EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

03.23.15

Microsoft-connected Black Duck Software Created by Microsoft Marketing Man as an Anti-GPL Operation, Admits the Management

Posted in Free/Libre Software, FUD, GPL, Microsoft at 8:54 pm by Dr. Roy Schestowitz

Doug Levin

Summary: Black Duck “was founded [on] the idea … to keep GPL-licensed code out of corporate codebases entirely,” according to a new report

TECHRIGHTS has spent nearly a decade battling Black Duck. This schizophrenic-looking firm (trying to come across as pro-FOSS), Black Duck, is the very prominent (and well-funded) entity which has been a source of endless GPL FUD, claiming that the GPL is declining, that it is dangerous, and that it oughtn’t be embraced by businesses.

This new article from Jon Gold of the FOSS-hostile NetworkWorld happens to provide us with wonderful evidence of the roots and the original goals/raison d’être of “Black Duck” (black agent would be a more suitable name). The article is titled “Open-source’s former ‘police’ now helping businesses adopt” (the latter is pure marketing and acceptance of Black Duck’s claims at face value).

Black Duck, founded by a marketing guy from Microsoft (see the image above for highlights from LinkedIn), is mostly a marketing company. It was never ‘police’ and it was never an authority; it was a parasite pretending to be about FOSS while harvesting software patents, badmouthing Free software, and even ripping off companies like Palamida, which had done work — very time-consuming work — collecting usage figures regarding GPLv3.

Gold’s article is useful to us because of the very revealing part which says: “Executive Vice President and CTO Bill Ledingham said that when the company was founded the idea was to keep GPL-licensed code out of corporate codebases entirely.”

Right.

So Black Duck, which was founded by a guy from Microsoft, was acting more like a mole, nothing else. It was fighting copyleft adoption. No need for speculations or hypotheses anymore.

In a similar vein, Microsoft’s support for Cyanogen (do not be misled by retractions after getting caught) serves to show another mole-like strategy. This new article by Miguel Helft (to appear next month in Forbes magazine) reminds us of the real goal of Cyanogen. To quote the headline: “Meet Cyanogen, The Startup That Wants To Steal Android From Google”

This sounds exactly like what Microsoft itself has been trying to do to Android (often via or with help from proxies like Facebook, Nokia, or Amazon). Do not think for a moment that Microsoft never tried to derail and topple Free software from the inside. There is a long history to that effect and we covered many examples over the years.

01.30.15

Qualys Admits That Its Scare Campaign (So-called ‘GHOST’) Somewhat Baseless

Posted in FUD, Security at 6:14 am by Dr. Roy Schestowitz

Giving names to bugs to make them sound scary

Scare campaign

Summary: Even the company that bombarded the media with its “GHOST” nonsense admits that this bug, which was fixed two years ago, does not pose much of a threat

TWO days ago we wrote about the self-promotional FUD campaign from Qualys, noting that it had been blown out of proportion, as intended all along by Qualys (which even gave it the name “GHOST” and paid for expensive press releases in corporate news). A Red Hat employee reveals that even Qualys itself realised that its pet PR/marketing charade, “GHOST”, is not much of a risk.

He said that “the people at Qualys that worked hard to hype GHOST into a doomsday bug had to admit that most software calling the gethostbyname function couldn’t be forced to exploit the bug. As they say themselves (from “the Qualys Security Advisory team”):

“Here is a list of potential targets that we investigated (they all call gethostbyname, one way or another), but to the best of our knowledge, the buffer overflow cannot be triggered in any of them:

apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql, nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd, pure-ftpd, rsyslog, samba, sendmail, sysklogd, syslog-ng, tcp_wrappers, vsftpd, xinetd.”

“To put things in perspective see this [discussion],” he added. It’s LWN refuting Dan Goodin, the anti-GNU/Linux ‘security’ rhetoric person from Condé Nast (we took note of his coverage the other day).

“But as always,” added the guy from Red Hat, “the truth isn’t that clickbaiting…

“It was a bug. It has been fixed. But it wasn’t that simple to exploit. Patches are available and as it seems no one got hurt.”

01.28.15

Qualys Starts Self-Promotional FUD Campaign, Naming a Bug That Was Already Fixed 2 Years Ago and Distros Have Covered With Patches

Posted in FUD, GNU/Linux, Google, Red Hat, Security, Ubuntu at 12:23 pm by Dr. Roy Schestowitz

Ghostwriting a Qualys horror story for maximal FUD (fear, uncertainty, and doubt)

Spooky

Summary: Responding to the media blitz which paints GNU/Linux as insecure despite the fact that bugs were evidently found and fixed

THERE IS something to be said about the “top” news regarding GNU/Linux. It’s not really news. The so-called “GHOST” publicity stunt needn’t be repeated by FOSS sites. It is about a bug which was patched two years ago, but some sites overlook this important fact and stick lots of spooky logos, playing right into the hands of Qualys, an insecurity firm (making money from lack of security or perception of insecurity).

We have watches the ‘news’ unfolding over the past day and a half and now is a good time to explain what we deal with. The so-called “GHOST” (all capital letters!) bug is old. Qualys is going two years ago into bugfixes, giving a name to the bugfixes, then making plenty of noise (all over the news right now). Qualys does not look like a proxy of Microsoft or other GNU/Linux foes, but it is self-serving. Insecurity firms like Qualys probably learned that giving a name to a bug in GNU (SJVN mistakenly calls it “Linux”, but so do many others) would give more publicity and people will pay attention to brands and logos rather than to substance. Just before Christmas an insecurity firm tried to do that with "Grinch" and it turned out to be a farce. SJVN says that this old “vulnerability enables hackers to remotely take control of systems without even knowing any system IDs or passwords.”

Well, it was patched back in 2013. Use of names for marketing is what makes it “news”; the opportunists even prepared a PRESS RELEASE and pushed it into ‘big’ sites like CNN. It has marketing written all over it, just like “Heartbleed” that had strong Microsoft connections behind the disclosure. It is sad that Linux sites fall for this. Phoronix copies the press release as though it’s reliable rather than self-promotional. Michael Larabel writes: “The latest high-profile security vulnerability affecting Linux systems us within Glibc, the GNU C Library.”

It is not “latest”, it is 2 years old. Larabel says that “Qualys found that the bug had actually been patched with a minor bug fix released on May 21, 2013 between the releases of glibc-2.17 and glibc-2.18.”

OK, so it’s not news. FOSS Force cites SJVN to amplify the scare and other FOSS sites are playing along as though this is top news. It oughtn’t be. It is already widely patched (maybe requiring a reboot), so let’s patch and move on (unless it was already patched upstream/downstream years ago). IDG has already published at least three articles about it [1, 2], including one from Swapnil Bhartiya, who is not too alarmist to his credit. He noted that “there was a patch released back on May 21, 2013, between the releases of glibc-2.17 and glibc-2.18. However it was not considered to be a security risk and thus major Linux distributions that offer long term support and get security updates remained vulnerable, including Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7 and Ubuntu 12.04.”

It affects very specific versions, mostly long-term support releases that already have reliable patches available. It should be clear that some headlines such as this or that clarify the limited scope of impact (not bad reporting) unlike the alarmist trolls.

What Techrights generally found was that early coverage came from so-called ‘security’ sites or blogs of insecurity firms that try to sell their services (e.g. [1, 2, 3]). These set the tone for many.

The response to this bug is proportional to the perceived danger (e.g. due to media hype), not the severity of the bug. Some security news sites [1, 2] focus on names and logos while facts remain only a side issue. This so-called “ghost” nonsense (some lines of code basically) was fixed 2 years ago and as the blog post “long term support considered harmful” explains it: “In theory, somebody at glibc should have noticed that fixing a buffer flow in a function that parses network data has security implications. That doesn’t always happen, however, for many reasons. Sometimes the assessment isn’t made; sometimes the assessment fails to consider all possible exploit strategies. Security bugs are “silently” fixed frequently enough (without evil intentions) that we should consider them a fact of life and deal with them accordingly.”

Some of the worst kind of coverage we found came from The Register with its flamebait headlines (scary headlines for maximum effect) and the troll Brian Fagioli. They are only some among many who are using the name to come up with puns and FUD. Jim Finkle is back to his GNU/Linux-hostile ‘reporting’, bringing this to the corporate media (there is some in the UK also) and LWN quickly cited the GNU/Linux-hostile Dan Goodin. He called “Highly critical” a bug that was patched two years ago.

Debunking some of the latest security FUD we had Fedora Magazine which stated “don’t be [worried], on supported Fedora versions.”

For unsupported version there is a lot more than this one bug that one needs to worry about.

Apple fans were quick to take advantage of the news, despite the fact that Apple is leaving systems vulnerable for many months, knowingly (like Microsoft does, until Google steps in).

See, with proprietary systems one knows for a fact that there is no security. With GNU/Linux is an open question and it depends on what measures one takes to keep it secure. For Apple and Microsoft security is not at all the goal; back doors and unpatched flaws are not really as “interesting” and important for them to patch as helping spying agencies. Google is not at fault here, Google just saw that Apple and Microsoft had no plans to plug serious holes — a patch evidently wasn’t going to be made ready before the public finds out about it, owing to Google. Apple chooses to blame Google; same as Microsoft. They should only blame themselves both for the bugs and for negligence after the bugs were highlighted to them. There is no room here for properly comparing GNU/Linux (Free/libre) to OS X or Windows (proprietary) because evidence clearly shows that the latter are not interested in security and not pursuing security when it is trivially possible.

What we find curious amid the latest FUD campaign is that Apple back/bug doors are not as widely publicised as a GNU bug that was patched 2 years ago and mostly affects LTS systems (which already have patches available). “Nothing I can think of,” said a reader of ours about this media hype, “but the LTS model followed by RHEL and Ubuntu have different goals and purposes than the short, fast development cycle like OpenBSD.”

Nobody is forced to use an LTS release and those who choose it must be aware of the potential risk.

Regarding the other FUD that flooded the press in recent weeks, targeting for the most part Google and Android, our reader XFaCE wrote the following:

I assume you want to write about that new Android vulnerability. Basically I can see the narrative being pushed through three points

- Microsoft supported Windows XP/7/etc. for years, why doesn’t Google support old Android versions

- Google told Microsoft about a very old bug in their software, so they are hypocritical

- Heartbleed bug was fixed way back for 4.1.1

For the last point, it’s a bullshit comparison because

a) 4.1.1 was one point release where upgrading to 4.1.2 fixed the issue (it was already fixed back when 4.1.2 was released)

b) The fix was one file, as evident by XDA members patched it themselves on phones manufacturers refused to upgrade to 4.1.2 SOURCE: http://forum.xda-developers.com/showthread.php?t=2712916

c) As shown by the link, a lot of manufacturers DIDN’T update certain 4.1.1 devices to 4.1.2, hence proving Google’s point. The fix there was SIMPLE, but the OEMs didn’t bother to do it

With Webview, not only is webview involved, but so is the webkit rendering engine, so the fix for all those previously releases is much more complicated

As for the second point, Google did catch it, with KitKat, and furthermore made KitKat supported on more low-end devices so theoretically older 512mb or less devices could be updated

For example, HTC said (when Jelly Bean 4.1 came out) that they would not update any device with 512 mb of RAM (SOURCE: http://www.cnet.com/news/htc-one-v-and-desire-c-will-never-get-jelly-bean/ ), so naturally when KitKat came out, they updated those devices because the OS officially was designed for such low ram devices

oh wait

http://www.androidpit.com/android-4-4-kitkat-update-plans

“Later this year, the entry-level smartphone the HTC Desire 500, should also be seeing the KitKat update. However, the One X, One X+, One S, and One V will be left in the dust and will be receiving no more official updates from HTC.”

So the OEMs are at fault for not upgrading the devices, not Google, which leads to point 1 – Google doesn’t control the Android OEMs like Microsoft does OEM pay Microsoft for the support whereby Microsoft controls all updates, Google doesn’t get paid or have the agreemeent in that way

OEMs like HTC could easily fix this by porting Kitkat to those devices, but they won’t cause they want you to buy a new HTC phone or whatever phone brand

Techrights did not cover that (except in daily links) because it should be self-evident that free-of-charge Android upgrades make it inhernetly different from proprietary software and keeping up to data typically ensures security. A lot of the analogies (Android and Windows) were inherently flawed and the FUD rather shallow.

01.13.15

Failed Coup: The GNU GPL Still Dominant, Microsoft CodePlex Abandoned Even by Microsoft

Posted in FUD, GPL, Microsoft at 12:34 pm by Dr. Roy Schestowitz

Summary: The set of copyleft licences at above 80% in SourceForge, but inclusion of repositories like CodePlex or GitHub tilts the overall picture

OVER the past 9 years several firms such as Black Duck came out of Microsoft, liaising with Microsoft and Microsoft proxies such as CodePlex to convincingly sell the illusion (or a self-fulfilling prophecy) that GPL is dying. We have covered this for nearly 7 years and not much has changed. Professional FUD triumphs. Redmonk, which Black Duck and Microsoft had both paid, recently promoted this nonsense using invalid (biased) data. Another company which is in the licence FUD business (monetising fear of perceived issues), a firm called Protecode, continues adding to these perceived issues by releasing a report about GitHub and SourceForge. Protecode, to its credit, shows that the GPL is still dominant. As Phoronix put it the other day:

Protecode’s numbers show the percentage of copyleft licenses on SourceForge to be above 80% while for GitHub the percentage was below 30%. Their results also indicate that the MIT license is the most popular on GitHub followed by the GPL. On SourceForge, however, the most common license for projects was the GPL.

GitHub is a relatively new site that is based on software from Linus Torvalds and his colleagues. There is nothing wrong with GitHub; I have two accounts there; one for work, one for personal projects. Where it fails to present a balanced view may actually be the lack of scaling based on project size, impact, etc. From what I am able to gather, GitHub is littered with lots of tiny projects, some without code, mostly Web-based code, plus branches, forks, etc. A lot of the very big projects are not hosted on GitHub and some are not at all hosted on third-party servers. They can be managed locally in businesses using git (as we do in the company my wife and I work for).

“Incidentally, based on LinkedIn, Stephen Walli seems to have left Microsoft (again).”What’s worth noting is that Microsoft now approaches GitHub in the sense that it is willing to abandon Microsoft hosting for GitHub. That’s quite a thing given that the maker of git it also the maker of Linux and GitHub is predominantly Free software- and GNU/Linux-based.

Incidentally, based on LinkedIn, Stephen Walli seems to have left Microsoft (again). He was a key person in CodePlex and quite a mole inside the Free software community for a long time (we have written about him for 7 years). That departure might explain why we have seen no pro-Microsoft propaganda from him as of late and it may even be part of a broader exodus, including this news that may show CodePlex dying:

Microsoft hosts CodePlex as an open-source project hosting service where generally the Microsoft OSS projects call home, but it seems some of their own employees aren’t too happy with it and see a brighter future with GitHub.

Do any of our readers know more about the demise of CodePlex? Can it be put in numbers?

12.30.14

Black Duck Debunked Again, Data Asserted Invalid

Posted in Free/Libre Software, FUD, GPL at 12:23 pm by Dr. Roy Schestowitz

Summary: Black Duck’s GPL-hostile numbers are hinged on a biased collection of data, claims controversial columnist Byfield

JUST before Christmas we wrote this critique of Redmonk because it was using data from its former paymasters at Black Duck. The data was used to discredit the GNU GPL, a cornerstone of copyleft (which in inherently one of the biggest threats to the likes of Microsoft, which is in turn closely connected to Black Duck).

“No article is perfect, but the takeaway from Byfield’s article is that Black Duck’s claims deserve no trust.”An article from Bruce Byfield (excerpt in [1]), a person whom we typically disagree with (he tends to aggravate projects or sites and then malign them using their response, i.e. the troll’s modus operandi), finally disputes the Black Duck ‘data’, which is in some case derived directly or funneled through Microsoft (for over 5 years now). Byfield criticises “both the Red Monk studies and their main source, Black Duck Software,” noting quite correctly that the way data is collected is biased by designed (incomplete and tilted in favour of large corporations such as Microsoft).

While we cannot agree with all of Byfield’s assertions, some of his points align with ours and bolster critics of Black Duck, including Debian heavyweight Bruce Perens, who warned people that Black Duck's claims about the GPL are "B.S."

Will Hill, a Debian user, has highlighted numerous flaws in Byfield’s article, including:

Oh no, he’s dredging up all that bullshit again? It was pretty conclusively dealt with at the time by counting packages in Debian, etc. Let me count the howlers,

Because permissive licenses are more flexible and less likely to generate compliance problems, the possibility is strong that these sources could have a conscious or unconscious bias against copyleft licenses.

That’s basically what Black Duck was trying to get people to believe, that software freedom is not “flexible” enough for businesses who prefer “permissive” BSD. This is silly and wrong, but he’s stated as a fact. What a turkey.

Debian, for example, notes that its license “include” a short list but makes no guarantee that the list is complete, and goes no further than to note that a half dozen licenses are “common.”

This undermines people’s ability to see the best rebuttal in a dishonest way. The answer came from counting the total number of packages and the number of GPL packages to see that GPL use had increased.

No article is perfect, but the takeaway from Byfield’s article is that Black Duck’s claims deserve no trust. They are selling agenda and bias.

Related/contextual items from the news:

  1. The problem with license trends

    The conventional wisdom is that free software licenses are rapidly evolving. The copyleft licenses are supposed to be in decline, and the permissive licenses gaining popularity, according to two widely-quoted studies from Red Monk by Stephen O’Grady and Donnie Berkholz, In fact, writing in 2012, Berkholz declares that new project licenses are more likely to use a permissive license than anything else. However, on closer examination, whether these conclusions are accurate is open to question.

    For one thing, both the Red Monk studies and their main source, Black Duck Software and its Open Hub site (formerly Ohloh) are business-oriented. Because permissive licenses are more flexible and less likely to generate compliance problems, the possibility is strong that these sources could have a conscious or unconscious bias against copyleft licenses.

12.19.14

Another Microsoft Partner Markets Linux FUD Using Logo, Name, and Lies

Posted in FUD, Microsoft, Red Hat, Security at 12:14 pm by Dr. Roy Schestowitz

The great power of lies and gullible journalists

Christmas lights

Summary: Microsoft’s partner Alert Logic is trying to label a feature of Linux a security flaw and even makes marketing buzz for it

IF A reporter or two can be bamboozled into printing a lie (digitally distributing it), this can lend some credibility/legitimacy to the lie and then it is possible that the lie will spread and be echoed in other reports. Hence the importance of this matter.

“They are trying to change perceptions around Free software security.”Several journalists have already rebutted something that I debunked some days ago when I first saw some nonsense about “Grinch” with a suitable “marketing” image. Here is one rebuttal among a few:

The Grinch flaw was reported by Stephen Cody, chief security evangelist at Alert Logic. Cody alleges that the Grinch flaw enables users on a local machine to escalate privileges. Leading Linux vendor Red Hat, however, disagrees that the Grinch issue is even a bug and instead notes in a Red Hat knowledge base article that the Grinch report “incorrectly classifies expected behavior as a security issue.”

The original security researcher that reported the Grinch found that if a user logs into a Linux system as the local administrator, the user could run a certain command that would enable the user to install a package, explained Josh Bressers, lead of the Red Hat Product Security Team.

“Local administrators are trusted users,” Bressers told eWEEK. “This isn’t something you hand out to everybody.”

We believe it was Joab Jackson (IDG) who first gave a platform to the Microsoft partner (Alert Logic) that used marketing buzz and a lie against Linux, soon to be rebutted by Red Hat. I had contacted Mr. Jackson, who later told me that he posted a follow-up (or correction).

Jackson’s correction may have come too late as we saw the lie spreading to a few other news sites later on (thankfully not too many sites). Here is one example of garbage ‘reporting’ (FUD and lies), generated by the FUD firm with with a catchy name, sort of logo etc. (generated by a Microsoft partner we might add). Apart from Jackson’s piece we saw at least 3 more such articles (which came afterwards). How many are going to post a correction? How many articles will be withdrawn? How many follow-ups will be published? Tumbleweed. Silence.

It is usually Windows that has zero-days during Christmas, not GNU or Linux. There was recently other nonsense with a name, claiming to be a flaw when it was actually some other malware (potentially developed by the Russian government) that users actually have to install (not from repositories) to be infected by. It was akin to a phishing attack, but it was widely used in the press (even in IDG, Jackson’s employer) to characterise GNU/Linux as insecure.

Remember what the Microsoft-connected firm did with "Heartbleed" (the name it made up with a promotional logo). It’s all about marketing and hype. They are trying to change perceptions around Free software security. What matters is what people remember, not the truth. This is all about discouraging users or buyers.

A reader has alerted us about this article from Armenia . “Note the job title of the ‘softer,” he said. Here is the relevant portion:

Armenia’s Minister of Defense Seyran Ohanyan received Microsoft Corporation’s Regional Director for Public Safety/National Security/Defense Robert Kosla.

Joke or real? It sounds like a joke, but they are definitely not joking. Armenia talks to the NSA’s biggest partner and back doors-loving company about ‘security’, so seeing the job title from Microsoft is truly hilarious! Microsoft is good at insecurity and lies, not security.

“Our products just aren’t engineered for security.”

Brian Valentine, Microsoft executive

Redmonk is Spreading Black Duck’s Anti-GPL Talking Points After Payments From Black Duck, Microsoft

Posted in Deception, Free/Libre Software, FUD, GPL, Microsoft at 11:50 am by Dr. Roy Schestowitz

CBS pleases Microsoft

Forex

Summary: CBS’ ZDNet spreads the GNU-hostile narrative which comes from Redmonk, funded by Microsoft and Black Duck, citing Black Duck, which also comes from Microsoft and is a partner of Microsoft

Redmonk has been the subject of both praises and criticism over the years. We often agree with what Redmonk shows, but sometimes the impact of money, e.g. money from Microsoft, seems to be playing a role in analyses. It is difficult to dismiss the role of financial dependence; casting it irrelevant would be rather naïve. Whenever a company says something positive about a paying customer it’s rarely just a coincidence. The company is aware of its sources of income and develops a sort of “sixth sense” in the same way that politicians learn to love and defend their funders, not speaking out about them or voting against these funders’ interests. The Koch brothers, for example, sure have an impact on climate policies through various groups they pay. That it why money is handed out in the first place. Bill Gates does a lot of this too, e.g. bribing news sites, news channels, analysts, politicians, decision-makers etc. What we have commended Redmonk for in the past is the policy of full disclosure (well, not entirely full as proportionate contributions are never mentioned).

Microsoft pays Black Duck, which pays analysts who repeat its claims at face value on the face of it. Black Duck has in fact been paying lots of sources to help legitimise its talking points. Even the Linux Foundation is paid by Black Duck (hard to say how much, but probably enough to buy silence on criticism and free publicity at times). Redmonk has been paid by Black Duck too.

“Open Hub is just a new name for a company created by people from Microsoft.”There was a long discussion about this in Twitter (here is just a portion) in light of an article from ZDNet that relayed Black Duck’s talking points using two data points both owned by Black Duck, including its hires from Microsoft. It should be noted that Black Duck is not the only Microsoft-connected proprietary ‘think tank’ trying to tell us that the GPL is declining (in relative terms, not absolute, wherein lies a bias and spin opportunity). OpenLogic, headed by a man from Microsoft, does it too and we have named other such entities. It’s ugly out there. Analysts sell agenda, not information.

To spare readers the misinformation, the short story is that several days ago Redmonk was spreading Black Duck’s anti-GPL talking points and now it turns out Black Duck had paid Redmonk. As noted in this article, “Black Duck, the parent company of Open Hub, has been a RedMonk customer but is not currently.”

Open Hub is just a new name for a company created by people from Microsoft. Companies tend to change names to evade negative perception/publicity. Some patent trolls and mercenaries do that a lot. Behind closed doors Redmonk is not advising companies that copyleft is dying, not disclosing that its figured are biased by a Microsoft deal from 2009. It also impacts what news sites are reporting, creating a sort of self-fulfilling prophecy/bias against the GPL. Here is what ZDNet wrote the other day, not even spelling Ohloh correctly (so we can assume there’s no understanding that this company came from Microsoft). SJVN wrote: “Berkholz learned, using data from Ohlol, an open-source code research project now known as Open Hub, that “Since 2010, this trend has reached a point where permissive is more likely than copyleft [GPL] for a new open-source project.””

Remember where this entity called Open Hub came from. It’s a bunch of people from Microsoft.

Now see the bottom of ZDNet’s posts, which unlike Redmonk does not disclose the Black Duck and Microsoft connection (financial connection to both). That’s how Microsoft’s propaganda makes it into ZDNet.

ZDNet remains one of the world’s crappiest tech tabloids, especially now that it is owned by CBS. It still employs a lot of Microsoft staff (past and present) to publicly smear, bash, and insult Linux/Android. Here is a new example where a Microsoft employee writes about (bashes and belittles) Android in this very trashy tabloid (that pays him to do this). This is part of a pattern and it’s amazing that ZDNet pretends to be a news site. Under CBS’ wing it just serves sponsors. Watch the disclosure a the bottom: “Jason is currently a Partner Technology Strategist with Microsoft Corp. His expressed views do not necessarily represent those of his employer.”

Yeah, right!

There is a lot more, including links, in the Twitter discussions. Even Redmonk staff weighed in, but has not responded to the rebuttals. Bruce Perens warned that Black Duck's claims about the GPL are "B.S.". There is too much B.S. in today’s news, emanating from people who pretend to be journalists and analysts but are actually agents of propaganda or marketing. Be sceptical and go back to the sources to assess the facts.

11.15.14

Will Write for FUD (Against FOSS)

Posted in Free/Libre Software, FUD at 6:03 am by Dr. Roy Schestowitz

Summary: Black Duck rears its ugly head again, serving to show that it is in the business of changing perceptions and not in the information or analysis business

WHEN we see people so utterly desperate for a job they often hold banners that say something like “will [do something] for food”. That’s how we often feel about FOSS FUD firms, some of which come from Microsoft (created by people from Microsoft). The business model is simple; find people/companies (clients) who want to belittle or smear FOSS and then issue some glorified ‘research’ to ‘prove’ the clients’ allegations.

Sonatype has been using FOSS for a number of years in order to make money. It does not actually produce any FOSS but it sure likes to market itself (new example in IDG right now) by talking about FOSS, usually negatively. We have spent years collecting and giving to readers such examples from Sonatype and a lot more examples from Black Duck, which has strong links to Microsoft and has become a de facto FUD source against FOSS, especially copyleft. Here we have Redmonk propping up the copyleft-hostile agenda again and over at ITWire we found an article which indicates that Weinberg, formerly of LiPS Forum, is now among those who will “write for FUD”. As the author puts it, “Weinberg did not advocate for OSS in any way. But he pointed out that from a pragmatic point of view, one had to get used to seeing its use in the enterprise. It was therefore better to know the nature of the beast, he said. As an example he pointed to a statement made by Carl-Eric Mols, the head of OSS at Sony Mobile Communications, wherein Mols said that more than 80 per cent of the software used in Sony’s handsets was open source.”

This is where Black Duck comes in with its proprietary (and patent-’protected’) software to make scary claims about the risk of FOSS. The problem with this business model is that it is generally detrimental to FOSS and it monetises fear of FOSS — a fear which is being exaggerated by the likes of Black Duck.

« Previous entries Next Page » Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts