The “legally-binding” and “transparency” conundrums grossly distorted
Summary: News sites mislead their readers, teaching them that the biggest dangers associated with proprietary software are in fact problems exclusive to Free/libre Open Source software
FOR Microsoft to ever pretend to care about security would basically mean to lie, blatantly. Microsoft works hand in glove with the NSA and it has, on numerous occasions, admitted that true security isn’t the goal. Its actions too show this repeatedly. Known flaws -- or holes, or bug doors, or whatever one frames them as -- are not being patched unless the public finds out about them.
In order to bolster security perceptions and to give an illusion that Microsoft actually cares about security and invests in security, the company has just hired some staff in Israel (acquisition is one other way to frame this). The media calls it “security provider”, but given Israel’s record on back doors, cracking (e.g. Stuxnet development), wiretapping etc. this is rather laughable. A lot of Microsoft’s so-called ‘security’ products are made in Israel, and some companies in this military-driven industry facilitate and cater for spies using back doors, usually under the guise of ‘security’ (they mean “national security”). We wrote about this in past years.
“This proves that security through obscurity is a myth that merely encourages people to rely on poorly implemented programs with shoddy security, whereupon developers choose to hide the ugliness of the code.”We were rather disturbed to see this bizarre article yesterday. Titled “Hackers targeting .NET shows the growing pains of open source security”, the article is a big lie. The headline is definitely a lie. .NET is PROPRIETARY (still), it has holes in it, and some fool tries to use it to call Free/libre software “not secure”. Let’s assume for a second that .NET code becoming visible to the world exposes many holes, indeed. It proves exactly the opposite of what the headline says then. If anything, it shows that Microsoft keeping the code secret assured low quality code and bred vulnerable code. Once shown to the world, these holes are being exploited. This proves that security through obscurity is a myth that merely encourages people to rely on poorly implemented programs with shoddy security, whereupon developers choose to hide the ugliness of the code. A lot of the claims from the article come from a FOSS foe, Trend Micro, but they can be framed correctly to state that, if anything, a public audit of .NET now shows just how terrible proprietary software can be, having never been subjected to outside scrutiny.
In other disturbing headlines we find another inversion of the truth. The Business Software Alliance (BSA), or the EULA police, has done a lot to show how dangerous proprietary software licences can be. Nevertheless, Slashdot with its pro-Microsoft slant as of late [1, 2] gives a platform to Christopher Allan Webber.
“Is this another false “I really like the GPL except” post,” asked us a reader. To quote the author: “The fastest way to develop software which locks down users for maximum monetary extraction is to use free software as a base” (oh, yes, those greedy Free software developers!)
The article has a misleading/provocative headline (hence we provide no direct link) and Bruce Perens, who had already accused Black Duck of FUD against the GPL (“I think it’s 100% B.S.,” he said three years ago), responded to the piece by stating:
I help GPL violators clean up their act, it’s my main business.
Every one has had a total lack of due diligence. I will come in and find that they have violated the licenses of 21 proprietary software companies (this is a real customer example) by integrating their code into their main product, just like the GPL code. Some of them only had an “evaluation” license, some not even that, some wildly violated the terms of any license they got.
Most of them are in silicon valley. They seem to have the attitude that they will clean up their legal problems when they’re rich, and nothing but getting their product out of the door matters until then.
They don’t ask me to feel sorry for them. I bill them a lot, and in the end, they’re clean and legal.
When it comes to legal risk and licensing, nothing beats proprietary software. It’s risky, it’s expensive (lock-in makes the exit barriers considerably higher), and it is very hard to obey or comply with, especially when you are low on staff and funds (must renew licences all the time). Contrariwise, it is very easy to comply with copyleft; there is no renewal work required and no renewal fees. All one is required to do is to maintain the copyleft of the code used. The rules are very simple. █
Send this to a friend
Summary: Black Duck “was founded [on] the idea … to keep GPL-licensed code out of corporate codebases entirely,” according to a new report
TECHRIGHTS has spent nearly a decade battling Black Duck. This schizophrenic-looking firm (trying to come across as pro-FOSS), Black Duck, is the very prominent (and well-funded) entity which has been a source of endless GPL FUD, claiming that the GPL is declining, that it is dangerous, and that it oughtn’t be embraced by businesses.
This new article from Jon Gold of the FOSS-hostile NetworkWorld happens to provide us with wonderful evidence of the roots and the original goals/raison d’être of “Black Duck” (black agent would be a more suitable name). The article is titled “Open-source’s former ‘police’ now helping businesses adopt” (the latter is pure marketing and acceptance of Black Duck’s claims at face value).
Black Duck, founded by a marketing guy from Microsoft (see the image above for highlights from LinkedIn), is mostly a marketing company. It was never ‘police’ and it was never an authority; it was a parasite pretending to be about FOSS while harvesting software patents, badmouthing Free software, and even ripping off companies like Palamida, which had done work — very time-consuming work — collecting usage figures regarding GPLv3.
Gold’s article is useful to us because of the very revealing part which says: “Executive Vice President and CTO Bill Ledingham said that when the company was founded the idea was to keep GPL-licensed code out of corporate codebases entirely.”
So Black Duck, which was founded by a guy from Microsoft, was acting more like a mole, nothing else. It was fighting copyleft adoption. No need for speculations or hypotheses anymore.
In a similar vein, Microsoft’s support for Cyanogen (do not be misled by retractions after getting caught) serves to show another mole-like strategy. This new article by Miguel Helft (to appear next month in Forbes magazine) reminds us of the real goal of Cyanogen. To quote the headline: “Meet Cyanogen, The Startup That Wants To Steal Android From Google”
This sounds exactly like what Microsoft itself has been trying to do to Android (often via or with help from proxies like Facebook, Nokia, or Amazon). Do not think for a moment that Microsoft never tried to derail and topple Free software from the inside. There is a long history to that effect and we covered many examples over the years. █
Send this to a friend
Summary: The set of copyleft licences at above 80% in SourceForge, but inclusion of repositories like CodePlex or GitHub tilts the overall picture
OVER the past 9 years several firms such as Black Duck came out of Microsoft, liaising with Microsoft and Microsoft proxies such as CodePlex to convincingly sell the illusion (or a self-fulfilling prophecy) that GPL is dying. We have covered this for nearly 7 years and not much has changed. Professional FUD triumphs. Redmonk, which Black Duck and Microsoft had both paid, recently promoted this nonsense using invalid (biased) data. Another company which is in the licence FUD business (monetising fear of perceived issues), a firm called Protecode, continues adding to these perceived issues by releasing a report about GitHub and SourceForge. Protecode, to its credit, shows that the GPL is still dominant. As Phoronix put it the other day:
Protecode’s numbers show the percentage of copyleft licenses on SourceForge to be above 80% while for GitHub the percentage was below 30%. Their results also indicate that the MIT license is the most popular on GitHub followed by the GPL. On SourceForge, however, the most common license for projects was the GPL.
GitHub is a relatively new site that is based on software from Linus Torvalds and his colleagues. There is nothing wrong with GitHub; I have two accounts there; one for work, one for personal projects. Where it fails to present a balanced view may actually be the lack of scaling based on project size, impact, etc. From what I am able to gather, GitHub is littered with lots of tiny projects, some without code, mostly Web-based code, plus branches, forks, etc. A lot of the very big projects are not hosted on GitHub and some are not at all hosted on third-party servers. They can be managed locally in businesses using git (as we do in the company my wife and I work for).
“Incidentally, based on LinkedIn, Stephen Walli seems to have left Microsoft (again).”What’s worth noting is that Microsoft now approaches GitHub in the sense that it is willing to abandon Microsoft hosting for GitHub. That’s quite a thing given that the maker of git it also the maker of Linux and GitHub is predominantly Free software- and GNU/Linux-based.
Incidentally, based on LinkedIn, Stephen Walli seems to have left Microsoft (again). He was a key person in CodePlex and quite a mole inside the Free software community for a long time (we have written about him for 7 years). That departure might explain why we have seen no pro-Microsoft propaganda from him as of late and it may even be part of a broader exodus, including this news that may show CodePlex dying:
Microsoft hosts CodePlex as an open-source project hosting service where generally the Microsoft OSS projects call home, but it seems some of their own employees aren’t too happy with it and see a brighter future with GitHub.
Do any of our readers know more about the demise of CodePlex? Can it be put in numbers? █
Send this to a friend
Summary: Black Duck’s GPL-hostile numbers are hinged on a biased collection of data, claims controversial columnist Byfield
JUST before Christmas we wrote this critique of Redmonk because it was using data from its former paymasters at Black Duck. The data was used to discredit the GNU GPL, a cornerstone of copyleft (which in inherently one of the biggest threats to the likes of Microsoft, which is in turn closely connected to Black Duck).
“No article is perfect, but the takeaway from Byfield’s article is that Black Duck’s claims deserve no trust.”An article from Bruce Byfield (excerpt in ), a person whom we typically disagree with (he tends to aggravate projects or sites and then malign them using their response, i.e. the troll’s modus operandi), finally disputes the Black Duck ‘data’, which is in some case derived directly or funneled through Microsoft (for over 5 years now). Byfield criticises “both the Red Monk studies and their main source, Black Duck Software,” noting quite correctly that the way data is collected is biased by designed (incomplete and tilted in favour of large corporations such as Microsoft).
While we cannot agree with all of Byfield’s assertions, some of his points align with ours and bolster critics of Black Duck, including Debian heavyweight Bruce Perens, who warned people that Black Duck's claims about the GPL are "B.S."
Will Hill, a Debian user, has highlighted numerous flaws in Byfield’s article, including:
Oh no, he’s dredging up all that bullshit again? It was pretty conclusively dealt with at the time by counting packages in Debian, etc. Let me count the howlers,
Because permissive licenses are more flexible and less likely to generate compliance problems, the possibility is strong that these sources could have a conscious or unconscious bias against copyleft licenses.
That’s basically what Black Duck was trying to get people to believe, that software freedom is not “flexible” enough for businesses who prefer “permissive” BSD. This is silly and wrong, but he’s stated as a fact. What a turkey.
Debian, for example, notes that its license “include” a short list but makes no guarantee that the list is complete, and goes no further than to note that a half dozen licenses are “common.”
This undermines people’s ability to see the best rebuttal in a dishonest way. The answer came from counting the total number of packages and the number of GPL packages to see that GPL use had increased.
No article is perfect, but the takeaway from Byfield’s article is that Black Duck’s claims deserve no trust. They are selling agenda and bias. █
Related/contextual items from the news:
The conventional wisdom is that free software licenses are rapidly evolving. The copyleft licenses are supposed to be in decline, and the permissive licenses gaining popularity, according to two widely-quoted studies from Red Monk by Stephen O’Grady and Donnie Berkholz, In fact, writing in 2012, Berkholz declares that new project licenses are more likely to use a permissive license than anything else. However, on closer examination, whether these conclusions are accurate is open to question.
For one thing, both the Red Monk studies and their main source, Black Duck Software and its Open Hub site (formerly Ohloh) are business-oriented. Because permissive licenses are more flexible and less likely to generate compliance problems, the possibility is strong that these sources could have a conscious or unconscious bias against copyleft licenses.
Send this to a friend
CBS pleases Microsoft
Summary: CBS’ ZDNet spreads the GNU-hostile narrative which comes from Redmonk, funded by Microsoft and Black Duck, citing Black Duck, which also comes from Microsoft and is a partner of Microsoft
Redmonk has been the subject of both praises and criticism over the years. We often agree with what Redmonk shows, but sometimes the impact of money, e.g. money from Microsoft, seems to be playing a role in analyses. It is difficult to dismiss the role of financial dependence; casting it irrelevant would be rather naïve. Whenever a company says something positive about a paying customer it’s rarely just a coincidence. The company is aware of its sources of income and develops a sort of “sixth sense” in the same way that politicians learn to love and defend their funders, not speaking out about them or voting against these funders’ interests. The Koch brothers, for example, sure have an impact on climate policies through various groups they pay. That it why money is handed out in the first place. Bill Gates does a lot of this too, e.g. bribing news sites, news channels, analysts, politicians, decision-makers etc. What we have commended Redmonk for in the past is the policy of full disclosure (well, not entirely full as proportionate contributions are never mentioned).
Microsoft pays Black Duck, which pays analysts who repeat its claims at face value on the face of it. Black Duck has in fact been paying lots of sources to help legitimise its talking points. Even the Linux Foundation is paid by Black Duck (hard to say how much, but probably enough to buy silence on criticism and free publicity at times). Redmonk has been paid by Black Duck too.
“Open Hub is just a new name for a company created by people from Microsoft.”There was a long discussion about this in Twitter (here is just a portion) in light of an article from ZDNet that relayed Black Duck’s talking points using two data points both owned by Black Duck, including its hires from Microsoft. It should be noted that Black Duck is not the only Microsoft-connected proprietary ‘think tank’ trying to tell us that the GPL is declining (in relative terms, not absolute, wherein lies a bias and spin opportunity). OpenLogic, headed by a man from Microsoft, does it too and we have named other such entities. It’s ugly out there. Analysts sell agenda, not information.
To spare readers the misinformation, the short story is that several days ago Redmonk was spreading Black Duck’s anti-GPL talking points and now it turns out Black Duck had paid Redmonk. As noted in this article, “Black Duck, the parent company of Open Hub, has been a RedMonk customer but is not currently.”
Open Hub is just a new name for a company created by people from Microsoft. Companies tend to change names to evade negative perception/publicity. Some patent trolls and mercenaries do that a lot. Behind closed doors Redmonk is not advising companies that copyleft is dying, not disclosing that its figured are biased by a Microsoft deal from 2009. It also impacts what news sites are reporting, creating a sort of self-fulfilling prophecy/bias against the GPL. Here is what ZDNet wrote the other day, not even spelling Ohloh correctly (so we can assume there’s no understanding that this company came from Microsoft). SJVN wrote: “Berkholz learned, using data from Ohlol, an open-source code research project now known as Open Hub, that “Since 2010, this trend has reached a point where permissive is more likely than copyleft [GPL] for a new open-source project.””
Remember where this entity called Open Hub came from. It’s a bunch of people from Microsoft.
Now see the bottom of ZDNet’s posts, which unlike Redmonk does not disclose the Black Duck and Microsoft connection (financial connection to both). That’s how Microsoft’s propaganda makes it into ZDNet.
ZDNet remains one of the world’s crappiest tech tabloids, especially now that it is owned by CBS. It still employs a lot of Microsoft staff (past and present) to publicly smear, bash, and insult Linux/Android. Here is a new example where a Microsoft employee writes about (bashes and belittles) Android in this very trashy tabloid (that pays him to do this). This is part of a pattern and it’s amazing that ZDNet pretends to be a news site. Under CBS’ wing it just serves sponsors. Watch the disclosure a the bottom: “Jason is currently a Partner Technology Strategist with Microsoft Corp. His expressed views do not necessarily represent those of his employer.”
There is a lot more, including links, in the Twitter discussions. Even Redmonk staff weighed in, but has not responded to the rebuttals. Bruce Perens warned that Black Duck's claims about the GPL are "B.S.". There is too much B.S. in today’s news, emanating from people who pretend to be journalists and analysts but are actually agents of propaganda or marketing. Be sceptical and go back to the sources to assess the facts. █
Send this to a friend
Unable to cover up the deeds
Summary: Microsoft’s partner Tuxera is claimed to be violating the GPL, adding insult to injury (helping Microsoft make money from Linux shakedowns, using code that was illegally copied)
LAST year we campaigned with great success for Samsung to obey (i.e. comply with) the GPL after it had gotten caught violating it [1, 2. 3], specifically when it served Microsoft with patent traps (exFAT). Samsung’s GPL violations go years back and they show that this company, which has just liaised with Google on patents (Google too is becoming patents-greedy), is no friend of FOSS. Samsung also commits crimes, but that’s beyond the scope of our coverage.
Another company which can easily be confused or mishandled as a FOSS company because it uses Linux (but mostly provides proprietary software with Microsoft patents) is Tuxera. Like Xamarin, all it really does is promote Linux dependence on Microsoft patent traps (the ones that allegedly have Samsung paying Microsoft for Linux). exFAT (promoted by Samsung and Tuxera) as well other forms/variants of FAT are not really needed, we need to abolish them.
The woman who told us about Samsung’s GPL violations contacted us earlier today to say that based on this file (forked to https://github.com/rxrz/asuswrt-merlin just in case), Tuxera is violating the GPL.
As the reporter of this violation put it, “download the blob, run `modinfo` on it:
description: Extended Macintosh Filesystem
author: Brad Boyer
vermagic: 18.104.22.168 mod_unload MIPS32_R2 32BIT
“it’s MIPS32, so `strings` won’t give the function names, rather something like this:
`strings /tmp/thfsplus.ko | grep -i tux`:
<6>Tuxera HFS+ driver 3013.11.18
“Seems like a GPL violation to me,” she concluded. “I’d like to have that source code now, since it’s been based on native code from Linux.” █
Send this to a friend
Summary: The role played by Free/Open Source software (FOSS) is increasing on the Web, owing to a large degree to growing CMS communities (tens of thousands of developers) that appreciate the GPL
IT IS gratifying to see how the World Wide Web becomes GNU/Linux-dominated also and Free software-dominated, owing to migrations to FOSS CMS options. A recent example is LinuxDevices, which was converted from a proprietary CMS to WordPress and then put under LinuxGizmos.
CMS Wire recently published a January 2014 overview of new Free/Open Source CMS options and releases . CMS Observer published “Best Free Social Network Software” . It’s clear that FOSS has grown dominant in many of these areas that involve Web sites, rising from the bottom of the stack (GNU/Linux) to databases, programming languages, and even the programs themselves. WordPress 3.8 was recently released (with an unfortunate back door) [3,4], affecting many millions of Web sites. WordPress updates too quickly, alleges FOSS Force , but at least it’s a sign of this project’s health. It’s exceptionally active and development is rapid. As we are already running some Drupal 7 sites (Tux Machines uses Drupal) we are planning to move away from WordPress some time in the foreseeable future, perhaps when Drupal 8, which is going to come out in 2014 , is finally reaching stability. Drupal, having gained ground in US Federal government  and large corporations like HP , is probably one of the best success stories of the GPL (Apache is not GPL and Linux is still GPLv2, just like Drupal at GPLv2 or later). Apart from the leading duo, WordPress and Drupal, there’s also Joomla  and Pi Engine , among many other options. It is extremely improbably that proprietary CMS options will ever make a comeback. Some of them (like TypePad) already try to turn free/libre in a desperate attempt to stay relevant. █
Related/contextual items from the news:
The new release of the widely deployed open-source content management system platform includes more than 600 different changes and bug fixes.
WordPress has been released version 3.8 “Parker” named in honor of Charlie Parker, bebop innovator. The company claims it features a modern new design and most beautiful update yet.
When the US Federal government shutdown from October 1 – 16 this year, a small Drupal shop in the Washington DC area turned a list of freelance gigs for furloughed employees in a Google doc into a website in five hours. Unfurlough.us went live at 1:00 am EST on October 4, accumulating 50,000 page views in a little over a week.
HP leveraged third-party software to build the Pronq site. Pronq is using the open-source Drupal, a widely deployed content management system that is also used by the White House and the U.S. Federal Communications Commission (FCC), as the front-end technology.
The Joomla community announced Joomla Framework 1.0, making a major step forward for the Joomla project.
Send this to a friend
Summary: How the General Public License can help fight the likes of Microsoft, whose only answer to GNU/Linux domination is now taxation of GNU/Linux (through patent extortion)
THE TABLET on which I’ll record Richard Stallman tomorrow dons a GPLv3 sticker. We wrote about the GPLv3 quite a lot back in 2007 when it was new. We needed the GPLv3 because of patent deals such as Novell’s. Microsoft was rapidly signing (or looking to sign) more extortion deals against Linux and in the middle of 2007 it announced a large-scale campaign to shake down all GNU/Linux vendors.
Towards the end of 2013 we have this moderate view from Dr. Glyn Moody. He explains today: “A theme that has re-appeared on this blog many times over the years is that of software patents. As I’ve noted before, they are perhaps the biggest single threat to free software, especially since the decline of Microsoft. Indeed, it’s not hard to see software patent lawsuits being filed by Microsoft in the last, desperate stage of that decline in order to inflict the maximum damage on open source.
“That’s already manifest in its Android licensing strategy. Note, in particular, that it refuses to discuss what exactly Android allegedly infringes upon. This means that it can sign secret deals with companies willing to go along with this ploy, giving the impression that there is a problem, without offering the slightest proof to that effect…”
“Indeed, it’s not hard to see software patent lawsuits being filed by Microsoft in the last, desperate stage of that decline in order to inflict the maximum damage on open source.”
–Glyn MoodyMoody’s analysis then proceeds to explaining how the GPLv3 relates to all this. Now that Microsoft’s super-trolls and other trolls such as Erich Spangenberg [1, 2, 3, 4] are going after legitimate companies we must recognise that fighting patents with patents (like OIN does) is not a solution. Trolls cannot be confronted by a reactionary lawsuit and here we have a story of a patent troll winning again. To quote TechDirt, where Moody is a writer: “There’s a reason why patent trolls love east Texas — and big part of that is that the juries there have a long history of favoring patent holders, no matter how ridiculous or how trollish. That was on display last night, when the jury in Marshall, Texas sided with patent troll Erich Spangenberg and his TQP shell company over Newegg. As we’ve been describing, Newegg brought out the big guns to prove pretty damn thoroughly that this guy Mike Jones and his encryption patent were both not new at the time the patent was granted and, more importantly, totally unrelated to the encryption that Newegg and other ecommerce providers rely on. Having Whit Diffie (who invented public key cryptography) and Ron Rivest (who basically made it practical in real life) present on your behalf, showing that they did everything prior to Jones’ patent, while further showing that what Newegg was doing relied on their work, not Jones’, should have ended the case.”
Recently, when big trolls like Microsoft were risking a loss to their patent leverage, lobbying/AstroTurfing from Microsoft paid off. So we are left in a situation where Microsoft’s extortion — not just patent trolls — is a real issue. The GPLv3 is a partial solution to that, if only more projects (like Linux) adopted it… █
Send this to a friend
« Previous Page — « Previous entries « Previous Page · Next Page » Next entries » — Next Page »