EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

11.01.19

Age of Digital Deception: Startpage, Mozilla and the Linux Foundation Are Enemies of Your Privacy

Posted in Deception, GNU/Linux, Search, Servers at 4:53 am by Dr. Roy Schestowitz

For the time being use Searx, available under the GNU Affero General Public Licence version 3

There’s Whitewashing, Greenwashing & now also Privacywashing
Reference: There’s Whitewashing, Greenwashing & now also Privacywashing

Privacywashing memeSummary: Mozilla’s biggest income source is still ‘surveillance capitalism’ (Google), the Linux Foundation is in the pockets of ‘surveillance capitalism’ (to ‘whiten’ the practice) and Startpage has been handed over to ‘surveillance capitalists’ (System1); the business model is leveraging personal data (secrets) to manipulate/oppress people

Mozilla’s privacy issues have long been documented here. Mozilla loves talking about privacy, but anyone who has paid close enough attention is aware of all those scandals and ‘accidents’ or ‘gaffes’ (i.e. times Mozilla got caught red-handed and then changed course). We covered similar privacy issues associated with DuckDuckGo and recently Startpage as well (System1 took it). What about “Linux”? Well, many are aware of the “scopes” scandal of Ubuntu/Canonical (we wrote about that too) and a few other things, e.g. Linspyware. The Linux world, not to be mistaken for GNU, does not guarantee privacy. It barely even speaks about the subject.

“The Linux world, not to be mistaken for GNU, does not guarantee privacy. It barely even speaks about the subject.”There are ‘fashionable’ buzzwords for spying, along with euphemisms like ‘telemetry’ or ‘data science’ (making these seem like some sort of scientific research project). But that’s not the subject of this post. Days ago we wrote about the Linux Foundation‘s participation in 'surveillance capitalism' businesses, which are also funding it as “members” (clients). So far this week we keep seeing lots of puff pieces and keep stock/track of it all at Tux Machines. This latest one from Packt Hub says that “the Linux Foundation introduced a new policy around the collection and usage of telemetry data.”

“This kind of openwashing merely serves to associate “Linux” with evil.”They mean ‘monetisation’ (exploitation and sale), as the Foundation itself puts it in the site. It’s ‘surveillance capitalism’; it’s a classic! That’s just surveillance being whitewashed by the Foundation and it is embarrassing to Linux. It disgraces the project’s name. This kind of openwashing merely serves to associate “Linux” with evil.

But here’s the most interesting new find.

“Thought you might be interested in this Reddit thread,” one reader told us. Here’s the gist, a System1 “Web Developer (Browser Developer)” job ad (we’ve made this local copy as the ad will vanish one day):

Just ran into this ad for a Web Developer (Browser Developer). Seems like System1, a pay-per-click ad company based in Venice, California, is aiming to take on Mozilla Firefox and maybe even Brave. Here’s an excerpt:

Have you ever build any of the most popular open-source browsers like Brave/Chromium/Firefox?

Would you be excited to the idea of setting up build pipelines for an open source browser?

System1 is hiring a Web Developer (back-end development) to join our team. This is a diverse role that will involve “hacking” on the Mozilla platform, mostly on the backend. You will work with experts who know the Mozilla platform inside-out, while being a key contributor to novel open-source products which already have a passionate and growing user base.

Key goals for this role: Keep a “classic” version of the browser up-to-date with security patches; update components where possible and create better compatibility with legacy add-ons for the newer version of the platform that supports them. Build system work is required for this role sometimes, but that’s one of the fun parts!

Yet one more artefact of the “privacy gold rush.” It’s happening. Eyes open.

The top comment says: “So, is this implying that you get an “up to date” browser in exchange for spying on you? I am working under the assumption that the search engine for this new wonder-browser will be Startpage with modifications to track the browser by some serialized ID embedded in it that is only readable by Startpage, so that only Startpage can identify you, yet they get to collect and sell your profile/personal information.”

“Mozilla’s dependence on selling your privacy is a matter of public record; they keep trying to distract from it by — just like GAFAM — constantly talking about how much they value your privacy.”Another says: “Did System1 invest in Mozilla or another company that already has these “experts” and a “growing user base”? We need to start asking all privacy services if they have new investors/owners and evaluate their trustworthiness. Now that privacy is popular with consumers, even behavioral ad tracking companies may want “in” on the money — if just to “privacy wash” or hedge their privacy invasive services. System1 has already invested in the Startpage privacy search engine, and it seems the Chairman of System1 has bought into some security products.”

There’s lots more in there (17 comments). Very interesting comments.

There might be a role there for Mozilla and others. As one person put it, “I wonder if they’re creating a new browser based on Mozilla? Could they be working with Mozilla or another company? It does refer to “products which already have a passionate and growing user base.” It also claims to have people who know Mozilla inside and out.

“The Linux Foundation now has several projects (at least 3) whose main role is openwashing surveillance at the datacentre. Great for the Linux brand, eh?”“I believe we have to start asking all privacy services if they have been sold or gotten new investors — especially ones that previously worked against privacy in fields like consumer behavioral ad tracking and targeting.”

Mozilla’s dependence on selling your privacy is a matter of public record; they keep trying to distract from it by — just like GAFAM — constantly talking about how much they value your privacy. They don’t actually manage to fool technical privacy proponents, who shoot back at them and shoot down the PR; seeing the above speculation, Mozilla’s Vice President hire from Facebook starts to make sense. Remember that Facebook itself keep talking about how much it values people’s privacy. If only…

The Linux Foundation now has several projects (at least 3) whose main role is openwashing surveillance at the datacentre. Great for the Linux brand, eh?

07.28.19

SUSE Said It Was Becoming Independent But Instead It Became Like an ‘Asset’ of SAP (‘German Microsoft’), Which is Hostile Towards Free Software

Posted in Microsoft, Novell, Servers, SLES/SLED at 8:39 am by Dr. Roy Schestowitz

Summary: It certainly ‘feels’ like SAP ‘took over’ SUSE and it has been ‘long time coming’

A week ago the CEO of SUSE stepped down and there was a lot of media coverage about his successor, who had come from SAP, which is a Microsoft ally that was almost acquired by Microsoft at one point. The media, however, wasn’t paying any attention to what happened to SUSE’s official blog. Over the past couple of months it was almost ‘hijacked’ by SAP, as I pointed out repeatedly in social control media sites. I’d hate to use "tweets" as 'sources', but these mostly link to the originals from SUSE’s own site. Here we go, in chronological order:

07.17.19

Linux Foundation Apparently Celebrates Sysadmin Day With a Microsoft Windows Site!

Posted in GNU/Linux, Kernel, Microsoft, Servers, Windows at 1:34 am by Dr. Roy Schestowitz

“Greed is not a financial issue. It’s a heart issue.”

Andy Stanley

Summary: The Linux Foundation shows ‘love’ to actual GNU/Linux (the real thing) by apparently rejecting it and badmouthing it

WHEN selling the soul of Linux is more profitable than actually promoting this GPL-licensed kernel it’s not hard to understand how the Linux Foundation turned from a supposed ‘charity’ to a massive enterprise and near-monopoly in that space (e.g. events/conferences).

They ‘own’ Linux.com. They control or manage the Linux trademark. So why would they link to anti-Linux stories (authored by “swapnilbhartiya” yesterday)? Because they just do and most of them don’t even use Linux! As someone put it yesterday:

You go to Google, you look for “Linux” news, a site called Linux.com then shows up with anti-Linux material (this isn’t about Linux but bad devices/users). Well done, Swapnil and Jim. The articles posted nowadays in Linux.com give room for concern. Misleadingly-titled FUD.

“You go to Google, you look for “Linux” news, a site called Linux.com then shows up with anti-Linux material (this isn’t about Linux but bad devices/users).”We’ve meanwhile noticed lots of spammy blog posts (yesterday, Sysadmin Day) from the Linux Foundation in various “Linux” blogs. “Linux Security Blog” participated and “It’s FOSS” did so too. Linux Journal said (in the headline) that “the Linux Foundation Is Having a Sysadmin Day Sale,” adding a promotional link with what seems like tracking/referral code. But that in itself isn’t the issue. It seems like the site in question uses Windows for the server, but we’re not entirely sure. It’s very well disguised (see IRC discussion at the bottom).

It would not be unprecedented for the Linux Foundation to use Windows; applicants apply for a job there using LinkedIn (Microsoft), as we’ve noted before and there’s a lot of Microsoft stuff used by the Foundation’s staff (see discussion below; I know this from my old interactions with Foundation staff). Over the past months I’ve had to resort to humour just to get the point across without offending the offenders, for example:

Yesterday I also noticed this text: “Have directly led revenue growth from $20MM to $50MM, from $80MM to $100MM…”

No, that’s not the Foundation’s chief Jim Zemlin (who sold out Linux… for his 'nonprofit' to make about $100,000,000 per year). That’s what his wife’s LinkedIn profile says. It’s all about money and both strive to grow in just one respect: money! From 20 million to 100 million. What is being achieved? Nothing. A Windows-powered and Mac-powered ‘Linux’ Foundation (Linux only in name).

“Large corporations, of course, are blinded by greed. The laws under which they operate require it – their shareholders would revolt at anything less.”

Aaron Swartz


schestowitz Help needed! Am I crazy or is this site WINDOWS-powered? Help me out here, geeks… https://cloud.email.thelinuxfoundation.org/SysadmindaY Jul 17 01:52
-TechrightsBot-tr/#techrights-cloud.email.thelinuxfoundation.org | NO TITLE Jul 17 01:52
schestowitz my initial tests say yes Jul 17 01:52
schestowitz based on more shallow tests Jul 17 01:52
schestowitz I might publish “Celebrates Sysadmin Day With a Microsoft Windows Site!” Jul 17 01:52
schestowitz I mean, LF Celebrates Sysadmin Day With a Microsoft Windows Site! Jul 17 01:52
schestowitz but I am not yet 100% sure it”s Windows at the back end Jul 17 01:53
schestowitz could be mod-speling [sic] in Apache Jul 17 01:53
schestowitz https://identity.linuxfoundation.org/checkout/540473 Jul 17 01:54
-TechrightsBot-tr/#techrights- ( status 404 @ https://identity.linuxfoundation.org/checkout/540473 ) Jul 17 01:54
schestowitz also this.. Jul 17 01:54
schestowitz https://identity.linuxfoundation.org/checkoUt/540473 Jul 17 01:54
-TechrightsBot-tr/#techrights- ( status 404 @ https://identity.linuxfoundation.org/checkoUt/540473 ) Jul 17 01:54
schestowitz note case Jul 17 01:54
schestowitz still works with the token here Jul 17 01:54
schestowitz bloody hell! Jul 17 01:55
schestowitz LF…. you also apply for a job there using LinkedIn (Microsoft) Jul 17 01:55
XRevan86 https://identity.linuxfoundation.org/checkoUt/540473 – Varnish Jul 17 01:56
XRevan86 The first link is served by something else. But it won’t tell by which. Jul 17 01:57
schestowitz can you check with me? Jul 17 01:57
schestowitz this is important Jul 17 01:57
XRevan86 It’s not HTTP/2 capable. Jul 17 01:58
XRevan86 https://cloud.email.thelinuxfoundation.org/ Jul 17 01:59
-TechrightsBot-tr/#techrights- ( status 403 @ https://cloud.email.thelinuxfoundation.org/ ) Jul 17 01:59
XRevan86 The 403 page looks like something done by Apache Tomcat Jul 17 01:59
schestowitz I did the same thing Jul 17 02:00
schestowitz why is the site case insensitive? Jul 17 02:00
schestowitz Also, see page source Jul 17 02:00
schestowitz lots of “MS” bits Jul 17 02:00
schestowitz I want to be 100% sure we don’t get the story, if any at all, wrong Jul 17 02:00
XRevan86 schestowitz: Maybe they configured case-insensitive matching Jul 17 02:01
XRevan86 It is peculiar. Jul 17 02:02
schestowitz no clues in http headers? Jul 17 02:03
schestowitz Ages ago, more than 10 years, I had FF extensions for that Jul 17 02:03
schestowitz before Mozilla killed xul Jul 17 02:03
XRevan86 schestowitz: Not even a Server header. Jul 17 02:03
XRevan86 schestowitz: Firefox’s devtools can do the job. Jul 17 02:04
XRevan86 but I test with curl Jul 17 02:04
schestowitz any other tricks we can employ? Jul 17 02:04
schestowitz This is a big deal if it turns out to be windows Jul 17 02:04
XRevan86 If I had experience with Windows servers, maybe I’d know what to look for… Jul 17 02:04
XRevan86 or with Java servers for that matter… Jul 17 02:05
XRevan86 I know https://linux.org.ru/ is using Tomcat, and it is case-sensitive. Jul 17 02:05
-TechrightsBot-tr/#techrights-LINUX.ORG.RU — Русская информация об ОС Linux Jul 17 02:05
XRevan86 https://www.linux.org.ru/gallery/ – Gallery Jul 17 02:05
-TechrightsBot-tr/#techrights-www.linux.org.ru | Галерея Jul 17 02:05
XRevan86 https://www.linux.org.ru/Gallery/ – 404 Jul 17 02:05
-TechrightsBot-tr/#techrights- ( status 404 @ https://www.linux.org.ru/Gallery/ ) Jul 17 02:05
XRevan86 schestowitz: But maybe it is really mod_speling Jul 17 02:08
XRevan86 and they then just turned off HTTP headers that give away configuration Jul 17 02:08
XRevan86 At least we know it’s Java and not ASP.NET Jul 17 02:09
schestowitz which domain? Jul 17 02:11
XRevan86 cloud.email.thelinuxfoundation.org Jul 17 02:11
cubexyz check with netcraft? Jul 17 02:12
-viera/#techrights-Tux Machines: Proxmox VE 6.0 released! http://www.tuxmachines.org/node/125966 [https://pleroma.site/objects/f3b82e95-d9ea-42e1-b380-6be86812a61b] Jul 17 02:12
XRevan86 cubexyz: Doesn’t tell anything of interest. Jul 17 02:13
schestowitz I thought about it Jul 17 02:13
schestowitz but did not do it Jul 17 02:13
schestowitz as I thought it might not even be on their radar yet Jul 17 02:13
cubexyz merely says “unknown” Jul 17 02:13
schestowitz seems like a new site or some internal “office” crap Jul 17 02:13
schestowitz how else can we test? Jul 17 02:14
schestowitz I don’t want to get the story wrong, that’s all Jul 17 02:14
XRevan86 > OS: F5 BIG-IP Jul 17 02:14
XRevan86 It did say that though Jul 17 02:14
schestowitz as that can be used to discredit everything we ever said re LF Jul 17 02:14
XRevan86 How can it tell? Jul 17 02:14
cubexyz there’s wappalyzer Jul 17 02:14
schestowitz can you have a go at it? Jul 17 02:14
cubexyz sure Jul 17 02:14
schestowitz Maybe they have the OS quite well Jul 17 02:14
schestowitz mind you, they use LOTS of MSFT internalluy Jul 17 02:15
schestowitz I know this from their PR rep Jul 17 02:15
schestowitz but demonstrating it, like link with proof, would help… Jul 17 02:15
cubexyz mysql, php, wordpress, OWL, bootstrap, jquery Jul 17 02:17
XRevan86 cubexyz: I doubt that Jul 17 02:17
XRevan86 there’s no wordpress there Jul 17 02:17
-viera/#techrights-Tux Machines: Univention Corporate Server 4.4-1/Point Release UCS 4.4-1: performance improvements, app recommendations and UDM REST API Beta http://www.tuxmachines.org/node/125967 [https://pleroma.site/objects/94f199ef-a04b-473c-a4a1-288f05bf6166] Jul 17 02:18
schestowitz cubexyz: does not look like wordpress Jul 17 02:19
schestowitz even if you look at page source Jul 17 02:19
schestowitz it looks like a really poorly-made CMS of some kind Jul 17 02:19
schestowitz but I want to know the US Jul 17 02:20
XRevan86 WordPress is PHP. Jul 17 02:20
schestowitz OS Jul 17 02:20
cubexyz no idea, just saying what wappalyzer says Jul 17 02:20
XRevan86 This is Java. Jul 17 02:20
schestowitz I imagine the CMS is proprietary anyway Jul 17 02:20
schestowitz https://twitter.com/schestowitz/status/1151297943745568768 Jul 17 02:21
-TechrightsBot-tr/#techrights-@schestowitz: We are the LINUX FOUNDATION We OWN Linux dot com! We link to anti -Linux stories Because we just do (and we don’t e… https://t.co/UoJrMddR6K Jul 17 02:21
-TechrightsBot-tr/#techrights-@schestowitz: We are the LINUX FOUNDATION We OWN Linux dot com! We link to anti -Linux stories Because we just do (and we don’t e… https://t.co/UoJrMddR6K Jul 17 02:21
schestowitz https://twitter.com/schestowitz/status/1150987858083295232 Jul 17 02:21
-TechrightsBot-tr/#techrights-@schestowitz: “swapnilbhartiya” at #zemlinpac continues using the site LINUX dot com to promote #microsoft crap. [facepalm] https://t.co/BOIY5nmFWU Jul 17 02:21
-TechrightsBot-tr/#techrights–> Aqua Security Launches Microsoft Azure Marketplace Private Offers | Linux.com | The source for Linux information Jul 17 02:21
XRevan86 I don’t think there’s a way to tell Jul 17 02:24
cubexyz thelinuxfoundation.org runs nginx on linux Jul 17 02:25
cubexyz according to netcraft Jul 17 02:25
XRevan86 Does plain Tomcat support “Content-Encoding: gzip”? Jul 17 02:25
schestowitz That would make sense for the main site Jul 17 02:25
schestowitz but for sales etc. Jul 17 02:25
schestowitz not sure Jul 17 02:25
XRevan86 And they’re using AWS Jul 17 02:27
schestowitz that’s not unusual Jul 17 02:27
schestowitz would be worse if they used MSAzure Jul 17 02:28
XRevan86 That’d make my day Jul 17 02:28
XRevan86 Port scanning (nmap) revealed only that whoever configured cloud.email.thelinuxfoundation.org configured the firewall restrictively Jul 17 02:29
XRevan86 At least ICMP is open Jul 17 02:30
XRevan86 80, 113, 443, nothing else Jul 17 02:30
-viera/#techrights-Tux Machines: Network Security Toolkit 30-11210 http://www.tuxmachines.org/node/125968 [https://pleroma.site/objects/ec0ec5d4-88eb-4a05-9512-c9c86c76140a] Jul 17 02:31
XRevan86 The main site has IPv6, cloud.email. doesn’t. Jul 17 02:31
schestowitz I guess we still don’t know what it runs Jul 17 02:33
schestowitz and the checkout (identity) part Jul 17 02:33
schestowitz they got some company from the outside to do it Jul 17 02:33
schestowitz and maybe it’s not Linux Jul 17 02:33
XRevan86 It’s most likely Linux just because the odds are generally in that direction. Jul 17 02:34
XRevan86 Who’d deploy a Java website on Windows? Some kind of insane Microsoft fan I guess. But then, why not ASP.NET? Jul 17 02:34
schestowitz don’t bet on kt! Jul 17 02:34
schestowitz it! Jul 17 02:34
schestowitz This is the LF Jul 17 02:34
XRevan86 oh no Jul 17 02:37
XRevan86 I’ve checked nmap’s capabilities Jul 17 02:37
XRevan86 -O: Enable OS detection Jul 17 02:37
XRevan86 -sV: Probe open ports to determine service/version info Jul 17 02:37
XRevan86 > 443/tcp open   ssl/upnp Microsoft IIS httpd Jul 17 02:37
XRevan86 Guess flipping what Jul 17 02:37
XRevan86 > Running (JUST GUESSING): F5 Networks embedded (93%), F5 Networks TMOS 11.6.X (87%), OpenBSD 4.X (87%) Jul 17 02:38
XRevan86 > OS CPE: cpe:/o:f5:tmos:11.6 cpe:/o:openbsd:openbsd:4.0 Jul 17 02:38
XRevan86 > Aggressive OS guesses: F5 BIG-IP Edge Gateway (93%), F5 BIG-IP Local Traffic Manager load balancer (TMOS 11.6) (87%), OpenBSD 4.0 (87% Jul 17 02:38
XRevan86 Just like netcraft, it thinks it’s most likely something from F5 Jul 17 02:38
XRevan86 but HTTP server probing gave a better idea Jul 17 02:39
XRevan86 schestowitz: Good thing I didn’t bet. Jul 17 02:39
XRevan86 You seem speechless %) Jul 17 02:40
cubexyz isn’t port 443 just HTTP over SSL… not necessarily M$ Jul 17 02:41
XRevan86 cubexyz: That’s “-sV: Probe open ports to determine service/version info” Jul 17 02:41
XRevan86 that’s its guess Jul 17 02:42
cubexyz hmmm, yeah Jul 17 02:43
cubexyz doesn’t look good Jul 17 02:44
schestowitz maybe I will publish IRC noted to accompany this Jul 17 02:44
schestowitz *IRC notes Jul 17 02:44
schestowitz as we are not sure Jul 17 02:44
schestowitz Get a load of this today Jul 17 02:44
schestowitz https://www.redhat.com/en/blog/microsoft-and-red-hat-inspired Jul 17 02:44
-TechrightsBot-tr/#techrights-www.redhat.com | Microsoft and Red Hat, inspired Jul 17 02:44
XRevan86 schestowitz: The evidence is: Jul 17 02:45
XRevan86 1. case-insensitivity for no apparent reason Jul 17 02:45
XRevan86 2. nmap -sV cloud.email.thelinuxfoundation.org guesses HTTP is handled by “Microsoft IIS httpd” Jul 17 02:45
schestowitz I think it is probable Jul 17 02:46
schestowitz as soon as I saw the site and then the structure (marketing cruft appended to URL) Jul 17 02:47
schestowitz Then I checked page source Jul 17 02:47
schestowitz Been there, seen that… red flags Jul 17 02:47
schestowitz Also “cloud” Jul 17 02:47
schestowitz I know they used MS for office things Jul 17 02:47
schestowitz like in-office comms Jul 17 02:47
schestowitz Their PR reps used that to communicate with me ages ago Jul 17 02:47
schestowitz Dan Brown and others… Jul 17 02:48
XRevan86 https://cloud.email.thelinuxfoundation.org/SYSADM~1/ well, at least this didn’t work :D Jul 17 02:49
-TechrightsBot-tr/#techrights- ( status 400 @ https://cloud.email.thelinuxfoundation.org/SYSADM~1/ ) Jul 17 02:49
schestowitz joke or some element of truth to it? Jul 17 02:50
cubexyz didn’t M$ give the win7 code to russia recently? Jul 17 02:50
schestowitz I get the joke Jul 17 02:50
cubexyz or not recently… it may have been a while ago Jul 17 02:50
XRevan86 https://github.com/irsdl/IIS-ShortName-Scanner some element of truth to it Jul 17 02:51
-TechrightsBot-tr/#techrights-GitHub – irsdl/IIS-ShortName-Scanner: latest version of scanners for IIS short filename (8.3) disclosure vulnerability Jul 17 02:51
XRevan86 Tried using https://nmap.org/nsedoc/scripts/http-iis-short-name-brute.html, no effect. Jul 17 02:56
-TechrightsBot-tr/#techrights-nmap.org | http-iis-short-name-brute NSE Script Jul 17 02:56
XRevan86 StackOverflow isn’t either. Jul 17 02:57
XRevan86 nmap -sV detects Varnish on StackOverflow Jul 17 02:59
XRevan86 > via: 1.1 varnish Jul 17 02:59
XRevan86 I thought they’re on Windows Server Jul 17 02:59
schestowitz no, not likely Jul 17 02:59
schestowitz the (co)founder has some MSFT connections Jul 17 02:59
schestowitz books etc. Jul 17 02:59
schestowitz CodingHorror guy Jul 17 03:00
schestowitz the site, however, isn’t so… and he clarified to me he never worked for Microsoft directly Jul 17 03:00
XRevan86 Wikipedia states that Stack Overflow is written in C# Jul 17 03:00
XRevan86 Considering that .NET Core is a very new thing, it is most likely on Windows. Jul 17 03:01
XRevan86 https://en.wikipedia.org/wiki/Stack_Overflow#Technology Jul 17 03:01
-TechrightsBot-tr/#techrights-en.wikipedia.org | Stack Overflow – Wikipedia Jul 17 03:01
XRevan86 I guess they have a separate server as a reverse proxy for security and reliability. Jul 17 03:01
XRevan86 it is also case-insensitive Jul 17 03:03
XRevan86 no Varnish will change that :) Jul 17 03:03
schestowitz that’s quite common Jul 17 03:03
XRevan86 So yea, nmap detected it right. Jul 17 03:03
schestowitz only hours ago at work I deat with Jul 17 03:03
XRevan86 it figured it’s Varnish, and it is Jul 17 03:03
schestowitz apache behind nginx, on Ubuntu/Debian Jul 17 03:04
schestowitz no varnish Jul 17 03:04
schestowitz nginx stuff as reverse proxy Jul 17 03:04
XRevan86 schestowitz: Apache httpd is redundant in this case in most cases. Jul 17 03:04
schestowitz also helps hide fro probers like nmap Jul 17 03:04
XRevan86 schestowitz: The Stack Overflow is different in that they have to get a separate server to do the job. Jul 17 03:05
XRevan86 Because Varnish reportedly doesn’t work on Windows. Jul 17 03:05
XRevan86 * The Stack Overflow case Jul 17 03:05
XRevan86 schestowitz: nginx in front of Apache httpd introduces almost no overhead. Jul 17 03:06
schestowitz yes, or a VM Jul 17 03:06
schestowitz it does not have to run on the host/backend Jul 17 03:06
XRevan86 So… why wouldn’t you, right Jul 17 03:06
schestowitz you could even run it as a VM under Windows Jul 17 03:07
XRevan86 schestowitz: True, but I doubt that’s very efficient either. Jul 17 03:07
XRevan86 It’s a high-load website. Jul 17 03:08
-viera/#techrights-Tux Machines: Seven Concerns Open Source Should Worry About – Part 1 http://www.tuxmachines.org/node/125969 [https://pleroma.site/objects/387bf941-25b0-41b6-be31-c401127a895f] Jul 17 03:09
XRevan86 3. they don’t bother this much on the main website to hide set-up information Jul 17 03:12
XRevan86 Overall it looks like it was an outsource job, and no one cared enough to do it differently. But cared enough to cover the tracks a little bit. Jul 17 03:14
XRevan86 If they really wanted to hide the fact that this is Windows, they’d reverse proxy it. Jul 17 03:15
XRevan86 But I guess since it’s likely not in their network (I didn’t check), the overhead from proxying is unpleasant. Jul 17 03:16
-viera/#techrights-Tux Machines: Top 15 Best Forum Software For Linux in 2019 http://www.tuxmachines.org/node/125970 [https://pleroma.site/objects/f850f594-b34a-40fa-bf10-ee8544d1f956] Jul 17 03:18
schestowitz might be worth checking host location Jul 17 03:24
schestowitz LF is in Portland IIRC Jul 17 03:24
schestowitz if not SF Jul 17 03:24
schestowitz I think it’s ambiguous and some are ‘home workers’ Jul 17 03:24
schestowitz I’m pretty sure Jim Zemlin isSF-based, or somewhere near in CA Jul 17 03:24

07.06.19

Azure Running GNU/Linux Isn’t About ‘Love’ But About Control

Posted in Bill Gates, Deception, GNU/Linux, Microsoft, Servers at 4:11 am by Dr. Roy Schestowitz

Microsoft update servers left all Azure RHEL instances hackable
Microsoft update servers left all Azure RHEL instances hackable (2016)

Summary: Microsoft-friendly ‘journalists’ like the now-arrested Microsoft Peter want us to think that “Microsoft loves Linux” — a valuable Big Lie that’s designed to help Microsoft gain greater control over its “most potent operating system competitor,” according to Bill Gates

THE various sites of CBS, notably ZDNet, told us some days ago that most of Azure had become GNU/Linux instances. I’ve carefully and meticulously picked all the articles about it that I was able to find, taking note that mostly Microsoft boosters were pushing that story (see comments in the second page in relation to more recent articles). With the long weekend (Independence Day) having just begun we suppose we won’t be missing more such stories, so a time for rebuttal seems about right. We’ll keep it short or at least concise because past articles have already explained where we stand on these matters.

“Microsoft was thus never ever a friend of what later became FS or OSS or FOSS or FLOSS. Microsoft was very much antithetical to it and it still is.”GNU/Linux is a system which goes back to the 1980s, not so long after Micro-Soft had been founded by a couple of sociopaths with a 'Jihad' (Bill Gates’ word) against Free software (see Gates’ infamous open letter to “hobbyists”). They sought to stop the sharing of code (which up to that point was still rather common and predated software patents). Microsoft was thus never ever a friend of what later became FS or OSS or FOSS or FLOSS. Microsoft was very much antithetical to it and it still is. In our “Openwashing” section (in daily links, which we now publish more frequently) we often explain and also show how Microsoft merely paints itself as “open” whilst in practice all the core products remain proprietary software. Azure is proprietary software. Windows is proprietary software. Office is proprietary software. Visual Studio is proprietary software. Exchange is proprietary software. SharePoint is proprietary software. SQL Server is proprietary software. And so on…

What isn’t proprietary software at Microsoft? Usually a few bits and pieces which on their own are pretty useless (like a calculator with surveillance telemetry in it). Last week we wrote that if Linux values security and autonomy, then it will reject the company that started PRISM with the NSA. Microsoft cannot be trusted with security and privacy (see the article at the top; we’ve screenshot it). The corporate media, i.e. the likes of ZDNet and Microsoft ‘fan’ sites (not grassroots), have been endlessly repeating the ridiculous lie which is “Microsoft loves Linux” (in image form and in text; I saw it about a dozen times over the past week alone), but if you call yourself a “journalist” and also say “Microsoft loves Linux,” may we also suggest you publish articles about how Donald Trump’s rape survivors are all “liars” and Lance Armstrong is actually a decent person?

“What isn’t proprietary software at Microsoft? Usually a few bits and pieces which on their own are pretty useless (like a calculator with surveillance telemetry in it).”We’re aware that, as Eren Niazi‏ put it, many media companies are nowadays marketing companies (deception and PR are their business model). He also told me: “Microsoft has a master plan for open source and it’s not good. Open Source is about Freedom, not control. Don’t you all think it’s a little suspicious what Microsoft paid for GitHub?”

For those who don’t know, Niazi‏ is one of the key people behind Open Source and he largely shares my views on Microsoft, including the hijacking of the “Open Source” brand (he sent me many dozens of replies like the above).

“Microsoft has a master plan for open source and it’s not good. Open Source is about Freedom, not control. Don’t you all think it’s a little suspicious what Microsoft paid for GitHub?”
      –Eren Niazi‏
Microsoft is just trying to swallow everything “Open Source” and, if possible, everything “Linux” as well. This isn’t love. This is subjugation. They try to control not only Windows but also the competition of Windows. Their goals have not changed and nowadays they try to hijack the Linux brand (brand dilution), associating Vista 10 with “Linux” — and Googlebombing accordingly — using WSL (WeaSeL). At the end of the day Microsoft wants everyone just using Microsoft at the server side (Azure, no matter the OS) and the desktop side. Love GNU/Linux? Then install WSL from the “store” and check out Microsoft “goodies” like Visual Studio Code and the new “Terminal”.

“A computer on every desk and in every home, running Microsoft software.” This is the mission statement of Microsoft itself; it is the definition of the conditions under which Microsoft itself can declare overall victory.

Microsoft, internal document [PDF]

02.17.19

Amazon’s Patent Policy Should be Enough of a Reason to Boycott Amazon and AWS

Posted in Patents, Servers at 8:47 am by Dr. Roy Schestowitz

Bezos and MbS

Summary: There are many things to criticise Amazon and its founder for; but rarely does the mainstream media bring up the company’s appalling patent policy

THIS post isn’t about infidelity (shown above) or greed; or Bezos betraying his dead worker by meeting the murderer (shown above). It isn’t about him attacking media and its sources (like our EPO sources) or about him being an exhibitionist. It’s not about him raking in billions of dollars from the CIA (AWS contracts) or about him urging all companies to work for the Pentagon. It’s not about him looking to grab taxpayers’ money in New York (corporate welfare) or famously mistreating his employees (we covered some examples based on insiders’ accounts after they had approached us).

Amazon is a really bad company. Nevertheless, a lot of companies still feel comfortable hosting most things if not all things at AWS, i.e. in datacentres that Amazon keeps a secret (unless or until it leaks). It even uses proxy locations to hide where the servers are, just like some clandestine agency. It’s about surveillance and there’s a lot of censorship, too. It’s imperialistic.

“Amazon is a really bad company. Nevertheless, a lot of companies still feel comfortable hosting most things if not all things at AWS…”Amazon’s record with patents — a subject we last covered some months ago — is overlooked by almost everybody. At the European Patent Office, for instance, Amazon pursued the same dubious patents it had received from the U.S. Patent and Trademark Office (USPTO), such as this patent we wrote about some months ago. Amazon isn’t just imperialistic; it’s also monopolistic. It uses software patents to shield its monopoly.

Don’t Use Cloudflare Because You Impose This on People Who Least Want It

Posted in Servers at 8:21 am by Dr. Roy Schestowitz

It may also put these people at risk

Cloudflare

Summary: Reasons to stop making the World Wide Web so heavily dependent on some dubious companies like Cloudflare, which already has a worrisome track record

OVER the years, at work and at home (e.g. in social control media), I have expressed strong (but polite) criticism of Cloudflare (or CloudFlare or CF) and its dangers — to the point where its oversensitive staff decided to block my Twitter account (not due to abuse or because I spoke to them, they just didn’t want to see anything I had said). I’ve rarely come across so thin-skinned a company and recently I have seen people making the very same points. So here’s the gist of it all: Cloudflare is a MitM (man in the middle) and this enables Cloudflare to engage in censorship, surveillance and even worse things. Cloudflare has done both things in the past and was at times caught misusing its power. Cloudflare is no ordinary CDN but a private, for-profit company that’s upselling. At times they also have technical issues and I’ve seen not just companies but public institutions forced offline (or into semi-working order) due to Cloudflare.

Each time we come under heavy DDOS attack (we have not had such issues for a number of months) someone out there asks us why we don’t use Cloudflare. Explaining all the associated issues is time-consuming as the explanation can be lengthy.

“In some cases, for particular countries, having all traffic visible to the US (through an American company with legal obligations to its government) can be a matter of life and death.”I’ve been dealing with Cloudflare since it was a young company, however reluctantly, at work. I’ve seen public institutions coming to rely on this foreign company and relaying all traffic through it. That raises all sorts of legal questions.

The bottom line is, never ever use Cloudflare. When accessing sites that route traffic through Cloudflare one might in fact be denied access (e.g. Tor users or people who rightly reject JavaScript). In that case, it’s wise to leave (not enter the site), instead leaving a note to the Webmaster, urging him/her to drop Cloudflare.

Sites that respect their visitors do not resort to Cloudflare. Building one’s own CDN may be expensive, but what is the worth of your visitors’ rights? In some cases, for particular countries, having all traffic visible to the US (through an American company with legal obligations to its government) can be a matter of life and death.

02.01.19

Stupid Acquisition of the Month (or Year): Red Hat Selling Itself to the World’s Biggest Lobbying Power for Software Patents

Posted in EFF, GNU/Linux, IBM, Patents, Red Hat, Servers at 3:36 am by Dr. Roy Schestowitz

Recent: Latest Talk From IBM’s Manny Schecter Shows That IBM Hasn’t Changed and After the Red Hat Takeover It’ll Continue to Promote Software Patents

Manny Schecter
Photo credit: Esteban Minero

Summary: “Stupid Patent of the Month” is an abstract patent of IBM, a company that is about to take all of Red Hat’s patents while it’s actively bullying lots of companies using software patents and also selling software patents to notorious patent trolls

WHEN the announcement/proclamation of the prospective acquisition of Red Hat was first announced we were cautiously optimistic (it soon turned out that Red Hat had considered selling itself to Microsoft). We were hopeful that IBM would change course, but seeing the latest Patent Trial and Appeal Board (PTAB) inter partes reviews (IPRs) and patent lawsuits in district courts and the Federal Circuit it seems clear that IBM continues gaming the U.S. Patent and Trademark Office (USPTO), lobbying politicians for software patents and so on. They even recruited the former Director of the Office as a lobbyist (David Kappos). We’re going to have to become more vocal given IBM’s continued lobbying for software patents and ongoing bullying with patents on algorithms, even against small entities like online shops/retailers (as the latest IPRs reveal). They’re extorting legitimate businesses using likely illegitmate patents, knowing the cost of invalidating these patents may be too great for these businesses (they might choose to settle, instead). What is going on at the top (management) of IBM? It’s like they don’t give a damn whether Red Hat is becoming a part of them. What is Red Hat’s reaction? So far silence. I asked a few prominent employees, who prefer not to comment (maybe fear of losing their job). I know some people from Red Hat who follow me online; not even one tried to comment/explain/excuse IBM’s behaviour when it comes to this. It’s all silence.

“IBM’s patent policy is extremely incompatible with Red Hat’s.”IBM has been lobbying for abstract patents even in Europe, where software patents aren’t generally allowed (European Patent Office (EPO) President António Campinos does not care what the law says, however, as he’s just another Battistelli with extra secrecy).

At the turn of the new year, seeing that the founder of Watchtroll (Gene Quinn) stepped down as chief editor after 2 decades, we said we would not link to Watchtroll anymore (sending it traffic), not even to rebut its torrent of nonsense. Looking at the latest articles, however, we continue to see more nonsense. “Winning Strategies for Getting Past the Five Types of Patent Examiner” is the title of a new post from Watchtroll. They view examiners as enemies who need to be undermined or fooled/manipulated. How revealing. How anti-scientific of them. Another new post from Watchtroll says “Canada Patent Law Changes Are Bad News for Patent Owners”; by that it means Canada does the right thing and more parasitic lawyers would be out of a job and would likely need a career change.

“Unless the Board of IBM flushed them and replaces them with more Red Hat-like mentality, Red Hat will generally be part of the problem, part of the threat to software development and perhaps to GNU/Linux at large.”Gene Quinn of Watchtroll has just made it abundantly clear, once again, that IBM has not changed because in “IBM Calls for an End to the ‘Legal Fiction’ of Current 101 Law” we’re seeing not even a mild difference/deviation from the old agenda. The outline says: “This marks the final installment in my four-part interview with IBM’s Vice President and Assistant General Counsel Mark Ringes and Chief Patent Counsel Manny Schecter. I found our conversation fascinating and want to thank them both again for their time and insight. Below, we conclude with an in-depth discussion on how the U.S. patent system is affecting startups and the state of enforceability following Director Iancu’s Section 101 Guidance.”

So these are the people at the top of IBM. Unless the Board of IBM flushes them down and replaces them with more Red Hat-like mentality, Red Hat will generally be part of the problem, part of the threat to software development and perhaps to GNU/Linux at large.

“Stupid Patent of the Month” has just been published by Joe Mullin, who joined the EFF about a year ago after he had covered patent trolls a great deal in the media (and he did a good job, unlike the loads of stenography from law firms that dominate patent coverage). Some hours ago he published this post:

In the smartphone era, “distracted driving” is a serious, and well-known, problem. Official warnings about poor driving habits are as old as the automobile itself. The New York Times published a Pulitzer-winning series on distracted driving back in 2009.

Increasingly, technological assists are available for those seeking to manage their smartphone’s distractions while in the car. Apple integrated a “do not disturb while driving” mode into iOS 11, and Google has long had similar functionality in its Android Auto app. Multitudes of third-party smartphone apps exists to address the issue. Finally, more than 50 companies are working on what may be the ultimate solution to distracted driving: autonomous vehicles.

Unfortunately, the U.S. patent system creates warped incentives for emerging software fields like road-safety features. Rather than competing in a challenging space, some players are seeking broadly-worded patents, then hope to sit back and extract profits later.

That may be the strategy of the International Business Machine Corp., which has acquired more U.S. patents than any other company for decades now. This week, IBM was awarded U.S. Patent No. 10,191,462, describing a “Vehicle electronic receptionist.”

This is far from the first time IBM is shown to have pursued (and received) bogus patents on software. None of this seems to be changing following the takeover of Red Hat. This, in turn, makes us rather concerned about Red Hat’s future direction. IBM’s patent policy is extremely incompatible with Red Hat’s.

07.15.17

Amazon is Stockpiling Terrible Patents and Using These for Competitive Advantage

Posted in Microsoft, Patents, Servers at 7:32 am by Dr. Roy Schestowitz

An Amazonian floodgate of bad patents

Amazon

Summary: Demonstrating the real purpose of patent hoards, Amazon too ‘pulls a Microsoft’ and shields its dominance by an atmosphere of sheer fear

MANY older articles of ours spoke about Microsoft’s Azure threat to AWS, namely a patent threat [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13]. We last alluded to it in our previous article. Microsoft can barely compete with the likes of AWS, so it tries gaining leverage by threats (usually patent threats and innuendo, maybe even threats over licensing of Windows/Office). Such is the nature of a company full of liars, crooks, and managers who bribe. They still operate like a cult.

Amazon too, however, is somewhat of a patent parasite, albeit less aggressive than Microsoft (for example, it rarely initiates lawsuits). It habitually promotes software patents not just in the US — something for which it’s hard to forgive Amazon.

In the month of June Amazon received a lot of negative press over patents. Caleb Chen wrote succinctly the following:

Jeff Bezos’s Amazon has been granted a patent for a tool called “Physical Store Online Shopping Control,” which helps brick and mortar locations control users’ online shopping experience when they are at the store and on the store’s WiFi network. If a customer searches for a product or competitor, Amazon would be able to “control” that online experience by redirecting, blocking, or otherwise tampering with your internet traffic.

It’s all about this US patent, which some readers told us about. It certainly looks as though the US patent office granted a software patent that would certainly be invalidated by either PTAB or courts (if tested). A widely-cited report about it said that “Amazon’s long been a go-to for people to online price compare while shopping at brick-and-mortars. Now, a new patent granted to the company could prevent people from doing just that inside Amazon’s own stores.” [via]

This made quite a lot of headlines at the time, e.g. [1, 2], but we didn’t consider it urgent enough to cover until yesterday’s report alleging that Amazon exploits its almost fully dominant position/near-monopoly in the domain of AWS in order to protect itself from patent lawsuits. See this article from Amazon-friendly media:

Amazon Web Services drops controversial patent clause from standard user agreement

Amazon Web Services has quietly dropped a controversial provision from its user agreement that essentially forced customers to agree that they could never file a patent infringement lawsuit against the public cloud vendor.

We are guessing that Amazon did not like this coverage, whereupon it was changed.

This article was later retitled “Amazon Web Services adds IP protection while dropping controversial patent clause from user agreement” (with the URL changing also).

The new title suggests that they made a defensive move, perhaps in response to what Microsoft had done earlier this year. It still leaves customers of small hosting companies (without a big pile of patents) rather vulnerable. That’s not a desirable status quo, is it?

« Previous entries Next Page » Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts