“In the face of strong competition, Evangelism’s focus may shift immediately to the next version of the same technology, however. Indeed, Phase 1 (Evangelism Starts) for version x+1 may start as soon as this Final Release of version X.”
–Microsoft, internal document
Summary: The villainous company which makes insecure-by-design operating systems will continue to do so, but in the mean time the corporate press covers only bugs in FOSS, not back doors in proprietary software
After the vapourware tactics of Vista (for 5 years!) as well as the terrible (worse than Vista) Vista 8 and Vista 7 we already know Microsoft’s dirty tactics too well. Microsoft admitted to using these tactics when it falls behind the competition. Now that Microsoft faces embarrassment from the majority of the population, which is women, it sure needs a good distraction from negative publicity that started with infiltration.
Vista 9, vapourware for a year and a half now, already looks like garbage and at this stage it remains vapourware. Microsoft already jumps ahead to the next imaginary generation of vapourware, which will go further in providing the NSA with back doors and remote surveillance features. China was right to ban present generations of Microsoft Windows because it becomes more spyware-filled all the time and it is also known that the NSA engages in espionage against China. Here is a new article about how Windows servers and other Windows devices got hijacked in Hong Kong. It is suicidal to use Windows unless one is a partner of Microsoft and South Korea too has just suffered severely for depending on Windows. Pogson says: “I expect Korea will have to redo everything and get it right this time. Let’s hope they demand GNU/Linux be used for on-line/financial transactions and to protect data but failing that let’s hope they make GNU/Linux optional and the people can decide. There’s something refreshing about a whole country aroused about insecurity with that other OS on the check-list of things to fix.”
Korea and China are both planning to move away from Microsoft. This is well overdue.
According to several new reports, despite the NSA leaks that embarrassed Microsoft (and caused some nations to abandon Microsoft), Microsoft will increase spying in future versions of Windows and even previews spy on the users. As one author put it: “Back in 2012 with the release of Ubuntu 12.10 the EFF, Richard Stallman and countless other privacy advocates led vocal campaigns against Canonical for including Amazon results in the dash, the issue was that Amazon would know everything you were typing into the dash. Now however Microsoft are targeting early users of their Windows 10 Operating System in a much more egregious way.”
Here is more about Windows: “For the more liberal minded regarding privacy who are reading, thinking this is just for the purposes of improving the product then you should also know that Microsoft state they will share this data with third parties and also that they will use your data to send your advertisements about their new products and updates. The third parties that Microsoft mention also include law enforcement. They say “we may access, disclose and preserve information about you when we have a good faith belief that doing so is necessary to: 1. comply with applicable law or respond to a valid legal process from competent authorities, including from law enforcement or other government agencies; 2. protect our customers, for example to prevent spam or attempts to defraud Microsoft’s customers, or to help prevent the loss of life or serious injury of anyone; 3. operate and maintain the security of out products and services, including to prevent or stop and attack on our computer systems or networks; or 4. protect the rights or property of Microsoft, including enforcing the terms governing the use of the services – however, if we receive information indicating that someone is using our products or services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer’s private content ourselves, but we may refer the matter to law enforcement…”
Windows is a massive security risk and one that no nation should take. Not even the US; all back doors are bound to be used by cyber criminals who are not associated with any government (or with a friendly government) at one point or another.
We are still seeing Microsoft-affiliated media calling for more severe criticism of GNU Bash, but how about Windows shell vulnerabilities like this new one?
A class of coding vulnerabilities could allow attackers to fool Windows system administrators into running malicious code because of a simple omission: quotation marks.
The attack relies on scripts or batch files that use the command-line interface, or “shell,” on a Windows system but contain a simple coding error—allowing untrusted input to be run as a command. In the current incarnation of the exploit, an attacker appends a valid command onto the end of the name of a directory using the ampersand character. A script with the coding error then reads the input and executes the command with administrator rights.
Microsoft booster Andrew Binstock continues to trash-talk FOSS security ,but why is he not commenting on back doors in Microsoft software? Lies by omission. Bloomberg also publishes poorly-researched articles while it misuses the word “hacker” to confuse readers. How about back doors in proprietary software? Will Coverity ever cover this, or will it keep its focus on flaws in FOSS for writers like Richard Adhikari to single out FOSS as the problem? To quote Adhikari’s new article:
Open source developers apparently don’t adhere to best practices such as using static analysis and conducting regular security audits, found Coverity’s Spotlight report, released Wednesday.
The Coverity Scan service, which is available at no charge to open source projects, helped devs find and fix about 50,000 quality and security defects in code last year.
Microsoft’s circle of partners would rather debate and hype up FOSS bugs using codenames/brands that are all of a sudden being assigned for bugs (for increased press coverage), but discussions about back doors are out of scope.
Here we have Europol advocating back doors. The Europol boss says: “I hate to talk about backdoors but there has to be a possibility for law enforcement” (i.e. back doors).
Once upon a time (even 1.5 years ago) people who spoke about back doors were called paranoid and nutty. It is Free software advocates who have the last laugh now because they were right all along.
It should be known by now that back doors are being used for ransom and blackmail, even murder. Even Europol recognises this.
Windows should generally be avoided by everyone. No server should ever run Windows because it’s dangerous for everyone. Only fools would host a site using a back-doored operating system, which in turn puts its visitors at risk.
“Only fools would host a site using a back-doored operating system, which in turn puts its visitors at risk.”It is now being reported that NATO was silly enough to use Windows and it paid the price, potentially resulting in loss of life. The article “Microsoft Windows Zero-Day Vulnerability “CVE-2014-4114″ Used to Hack NATO” should note that NSA is told about this before Microsoft even issues a patch.
In summary, do not use Windows. It is not secure and this is part of the design. Microsoft has no intention of correcting this. In terms of security and privacy, Windows continues to get only worse over time. █
Send this to a friend
Summary: In the age of widespread fraud due to Microsoft Windows with its back doors there is an attempt to shift focus to already-fixed flaws/deficiencies in competitors of Microsoft
A Microsoft Windows (exclusively) infection is having a colossal impact on businesses right now, but corporate press coverage fails to name Windows [1, 2, 3], not to mention any possibility of blaming it. The name of an operating system is only mentioned for negative news when it’s not Windows. This is typical and it matches a pattern we have covered her under the “call out Windows” banner. IDG, the liars’ den, put it like this:
The Target data breach was one of the largest in recent memory, resulting in tens of millions of credit and debit cards being compromised. In the last couple of weeks, SuperValu said that at least 180 of its stores had been hit by a data breach and earlier this week UPS said 51 of it UPS Store locations had been hit.
We wrote about this last week because Windows was not being named, despite it being a critical part of this scenario. Instead, there was deflection to FOSS. It helped distract from Windows, which is insecure by design. It is an architectural problem because since 15 years ago, by some estimates, Windows has been a back doors carrier (for the NSA). Here is one British writer complaining about the approach Microsoft takes to composition as well:
In August last year, one-time-sysadmin and now SciFi author Charles Stross declared Microsoft Word ”a tyrant of the imagination” and bemoaned its use in the publishing world.
“Major publishers have been browbeaten into believing that Word is the sine qua non of document production systems,” he wrote. “And they expect me to integrate myself into a Word-centric workflow, even though it’s an inappropriate, damaging, and laborious tool for the job. It is, quite simply, unavoidable.”
To make matters worse, it facilitates surveillance and sabotage, as more stories from last years served to show (Snowden Files at the Guardian for instance). For security reasons Germany and Russia have moved back to typewriters; we can assume they were using Office and Windows beforehand.
Trust the spinners of Microsoft to create and disseminate some “Heartbleed” FUD, an OpenSSL bug that Microsoft likes to hype up and use to generalise so as to create an illusion that FOSS is inherently less secure. This has become Microsoft’s main propaganda against FOSS, based on just one single bug. The FUD started on the day that XP support (patches) came to an end; this timing is unlikely to be a coincidence for reasons we outlined before.
Jason Thompson writes an offensive piece titled “After Heartbleed, Is Open Source More Trouble Than It’s Worth?”
It starts with the following important disclosure:
Jason Thompson, formerly of Q1 Labs, is the vice president of worldwide marketing at SSH Communications Security.
Marketing for proprietary software (for Windows)? This is the type of thing we saw last week when issues in proprietary VPN software were unfairly blamed on OpenSSL. As we pointed out last week, there is also an attack on Android security (usually rogue apps at to blame) and then there is the recent security FUD against Android from former employees of Microsoft. Mind this new article which highlights Microsoft’s hypocrisy:
The Biggest Problem with the Windows Store: Scams Everywhere
Windows 8′s “Windows Store” is a great idea, but unfortunately, it’s a disaster. It’s full of scam apps, designed to trick you into buying an app you don’t need.
Our friends over at the How-To Geek recently wrote a great piece about the biggest problem with the Windows Store, and how Microsoft has apparently done nothing to address it (despite claiming they would over a year ago). For example, here’s what happens if you search for VLC, a popular free video player
Microsoft is creating some new FUD against Google at the moment and Google has responded as follows:
In Worldwide Partner Conference 2014, Microsoft Corporation (NASDAQ:MSFT) claimed that more than seven hundred and eighty five customers have switched to Microsoft Corporation (NASDAQ:MSFT)’s Office 365 from Google Inc (NASDAQ:GOOGL)’s Apps. Microsoft didn’t give any proofs for this claim, but shown a slide having the names of the pronounced customers who made the switch. Google Inc (NASDAQ:GOOGL) immediately started investigating this claim and has recently come up with a response. According to Google Inc (NASDAQ:GOOGL), 5,000+ companies sign up for Google Apps on a daily basis and thousands of these companies switch from Microsoft. In a Forbes article, Ben Kepes mentioned Google’s response and said that it was already expected that Google will come up with a befitting response on Microsoft’s claims.
Microsoft is a malicious, criminal company. Its ability to manipulate the press into writing negative stories about the competition is quite flabbergasting. Microsoft’s key strategy right now is badmouthing the competition. AstroTurf and press manipulation is how that's done, as we showed in the previous post. █
Send this to a friend
Summary: A look back at examples of people who smear Android and are receiving (or received) money from Microsoft
OVER THE years we have demonstrated that payments from Microsoft have a strong correlation to Android and/or Google FUD. Examples included Ben Edelman, Microsoft Florian, and Edward Naughton. Microsoft either pays people to publicly smear the biggest competition or rewards people for smearing Microsoft’s biggest competition. Sometimes the source of the smear is a Microsoft-connected company; we gave some examples of these over the years. These connections are a lot more transparent.
There were many cases where Xuxian Jiang, who had worked for Microsoft, slammed Android, making that his hobby/academic goal. Now we are seeing yet another guy from Microsoft (see his resume that he makes available in his Web site) making a career out of Android FUD. His name is Zhiyun Qian. He worked for Microsoft 4 years ago. Suffice to say, not every criticism of Android and not every Chinese/Taiwanese critic of Android is Microsoft-connected (consider the complaint of Chih-Wei Huang for example), but the point we are making is that when one criticises Android it is worth checking if there have been payments from Microsoft because it very often turns out to be the case. █
Send this to a friend
TJ Maxx all over again?
Summary: UPS is the latest victim of Microsoft’s shoddy back door with software on top of it (Windows); attempts to blame FOSS for data compromise actually divert attention from the real culprit, which is proprietary software
A boycott against UPS, based on my bitter experiences, is nothing too prejudiced. Their system does not work well. That’s an understatement actually. It’s dysfunctional. In fact, it’s an utter mess. I wasn’t the only one who was utterly screwed, reputedly, and made deeply upset by them. I tried to accomplish something so simple and spent a huge amount of time achieving nearly nothing. They are badly coordinated and their system is crap. They’re using an utterly flawed system, especially when it comes to exchanges with clients, including financial exchanges. Last year I was upset enough to produce some memes like the following:
Now it turns out that UPS was foolish enough to be using Microsoft Windows. Consequently, in many countries (not just one) it got “infected with credit card stealing malware” and customers are going to pay dearly (customers, not UPS):
Grocery shoppers nationwide probably had credit card data stolen
Coast-to-coast: Albertsons, Acme Markets, Jewel-Osco and more were hit.
Dozens of UPS stores across 24 states, including California, Georgia, New York, and Nebraska, have been hit by malware designed to suck up credit card details. The UPS Store, Inc., is a subsidiary of UPS, but each store is independently owned and operated as a licensed franchisee.
“Windows, again,” says our reader. “See the annotations in the update…”
Notice how the Microsoft-friendly Condé Nast fails to even name Microsoft. Total cover-up, maybe misreporting. Disgusting. It’s like naming an issue in some car model, stating that it is chronic, dangerous and widespread, but still not naming the car maker or the model. Recall also the biggest credit card-stealing incidents in recent history; it is almost always due to Microsoft and Windows.
There is a bunch of reports circulating right now which blame an OpenSSL bug (that Microsoft likes to hype up) for patients’ data compromise.
A reader of ours who lectures on computer security explains: “The real problem was that, as seen in other articles, they used a VPN in place of real security. Oh, and the VPN was closed source, not OpenVPN.”
“This is no surprise as when given internal access to any computer network, it is virtually a 100% success rate at breaking into systems and furthering access,” says one report.
“They admit to having no security for their services and relying on a VPN to provide the illusion of security,” our reader explains. “They also misuse the marketing term ’0-day’.”
Anything to keep the term “Heartbleed” in headlines, creating a FOSS scare…
You can count on the likes of Condé Nast covering Microsoft-induced disaster without mentioning Mirosoft at all while at the same time shouting “Heartbleed” from the rooftops, as Condé Nast so regularly does. █
Send this to a friend
Summary: Microsoft is systematically attacking migrations to GNU, Linux and Free software, using dirty tricks, as always
Windows, the common carrier of Microsoft, is such a sordid mess that it suffers regular glitches and conducts mass surveillance on users. Microsoft knows that without Windows it cannot survive, so dirty tricks resume in a very big way. This is not a beep on the radar but somewhat of a surge.
Bribing politicians in numerous countries is not enough for Microsoft (it got caught), so moles too seem to be rolled into action. Microsoft Peter says that the chief criminal (behind bribes to officials) is distancing himself from Microsoft, but the corruption itself is not stopping:
Former Microsoft CEO Steve Ballmer has announced that he’s stepping down from the company’s board, effective immediately.
Don’t think for a second that it means the crimes will stop. Under his leadership Brazil was attacked by proxy for its ODF policy and many other nations that are cheap to bribe or corrupt suffered from Microsoft intervention. It is digital imperialism. Consider the Philippines, which has been the victim of colonialism for hundreds of years. In 2008 we wrote about what Microsoft had done in the Philippines to derail a Free software policy and bill. Now Microsoft does something similar in Santiago, writing or changing legislation by proxy, if not bribing people as well (the modus operandi of Microsoft against public officials). In 2008 we wrote about what Microsoft had done in Chile and Ernesto Manríquez tells us that it is happening again. “Microsoft bought local politician Daniel Farcas to neutralize a resolution forcing Chilean gov’t to use FLOSS,” he told me, adding that “Farcas was involved in a corruption scandal with his university, UNIACC (controlled by Apollo Group)”.
Finally he shows an article where, according to him and his translation “Vlado Mirosevic reveals sabotage by MS to res promoting FLOSS usage in Chielan gov’t. “MS RAPED us””.
The article from Renato Garín says (in English): “To understand the debate is necessary to observe the sequence of events. The Mirosevic MP, the Liberal Party of Chile, intended to introduce a bill regarding free software and encourage its use by the state. The draft agreement submitted by Deputy Mirosevic was also signed by nine other legislators seeking the State to take into account the alternative of free software versus software license, which is paid over 36 billion a year, according to the detail built by the team of deputy. Aware of the threat to their interests, representatives of Microsoft came to interview Mirosevic to persuade him down this motion. In these efforts, Microsoft was accompanied by a strategic communications company called Factor C, whose website service lobby is not mentioned and whose executive director is Javiera de la Cerda, UDI lady mayor of Las Condes, Francisco de la Maza.”
On it goes: “Having described the case of free software, it seems clear that this conflict between Mirosevic Microsoft has an edge and lobbying that can not be overlooked. The regulation of lobbying, we know, is already stipulated in the Law 20.730 which comes into operation yet, because we are waiting for the issuance of the respective regulations. In the short term does not seem plausible to have the law in place, since then the rules have to mount a digital system which enables meeting of parliamentarians and other authorities involved. However, the team has put into operation Mirosevic equivalent minuta to which shall be constructed under Law 20.730. minuta In this, the role played by the company Factor C is seen as a representative of Microsoft and ACTIS. On the website of Factor C mention the lobby as such does not appear. Factor C ¿Understand that what they do is lobby?
“All this leads to the icing on the cake if exposed by the report of Fluxá. It turns out that, in the negotiations in the Senate, an indication is included for companies producing software that will work in practice as a subsidy. That is, the original draft of Mirosevic candid unleashed lobby eventually pushed the project Farcas and then the indication in the tax reform bill. This shows the effectiveness of carambola lobby, the ability to promote and neutering bills and motions, ending leading to direct benefits to large companies. In parallel, an alliance orchestra with small producers to align interests and negotiate together. The result is obvious: to legislate his pint. The logic and the project know as the Fisheries Act, which was dubbed ” a picnic Lobby “by Senator Carlos Montes.”
Ernesto Manríquez shows us another new article. To quote an English translation of the headline: “Deputy Mirosevic reveals sabotage project that promoted free software: “Microsoft violated us””
Here is some translation of the article’s body:
A multimillion-dollar business, in fact nothing less than 36 billion dollars that the State of Chile paid annually to companies by the concept of “software licenses”, ie, authorization to use such common programs such as the Windows operating system or Office programs, Word and Excel.
But did you know that this -upper the amount required to build a hospital of high complexity-pocket is mostly unnecessary? This is because in recent years, countries such as Germany, France, Spain, Russia, China and Brazil have joined the trend of free software, a mode in which programs developed jointly used by hundreds of people, who then distributed for use at no charge.
Following this policy, the deputy Vlado Mirosevic introduced in May this year a bill ordering the Chilean State to prefer free software over proprietary software. The legislation specified that only when a department submit a written justification, may purchase a license.
“We are not against the state hires Microsoft license or other services, but we are breaking this trend in the culture of the state to hire proprietary software because it is the one most on hand. The idea is that the state is obliged to seek alternative services that are free, that will mean significant savings, “he said at that time the deputy Arica daily La Tercera .
Soon, Mirosevic realized that large software companies had accused the coup. As explained by a news magazine Friday picked up by The Desk , Alex Pessó, manager of legal and corporate affairs at Microsoft, traveled to Congress to join him, to expose studies and arguments rebutted the project that had submitted .
However no parliamentary traded. Quite the contrary, received immediate support from other former student leaders as Giorgio Jackson and Gabriel Boric, who were more akin to the ideology of community development. In the case of the other congressmen, he realized that most of them did not understand the topic.
“Half the people had no idea what we were talking. I’m not saying the free software concept, rather the software, but as we had calculated, the rest followed those that had understood, “said Mirosevic publication.
This is becoming a hot article in Chile at the moment. Further down it says:
“Microsoft violated us. And worse, it was a rape that ended in pregnancy, “he snapped.
This is because under the new draft Farcas, not only no longer promotes free software in the state, but a tax break for companies that hire or subscribe technology services through the Internet is established. “It’s a tax benefit to companies to use proprietary software. It encourages buying and state, instead of saving, subsidizing ends, “he added.
Chile would be foolish to stay with Microsoft, especially given public knowledge about espionage by NSA, Microsoft’s “special” partner. It is a matter of national security. Likewise in Germany. Right now Microsoft (through its partners and embedded pseudo-journalists) is libeling Munich's migration to GNU/Linux (see our update with refutation) and one Romanian journalist says that it is “Proof That Microsoft Is Still an Evil Company”. Microsoft has tried so many dirty tricks against Munich and the latest is perhaps a mole of Microsoft. To quote the journalist: “Reports about the city of Munich authorities that are considering the replacement of Linux with Microsoft products mostly comes from one man, the Deputy Mayor of Munich, who is also a long-term self-declared Windows fan.
“Munich is the poster child for the adoption of a Linux distribution and the replacement of the old Windows OS. It provided a powerful incentive for other cities to do the same, and it’s been a thorn in Microsoft’s side for a very long time.
“The adoption of open source software in Munich started back in 2004 and it took the local authorities over 10 years to finish the process. It’s a big infrastructure, but in the end they managed to do it. As you can imagine, Microsoft was not happy about it. Even the CEO of Microsoft, Steve Ballmer, tried to stop the switch to Linux, but he was too late to the party.”
Even after refutation some Microsoft boosters continue to repeat the propaganda and the lies (no need for links to examples here, as that would feed them). They will probably continue to do this for a while, totally ignoring refutations that are not convenient to this Microsoft brainwash attempt (trying to scare those who wish to mimic Munich and follow its example). Bribes go a long way and Microsoft has clever ways of distributing them. We gave numerous examples from Munich (‘soft’ bribes).
Microsoft is a highly corrupt company, but it is unlikely that its staff will be sent to jail. Microsoft exploits this perceived immunity (laws do not apply) to act recklessly. As Pogson puts it
Of course, the mayor might get a different result if he accepts voluntary labour from M$ or hires his nephew to do the research, but the council is wide awake and understands the issues, so I doubt there will be some coup in IT.
Nothing is going to change in Munich, but Microsoft is trying to maintain an international/universal perception that the migration to GNU/Linux was a disaster. Numerous anonymous blogs were created to attack Munich over this and provocateurs of Microsoft loved citing them, only to be repeatedly proven wrong. Microsoft is trying to make an example out of Munich in all sorts of nefarious ways. We need to defend Munich from this malicious assault by the convicted monopolist and corrupt enterprise that’s acting as though it fights for its very survival (while indeed laying off tens of thousands of employees). █
Send this to a friend
Embracing and extending, but not yet extinguishing
Summary: Codenomicon and Bluebox, two companies with strong Microsoft links, fill the media with negative articles about Android
icrosoft marketing again” is what our reader labeled it. Brett Winterford, who played ball for OOXML after Microsoft had given him gifts, smears Android using a Microsoft buddy, Codenomicon, the company that hyped up an OpenSSL bug, or as this new article puts it:
Codenomicon, which coined the term “Heartbleed” upon discovering the OpenSSL flaw, will name and shame app developers later this month when it publishes its findings on those that neglected robust security practices.
Codenomicon did not discover the bug (a man from Google did, but some give both credit); Codenomicon did the marketing, registered a domain, and spread the “Heartbleed” brand.
The “Heartbleed” marketing is still floating in the media, this time because of Venafi, keeping it in the media nearly 4 months later. What we basically have here is Codenomicon making a comeback, this time making derogatory claims about Android.
A reader of ours says that “it makes sense. I have trouble tracking all the names though. If one is cynical, pretty much 100% of the pro-Microsoft or anti-Linux (especially anti-FOSS) writings can be tracked to direct Microsoft influence. One wonders society can do with all the “former” employees, especially the managers.”
Codenomicon’s board is managed by a man from Microsoft, one of Microsoft’s chief executives, for those who have not been keeping up.
Another company like this is Bluebox, whose Microsoft connection we covered here before. It is a Microsoft partner created and managed by a Microsoft guy. Now it has some dirt to throw on Android, too.
We first saw that covered by the FOSS-hostile Dan Goodin (he still only covers FOSS/Linux security issues, ignoring any proprietary software issues) and then we saw this in the Bill Gates-funded “The Guardian” and BBC, which like to chastise only Google over things that Microsoft does (and worse). This is definitely some of the earliest coverage, maybe coordinated ahead of distribution, leading other sites to covering it, only later on, even though the issue was already fixed. Later on we saw a report saying that it “Could Put Millions in Jeopardy” (key word is “could”) and Microsoft-friendly sites joined in, making a huge fuss about a bug that was patched very quickly.
“One need to keep track of who’s who and where the money travels.”While it is hard to show a conspiracy to smear Android, like Microsoft asking its former employees and affiliates who run Codenomicon and Bluebox to fill the media with negative coverage about Android bugs, we do need to consider such possibilities based on evidence that exists. It is clear who these companies are loyal to; it’s no secret, just follow the money. Why don’t they cover the loads of bugs in Windows or even the back doors, which are there by design?
The media too should be held accountable here, as we know that Microsoft bribes publishers like O’Reilly (we gave examples for years) and based on fresh complaints from the President of OSI , it is true that OSCON (O’Reilly’s so-called ‘open source’ conference) has become more of a Microsoft-subsidised breeding ground for moles and misdirection (sponsored by Microsoft in exchange for stage time/room).
When living in a spin zone (not spin-free zone), where many of the messengers are funded by Microsoft, it would be unwise to take and accept everything at face value. One need to keep track of who’s who and where the money travels. █
Related/contextual items from the news:
At the annual OSCON (Open Source Convention) last week, those stuck in a worldview of open source from the previous decade would have suffered serious cognitive dissonance.
First, Microsoft was an anchor of the conference, with a full-scale display from Jean Paoli’s subsidiary Microsoft Open Technologies. As I walked past I repeatedly heard people expressing shock that Microsoft was there at such scale. Wholehearted support for open source still largely stops at the boundaries of Microsoft’s Azure cloud offering, but plenty of staff people with genuine open source credentials were showing their wares. Microsoft’s journey is definitely progressing.
Send this to a friend
Summary: Symantec enters the AllSeen Alliance and Sonatype is once again trying to claim great insecurity in FOSS due to software licensing
THE surveillance-oriented AllSeen Alliance has welcomed Microsoft and other patent aggressors (such as Red Bend Software) into its ranks. Now we discover that Symantec, which has been disseminating FUD about GNU/Linux, joins this Alliance, as revealed by the Linux Foundation a couple of days ago. To quote: “Symantec is an AllSeen Alliance Community Member, one of the world’s largest software companies and a leader in security, backup and availability solutions. Roxane Divol, SVP Product and Services Acceleration Group for Symantec, shares why the company decided to join the AllSeen Alliance and how they plan to contribute to AllJoyn for a connected experience that will change the Internet of Things.”
Well, Symantec, like some other companies, has been making money from creation of fear, putting aside its Microsoft connections and history of hostility towards Linux and FOSS. Symantec is one of several.
There are those who cover a “legal” security angle (they call their licensing FUD ‘security’, as per a deceiving headline from some weeks ago). Some of those are well linked to Microsoft (e.g. OpenLogic and Black Duck) and another such player is Sonatype (it targets Microsoft’s proprietary software and .NET developers). We covered its FUD quite recently, after we had observed Sonatype’s FUD reports from last year. Watch the gross misuse of the word “suspected” to insinuate that many organisations don’t comply with FOSS licences. As if proprietary software licences are always obeyed, without leading to assaults from the BSA et al. It is not so hard — let alone expensive — to comply with FOSS licences. █
Send this to a friend
Attempts to belittle the “eyeballs on the code” motto
Summary: Another week brings another set of bugfixes, which some choose to characterise as a very big deal despite evidence to the contrary
WHEN one has an agenda one can accentuate a particular side by covering it excessively. To be frank, not only FOSS-hostile circles are to be blamed for security hype; even some FOSS-friendly sites are releasing articles like “Linux Malware And Antivirus” or cover every security fix as though it’s major news. Consider just the past few days in Softpedia: A Steam OS bugfix is news and the same goes for Ubuntu because these projects make attractive headlines, especially after the whole “Heartbleed” hype [1, 2, 3]. Guess who was behind it: the firm of Microsoft’s ‘Former’ Security Chief. GnuTLS was subjected to the same treatment by the same Microsoft-connected firm because like any project it has bugfixes [1, 2], never mind the real security issues (back doors in proprietary software like Windows).
Amid some of the latest reports from Microsoft-friendly sources and FOSS-friendly sources like SJVN (we cited two of these articles before) we should keep in mind that not all bugs are created equal and if we let every bugfix in a project like Linux or OpenSSL become major news, then we will lose sight of the real issue, which is proprietary software having bugs by design, to facilitate intrusion.
Kevin Poulsen, who did some Wikileaks-hostile coverage back in the days, correctly points out that “After Heartbleed, We’re Overreacting to Bugs That Aren’t a Big Deal”. Here is how his article begins:
Here’s something else to blame on last April’s Heartbleed security bug: It smeared the line between security holes that users can do something about, and those we can’t. Getting that distinction right is going to be crucial as we weather a storm of vulnerabilities and hacks that shows no sign of abating.
Last week the OpenSSL Foundation announced it was patching six newly discovered vulnerabilities in the same software that Heartbleed lived in. The first reaction from many of us was a groan–here we go again. Heartbleed triggered what was probably the single largest mass-password change in history: In response to the bug, some 86 million internet users in the U.S. alone changed at least one password or deleted an internet account. The thought of a repeat was (and is) shudder-inducing.
Be aware that there’s a disturbing trend right now, where so-called ‘security’ firms (opportunists/attention whores) or media companies try to exploit general security paranoia (or privacy concerns) to ‘sell’ us stories about ‘gaping holes’; the reality is usually just some routine bugfixes, wrapped up by those who have agenda. Dan Goodin and the Microsoft-connected firm (which even branded a bug) are some of the worst in this regard. █
Send this to a friend
« Previous entries Next Page » Next Page »