No investigation, just churnalism
Summary: Why the latest “Future of Open Source Survey” — much like its predecessors — isn’t really a survey but just another churnalism opportunity for the Microsoft-connected Black Duck, which is a proprietary parasite inside the FOSS community
THE “Future of Open Source Survey” is not a survey. It’s just Black Duck’s self-promotional (marketing) tripe packaged as a “survey”. This is a common PR tactic, it’s not unique. We wrote about this so-called ‘survey’ in several articles in the past, e.g.:
We now have more of the same churnalism and it comes from the usual ‘news’ networks, in addition to paid press releases. When we first mentioned Shipley 8 years ago he was busy doing one nefarious thing and two years ago we saw him joining the Microsoft-connected Black Duck. He is quoted as saying (CBS) that “the rapid adoption of open source has outpaced the implementation of effective open-source management and security practices. We see opportunities to make significant improvements in those areas. With nearly half of respondents saying they have no formal processes to track their open source, and half reporting that no one has responsibility for identifying known vulnerabilities and tracking remediation, we expect to see more focus on those areas.” Thanks for the FUD, Mr. Shipley. So where do I buy your proprietary software (and software patents-protected) ‘solution’? That is, after all, what it’s all about, isn’t it? The ‘survey’ is an excuse or a carrier (if not Trojan horse) for proprietary software marketing.
Here is similar coverage from IDG and the Linux Foundation, whose writers did little more than repeat the talking points of Black Duck after the press release got spread around. █
Send this to a friend
Article as ODF
Publicadaen Free/Libre Software, FUD, GNU/Linux, Microsoft at 10:34 am por el Dr. Roy Schestowitz
El ‘nuevo’ Microsoft no ataca al Free software directamente, o no tán visiblemente como antes, sin embargo todavía lo hace
Sumario: Free software (FOSS) está todavía bajo constante ataque de Microsoft, incluso si estos ataques son ástutamente disfrazados para no poner en riesgo la fantasía de “Microsoft ama a Linux”
LA E.E.E. estrategia de Microsoft (destruir Linux desde su interior) está progresando mientras que Microsoft todavía está tratando de descarrilar activamente toda adopción de GNU/Linux (normalmente a través de servidores proxy). La compañía también patrocina eventos que promueven las patentes de software (que son la antítesis de la libertad del software), como hemos demostrado en varias ocasiones en lo que va de este mes y que continúa demandando (o amenaza con demandar a) los fabricantes de equipos Android a menos que le entregan dinero en efectivo, o en algunos casos como parte del ´arreglo´ installen un montón de Microsoft sofware spyware en Android.
“La compañía también patrocina eventos que promueven las patentes de software (que son la antítesis de la libertad del software), como hemos demostrado en varias ocasiones en lo que va de este mes …”
Recuerden que Microsoft no tiene que atacar a Linux / FOSS/Android abiertamente con el fin de conseguir su objetivo. Una gran cantidad de gente de Microsoft han creado en los últimos años compañías spin-off que se son más servidores proxy de Microsoft, siendo leales a Microsoft, pero periféricos al mismo. Recuerde, por ejemplo, que financió Xamarin antes de que pase a formar parte de Microsoft (lo que era de esperarse). También recuerden que se trata de una unidad llamada Microsoft Licensing (esencialmente un troll de patentes) que pretende ser ‘dueño de’ Android y otros basados en Linux, entonces sistemáticamente toca las puertas de los OEM y exigiendo dinero para su uso/distribución de Linux.
Tim Greene de IDG señala que SourceClear y Black Duck de practicar FOSS FUD; se trata de dos empresas que vinieron de Microsoft con el fin de manchar el software libre y ganar dinero en el proceso. El titular dice “código fuente abierto es frecuente potencialmente peligroso, en aplicaciones empresariales” (Ballmer todavía diríá es un “cáncer”, como si se trata de una enfermedad mortal y Microsoft lo llama “infestaciones de Linux” como si fuera una cucaracha que debe ser aplastado).
“También recuerden que se trata de una unidad llamada Microsoft Licensing (esencialmente un troll de patentes) que pretende ser ‘dueño de’ Android y otros basados en Linux, entonces sistemáticamente toca las puertas de los OEM y exigiendo dinero para su uso/distribución de Linux.”
No sólo detectamos ésto ayer; incluso los lectores nos hablaron de ello hoy; ellos también se están dando cuenta cada vez más que los artículos anti-FOSS todavía están siendo ofrecidos por esos parásitos que están conectados por Microsoft. El colega de Greene, Korolov, hizo esto hace poco más de quince días. Hay que recordar que ambos son empresas conectadas a Microsoft, como hemos señalado aquí antes, y hacia el final hay una mención de White Fuente, quiennoesamigo de FOSS.
Esos llamados ‘periodistas’ sólo sigue hablando a las empresas que se benefician de este FUD y no son software libre en absoluto. Es como un artículo sobre el calentamiento global que invita para las cotizaciones (más completa del mundo) varios ‘expertos’ de las compañías petroleras. El último ejemplo no habla de los muchos problemas de software equivalentes (o peor) proprietarios, en lugar de hablar de la “martes de parches” de Microsoft, lo que deja las puertas traseras para uso de la NSA. Eso es periodismo irresponsable; es más como el cabildeo (por omisión). Y recuerda cuánto dinero fluye de Microsoft para IDG …
“Eso es periodismo irresponsable; es más como el cabildeo (por omisión).”
Microsoft piensa de alguna manera que asociando su software proprietario con “Linux” será lo suficiente para promover la percepción de que es “open” y por lo tanto elegible pare uso gubernamental a nivel mundial (candado proprietario).- Recuérden quién saboteó las centrales núcleares Iraníes – Al mismo tiempo constantemente sigue atacandoa a Linux.
“Predique en algun momento coexistencia pacífica con Windows. Pueden reírse a costa de mí.— Lo merezco.”
–Be’s CEO Jean-Louis Gassée
Send this to a friend
The ‘new’ Microsoft does not attack Free software directly, or not as visibly as before
Summary: Free software (FOSS) is still under constant attacks from Microsoft, even if these attacks are shrewdly masqueraded so as to not jeopardise the “Microsoft loves Linux” fantasy
THE E.E.E. strategy of Microsoft (destroying Linux from the inside) is progressing while Microsoft is still trying to actively derail GNU/Linux adoption (usually via proxies). The company also sponsors events that promote software patents (which are antithetical to software freedom), as we showed several times so far this month and it sues (or threatens to sue) Android OEMs unless they hand over crates of cash, or in some cases agree to preload Android with lots of Microsoft spyware.
“The company also sponsors events that promote software patents (which are antithetical to software freedom), as we showed several times so far this month…”Remember that Microsoft does not need to attack Linux/FOSS/Android directly in order to get its way. A lot of people from Microsoft have over the years created spinoffs that are more like Microsoft proxies, still loyal to Microsoft but peripheral to it. Remember, for instance, who bankrolled Xamarin before it got rolled into Microsoft (as expected). Also remember that it’s a unit called Microsoft Licensing (essentially a patent troll) that claims to ‘own’ Android and other Linux-based systems, then systematically goes knocking on OEMs’ doors and demanding money for the use/distribution of Linux.
Tim Greene at IDG props up SourceClear and Black Duck for FOSS FUD; these are two firms that came from Microsoft in order to smear FOSS and make money in the process. The headline says “Open source code is common, potentially dangerous, in enterprise apps” (Ballmer would still say “cancer” as if it’s a fatal disease and Microsoft calls it “Linux infestations" as if it’s a cockroach that must be squashed).
“Also remember that it’s a unit called Microsoft Licensing (essentially a patent troll) that claims to ‘own’ Android and other Linux-based systems, then systematically goes knocking on OEMs’ doors and demanding money for the use/distribution of Linux.”Not only did we spot this one some time yesterday; even readers told us about it today; they too are increasingly noticing that anti-FOSS articles are still featuring those parasites that are Microsoft-connected. Greene’s colleague, Korolov, did this just over a fortnight ago. Remember that both are Microsoft-connected firms, as we noted here before, and towards the end there’s a mention of White Source, which is no friend of FOSS.
Those so-called ‘reporters’ just keep speaking to firms which profit from this FUD and aren’t FOSS at all. It’s like an article about global warming which invites for quotes (expert advice) various ‘experts’ from oil companies. The latest example doesn’t speak about the many equivalent (or worse) proprietary software issues, instead speaking of the “Patch Tuesday” of Microsoft, which leaves back doors in tact for the NSA. That’s irresponsible journalism; it’s more like lobbying (by omission). And remember how much money flows from Microsoft to IDG…
“That’s irresponsible journalism; it’s more like lobbying.”Microsoft thinks that somehow associating its proprietary software with “Linux” will be enough to promote the perception that it’s “open” and thus eligible for government use worldwide (proprietary lock-in). At the same time Microsoft keeps attacking Linux. █
“I once preached peaceful coexistence with Windows. You may laugh at my expense — I deserve it.”
–Be’s CEO Jean-Louis Gassée
Send this to a friend
Still stabbing FOSS in the back
Summary: Black Duck, a company that came from a Microsoft guy, continues to generate negative publicity for Free/Open Source software (FOSS) in order to attract business
YESTERDAY afternoon I was sent this bizarre article with a rather bizarre headline. Upon closer inspection it was from IDG and I immediately suspected (based on the headline alone) that Black Duck had something to do with it. It turned out that I was right.
IDG’s Maria Korolov apparently got used by Black Duck for shameless self-promotion, weeks after all that ‘future’ of Open Source PR/publicity stunt [1, 2, 3] (all the articles about it were listed in our daily links without further comment) or the ‘rookies’ stunt [1, 2, 3]. We tried hard to ignore Black Duck, but Black Duck sure isn’t ignoring FOSS. It’s acting like a parasite feeding off FOSS news, in order to sell its proprietary software of course!
“IDG’s Maria Korolov apparently got used by Black Duck for shameless self-promotion…”As usual, Black Duck, a proprietary software company and false prophet for FOSS, interjected itself into articles about FOSS; this yielded FOSS-hostile headlines in IDG, for example “Public concerned about security flaws in government open source code.” (in CSO)
This article contains Black Duck talking points: “In addition, open source code poses two additional security problems, said Mike Pittenger, vice president of security strategy at Black Duck Software. “Open source projects are often ubiquitous, so if there’s a vulnerability it creates a target-rich environment for attackers,” he said.”
“They are trying to sell proprietary software by piggybacking FOSS.”There is also pure marketing there: “Black Duck is currently tracking more than 1.5 million different open source projects, he added.”
Remember the time Black Duck told the media that it can cost $25,000 to fix a bug in FOSS? That was just months ago. Why does the media keep entertaining these propagandists at all? They are trying to sell proprietary software by piggybacking FOSS. █
Send this to a friend
Publicado in FUD, GNU/Linux at 6:18 am por el Dr. Roy Schestowitz
Sacando a la luz el aberrante y engañoso modelo de los presentes Medios de Comunicación
Summario: Un sitio llamado Linux Insider, que mucha gente asume ser un sitio de noticias de Linux, esta RELLENO de material HÓSTIL a Linux proveniente de personas asalariadas de Microsoft
El ¨cancer¨ (en la Red) que es IDG (dominante cubridor de tecnología en muchos lenguajes y usualmente atacando a GNU/Linux mientras al mismo tiempo ACEPTANDO DINERO de Microsoft y Apple) está oficialmente a la venta por contrato, pero al mismo tiempo vemos que no sólo sus ¨periodistas¨ pero también sus otros empleados (ejemplo IDC) están produciendo propaganda hóstil a FOSS. Esto tiene que acabar. Un montón de gente todavía se queja acerca Gale Gruman (incluso en nuestros canales IRC) por sus últimos ATAQUES ENGAÑOSOS GRATITOUS contra GNU/Linux, pero el problema es mucho más amplio que esto y hemos estado escribiendo acerca de ello por cási una década.
“Linux Insider ¨Propaganda de Microsoft que ´parece´ noticias de Linux¨.”Richard Adhikari, quien por un número de años ha publicad muchas piezas anti-Linux (or anti-Android) como esta, usualmente alrededor de líneas como el tema de ¨seguridad¨, está hablando a Hilwa de Microsoft. Bueno, no es tán malo como hablar al trístemente célebre Enderle (lo que ECT hace frecuentemente, permitiéndole TIRAR BARRO A LOS COMPETIDORES DE MICROSOFT sin revelar sus lazos con Microsoft) (y también lo han hecho otros) Esta vez él ayuda a promover el marketing de Black Duck, una firma anti-FOSS que proviene de Microsoft. Para citar partes de esta pieza promocional de Adhikari, (PROMOVIENDO TEMOR A FOSS E INCREMENTAR las ventas de Black Duck):
¨Los containers han capturado la imaginación de los desarrolladores por que proveen convenientes paquetes para el desarrollo,¨ dijo Al Hilwa, un director de investigación en IDC.
¨Hemos estado esperándo una variedad de herramiéntas de desarrollo para agregar apoyo a containers, y en este contexto, tiene perfecto sentido ver líderes en scanning de código como Black Duck apoyar Docker containers,¨ dijo a LinuxInsider.
Herramientas de escáneo nos permite mayores seguras implementaciones, pero los desarrolladores todavía tienen que tomar acción, Hilwa de IDC dijo.
La tecnología de código scanning es análoga a software para scanning de virues, continuó.
¨Un repositorio de metadata para vulnerabilidades o firmas tiene que ser mantenida, y el código es scaneado basado en esto.¨ Hilwa said. ¨The role of the software para scanning es para mantener esta metadata actualizada.¨
¿Sabe Adhikari de dónde proviene Black Duck? ¿Chequeó de dónde Al Hilwa viene? Esto fué publicado en un sitio llamado Linux Insider, (A todos nuestros GNU/Linux usuarios en España y LatinoAmérica urgimos NO desperdiciar so dinero y tiempo en sus publicaciones), pero es anti-Linux huevada PROMOVIENDO A UNA FIRMA CONNECTADA A MICROSOFT, usando puntos hablantes de un ¨ANALISTA¨ conectado a Microsoft. Demuestra mucho lo MAL que están los medios de comunicacion cuyos dueños son grandes CORPORACIONES. Agradescamos que Jack Germain todavía escribe por Linux Insider y a diferencia de Adhikari él no escribe artículos atacándo a GNU/Linux. █
Send this to a friend
Demonstrating the rogue business model of much of today’s media
Summary: A site called Linux Insider, which many people may assume to be a Linux news site, is stuffed with Linux-hostile material from people who are connected to Microsoft
The ‘cancer’ (on the Web) which is IDG (dominating technology coverage in many languages and usually attacking GNU/Linux whilst accepting money from Microsoft and Apple) is officially up for sale, but in the mean time we see that not only its writers but also its other employees (e.g. in IDC) produce some FOSS-hostile propaganda. This needs to stop. A lot of people still complain about Galen Gruman (even in our IRC channels) for his latest facts-free attack on GNU/Linux, but the problem is much broader than this and we have been writing about it for almost a decade.
“This was posted in a site called Linux Insider, but it’s anti-Linux nonsense promoting a Microsoft-connected firm, using talking points from a Microsoft-connected ‘analyst’.”Richard Adhikari, who for a number of years has published many anti-Linux (or anti-Android) pieces such as this, usually along the ‘security’ theme, is now talking to Hilwa from Microsoft. Well, it’s not as bad as speaking to Enderle (which ECT does very often, allowing him to smear Microsoft’s competitors without disclosing his ties to Microsoft), but it’s still pretty bad. ECT previously spoke to him without disclosing his relationship with Microsoft (and so have others). This time he helps bolster the marketing for Black Duck, an anti-FOSS firm that came from Microsoft. To quote parts of this promotional piece from Adhikari (promoting fear of FOSS and helping Black Duck drive sales):
“Containers have caught the imagination of developers because they provide convenient bundles for deployment,” said Al Hilwa, a research program director at IDC.
“We have been expecting a variety of software development tools to add support for containers, and in this context, it makes perfect sense to see leading code-scanning players like Black Duck support Docker containers,” he told LinuxInsider.
Scanning tools do enable more secure deployments, but developers still have to take action, IDC’s Hilwa said.
Code-scanning technology is analogous to virus-scanning software, he continued.
“A repository of vulnerability metadata or signatures has to be maintained, and the code is scanned against it.” Hilwa said. “The role of the scanning software is to keep this metadata up to date.”
Does Adhikari know where Black Duck came from? Did he check where Al Hilwa came from? This was posted in a site called Linux Insider, but it’s anti-Linux nonsense promoting a Microsoft-connected firm, using talking points from a Microsoft-connected ‘analyst’. It demonstrates a lot of what’s wrong with today’s corporate media. Thankfully, Jack Germain still writes for ECT’s Linux Insider and unlike Adhikari he doesn’t just write articles that attack Linux. █
Send this to a friend
“A man never lies as much as after a hunt, during a war, and before an election.”
–Otto von Bismarck
Summary: Free/Open Source software (FOSS) is under attack again, and it’s the proprietary software lobby that’s responsible for that
EVERY now and then we see claims that Free software is very dangerous because of licensing obligations, as if proprietary software comes with no licensing obligations and potentially severe fines (if not a jail term!). We also occasionally hear about Free software being dangerous on the security side, despite proprietary software being far worse, merely hiding flaws and rarely patching them (or patching them when it’s too late). Several Web sites published this biased ‘analysis’ composed by two proprietary software ‘sales’ people (HeBS Digital’s Max Starkov and Jaan Paljasma) only a few days ago. They rely on non-technical people actually believing that there are no downsides to proprietary software. It should also be noted that, while several sites distribute this ‘article’ as though it’s an original report, it is actually more like a press release commissioned by a stakeholder. It’s not journalism and some sites fail to flag it accordingly.
In my professional capacity I have built sites using FOSS content management systems (e.g. Drupal, WordPress) for commerce, education, and more. These frameworks are so flexible and so full of modules/plug-ins that virtually everything is possible. Not even once have such sites been compromised due to security bugs (even when some existed and remained unpatched for a while).
“It should also be noted that, while several sites distribute this ‘article’ as though it’s an original report, it is actually more like a press release commissioned by a stakeholder.”Speaking of proprietary software salespeople, the Microsoft-connected Black Duck is at it again. “The study’s findings also highlighted a number of other specific ways the adoption of appropriate internal controls has not kept pace with the increasing use of open source software, leaving many organizations exposed to significant potential risks,” wrote a lawyers’ site, based on this self-promotional press release from Black Duck.
“As highlighted in the Information Week blog DARKReading,” the lawyers’ site said, actually referring to a press release, not a blog. We shall guess that it takes more than average levels of intelligence to distinguish blog posts from press releases. We can also safely assume that Black Duck hasn’t changed its ways. It’s a de facto FUD firm which uses scare tactics for sales of its proprietary software (with software patents on it).
Send this to a friend
Another Black Duck in the making? Security FUD from a firm established by champions of back doors.
Summary: Another company whose business model is monetising (and thus often enhancing) fear, uncertainty and doubt (FUD) over Free/Open Source software (FOSS) and this one too comes from Microsoft
THIS trend has grown rather tiresome. Every now and then we see Microsoft’s tentacles reaching out for areas in FOSS where there is an opportunity to badmouth FOSS. They turn Microsoft’s anti-FOSS rhetoric into their business model. They institutionalise it.
“Another Microsoft guy creates a company that says Free software is not secure and needs some proprietary software ‘medicine’.”Based on a new press release in its various forms/variations [1, 2, 3], we may have yet another OpenLogic or Black Duck in our hands. Another Microsoft guy creates a company that says Free software is not secure and needs some proprietary software ‘medicine’.
SourceClear is not even known (we never heard of it, it seemingly came out of nowhere), it’s a very young firm, and immediately it receives a lot of money and even promotional coverage from the News Corp.-owned Wall Street Journal, which is a Microsoft-friendly publication. The first sentence provides the background one needs to be aware of:
Mark Curphey worked to stamp out software bugs for about a decade as head of the security tools team at Microsoft Corp. and in several other jobs before he realized that the problem was getting worse instead of better.
To quote Gordon B-P: ‘”Worked at MS bugs for a decade” – didn’t do a very good job there then. What makes him think he’ll be able to “secure” OSS?’
Jordan Novet, who is a promoter of Microsoft as we noted the other day, covered this as well, using bug branding such as "Heartbleed", coined by a company which is strongly connected to Microsoft. “It turns out that lots of other [FOSS] libraries have exactly the same issues but have not been reported,” Novet quotes Curphey, whom he describes as “previously a former principal group program manager inside Microsoft’s developer division. [...] SourceClear started in Seattle in 2013…”
“SourceClear started in Seattle in 2013…”
–Jordan NovetWith OpenLogic, Black Duck, Codenomicon and various other Microsoft-connected (often created by Microsoft people and/or managed by Microsoft people) firms that badmouth FOSS we sure expect SourceClear to be no exception. They serve to distract from the built-in and intentional insecurities of proprietary software such as Windows, including quite famously Vista 10 where back doors are an understatement because everything is recorded and broadcast (total remote surveillance), even without a breach or an access through the back doors.
Microsoft cannot produce secure code because ‘national security’, i.e. many back doors, are a design goal. It helps Microsoft establish a ‘special relationship’ with the state and in fact it just got a contract from a highly notorious company, Taser .
Here we are in 2013 onwards — a time when simple bugs in FOSS (a defect affecting one line or two) get all the limelight and receive names, logos etc. whereas Microsoft’s critical zero-day flaws hardly make the headlines. There are many high-impact headlines that make a huge deal of fuss every time a security bug is found in Android (again, just in recent years). We suppose it’s part of a PR campaign in which Microsoft and its partners evidently participate. They are often the ones who come up with the names, logos, and much of the accompanying negative publicity. █
Related/contextual items from the news:
Microsoft has joined forces with Taser to combine the Azure cloud platform with law enforcement management tools.
In order to ensure Taser maintains a monopoly on police body cameras, the corporation acquired contracts with police departments all across the nation for the purchase of body cameras through dubious ties to certain chiefs of police.
Send this to a friend
« Previous entries Next Page » Next Page »