Bonum Certa Men Certa

Small Bugfixes Become Big News in the Age When Fear (of FOSS) Sells

Attempts to belittle the "eyeballs on the code" motto

Eye



Summary: Another week brings another set of bugfixes, which some choose to characterise as a very big deal despite evidence to the contrary

WHEN one has an agenda one can accentuate a particular side by covering it excessively. To be frank, not only FOSS-hostile circles are to be blamed for security hype; even some FOSS-friendly sites are releasing articles like "Linux Malware And Antivirus" or cover every security fix as though it's major news. Consider just the past few days in Softpedia: A Steam OS bugfix is news and the same goes for Ubuntu because these projects make attractive headlines, especially after the whole "Heartbleed" hype [1, 2, 3]. Guess who was behind it: the firm of Microsoft's 'Former' Security Chief. GnuTLS was subjected to the same treatment by the same Microsoft-connected firm because like any project it has bugfixes [1, 2], never mind the real security issues (back doors in proprietary software like Windows).



Amid some of the latest reports from Microsoft-friendly sources and FOSS-friendly sources like SJVN (we cited two of these articles before) we should keep in mind that not all bugs are created equal and if we let every bugfix in a project like Linux or OpenSSL become major news, then we will lose sight of the real issue, which is proprietary software having bugs by design, to facilitate intrusion.

Kevin Poulsen, who did some Wikileaks-hostile coverage back in the days, correctly points out that "After Heartbleed, We’re Overreacting to Bugs That Aren’t a Big Deal". Here is how his article begins:

Here’s something else to blame on last April’s Heartbleed security bug: It smeared the line between security holes that users can do something about, and those we can’t. Getting that distinction right is going to be crucial as we weather a storm of vulnerabilities and hacks that shows no sign of abating.

Last week the OpenSSL Foundation announced it was patching six newly discovered vulnerabilities in the same software that Heartbleed lived in. The first reaction from many of us was a groan–here we go again. Heartbleed triggered what was probably the single largest mass-password change in history: In response to the bug, some 86 million internet users in the U.S. alone changed at least one password or deleted an internet account. The thought of a repeat was (and is) shudder-inducing.


Be aware that there's a disturbing trend right now, where so-called 'security' firms (opportunists/attention whores) or media companies try to exploit general security paranoia (or privacy concerns) to 'sell' us stories about 'gaping holes'; the reality is usually just some routine bugfixes, wrapped up by those who have agenda. Dan Goodin and the Microsoft-connected firm (which even branded a bug) are some of the worst in this regard.

Recent Techrights' Posts

Politicians Ought to Invite Dr. Richard Stallman and Prof. Eben Moglen to Speak About Policies, Licensing, Digital Sovereignty
Is there something in Europe other than RMS' talk this coming Monday (that we're not yet aware of)?
Good Explanation of Why IBM Has Chosen to Conceal Mass Layoffs (of 'Expensive' Staff) as "R.T.O." (Even For People Who Never Worked at the Office to Which They're Ordered to "Return")
Many remaining IBM (or Red Hat) workers in Europe are in "cheaper" places such as Brno
Microsoft's Serial Strangler and Matthew J. Garrett Join Forces in Trying to Gag Techrights (for Exposing Microsoft Corruption and Crimes Against Women)
Whose terrible idea was it?
 
Recent Improvements in Techrights
minimalism works fine when the main goal is to relay information
Slopwatch: Brian Fagioli, Brittany Day (linuxsecurity.com), and Microsoft Misinformation, False Marketing
Serial Sloppers
Censored: Debian Zizian transgender vigilante comparisons in open source Linux communities
Reprinted with permission from Daniel Pocock
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, February 22, 2025
IRC logs for Saturday, February 22, 2025
Links 22/02/2025: OpenAI Plans to Possibly Abandon Microsoft, Facebook Doubles Execs' Bonuses While Sacking Thousands
Links for the day
Gemini Links 22/02/2025: Weekend Chill and Programming Thoughts
Links for the day
Links 22/02/2025: Labour Department Investigates Microsoft Infosys Amid Mass Layoffs, Large Law Firms Caught Red Handed With LLM Slop (Defrauding Clients and Courts)
Links for the day
Gemini Links 22/02/2025: Analog Stuff, Sigil, and SSGs
Links for the day
Microsoft's Market Share in Cameroon Falls to New Lows
This means a lot of Android users (iOS is about 4 times smaller), but Android does not mean freedom
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, February 21, 2025
IRC logs for Friday, February 21, 2025
The Streisand Effect is Real
So don't be evil. Also, don't strangle women.
Links 21/02/2025: Linux Foundation Openwashing, Microsoft Copilot Goes Down
Links for the day
Links 21/02/2025: Doomscrolling and European Ham Radio Show
Links for the day
Free University of Bozen-Bolzano Proud to Host Free Software Talk by Richard Stallman
ahead of Monday's talk
Slopwatch: Anti-Linux Machine-Generated FUD (LLM Slop) From GBHackers, CybersecurityNews, and Guardian Digital, Inc (Google News Promotes Slop Plagiarism, Misinformation)
Companies that lie try to drown out the signal with falsehoods
Links 21/02/2025: TikTok Layoffs, WebOS Software Patents in Bad Hands
Links for the day
Gemini Links 21/02/2025: Web Browsers, Mechanical Shortcuts, and Internet Hygiene
Links for the day
Richard Stallman 'Only' Founded the FSF
there's no reason to be upset at the FSF for keeping their founder in the Board
Techrights Disconnected From the United States Two Years Ago
Did people really need to wait for the US government to become this hostile towards the media before recognising the threat?
Before Trying Censorship by Extortion the Serial Strangler From Microsoft Literally Begged Us to Delete Pages
This is very clearly just a broad campaign of intimidation
Hype Watch: Weeks After Microsoft Disappointed Investors With "Hey Hi" It's Trying Some "Quantum" Hype (Adding Impractical Vapourware to Accompany This Hype and Even LLM Slop in 'News' Clothing)
Remember "metaverse"? What happened to media hype about "blockchain" and "IoT"?
Report About February Mass Layoffs at Microsoft (Third Wave of Microsoft Layoffs in 2025) Comes Back From the Dead
Yesterday we wrote about an article in CRN (reporting Microsoft layoffs) being removed without any reasons specified
Links 21/02/2025: Myanmar Scam Centre and Disruptions at USPTO
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, February 20, 2025
IRC logs for Thursday, February 20, 2025