dev, it'd be nice to get a more recent version.
Subsequent versions of bash are GPLv3 “encumbered”. Apple as an organisation have decided that the best way to avoid potential licensing issues with GPLv3 is to avoid GPLv3, which appears to be part of the intent of GPLv3. Tell me, who is hurting consumers of software? I will accept that Apple is partly to blame - they could be, and should be more open and perhaps contribute more, or at least follow Google’s lead and use it as marketing. But the GPLv3 is a burdensome license that even the star of the movement has rejected. That is holding back OSS as much as anything else. Making it commercially hard to use the software isn’t helping adoption or contributions.
They don't have obligation to ship bleeding edge off-the-shelf code but they do have an obligation to provide the operating system with security patches. If the user clicks on a tar file to extract it and it ends up writing to random places on their filesystem due to a vulnerability, that is gonna be a problem for the enterprise users.
They should patch whatever vulnerabilities exist in whatever version of the component they've decided to ship. That's the point of it being open source.
From the post I'm not positive that they aren't. The release date and patch date in that version string are different. They might be cherry picking individual patches back to an out of tree branch and haven't had anything since 11-19 that met their threshold for cherry picking.
I'd be interested in which have these 15 CVEs are actually exploitable and their CVSS are before I jump to conclusions from just a version string.
I'm speaking from the point of view of Microsoft as a user of open source software. Microsoft is not the end-user, but they are taking open source code and using it within their own product, Windows.
Microsoft has the freedom to modify the OSS components in Windows to patch security vulnerabilities.
Few weeks I had to run a simple curl command, it did not work with Windows 10 21H1 native curl, but it did from WSL2 Ubuntu.
First and last time I tried it.
Another way to look at it is, how hard is the issue to exploit and what are the impacts? Does exploitation require local admin access?
My point really was that the write up is mostly a rant and provides nothing to help anyone that is impacted. Seems more about poking Microsoft than solving security issues.
Some time ago, Microsoft announced that they would be working to integrate Windows and Linux so as to provide users with a better operating system experience and greater functionality.They should fix whatever vulnerabilities with whichever version of the server-side software they've decided to integrate.
https://devblogs.microsoft.com/commandline/tar-and-curl-come...
https://techcommunity.microsoft.com/t5/containers/tar-and-cu...