09.22.19
Posted in Deception, Free/Libre Software, FUD, IBM, Microsoft at 1:36 pm by Dr. Roy Schestowitz
Openwashing Report part II
Summary: Conferences that call themselves “open” something are sometimes nothing but an attack on openness (not to mention freedom) and promotion of FUD about Free/Open Source software (FOSS); there’s an ample set of examples to that effect
THIS weekend, just like this past week, there’s much attention being paid to the same old scam which is “Open Core”, fetishised by people who care about money a lot more than they care about freedom. Simon Phipps (OSI) commented about it some days ago; he’s against it. It’s because of some stupid summit set up by foes of Software Freedom.
“Who else was there? Microsoft and several of its proxies, companies that profit from attacking and slandering Open Source, e.g. Snyk and WhiteSource.”One can typically tell the motivation of an event based on who chooses to sponsor (i.e. bankroll) it. The Open Core Summit is no exception; Remember Microsoft with its “Open Cloud” charade. Who was actually there? The chief of the Linux Foundation, who told the crowd that “Open Source loves Microsoft…”
Who else was there? Microsoft and several of its proxies, companies that profit from attacking and slandering Open Source, e.g. Snyk and WhiteSource. One can rest assured that FUD about “Open Source” will carry on as long as companies look to destroy (or hijack) it.
Days ago we caught this report. It exposes GitHub as a threat because it attracts dumb employees who use it to upload sensitive data. Did the media blame Microsoft? No, it never does. Notice how corporate media loves playing along with the Microsoft lie — the intentional lie that GitHub is somehow separate from Microsoft. This is designed to entrap people and harm them. Same for Facebook with WhatsApp and Instagram. Or Google with YouTube…
“Notice how corporate media loves playing along with the Microsoft lie — the intentional lie that GitHub is somehow separate from Microsoft.”Citing BNNBloomberg, one reader told us about it yesterday. “Here’s a fun one,” the reader said, citing this report from David George-Cosh. “The Bank of Nova Scotia “inadvertently” uploaded sensitive login credentials to an open source repository…”
As the article put it: “The Bank of Nova Scotia is working to remove internal computer code reportedly containing sensitive login credentials for some online services that was inadvertently uploaded to an open-source repository.” (of Microsoft)
Remember that Microsoft is currently being sued by Capital One over a similar incident. GitHub is reckless about what’s hosted and served through it. Disclaiming liability is a classic pattern of Microsoft behaviour across a broad spectrum of its activities. Later on Microsoft says Open Source is a risk and a danger; whose fault is it though?
“That’s just classic FUD; this is the sort of thing that fills up Microsoft-run ‘open’ events. It’s all about attacking FOSS and making it look bad.”Analytics India Magazine, a Microsoft-friendly site, has just published this piece of FUD. Citing an-anti FOSS firm which is Microsoft connected they try create the stigma that so-called ‘technical debt’ is a uniquely FOSS issue (like they do “security” and “licensing”).
That’s just classic FUD; this is the sort of thing that fills up Microsoft-run ‘open’ events. It’s all about attacking FOSS and making it look bad.
There’s another new corporate ‘summit’ with lots of openwashing; it’s led by Alluxio.
Going back to the BNNBloomberg article, here’s what it says: “The Register, a U.K.-based technology website, reported on Wednesday that a Canadian IT worker discovered the uploaded source code on Github, a website that hosts programming code that is freely available for other programmers to access.
“The code contained information related to the bank’s backend systems as well as code related to Scotiabank’s mobile apps for its Central American and South American customers, the website said.”
“Open Core is just proprietary software with openwashing-themed marketing.”Whose fault is it? Or rather, if Microsoft serves this data, is it exempted from accountability?
Speaking of The Register, that same reader noted: “Now some crap about open core…”
We mentioned this in Daily Links. To quote: “Analysis On Thursday, at the Palace of Fine Arts in San Francisco, companies building open-source code gathered to figure out how to survive having Amazon, Google, and Microsoft sell their software as a service without paying for the privilege.
“The confab has a name, the Open Core Summit, where “Open Core” refers to the marketing strategy of offering a core service for free and charging for complementary capabilities. Presumably, “Freemium Summit” didn’t pass muster.
“The inaugural conference is focused on helping commercial open-source organizations develop viable business models. It’s organized by OSS Capital, a venture-capital firm founded by entrepreneur Joseph Jacks and given street cred through the presence of board partner Bruce Perens, one of the pioneering figures in the open-source movement.”
“So they sponsor turning FOSS into proprietary software. In ‘the cloud’…”Open Core is just proprietary software with openwashing-themed marketing.
And “note the next paragraph links to the final Stallman interview,” our reader said, quoting “whatever those [sic] may be…”
Here’s the part in question, using words like “partisans”: “Free Software partisans describe open source as a development methodology without the Free Software movement’s moral and philosophical aspirations, whatever those may be. Distinctions aside, a common thread in the two intermingled communities continues to be figuring out how to get paid for code offered under a permissive license.”
Fun quote from the article: “Open-source licenses like Apache 2.0 have no requirement to compensate those actually crafting such software.”
Compensate? Seriously?
Here’s the full context: “Several of the companies attending, such as Elastic, have become poster children for the peril of cloud-provider parasitism. Open-source licenses like Apache 2.0 have no requirement to compensate those actually crafting such software. So, mostly, the cloud giants that deploy services based on open-source projects don’t bother to pay outsiders who improve and maintain the code.”
“Those are not FOSS companies; they’re proprietary software.”And here’s more: “If you ask nicely, these companies may sponsor your conference, as AWS has done for the Open Core Summit. At the same time, it’s tempting to see a certain zero-sum symbolism in the conference’s morning donut service, “brought to you by AWS,” not to mention interstitial music cues like Bon Jovi’s Livin’ on a Prayer and Imagine Dragons’ Whatever It Takes.”
So they sponsor turning FOSS into proprietary software. In ‘the cloud’…
As the article notes, “in March, Amazon Web Services debuted its fork of the Elastic project, all the while insisting it’s not a fork.
“During the lunch break, a co-founder of a prominent open-source project pointed to AWS’s banner for its Open Distro for Elasticsearch as “a giant f– you” to the open-source companies in attendance.”
The “article includes this note,” the reader noted: “Editor’s note: we are happy to clarify that Ben Golub described open-source software as a loss leader, and not Upbound CEO Bassam Tabbara as first reported.”
“Proprietary software giants sponsoring “open” things is matter of tossing ‘slush funds’ to improve perceptions.”Lightbend participates in this nasty conference that promotes proprietary software under the guise of ‘open’. It even issued this press release to brag about it; these openwashing attacks on Free software’s legitimacy (showing how the licence is ‘worked around’ in ‘the cloud’) is nothing to brag about. It should be a source of shame. But Lightbend keeps paying to spread this. Larry Augustin also sold us all out by joining Amazon AWS (his former employer SugarCRM has betrayed all customers by becoming proprietary software as well… whereupon the fork SuiteCRM came to their rescue). From the press release: “Brewer joins panelists Larry Augustin, VP Amazon Web Services (formerly CEO of SugarCRM) and Scott Collison, CEO Anaconda…”
Those are not FOSS companies; they’re proprietary software.
Proprietary software giants sponsoring “open” things is matter of tossing ‘slush funds’ to improve perceptions. Mac Asay does this all the time at such companies (now Amazon/AWS).
“IBM wants to stay proprietary; it can leverage Red Hat to pretend otherwise. Microsoft does more or less the same thing.”There’s also this new press release [1, 2] entitled “Top five open source-powered solutions to mitigate the impact of natural disasters announced as finalists in Call for Code global coding challenge” (“Call for Code” is not the same as “Call for Open Source Code”).
Just like AWS, “open source-powered” means “exploits FOSS but remains proprietary software itself” because it’s not about freedom but leveraging freedom to deprive others.
The “Call for Code 2019 is focused on creating solutions to help mitigate the effects of natural disasters and help communities better prepare and respond to the needs of survivors…”
IBM is OK with it being proprietary; it is, after all, just a PR stunt for them. IBM wants to stay proprietary; it can leverage Red Hat to pretend otherwise. Microsoft does more or less the same thing. █
Permalink
Send this to a friend
09.21.19
Posted in Free/Libre Software, IBM, OIN, Patents, Red Hat at 1:09 am by Dr. Roy Schestowitz
To make peace with the Free software movement IBM may need to re-balance or re-calibrate its priorities
Summary: IBM needs to quit bullying people/companies with software patents; that would help towards appeasement of IBM critics and sceptics
AT risk of sounding like a broken record, let’s make a point absolutely clear and be upfront about it. Our Openwashing Reports have often mentioned IBM as an habitual faker and culprit; IBM is, at its core, still a proprietary software company, unlike Red Hat. But IBM is bad for two more reasons: 1) it lobbies for software patents and 2) it shakes down companies with such patents. When it comes to patent policy and practice, IBM is hardly better than Microsoft; it just targets GNU/Linux a lot less (if at all); it gave us OIN.
“Techrights would rather not spend much time or dedicate much space to IBM criticism because it’s hardly the foremost threat to Software Freedom; it’s mostly a threat to a sane patent policy/law.”It seems safe to believe or to think many Red Hat employees already know what IBM is and does (IBM’s patent shakedown is decades-old). The rest are in denial about it or choose to say nothing, even among themselves. Henrion brought up a recent court document [PDF] and stated that “IBM is a software patent bully,” quoting from the corresponding document: “Method for presenting advertising in an interactive service, Method for simultaneous display of multiple object categories, Method for a runtime user account creation operation within a SSO process in a federated computing…”
We discussed this over IRC on Thursday. The IRC logs will unfortunately not be ready for publication until the end of this year (we used to publish these daily, then weekly, now it’s 3 times a year in large lumps).
Another person wrote: “IBM published today a patent application on “software controlled ad-avatars (or bots)” for advertising in virtual worlds. Relatable bot profiles include “Jenny Teen,” “Joe Geek,” and “Travis Cowboy.” US 20190287119.”
There’s also a picture there.
Techrights would rather not spend much time or dedicate much space to IBM criticism because it’s hardly the foremost threat to Software Freedom; it’s mostly a threat to a sane patent policy/law. We hope that Red Hat can influence IBM positively (rather than the other way around). █
Permalink
Send this to a friend
09.03.19
Posted in Deception, Free/Libre Software, IBM, Microsoft at 8:01 am by Dr. Roy Schestowitz
Summary: Everything is nowadays “open”; just pay the membership/sponsorship fees to the Linux Foundation, which will ‘do the rest’ (outsourcing everything to Microsoft and working with its media partners on dishonest openwashing campaigns); this first part (of three) deals with IBM
DOES Jim Zemlin speak for Open Source? No, he does not. He does not even use it and he’s fronting for foes of Open Source. Sadly, a lot of imposers and phonies like him are hijacking representative roles in our communities. They claim to be speaking on our behalf and politicians are listening.
Let’s look at some new examples of openwashing by the Linux Foundation (of massive proprietary software companies).
IBM
Former IBMer and former Microsofter Jason Perlow (we wrote about him many times before) now helps the openwashing of IBM's overpriced hardware (former employer) by the Linux Foundation at the CBS-owned tabloid, ZDNet. He did lots of Microsoft propaganda there while working for Microsoft (salaried by Microsoft). This is considered ‘normal’ at ZDNet. Lots of Microsoft boosters work there as so-called ‘reporters’, but they’re no better than Microsoft Peter (still arrested for pedophilia).
“Former IBMer and former Microsofter Jason Perlow (we wrote about him many times before) now helps the openwashing of IBM’s overpriced hardware (former employer) by the Linux Foundation at the CBS-owned tabloid, ZDNet.”As we noted last month, POWER (or ‘Open’POWER) isn’t open source or open-source or Open Source or whatever. InfoQ has just correctly spoken of the “Instruction Set”, which is what actually got ‘opened’ (uploaded to Microsoft, GitHub). It often seems like the main service offered by the Linux Foundation is outsourcing. Where to? Microsoft. So the Linux Foundation is as much about Linux as NSA is about “Security” (it’s in the name, the second letter of the acronym). GitHub is proprietary software — a simple fact that never seems to bother Mr. Zemlin (he blessed the takeover by Microsoft) as long as GitHub gives his foundation a bunch of cash. What on Earth is this foundation turning into? Like we said a week ago, it’s more about Microsoft than about Linux. Can we suggest the following rebrand?
Please do note that POWER has nothing to do with Red Hat; Red Hat’s offerings have traditionally been fine (relatively ethical) and didn’t need faking ‘openness’. This post of ours is all about IBM, not Red Hat.
We have meanwhile noticed some more openwashing pieces about IBM uploading some bits of design to Microsoft (it’s Open Core). Microsoft front ‘Motley Fool’ (yes, chain of ownership) wrote that “Big Blue offers the world a blueprint for its Power CPUs, reducing some companies’ dependence on proprietary technologies.”
By outsourcing some stuff to proprietary GitHub? Oh great! How open! How very gracious…
The headline said “IBM’s Latest Move Could Hurt Intel and AMD…”
“By outsourcing some stuff to proprietary GitHub? Oh great! How open! How very gracious…”Like Microsoft, Intel and AMD have their own openwashing operations as well. They too are outsourcing most of this stuff to GitHub (i.e. to Microsoft); proprietary software is all “open” now.
Just remember: “There’s a GitHub repo” means there’s something on a Microsoft-controlled proprietary software platform.
Being on GitHub implies neither FOSS nor public access. A lot of the stuff is proprietary and Microsoft dubs that “Inner Source”… you are merely a ‘guest’ on Microsoft’s private platform (where censorship is rife and utterly prejudiced), but you get to tell people that you ‘share’ and ‘collaborate’…
We’ve also just noticed Analytics India Magazine writing about this openwashing endeavour from IBM (backed by the Linux Foundation of Mr. Zemlin for extra marketing impact).
How about “IBM’s Open Source POWER Play: A RISC-V Business?”
“As we explained last month, IBM is openwashing POWER (or ‘Open’POWER) to distract from Free/libre stuff such as RISC-V.”RISC-V is without a doubt a positive development. It’s great, no doubt, but some are faking it and openwashing by association (as even some key members of the RISC-V Foundation did). IBM put Red Hat in it earlier this summer and now it’s looking to compete by making POWER seem ‘equally’ open (or more open or nearly as open… just something ‘open’).
As we explained last month, IBM is openwashing POWER (or ‘Open’POWER) to distract from Free/libre stuff such as RISC-V. ‘Open’POWER is nothing new; they’re sort of re-announcing it, this time with help from the Linux Foundation. Remember Zowe, the “Open Mainframe Project”? Also Linux Foundation. Just try to ignore all the patents and what happened with TurboHercules. IBM is as protectionist as ever.
In the next part we’ll be dealing with the openwashing of Microsoft by this so-called ‘Linux’ Foundation. It’s even uglier than whatever the Foundation does for IBM. █
Permalink
Send this to a friend
09.01.19
Posted in Deception, Free/Libre Software, Google, IBM, Microsoft at 1:48 pm by Dr. Roy Schestowitz
Summary: We’re supposed to be feeling joyous and victorious because — good news, everybody! — even all the technology giants are nowadays claiming to have ‘opened up’
THE plague of openwashing has spread to every corner of the proprietary software world. Just about every proprietary software company, provided it’s large enough, has invested in creating a false image of it being “open”. It’s about perception, as they know that this is all that matters. They can get a bunch of puff pieces published for them, hitting the right keywords to construct a fictional version of reality. There are other slants similar to it, including diversity, greenwashing, social responsibility and so on. But here in Techrights we shall focus on openwashing and name some of the worst offenders every weekend. We might even start doing it on a daily basis, depending on volume of material, urgency, and time available.
When we started researching this past week’s news we wrongly assumed that one concise article would be sufficient or that one single installment would contain everything. But one article isn’t enough; it would be absolutely huge, so we’ve decided make that at least 6 upcoming parts of the Openwashing Report. In fact, we might soon render it a daily feature, not weekly. We wish such a series wasn’t necessary or even possible, but too many incidents/instances are found and it’s very clearly a fast-growing problem. It’s a pandemic/epidemic. It’s 2019 and we can’t believe we’re sketching actual, well-supported (slam-dunk evidence) articles about how truly malicious proprietary software is being framed (and advertised) as “Open Source”. This oughtn’t be happening, but virtually nobody enforces labels such as “Open Source”; so who’s or what’s to stop abuse/misuse of it? Nothing.
“We wish such a series wasn’t necessary or even possible, but too many incidents/instances are found and it’s very clearly a fast-growing problem.”The noise is everywhere, outweighing the signal by nearly a whole order of magnitude. You search the Web for “Open Source” news and you get stuff like “Which Open Source Software is Better for You,” (published days ago) which on the surface (headline) sounds promising. This is not “Open Source” however (at all). It’s nothing but a ramp for malicious proprietary software that follows you around (location surveillance). This isn’t the exception. So Microsoft and Google blobs on one’s phones are “Open Source”? Seriously?
A couple of weeks ago we mentioned that Platform9 is not "Linux" or "Open Source" as shallow ‘news’ sites like to claim. Here comes another one of those puff pieces about fund-raising. Check what this company offers. It’s clearly misfiled. It’s one of those “cloud” things (spying).
“So Microsoft and Google blobs on one’s phones are “Open Source”? Seriously?”Over at Toolbox the other day we saw this article about an “Open-Source Partnership”. What is it exactly? Ten tech giants that do mass surveillance for the US government and China’s CCP gang up for openwashing and painting of their spying as “security” and “confidential”. Thanks, Linux Foundation, for this practical joke. Here they go again…
Over a week later media in South Africa is still producing puff pieces about it (“Ten tech giants join forces to beef up data security”).
We’re very sorry for being cynical, but…
Companies that spy on people the most (or build the spies’ infrastructure) use the PR services of the Foundation to paint themselves “Confidential”, “Consortium” and other marketing nonsense (even “Open-Source” and “Security”). How about Channel Futures with many of these buzzwords in one single headline?
How about this one from the Foundation-connected SDxCentral? IBM does lots of surveillance — some exceptionally notorious (see their work for NYPD) — but the media connected to the IBM-funded Foundation frames it as “quantum-safe” and “crypto” and “confidential” etc. (like the NSA calls itself “security”; it’s in the acronym!) and we hardly find that amusing. Even the term “open source” is used. “IBM will begin offering quantum-safe cryptography services on its public cloud beginning next year in a move toward bolstering the security of data and privacy from fault-tolerant quantum computers,” it said.
“Companies that spy on people the most (or build the spies’ infrastructure) use the PR services of the Foundation to paint themselves “Confidential”, “Consortium” and other marketing nonsense (even “Open-Source” and “Security”).”So surveillance is privacy.
“Cloud” is open.
And “cryptography” means “only IBM will read it” (or so one hopes; IBM has partners in the public and private sector).
Analytics India Magazine went ahead with this hilarious report entitled “How Tech Giants Are Advocating Open Source Software As Vehicle Of Change” (Obama also promised “Change”).
Well…
“Open Source isn’t exactly true to history and its “champions” exercise lots of openwashing — nothing like whatever the Free software movement originally envisioned.”“Tech Giants Are Advocating” people producing code for them, free of charge, for these “Tech Giants” to then ‘borrow’ this code for openwashing purposes, calling imperialistic spying companies “community”.
The article isn’t better than its headline. It starts with: “Open-sourced projects branched out from the free-software movement which began in the late 80s.”
It’s incredible revisionism to state that “the free-software movement [...] began in the late 80s.” This is false. If it didn’t start in the early 80s, then it started decades beforehand when sharing of code was commonplace; it was the default. But OK, we get it. Open Source isn't exactly true to history and its “champions” exercise lots of openwashing — nothing like whatever the Free software movement originally envisioned.
Later this week we’ll show more examples to that effect — surveillance in particular — implicating Facebook, VMware, IBM, Microsoft, Google and the rest of our ‘favourite’ Open Source ‘champions’ (“Open source champion Microsoft” is what Brian Fagioli’s headline said about Microsoft a few days ago). █
Permalink
Send this to a friend
08.23.19
Posted in Deception, Free/Libre Software, GNU/Linux, IBM at 2:57 pm by Dr. Roy Schestowitz
Summary: The concept of “Open” at the Linux Foundation gives room for thought; are things really being opened or mostly marketed as “Open” and, if so, is the Foundation more like a marketing agency?
THE Linux Foundation is promoting proprietary software and putting its projects in a proprietary software cage called GitHub, even more so after Microsoft bought GitHub. We’ve provided ample evidence in past articles.
The openwashing is shameful and the leanings towards Microsoft are utterly tasteless. But this is what we have now. This is the “Foundation” which claims to represent “Linux”. How astounding. How can something called “Linux Foundation” be so hostile towards Linux? And almost nobody who works there even uses Linux!
“How can something called “Linux Foundation” be so hostile towards Linux? And almost nobody who works there even uses Linux!”Today we deal with a bit of a ‘sacred cow’ because IBM owns Red Hat and Red Hat is undeniably a massive contributor to Linux. So we’ll be gentle.
Two days ago the Red Hat-friendly press (neighbour, physically) published “Why IBM embraces is embracing, expanding open hardware ecosystem in wake of Red Hat deal” (maybe joining consortia like RISC-V’s is applicable here).
But this is not about RISC-V.
There’s no need for us to dwell or obsess over the latest widely-covered announcements; we’ve included quite a lot about this in our daily links, including the calling of surveillance “confidential” and “security” (that’s one heck of a laughable newspeak right there!) and some AGL stuff.
We must admit that in relative terms the announcements from the Open Source Summit aren’t as controversial and infuriating as some which we came across in the past, so we won’t spend much time ‘bashing’ the Foundation over these.
The Open Source Summit has long been a sales event of proprietary software — just look at their marketing brochures and what’s on offer. We showed this in a series of posts earlier this year.
“The Open Source Summit has long been a sales event of proprietary software…”Further analysis of the announcements (there were three “major” ones) highlights areas of reservations, concerns, and justified scepticism. Much of it is the Foundation’s infamous openwashing as a service (OaaS). The way we see it, OpenPOWER is openwash mostly. And passing it to the Foundation is adding the perception of “independence”. Here’s some coverage from SDxCentral and FierceTelecom, which are sites close to the Foundation. A decades-long IBM advocate, Timothy Prickett Morgan, says “instruction set architecture of its Power family of processors” is what IBM ‘opened’. He wrote that in The Next Platform. [via OSnews]
“IBM Power chip instruction set now open source” said TechTarget’s headline. The problem is, this “open” power (or POWER) is… Microsoft-hosted.
“What da heck,” you say?
Exactly!
It’s part of a disturbing pattern/trend we’ve noted several times throughout the year.
How much “open” is there in OpenPOWER?
Not that much. It’s more like “open core”.
“How much “open” is there in OpenPOWER?”The real reason IBM is open-open-openwashing its “Open(R)” Power(TM) is that it’s trying to out-open what’s free/libre, RISC-V. The Register‘s headline was right on point: “IBM hears the RISC-V kids partying next door, decides it will make its Power CPU ISA free, too”
Can IBM also ‘own’ the word “Open”? Not really. It can, however, leverage it. There’s no legal enforcement.
Microsoft — like IBM — has long exploited brands that aren’t its own. IBM called its hugely expensive servers LinuxONE, piggybacking the “Linux” brand to sell something that’s not necessarily tied to GNU/Linux.
“The aim is obvious,” said the above article from The Register. It’s “to encourage the implementation of OpenPower CPUs, and get more Power-based systems out into data centers and the wider world. It also means engineers can customize their own OpenPower chips to run particular AI or analytical workloads, for example.”
““Open” as in OpenPOWER doesn’t mean you can replicate POWER without risk of patent lawsuits.”Some further coverage from sites loosely connected to IBM (e.g. HPCwire) further reinforces our suspicion. It’s a marketing blitz mostly, aided by corporate media like CBS. The name OpenPOWER isn’t new. They just reiterate old news and do a dance with the Foundation to make it seem independent, not just “open”.
Can anybody now replicate OpenPOWER? No. What IBM means by “open” isn’t quite it; they’d likely lob lots of patent lawsuits at anyone who dared try… remember TurboHercules?
Sadly, IBM hasn’t changed when it comes to patent policy. Red Hat is now owned by a patent bully that’s still lobbying for software patents and as IAM put it the other day: “In the 1990s IBM made billions from patent royalties. The principles that guided Big Blue to unprecedented licensing success still hold true today.”
They’re still doing it. “Open” as in OpenPOWER doesn’t mean you can replicate POWER without risk of patent lawsuits. █
Permalink
Send this to a friend
08.20.19
Posted in Free/Libre Software, FSF, GNU/Linux, GPL, IBM, Microsoft, Red Hat at 10:49 pm by Dr. Roy Schestowitz
A publication from the Free Media Alliance
Overview
Summary: “This strategy is not far from when Microsoft talked about “de-commoditizing protocols” in the late 90s, as part of their plans to control, dominate, and end Open Source and Free software.”
THE Free Software Foundation knows that a licence can have vulnerabilities, just like computer code. Tivo found such a vulnerability in GPL2, created an exploit, and the FSF patched it in GPLv3.
If a licence can have vulnerabilities, then any argument that relies on “it’s Free software, so…” is an oversimplification. Software is free because it gives you the four freedoms in the Free Software Definition, the definition is implemented via the GPL and similar licences, and a vulnerability works around (despite) that implementation. It may even work around the definition itself.
“Tivo found such a vulnerability in GPL2, created an exploit, and the FSF patched it in GPLv3.”The most tiring hubris from the FSF is that Free software is by nature, immune to the sort of attacks that Microsoft outlined years ago in the Halloween Documents. It is not immune, it is resistant. The Four Freedoms create substantial resistance to lock-in, bloat, bad security, and monopoly.
It shouldn’t take half a decade to explain to the FSF why a great strategy for reducing Software Freedom is to take a bunch of projects that are well-designed, stable, reliable and vital to Free software — glue them together into a single project from a single maintainer, and then make it more work to separate them again.
“It shouldn’t take half a decade to explain to the FSF why a great strategy for reducing Software Freedom is to take a bunch of projects that are well-designed, stable, reliable and vital to Free software — glue them together into a single project from a single maintainer, and then make it more work to separate them again.”This strategy is not far from when Microsoft talked about “de-commoditizing protocols” in the late 90s, as part of their plans to control, dominate, and end Open Source and Free software. When faced with this prospect and threat, the FSF and its fans tend to compartmentalise. To oversimplify, at great risk of a straw man:
Things are good or they’re bad,
Free software is good,
So everything under a Free software licence is good.
Of course the FSF knows better than that, they aren’t stupid. But when presented with arguments why systemd (as the primary example) are designed to reduce freedom and have reduced freedom, the FSF falls back on defensive apathy and indifference:
Using indifference towards a better viewpoint is a normal and common example of this. It can be caused by someone having used multiple compartment ideals and having been uncomfortable with modifying them, at risk of being found incorrect. This often causes double-standards, and bias.
Although it is not the inspiration for the title, given that the overarching metaphor chosen is the Titanic, it is hard not to compare the indifference and denial towards this threat to the insistence that the Titanic did not need lifeboats.
“Choice and freedom are certainly not the same thing — freedom is broader than choice, and while freedom seems to imply choice exists, choice can exist (as it does in most any proprietary software) without something that even resembles freedom.”Do we need to preserve choice for Free software? The FSF has always suggested otherwise, even if this seems (and ought to seem) very backwards from a perspective of freedom.
Choice and freedom are certainly not the same thing — freedom is broader than choice, and while freedom seems to imply choice exists, choice can exist (as it does in most any proprietary software) without something that even resembles freedom. Preserving choice — the modularity that made UNIX so easy to rebuild with Free software — is not and never was a priority for the FSF.
Trying to find a quote about Stallman saying that other desktops are fine, but not needed because the FSF already has GNOME, may turn this old quote instead:
Since we already have GTK support, there’s no reason we could not have equivalent Qt support, if it someone wants to maintain it.
However, GNOME is the main GNU desktop, and GNU packages are supposed to support each other. It would not be right for Emacs to have more support for KDE than for GNOME.
Giving priority to a GNU project makes plenty of sense for GNU, but this is just one more quote that suggests that the FSF has never considered choice to be important. This comes up again in a conversation with Alexandre Oliva of FSF-LA, who goes so far as to imply that preserving choice might go beyond the FSF’s mission and that perhaps another organisation could tackle something like that.
Is that really what it would take? Granted, that’s very nearly the premise of this writing — but can the FSF really not do anything in this regard? It seems bizarre, but either way we will attempt to help people understand why choice is vital to Software Freedom.
“Without the preservation of choice, both GNU and the FSF itself have a single point of failure.”We live in a society where monopolies are considered “too big to fail,” and the Titanic was also considered too big to fail — we also communicate with a global network, the concept of which was presented to then-monopoly AT&T as an alternative to their vulnerable, overly top-down system with a single point of failure.
Without the preservation of choice, both GNU and the FSF itself have a single point of failure. “Choice” does not mean, just to state the obvious, that “all combinations of anything are possible.” It means that freedom has redundancy (and better caters to diversity), and that things must fail multiple times on several levels before the failure is catastrophic.
Although the “lifeboats” metaphor is primarily intended to refer to a safe escape if the Free Software Foundation itself fails, (the global chapters do not really operate in practice like redundant or autonomous nodes, they are more like foreign bases of operation coordinated by a primary node and will likely fail if the main office does) if a large project like GNOME is no longer suitable, additional desktop environments (preferably smaller ones that are simpler and less likely to fail) could also act as lifeboats.
If this concept is too foreign (it shouldn’t be) for the FSF to acknowledge the obvious importance of, they can certainly recognise that users strongly feel a need to have alternatives for just this reason. The denial and rhetoric from Free software supporters (with some very notable exceptions) on this matter is pathological, but relentless.
The FSF has made its decision on the matter, and the 5 years of development time stolen, along with the power consolidation of too many projects by a single commercial monopoly — which was recently purchased by an even larger commercial monopoly — and is hosted on servers owned and controlled by their largest sworn enemy (of freedom itself) you might really ask yourself what the hell they’re thinking. We have an answer: they’re not, denial is something different.
So the FSF doesn’t need lifeboats, yadda yadda yadda. We’ve heard that one before. Even if the FSF doesn’t need them, We as “passengers” on this thing do, so we will provide them if we want to stay afloat. And as long as we are engineering safety where the FSF courts disaster for their mission, we might as well try to provide their safety along with our own. They may ignore our warnings, but we still care deeply about what they’re doing.
“The FSF has made its decision on the matter, and the 5 years of development time stolen, along with the power consolidation of too many projects by a single commercial monopoly — which was recently purchased by an even larger commercial monopoly — and is hosted on servers owned and controlled by their largest sworn enemy (of freedom itself) you might really ask yourself what the hell they’re thinking.”Lifeboats for us then, and lifeboats for them. And like the resistance of a licence to a monopoly dedicated to Free software’s destruction, this metaphor can only go so far, so to construct “lifeboats” it is really necessary to talk about what will “sink” without them — namely the threats and possible disasters that Free software may encounter or have already encountered, now, recently, and in the near future.
If we understand and don’t deny the threats, it should (with luck) help us work on ways to address them. With a visit to the Librethreat database.
We find a “malware-threat-like database of threats to libre software”. The first threat is “Tivoisation” and the field “Also recognised by FSF:” is filled out with “Yes“. The summary is: “GPL2 not strong enough to prevent DRM/TPM from allowing device owners to change operating system in devices” and the mitigation is: “Migrate to GPL3.”
Interestingly enough, that migration to GPL3 was supposed to include the Linux kernel. What went wrong there was a multipronged attack to a singleprong (licence-based) solution. The GPL3 is a good licence — in many ways it is a clear upgrade. But the attack was followed up by lobbying from the Association for Competitive Technology (covered in a story by Infoworld in 2007) which according to Techrights in 2019,
worked to get Linus Torvalds against it and prevent its adoption for Linux development.
GPL2: [ fail ]
GPL3: [ ok ]
ACT Lobbying: [ fail ] WARNING: This will cause Linux to remain GPL2
Both licences and organisations can fail to protect Free software from interference from monopolies like Microsoft. Just implying that Free software is immune to their tactics “because it’s Free software” is a falsehood and a way of pooh-poohing a threat.
“Regarding some of the things they have spent the past 5 years or more in denial about, systemd is the largest example.”Historically, the FSF has a very good track record (indeed, the best record) of recognising these threats and responding to them. The point is simply that they too can fail — the FSF is fallible, human, imperfect. Regarding some of the things they have spent the past 5 years or more in denial about, systemd is the largest example.
Security researchers, professional bloggers and journalists, higher-ups from other Free software organisations such as Dyne.org and users and administrators have all spoken out against systemd, and the FSF has done nothing to help them or give them a real voice. If the FSF has any members paying for the privilege of being ignored and dismissed with the rest of us, we don’t know much about them.
The FSF fails as a megaphone for Free software advocates, it does not always listen very well to advocates, but perhaps it should do more of that. As to what response its critics should have made, perhaps a formal petition to the FSF should have started to get them to drop their support of the systemd takeover, similar to the petitions the FSF made regarding DRM and UEFI.
“The FSF fails as a megaphone for Free software advocates, it does not always listen very well to advocates, but perhaps it should do more of that.”One of the undeniable failures of those against systemd is that no such petition was ever presented to the FSF — instead, our actions always fell short of one. (If you think it’s not too late, let us know or perhaps go ahead and start one.) In the future we would recommend formal petitions to make the FSF take threats like this more seriously. It’s one thing to say “we can’t do anything.” Saying there is nothing that needs to be done is probably false, and there’s no excuse.
We maintain that systemd could be a weapon against Software Freedom. We can’t say that on the Debian mailing-list, but we know that one or more companies remain out to do harm to Free software, we know their tactics have never changed with their marketing rhetoric, we know that systemd does things that are strikingly similar to the tactics outlined in corporate documents designed to wage war against Free software. So why wouldn’t it be a weapon against software freedom? It looks like, walks, and quacks like a duck. How is it actually different? Oh, the licence?
Even when the same people who talked about the problems systemd would cause, look back on 5 years of cleanup that could have really been better spent improving software rather than salvaging it from wreckage, the FSF remains silent. If it only hurt the FSF then perhaps we could let them live with it, but what about the rest of us? The FSF ignores and denies the problem, ignores what we say, and ignores the damage done to all of us. Thankfully, some of us have worked on alternatives. Unfortunately, there is a threat (or category of threat) similar to systemd that is even bigger:
Redix
Threat type: Broad category
Affects: Free software development, stability and reliability, autonomy, organisational structure
Summary: Disruption of POSIX, EEE of Free software projects, Infiltration of organisations that offer Free software
Recognised by: Free Media Alliance, some critics of Systemd
Also recognised by FSF: No
Mitigation: Avoid / fork / replace / document examples of Redix in software, use Systemd-free distros, assist Hyperbola developers
Examples: Pycon, Systemd
The FSF does not talk much about infiltration of FLOSS organisations by employees of monopolies like Microsoft, even when such monopolies and related lobbing organisations did so much to thwart GPL3, which patched critical vulnerabilities in their primary defensive weapon (the GPL.) Neglecting threats of this nature continues to weaken the FSF’s defenses in the 21st century, and the evidence is everywhere. Monopoly forces continue to move farther and farther into our territory. Why is the FSF so quiet?
“Neglecting threats of this nature continues to weaken the FSF’s defenses in the 21st century, and the evidence is everywhere.”Again, we recommend petitions. They may not be enough, but they are a good place to start. They can even be informal, provided that they are well-documented enough (we don’t need to use change.org, for example.) The point is fighting to be heard, something that shouldn’t be necessary but clearly is. (We have fought hard for a year, other organisations have fought for years longer, to no avail.)
If the FSF is not a megaphone for its members, we continue to build one that you can use for the purpose. We should build a network of megaphones, so that when Free software is headed for yet another iceberg, the FSF cannot dismiss the noise so easily.
But the larger threat is to POSIX itself. Stallman coined the term, and we insist it is the glue that holds Free software together. Perhaps you can destroy POSIX altogether, and systemd along with zircon (the kernel of Google’s Fuchsia operating system) are two projects that may aim to do just that. Microsoft themselves said decades ago:
Systematically attacking UNIX in general helps attack Linux in particular.
In modern terms, there is not a better description of “UNIX in general” than POSIX. At this point, it is far more relevant than UNIX.
Once again, if we move past systemd and look at the threats to POSIX, we do not come up wanting. We can show that POSIX itself is in the crosshairs, we can give this strategy a name: “Redix.” We can show that systemd is the Redix flagship, but someday it could be retired, and replaced with a new flagship. We would rather point out the trend, the strategy, than just a single example or implementation.
If the FSF has any contingencies against this, they are silent and are certainly fooling us. Do you have reasons to ignore this threat as well?
“In modern terms, there is not a better description of “UNIX in general” than POSIX. At this point, it is far more relevant than UNIX.”Is there something we left out? The Free Media Alliance talks about more details related to this all the time; you can ignore one example, how about five? Ten? How many examples would it take to make this credible in your opinion? As long as Free software is threatened, it the job of those who care to do something, to at least admit the threat exists. Why wouldn’t we?
Unfortunately, systemd proponents have spent the past 5 years beating us down and shutting us up. Even as new organisations form, the struggle to be taken seriously continues. The FSF went through that for many years (arguably they still do) and there’s no reason we won’t have to do the same. But it’s a terrible shame, when the same rhetorical tactics used to fight Free software itself, are used by Free software advocates to silence those sounding the alarm.
We recommend the Librethreat database as a primary radar for new threats to Free software, and no one can make you take each threat equally seriously (we don’t. Some of it is pure speculation.) It includes threats that even the FSF recognises, but why stop there? The FSF has proven itself unable to respond fully to Tivoisation. GPL3 was an effective licence measure against it, we can’t fault that. Only the sale to Torvalds failed, due to lobbyists that may claim to “♥ Linux.”
“Are we ready to acknowledge the severity of these threats yet, or will it take another 5 years?”Companies who wish to “Tivoise” can simply get the same GPL2 kernel as before, Tivoise it all they wish, and then — they can’t use newer GPL3 applications, can they? No, like Apple they will simply dump those and use non-GPL applications. Perhaps there are threats bigger than Tivoisation out there. And if there weren’t, perhaps the FSF’s plan to patch Free software against it would have worked.
Are we ready to acknowledge the severity of these threats yet, or will it take another 5 years?
Let us know. █
Licence: Creative Commons CC0 1.0 (Public Domain)
Permalink
Send this to a friend
08.17.19
Posted in IBM, Red Hat at 8:55 am by Dr. Roy Schestowitz
Long history to that domain, from OSI control (not today’s OSI) to Red Hat alias and now IBM’s
Summary: The Web site OpenSource.com is over two decades old; in its current form it’s about a decade old and it contains plenty of good articles, but will IBM think so too and, if so, will investment in the site carry on?
PUBLISHING is tough. It’s especially tough when writers expect a salary. Where does money come from? It varies; there are options. A publisher we often link to (because it writes about a dozen articles per day), Common Dreams, apparently has rich donors pumping a million bucks into it every year, but they want something in return (maybe ideological). Maybe the donors are the readers alone. What about GNU/Linux? In its true and pure form nobody ‘owns’ it; it’s not proprietary.
Linux Journal's sad demise just months after Linux.com's demise (the site might go offline permanently within days or weeks due to lack of funds) is very troubling. We already see the effect; there’s a lot less news about GNU/Linux. Here in Techrights, e.g. for the purpose of daily links, we need to dig deeper and deeper in order to find links and picks. There’s an information vacuum and it’s being exploited by few malicious corporations, e.g. for googlebombing. They hijack the narrative and misinform the public.
“IBM has just confirmed nearly 1,000 layoffs in the UK in spite of financial resurgence in that market.”For a variety of reasons we’ve long been sceptical of IBM’s intentions. Will it keep Red Hat’s news sites going (there are several)? And if so, which ones? If there’s no “business model”, then IBM will likely shut it down. IBM has just confirmed nearly 1,000 layoffs in the UK in spite of financial resurgence in that market. That’s just typical IBM. If a site doesn’t help IBM sales, it probably won’t last long. If a member of staff isn’t profitable to IBM, he or she will be handed a pink slip. Last we checked, OpenSource.com had outsourced the technical/back end aspect to Acquia; it is a large Drupal site and it won’t be cheap to maintain it, let alone pay writers to add new articles to it. Without new articles a site becomes merely an archive. It’s less attractive because it’s eternally outdated.
Rikki Endsley, the person who edited OpenSource.com for a long time, retweeted Linux Journal and added: “Well this is sad news. Sending hugs out to the Linux Journal folks.” Jim Hall, who wrote for Linux Journal and sometimes writes for OpenSource.com, wrote about it last week (at OpenSource.com).
Endsley’s relocation or reassignment is curious.
Months ago we noticed that she had stopped writing for OpenSource.com. We asked questions like, did she leave (jump) or was she pushed? Did IBM play a role in this? Nobody from Red Hat is willing to say anything. Some of them saw these questions. Some might even have answers.
“Nobody from Red Hat is willing to say anything.”Her profile says: “Rikki Endsley is the Developer Program managing editor at Red Hat, and a former community architect and editor for Opensource.com.” Twitter says “Editor ✒️ @RHdevelopers”.
She’s no longer listed here in “Meet the team” (of OpenSource.com) however. “Jen Wike Huger is the managing editor for Opensource.com,” it says and many of the articles are nowadays technical posts from Red Hat’s own staff. It’s not what it used to be. Lots of posts are promotion of Red Hat products like Ansible.
It seems clear that Endsley is still with Red Hat, but we wonder what goes on at Red Hat; she still tweets, but there are no posts in the site she edited (since the middle of February). Is IBM committed to it? In October 2018 IBM made its plans known (for Red Hat), but IBM isn’t a publisher and it has lots of financial issues.
“Is IBM committed to it? In October 2018 IBM made its plans known (for Red Hat), but IBM isn’t a publisher and it has lots of financial issues.”Endsley probably knows what’s going on. We contacted her earlier today and have not heard back. The Red Hat developers site she does participate in, possible alongside other Red Hat roles, but the main question is, what is going on at OpenSource.com? They must have published about 10,000 articles, some of them very long and detailed. My wife has read OpenSource.com for about 6 years, almost every day. She says the quality of the articles has vastly decreased and she hardly finds anything of interest there anymore.
Is OpenSource.com potentially the next casualty of the media-pocalypse? We hope not. The people who have closely been involved with the site probably know a lot more and have a rough (if not good) idea what IBM plans for the site. Something must have been communicated to them at some point since last year. Was Endsley reassigned, based on her skills, to another department/site? Did she choose to move. Unless someone opens his/her mouth, we can only speculate. The silence doesn’t inspire much confidence. █
Permalink
Send this to a friend
08.16.19
Posted in GNU/Linux, Hardware, IBM, Microsoft, Red Hat at 9:09 am by Dr. Roy Schestowitz
“One thing I find myself wondering about is whether we shouldn’t try and make the “ACPI” extensions somehow Windows specific.
“It seems unfortunate if we do this work and get our partners to do the work and the results is that Linux works great without having to do the work.
“Maybe there is no way to avoid this problem but it does bother me.
“Maybe we could define the APIs so that they work well with NT and not the others even if they are open.
“Or maybe we could patent something related to this.”
–Bill Gates
Summary: Vicious old Microsoft is still trying to make life very hard for GNU/Linux, especially in the OEM channel/s, but we’re somehow supposed to think that “Microsoft loves Linux”
YESTERDAY we saw Red Hat’s (now IBM’s) Richard Hughes complaining about Microsoft [1], whereupon Phoronix picked that up [2] and it was then discussed in our IRC channels, Phoronix forums etc. The corporate media obviously showed no interest in it. All it can do is post “Microsoft loves Linux” images because Microsoft asks for that. To quote Richard: “All the dependency resolution should be in the metadata layer (e.g. in the .inf file) rather than being pushed down to the hardware running the old firmware.”
“All the dependency resolution should be in the metadata layer (e.g. in the .inf file) rather than being pushed down to the hardware running the old firmware.”
–Richard HughesAs Michael Larabel put it, “implementation has a number of issues that complicate the process and could quickly evolve into another troubling specification from Microsoft in the hardware space.”
Remember UEFI ‘secure boot’? How did that work out for security?
Microsoft certainly loves Linux with a knife in the back — hence Bill Gates' "Jihad" remark (about Intel’s support for Linux). MinceR at the #techrights IRC channel said: “you can tell something from Microsoft is _really_ _really_ shit when their sycophants at GNOME say it’s shit…”
“Nowadays Zemlin is mostly quoted by the media as saying wonderful things about Microsoft. Most GNU/Linux user just want to vomit.”It is worth remembering that Richard’s work is now supported by the Linux Foundation (since months ago when it adopted LVFS), so maybe Richard can explain to the Linux ‘genius’ Jim Zemlin (who never uses Linux) what Microsoft does here and why it is anticompetitive. We don’t suppose this will happen though. Zemlin is a 'true believer' in Microsoft and his wife managed a close partner of Microsoft when Microsoft paid the Linux Foundation. Nowadays Zemlin is mostly quoted by the media as saying wonderful things about Microsoft. Most GNU/Linux user just want to vomit. Money talks; people who love money are therefore a vulnerability. Jim Zemlin and his wife are the sorts of people whose life aspiration is to have dinner with Bill and Melinda Gates. It’s all about class and power (Harvard). A decade ago Jim Zemlin said negative things about Microsoft and now (after/since Microsoft had given him $500,000) he says Microsoft is a good company while ignoring the below among many other things, patent extortion included (it's still going on). His wife worked for a Gold Microsoft Partner at the time (as a General Manager and Global VP of a SaaS Business Unit). Her business was moving companies to something like Microsoft Azure. In his own words (Jim Zemlin’s interview with Jeremy Allison; 1m:30s), “I’m about as much [boss of Torvalds] as I am the boss of my wife…” █
Related/contextual items from the news:
-
CFU has a bazaar pre-download phase before sending the firmware to the microcontroller so the uC can check if the firmware is required and compatible. CFU also requires devices to be able to transfer the entire new transfer mode in runtime mode. The pre-download “offer” allows the uC to check any sub-components attached (e.g. other devices attached to the SoC) and forces it to do dep resolution in case sub-components have to be updated in a specific order.
Pushing the dep resolution down to the uC means the uC has to do all the version comparisons and also know all the logic with regard to protocol incompatibilities. You could be in a position where the uC firmware needs to be updated so that it “knows” about the new protocol restrictions, which are needed to update the uC and the things attached in the right order in a subsequent update. If we always update the uC to the latest, the probably-factory-default running version doesn’t know about the new restrictions.
The other issue with this is that the peripheral is unaware of the other devices in the system, so for instance couldn’t only install a new firmware version for only new builds of Windows for example. Something that we support in fwupd is being able to restrict the peripheral device firmware to a specific SMBIOS CHID or a system firmware vendor, which lets vendors solve the “same hardware in different chassis, with custom firmware” problem. I don’t see how that could be possible using CFU unless I misunderstand the new .inf features. All the dependency resolution should be in the metadata layer (e.g. in the .inf file) rather than being pushed down to the hardware running the old firmware.
-
Microsoft’s newest specification is the “Component Firmware Update” that they envision as a standard for OEMs/IHVs to be able to handle device firmware/microcode updating in a robust and secure manner. While nice in theory, the actual implementation has a number of issues that complicate the process and could quickly evolve into another troubling specification from Microsoft in the hardware space.
Red Hat’s Richard Hughes who is the lead developer on Fwupd and LVFS for firmware updating on Linux has written a lengthy blog post with his thoughts after studying the specification. Now that vendors have begun asking him about CFU, he’s getting his opinions out there now and there are issues with the specification. Ultimately though if there is enough interest/adoption, he could support Component Firmware Update via Fwupd but he certainly isn’t eager to do so.
Permalink
Send this to a friend
« Previous entries Next Page » Next Page »
Content is available under CC-BY-SA