EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

07.28.19

SUSE Said It Was Becoming Independent But Instead It Became Like an ‘Asset’ of SAP (‘German Microsoft’), Which is Hostile Towards Free Software

Posted in Microsoft, Novell, Servers, SLES/SLED at 8:39 am by Dr. Roy Schestowitz

Summary: It certainly ‘feels’ like SAP ‘took over’ SUSE and it has been ‘long time coming’

A week ago the CEO of SUSE stepped down and there was a lot of media coverage about his successor, who had come from SAP, which is a Microsoft ally that was almost acquired by Microsoft at one point. The media, however, wasn’t paying any attention to what happened to SUSE’s official blog. Over the past couple of months it was almost ‘hijacked’ by SAP, as I pointed out repeatedly in social control media sites. I’d hate to use "tweets" as 'sources', but these mostly link to the originals from SUSE’s own site. Here we go, in chronological order:

07.17.19

Linux Foundation Apparently Celebrates Sysadmin Day With a Microsoft Windows Site!

Posted in GNU/Linux, Kernel, Microsoft, Servers, Windows at 1:34 am by Dr. Roy Schestowitz

“Greed is not a financial issue. It’s a heart issue.”

Andy Stanley

Summary: The Linux Foundation shows ‘love’ to actual GNU/Linux (the real thing) by apparently rejecting it and badmouthing it

WHEN selling the soul of Linux is more profitable than actually promoting this GPL-licensed kernel it’s not hard to understand how the Linux Foundation turned from a supposed ‘charity’ to a massive enterprise and near-monopoly in that space (e.g. events/conferences).

They ‘own’ Linux.com. They control or manage the Linux trademark. So why would they link to anti-Linux stories (authored by “swapnilbhartiya” yesterday)? Because they just do and most of them don’t even use Linux! As someone put it yesterday:

You go to Google, you look for “Linux” news, a site called Linux.com then shows up with anti-Linux material (this isn’t about Linux but bad devices/users). Well done, Swapnil and Jim. The articles posted nowadays in Linux.com give room for concern. Misleadingly-titled FUD.

“You go to Google, you look for “Linux” news, a site called Linux.com then shows up with anti-Linux material (this isn’t about Linux but bad devices/users).”We’ve meanwhile noticed lots of spammy blog posts (yesterday, Sysadmin Day) from the Linux Foundation in various “Linux” blogs. “Linux Security Blog” participated and “It’s FOSS” did so too. Linux Journal said (in the headline) that “the Linux Foundation Is Having a Sysadmin Day Sale,” adding a promotional link with what seems like tracking/referral code. But that in itself isn’t the issue. It seems like the site in question uses Windows for the server, but we’re not entirely sure. It’s very well disguised (see IRC discussion at the bottom).

It would not be unprecedented for the Linux Foundation to use Windows; applicants apply for a job there using LinkedIn (Microsoft), as we’ve noted before and there’s a lot of Microsoft stuff used by the Foundation’s staff (see discussion below; I know this from my old interactions with Foundation staff). Over the past months I’ve had to resort to humour just to get the point across without offending the offenders, for example:

Yesterday I also noticed this text: “Have directly led revenue growth from $20MM to $50MM, from $80MM to $100MM…”

No, that’s not the Foundation’s chief Jim Zemlin (who sold out Linux… for his 'nonprofit' to make about $100,000,000 per year). That’s what his wife’s LinkedIn profile says. It’s all about money and both strive to grow in just one respect: money! From 20 million to 100 million. What is being achieved? Nothing. A Windows-powered and Mac-powered ‘Linux’ Foundation (Linux only in name).

“Large corporations, of course, are blinded by greed. The laws under which they operate require it – their shareholders would revolt at anything less.”

Aaron Swartz


schestowitz Help needed! Am I crazy or is this site WINDOWS-powered? Help me out here, geeks… https://cloud.email.thelinuxfoundation.org/SysadmindaY Jul 17 01:52
-TechrightsBot-tr/#techrights-cloud.email.thelinuxfoundation.org | NO TITLE Jul 17 01:52
schestowitz my initial tests say yes Jul 17 01:52
schestowitz based on more shallow tests Jul 17 01:52
schestowitz I might publish “Celebrates Sysadmin Day With a Microsoft Windows Site!” Jul 17 01:52
schestowitz I mean, LF Celebrates Sysadmin Day With a Microsoft Windows Site! Jul 17 01:52
schestowitz but I am not yet 100% sure it”s Windows at the back end Jul 17 01:53
schestowitz could be mod-speling [sic] in Apache Jul 17 01:53
schestowitz https://identity.linuxfoundation.org/checkout/540473 Jul 17 01:54
-TechrightsBot-tr/#techrights- ( status 404 @ https://identity.linuxfoundation.org/checkout/540473 ) Jul 17 01:54
schestowitz also this.. Jul 17 01:54
schestowitz https://identity.linuxfoundation.org/checkoUt/540473 Jul 17 01:54
-TechrightsBot-tr/#techrights- ( status 404 @ https://identity.linuxfoundation.org/checkoUt/540473 ) Jul 17 01:54
schestowitz note case Jul 17 01:54
schestowitz still works with the token here Jul 17 01:54
schestowitz bloody hell! Jul 17 01:55
schestowitz LF…. you also apply for a job there using LinkedIn (Microsoft) Jul 17 01:55
XRevan86 https://identity.linuxfoundation.org/checkoUt/540473 – Varnish Jul 17 01:56
XRevan86 The first link is served by something else. But it won’t tell by which. Jul 17 01:57
schestowitz can you check with me? Jul 17 01:57
schestowitz this is important Jul 17 01:57
XRevan86 It’s not HTTP/2 capable. Jul 17 01:58
XRevan86 https://cloud.email.thelinuxfoundation.org/ Jul 17 01:59
-TechrightsBot-tr/#techrights- ( status 403 @ https://cloud.email.thelinuxfoundation.org/ ) Jul 17 01:59
XRevan86 The 403 page looks like something done by Apache Tomcat Jul 17 01:59
schestowitz I did the same thing Jul 17 02:00
schestowitz why is the site case insensitive? Jul 17 02:00
schestowitz Also, see page source Jul 17 02:00
schestowitz lots of “MS” bits Jul 17 02:00
schestowitz I want to be 100% sure we don’t get the story, if any at all, wrong Jul 17 02:00
XRevan86 schestowitz: Maybe they configured case-insensitive matching Jul 17 02:01
XRevan86 It is peculiar. Jul 17 02:02
schestowitz no clues in http headers? Jul 17 02:03
schestowitz Ages ago, more than 10 years, I had FF extensions for that Jul 17 02:03
schestowitz before Mozilla killed xul Jul 17 02:03
XRevan86 schestowitz: Not even a Server header. Jul 17 02:03
XRevan86 schestowitz: Firefox’s devtools can do the job. Jul 17 02:04
XRevan86 but I test with curl Jul 17 02:04
schestowitz any other tricks we can employ? Jul 17 02:04
schestowitz This is a big deal if it turns out to be windows Jul 17 02:04
XRevan86 If I had experience with Windows servers, maybe I’d know what to look for… Jul 17 02:04
XRevan86 or with Java servers for that matter… Jul 17 02:05
XRevan86 I know https://linux.org.ru/ is using Tomcat, and it is case-sensitive. Jul 17 02:05
-TechrightsBot-tr/#techrights-LINUX.ORG.RU — Русская информация об ОС Linux Jul 17 02:05
XRevan86 https://www.linux.org.ru/gallery/ – Gallery Jul 17 02:05
-TechrightsBot-tr/#techrights-www.linux.org.ru | Галерея Jul 17 02:05
XRevan86 https://www.linux.org.ru/Gallery/ – 404 Jul 17 02:05
-TechrightsBot-tr/#techrights- ( status 404 @ https://www.linux.org.ru/Gallery/ ) Jul 17 02:05
XRevan86 schestowitz: But maybe it is really mod_speling Jul 17 02:08
XRevan86 and they then just turned off HTTP headers that give away configuration Jul 17 02:08
XRevan86 At least we know it’s Java and not ASP.NET Jul 17 02:09
schestowitz which domain? Jul 17 02:11
XRevan86 cloud.email.thelinuxfoundation.org Jul 17 02:11
cubexyz check with netcraft? Jul 17 02:12
-viera/#techrights-Tux Machines: Proxmox VE 6.0 released! http://www.tuxmachines.org/node/125966 [https://pleroma.site/objects/f3b82e95-d9ea-42e1-b380-6be86812a61b] Jul 17 02:12
XRevan86 cubexyz: Doesn’t tell anything of interest. Jul 17 02:13
schestowitz I thought about it Jul 17 02:13
schestowitz but did not do it Jul 17 02:13
schestowitz as I thought it might not even be on their radar yet Jul 17 02:13
cubexyz merely says “unknown” Jul 17 02:13
schestowitz seems like a new site or some internal “office” crap Jul 17 02:13
schestowitz how else can we test? Jul 17 02:14
schestowitz I don’t want to get the story wrong, that’s all Jul 17 02:14
XRevan86 > OS: F5 BIG-IP Jul 17 02:14
XRevan86 It did say that though Jul 17 02:14
schestowitz as that can be used to discredit everything we ever said re LF Jul 17 02:14
XRevan86 How can it tell? Jul 17 02:14
cubexyz there’s wappalyzer Jul 17 02:14
schestowitz can you have a go at it? Jul 17 02:14
cubexyz sure Jul 17 02:14
schestowitz Maybe they have the OS quite well Jul 17 02:14
schestowitz mind you, they use LOTS of MSFT internalluy Jul 17 02:15
schestowitz I know this from their PR rep Jul 17 02:15
schestowitz but demonstrating it, like link with proof, would help… Jul 17 02:15
cubexyz mysql, php, wordpress, OWL, bootstrap, jquery Jul 17 02:17
XRevan86 cubexyz: I doubt that Jul 17 02:17
XRevan86 there’s no wordpress there Jul 17 02:17
-viera/#techrights-Tux Machines: Univention Corporate Server 4.4-1/Point Release UCS 4.4-1: performance improvements, app recommendations and UDM REST API Beta http://www.tuxmachines.org/node/125967 [https://pleroma.site/objects/94f199ef-a04b-473c-a4a1-288f05bf6166] Jul 17 02:18
schestowitz cubexyz: does not look like wordpress Jul 17 02:19
schestowitz even if you look at page source Jul 17 02:19
schestowitz it looks like a really poorly-made CMS of some kind Jul 17 02:19
schestowitz but I want to know the US Jul 17 02:20
XRevan86 WordPress is PHP. Jul 17 02:20
schestowitz OS Jul 17 02:20
cubexyz no idea, just saying what wappalyzer says Jul 17 02:20
XRevan86 This is Java. Jul 17 02:20
schestowitz I imagine the CMS is proprietary anyway Jul 17 02:20
schestowitz https://twitter.com/schestowitz/status/1151297943745568768 Jul 17 02:21
-TechrightsBot-tr/#techrights-@schestowitz: We are the LINUX FOUNDATION We OWN Linux dot com! We link to anti -Linux stories Because we just do (and we don’t e… https://t.co/UoJrMddR6K Jul 17 02:21
-TechrightsBot-tr/#techrights-@schestowitz: We are the LINUX FOUNDATION We OWN Linux dot com! We link to anti -Linux stories Because we just do (and we don’t e… https://t.co/UoJrMddR6K Jul 17 02:21
schestowitz https://twitter.com/schestowitz/status/1150987858083295232 Jul 17 02:21
-TechrightsBot-tr/#techrights-@schestowitz: “swapnilbhartiya” at #zemlinpac continues using the site LINUX dot com to promote #microsoft crap. [facepalm] https://t.co/BOIY5nmFWU Jul 17 02:21
-TechrightsBot-tr/#techrights–> Aqua Security Launches Microsoft Azure Marketplace Private Offers | Linux.com | The source for Linux information Jul 17 02:21
XRevan86 I don’t think there’s a way to tell Jul 17 02:24
cubexyz thelinuxfoundation.org runs nginx on linux Jul 17 02:25
cubexyz according to netcraft Jul 17 02:25
XRevan86 Does plain Tomcat support “Content-Encoding: gzip”? Jul 17 02:25
schestowitz That would make sense for the main site Jul 17 02:25
schestowitz but for sales etc. Jul 17 02:25
schestowitz not sure Jul 17 02:25
XRevan86 And they’re using AWS Jul 17 02:27
schestowitz that’s not unusual Jul 17 02:27
schestowitz would be worse if they used MSAzure Jul 17 02:28
XRevan86 That’d make my day Jul 17 02:28
XRevan86 Port scanning (nmap) revealed only that whoever configured cloud.email.thelinuxfoundation.org configured the firewall restrictively Jul 17 02:29
XRevan86 At least ICMP is open Jul 17 02:30
XRevan86 80, 113, 443, nothing else Jul 17 02:30
-viera/#techrights-Tux Machines: Network Security Toolkit 30-11210 http://www.tuxmachines.org/node/125968 [https://pleroma.site/objects/ec0ec5d4-88eb-4a05-9512-c9c86c76140a] Jul 17 02:31
XRevan86 The main site has IPv6, cloud.email. doesn’t. Jul 17 02:31
schestowitz I guess we still don’t know what it runs Jul 17 02:33
schestowitz and the checkout (identity) part Jul 17 02:33
schestowitz they got some company from the outside to do it Jul 17 02:33
schestowitz and maybe it’s not Linux Jul 17 02:33
XRevan86 It’s most likely Linux just because the odds are generally in that direction. Jul 17 02:34
XRevan86 Who’d deploy a Java website on Windows? Some kind of insane Microsoft fan I guess. But then, why not ASP.NET? Jul 17 02:34
schestowitz don’t bet on kt! Jul 17 02:34
schestowitz it! Jul 17 02:34
schestowitz This is the LF Jul 17 02:34
XRevan86 oh no Jul 17 02:37
XRevan86 I’ve checked nmap’s capabilities Jul 17 02:37
XRevan86 -O: Enable OS detection Jul 17 02:37
XRevan86 -sV: Probe open ports to determine service/version info Jul 17 02:37
XRevan86 > 443/tcp open   ssl/upnp Microsoft IIS httpd Jul 17 02:37
XRevan86 Guess flipping what Jul 17 02:37
XRevan86 > Running (JUST GUESSING): F5 Networks embedded (93%), F5 Networks TMOS 11.6.X (87%), OpenBSD 4.X (87%) Jul 17 02:38
XRevan86 > OS CPE: cpe:/o:f5:tmos:11.6 cpe:/o:openbsd:openbsd:4.0 Jul 17 02:38
XRevan86 > Aggressive OS guesses: F5 BIG-IP Edge Gateway (93%), F5 BIG-IP Local Traffic Manager load balancer (TMOS 11.6) (87%), OpenBSD 4.0 (87% Jul 17 02:38
XRevan86 Just like netcraft, it thinks it’s most likely something from F5 Jul 17 02:38
XRevan86 but HTTP server probing gave a better idea Jul 17 02:39
XRevan86 schestowitz: Good thing I didn’t bet. Jul 17 02:39
XRevan86 You seem speechless %) Jul 17 02:40
cubexyz isn’t port 443 just HTTP over SSL… not necessarily M$ Jul 17 02:41
XRevan86 cubexyz: That’s “-sV: Probe open ports to determine service/version info” Jul 17 02:41
XRevan86 that’s its guess Jul 17 02:42
cubexyz hmmm, yeah Jul 17 02:43
cubexyz doesn’t look good Jul 17 02:44
schestowitz maybe I will publish IRC noted to accompany this Jul 17 02:44
schestowitz *IRC notes Jul 17 02:44
schestowitz as we are not sure Jul 17 02:44
schestowitz Get a load of this today Jul 17 02:44
schestowitz https://www.redhat.com/en/blog/microsoft-and-red-hat-inspired Jul 17 02:44
-TechrightsBot-tr/#techrights-www.redhat.com | Microsoft and Red Hat, inspired Jul 17 02:44
XRevan86 schestowitz: The evidence is: Jul 17 02:45
XRevan86 1. case-insensitivity for no apparent reason Jul 17 02:45
XRevan86 2. nmap -sV cloud.email.thelinuxfoundation.org guesses HTTP is handled by “Microsoft IIS httpd” Jul 17 02:45
schestowitz I think it is probable Jul 17 02:46
schestowitz as soon as I saw the site and then the structure (marketing cruft appended to URL) Jul 17 02:47
schestowitz Then I checked page source Jul 17 02:47
schestowitz Been there, seen that… red flags Jul 17 02:47
schestowitz Also “cloud” Jul 17 02:47
schestowitz I know they used MS for office things Jul 17 02:47
schestowitz like in-office comms Jul 17 02:47
schestowitz Their PR reps used that to communicate with me ages ago Jul 17 02:47
schestowitz Dan Brown and others… Jul 17 02:48
XRevan86 https://cloud.email.thelinuxfoundation.org/SYSADM~1/ well, at least this didn’t work :D Jul 17 02:49
-TechrightsBot-tr/#techrights- ( status 400 @ https://cloud.email.thelinuxfoundation.org/SYSADM~1/ ) Jul 17 02:49
schestowitz joke or some element of truth to it? Jul 17 02:50
cubexyz didn’t M$ give the win7 code to russia recently? Jul 17 02:50
schestowitz I get the joke Jul 17 02:50
cubexyz or not recently… it may have been a while ago Jul 17 02:50
XRevan86 https://github.com/irsdl/IIS-ShortName-Scanner some element of truth to it Jul 17 02:51
-TechrightsBot-tr/#techrights-GitHub – irsdl/IIS-ShortName-Scanner: latest version of scanners for IIS short filename (8.3) disclosure vulnerability Jul 17 02:51
XRevan86 Tried using https://nmap.org/nsedoc/scripts/http-iis-short-name-brute.html, no effect. Jul 17 02:56
-TechrightsBot-tr/#techrights-nmap.org | http-iis-short-name-brute NSE Script Jul 17 02:56
XRevan86 StackOverflow isn’t either. Jul 17 02:57
XRevan86 nmap -sV detects Varnish on StackOverflow Jul 17 02:59
XRevan86 > via: 1.1 varnish Jul 17 02:59
XRevan86 I thought they’re on Windows Server Jul 17 02:59
schestowitz no, not likely Jul 17 02:59
schestowitz the (co)founder has some MSFT connections Jul 17 02:59
schestowitz books etc. Jul 17 02:59
schestowitz CodingHorror guy Jul 17 03:00
schestowitz the site, however, isn’t so… and he clarified to me he never worked for Microsoft directly Jul 17 03:00
XRevan86 Wikipedia states that Stack Overflow is written in C# Jul 17 03:00
XRevan86 Considering that .NET Core is a very new thing, it is most likely on Windows. Jul 17 03:01
XRevan86 https://en.wikipedia.org/wiki/Stack_Overflow#Technology Jul 17 03:01
-TechrightsBot-tr/#techrights-en.wikipedia.org | Stack Overflow – Wikipedia Jul 17 03:01
XRevan86 I guess they have a separate server as a reverse proxy for security and reliability. Jul 17 03:01
XRevan86 it is also case-insensitive Jul 17 03:03
XRevan86 no Varnish will change that :) Jul 17 03:03
schestowitz that’s quite common Jul 17 03:03
XRevan86 So yea, nmap detected it right. Jul 17 03:03
schestowitz only hours ago at work I deat with Jul 17 03:03
XRevan86 it figured it’s Varnish, and it is Jul 17 03:03
schestowitz apache behind nginx, on Ubuntu/Debian Jul 17 03:04
schestowitz no varnish Jul 17 03:04
schestowitz nginx stuff as reverse proxy Jul 17 03:04
XRevan86 schestowitz: Apache httpd is redundant in this case in most cases. Jul 17 03:04
schestowitz also helps hide fro probers like nmap Jul 17 03:04
XRevan86 schestowitz: The Stack Overflow is different in that they have to get a separate server to do the job. Jul 17 03:05
XRevan86 Because Varnish reportedly doesn’t work on Windows. Jul 17 03:05
XRevan86 * The Stack Overflow case Jul 17 03:05
XRevan86 schestowitz: nginx in front of Apache httpd introduces almost no overhead. Jul 17 03:06
schestowitz yes, or a VM Jul 17 03:06
schestowitz it does not have to run on the host/backend Jul 17 03:06
XRevan86 So… why wouldn’t you, right Jul 17 03:06
schestowitz you could even run it as a VM under Windows Jul 17 03:07
XRevan86 schestowitz: True, but I doubt that’s very efficient either. Jul 17 03:07
XRevan86 It’s a high-load website. Jul 17 03:08
-viera/#techrights-Tux Machines: Seven Concerns Open Source Should Worry About – Part 1 http://www.tuxmachines.org/node/125969 [https://pleroma.site/objects/387bf941-25b0-41b6-be31-c401127a895f] Jul 17 03:09
XRevan86 3. they don’t bother this much on the main website to hide set-up information Jul 17 03:12
XRevan86 Overall it looks like it was an outsource job, and no one cared enough to do it differently. But cared enough to cover the tracks a little bit. Jul 17 03:14
XRevan86 If they really wanted to hide the fact that this is Windows, they’d reverse proxy it. Jul 17 03:15
XRevan86 But I guess since it’s likely not in their network (I didn’t check), the overhead from proxying is unpleasant. Jul 17 03:16
-viera/#techrights-Tux Machines: Top 15 Best Forum Software For Linux in 2019 http://www.tuxmachines.org/node/125970 [https://pleroma.site/objects/f850f594-b34a-40fa-bf10-ee8544d1f956] Jul 17 03:18
schestowitz might be worth checking host location Jul 17 03:24
schestowitz LF is in Portland IIRC Jul 17 03:24
schestowitz if not SF Jul 17 03:24
schestowitz I think it’s ambiguous and some are ‘home workers’ Jul 17 03:24
schestowitz I’m pretty sure Jim Zemlin isSF-based, or somewhere near in CA Jul 17 03:24

07.06.19

Azure Running GNU/Linux Isn’t About ‘Love’ But About Control

Posted in Bill Gates, Deception, GNU/Linux, Microsoft, Servers at 4:11 am by Dr. Roy Schestowitz

Microsoft update servers left all Azure RHEL instances hackable
Microsoft update servers left all Azure RHEL instances hackable (2016)

Summary: Microsoft-friendly ‘journalists’ like the now-arrested Microsoft Peter want us to think that “Microsoft loves Linux” — a valuable Big Lie that’s designed to help Microsoft gain greater control over its “most potent operating system competitor,” according to Bill Gates

THE various sites of CBS, notably ZDNet, told us some days ago that most of Azure had become GNU/Linux instances. I’ve carefully and meticulously picked all the articles about it that I was able to find, taking note that mostly Microsoft boosters were pushing that story (see comments in the second page in relation to more recent articles). With the long weekend (Independence Day) having just begun we suppose we won’t be missing more such stories, so a time for rebuttal seems about right. We’ll keep it short or at least concise because past articles have already explained where we stand on these matters.

“Microsoft was thus never ever a friend of what later became FS or OSS or FOSS or FLOSS. Microsoft was very much antithetical to it and it still is.”GNU/Linux is a system which goes back to the 1980s, not so long after Micro-Soft had been founded by a couple of sociopaths with a 'Jihad' (Bill Gates’ word) against Free software (see Gates’ infamous open letter to “hobbyists”). They sought to stop the sharing of code (which up to that point was still rather common and predated software patents). Microsoft was thus never ever a friend of what later became FS or OSS or FOSS or FLOSS. Microsoft was very much antithetical to it and it still is. In our “Openwashing” section (in daily links, which we now publish more frequently) we often explain and also show how Microsoft merely paints itself as “open” whilst in practice all the core products remain proprietary software. Azure is proprietary software. Windows is proprietary software. Office is proprietary software. Visual Studio is proprietary software. Exchange is proprietary software. SharePoint is proprietary software. SQL Server is proprietary software. And so on…

What isn’t proprietary software at Microsoft? Usually a few bits and pieces which on their own are pretty useless (like a calculator with surveillance telemetry in it). Last week we wrote that if Linux values security and autonomy, then it will reject the company that started PRISM with the NSA. Microsoft cannot be trusted with security and privacy (see the article at the top; we’ve screenshot it). The corporate media, i.e. the likes of ZDNet and Microsoft ‘fan’ sites (not grassroots), have been endlessly repeating the ridiculous lie which is “Microsoft loves Linux” (in image form and in text; I saw it about a dozen times over the past week alone), but if you call yourself a “journalist” and also say “Microsoft loves Linux,” may we also suggest you publish articles about how Donald Trump’s rape survivors are all “liars” and Lance Armstrong is actually a decent person?

“What isn’t proprietary software at Microsoft? Usually a few bits and pieces which on their own are pretty useless (like a calculator with surveillance telemetry in it).”We’re aware that, as Eren Niazi‏ put it, many media companies are nowadays marketing companies (deception and PR are their business model). He also told me: “Microsoft has a master plan for open source and it’s not good. Open Source is about Freedom, not control. Don’t you all think it’s a little suspicious what Microsoft paid for GitHub?”

For those who don’t know, Niazi‏ is one of the key people behind Open Source and he largely shares my views on Microsoft, including the hijacking of the “Open Source” brand (he sent me many dozens of replies like the above).

“Microsoft has a master plan for open source and it’s not good. Open Source is about Freedom, not control. Don’t you all think it’s a little suspicious what Microsoft paid for GitHub?”
      –Eren Niazi‏
Microsoft is just trying to swallow everything “Open Source” and, if possible, everything “Linux” as well. This isn’t love. This is subjugation. They try to control not only Windows but also the competition of Windows. Their goals have not changed and nowadays they try to hijack the Linux brand (brand dilution), associating Vista 10 with “Linux” — and Googlebombing accordingly — using WSL (WeaSeL). At the end of the day Microsoft wants everyone just using Microsoft at the server side (Azure, no matter the OS) and the desktop side. Love GNU/Linux? Then install WSL from the “store” and check out Microsoft “goodies” like Visual Studio Code and the new “Terminal”.

“A computer on every desk and in every home, running Microsoft software.” This is the mission statement of Microsoft itself; it is the definition of the conditions under which Microsoft itself can declare overall victory.

Microsoft, internal document [PDF]

02.17.19

Amazon’s Patent Policy Should be Enough of a Reason to Boycott Amazon and AWS

Posted in Patents, Servers at 8:47 am by Dr. Roy Schestowitz

Bezos and MbS

Summary: There are many things to criticise Amazon and its founder for; but rarely does the mainstream media bring up the company’s appalling patent policy

THIS post isn’t about infidelity (shown above) or greed; or Bezos betraying his dead worker by meeting the murderer (shown above). It isn’t about him attacking media and its sources (like our EPO sources) or about him being an exhibitionist. It’s not about him raking in billions of dollars from the CIA (AWS contracts) or about him urging all companies to work for the Pentagon. It’s not about him looking to grab taxpayers’ money in New York (corporate welfare) or famously mistreating his employees (we covered some examples based on insiders’ accounts after they had approached us).

Amazon is a really bad company. Nevertheless, a lot of companies still feel comfortable hosting most things if not all things at AWS, i.e. in datacentres that Amazon keeps a secret (unless or until it leaks). It even uses proxy locations to hide where the servers are, just like some clandestine agency. It’s about surveillance and there’s a lot of censorship, too. It’s imperialistic.

“Amazon is a really bad company. Nevertheless, a lot of companies still feel comfortable hosting most things if not all things at AWS…”Amazon’s record with patents — a subject we last covered some months ago — is overlooked by almost everybody. At the European Patent Office, for instance, Amazon pursued the same dubious patents it had received from the U.S. Patent and Trademark Office (USPTO), such as this patent we wrote about some months ago. Amazon isn’t just imperialistic; it’s also monopolistic. It uses software patents to shield its monopoly.

Don’t Use Cloudflare Because You Impose This on People Who Least Want It

Posted in Servers at 8:21 am by Dr. Roy Schestowitz

It may also put these people at risk

Cloudflare

Summary: Reasons to stop making the World Wide Web so heavily dependent on some dubious companies like Cloudflare, which already has a worrisome track record

OVER the years, at work and at home (e.g. in social control media), I have expressed strong (but polite) criticism of Cloudflare (or CloudFlare or CF) and its dangers — to the point where its oversensitive staff decided to block my Twitter account (not due to abuse or because I spoke to them, they just didn’t want to see anything I had said). I’ve rarely come across so thin-skinned a company and recently I have seen people making the very same points. So here’s the gist of it all: Cloudflare is a MitM (man in the middle) and this enables Cloudflare to engage in censorship, surveillance and even worse things. Cloudflare has done both things in the past and was at times caught misusing its power. Cloudflare is no ordinary CDN but a private, for-profit company that’s upselling. At times they also have technical issues and I’ve seen not just companies but public institutions forced offline (or into semi-working order) due to Cloudflare.

Each time we come under heavy DDOS attack (we have not had such issues for a number of months) someone out there asks us why we don’t use Cloudflare. Explaining all the associated issues is time-consuming as the explanation can be lengthy.

“In some cases, for particular countries, having all traffic visible to the US (through an American company with legal obligations to its government) can be a matter of life and death.”I’ve been dealing with Cloudflare since it was a young company, however reluctantly, at work. I’ve seen public institutions coming to rely on this foreign company and relaying all traffic through it. That raises all sorts of legal questions.

The bottom line is, never ever use Cloudflare. When accessing sites that route traffic through Cloudflare one might in fact be denied access (e.g. Tor users or people who rightly reject JavaScript). In that case, it’s wise to leave (not enter the site), instead leaving a note to the Webmaster, urging him/her to drop Cloudflare.

Sites that respect their visitors do not resort to Cloudflare. Building one’s own CDN may be expensive, but what is the worth of your visitors’ rights? In some cases, for particular countries, having all traffic visible to the US (through an American company with legal obligations to its government) can be a matter of life and death.

02.01.19

Stupid Acquisition of the Month (or Year): Red Hat Selling Itself to the World’s Biggest Lobbying Power for Software Patents

Posted in EFF, GNU/Linux, IBM, Patents, Red Hat, Servers at 3:36 am by Dr. Roy Schestowitz

Recent: Latest Talk From IBM’s Manny Schecter Shows That IBM Hasn’t Changed and After the Red Hat Takeover It’ll Continue to Promote Software Patents

Manny Schecter
Photo credit: Esteban Minero

Summary: “Stupid Patent of the Month” is an abstract patent of IBM, a company that is about to take all of Red Hat’s patents while it’s actively bullying lots of companies using software patents and also selling software patents to notorious patent trolls

WHEN the announcement/proclamation of the prospective acquisition of Red Hat was first announced we were cautiously optimistic (it soon turned out that Red Hat had considered selling itself to Microsoft). We were hopeful that IBM would change course, but seeing the latest Patent Trial and Appeal Board (PTAB) inter partes reviews (IPRs) and patent lawsuits in district courts and the Federal Circuit it seems clear that IBM continues gaming the U.S. Patent and Trademark Office (USPTO), lobbying politicians for software patents and so on. They even recruited the former Director of the Office as a lobbyist (David Kappos). We’re going to have to become more vocal given IBM’s continued lobbying for software patents and ongoing bullying with patents on algorithms, even against small entities like online shops/retailers (as the latest IPRs reveal). They’re extorting legitimate businesses using likely illegitmate patents, knowing the cost of invalidating these patents may be too great for these businesses (they might choose to settle, instead). What is going on at the top (management) of IBM? It’s like they don’t give a damn whether Red Hat is becoming a part of them. What is Red Hat’s reaction? So far silence. I asked a few prominent employees, who prefer not to comment (maybe fear of losing their job). I know some people from Red Hat who follow me online; not even one tried to comment/explain/excuse IBM’s behaviour when it comes to this. It’s all silence.

“IBM’s patent policy is extremely incompatible with Red Hat’s.”IBM has been lobbying for abstract patents even in Europe, where software patents aren’t generally allowed (European Patent Office (EPO) President António Campinos does not care what the law says, however, as he’s just another Battistelli with extra secrecy).

At the turn of the new year, seeing that the founder of Watchtroll (Gene Quinn) stepped down as chief editor after 2 decades, we said we would not link to Watchtroll anymore (sending it traffic), not even to rebut its torrent of nonsense. Looking at the latest articles, however, we continue to see more nonsense. “Winning Strategies for Getting Past the Five Types of Patent Examiner” is the title of a new post from Watchtroll. They view examiners as enemies who need to be undermined or fooled/manipulated. How revealing. How anti-scientific of them. Another new post from Watchtroll says “Canada Patent Law Changes Are Bad News for Patent Owners”; by that it means Canada does the right thing and more parasitic lawyers would be out of a job and would likely need a career change.

“Unless the Board of IBM flushed them and replaces them with more Red Hat-like mentality, Red Hat will generally be part of the problem, part of the threat to software development and perhaps to GNU/Linux at large.”Gene Quinn of Watchtroll has just made it abundantly clear, once again, that IBM has not changed because in “IBM Calls for an End to the ‘Legal Fiction’ of Current 101 Law” we’re seeing not even a mild difference/deviation from the old agenda. The outline says: “This marks the final installment in my four-part interview with IBM’s Vice President and Assistant General Counsel Mark Ringes and Chief Patent Counsel Manny Schecter. I found our conversation fascinating and want to thank them both again for their time and insight. Below, we conclude with an in-depth discussion on how the U.S. patent system is affecting startups and the state of enforceability following Director Iancu’s Section 101 Guidance.”

So these are the people at the top of IBM. Unless the Board of IBM flushes them down and replaces them with more Red Hat-like mentality, Red Hat will generally be part of the problem, part of the threat to software development and perhaps to GNU/Linux at large.

“Stupid Patent of the Month” has just been published by Joe Mullin, who joined the EFF about a year ago after he had covered patent trolls a great deal in the media (and he did a good job, unlike the loads of stenography from law firms that dominate patent coverage). Some hours ago he published this post:

In the smartphone era, “distracted driving” is a serious, and well-known, problem. Official warnings about poor driving habits are as old as the automobile itself. The New York Times published a Pulitzer-winning series on distracted driving back in 2009.

Increasingly, technological assists are available for those seeking to manage their smartphone’s distractions while in the car. Apple integrated a “do not disturb while driving” mode into iOS 11, and Google has long had similar functionality in its Android Auto app. Multitudes of third-party smartphone apps exists to address the issue. Finally, more than 50 companies are working on what may be the ultimate solution to distracted driving: autonomous vehicles.

Unfortunately, the U.S. patent system creates warped incentives for emerging software fields like road-safety features. Rather than competing in a challenging space, some players are seeking broadly-worded patents, then hope to sit back and extract profits later.

That may be the strategy of the International Business Machine Corp., which has acquired more U.S. patents than any other company for decades now. This week, IBM was awarded U.S. Patent No. 10,191,462, describing a “Vehicle electronic receptionist.”

This is far from the first time IBM is shown to have pursued (and received) bogus patents on software. None of this seems to be changing following the takeover of Red Hat. This, in turn, makes us rather concerned about Red Hat’s future direction. IBM’s patent policy is extremely incompatible with Red Hat’s.

07.15.17

Amazon is Stockpiling Terrible Patents and Using These for Competitive Advantage

Posted in Microsoft, Patents, Servers at 7:32 am by Dr. Roy Schestowitz

An Amazonian floodgate of bad patents

Amazon

Summary: Demonstrating the real purpose of patent hoards, Amazon too ‘pulls a Microsoft’ and shields its dominance by an atmosphere of sheer fear

MANY older articles of ours spoke about Microsoft’s Azure threat to AWS, namely a patent threat [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13]. We last alluded to it in our previous article. Microsoft can barely compete with the likes of AWS, so it tries gaining leverage by threats (usually patent threats and innuendo, maybe even threats over licensing of Windows/Office). Such is the nature of a company full of liars, crooks, and managers who bribe. They still operate like a cult.

Amazon too, however, is somewhat of a patent parasite, albeit less aggressive than Microsoft (for example, it rarely initiates lawsuits). It habitually promotes software patents not just in the US — something for which it’s hard to forgive Amazon.

In the month of June Amazon received a lot of negative press over patents. Caleb Chen wrote succinctly the following:

Jeff Bezos’s Amazon has been granted a patent for a tool called “Physical Store Online Shopping Control,” which helps brick and mortar locations control users’ online shopping experience when they are at the store and on the store’s WiFi network. If a customer searches for a product or competitor, Amazon would be able to “control” that online experience by redirecting, blocking, or otherwise tampering with your internet traffic.

It’s all about this US patent, which some readers told us about. It certainly looks as though the US patent office granted a software patent that would certainly be invalidated by either PTAB or courts (if tested). A widely-cited report about it said that “Amazon’s long been a go-to for people to online price compare while shopping at brick-and-mortars. Now, a new patent granted to the company could prevent people from doing just that inside Amazon’s own stores.” [via]

This made quite a lot of headlines at the time, e.g. [1, 2], but we didn’t consider it urgent enough to cover until yesterday’s report alleging that Amazon exploits its almost fully dominant position/near-monopoly in the domain of AWS in order to protect itself from patent lawsuits. See this article from Amazon-friendly media:

Amazon Web Services drops controversial patent clause from standard user agreement

Amazon Web Services has quietly dropped a controversial provision from its user agreement that essentially forced customers to agree that they could never file a patent infringement lawsuit against the public cloud vendor.

We are guessing that Amazon did not like this coverage, whereupon it was changed.

This article was later retitled “Amazon Web Services adds IP protection while dropping controversial patent clause from user agreement” (with the URL changing also).

The new title suggests that they made a defensive move, perhaps in response to what Microsoft had done earlier this year. It still leaves customers of small hosting companies (without a big pile of patents) rather vulnerable. That’s not a desirable status quo, is it?

02.09.17

OpenSUSE’s (or SUSE’s) Refusal to Publicly Acknowledge It Got Cracked Shows Face-Saving Arrogance Just Like Novell’s

Posted in Deception, Novell, OpenSUSE, Security, Servers, SLES/SLED at 6:16 am by Dr. Roy Schestowitz

SUSE (or MicroFocus) won’t even tell customers when its systems are in fact compromised

Novell cuffs

Summary: The same old and very notorious behaviour we found in Novell persists at SUSE under MicroFocus leadership; security neglected and keeping up appearances more important than honesty

TECHRIGHTS wrote many thousands of articles about Novell. We know Novell extremely well and we have documented its terrible behaviour for over half a decade, well before we began focusing on the EPO for example. As we shall show later, in a separate post, Microsoft’s and Novell’s “IP Peace of Mind” is making a comeback (as of last night), but right now we wish to focus on the crack I first wrote about on Monday (it has since then generated some press coverage, e.g. [1-3] below).

“Remember that no evidence has been presented by SUSE and moreover the gross negligence here is a bad sign in general.”A lot of people still miss the key point. IDG even went ahead with a rather misleading headline, as did Softpedia; rather than state the actual news (that OpenSUSE got cracked) the title says or overstates the ‘damage control’ from SUSE, diverting attention to what was not affected rather than what was affected (a politician’s trick). We used to see lots of that kind of spin back in the Novell days and the 2 articles below, having sought comment from SUSE, give SUSE the benefit of the doubt here. Remember that no evidence has been presented by SUSE and moreover the gross negligence here is a bad sign in general. That’s just “faith-based” security. My article about it was so short that it was mostly a screenshot, yet we understand that further coverage is on its way. So let’s elaborate a little. “They were using an outdated version of WordPress and got zapped,” one person wrote to me after I had published my findings. “It was just the front-end, no code was touched.” But says who? SUSE? Can we believe them?

“Nobody has yet covered that issue as properly as we hoped (poor security practices at SUSE) and the fact that they COMPLETELY FAILED or refused to publicly acknowledge what had happened is a serious aspect of it.”Whatever caused the defacement, it shows that they lost control of their platform. They did get cracked. Softpedia reported that “openSUSE devs immediately restored the news.opensuse.org website from a recent backup” (so the back end too appears to have been compromised).

Nobody has yet covered that issue as properly as we hoped (poor security practices at SUSE) and the fact that they COMPLETELY FAILED or refused to publicly acknowledge what had happened is a serious aspect of it. We waited patiently to see if an announcement would be made by then, even a reassurance that users should not worry. But nothing came out! To this date (half a week later). They attempted to cover it up, which is BAD BAD BAD. For a so-called “Enterprise-Grade” thing which SUSE tries to market itself as (selling SLE*) this is a serious breach of trust. Who would trust SUSE now?

“If someone injected a back door inside SLED and SLES, SUSE would probably say not a thing, only belatedly removing it and then lying about the whole thing, just like Microsoft does.”3 news sites and my own site wrote about it, but not a single word has been uttered by SUSE. They know they got cracked and they are not telling anyone, except when journalists ask them for comment (and press them with evidence).

OpenSUSE has a history of security issues in its sites (see “openSUSE Forum Hacked; 79500 Users Data Compromised” from 2014). Where are the reporters who are willing to ask SUSE some tough questions? Don’t let this slide. If someone injected a back door inside SLED and SLES, SUSE would probably say not a thing, only belatedly removing it and then lying about the whole thing, just like Microsoft does.

In the news:

  1. Kurdish Hacker Posts Anti-ISIS Message on openSUSE’s Website, Data Remains Safe

    Softpedia was informed by Dr. Roy Schestowitz that the openSUSE News (news.opensuse.org) website got defaced by Kurdish hacker MuhmadEmad on the day of February 6, 2017.

    It would appear that the server where the news.opensuse.org website is hosted is isolated from the rest of openSUSE’s infrastructure, which means that the hacker did not have access to any contributor data, such as email and passwords, nor to the ISO images of the openSUSE Linux operating system.

    We already talked with openSUSE Chairman Richard Brown, who confirms for Softpedia that the offered openSUSE downloads remain safe and consistent, and users should not worry about anything. The vigilant openSUSE devs immediately restored the news.opensuse.org website from a recent backup, so everything is operating normally at this time.

  2. OpenSUSE site hacked; quickly restored

    The openSUSE team acted quickly to restore the site. When I talked to Richard Brown, openSUSE chairman, he said that “the server that hosts ‘news.opensuse.org’ is isolated from the majority of openSUSE infrastructure by design, so there was no breach of any other part of openSUSEs infrastructure, especially our build, test and download systems. Our offered downloads remain safe and consistent and there was no breach of any openSUSE contributor data.”

    The team is still investigating the reason for the breach so I don’t have much information. The site ran a WordPress install and it seems that WordPress was compromised.

    This site is not managed by the SUSE or openSUSE team. It is handled by the IT team of MicroFocus. However, Brown said that SUSE management certainly doesn’t want any such incident to happen again and they are considering moving the site to the infrastructure managed by SUSE and openSUSE team.

  3. Best Distros, openSUSE Whoops, Debian 9 One Step Closer

    In the latest Linux news, the news.opensuse.org got hacked and displayed “KurDish HaCk3rS WaS Here” for a while Monday and while the site has been restored, no comment on the hack has been issued. Elsewhere, Debian 9.0 has entered its final freeze in the last steps in preparations for release. FOSS Force has named their winner for top distro of 2016 and Swapnil Bhartiya shared his picks for the best for 2017. Blogger DarkDuck said MX-16 Xfce is “very close to the ideal” and Alwan Rosyidi found Solus OS is giving Elementary OS a run for its money. Phoronix.com’s Michael Larabel explained why he uses Fedora and Jeremy Garcia announced the winners of the 2016 LinuxQuestions.org Members Choice Awards.

    [...]

    openSUSE’s news portal was compromised Monday by a hacker or group of hackers called MuhmadEmad, via the message left in its place. A Kurdish flag with the message “HaCkeD by MuhmadEmad – KurDish HaCk3rS WaS Here” was displayed for hours before it was taken down and the site’s content restored. Roy Schestowitz has a screen capture and said that openSUSE has not yet publicly acknowledged the hack. Swapnil Bhartiya spoke to Richard Brown, openSUSE chairman, who said that site was isolated from most SUSE infrastructure, especially the distribution code. There was no breach of any contributor data either. The site in question is run by MicroFocus, but all are investigating to make sure it’s an isolated incident.

« Previous entries Next Page » Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts