Bonum Certa Men Certa

The Free Software Community is Exploited by Greedy Business People, It's Not Freeloading (Yet More Name-calling, Trolling and Shaming of Volunteers)



Reprinted with permission from Ryan Farmer

IBM’s new pejorative for people who use Fedora or an Enterprise Linux clone. “Freeloader” (And they don’t want to know about security holes.)



A word that IBM and their fanboys, and remaining unpaid volunteers are bandying about lately, is “Freeloader”.



In IBM Red Hat’s book, anyone who isn’t currently coughing up a subscription fee to use RHEL is “Freeloading”. Basically, they see you as a parasite.



This word doesn’t just apply to a person who grabs Fedora and uses it on their laptop and never files bug reports or anything. It applies more broadly to organizations that deploy a free Enterprise Linux clone to their business because they think they can self-support.



It also applies specifically to Oracle, because even before IBM, Red Hat was already trying to portray Oracle Linux as some sort of “stolen product” with their “Unfakeable Linux” marketing campaign.



Let’s talk about users. Fedora has always had a very transactional relationship with users from Red Hat’s point of view. Users were valuable as bug reporters. We’d get this software on our daily systems for free, and in return, when something went wrong, we were “requested” to file bug reports.



However, IBM doesn’t value bug reports because as the new boss in town, it’s not actually interested in fixing bugs. It wants to hide them, like Microsoft, according to AlmaLinux developers who tried reporting security vulnerabilities in RHEL components.



KnownHost CTO and AlmaLinux Infrastructure Team Leader Jonathan Wright recently posted a CentOS Stream fix for CVE-2023-38403, a memory overflow problem in iperf3. Iperf3 is a popular open-source network performance test. This security hole is an important one, but not a huge problem. Still, it’s better by far to fix it than let it linger and see it eventually used to crash a server.



That’s what I and others felt anyway. But, then, a senior Red Hat software engineer replied, “Thanks for the contribution. At this time, we don’t plan to address this in RHEL, but we will keep it open for evaluation based on customer feedback.” 



[…]



The GitLab conversation proceeded: 



AlmaLinux:  “Is customer demand really necessary to fix CVEs?” 



Red Hat: “We commit to addressing Red Hat defined Critical and Important security issues. Security vulnerabilities with Low or Moderate severity will be addressed on demand when [a] customer or other business requirements exist to do so.”



AlmaLinux: “I can even understand that, but why reject the fix when the work is already done and just has to be merged?” 



At this point, Mike McGrath, Red Hat’s VP of Core Platforms, AKA RHEL, stepped in. He explained, “We should probably create a ‘what to expect when you’re submitting’ doc. Getting the code written is only the first step in what Red Hat does with it. We’d have to make sure there aren’t regressions, QA, etc. … So thank you for the contribution, it looks like the Fedora side of it is going well, so it’ll end up in RHEL at some point.”



One user wrote, “You want customer demand? Here is customer demand. FIX IT, or I will NEVER touch RHEL EVER.” While another, snarked, “Red Hat: We’re going totally commercial because Alma never pushes fixes upstream! Also, Red Hat: We don’t want your fixes, Alma!”



On Reddit, McGrath said, “I will admit that we did have a great opportunity for a good-faith gesture towards Alma here and fumbled.”



Finally, though the Red Hat Product Security team rated the CVE as “‘Important,’ the patch was merged.

-ZDNet Article “AlmaLinux discovers working with Red Hat isn’t easy”


The attitude that Microsoft and IBM share in security vulnerabilities is that they don’t want to touch the fix, even if someone else already wrote it, because it may cause a regression that they then have to spend time and money sorting out.



Microsoft’s attitude is so bad that they use old and insecure versions of gnupg to generate package signatures on their “Linux” software, but it also hardly matters because they point dnf on Fedora or RHEL to their server to get the .asc file, which means that users who have Microsoft programs on their computer can get a copy that’s been tampered with as an “update” and not have any warning, because the attacker can modify the .asc with one that they control, and put that one on the server as part of the attack.



I think it’s, frankly, frightening, that IBM admits that security patches are not one of their highest priorities in such a widely used system as RHEL.



Instead of getting caught up in the “security poser” malarkey, and buzzword bullshit bingo, like Matthew Garrett does with his nerve-grating overuse of things like “attestation”, “TPM”, and “roots of trust”.



These things are not security. If the software you’re using is garbage, your security is garbage. You need to use software from people who just fix their damn bugs, and vendors who get you those patches shipped ASAP. Everything else is basically pointless.



My roots of trust are simple. It’s on my computer, I trust it. Fuck off.



The first and last time I’ve had a computer virus, it was on Windows 98, and Chernobyl (it was set to trigger a malicious BIOS flashing until the ROM was bricked). Thankfully, I pulled it out in time.



I have never had any “Linux malware”, and that record is unbroken since 1998.



Seriously, patch your software, get it from a legitimate source, and don’t worry too much.



If a company is like Microsoft and IBM, and doesn’t want to know about security holes, they don’t deserve their customers on that issue alone.



Where were we? Ah, yes. Freeloading. IBM’s open contempt for Fedora is even worse.



They are throwing out many unpaid volunteers that were doing free work for IBM Red Hat, and calling those people “Freeloaders”, with absolutely no sense of irony, apparently. IBM gets a lot of software for free.



They stopped paying the FSF around the time Molly de Blanc and other unproductives, like Garrett (his last useful code was in the 2000s, I think, when he worked on ACPI), organized people around a defamatory petition against Richard M. Stallman, which Roy Schestowitz points out is a 70 year old man.



But IBM still pulls GNU software without paying for it. And many other people’s software! FREELOADERS!



Users of free clones can be future customers.



The “free” developer license for RHEL, does not allow you to deploy it across your whole organization, get settled in, and then realize you need support after all.



The free clones were an ongoing source of new customers, who would often bring lots of machines with them by the time they approached Red Hat and wanted to do an in-place conversion. This was a serious amount of money.



IBM says they’re just Freeloaders and harasses the distributions that onboard customers into the “Red Hat” way of doing things and land them clients.



Even when they don’t make sales, their product gets more marketshare, which was why they were a de facto “standard”.



Oracle “Freeloading”.



Perhaps most of all, Red Hat (pre-, and post-IBM) had disdain for Oracle Linux, but Oracle didn’t have compelling reasons to lure people away from RHEL wanting an identical product. Oracle is not the authoritative source of RHEL, IBM is. Whatever Oracle consumes is what IBM decided to put in there.



A customer education campaign on this subject would have been better than labeling Oracle as some sort of “stolen product”.



Oracle is not going for exactly the same customers. They have their own “Unbreakable Enterprise Kernel” that is really quite different already, and which boots by default.



UEK is modified to run Oracle-type workloads better than the RHEL Compatible Kernel, but despite this, the compatibility issues with it are rare.



The Linux kernel version does not directly interact with very many programs in userspace so as long as you have a stable kernel that’s getting serviced by someone who knows what they’re doing, you’re probably going to be fine running the RHEL userspace on top of it, which makes IBM’s decision to obscure their kernel all the more bizarre.



The future of RHEL clones is not entirely under IBM’s control anyway.



Already, an alliance (Open Enterprise Alliance Association) of SUSE, Oracle, and CIQ (sponsor of Rocky Linux) have come together to make a “commons” out of the Enterprise Linux source code.



Ironically, the alliance’s Web site pokes fun at IBM.



“The Community Repository for Enterprise Linux Sources No subscriptions. No passwords. No barriers. Freeloaders welcome.



Essentially, IBM has succeeded only in angering a great many people with their antics including washing their hands of Fedora this week, and spurred their competitors into an alliance to reduce the work of maintaining competing RHEL clones.



This has all been so very stupid and avoidable.



The media (bribed) has been focusing on this “AI” nonsense between Microsoft and IBM, but all it will ever do is cost IBM money.



IBM decided to throw away an actual product, and company, that it spent a considerable amount of money acquiring, in the garbage, and pivot to running like some idiotic San Francisco cash furnish with an account at the Bank of Silicon Valley.



It will not end well for them if they proceed.



Recent Techrights' Posts

When People Call a Best/Close Friend of Bill Gates a "Serial Rapist"
Good thing that the Linux Foundation keeps the "Linux" trademark ("Linux Mark") clean
Microsoft Bankruptcy in Russia, Shutdown in Pakistan, What Next?
It seems possible that in 2025 alone Microsoft will have laid off over 50,000 workers
What Matters More Than "Market Share"
The goal is freedom, not "market share"
Credit Suisse collapse obfuscated Parreaux, Thiébaud & Partners scandal
Reprinted with permission from Daniel Pocock
UK Media Under Threat: Cannot Report on Data Breach, Cannot Report on Microsoft Staff Strangling Women
The story of super injunction (in the British media this week, years late)
Under the Guise of "MIT Technology Review Insights" the Site MIT Technology Review Posts Corporate Spam as 'Articles'
Some of the articles aren't even articles but 'hit pieces' against Free software and some are paid advertisements
Brett Wilson LLP Has Track Record in Scam Coin Cases (e.g. Craig Wright and More), Now It Works for 'Crypto' Scam Purveyors
But wait, it gets worse
Will Brett Wilson LLP Handle Its Own Winding Up Petition or be Struck Off for Overt Abuse of Process?
Today we sue not only the first Microsofter
 
CALEA / CALEA2 is the Real Problem, Not Chinese Operatives Exploiting CALEA / CALEA2 (as Any Other Nation Can)
CALEA / CALEA2 is more of a front door than a back door
99.99% Uptime in First Half of 2025
Since January there was only one noticeable outage
Nils Torvalds and Anna "Mikke" Torvalds (née Törnqvis) Hopefully Use GNU/Linux by Now
"Torvalds Family Uses Windows, Not Linus’ Linux"
Attack of the Slopfarms
FUD-amplifying bots with slop images, slop text (LLM slop)
Not My Problem, I Don't Care
Context/inspiration: Martin Niemöller
Honest Journalism About the European Patent Office Ceased to Exist After SLAPPs and Bribes to the Media
The EPO is basically a Mafia
Life Became Simpler When I Stopped Driving and I Don't Miss Driving When I See "Modern" Cars
Gee, wonder why car sales have plummeted...
Why I Believe Brett Wilson LLP and Its Microsoft Clients Are All Toast
So far our legal strategy has worked perfectly
EPO Jobs Are Very Toxic and Bad for One's Health
Health first, not monopolies
Response to Ryo Suwito Regarding the Four Freedoms
the point of life isn't to make more money
Microsoft's Morale Circling Down the Drain
Or gutter, toilet etc.
Tech Used to be Fun. To Many of Us It's Still Fun.
You can just watch it from afar and make fun of it all
Links 17/07/2025: "Blog Identity Crisis" and Openwashing by Nvidia
Links for the day
Greffiers and the US Attorney of the Serial Strangler From Microsoft
The lawsuit can help expose extensive corruption in the American court system as well
The People Who Promoted systemd in Debian Also Promote Wayland
This is not politics
Victims of the Serial Strangler From Microsoft, Alex Balabhadra Graveley, Wanted to Sue Him But Lacked the Funds (He Attacked Their Finances)
Having spoken to victims of the Serial Strangler From Microsoft
Links 17/07/2025: Science, Hardware, and Censorship
Links for the day
Gemini Links 17/07/2025: Staying in the "Small Web" and Back on ICQ
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 16, 2025
IRC logs for Wednesday, July 16, 2025
Exclusive: corruption in Tribunals, Greffiers, from protection rackets to cat whisperers
Reprinted with permission from Daniel Pocock
Links 16/07/2025: Chip Bans and Microsoft’s “Digital Escort” Program
Links for the day
Ubuntu Becomes Microsoft GitHub, Based on Decision Made by British Army Officer
You're hopeless, Canonical
Revolving Doors: One Day You're a Judge, the Next Day You're an Attorney Paying Public Officials and Working for Violent and Dangerous Microsoft Employees
how the US justice system works
Sharing Code and Recipes
It helps explain the triviality of software freedom
Slopwatch: Noise, Plagiarism and Even Fear, Uncertainty, Doubt/Fear-mongering/Dramatisation
What are we meant to do to prevent a false association or misleading connotations? Game the LLMs? No. Boycott slopfarms.
How Many Women Has Microsoft's Alex Balabhadra Graveley Already Strangled and Where Does That End?
If you too are a victim of this man and wish to share information, contact us
Gemini Links 16/07/2025: BaseLibre Numerical System and Simple Web Browsing with TLS
Links for the day
Links 16/07/2025: Fascist Slop Takes "Intelligence" Clothing, New Criminal Case Against MElon
Links for the day
"We Might Save Somebody's Life"
I follow the example of my father
Why I am Suing the Serial Strangler From Microsoft, Alex Balabhadra Graveley, in the UK High Court This Week
Out of respect to the process and to the Court, I shall not share any pertinent details about the case
Links 16/07/2025: China’s Economy Grows Steadily, France Takes Action Regarding Harm to Children by GAFAM and Fentanylware (TikTok)
Links for the day
It is Not About Politics
Beware the people who try to make this about politics
Good Journalism Saves Lives
a shocking number of women die or get seriously hurt every day due to violence from a partner
Recognition of Women's Contributions to Free Software
Being passive is not an option when bad things are happening
Slopfarms Are Going to Perish Because Public Opinion is Changing
Many slopfarms will simply go offline
19 Years of Standing Up for Justice, Equality, and Truth
This week we shall take it up a notch
Gemini Links 16/07/2025: Tmux and OCC25 Working TLS
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, July 15, 2025
IRC logs for Tuesday, July 15, 2025
Links 15/07/2025: LLM Pollution and Pushback in Ukraine
Links for the day
Gemini Links 15/07/2025: xkcd, New Cert, and Alhena Gemlog
Links for the day
Links 15/07/2025: Press Freedom at Risk and New Facebook Blunders
Links for the day
Reboots Should Never be Necessary
"BUT WHAT ABOUT SECURITY!!"
There's Still Hope for the World Wide Web
Let's hope that the trajectory of the Web won't be leading us to over-reliance on Google, nor will it reward worthless slopfarms
Gemini Links 15/07/2025: Smolweb and Alhena 5.1.7
Links for the day
The Danes Want GNU/Linux
David Heinemeier Hansson recently moved to GNU/Linux
Cory Doctorow Explains Why Software Freedom Matters, Whereas "Open Source" Misses the Point and Helps Monopolies
It's a very long article
BillPR (EpsteinGate-Bribed NPR) is Turning Into a Partial Slopfarm that Promotes Slop
"I went on a date with a chatbot!"
Two Weeks Passed Since Latest Large Wave of Microsoft Layoffs, More Expected Next Month
Blaming the debt on "AI" is just self-serving storytelling
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, July 14, 2025
IRC logs for Monday, July 14, 2025
Gemini Links 15/07/2025: Gemini "Style Sheets" and Switching From Microsoft GitHub to Codeberg
Links for the day