EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

06.21.14

China Attacks Microsoft’s Patent Plot Against GNU/Linux and Russia Seems to be Following China’s Foray Into GNU/Linux

Posted in Free/Libre Software, GNU/Linux, Microsoft, Patents at 11:54 am by Dr. Roy Schestowitz

Summary: Amid tightening relationships and collaborations between China and Russia, two common targets of espionage attacks by the West, more moves are seen which rid themselves of Microsoft

WE HAVE been patiently watching and accumulating reports about China’s hostile treatment of Microsoft, including — quite notably — the ban on Windows, which is a serious security risk that should be avoided not only for security reasons (back doors and much more). China is boldly moving to domestically-developed operating systems, based on GNU and Linux (so that China can properly study the source code). Over the past few days there were many articles about China’s attempt to de-fang Microsoft’s blackmail monster, essentially by making a ‘namedrop’ of all the patents involved. This will prove exceptionally helpful to the FOSS community, for reasons we shall explain later.

In our daily links (posted just an hour ago) we included an important link from Phoronix. It indicates that Russia is now dodging x86, probably ensuring that no system will be able to run Microsoft Windows or even proprietary programs for Microsoft Windows. This is potentially huge and perhaps there will be a lot of media coverage on Monday.

Both China and Russia have solid, defensible reasons for abandoning Microsoft Windows. This operating system has been used for political and economic espionage that requires illegal (hence secret, even at the court level) surveillance. Microsoft is the NSA’s software-centric best friend (in telecommunications the NSA has many more good friends) and in another post (tomorrow) we shall say more about it.

So, what exactly has China just done?

Years ago we wrote about what Microsoft had done in China. It’s a sort of political corruption, boosted in part by Bill Gates’ lobbying.

Well, China seems to have had enough of that nonsense and it won’t tolerate Microsoft’s blackmail, either. As The Mukt put it, the “Chinese government exposes Microsoft’s secret patents used against Android” as “Microsoft is one such company which has been trying to abuse the flawed US patent system to extort money from those companies with use GNU/Linux based systems including Android and Chrome OS.”

Here is a report from an Android-hostile site which uses the term “Android patents” (similar to FOSSPatents, which is an absurd FUD term) rather than “patents used against Android” (as put in other sites).

We wish to remind readers that Huawei, now known as a target of the NSA (the NSA attacked Huawei’s network and infiltrated it), was reportedly (since 2012 or thereabouts) pursued by Microsoft for an Android patent extortion deal — one that Microsoft never got. Given the close relationship between Huawei and the Chinese government (in the West too the government is closely tied with telecommunications companies) one has to wonder if Huawei was the source of this new disclosure. Unlike ZTE, Huawei never surrendered to Microsoft’s extortion and blackmail (most likely violations of the RICO Act in the United States). With evidence out there, might there finally be federal action against Microsoft? It might help China’s Huawei and the other giant, ZTE, so it’s easy to see China’s interests here. But it’s not just about China. Many companies in east Asia, west Europe, and even the United States are also victims of Microsoft’s bullying. Many articles correctly pointed out the similarity here to the Barnes and Noble saga, where Microsoft ended up bribing Barnes and Noble to drop the case and almost drop Android/Linux, as well [1, 2, 3, 4].

Days ago we wrote about Microsoft squeezing their own users for money (especially businesses) and now Microsoft is trying to squeeze also those who leave Microsoft (to GNU/Linux). In reference to Microsoft-friendly circles covering the latest incident, one person quoted this bit: “Microsoft General Counsel Brad Smith and licensing chief Horacio Gutierrez sat down with Fortune recently to map out their strategy for getting FOSS users to pay royalties” (because FOSS too is property of Microsoft, apparently).

Now that China fights/ousts world’s largest patent troll (which also spawned Intellectual Ventures) Dr. Glyn Moody writes this insightful piece:

Well, they prove that the Microsoft method of bullying and insinuation works. But despite that, they didn’t prove that Android infringed on Microsoft’s patents because – as usual – the latter refused to reveal what exactly they were. That’s because their power really lay in their vagueness. While companies were unsure which patents Microsoft was talking about, it was more or less impossible for them to check whether they were affected. That meant they would probably be open to an easy deal with Microsoft – better to pay up than have a patent sword of Damocles hanging over you.

And that, until recently, was pretty much the state of play. Many Android manufacturers decided that discretion was the better part of valour, and signed licensing agreements with Microsoft – all secret, and therefore all maintaining the vagueness and the power to threaten. But something dramatic has just happened: in order for Microsoft to gain approval from the Chinese Ministry of Communications (MOFCOM) for the company’s purchase of Nokia, Microsoft was obliged to provide lists of the patents it claims are infringed upon by Android. That’s presumably because so many smartphones made in China use Android or a variant of it, that the authorities there were concerned Microsoft might be able to threaten its local companies.

Here is some more coverage that says:

A Chinese government website has published lists of the patents that Microsoft claims are necessary to the functioning of Android smartphones, the first time such lists have been made public.

The patents were analysed by the Chinese Ministry of Commerce (MOFCOM) as part of its review of Microsoft’s acquisition of Nokia’s handset business, which China approved in April.

Pogson correctly points out: “Thanks to inquiries in China, a list is now public. This will permit M$’s competitors to organize a cooperative response rather than suffering under “divide and conquer” conditions.”

China is moving away from Windows rather than pay Microsoft to be spied on by espionage champions like the NSA. Will Hill says: “I’m not sure if Ars is recycling really old fud against gnu/linux or if people in China are going to cut all the FAT out of Android to avoid Microsoft bullshit.”

What Barnes and Noble tried to do before selling out might actually resume with China’s strong lead. This may include resistance to Nokia (e.g. opposition to takeover), which Microsoft plans to use as a patent proxy and a source of patent-stacking (through trolls like MOSAID).

Special credit must go to Joe Mullin. The earliest report we found about this latest development came from him and stated: “For more than three years now, Microsoft has held to the line that it has loads of patents that are infringed by Google’s Android operating system. “Licensing is the solution,” wrote the company’s head IP honcho in 2011, explaining Microsoft’s decision to sue Barnes & Noble’s Android-powered Nook reader.

“Microsoft has revealed a few of those patents since as it has unleashed litigation against Android device makers. But for the most part, they’ve remained secret. That’s led to a kind of parlor game where industry observers have speculated about what patents Microsoft might be holding over Android.

“That long guessing game is now over. A list of hundreds of patents that Microsoft believes entitle it to royalties over Android phones, and perhaps smartphones in general, has been published on a Chinese language website.

“The patents Microsoft plans to wield against Android describe a range of technologies. They include lots of technologies developed at Microsoft, as well as patents that Microsoft acquired by participating in the Rockstar Consortium, which spent $4.5 billion on patents that were auctioned off after the Nortel bankruptcy.

“The list of patents was apparently produced as part of a Chinese government antitrust review relating to Microsoft’s purchase of Nokia. Microsoft described the results of that review in an April 8 blog post, writing that the Chinese Ministry of Commerce (MOFCOM) “concluded after its investigation that Microsoft holds approximately 200 patent families that are necessary to build an Android smartphone.”

FOSS guru Steven J. Vaughan-Nichols correctly points out that “[n]ow that the Chinese government has revealed the patents within Microsoft’s Android patent portfolio, Microsoft may soon be facing challenges from vendors over its Android patent licensing agreements.”

China may have derailed Microsoft’s extortion by removing the NDA barrier (the same trick Microsoft used when dividing OEMs to conquer the industry). Android will definitely benefit from it and so will derivatives of Android, including China’s. Vaughan-Nichols has an explanation worth reading.

We should probably stress that not all derivatives of Android are safe to use. Nokia turns Android into a Microsoft surveillance platform and the CIA’s top partner, Amazon, has reportedly taken surveillance in Fire (Android-based but altered) to new and rather scary levels [1,2]. We don’t know yet if China will do the same, but reports from years ago said that China had put back doors in its own official distribution of GNU/Linux. This was quite likely correct.

Related/contextual items from the news:

  1. Amazon’s Fire Phone might be the biggest privacy invasion ever

    Amazon is a fascinating company, and the Amazon Fire Phone is a fascinating machine for connecting you with stuff to buy. It’s probably also the biggest single invasion of your privacy for commercial purposes ever.

    And no one seems to have noticed.

  2. Is the Amazon Fire Phone the NSA’s wet dream?

06.18.14

More Microsoft Openwashing From The Register and Continued Deception on ‘Open Source’ in the British Press

Posted in Deception, Free/Libre Software, Microsoft at 12:46 pm by Dr. Roy Schestowitz

Rinsing (and repeating) Microsoft lies in the corporate media

Money laundering

Summary: Further distortion of what FOSS means and stands for, including Microsoft’s rather unique involvement in this distortion

There has been lots of Microsoft openwashing lately, as well as Apache FUD [1, 2, 3] (The Register recently joined this FUD campaign). Some of the openwashing revolved around .NET and an article about Roslyn (which is not “open” [1, 2, 3, 4]) by Microsoft booster Tim Anderson. He did this effective Microsoft AstroTurfing (like any clever PR front) some days ago in The Register, acting like a smear against Open Source and openwashing of Microsoft at the same time. Check out this disgrace of an article:

“Pushing that button was one of the more impactful clicks of my career,” says Microsoft’s C# lead architect Anders Hejlsberg. The click in question was made on stage at Microsoft’s Build conference in April, and its effect was to publish the .NET Compiler platform, codenamed Roslyn, as open source under the Apache 2.0 licence.

Roslyn is both the next generation compiler for C# and Visual Basic, and a set of APIs which enable deep integration with developer tools (like Visual Studio) for more powerful code recognition and refactoring.

This is total nonsense, involving proprietary software which tries to masquerade as ‘open’. The Register has low standards now.

IDG, citing Microsoft buddies like Black Duck and Gartner, continues to further dilute the meaning of Open Source. These are FOSS-hostile Trojan horses, Gartner and Black Duck, are cited in IDG as ‘authorities’ on FOSS and mind the headline which is rather offensive. It’s FUD disguised as fanfare. Gartner cares about FOSS like Bush cares about peace and Black Duck cares about FOSS like a fox cares about sheep. The media sure likes too taunt FOSS, still. Watch how the media continues to proper up Gartner’s TCO FUD by ignoring all but one CIO in the UK — one who fails to admit that proprietary software requires support, just like FOSS. Here is Jos Creese used again to generate negative publicity for FOSS. To quote the article:

Yet most IT departments and data centres in the public and private sectors already deploy more open sourced software than most of us do at home or on personal devices (think Microsoft and Apple for a start). The challenge for open source providers is to be open about total cost of ownership – the idea that open source is ‘free’ in a corporate environment is usually neither helpful nor true. Honesty about the cost economics will also help to promote the real potential of open source in a corporate environment. And whilst open source solutions will become more prevalent, there will remain a role for proprietary solutions to co-exist.

This is the same old TCO FUD.

These people like to pretend that Microsoft is opening up, even in Newham (UK, central). It shows why the openwashing is so dangerous and the deception is effective for those who are gullible by choice.

Why is the British media so FOSS-hostile these days? Is there a trail of money that goes beyond just advertising?

Dan Goodin/Condé Nasty Cannot Recognise Real Security Threats, Preferring to Focus Only on Bugs in FOSS

Posted in Deception, Free/Libre Software, Security at 11:52 am by Dr. Roy Schestowitz

Condé Nast
Condé Nasty’s building, located near Wall Street

Summary: Articles about security issues at Condé Nasty (owner of Ars Technica) fail to focus on inherent flaws in software that is secret (and has back doors baked in), instead amplifying alarms over FOSS bugs

We recently saw some reports about Android vulnerabilities which actually count for something, e.g. privilege escalation put in proper context (user needs to actually install the software). But some people, and especially Goodin , would rather hype up non-issues and post them under “Risk Assessment / Security & Hacktivism” (an anti-Linux and now anti-Android section at Condé Nasty). They ignore the real security issues such as back doors, instead focusing on this kind of nonsense, saying that a designed change could heighten security risks for users. This is a continuation of very incomplete, one-side coverage, where only FOSS is ever characterised as insecure. It is propaganda by omission and Goodin is exaggerating the severity of flaws while adding provocative images to further increase the magnitude of fear. There is an agenda there; Irresponsible to say the least, as we recently showed. Maybe Goodin should highlight automatic updates of whole operating systems such as Windows. Why is he only picking on Android/Linux? Based on some reports, the FBI is listening to Android devices remotely. Maybe this is the kind of thing Goodin should cover, but he never does. Spooks may be hijacking automatic updates (such as Windows automatic updates) using back doors and collusion like PRISM, but Goodin is not interested in these matters. He would rather overlook the big issues like proprietary software which declines to obey settings that block automatic updates (Windows does this). Windows is the Swiss army knife of spooks, some of whom went on from agencies like the FBI to top positions inside Microsoft (and later to the firm which created hype/FUD about ‘Heartbleed’ [1, 2, 3]). People who only cover issues in FOSS instead of back doors in Windows cannot be taken seriously. It’s just so Condé Nasty (owner of Ars Technica since a few years ago). When Microsoft employees who reveal secrets of Windows get jailed and deported we should clearly divert scrutiny in that direction, but it is not happening. This site should be capable of better journalism on software issues, such as this very detailed new article about Android. Only balanced journalism will make this site look like real journalism.

06.15.14

Openwashing With Patent Pledge Nonsense: Tesla Merely Gives Back What it Took Away

Posted in Deception, Free/Libre Software at 9:05 am by Dr. Roy Schestowitz

Tesla

Summary: Elon Musk from Tesla Motors claims to be ‘sharing’ inventions, but the true motivations are far less benign than it seems on the surface (if not malicious)

WE HAVE been patiently watching “Linux” and “Open Source” feeds filling up with something that is not related to software but claims to be inspired by “Linux” and “Open Source”. It’s some marketing stunt from Tesla, which got the attention of OS (Open Source) Vehicle (another openwashing attempt).

The post says: “Is this a marketing stunt?

“I don’t think so. This can be a genuine effort from one of the visionaries of the silicon valley, one of the most advanced companies on earth, taking finally into account that – by having a value proposition targeted at a customer segment that is pretty small, mostly made by wealthy people most of them living in the US. You can’t really change the world for the better in a short enough amount of time (do you remember we have only less than 6000 days? – look at this).

“As you may also know, Tesla is developing a pretty cool new technology for batteries and it’s probably sure that having other big automotive brands producing cars based on their technology, their batteries will be able to target a bigger market and – at the end – achieve a bigger transformation effect on automotive.”

But why were these patented in the first place? And if these were not patented, would Tesla be able to make a fuss about the so-called ‘giveaway’?

The post goes on: “But if Tesla really wants to scale up its contribution, it must work towards the real adoption of the technological solutions that it is making available, it must switch from a product approach to a platform approach and – in a way that is similar to what we are doing – needs to engage with the community, understand how these technologies can be used and are going to be used and make efforts to ensure that every player in the market will have the same access, an access that is clear in terms of rights, obligations and implications.

“Also, an open source (patents) car will work in the future only if it’s accompanied by an open and distributed manufacturing process, that is able to include multiple stakeholders and be based on a more participative value chain, also embedding the principles of Cradle to Cradle production, eliminating waste and obsolescence.”

We were preparing a long article about this whole marketing exercise that’s basically openwashing the company using the disgraced notion of “opened” patents. IBM, HP and other companies have been using this marketing exercise before. It’s utterly pointless and we have countered it repeatedly. Why are so many journalists bamboozled, including FOSS-friendly ones? Here is one key person from Canonical stating: “When I get home, I’m going to take down a plaque that has proudly hung in my own home office for nearly 10 years now. In 2004, I was named an IBM Master Inventor, recognizing sustained contributions to IBM’s patent portfolio.”

Further down he says: “I’ve never been more excited to see someone back up their own rhetoric against software patents, with such a substantial, palpable, tangible assertion. Kudos, Elon.”

But Elon did not revoke the patents, he just claimed to be sharing them (in a pseudo-geeky way with a famous meme). That’s a very different thing. It’s the same thing that IBM claims to be doing with OIN, among other strategic marketing angles.

Shameless here is the type of free marketing newspapers gave Tesla, characterising a patent hoard (followed by openwashing) as some kind of championship of FOSS. The PR nonsense audaciously uses the term sharing, even though it’s all about profit. They are selling patents as a form of marketing, creating dependence on their technology. Elon Musk, the CEO, has been getting far too much credit and publicity here; it’s rather familiar because all sorts of patent ‘pledges’ by HP and IBM are worse than useless and his is no better. Those two companies lobby for software and try to make it look OK. Likewise, Tesla is patenting all sorts of things and now makes the patents looks legitimate by ‘sharing’ them (whatever that means). It’s the Robin Hood mentality or the doctrine of ‘charity’, where rather than establishing social equality one works vertically, by giving from top to bottom, selectively, upon one’s will and supposed ‘generosity’. As long as there are patents on things like these, lawsuits will continue to harm small companies. “Heavy patent litigation scared off about $22 billion in VC funding over 5 years,” said this one new article, and it is one among many.

The press that Tesla received extends to other countries and resorts a to pathetic cocky attitude that uses metaphors (“Handing Over the Keys”) for openwashing or the notion that Telsa is “contrarian” and “open source” (“the open source movement”).

One decent response to the marketing from Tesla came from Jan Wildeboer, who wrote:

Thank you, Tesla Motors For The Patents, but …

Here’s the thing. Elon Musk doesn’t trust the patent system to protect his inventions. So instead of filing for more, he will simply not file at all and keep his inventions secret. The stuff that already got patented thus is already considered lost by him so it is safe to “open source” them all.

When will the press finally ‘get’ Tesla’s real reasons for doing this? It’s about self interest; Tesla would get sued by shareholders otherwise.

Microsoft: When Inspecting Proprietary Software Puts You in Prison, Gets You Deported

Posted in Free/Libre Software, Microsoft, Security at 8:30 am by Dr. Roy Schestowitz

Madness

Summary: Microsoft’s software must be so malicious if revealing its “secrets” gets people who work for Microsoft jailed for several months and then deported

A LOT of the press continues to ignore the real threats to our (digitised/digital) liberties online. The corporate press barely writes about back doors in proprietary software like Windows (the back doors are there by design) and instead props up the whole “Heartbleed” hype [1, 2, 3]. Here for example is an article where 2 months (yes, 8+ weeks) after some lines of code were shown to have an error in them (dubbed “Heartbleed” by a Microsoft-linked firm and then marketed like classic FUD) IDG is conveniently deducing that all of FOSS is not secure. This is disgraceful FUD and it’s part of a pattern we have been seeing. Sure, there is lots of business in such generalisations, including for insecurity firms like Symantec, which maliciously gets closer to Linux groups (surely to sell some snake oil and claim that FOSS needs proprietary “anti-viral” software add-ons to be secure).

It should be noted that months ago there were many articles about how insecurity firms like Symantec (with odious Microsoft links in the management) needed to intentionally overlook government-developed malware (like Stuxnet) and back doors. It all adds up to one thing: the least secure practice in IT is one that involves introducing secret code into complex systems. One proprietary program is enough to compromise a larger system.

According to this article, allowing the public to see Microsoft secrets is a serious crime that gets you imprisoned and deported. “The Government timed its Complaint and Arrest Warrant to coincide with Mr. Kibkalo’s pre-arranged attendance at a technology conference in Bellevue,” says one article. Another says:

Kibkalo’s circumstances are somewhat different than most employees that get on the “outs” with their tech companies: in his case, Microsoft sifted through the emails and documents of the French blogger in order to detect the source of the leaked information – and then discovered that it was Kibkalo. Microsoft says that it regrets its actions, despite the fact that it doesn’t need a warrant to search the emails of its own customers. At the same time, there was an issue with Microsoft’s violation of customer privacy – and privacy advocates find the company violation to be more than an issue of subjective preference. They view it more as an “improper search and seizure.” What grounds did Microsoft have to do this?

Here we have two issues: the first if that Microsoft illegally spies on E-mails (we covered this before) and the second is that the very notion of being allowed to see Microsoft source code (e.g. to find the back door) or some “secrets” is now a serious crime with serious punishment. For a ‘transparent’ and ‘open’ “new Microsoft” (marketing nonsene) this sure doesn’t bode too well.

06.14.14

HP’s Former Open Source Leader Helps Expose HP as a Fraud on ‘Open Source’ Issues, Reveals Microsoft’s Role in SCO’s Attack

Posted in Free/Libre Software, HP, Microsoft at 4:46 am by Dr. Roy Schestowitz

“On the same day that CA blasted SCO, Open Source evangelist Eric Raymond revealed a leaked email from SCO’s strategic consultant Mike Anderer to their management. The email details how, surprise surprise, Microsoft has arranged virtually all of SCO’s financing, hiding behind intermediaries like Baystar Capital.”

Bruce Perens (years back)

Summary: Thoughts and analysis of HP, which despite pretending to have embraced Free/Open Source Software (FOSS) is very much a Microsoft ally, managed to a large degree by people from Microsoft

HP is a scam when it comes to “open source” support. While their hardware is quite Linux-friendly (my wife uses an HP laptop), their extreme/radical policy of self interest in the server room and on the desktop continues to show. Their recent openwashing campaign, which I have campaigned against (they are claiming to invest in FOSS only for marketing purposes, just like IBM), should not impress too easily. What comes to mind is HP’s negative lobbying against FOSS and stories we have heard from Perens (former HP manager for FOSS). It’s all just a charade, intended for the most part to increase sales but also to attract talented staff (recruitment).

HP’s history has been quite well documented in this site for nearly 8 years of its existence. HP is an ally of Microsoft and many of its managers these days are people who worked for Microsoft. In order to keep selling GNU/Linux servers (hardware with GNU/Linux sells better) HP is trying to maintain an image that would appeal to geeks. However, it’s all fake, it’s a façade. Perens proves it now in part by repeating what he wrote some years ago [1]. The stuff Perens says about SCO and HP is dynamite, revealing a huge extent of collusion against GNU/Linux. HP was well aware of it.

Years ago in Slashdot Perens explained how HP offered him AstroTurfing help, i.e. it offered to spawn agents of propaganda if he needed it. To quote Will Hill (from last night): “Yes, I was just thinking about that the other day. He said this in 2008…”

…just about every PR firm offers to help “manage the perception of your company in online communities” these days. What do you think that means? Astroturfing Slashdot, Youtube, etc. In my various manangement positions it’s been offered to me. Indeed, some of the companies offer to create negative publicity for your competition that way – HP had a publicity firm for its Linux activities that told us it would do that when we wanted. I never asked them to do so and hope nobody else did either. This stuff is just standard these days. You’ve got to expect it.

As Hill adds: “There’s a grim similarity between that and government astroturf programs revealed by Snowden. Greenwald recaps well that in “No Place to Hide” by showing us that government hires teams of psychologists and has made a science of disrupting online discussions and deception. The point of it all is “strategic influence disruption.” The targets not terrorists but “hactivists” like Anonymous, environmental groups and people who might compete with the plutocracy. We should not be too surprised by the similarity because both programs are run by the same people – 75% of the spy complex money goes to private contractors and HP is probably one of them.”

There are some new examples of what seems like AstroTurfing by Microsoft. Some Microsoft lies (a placement) got posted in “CFO World”. It is an evidence-free denial of Microsoft collusion against public. This is how propaganda works.

Meanwhile, returning to the subject which is HP, watch Microsoft booster Julie Bort going into propaganda mode, claiming that HP has “Plans To Destroy Microsoft Windows” (we countered a similar bit of propaganda some months ago) and then calls HP CEO “gutsy” for inviting Microsoft’s CEO. This is utter deception, a sort of PR which seeks to portray Microsoft has burying the hatchet and smoking the pipe of peace with rivals. Here is a portion: “Moments after HP announced its grand new plans to compete with the Microsoft Windows operating system, Whitman was thanking Microsoft for being a major sponsor of the conference and inviting the company’s new CEO, Satya Nadella, on stage.”

This very much shows whose bed HP is in. The company, despite trying top appear as a backer of FOSS, is very much serving Microsoft’s agenda, still. HP is pretending. Yes, HP only pretends to be a friend of GNU/Linux in order to drive server sales to geeks. We know this also because not too long ago HP lobbied against GNU/Linux in Europe (amid national migrations), saying it would be more expensive than Windows. We covered this several times back then and also showed in over a dozen posts that around the same time HP was appointing Microsoft executives to executive positions at HP. The same happened in Amazon, but that’s another story.

There are other interesting bits in the new interview with Perens, including his take on dual-licensing, but most relevant to us was the following bit:

Perens: At some point I accumulated enough credit for achievements that it became unnecessary to fight over it :-) . But I am hardly without flaws. Most visible might be that I want to get things done and don’t mind trampling others if that’s what it takes. I try to keep my ego down enough so that I get through those narrow doors.

The worst problems I saw at HP had little to do with Open Source. What I remember most was the sadness. There were and are many smart people there, and so many of us were conscious that the company was in a sort of death spiral and that we couldn’t do anything about it. The “pretexting” scandal was to the discredit of the board, the general counsel actually took the 5th in front of Congress on national television! Carly (the CEO) asked all of the employees to take a voluntary pay cut in the same month that she and other Board officers sold tens of Millions of dollars of HP stock. I remember my boss (a Section Manager, now the CTO) announcing at a meeting that an employee had gotten a “Reinvention Memo”. That meant lay-off, a sarcastic re-framing of HP’s “Reinvent” motto that showed how even upper managers like him were in despair. There was a series of ill-advised acquisitions of second-best or declining companies that HP failed to turn around, and then sold for cents on the dollar two years after acquiring them. The Compaq merger put the company at the very top of a business with vanishingly-small margins.

There was one really bad day that I guess is safe to talk about now, more than 10 years later, because the information is already in the public and thus no longer subject to NDA: Microsoft showed HP their plans to sue the Open Source projects for the Linux Kernel, Samba, Sendmail, and a list of other projects. Someone immediately shot me an HP VP’s memo recounting that meeting and concluding that we should back off of Open Source before the lawsuits started. When I passed it to my boss, I was told to keep it quiet. But I was hired to be an Open Source community leader first, and an HP officer second, and keeping quiet about that meant betraying the Open Source developer community. I just hated that and it poisoned my involvement with HP.

Microsoft eventually used SCO as a proxy to achieve what it disclosed to HP that day. I’d been warned long before that happened, and could do nothing until SCO announced their damaging but ultimately unsuccessful jihad against Linux.

What I think is worth remembering about HP is that it was once the great tech company that people wanted to work for, as Apple or Google might be for many today. I think a lot of what made it great left with Agilent. The Test and Measurement business was a low-volume, high-margin business that required lots of too-highly-paid old smart people who worked in expensive labs in Palo Alto, California. That became the most costly place to do anything largely due to HP’s own success. But Test and Measurement was also the brain-trust of the company, and lent its creativity to all of HP’s other aspects. So we lost a lot, I think, when Agilent was spun off of HP.

HP’s problem regarding Open Source and Linux was that systems running Linux competed with other HP lines running HP-UX or Microsoft, and HP was structured as Organizational Silos. Each line had its own sales-people, and different lines competed with each other for the same customer. HP-9000 folks were always complaining because Linux undercut HP-UX and thus HP-9000, as were folks who sold Microsoft Windows systems based on x86. If I said anything in the press about Open Source or Linux, a customer would ask one of those single-line sales-people about it, and it would come back to my boss as a complaint rather than a sales opportunity.

HP was always to some extent in Microsoft’s pocket, although they were also aware that Microsoft had screwed them and would continue to do so. HP de-emphasized further development of the HP 9000 hardware because Microsoft had told them in the late 80′s that they were soon to have an enterprise-quality NT. HP believed it, but MS failed to deliver for a decade. That lost HP Billions while Sun Microsystems took the engineering workstation market from HP. The HP officer who made that decision of course went on to be a Microsoft executive.

What we did achieve at HP was a good process for deciding what to do with Open Source when individual opportunities came up. If you wanted to incorporate Open Source in a product, or you had a business reason to Open Source something, we resolved the legal issues, the community issues, we even handled some security aspects and achieved a reasonable level of reuse. That could all be achieved by middle managers. So, everybody in the company knew that it was OK to use Open Source, but there was a process you had to go through. It wasn’t particularly expensive, it did sometimes sink multiple days of some engineer in doing paperwork, but that’s just due diligence and we ended up on a better legal footing when we used Open Source than otherwise.

There were things we decided not to Open Source because there was no good business reason for doing so. We weren’t UNICEF, so there had to be a business reason for everything. There were times when legacy customers would have gained benefit if we brought one of HP’s nine legacy operating systems to Open Source, but untangling the proprietary software that originated with third parties from the rest was too difficult. There were a few times when it was decided not to Open Source a legacy product because we were afraid that IBM might use it to sell their hardware against ours. Once that happened with a system that had only 5000 existing customers, and it would have been better for the customers for HP to open it but the decision – not mine – was not to do so.

I’ve since helped other companies start their own internal Open Source Process, and still do so today.

What we never achieved within HP, what I never had the power to do, was: to get HP to completely stand behind any innovative product regardless of what that meant for old-line products, to make innovation the #1 job of the company, and to grow a brand-new company from the old one every year that they were in business. They needed to embrace disruptive technologies as a pioneer rather than have the disruption done to HP by competitors. I think they tried to kill the Silo organizational structure after I left, I don’t know how successful that was.

Let this remind us that neither HP nor Microsoft has changed. In fact, many people from Microsoft moved to HP and there is now Microsoft agenda at HP. Microsoft’s FOSS moles too are now working for HP, in very senior positions in fact. Both companies deserve to be treated as a pair and the same goes for Dell; these are historically (in recent history) Microsoft hardware companies.

Related/contextual items from the news:

  1. Interviews: Bruce Perens Answers Your Questions

    Microsoft eventually used SCO as a proxy to achieve what it disclosed to HP that day. I’d been warned long before that happened, and could do nothing until SCO announced their damaging but ultimately unsuccessful jihad against Linux.

Small Bugfixes Become Big News in the Age When Fear (of FOSS) Sells

Posted in Free/Libre Software, FUD, Security at 3:57 am by Dr. Roy Schestowitz

Attempts to belittle the “eyeballs on the code” motto

Eye

Summary: Another week brings another set of bugfixes, which some choose to characterise as a very big deal despite evidence to the contrary

WHEN one has an agenda one can accentuate a particular side by covering it excessively. To be frank, not only FOSS-hostile circles are to be blamed for security hype; even some FOSS-friendly sites are releasing articles like “Linux Malware And Antivirus” or cover every security fix as though it’s major news. Consider just the past few days in Softpedia: A Steam OS bugfix is news and the same goes for Ubuntu because these projects make attractive headlines, especially after the whole “Heartbleed” hype [1, 2, 3]. Guess who was behind it: the firm of Microsoft’s ‘Former’ Security Chief. GnuTLS was subjected to the same treatment by the same Microsoft-connected firm because like any project it has bugfixes [1, 2], never mind the real security issues (back doors in proprietary software like Windows).

Amid some of the latest reports from Microsoft-friendly sources and FOSS-friendly sources like SJVN (we cited two of these articles before) we should keep in mind that not all bugs are created equal and if we let every bugfix in a project like Linux or OpenSSL become major news, then we will lose sight of the real issue, which is proprietary software having bugs by design, to facilitate intrusion.

Kevin Poulsen, who did some Wikileaks-hostile coverage back in the days, correctly points out that “After Heartbleed, We’re Overreacting to Bugs That Aren’t a Big Deal”. Here is how his article begins:

Here’s something else to blame on last April’s Heartbleed security bug: It smeared the line between security holes that users can do something about, and those we can’t. Getting that distinction right is going to be crucial as we weather a storm of vulnerabilities and hacks that shows no sign of abating.

Last week the OpenSSL Foundation announced it was patching six newly discovered vulnerabilities in the same software that Heartbleed lived in. The first reaction from many of us was a groan–here we go again. Heartbleed triggered what was probably the single largest mass-password change in history: In response to the bug, some 86 million internet users in the U.S. alone changed at least one password or deleted an internet account. The thought of a repeat was (and is) shudder-inducing.

Be aware that there’s a disturbing trend right now, where so-called ‘security’ firms (opportunists/attention whores) or media companies try to exploit general security paranoia (or privacy concerns) to ‘sell’ us stories about ‘gaping holes’; the reality is usually just some routine bugfixes, wrapped up by those who have agenda. Dan Goodin and the Microsoft-connected firm (which even branded a bug) are some of the worst in this regard.

06.07.14

Lots of Coverage About FOSS Bugs, No Coverage About Intentional ‘Bugs’ (Back Doors) in Proprietary Software

Posted in Free/Libre Software, Microsoft, Security at 7:37 am by Dr. Roy Schestowitz

Bugs inside blobs are also serious bugs, and sometimes there by design

Bug

Summary: The increased media coverage of bugs in security-sensitive FOSS projects reveals lack of desire to cover much bigger threats, including back doors in proprietary software such as Windows

OpenSSL has been somewhat of a whipping boy of the technology press. One reason is, OpenSSL is widely used, but another is that it’s known what the issues are (transparency) and the corporate media sure has agenda. We already gave the example of Dan Goodin, to whom security bugs are only news is they affect FOSS (here is his latest go at it) and now that GnuTLS bugs become public knowledge (after a public release with full source code) there is some more coverage that resembles what we found amid “Heartbleed” hype [1, 2, 3] (in both cases a firm with Microsoft connections claimed credit for other people’s discoveries and trumpeted FUD in the press). One can expect the same from Microsoft-funded ‘news’ networks like IDG and ZDNet, which merely covers an already fixed bug. To quote the summary:

The security team behind the Debian distro are urging users to upgrade their Linux packages after patching a newly-found flaw in the Linux kernel.

This is not an unusual thing. Why it this suddenly front page news?

Notice the pattern. In all cases the bugs are already fixed (users just need to apply updates, unless they have already been applied automatically). This shows a strength of FOSS, not a weakness. The latest OpenSSL patches that we covered a couple of days ago (in daily links) don’t relate to or amount to huge risk [1] and these are already patched [2]. The same goes for kernel bugs [3].

What we found highly disturbing here is that despite discoveries that companies like Apple and Microsoft facilitate the NSA with back doors (in secret code) we see an improportionate focus on every small bugfix in projects such as GnuTLS, OpenSSL, and Linux. Someone might be trying very hard to make the point that FOSS is the issue, not back doors which are very much included by design (and hidden in blobs). Reporters who cover bugs in FOSS but are never covering back doors in proprietary software ought to be challenged. Their bias (by omission) should be pointed out to them.

Related/contextual items from the news:

  1. New OpenSSL breech is no Heartbleed, but needs to be taken seriously
  2. OpenSSL Security Update now available for Fedora
  3. Canonical Closes Linux Kernel Vulnerabilities in Ubuntu 14.04 LTS

« Previous Page« Previous entries « Previous Page · Next Page » Next entries »Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts