Bonum Certa Men Certa

The Free Software Community is Exploited by Greedy Business People, It's Not Freeloading (Yet More Name-calling, Trolling and Shaming of Volunteers)



Reprinted with permission from Ryan Farmer

IBM’s new pejorative for people who use Fedora or an Enterprise Linux clone. “Freeloader” (And they don’t want to know about security holes.)



A word that IBM and their fanboys, and remaining unpaid volunteers are bandying about lately, is “Freeloader”.



In IBM Red Hat’s book, anyone who isn’t currently coughing up a subscription fee to use RHEL is “Freeloading”. Basically, they see you as a parasite.



This word doesn’t just apply to a person who grabs Fedora and uses it on their laptop and never files bug reports or anything. It applies more broadly to organizations that deploy a free Enterprise Linux clone to their business because they think they can self-support.



It also applies specifically to Oracle, because even before IBM, Red Hat was already trying to portray Oracle Linux as some sort of “stolen product” with their “Unfakeable Linux” marketing campaign.



Let’s talk about users. Fedora has always had a very transactional relationship with users from Red Hat’s point of view. Users were valuable as bug reporters. We’d get this software on our daily systems for free, and in return, when something went wrong, we were “requested” to file bug reports.



However, IBM doesn’t value bug reports because as the new boss in town, it’s not actually interested in fixing bugs. It wants to hide them, like Microsoft, according to AlmaLinux developers who tried reporting security vulnerabilities in RHEL components.



KnownHost CTO and AlmaLinux Infrastructure Team Leader Jonathan Wright recently posted a CentOS Stream fix for CVE-2023-38403, a memory overflow problem in iperf3. Iperf3 is a popular open-source network performance test. This security hole is an important one, but not a huge problem. Still, it’s better by far to fix it than let it linger and see it eventually used to crash a server.



That’s what I and others felt anyway. But, then, a senior Red Hat software engineer replied, “Thanks for the contribution. At this time, we don’t plan to address this in RHEL, but we will keep it open for evaluation based on customer feedback.” 



[…]



The GitLab conversation proceeded: 



AlmaLinux:  “Is customer demand really necessary to fix CVEs?” 



Red Hat: “We commit to addressing Red Hat defined Critical and Important security issues. Security vulnerabilities with Low or Moderate severity will be addressed on demand when [a] customer or other business requirements exist to do so.”



AlmaLinux: “I can even understand that, but why reject the fix when the work is already done and just has to be merged?” 



At this point, Mike McGrath, Red Hat’s VP of Core Platforms, AKA RHEL, stepped in. He explained, “We should probably create a ‘what to expect when you’re submitting’ doc. Getting the code written is only the first step in what Red Hat does with it. We’d have to make sure there aren’t regressions, QA, etc. … So thank you for the contribution, it looks like the Fedora side of it is going well, so it’ll end up in RHEL at some point.”



One user wrote, “You want customer demand? Here is customer demand. FIX IT, or I will NEVER touch RHEL EVER.” While another, snarked, “Red Hat: We’re going totally commercial because Alma never pushes fixes upstream! Also, Red Hat: We don’t want your fixes, Alma!”



On Reddit, McGrath said, “I will admit that we did have a great opportunity for a good-faith gesture towards Alma here and fumbled.”



Finally, though the Red Hat Product Security team rated the CVE as “‘Important,’ the patch was merged.

-ZDNet Article “AlmaLinux discovers working with Red Hat isn’t easy”


The attitude that Microsoft and IBM share in security vulnerabilities is that they don’t want to touch the fix, even if someone else already wrote it, because it may cause a regression that they then have to spend time and money sorting out.



Microsoft’s attitude is so bad that they use old and insecure versions of gnupg to generate package signatures on their “Linux” software, but it also hardly matters because they point dnf on Fedora or RHEL to their server to get the .asc file, which means that users who have Microsoft programs on their computer can get a copy that’s been tampered with as an “update” and not have any warning, because the attacker can modify the .asc with one that they control, and put that one on the server as part of the attack.



I think it’s, frankly, frightening, that IBM admits that security patches are not one of their highest priorities in such a widely used system as RHEL.



Instead of getting caught up in the “security poser” malarkey, and buzzword bullshit bingo, like Matthew Garrett does with his nerve-grating overuse of things like “attestation”, “TPM”, and “roots of trust”.



These things are not security. If the software you’re using is garbage, your security is garbage. You need to use software from people who just fix their damn bugs, and vendors who get you those patches shipped ASAP. Everything else is basically pointless.



My roots of trust are simple. It’s on my computer, I trust it. Fuck off.



The first and last time I’ve had a computer virus, it was on Windows 98, and Chernobyl (it was set to trigger a malicious BIOS flashing until the ROM was bricked). Thankfully, I pulled it out in time.



I have never had any “Linux malware”, and that record is unbroken since 1998.



Seriously, patch your software, get it from a legitimate source, and don’t worry too much.



If a company is like Microsoft and IBM, and doesn’t want to know about security holes, they don’t deserve their customers on that issue alone.



Where were we? Ah, yes. Freeloading. IBM’s open contempt for Fedora is even worse.



They are throwing out many unpaid volunteers that were doing free work for IBM Red Hat, and calling those people “Freeloaders”, with absolutely no sense of irony, apparently. IBM gets a lot of software for free.



They stopped paying the FSF around the time Molly de Blanc and other unproductives, like Garrett (his last useful code was in the 2000s, I think, when he worked on ACPI), organized people around a defamatory petition against Richard M. Stallman, which Roy Schestowitz points out is a 70 year old man.



But IBM still pulls GNU software without paying for it. And many other people’s software! FREELOADERS!



Users of free clones can be future customers.



The “free” developer license for RHEL, does not allow you to deploy it across your whole organization, get settled in, and then realize you need support after all.



The free clones were an ongoing source of new customers, who would often bring lots of machines with them by the time they approached Red Hat and wanted to do an in-place conversion. This was a serious amount of money.



IBM says they’re just Freeloaders and harasses the distributions that onboard customers into the “Red Hat” way of doing things and land them clients.



Even when they don’t make sales, their product gets more marketshare, which was why they were a de facto “standard”.



Oracle “Freeloading”.



Perhaps most of all, Red Hat (pre-, and post-IBM) had disdain for Oracle Linux, but Oracle didn’t have compelling reasons to lure people away from RHEL wanting an identical product. Oracle is not the authoritative source of RHEL, IBM is. Whatever Oracle consumes is what IBM decided to put in there.



A customer education campaign on this subject would have been better than labeling Oracle as some sort of “stolen product”.



Oracle is not going for exactly the same customers. They have their own “Unbreakable Enterprise Kernel” that is really quite different already, and which boots by default.



UEK is modified to run Oracle-type workloads better than the RHEL Compatible Kernel, but despite this, the compatibility issues with it are rare.



The Linux kernel version does not directly interact with very many programs in userspace so as long as you have a stable kernel that’s getting serviced by someone who knows what they’re doing, you’re probably going to be fine running the RHEL userspace on top of it, which makes IBM’s decision to obscure their kernel all the more bizarre.



The future of RHEL clones is not entirely under IBM’s control anyway.



Already, an alliance (Open Enterprise Alliance Association) of SUSE, Oracle, and CIQ (sponsor of Rocky Linux) have come together to make a “commons” out of the Enterprise Linux source code.



Ironically, the alliance’s Web site pokes fun at IBM.



“The Community Repository for Enterprise Linux Sources No subscriptions. No passwords. No barriers. Freeloaders welcome.



Essentially, IBM has succeeded only in angering a great many people with their antics including washing their hands of Fedora this week, and spurred their competitors into an alliance to reduce the work of maintaining competing RHEL clones.



This has all been so very stupid and avoidable.



The media (bribed) has been focusing on this “AI” nonsense between Microsoft and IBM, but all it will ever do is cost IBM money.



IBM decided to throw away an actual product, and company, that it spent a considerable amount of money acquiring, in the garbage, and pivot to running like some idiotic San Francisco cash furnish with an account at the Bank of Silicon Valley.



It will not end well for them if they proceed.



Recent Techrights' Posts

The UEFI Restricted Boot 'Time Bomb' is About to Go Off in a Few Weeks
Garrett was the first person to face sanctions (like muting) in our IRC channels because of his abuse; worse yet, he hijacked other people's names and then locked them out of their own accounts
Nobody is "Replaced by AI", It's Just a Smokescreen for Jobs Being Eliminated by Lack of Money (Too Much Debt) and Offshoring
It's also why many make the jokes about the "I" in "AI" being "India" or "Indians"
The US Government is Now in the Business (Literally!) of Saving Microsoft and Intel
This means that President TACO/Cheeto now has greater financial incentive to also prop up Microsoft and Windows
 
Links 24/08/2025: Heatwaves Threaten Workers, Maldives Versus Press freedom
Links for the day
Gemini Links 24/08/2025: Digital Cameras and Printers
Links for the day
Links 24/08/2025: GAFAM Lie About Pollution and Slop's Carbon Footprint, The Guardian Says Slop ("Hey Hi") is a Bubble That Will Send Stock Markets Into a Freefall
Links for the day
80% of the Sponsored (Fake) Articles in The Register MS Are Promotions of Ponzi Schemes (Unethical Money), the Rest is Banned Chinese Business
Is that an ethical way to make money? No.
Should Currys PCWorld Start Voiding Warranties of Users of Vista 11?
If a person's laptop has a mechanical issue, should this person replace GNU/Linux with Vista 11 for the repair shop? Only to damage the SSD?
Newer is Not Always Better, and It's Possible That 'Peak' is the Past
People creating their own platforms means progress, whereas centralisation (like moving from blogs to social control media) is the opposite of progress
LLM Hype is Sowing Destruction: It Contributes to DDoS Attacks and Makes the Web Less Accessible (JavaScript "R U Human?" Tests)
If it was googlebot, it would be possible to argue that you'd at least then get referral traffic from Google Search. With LLMs, all you get is plagiarised.
Links 24/08/2025: New York Times Talks About Hey Hi (AI) Bubble
Links for the day
Gemini Links 24/08/2025: Upgrading Debian and Mobile-indifferent Design
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, August 23, 2025
IRC logs for Saturday, August 23, 2025
Richard Stallman's Talk in Buenos Aires Scheduled for 16 November 2025 (a Month After FSF Turns 40)
they've just updated their site and Stallman is listed first
Men Who Abuse Women Should Never Spend Over 3 Years of the UK High Court's Time
This demonstrates that we need a reform in the UK
Slopwatch: Linux Journal, WebProNews, LinuxSecurity, and the Serial Slopper
The bubble needs to burst, but even then the Web will be left with residues of these slopfarms
Links 23/08/2025: Science, War, and Important Win for the British Media Against SLAPPers Who Abuse Women
Links for the day
Gemini Links 23/08/2025: BaseLibre Numerical System and Back to Oldschool
Links for the day
"Deserved Victory" for "Women That Suffered"
"GNM defended its reporting as being both true and in the public interest and in a judgment on Friday"
Links 23/08/2025: onmicrosoft.com as Spam Cannon, The Cheeto-Intel Deal Is Official
Links for the day
Wired Complained About LLM Slop Only Days Before It Got Caught Doing That Itself
Never throw stones in a glass house
IBM "Value" Down 14.16% in a Month, Red Hat Layoffs Allegedly Discussed 12 Days Ago
"IBM is a dinosaur. Dinosaurs get extinct when the don't keep up."
We're Seeing More Countries Where Windows Isn't Even in Second Place Anymore (Third or Worse)
In a way, Microsoft can barely even hold onto second place anymore
Microsoft Workers on Canonical's Payroll
If you want something that's sort of like Ubuntu but is not controlled by Canonical, then look into Linux Mint, Debian, or LMDE
GNU/Linux Climbs to 4% in Sierra Leone
Sierra Leone isn't a very rich country (to say the least), but it's better off than some of its neighbours
The SLAPPS Run Out of Oxygen Because They're Abuse of Process
At the end of the day we plan to publish over 1,000 articles explaining what happened
The Register MS Gets Paid by the Employer of the Previous Editor in Chief to Promote the "AI" Ponzi Scheme, Which Does Considerable Damage to the Web and to Online Journalists
The Register MS can 'badmouth' slop all it wants; it gets paid to inflate this bubble. It's actively participating in it.
Soon It'll be Autumn, Time to Repair Things
Where they don't charge an arm and a leg
Doing Our Best to Cover Software Patents When the Mainstream Media Does Not
Even the FSF has its limits
Gemini Links 23/08/2025: August Questions and Network Solutions
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, August 22, 2025
IRC logs for Friday, August 22, 2025
Microsoft Has Issues in Guyana
It's not just Guyana
About 25% of the "Linux" News/Results in Google News Today Are LLM Slop, Almost 20% From the Same Rogue Operators of Slopfarms
Google, which tries to market itself as an LLM giant, apparently fails to understand what's wrong with it
Harassing People on Holiday
There are "no-go areas"; but that assumes all laws firms have ethical standards
The Great, Undeniable Value of Paper Trail, Not Purely Digital Systems
Suppose you have nothing but bits on someone else's computer and "word of mouth"...
The Company Behind Ars Technica, Reddit and Wired Caught Publishing LLM Slop (It Also Admits It Now)
Condé Nast busted
Links 22/08/2025: Lagrange 1.18.8, Wired Magazine and Business Insider Caught Resorting to LLM Slop
Links for the day
This Saturday It's Gonna be 3.5 Years* Since Russia Invaded Ukraine. No Microsoft Protests Against Microsoft Having Provided Russia With Services.
Companies do not have consistent policies and enforcement of "corporate values" is somewhat of an egg salad
Slopwatch: Sites Gone Rogue, Google Promoting Lies, and DDoS Attacks by Plagiarism Giants
Charlatans and frauds engage in a war against artistic industries, mislabeling plagiarism as "AI"
Links 22/08/2025: Cisco Layoffs, LA Times Says "AI Hype is Fading Fast"
Links for the day
Gemini Links 22/08/2025: K for Kentucky and Caddy Versus LLM Slopbots
Links for the day
The "End Software Patents" Initiative of the FSF Explains "WHY [to] ABOLISH SOFTWARE PATENTS"
We hope to cover patent-related issues more and more as the big anniversary of the FSF approaches
Freenode Sniffing
The grown-ups left the building
The Only Thing Worse Than Misinformation is Misinformation Sold to Everyone as "Intelligence"
Misplaced trust is worse than none at all
The Register MS Now Openly Admits LLM Hype Does Damage, But It's Also Being Paid to Participate in the LLM Hype (With Paid 'Articles' and 'Webcasts' for Paying Advertisers)
The Register MS gets paid to do this
End of the Smartphone Era? No.
Maybe the media should focus on producing accurate, factual news
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, August 21, 2025
IRC logs for Thursday, August 21, 2025
Enshittification of Airports, Airlines, and Airplanes
If people are willing to tolerate standard declines and enshittification (nowadays sold as "pivot to AI" or "replaced by AI" or "AI layoffs") they will pay for it some other way
Latest Is Not Greatest: The Case of "Foldable" Tech
don't be shamed into abandoning old things just because the "fashion industry" of Apple and Samsung tells you to
Airlines and Their Tricks That Only Work in the 'Digital Age'
People sceptical of the direction technology has taken are not "Luddites"
Open Source Initiative (OSI), Which Became a Propaganda Front of Microsoft and "Hey Hi" (Hype, Misnomer), Wants You to Forget These Scandals
A lot of these issues won't be set aside until there's a resolution