a8f9ceff0ad97d546e30338a3c0ce610
Media FUD and Anti-FOSS Bills
Creative Commons Attribution-No Derivative Works 4.0
THE corporate media, which is being fed a set of mindless talking points from corporations that fund it (e.g. by buying advertising space), is spreading a lot of Free software-hostile misinformation. It has been particularly true this month. Not a day goes by without us providing several examples in Daily Links, usually with accompanying editorial remarks/response. Thanks to gross bias and corrupting influence of money, so-called 'journalists' (stenographers) try to convince us the worst thing to security is "Open Source", using terms like "supply chain", which became fashionable (distracting from the real culprit, e.g. "MS SQL [proprietary] servers are getting hacked to deliver ransomware to orgs," as just pointed out in Help Net Security, or never noting that this "supply chain" is controlled by proprietary frameworks, e.g. GitHub or NPM, i.e. Microsoft/NSA).
"Some of these sources (e.g. Recorded Future) are connected to spy agencies and spy on IRC networks."One recent rebuttal to the torrent of FUD comes from a podcast of Josh Bressers. It's entitled "Holding open source to a higher standard", alleging that Free software is scrutinised a lot more harshly than proprietary rivals/counterparts. "Open source has always been held to a higher standard," Bressers says. "It has always surpassed this standard."
Sadly, this is the only link we can recommend that readers follow and read. We put it in Daily Links several days ago.
The annoying part was pointed out to us by an associate, alleging that Microsoft "is still milking the log4j vuln[erability] for political gain," based on shallow blog posts and reports [1, 2, 3]. "The FSF, EFF, and OSI (in their old incarnations) need to be in proactive," the associate said, and "contact with the OMB immediately."
Some of these sources (e.g. Recorded Future) are connected to spy agencies and spy on IRC networks. It's a sinister entity.
"CISA, a Microsoft booster, is involved in this."The above corresponds to S.4913 - Securing Open Source Software Act of 2022, which can be found in congress.gov under the title "Securing Open Source Software Act of 2022". It's formalised "concern trolling" in a suit with a tie. The title is misleading.
CISA, a Microsoft booster, is involved in this. To quote from one of the links above: "The Securing Open Source Software Act — sponsored by Senators Gary Peters (D-Mich.) and Rob Portman (R-Ohio) — would require the Cybersecurity and Infrastructure Security Agency (CISA) to create a “risk framework” around the use of open source code within the government and critical infrastructure agency."
"CISA would need to find ways to “mitigate risks in systems that use open source software” as well as hire experienced open source experts to address issues like Log4j. The bill also requires the Office of Management and Budget (OMB) to publish guidance for agencies about how to use open source software securely."
"Notice how they keep mentioning "Log4j"; even about a year later! It had been patched before the public even knew about it."As if the problem is what Microsoft keeps attacking or what's replacing Microsoft.
"The overwhelming majority of computers in the world rely on open source code – freely available code that anyone can contribute to," says this page. But that's its strength, not the weakness, as I explain in the video above. Anyone can fix it, so it gets fixed very fast.
Notice how they keep mentioning "Log4j"; even about a year later! It had been patched before the public even knew about it.
Many publishers intentionally participate in a FUD campaign, e.g. Help Net Security with "Open source projects under attack, with enterprises as the ultimate targets" just a couple of days ago. That's just another wave of anti-Free software FUD; so back doors in proprietary software are OK, but this is... the end of the world? And the sky is falling? This selective attention is a propaganda technique. ⬆