Bonum Certa Men Certa

Beware the Distortion of Terms Like 'Supply Chain', 'Zero Day', and 'Back Door' (New FUD Patterns Against Free Software, a Distraction From the Real Culprits)

Proprietary software is being protected by 'googlebombing' tactics; the biggest weaknesses of proprietary software are being spun as a key problem with "Open Source" and proprietary software's shortcomings are being blamed on the alternative to it

Linux Foundation: repeat what Microsoft says



Summary: Microsofters spread misinformation/disinformation about Free software and security thereof; the corruption (bribery) of organisations such as the so-called 'Linux' Foundation means that Microsoft's misinformation/disinformation now comes out of the mouths of the supposed opposition, too

THE Daily Links in this site habitually add some "Ed"(itorial) comments to highlight FUD (Fear, Uncertainty, Doubt/fear-mongering) and offer some quick response to it. How much can publishers lie for the likes of Microsoft or VMware before those publishers perish due to a lack of credibility and, in turn, a lack of audience?



Earlier today we posted some more examples of this kind in Daily Links. Not a day goes by without several such 'incidents' (misinformation/disinformation).

"The real "supply chain" trouble is Microsoft and proprietary software..."In this post we highlight 3 recent patterns we've noticed. They are semantic lies.

Recently, a Microsoft front group called "Linux Foundation" kept using terms like "supply chain". Years ago nobody used this term in relation to Free software and then Microsoft bought a lot of the so-called 'supply chain', in the form of GitHub and then NPM. Would anyone trust the integrity of code and binaries from a platform controlled by Microsoft and the NSA, whose CSO is a decades-long NSA veteran?

The real "supply chain" trouble is Microsoft and proprietary software; you can't audit what you're getting and it might be intentionally back-doored, taking advantage of this opacity. So why pretend this is a "FOSS" issue?

"If something was fixed or was already patched upstream before disclosure, then it is not a 0-day."Speaking of back-doored code or executables, "backdoor" means not a backdoor anymore. Microsoft-controlled media distorted the term and kept mentioning it in false contexts. Nowadays it just means a server got compromised and then the person who took control of it installed some more stuff. But that's malware and it says nothing about how the malware got on the system in the first place (unless there was an actual back door).

Many would say that servers can be hijacked using critical and remotely-exploitable flaws, set aside bad passwords (those are typically a human failure). But that leads us to the distortion of the definition of "zero day" (or 0-day). If something was fixed or was already patched upstream before disclosure, then it is not a 0-day. If it starts getting exploited the moment it is disclosed, then it's a "1-day". But looking around the Web today, we found several examples of lies to that effect. The media keeps badmouthing Zimbra, but this seems to be a way to distract from several critical Microsoft flaws, including those affecting Exchange. Those are actively being exploited, according to a very recent report. the Zimbra issue is old news (about a month old) and servers have already been patched by responsible administrators, such as my colleagues. Although it seems like the Zimbra hole might be a new one, the last patch partly addresses it. Do not forget that CISA released a list with three Microsoft holes that are actively exploited, including in Exchange, so why shift/divert to talking about Zimbra rather than Exchange? Are they trying to reinforce some false perception that moving away from Exchange would mean equally bad or even worse security?

"The scenario, as per Dan Goodin et al (even sued for defamation already, for utterly poor reporting on security), is nowhere as grim as the Microsoft Exchange situation."What's bothersome here is the repeated distortion of the term "zero day". An associate told us that "'they' must be really worried about the advance of FOSS to spread so much dated FUD about Zimbra and other projects. One giveaway is the use of the marketing phrase "zero-day". That used to mean an exploit that was in active use before the vendor admitted to it existing. Now it just means bug with an exploit."

The scenario, as per Dan Goodin et al (even sued for defamation already, for utterly poor reporting on security), is nowhere as grim as the Microsoft Exchange situation. We already saw that Microsoft goes on for months and months without patching known Exchange flaws, even when it is fully informed that such flaws are actively being exploited already.

Zimbra does E-mail, so that helps distract from what Microsoft is doing, with the real zero days, the real back doors, and the real supply chain crisis. Microsoft monopolises this chain (it's proprietary) and refuses to fix it, leaving the victims helpless. This must be intentional. Or as out associate put it, "paid-for back doors on behalf of those that pay enough, or more specifically bug doors. Those are exploitable bugs about which the payers are informed long in advance of Microsoft getting around to patching them."

"Zimbra does E-mail, so that helps distract from what Microsoft is doing, with the real zero days, the real back doors, and the real supply chain crisis."It's the Windows [sic] of opportunity... Edward Snowden has already provided ample evidence of this. Microsoft keeps giving the NSA and FBI enough time to install a RAT or bootkit before the patches get deployed (too late). "And the FSB and just about any similar agency in all the other Internet-connected countries in the world," our associate noted.

So we're meant to think that the real crisis is Free software and Microsoft lobbyists then push for new, discriminatory laws that stigmatise "Open Source". New zero-day in Microsoft products? Unpatched for months while exploits circulate for months? So the Microsoft shills focus on the something that is "open source"... and repeat endlessly the terms which aren't even applicable to it.

"CISA is a Microsoft reseller working out of the DHS offices," our associated concluded, "which itself is a fraud."

Recent Techrights' Posts

Hate Mail From Anonymous Cowards
if this persists, we'll need to escalate
Informal Open Letter to the Lawyer of the Microsofters (on Who's Funding the SLAPPs Against Techrights)
Whenever I ask about the funding they try to change the subject and act all aggressive
Microsoft Lunduke is Just Provoking People for Provocation's Sake
Be forewarned and remember where this guy came from: Microsoft
 
Most of Geminispace Can Probably Fit on a CD-ROM or a DVD (the Textual Part)
If one excludes very large capsules and ones that contain non-textual contenty
Eventually UEFI 'Secure Boot' Will be Dropped (Users Will Demand Its Removal and Boycott Its Pushers)
we expect OEMs will just listen to users
The Register MS: We Know Slop is a Bubble and Mindless Hype, But We Get Paid to Participate
Call out the culprits
There Are Probably Over a Million Pages in Geminispace
there are two many limitations which merit a mention when it comes to assessing magnitude
Besieged by Plagiarists Who Play With LLMs and Image Fusions
We really need to exercise or use our collective voice to oppose Serial Sloppers
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, August 08, 2025
IRC logs for Friday, August 08, 2025
Gemini Links 09/08/2025: Water Painting and Political Violence
Links for the day
Slopwatch: LLM Sloppers in Google News, LinuxSecurity, and More
they also perpetuate some falsehoods as the LLMs lack any comprehension
Links 08/08/2025: China King of Plastics and US Dictator Plans to Meet Russian Dictator
Links for the day
Gemini Links 08/08/2025: Cracking a Family Member's Password and Overdose of Slop
Links for the day
Red Hat's Latest Talent Hunt, Day Ahead of Mass Layoffs, is Yet Another Microsoft Executive
Red Hat will apparently commence mass layoffs early this coming Monday
Links 08/08/2025: "Quit Facebook" and High Cost of Microsoft/Windows Shown Again ("BlackSuit")
Links for the day
Good Morning, Readers of The Register MS
Things The Register MS could (but does not) cover this morning
Why Gemini Protocol Has a Bright Future
Maybe Gemini Protocol's promise becomes more appealing as the Web turns to slop and bloat
It's a Lot Easier to Participate in the Unethical System Than to Oppose Injustices in It
Going after powerful and high-budget interests is never easy
Microsofters Filed Two SLAPPs Against Us, Now They Cannot Keep Up With Judges' Orders
For over 4 months already their facilitator in London has been under investigation by British authorities because of what's being done to my wife and I
Censorship Regarding Red Hat Layoffs
Talk about this? They'd rather not.
Struggling to Cut Costs, Microsoft Continues Shutting Down and Cancelling Stuff This Month
There are August layoffs at Microsoft
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, August 07, 2025
IRC logs for Thursday, August 07, 2025
Fake 'Linux' Articles, Written by Bots to Take Traffic Away From Real Articles
LLM slop helps replace information with junk or misinformation
When Google's Googlebombing of "Gemini" Was Not Enough; They Now Also Googlebomb "Gemini Space"?
We know GAFAM not only worries about Gemini Protocol but also attempts to 'infiltrate' Geminispace
The Register MS Promotes Microsoft Slop, Assumes All Readers Use Microsoft Windows
Microsoft really dominates the site
Gemini Links 08/08/2025: KDE/Qt Development and What's Missing From "Retro"
Links for the day
Links 07/08/2025: US Punishes India Instead of Russia, Attacks Law Firms to Prevent Scrutiny
Links for the day
Read Us in Geminispace as Well
it's definitely a lot simpler than using a Web browser
Once a Site About BSD and GNU/Linux, and After Months of Silence, LinuxBSDos.com Comes Back Only as a Slopfarm
very frustrating
Links 07/08/2025: Hardware Wars, Mass Recall of Colgate Total Clean Mint, More Microsoft Holes Found
Links for the day
Gemini Links 07/08/2025: "Right To Manage" and LoRa Analysis
Links for the day
For the First Time in a Month OSI's "OpenSource.org" Blogs and It's Basically a Microsoft Blog Post (Microsoft Controls OSI)
For the first time in a month OSI writes something and it is Microsoft propaganda composed by a Microsoft-salaried operative
Microsoft, Already Borrowing 3 Billion Dollars a Month, is Trying to Cause Many People to Resign
MSN (i.e. Microsoft) and others openly admit it
GAFAM 'Says' is Front Page "News"
The point of journalism is to check and assess facts, not parrot what people and companies merely claim
Links 07/08/2025: Apple Makes False Promises, More Trouble for Microsoft
Links for the day
OSS Didn't Always Mean Open Source Software
"oligarchs all the way down"
The Register MS Does More Microsoft Sez or GitHub Sez (Says) Pieces
60 minutes ago
They Want Activists to Just Barely Walk and Eat, Not Do Activism Anymore
It's sort of like the ending of '1984'
Quit Perpetuating the Narrative of Gemini Protocol 'Dying' (It's False)
The "whisper campaign" against Gemini Protocol
Criticising Social Control Media in Social Control Media
Many people are quitting Social Control Media (fewer of them announce this in public)
Non-Free JavaScript Programs in Banks Aren't Even the Biggest Problem
Technology was supposed to make life easier; in practice, however, for most of us the opposite effect can be observed
Slopfarms Are Typically Fake News
Slopfarms typically relay falsehoods
Gemini Links 06/08/2025: Replacing a Pocket Watch and Buying in Bulk
Links for the day
IBM is Obliterating Fedora
"Fedora releases were shipping with an increasing number of bugs on launch day even while I was using it for a several year stretch."
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, August 06, 2025
IRC logs for Wednesday, August 06, 2025