Bonum Certa Men Certa

Beware the Distortion of Terms Like 'Supply Chain', 'Zero Day', and 'Back Door' (New FUD Patterns Against Free Software, a Distraction From the Real Culprits)

Proprietary software is being protected by 'googlebombing' tactics; the biggest weaknesses of proprietary software are being spun as a key problem with "Open Source" and proprietary software's shortcomings are being blamed on the alternative to it

Linux Foundation: repeat what Microsoft says



Summary: Microsofters spread misinformation/disinformation about Free software and security thereof; the corruption (bribery) of organisations such as the so-called 'Linux' Foundation means that Microsoft's misinformation/disinformation now comes out of the mouths of the supposed opposition, too

THE Daily Links in this site habitually add some "Ed"(itorial) comments to highlight FUD (Fear, Uncertainty, Doubt/fear-mongering) and offer some quick response to it. How much can publishers lie for the likes of Microsoft or VMware before those publishers perish due to a lack of credibility and, in turn, a lack of audience?



Earlier today we posted some more examples of this kind in Daily Links. Not a day goes by without several such 'incidents' (misinformation/disinformation).

"The real "supply chain" trouble is Microsoft and proprietary software..."In this post we highlight 3 recent patterns we've noticed. They are semantic lies.

Recently, a Microsoft front group called "Linux Foundation" kept using terms like "supply chain". Years ago nobody used this term in relation to Free software and then Microsoft bought a lot of the so-called 'supply chain', in the form of GitHub and then NPM. Would anyone trust the integrity of code and binaries from a platform controlled by Microsoft and the NSA, whose CSO is a decades-long NSA veteran?

The real "supply chain" trouble is Microsoft and proprietary software; you can't audit what you're getting and it might be intentionally back-doored, taking advantage of this opacity. So why pretend this is a "FOSS" issue?

"If something was fixed or was already patched upstream before disclosure, then it is not a 0-day."Speaking of back-doored code or executables, "backdoor" means not a backdoor anymore. Microsoft-controlled media distorted the term and kept mentioning it in false contexts. Nowadays it just means a server got compromised and then the person who took control of it installed some more stuff. But that's malware and it says nothing about how the malware got on the system in the first place (unless there was an actual back door).

Many would say that servers can be hijacked using critical and remotely-exploitable flaws, set aside bad passwords (those are typically a human failure). But that leads us to the distortion of the definition of "zero day" (or 0-day). If something was fixed or was already patched upstream before disclosure, then it is not a 0-day. If it starts getting exploited the moment it is disclosed, then it's a "1-day". But looking around the Web today, we found several examples of lies to that effect. The media keeps badmouthing Zimbra, but this seems to be a way to distract from several critical Microsoft flaws, including those affecting Exchange. Those are actively being exploited, according to a very recent report. the Zimbra issue is old news (about a month old) and servers have already been patched by responsible administrators, such as my colleagues. Although it seems like the Zimbra hole might be a new one, the last patch partly addresses it. Do not forget that CISA released a list with three Microsoft holes that are actively exploited, including in Exchange, so why shift/divert to talking about Zimbra rather than Exchange? Are they trying to reinforce some false perception that moving away from Exchange would mean equally bad or even worse security?

"The scenario, as per Dan Goodin et al (even sued for defamation already, for utterly poor reporting on security), is nowhere as grim as the Microsoft Exchange situation."What's bothersome here is the repeated distortion of the term "zero day". An associate told us that "'they' must be really worried about the advance of FOSS to spread so much dated FUD about Zimbra and other projects. One giveaway is the use of the marketing phrase "zero-day". That used to mean an exploit that was in active use before the vendor admitted to it existing. Now it just means bug with an exploit."

The scenario, as per Dan Goodin et al (even sued for defamation already, for utterly poor reporting on security), is nowhere as grim as the Microsoft Exchange situation. We already saw that Microsoft goes on for months and months without patching known Exchange flaws, even when it is fully informed that such flaws are actively being exploited already.

Zimbra does E-mail, so that helps distract from what Microsoft is doing, with the real zero days, the real back doors, and the real supply chain crisis. Microsoft monopolises this chain (it's proprietary) and refuses to fix it, leaving the victims helpless. This must be intentional. Or as out associate put it, "paid-for back doors on behalf of those that pay enough, or more specifically bug doors. Those are exploitable bugs about which the payers are informed long in advance of Microsoft getting around to patching them."

"Zimbra does E-mail, so that helps distract from what Microsoft is doing, with the real zero days, the real back doors, and the real supply chain crisis."It's the Windows [sic] of opportunity... Edward Snowden has already provided ample evidence of this. Microsoft keeps giving the NSA and FBI enough time to install a RAT or bootkit before the patches get deployed (too late). "And the FSB and just about any similar agency in all the other Internet-connected countries in the world," our associate noted.

So we're meant to think that the real crisis is Free software and Microsoft lobbyists then push for new, discriminatory laws that stigmatise "Open Source". New zero-day in Microsoft products? Unpatched for months while exploits circulate for months? So the Microsoft shills focus on the something that is "open source"... and repeat endlessly the terms which aren't even applicable to it.

"CISA is a Microsoft reseller working out of the DHS offices," our associated concluded, "which itself is a fraud."

Recent Techrights' Posts

Dr. John Campbell on Gates Foundation
Published two days ago
How Much IBM Really Cares About Software Freedom (Exactly One Year Ago IBM Turned RHEL Into Proprietary Software)
RHEL became proprietary software
Workers of the European Patent Office Take the Office to Court Over Pension
pensions still precarious
 
[Meme] IBM Lost the Case Over "Dinobabies" (and People Died)
IBM agreed to pay to keep the details (and embarrassing evidence) secret; people never forgot what IBM called its staff that wasn't young, this keeps coming up in forums
SLAPP as an Own Goal
We have better things to with our limited time
Exactly One Year Ago RHEL Became Proprietary Operating System
Oh, you want the source code of RHEL? You need to pay me money and promise not to share with anyone
Melinda Gates Did Not Trust Bill Gates, So Why Should You?
She left him because of his ties to child sex trafficker Jeffrey Epstein
Fedora Week of Diversity 2024 Was Powered by Proprietary Software
If instead of opening up to women and minorities we might open up to proprietary software, i.e. become less open
18 Countries in Europe Where Windows Fell Below 30% "Market Share"
Many people still use laptops with Windows, but they're outnumbered by mobile users on Android
[Meme] EPO Pensions in the UK
pensioners: looks like another EPO 'reform'
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, June 21, 2024
IRC logs for Friday, June 21, 2024
During Fedora Week of Diversity (FWD) 2024 IBM and Its Subsidiaries Dragged to Court Over Discrimination at the Corporate Level
IBM is a deplorable, racist company
Gemini Links 22/06/2024: FreeBSD vs XFCE and Gemini Bookmarks Syncing Solution
Links for the day
Links 21/06/2024: Matrimony Perils and US-Sponsored COVID-19 Misinformation
Links for the day
"A coming cybersecurity schism" by Dr. Andy Farnell
new from Dr. Andy Farnell
Links 21/06/2024: Overpopulation, Censorship, and Conflicts
Links for the day
IBM and Subsidiaries Sued for Ageism (Not Just for Racism)
This is already being discussed
UEFI is Against Computer Security, Its True Goal is to Curtail Adoption of GNU/Linux and BSDs on Existing or New PCs
the world is moving away from Windows
[Meme] Chat Control (EU) is All About Social Control
It won't even protect children
The Persistent Nature of Freedom Isn't About Easy Routes
Resistance to oppression takes effort and sometimes money
EFF Not Only Lobbies for TikTok (CPC) But for All Social Control Media, Irrespective of Known Harms as Explained by the US Government
The EFF's own "free speech" people reject free speech
Microsoft's Search (Bing) Fell From 3.3% to 1% in Turkey Just Since the LLM Hype Began
Bing fell sharply in many other countries
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, June 20, 2024
IRC logs for Thursday, June 20, 2024
The Real FSF Lost Well Over a Million Dollars Since the Defamation Attacks on Its Founder
2020-2023 income: -$659,756, -$349,927, -$227,857, and -$686,366, respectively
The Fake FSF ('FSF Europe') Connected to Novell Via SUSE, Not Just Via Microsoft (Repeated 'Donations')
'FSF Europe' is an imposter organisation
Just Less Than 3 Hours After Article on Debian Suicide Cluster Debian's Donald Norwood Recycles a Fortnight-Old 'Hit Piece'
The fall of Debian is its attack on its very own volunteers
IPFS censorship, Edward Brocklesby & Debian hacker expulsion
Reprinted with permission from disguised.work
Links 20/06/2024: Dumbphone Experience and Bad Encryption
Links for the day
Official Project Gemini news feed — Five years of Gemini!
the official statement
Ultimate Judgment: the Debian Suicide Cluster
Reprinted with permission from Daniel Pocock
Links 20/06/2024: Bruce Schneier Adds Moderation Policy, FUCKSHITUP Can't Be Trademarked in the US
Links for the day
Mass Layoffs Happening in IBM Subsidiaries, Almost No Media Exists Anymore (to Cover That)
They can drive people out with R.T.O. of lay off in small batches to prevent any media scrutiny
Linux Months-Old News (LWN Uncorrected)
They could at least update the original
Links 20/06/2024: Trying to Maintain Health and the Implosion of LLM Bubble/Hype
Links for the day
Microsoft's Bing Share in Canada Has Only Decreased Since the LLM Hype ("Bing Chat")
According to statCounter
Gemini Links 20/06/2024: Golden Ticket and Looking for Web 1.0 Communities
Links for the day
Not Even TRYING to Compete With Microsoft
CMA (UK) ought to step in and investigate why Canonical (UK) refuses to even compete
Poul-Henning Kamp: Why Freedom in 'FOSS' Matters
Openwashing is more widely recognised as a growing problem
[Meme] EU Chat Control: The Problem is Too Much Privacy???
So what's with GDPR then? The EU is contradicting itself!
Lithuania: GNU/Linux Usage Climbs to Highest Level in Years
consistent abandonment of Microsoft
"Remarkably Little Had Changed."
Black or African American not even mentioned
This Week Fedora Celebrates Diversity, But It is Pushing Proprietary Software and Censorship
IBM openwashing, perception management, and reputation laundering gone awry?
Rumours That Nat Friedman (CEO) Was 'Fired' by GitHub/Microsoft
"Microsoft Refused to Fix Flaw Years Before SolarWinds Hack"
linuxsecurity.com: A Step in a Positive Direction
We hope that Guardian Digital and linuxsecurity.com will rectify the matter and persist with real articles
Links 20/06/2024: Somali Piracy Surges, Juneteenth Discussed
Links for the day
Gemini Links 20/06/2024: Gemini is 5 Today (Still No Gemlog Entry From its Founder)
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, June 19, 2024
IRC logs for Wednesday, June 19, 2024