Bonum Certa Men Certa
Don't Install Pipelight, It Helps Infect the Web With DRM and Microsoft | Links 8/6/2014: Valve Funds Mesa Development, SQLite 3.8.5 Released

Lots of Coverage About FOSS Bugs, No Coverage About Intentional 'Bugs' (Back Doors) in Proprietary Software

Bugs inside blobs are also serious bugs, and sometimes there by design

Bug



Summary: The increased media coverage of bugs in security-sensitive FOSS projects reveals lack of desire to cover much bigger threats, including back doors in proprietary software such as Windows

OpenSSL has been somewhat of a whipping boy of the technology press. One reason is, OpenSSL is widely used, but another is that it's known what the issues are (transparency) and the corporate media sure has agenda. We already gave the example of Dan Goodin, to whom security bugs are only news is they affect FOSS (here is his latest go at it) and now that GnuTLS bugs become public knowledge (after a public release with full source code) there is some more coverage that resembles what we found amid "Heartbleed" hype [1, 2, 3] (in both cases a firm with Microsoft connections claimed credit for other people's discoveries and trumpeted FUD in the press). One can expect the same from Microsoft-funded 'news' networks like IDG and ZDNet, which merely covers an already fixed bug. To quote the summary:



The security team behind the Debian distro are urging users to upgrade their Linux packages after patching a newly-found flaw in the Linux kernel.


This is not an unusual thing. Why it this suddenly front page news?

Notice the pattern. In all cases the bugs are already fixed (users just need to apply updates, unless they have already been applied automatically). This shows a strength of FOSS, not a weakness. The latest OpenSSL patches that we covered a couple of days ago (in daily links) don't relate to or amount to huge risk [1] and these are already patched [2]. The same goes for kernel bugs [3].

What we found highly disturbing here is that despite discoveries that companies like Apple and Microsoft facilitate the NSA with back doors (in secret code) we see an improportionate focus on every small bugfix in projects such as GnuTLS, OpenSSL, and Linux. Someone might be trying very hard to make the point that FOSS is the issue, not back doors which are very much included by design (and hidden in blobs). Reporters who cover bugs in FOSS but are never covering back doors in proprietary software ought to be challenged. Their bias (by omission) should be pointed out to them.

Related/contextual items from the news:


  1. New OpenSSL breech is no Heartbleed, but needs to be taken seriously


  2. OpenSSL Security Update now available for Fedora


  3. Canonical Closes Linux Kernel Vulnerabilities in Ubuntu 14.04 LTS


Don't Install Pipelight, It Helps Infect the Web With DRM and Microsoft | Links 8/6/2014: Valve Funds Mesa Development, SQLite 3.8.5 Released

Recent Techrights' Posts

Proprietary Software is Bad for Your Health, Not Just Your Finances, Privacy and So On
It would be interesting to see some charts, based on some long-term study, comparing the general health (blood pressure, BMI etc.) of people who use proprietary stuff and people who do not
Microsoft Admits Business Perils as Windows Continues to Fall
‘Microsoft missed the biggest business model…’
Technical Specifications at Times of Tyrannies
Specifications (specs) must evolve with the times
In Case Rust Censors It (Rust Has Long Been All About Censorship), Here's a Critical Look at Rust's Goals
In the case of Rust, instead of "the liberation of the digital society" we have empowerment of Microsoft GitHub and of GAFAM in general. Guess who funds this...
Gemini Links 23/02/2025: Respectful Platforms Manifesto and Internet Archive
Links for the day
The Significance of the Timing of the Ridiculous Letters From Brett Wilson LLP, Acting on Behalf of People From Microsoft
A preliminary look at the timeline and what it tells us
Politicians Ought to Invite Dr. Richard Stallman and Prof. Eben Moglen to Speak About Policies, Licensing, Digital Sovereignty
Is there something in Europe other than RMS' talk this coming Monday (that we're not yet aware of)?
The So-called 'IT' Industry Became Somewhat of a Fraud Where People Equate Usage and Power Wasted With "Value" or "Success"
When did 'IT' become a weapon rather than technology/science?
Things to Like About London
Many important or "powerful" people leave near there
 
Links 24/02/2025: Germany Looks to Distance Itself From US, Environment at Risk, Mass Layoffs at Zendesk
Links for the day
[Meme] It's Over, Microsoft
an obligatory meme
Even Worse Than LLM Slop and Linkspam From UNIXMen
UNIXMen is basically a defunct spamfarm at this point (the author is "sarwarSEO")
Gemini Links 24/02/2025: Osiris 0.1.0 Release (File Sharing in Gemini Protocol), NetBSD 10.1 on the Pi
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, February 23, 2025
IRC logs for Sunday, February 23, 2025
Links 23/02/2025: Democracy Backsliding and German Election
Links for the day
Joining APRIL(.org), AGM weekend, Paris, 15-16 March 2025
Reprinted with permission from Daniel Pocock
Links 23/02/2025: Zuckerberg Despised, US Government Does Not Obey Judges, France Grapples With Terrorism
Links for the day
Links 23/02/2025: Apple Back Doors, Ukraine Updates, and Gemini Leftovers
Links for the day
Recent Improvements in Techrights
minimalism works fine when the main goal is to relay information
Slopwatch: Brian Fagioli, Brittany Day (linuxsecurity.com), and Microsoft Misinformation, False Marketing
Serial Sloppers
Censored: Debian Zizian transgender vigilante comparisons in open source Linux communities
Reprinted with permission from Daniel Pocock
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, February 22, 2025
IRC logs for Saturday, February 22, 2025
Links 22/02/2025: OpenAI Plans to Possibly Abandon Microsoft, Facebook Doubles Execs' Bonuses While Sacking Thousands
Links for the day
Gemini Links 22/02/2025: Weekend Chill and Programming Thoughts
Links for the day
Good Explanation of Why IBM Has Chosen to Conceal Mass Layoffs (of 'Expensive' Staff) as "R.T.O." (Even For People Who Never Worked at the Office to Which They're Ordered to "Return")
Many remaining IBM (or Red Hat) workers in Europe are in "cheaper" places such as Brno
Microsoft's Serial Strangler and Matthew J. Garrett Join Forces in Trying to Gag Techrights (for Exposing Microsoft Corruption and Crimes Against Women)
Whose terrible idea was it?
Links 22/02/2025: Labour Department Investigates Microsoft Infosys Amid Mass Layoffs, Large Law Firms Caught Red Handed With LLM Slop (Defrauding Clients and Courts)
Links for the day
Gemini Links 22/02/2025: Analog Stuff, Sigil, and SSGs
Links for the day
Microsoft's Market Share in Cameroon Falls to New Lows
This means a lot of Android users (iOS is about 4 times smaller), but Android does not mean freedom
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, February 21, 2025
IRC logs for Friday, February 21, 2025
The Streisand Effect is Real
So don't be evil. Also, don't strangle women.