Bonum Certa Men Certa
Don't Install Pipelight, It Helps Infect the Web With DRM and Microsoft | Links 8/6/2014: Valve Funds Mesa Development, SQLite 3.8.5 Released

Lots of Coverage About FOSS Bugs, No Coverage About Intentional 'Bugs' (Back Doors) in Proprietary Software

Bugs inside blobs are also serious bugs, and sometimes there by design

Bug



Summary: The increased media coverage of bugs in security-sensitive FOSS projects reveals lack of desire to cover much bigger threats, including back doors in proprietary software such as Windows

OpenSSL has been somewhat of a whipping boy of the technology press. One reason is, OpenSSL is widely used, but another is that it's known what the issues are (transparency) and the corporate media sure has agenda. We already gave the example of Dan Goodin, to whom security bugs are only news is they affect FOSS (here is his latest go at it) and now that GnuTLS bugs become public knowledge (after a public release with full source code) there is some more coverage that resembles what we found amid "Heartbleed" hype [1, 2, 3] (in both cases a firm with Microsoft connections claimed credit for other people's discoveries and trumpeted FUD in the press). One can expect the same from Microsoft-funded 'news' networks like IDG and ZDNet, which merely covers an already fixed bug. To quote the summary:



The security team behind the Debian distro are urging users to upgrade their Linux packages after patching a newly-found flaw in the Linux kernel.


This is not an unusual thing. Why it this suddenly front page news?

Notice the pattern. In all cases the bugs are already fixed (users just need to apply updates, unless they have already been applied automatically). This shows a strength of FOSS, not a weakness. The latest OpenSSL patches that we covered a couple of days ago (in daily links) don't relate to or amount to huge risk [1] and these are already patched [2]. The same goes for kernel bugs [3].

What we found highly disturbing here is that despite discoveries that companies like Apple and Microsoft facilitate the NSA with back doors (in secret code) we see an improportionate focus on every small bugfix in projects such as GnuTLS, OpenSSL, and Linux. Someone might be trying very hard to make the point that FOSS is the issue, not back doors which are very much included by design (and hidden in blobs). Reporters who cover bugs in FOSS but are never covering back doors in proprietary software ought to be challenged. Their bias (by omission) should be pointed out to them.

Related/contextual items from the news:


  1. New OpenSSL breech is no Heartbleed, but needs to be taken seriously


  2. OpenSSL Security Update now available for Fedora


  3. Canonical Closes Linux Kernel Vulnerabilities in Ubuntu 14.04 LTS


Don't Install Pipelight, It Helps Infect the Web With DRM and Microsoft | Links 8/6/2014: Valve Funds Mesa Development, SQLite 3.8.5 Released

Recent Techrights' Posts

Web Browsers Are for Rendering Web Page, They Shouldn't Become PDF Editors
Linus Torvalds is quickly learning and speaking about this
Torvalds Capitulated on Rust and Slop, Now He's Paying the Price
they are pushing Microsoft and slop for grifters and scammers
 
IBM is Becoming a Pile of Expired Patents and Abandoned Buildings, Assets of Little Actual Value
Having laid off a ton of people, borrowed lots of money to fake growth (by acquisition), and sent some jobs to low-paid regions where innovation isn't done
Links 20/05/2026: Looting of Americans for "White Grievance Reparations Fund"; "Mark Zuckerberg Used Shell Companies to Bully Native Hawaiians"
Links for the day
SLAPP Censorship - Part 82 Out of 200: British Government Intervenes in the SLAPPs by Brett Wilson LLP
At this stage our matters are dealt with by a layer below that of the Prime Minister (adjacent to it)
LinkedIn Communications Reveal That LinkedIn - Like GitHub - Will Vanish Inside the Belly of Microsoft
This is definitely going to happen.
In Wall Street, Financial Difficulties Drive Shares Up
Wall Street doesn't work that way
The Corrupt Lecture the Non-Corrupt - Part XXVIII - European Patent Office (EPO) Guidebook Says Report Crimes Committed on EPO Premises. Some Did, But President Campinos Covers up for the Culprits.
The staff has long been on strike and the union (SUEPO) organised an enhanced day of action just two days ago
Gemini Links 20/05/2026: Fall of an Empire, "High Tech is a Social Exercise", and Big Cameras
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, May 19, 2026
IRC logs for Tuesday, May 19, 2026
LinkedIn Layoffs at Microsoft: Probably Well More Than 5% of Staff
In short, it's difficult to believe only 5% are impacted
It's Not Just a Widespread Theory, It's Apparently a Verified Fact: Home Appliances Not Made to Last Long
Washing machine repair man asserts that the machines sold a decade ago could maybe last a decade; now they last barely 5 years.
Whistleblowers Needed: We Are Seeing Many Layoffs in Red Hat (Not Just in China), We Want to Know More
Last week we learned about some people who said they had left Red Hat or are leaving Red Hat
Links 19/05/2026: More Obituaries for Peter G. Neumann, Taiwan Abandoned by Cheeto House for Don's Personal Gain
Links for the day
Links 19/05/2026: Online 'Storage' (Surveillance) Accounts Lower Thresholds (Gmail, Google Drive, and Google Photos), Slop Debacles Expand (False Promises Made to Staff Regarding Compensation)
Links for the day
SLAPP Censorship - Part 81 Out of 200: SLAPP Censorship Does Not Work If Your Sole Strategy is Revenge (and You Attack the Family)
Both yours and others'
Techrights at 20 (Soon)
It does not seek popularity or affirmation from "Establishment" outlets
We Pay More for Less, for Things That Last Less Time and Are Almost Impossible to Repair
Ever noticed how "modern" or "smart" TVs come with dumber and dumber (worse) controllers?
Vista 11 Turns 5 in a Couple of Months. Not Many People Use It.
It is the only supported version of Windows; many people move elsewhere
Head of GitHub Recently Left, Microsoft Need No Longer Report Mass Layoffs There (User Activity is Declining)
We've long said that LinkedIn and GitHub, which Microsoft bought, would likely end up like Skype
The Slop Bubble is Already Bursting
Slop is not desirable and the general public is growingly impatient, seeing that slop has improved nothing for them
Gemini Links 19/05/2026: Reliable Old Tech, Collection of Essays
Links for the day
The Corrupt Lecture the Non-Corrupt - Part XXVII - European Patent Office (EPO) Became a "Toxic Work Environment" When Cocaine Addicts Put in Charge
They are putting at risk colleagues by abusing them
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, May 18, 2026
IRC logs for Monday, May 18, 2026
Links 18/05/2026: Slop-induced Shortages, Solicitors Regulation Authority Says It's Unable to Deal With Complaints Load (So Regulation Does Not Really Exist)
Links for the day
Gemini Links 18/05/2026: Ghost Essay and World Wide Web Considered Broken
Links for the day
Cooperation and Collaboration, on a More Personal Level
Rianne, to me, isn't just a wife; she is also my best friend
IBM Has Payroll Problems (Just Like Microsoft)
It's a good thing that many nations around the world are, accordingly if not proactively, divesting from GAFAM
Links 18/05/2026: 25 Years of OLDaily and Dangers of "Living With Too Much Tech"
Links for the day
Trips to London
London isn't a bad place, but it's a long journey and we'd rather stay in Manchester and write about technology
SLAPP Censorship - Part 80 Out of 200: Having Run Out of Time to Meet a Judge's Deadline, Microsoft's Graveley Had Garrett's Lawyers Argued My ~190-Page Defence and CounterClaim (DCC) Was Unclear About My Position
Nothing could be further from the truth
Working in the Shell (and Fish)
Yesterday we spent about 5 hours on the shells and fish
The Corrupt Lecture the Non-Corrupt - Part XXVI - Campinos Has Put Unfit-for-Employment Drug Addicts in Charge of the European Patent Office (EPO)
How many months has Campinos got left before the delegates show him the door?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, May 17, 2026
IRC logs for Sunday, May 17, 2026
Gemini Links 18/05/2026: Poetry, Sauna, and GNU Taler
Links for the day