Don’t install, just antagonise the bugging
Summary: Microsoft inadvertently reminds people who had Vista 10 installed on their PC (sometimes downloaded passively against their will) that it is spying on them all the time and a new kind of pressure is being used to create a panic for acceptance of any forced (remotely-imposed) ‘upgrade’ to Vista 10
TECHRIGHTS does not wish to be dragged back into Microsoft bashing (unlike direct attacks on GNU/Linux, usually with the aid of software patents and patent trolls), but readers probably know by now that Microsoft has been turning people who used to be called users or customers into subjects or products, to be spied on and be treated like a commodity whose amount need to be maximised for exploitation in bulk.
With the introduction of Vista 10, the latest and nastiest (more malicious based on rather objective criteria) version of Windows, Microsoft now spies on every person all the time. There is some good analysis  and criticism  of this self-incriminating propaganda-driven move from Microsoft, which is desperate to convince people whom it forces to move to Vista 10 that this forcing will be for their own good, not just the good of the NSA.
“Vista 10 is not an operating system but spyware pretending to be one.”Using ‘security’ as a reason, Microsoft is now bashing older versions of Windows. Low on resources, Microsoft leaves in tact even known (to the public) back doors in its Web browsers, as covered by Microsoft-friendly sites (as here) and FOSS-centric sites (well, FOSS-centric most of the time). Here is how to put a positive spin on Microsoft’s latest kind of pressure/demand for people to move to the latest trap: “This news has come as a breath of fresh air as it was considered a bane for many web developers, thanks to the endless security holes in the software.”
Well, Web developers whom I know and work with often complain about the latest Internet Explorer and “Edge” (new branding for the same rubbish). They’re more incompatible with even more Web sites, for various different reasons. So this excuse or optimism is misplaced. As soon as next week, based on Microsoft fan sites, Microsoft will have yet another propaganda by which to pressure people to install spyware on their computers. Now is a good time to move to GNU/Linux. Some high-profile journalists are doing so right now because they better understand the underlying reasons (they’re reasonably technical).
Vista 10 is not an operating system but spyware pretending to be one. █
Related/contextual items from the news:
Understandably perturbed by this BetaNews took Microsoft to task on these revelations and asked if it would like to “explain how it came about the information, and why it is being collected in the first place”. Microsoft’s official response: “Thank you for your patience as I looked into this for you. Unfortunately my colleagues cannot provide a comment regarding your request. All we have to share is this Windows blog post.”
To which BetaNews makes a very fair conclusion: “Microsoft’s spying is intrusive enough to reveal how long you have been using Windows 10, but the company is not willing to be open about the collection of this data.”
Consequently the next obvious point to ponder is: If Microsoft is happy to disclose this data without saying how it was attained, what else does it access and track without user knowledge? Given Microsoft already admits much of its automatic spying cannot to turned off, just how many more metrics and how much user data is it gathering from every Windows 10 device?
The various privacy concerns surrounding Windows 10 have received a lot of coverage in the media, but it seems that there are ever more secrets coming to light. The Threshold 2 Update did nothing to curtail privacy invasion, and the latest Windows 10 installation figures show that Microsoft is also monitoring how long people are using the operating system.
This might seem like a slightly strange statistic for Microsoft to keep track of, but the company knows how long, collectively, Windows 10 has been running on computers around the world. To have reached this figure (11 billion hours in December, apparently) Microsoft must have been logging individuals’ usage times. Intrigued, we contacted Microsoft to find out what on earth is going on.
If the company has indeed been checking up on when you are clocking in and out of Windows 10, it’s not going to admit it. I asked how Microsoft has been able to determine the 11 billion hours figure. Is this another invasion of privacy, another instance of spying that users should be worried about? “I just wanted to check where this figure came from. Is it a case of asking people and calculating an average, working with data from a representative sample of people, or it is a case of monitoring every Windows 10 installation?”
Send this to a friend
New evidence of Microsoft’s advocacy of back doors and of dangers to SSH security
Summary: Concerns about OpenSSH and its acceptance of Microsoft (after relatively huge payments), which not only facilitates back door access (with secret code) but is already descending into oblivion anyway
MICROSOFT’S business, as we pointed out this morning, is in a sorry state. The common carrier, Vista 10, is widely rejected, so Microsoft is now trying to force people to download and install it. This is a new kind of aggression from Microsoft. It forcibly gives people software that they don’t ask for and explicitly reject.
“One has to be seriously misinformed to actually believe that effective disk encryption is possible in Windows. There are back doors and it’s intentional.”There are permanent back doors in Vista 10, as leaks about Microsoft’s special relationship with the NSA serve to highlight. The British technology press calls Vista 10 “spyware-as-a-service” and points out that drive encryption in it is permanently broken. One article shows that security not a priority at all in Vista 10 and another states that “Microsoft can be pretty secretive about its spyware-as-a-service Windows 10, but Redmond has now taken its furtiveness to a whole new level.” The clever headline says “Microsoft encrypts explanation of borked Windows 10 encryption”. Well, Microsoft doesn’t make drive encryption that actually works. There are back doors in it, as we explained last year and earlier this year. There are even bits of material related to this in leaks-oriented sites such as Cryptome. One has to be seriously misinformed to actually believe that effective disk encryption is possible in Windows. There are back doors and it’s intentional. We know this, at the very least, based on Edward Snowden’s leaks. The FBI does not even publicly complain about encryption in Microsoft’s products; that’s because the FBI already has a door into everything from Microsoft. Remember CIPAV?
“To make matters insanely dangerous, OpenSSHL “will also have Redmond’s proprietary cryptology interfaces rather than standard open-source implementations of the Secure Sockets Layer” (in other words, compromise of security is almost guaranteed).”To make matters worse, Microsoft is now trying to bring this whole crazy mentality into FOSS projects like OpenSSH (hence into BSD, Linux, Solaris, and so on) — a move which we criticised here before (even quite recently). OpenSSH, according to this article, is getting closer to NIST (the NSA’a back doors facilitator, which recommended ciphers with back doors in them). To make matters insanely dangerous, OpenSSHL “will also have Redmond’s proprietary cryptology interfaces rather than standard open-source implementations of the Secure Sockets Layer” (in other words, compromise of security is almost guaranteed).
“Microsoft needs them more than they need Microsoft, but Microsoft handed them a nice bribe in order to do this (we covered this earlier this year).”What are NIST and Microsoft doing anywhere near SSH? Both of them are proponents and facilitators of back doors? IETF is there too. We already wrote a great deal about its malice over the years. What are OpenSSH developers getting into here? Microsoft needs them more than they need Microsoft, but Microsoft handed them a nice bribe in order to do this (we covered this earlier this year).
Microsoft itself continues to collapse. The people who made Vista 10 marketing gimmicks are being laid off right now. More Microsoft layoffs are being reported this month. Just notice the trend. It is an ever-shrinking company trying to reinvent itself and find a new identity, with a new logo and new CEO, led by Bill Gates (the real boss who amasses all the money, hoarding more and more of it while pretending to run a ‘charity’ in order to get tax breaks, like Mark Zuckerberg).
We are saddened to see the OpenSSH community opening its door (maybe its back door) to a dying company which they neither need nor can trust. █
“In doubt a man of worth will trust to his own wisdom.”
Send this to a friend
“If you (Senator Wellstone) vote against the war in Iraq, the Bush administration will do whatever is necessary to get you. There will be severe ramifications for you and the state of Minnesota.” –Vice President Dick Cheney to Senator Paul Wellstone (D), October, 2002, just days before Wellstone’s death in an airplane accident
Summary: The involvement of Microsoft Windows in mission-critical systems (where many lives are on the line) shows extreme negligence and lack of foresight
FRANCE appears to have had problems other than terrorism. Headlines today serve to confirm, with Russia’s acceptance too, that its plane was recently taken down by terrorists, killing about twice as many people as died in Paris on Friday. Days ago the British media ran some scare stories about a French person in a British airport (a lot of misreporting about that, see our daily links for more), but how about basic technological errors? Remember what happened to a Spanair flight and also the poor judgment of British aviation. More planes crash due to technical malfunction than due to terrorism.
“Microsoft seems to be good at nothing these days, perhaps other than back doors and back room deals.”Based on a new report, France is still running mission-critical systems with Windows, even really ancient versions of it, as ancient as 3.1 (see “Windows 3.1 Is Still Alive, And It Just Killed a French Airport” in  below). What are they thinking? This is just nuts! It’s not from The Onion and it’s definitely no satire.
Microsoft seems to be good at nothing these days, perhaps other than back doors and back room deals. Recall Microsoft’s new body cameras partnership with TASER, which we mentioned a few times, then see [2,3] below. Conficker, a Windows virus, is now being preinstalled on body cameras. How many lives will likely be sacrificed as a result of this? Police brutality too needlessly kills a lot of people.
“Haven’t Snowden’s leaks shown enough to convince everyone that genuine security is not the goal at Microsoft but actually somewhat of a foe?”Windows is not suitable for anything that requires security because Windows is simply not designed to be secure. It’s designed for “national security” (meaning back doors and bogus encryption that the state can crack). Proprietary software in general is bad, including firmware , based on new reports. Microsoft is now silently modifying its patches after it bricked Outlook, which has back doors. To quote the British media: “Many IT managers and normal folks held off on last week’s patching cycle after one Microsoft fix – KB 3097877 – broke several versions of Outlook. The error came in how the software handled fonts, and resulted in the email client crashing as soon as some emails were scrolled through.”
We have already covered this here the other day, in relation to back doors in Microsoft data encryption. It is unthikable and rather unbelievable that some people still get away with putting Windows in mission-critical systems, even in governments and businesses. Haven’t Snowden’s leaks shown enough to convince everyone that genuine security is not the goal at Microsoft but actually somewhat of a foe? █
Related/contextual items from the news:
A computer glitch that brought the Paris airport of Orly to a standstill Saturday has been traced back to the airport’s “prehistoric” operating system. In an article published Wednesday, French satirical weekly Le Canard Enchaîné (which often writes serious stories, such as this one) said the computer failure had affected a system known as DECOR, which is used by air traffic controllers to communicate weather information to pilots. Pilots rely on the system when weather conditions are poor.
DECOR, which is used in takeoff and landings, runs on Windows 3.1, an operating system that came onto the market in 1992. Hardly state-of-the-art technology. One of the highlights of Windows 3.1 when it came out was the inclusion of Minesweeper — a single-player video game that was responsible for wasting hours of PC owners’ time in the early ’90s.
US-based iPower Technologies has discovered that body cameras sold by Martel Electronics come pre-infected with the Conficker worm (Win32/Conficker.B!inf).
At the end of October this year, 14,000 police officials from around the world gathered in a Chicago conference center for the International Association of Chiefs of Police conference. It was equal parts political convention and trade show, with panels on crisis response splitting time with hundreds of small companies selling bomb-disposal robots and guns.
There were more than a dozen body camera companies on the show floor, but Taser made the biggest splash, constructing a Disney-style amphitheater called the USS Axon Enterprise. The show began with a white-jacketed captain, who announced he had traveled back in time from the year 2055, where lethal force has been eliminated and police are respected and loved by their communities. To explain how to get there, he ran through a history of policing tech. Approaching the present moment, he fell into a kind of disappointed sadness.
This is really no surprise: embedded system vendors aren’t good at carrying out quality assurance on their firmware images, and their embedded Web server software is what you’d expect from something written in the last 20 minutes of Friday afternoon.
Send this to a friend
It doesn’t even look tough
Summary: Unlocking the bogus encryption of the proprietary (secret code) BitLocker is surprisingly trivial, as Ian Haken has just revealed and demonstrated at Black Hat Europe
WE previously showed that BitLocker was not designed for security because of government intervention. Microsoft ‘encryption’ and ‘security’ patches are basically intended for an illusion of security — not real security – because Microsoft sits on zero-day flaws with the NSA. In simple terms, Microsoft ensures that the NSA and its affiliates have ways by which to remotely exploit Microsoft-made software and there is nothing that people can do to protect themselves from this, except deletion of Microsoft-made software.
“There is no patch for this and all BitLocker instances to date are affected.”Microsoft encryption continues to be an utter joke if one takes this article seriously. “A researcher” — one who is not from Microsoft — is said to have “disclosed a trivial Windows authentication bypass that puts data on BitLocker-encrypted laptops at risk.” There is no patch for this and all BitLocker instances to date are affected. Remember COFEE? Microsoft basically assumes that all people are criminals and it shows.
For those who think about relying on patches, caution is advised. Microsoft patches are broken again and users are advised not to apply them. This includes last Tuesday’s security patches, which helped reveal Microsoft’s ‘enterprise’ ‘professional’ ‘quality’:
The El Reg inbox has been flooded with reports of a serious cock-up by Microsoft’s patching squad, with one of Tuesday’s fixes causing killer problems for Outlook.
“We are looking into reports from some customers who are experiencing difficulties with Outlook after installing Windows KB 3097877. An immediate review is under way,” a Microsoft spokesperson told us.
The problem is with software in one of the four critical patches issued in yesterday’s Patch Tuesday bundle – MS15-115. This was supposed to fix a flaw in the way Windows handles fonts, but has had some unexpected side effects for some Outlook users.
“Today I’ve deployed latest Outlook patch to all of my clients, and now Outlook is crashing every 10 minutes and then restarting itself. I tried on fresh Win10, no AV with latest patches applied and here we go, Outlook crashing there too,” complained one TechNet user.
“Come on guys, do you EVER do proper QA before releasing anything Office 2013 related? This is the worst version of Outlook ever. Sorry for negative attitude but this is how things are.”
People should remember that Outlook (Webmail) itself has back doors, so for anything that requires a level of privacy (not just legal work and journalism) Windows must be avoided. Microsoft is a foe of privacy and it’s not an accident. Vista 10 takes privacy violations to a whole new level. █
“Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system…”
–Dennis Fisher, August 7th, 2008
Send this to a friend
Another Black Duck in the making? Security FUD from a firm established by champions of back doors.
Summary: Another company whose business model is monetising (and thus often enhancing) fear, uncertainty and doubt (FUD) over Free/Open Source software (FOSS) and this one too comes from Microsoft
THIS trend has grown rather tiresome. Every now and then we see Microsoft’s tentacles reaching out for areas in FOSS where there is an opportunity to badmouth FOSS. They turn Microsoft’s anti-FOSS rhetoric into their business model. They institutionalise it.
“Another Microsoft guy creates a company that says Free software is not secure and needs some proprietary software ‘medicine’.”Based on a new press release in its various forms/variations [1, 2, 3], we may have yet another OpenLogic or Black Duck in our hands. Another Microsoft guy creates a company that says Free software is not secure and needs some proprietary software ‘medicine’.
SourceClear is not even known (we never heard of it, it seemingly came out of nowhere), it’s a very young firm, and immediately it receives a lot of money and even promotional coverage from the News Corp.-owned Wall Street Journal, which is a Microsoft-friendly publication. The first sentence provides the background one needs to be aware of:
Mark Curphey worked to stamp out software bugs for about a decade as head of the security tools team at Microsoft Corp. and in several other jobs before he realized that the problem was getting worse instead of better.
To quote Gordon B-P: ‘”Worked at MS bugs for a decade” – didn’t do a very good job there then. What makes him think he’ll be able to “secure” OSS?’
Jordan Novet, who is a promoter of Microsoft as we noted the other day, covered this as well, using bug branding such as "Heartbleed", coined by a company which is strongly connected to Microsoft. “It turns out that lots of other [FOSS] libraries have exactly the same issues but have not been reported,” Novet quotes Curphey, whom he describes as “previously a former principal group program manager inside Microsoft’s developer division. [...] SourceClear started in Seattle in 2013…”
“SourceClear started in Seattle in 2013…”
–Jordan NovetWith OpenLogic, Black Duck, Codenomicon and various other Microsoft-connected (often created by Microsoft people and/or managed by Microsoft people) firms that badmouth FOSS we sure expect SourceClear to be no exception. They serve to distract from the built-in and intentional insecurities of proprietary software such as Windows, including quite famously Vista 10 where back doors are an understatement because everything is recorded and broadcast (total remote surveillance), even without a breach or an access through the back doors.
Microsoft cannot produce secure code because ‘national security’, i.e. many back doors, are a design goal. It helps Microsoft establish a ‘special relationship’ with the state and in fact it just got a contract from a highly notorious company, Taser .
Here we are in 2013 onwards — a time when simple bugs in FOSS (a defect affecting one line or two) get all the limelight and receive names, logos etc. whereas Microsoft’s critical zero-day flaws hardly make the headlines. There are many high-impact headlines that make a huge deal of fuss every time a security bug is found in Android (again, just in recent years). We suppose it’s part of a PR campaign in which Microsoft and its partners evidently participate. They are often the ones who come up with the names, logos, and much of the accompanying negative publicity. █
Related/contextual items from the news:
Microsoft has joined forces with Taser to combine the Azure cloud platform with law enforcement management tools.
In order to ensure Taser maintains a monopoly on police body cameras, the corporation acquired contracts with police departments all across the nation for the purchase of body cameras through dubious ties to certain chiefs of police.
Send this to a friend
“What we are trying to do is use our server control to do new protocols and lock out Sun and Oracle specifically”
Summary: Microsoft’s war against POSIX/UNIX/Linux APIs culminates with the .NET push and the ‘bastardisation’ of OpenSSH, a Swiss army knife in BSD/UNIX and GNU/Linux secure channels
MICROSOFT will not rest until it regains its once dominant position in computing. It’s not just because of pressure from shareholders but also because of clevery-marketed sociopaths, such as Bill Gates, who are back at the helm and are very thirsty for power.
Microsoft is now pushing .NET into GNU/Linux, having failed to do so with Mono and Xamarin because regular people (end users) and sometimes developers pushed back. How can Microsoft still convince people to embrace the Microsoft APIs (which are heavily patented and not secure)? Openwashing and propaganda.
Jordan Novet, who writes a lot of pro-Microsoft or marketing pieces for Microsoft (for many months now), is formerly a writer of Gigaom, which had received money from Microsoft to embed Microsoft marketing inside articles (without disclosure, i.e. corrupted journalism). Now he acts as a courier of Microsoft marketing, repeating a delusion which we spent a lot of time debunking here (.NET is NOT “Open Source” [1, 2, 3]). To quote Novet:
Microsoft today announced the beginning of a new bug bounty to pay researchers to find security holes in some of the tech giant’s recently open-sourced web development tools.
“How can Microsoft still convince people to embrace the Microsoft APIs (which are heavily patented and not secure)? Openwashing and propaganda.”When Microsoft alludedwto “Open Source” in relation to .NET it sometimes merely piggybacks the reputation of projects it exploits. See the article “Microsoft’s .NET Team Continues Making Progress On An LLVM Compiler” (not GPL). To quote Phoronix: “Earlier this year Microsoft announced an LLVM-based .NET compiler was entering development, LLILC. Six months later, LLILC continues making progress.
“The .NET team has published a six month retrospective of LLILC. It’s a very lengthy read for those interested in low-level compiler details.”
“Microsoft is still working on implementing support for Windows’ crypto APIs rather than OpenSSL/LibreSSL and to address POSIX compatibility concerns along with other issues.”
–Michael Larabel, PhoronixThis is a potential example of the infamous “embrace, extend, extinguish” approach. As we have shown here before, platform discrimination remains and it is even being extended to existing Free software projects, such as OpenSSH, as we explained yesterday (expect Windows-only ‘features’ and antifeatures). Microsoft APIs are already being phased in — the “extend” phase in E.E.E. (embrace, extend, extinguish). We warned about this months ago [1, 2] and we are now proven right. Even Michael Larabel noticed this and wrote: “Microsoft is still working on implementing support for Windows’ crypto APIs rather than OpenSSL/LibreSSL and to address POSIX compatibility concerns along with other issues.”
So now we have Windows- and Microsoft-specific code right there inside OpenSSH, in spite of Microsoft support of back doors for the NSA et al. Does this inspire much confidence? Repelling Microsoft isn’t about intolerance but about self defence. █
“I once preached peaceful coexistence with Windows. You may laugh at my expense — I deserve it.”
–Be’s CEO Jean-Louis Gassée
Send this to a friend
Making a mockery out of the spirit of OpenBSD, having given money to OpenBSD
Vulnerability (need for money) found in the Church of BSD
Summary: Microsoft is seemingly disrupting the high standards of the OpenSSH project (and by extension OpenBSD and Free/libre software), as its focus on security is ludicrous at best
LAST week, in our daily links, over a dozen links were included about a new revelations of flaws in a hugely popular encryption method. A paper presented by award-winning academics demonstrated a serious weakness. OpenSSH was among the alleged targets, potentially allowing spies to infiltrate, intercept and decrypt communications/data relayed over SSH. The philosophy and principles (UNIX) of OpenSSH had kept it strong for a very long time.
“Knowing the role that social engineering plays in weakening encryption, the last thing one needs right now is PRISM pioneer (first company) and a back doors proponent like Microsoft inside the OpenSSH community.”Those who keep abreast of privacy news (including NSA leaks) will know that there is an aggressive effort to crack SSH. Some ciphers were recently phased out or deprecated as a result. Knowing the role that social engineering plays in weakening encryption, the last thing one needs right now is PRISM pioneer (first company) and a back doors proponent like Microsoft inside the OpenSSH community. As we pointed out earlier this year, OpenSSH is being subjected to E.E.E. (embrace, extend, extinguish) treatment from Microsoft [1, 2] because money talks. Microsoft has a lot of money (despite losses in the billions) and OpenBSD is underfunded, hence desperate for money.
Secure channels and Microsoft Windows are incompatible concepts. It cannot be done because Windows itself has back doors, allowing penetration at root (Administrator) level. Microsoft is now pushing its back-doored, insecure-by-design APIs into the SSH project and also puts people’s keys on boxes with such inherent insecurities. How terrible a recipe is that? Is OpenBSD willing to compromise its credibility and reputation just because Microsoft gave it a ‘generous’ payment (some would call it a bribe)?
According to this update from Microsoft, they now intend to:
Leverage Windows crypto api’s instead of OpenSSL/LibreSSL and run as Windows Service…
People in the comments (not deleted, at least not yet) rightly post complaints. One said: “I don’t think I like that your replacing an open source SSL with a closed source Windows crypto api.”
Another commenter said: “Do I see a trap here?! If the Windows port uses the closed source crypto api is the whole OpenSource OpenSSH-idea then still intact?”
“Microsoft takes something that’s not its own and then ‘bastardises’ it, making it an inferior ‘Windows thing’ which spreads only because of the network effect or illegal bundling.”iophk told us: “How much key code can they replace with dodgy homebrew and still be allowed to use the same name? Without the crypto, it is not the same software and merely a derivative.”
Well, that’s just how E.E.E. has historically worked. Microsoft takes something that’s not its own and then ‘bastardises’ it, making it an inferior ‘Windows thing’ which spreads only because of the network effect or illegal bundling.
iophk has also pointed out to us that Roger A. Grimes, who works for Microsoft and IDG (news publisher) at the same time (clearly a conflict of interests), presents a false dichotomy, “freedom or security” (right there in the headline). Computer security is never the goal at Microsoft; they want back doors for so-called ‘national security’ (i.e. state power with remote access to citizens’ PCs).
“The first rule of zero-days is no one talks about zero-days,” reads this new headline (remember that Microsoft wilfully enables NSA access through zero-days).
“If Microsoft cannot honour Free software and respect the APIs of OpenBSD, OpenSSH, OpenSSL etc. then maybe it’s time to tell Microsoft to take back its ‘bribe’ money and go away, leaving OpenSSH alone (and secure).”Microsoft’s E.E.E. tactics are becoming a big threat not just to GNU/Linux but also to BSD and Free software as a whole. Microsoft now tries to become a GNU/Linux host, despite its known record of scanning every single file (claiming to do so because of child pornography) and colluding with the government for warrantless access to data stored on servers.
The E.E.E. against GNU/Linux is perhaps best demonstrated by this new article about how Microsoft tries to take over Big Data (a lot of data, sometimes incredibly sensitive) on GNU/Linux servers. “Last month Microsoft did something extraordinary,” says the author, “something which demonstrates how completely the company has changed since its third CEO, Satya Nadella, took over.”
Satya Nadella just turned the company into more of a surveillance company, as Vista 10 serves to remind us. He continues to attack GNU/Linux in many ways (including patent extortion) while saying that Microsoft "loves Linux' (a lie as big as a lie can get).
If Microsoft cannot honour Free software and respect the APIs of OpenBSD, OpenSSH, OpenSSL etc. then maybe it’s time to tell Microsoft to take back its ‘bribe’ money and go away, leaving OpenSSH alone (and secure). Almost every distribution of GNU/Linux comes with OpenSSH. Microsoft is a wolf in sheep’s clothing and it has no room inside FOSS until it quits attacking FOSS and collaborating with abusive espionage agencies like GCHQ and the NSA. █
Send this to a friend
Don’t feed black ducks
Yours truly feeding the ducks
near home earlier this year (summer)
Summary: Red Hat’s cooperation with Black Duck serves to legitimise a terrible business model, wherein fear of FOSS is being accentuated and proprietary software ‘solutions’ are being offered
YESTERDAY we became aware of Red Hat turning to Microsoft’s friend, Black Duck. It happened with little prior warning and announced with the press release calling it a “[c]ollaboration to help developers, customers and partners build and run trusted, secure applications with Red Hat container technologies” (as if these are inherently less secure than some proprietary software).
What the articles fail to mention is that Black Duck’s former top manager is from Red Hat and he came back to Red Hat after his stint at this FUD firm (see the old press release titled “Black Duck Software CEO Tim Yeaton Rejoins Red Hat to Lead Newly-Formed Infrastructure Group”). Well, the doors basically revolved, twice even. Maybe that’s why Red Hat came to Black Duck, legitimising what is effectively a parasite inside the FOSS world.
“What the articles fail to mention is that Black Duck’s former top manager is from Red Hat and he came back to Red Hat after his stint at this FUD firm…”We have already found some puff pieces about, saying little more than the press release. One of them says that “Red Hat has collaborated with Black Duck Software to establish a secure and trusted model for containerized application delivery by providing verification that application containers are free from known vulnerabilities and include only certified content. This validation is a major step forward in enabling enterprise-ready application containers, and builds upon the strengths of each company – Red Hat’s position in container technologies and solutions, including its platform and certification strategy, and Black Duck’s position as the provider of comprehensive identification and earliest notification technologies of open source vulnerabilities.”
In its marketing, Black Duck would have us believe that FOSS is terrible at security, even though proprietary software has back doors ‘baked in’ intentionally. NSA et al don’t ‘break into’ Windows any more than Microsoft does; they’re allowed access, by design, intent, and agenda. Days ago we showed how marketers from Black Duck had claimed that it can cost $25,000 to fix a bug in FOSS.
As of early this morning, this new relationship received press coverage from Serdar Yegulalp (writing for IDG), Sean Michael Kerner for QuinStreet and Steven J. Vaughan-Nichols for CBS. The way Vaughan-Nichols put it, “Red Hat and Black Duck want to make sure that when you run a container, it’s really the container you want to run and not a rogue package.”
“In many ways, Black Duck is successful as a marketing company, much like polygraph merchants (among other popular scams like homeopathy).”It sounds good on the surface, but is a proprietary dependence healthy in the long term? Based on Vaughan-Nichols, this isn’t a short-term engagement. “In the long run,” he explains (writing from Red Hat’s town), “the companies plan to include Black Duck technologies as a component of Red Hat’s container certification.”
There are some lazy publications that ended up throwing the self-promotional promotional press release around. The Indian English-speaking press sort of rewrote the press release to make it look more original. Where are the sceptics? Where is the genuine reporting? All we see are puff pieces that relay claims made in a press release.
In many ways, Black Duck is successful as a marketing company, much like polygraph merchants (among other popular scams like homeopathy). █
Send this to a friend
« Previous entries Next Page » Next Page »