Jim Zemlin/Linux Foundation Selling Anthropic Slop After Getting Bribed for Slop Marketing ('Linux' Foundation is a Pay-to-Say For-Profit Marketing Company That Buys and Manipulates the Media Based on False Pretences)

posted by Roy Schestowitz on May 12, 2026,
updated May 12, 2026

Last month: Latest Example of False Marketing by Anthropic | Anthropic and Claude Are National Security Risks Not Because of Politics But False Marketing and Vandalism, Plagiarism Sold as Innovation

Earlier this month: The NHS is Under Attack by Anthropic and Microsoft (or Their Lemmings That Infect the NHS)

We not only knew this would happen but warned it would happen, knowing what sort of person Jim Zemlin is married to (securities fraud; no technical knowledge at all, just money-chasing fanaticism). Jim Zemlin publicly boasts that his wife controls him and tells how she belittled him if he did not focus on money (on their first date).

Now we see the people who claim to speak for "Linux" (but don't even use it) speaking against Linux to promote a scam. They peddle FUD as a form of marketing.

As Akira Urushibata put it in recent days (with permission granted to reproduce):

The following article describes a security expert's effort to
determine whether Anthropic's claim of "thousands of severe
vvlnerabilies" is true.  He examined the CVE registry.


Researchers Are Trying to Determine How Many Vulnerabilities Claude
Mythos Has Discovered
https://hackmag.com/news/mythos-cves


 VulnCheck specialist Patrick Garrity tried to determine how many
 vulnerabilities Anthropic's new AI model Claude Mythos actually
 discovered as part of the Project Glasswing initiative. Recall that
 the developers had claimed it found thousands of 0-days.


 ...


 Gerrity decided to put Anthropic's bold claims to the test and
 examined the CVE registry, which contains more than 327,000
 entries. He searched for all records containing the word "Anthropic"
 starting from February 2026 and manually analyzed the results.


---


On April 7th Jim Zemlin of the Linux Foundation made a statement
on Project Glasswing.


https://www.linuxfoundation.org/blog/project-glasswing-gives-maintainers-advanced-ai-to-secure-open-source


The message is addressed primarily to "open source" developers.
Zemlin understands that they suffer from limited resources and says
that Project Glasswing would be a blessing because "AI" would assist
arduous security-related work.  He speaks of providing Claude
access to "open source" developers, even going on to suggest that
such access would entice people to accept maintainer roles.


There are several problems.  The above was posted on April 7th.
A month has passed but maintainers are generally unaware of this
proclamation.  The Linux Foundation has not issued any further
statements, indicating an absence of notable progress.


There are many free software projects that maintain critical system
components.  Compiling a comprehensive list is a significant task.
Any attempt to determine who shall be let in and who shall be kept out
should lead to noisy debate, which we currently do not observe.


I believe Jim Zemlin's plan to make Claude available to a large number
of "open source" developers is at odds with the desires of Project
Glasswing member firms.  Glasswing is promoted as a small and tight
group while Zemlin calls for throwing the gates wide open.  Without
resolving this conflict the Linux Foundation cannot make progress.


Linux is the name of a kernel, and the Linux Foundation is built
around kernel developers.  Many people wrongly believe that "Linux" is
the whole OS and do not understand that the Linux Foundation has
absolutely no authority over developers of other OS components.  In
fact many developers are not interested in the Linux Foundation and
pay scant or no attention to announcements on their official website.


In contrast when ordinary people hear that the Linux Foundation is a
Glasswing member, they assume that developers of the "Linux OS" would
be given ample time and resources to deal with security issues.
Unfortunately this is not the case.  A dangerous gap between reality
and perception thereof exists.


---


If we want to compile a list of critical system components, where do
we start?  The Debian Popularity Contest may be the starting point:
https://popcon.debian.org/

Two days later:

Trying to determine what the Linux Foundation is doing to identify
"critical" system packages I found this page:


https://insights.linuxfoundation.org/


  Discover the world's most critical open source projects


So what are they?


Top 30 Open Source Projects
https://insights.linuxfoundation.org/collection/details/top-open-source-projects


  A curated list of the most essential open source projects based on the
  OpenSSF Criticality Score, representing foundational infrastructure
  and frameworks relied upon globally across industries.


Note: although it says "Top 30" actually there are 46 projects listed.


There is little overlap between this list and the Debian base system
and essential packages which naturally rank high in the popularity
contest (popcon) list.  Many projects in the "Top 30 Open Source
Projects" list rank low in Debian popcon or don't appear at all, while
Debian's base system and essential packages don't appear in the Linux
Foundation's list.
Here I examine two examples:


Second in Linux Foundation's "Top 30 Open Source Projects" list is
Flutter.


  Flutter
  https://flutter.dev/


Flutter is powered by the dart language.  If flutter is critical, dart
should be at least equally so but it does not appear in the "Top 30"
list.


Debian does not provide a package for dart.  It seems a package named
"dart" is available from an outside source: it appears low in the
popcon list.  This .deb package may be for the Dynamic Animation and
Robotics Toolkit which has no relation with the dart language.


  DART (Dynamic Animation and Robotics Toolkit)
  https://dartsim.github.io/


Eighth in the "Top 30" list is Godot Engine.


  Godot Engine
  https://godotengine.org/ja/


Godot Engine is a game engine with editor.  It makes developing 2D and
3D games easy.  The godot3 package is provided by Debian.  It ranks low
in popcon.


The Linux Foundation considers a game engine "most essential" and
"relied upon globally across industries."


We can see that the "critical projects" list is poorly focused.  It
doesn't serve its stated purpose and as such gets little attention.


---


So how did Linux Foundation produce the list?


The criticality ranking is produced by an algorithm provided by the
Open Source Security Foundation (OpenSSF), which is affiliated with
the Linux Foundation.  The OpenSSF site has a page explaining the
formula:


Understanding and Applying the OpenSSF Criticality Score in Open
Source Projects
https://openssf.org/blog/2023/07/28/understanding-and-applying-the-openssf-criticality-score-in-open-source-projects/


  The algorithm has three variables, a[i], S[i], and T[i].
  a[i] is the weight of the i'th signal, S[i] is the value of
  the i'th signal, and T[i] is the threshold of the i'th signal.


The person running the algorithm arbitrarily selects the input factors
(or "signals").  The weight a[i] is an arbitrary scalar.  As such this
model gives the person in charge much room for tampering.


For example should someone desire to produce a list with Emacs ranking
high, he could do so by making "number of supported human languages"
"age of project" "percentage of code written in Lisp" input factors
and assigning large weights to them.


The input factors and weights used by the Linux Foundation are not
published.  I haven't found a complete list of projects surveyed.
Neither have I seen criticality scores in the "Top 30" list or
elsewhere.


My guess is that the Linux Foundation needed to produce a criticality
ranking with Linux kernel ranking high, and tweaked around with S[i]
and a[i] to get the desired outcome.  I have seen that kind of
tweaking with multiple regression analysis.


---


Wikipedia provides a compilation of free software directories:


List of free software project directories
https://en.wikipedia.org/wiki/List_of_free_software_project_directories


Linux Foundation is not mentioned in this article.


Akira Urushibata

In relation to the Linux Foundation, whose management is financially controlled not by kernel stakeholders but "slop bros" and other scammers (or scam varieties with the lion's share of the financial leverage).

On 5/8/26 02:31, Akira Urushibata via libreplanet-discuss wrote:

... and the Linux Foundation is built around kernel developers.

I wish that were still the case with the Linux Foundation (LF). While, the LF /was/ built around kernel developers, growing out of the OSDL, nowadays about the only Linux there is in the name. Both it and the OSI have been taken over by microsofters who steer both organizations away from their original goals. See also the similar situations at the companies Canonical and IBM. However, that is just the start of a very long list even if one constrains the scope of the complaint to just ICT.


The financial statements for the LF show, and have shown for years, that only about 2% to 3% of the technical portion of the budget is actually spent on Linux. See page 20 of the latest report¹. On page 58, you see the full numbers:


  $8,410,114     2.95%  Linux Kernel Project
  $6,750,480     2.37%  International Operations
 $15,726,845     5.52%  Community Tooling
 $15,834,749     5.56%  Corporate operations
 $16,813,013     5.90%  Even Services
 $17,733,121     6.23%  Project Infrastructure
 $21,637,925     7.60%  Training
$181,889,435    63.87%  Project Support


Most of the non-kernel line items are spent on some really odd things, not Linux related things. Those odd things include Glasswing and other boondoggles.

A dangerous gap between reality and perception thereof exists.

Yes, good call there. A very dangerous gap between reality and perceptions exists. The late Pieter Hintjens used to assert in his writings that organizations cannot be reformed once they have gone bad. Instead he called for outright replacement when they do turn corrupt. However, in the case of LF that'd be quite hard unless Linus himself were to take his trademark² and walk. I don't know him but from the decades of interviews and articles, he gives the strong impression that he avoids bureaucracy. So that would need some really special circumstances and support in order to even be considered.


Back when Red Hat was a thing that worked out well for him, but now even Red Hat is gone in all but name. So some solution needs to be worked out which will just let him hack on Linux while keeping the microsofters and other saboteurs out of his hair and his project.


/Lars


¹ https://www.linuxfoundation.org/hubfs/Publications/2025%20Linux%20Foundation%20Annual%20Report_122225a_lr.pdf


² https://www.linuxfoundation.org/legal/the-linux-mark

Anthropic is a truly terrible company and a key participant in a giant Ponzi scheme. Zemlin is destroying the credibility of Linux (the brand) because he profits from it. At whose expose? All of us.

Look what they've done to Steven Vaughan-Nichols (SJVN), the 'mentor' of Spamnil (according to Spamnil; both are marketing operatives of Zemlin, on his payroll). This is his latest:

How much closer are they willing to bring the "Linux" brand to pedophilia and sex trafficking? The disrepute severely hurts the community, not GAFAM et al (controlling the brand, an act of predation). █