Summary: Why the latest “Future of Open Source Survey” — much like its predecessors — isn’t really a survey but just another churnalism opportunity for the Microsoft-connected Black Duck, which is a proprietary parasite inside the FOSS community

THE “Future of Open Source Survey” is not a survey. It’s just Black Duck’s self-promotional (marketing) tripe packaged as a “survey”. This is a common PR tactic, it’s not unique. We wrote about this so-called ‘survey’ in several articles in the past, e.g.:

• Latest Microsoft Openwashing, Including ‘Future Of Open Source’ Survey From Proprietary Software Company With Microsoft Ties
• False Spokespeople for Free Software
• Microsoft in the Future of Open Source Forum
• Microsoft Proxies Controlling the Open Source Message
• Grooming Microsoft as the Voice of Free/Open Source Software
• The Foot in Stallman’s Face: Bill Gates Still Redefines Free Software
• Microsoft Tired of Pretending to be Nice to Free/Open Source Software (FOSS), Microsoft ‘Open’ Technologies Dumped

We now have more of the same churnalism and it comes from the usual ‘news’ networks, in addition to paid press releases. When we first mentioned Shipley 8 years ago he was busy doing one nefarious thing and two years ago we saw him joining the Microsoft-connected Black Duck. He is quoted as saying (CBS) that “the rapid adoption of open source has outpaced the implementation of effective open-source management and security practices. We see opportunities to make significant improvements in those areas. With nearly half of respondents saying they have no formal processes to track their open source, and half reporting that no one has responsibility for identifying known vulnerabilities and tracking remediation, we expect to see more focus on those areas.” Thanks for the FUD, Mr. Shipley. So where do I buy your proprietary software (and software patents-protected) ‘solution’? That is, after all, what it’s all about, isn’t it? The ‘survey’ is an excuse or a carrier (if not Trojan horse) for proprietary software marketing.

Here is similar coverage from IDG and the Linux Foundation, whose writers did little more than repeat the talking points of Black Duck after the press release got spread around. █

Article as ODF

Publicadaen Free/Libre Software, FUD, GNU/Linux, Microsoft at 10:34 am por el Dr. Roy Schestowitz

El ‘nuevo’ Microsoft no ataca al Free software directamente, o no tán visiblemente como antes, sin embargo todavía lo hace

Sumario: Free software (FOSS) está todavía bajo constante ataque de Microsoft, incluso si estos ataques son ástutamente disfrazados para no poner en riesgo la fantasía de “Microsoft ama a Linux”
LA E.E.E. estrategia de Microsoft (destruir Linux desde su interior) está progresando mientras que Microsoft todavía está tratando de descarrilar activamente toda adopción de GNU/Linux (normalmente a través de servidores proxy). La compañía también patrocina eventos que promueven las patentes de software (que son la antítesis de la libertad del software), como hemos demostrado en varias ocasiones en lo que va de este mes y que continúa demandando (o amenaza con demandar a) los fabricantes de equipos Android a menos que le entregan dinero en efectivo, o en algunos casos como parte del ´arreglo´ installen un montón de Microsoft sofware spyware en Android.
“La compañía también patrocina eventos que promueven las patentes de software (que son la antítesis de la libertad del software), como hemos demostrado en varias ocasiones en lo que va de este mes …”
Recuerden que Microsoft no tiene que atacar a Linux / FOSS/Android abiertamente con el fin de conseguir su objetivo. Una gran cantidad de gente de Microsoft han creado en los últimos años compañías spin-off que se son más servidores proxy de Microsoft, siendo leales a Microsoft, pero periféricos al mismo. Recuerde, por ejemplo, que financió Xamarin antes de que pase a formar parte de Microsoft (lo que era de esperarse). También recuerden que se trata de una unidad llamada Microsoft Licensing (esencialmente un troll de patentes) que pretende ser ‘dueño de’ Android y otros basados en Linux, entonces sistemáticamente toca las puertas de los OEM y exigiendo dinero para su uso/distribución de Linux.

Tim Greene de IDG señala que SourceClear y Black Duck de practicar FOSS FUD; se trata de dos empresas que vinieron de Microsoft con el fin de manchar el software libre y ganar dinero en el proceso. El titular dice “código fuente abierto es frecuente potencialmente peligroso, en aplicaciones empresariales” (Ballmer todavía diríá es un “cáncer”, como si se trata de una enfermedad mortal y Microsoft lo llama “infestaciones de Linux” como si fuera una cucaracha que debe ser aplastado).
“También recuerden que se trata de una unidad llamada Microsoft Licensing (esencialmente un troll de patentes) que pretende ser ‘dueño de’ Android y otros basados en Linux, entonces sistemáticamente toca las puertas de los OEM y exigiendo dinero para su uso/distribución de Linux.”

No sólo detectamos ésto ayer; incluso los lectores nos hablaron de ello hoy; ellos también se están dando cuenta cada vez más que los artículos anti-FOSS todavía están siendo ofrecidos por esos parásitos que están conectados por Microsoft. El colega de Greene, Korolov, hizo esto hace poco más de quince días. Hay que recordar que ambos son empresas conectadas a Microsoft, como hemos señalado aquí antes, y hacia el final hay una mención de White Fuente, quiennoesamigo de FOSS.

Esos llamados ‘periodistas’ sólo sigue hablando a las empresas que se benefician de este FUD y no son software libre en absoluto. Es como un artículo sobre el calentamiento global que invita para las cotizaciones (más completa del mundo) varios ‘expertos’ de las compañías petroleras. El último ejemplo no habla de los muchos problemas de software equivalentes (o peor) proprietarios, en lugar de hablar de la “martes de parches” de Microsoft, lo que deja las puertas traseras para uso de la NSA. Eso es periodismo irresponsable; es más como el cabildeo (por omisión). Y recuerda cuánto dinero fluye de Microsoft para IDG …

“Eso es periodismo irresponsable; es más como el cabildeo (por omisión).”
Microsoft piensa de alguna manera que asociando su software proprietario con “Linux” será lo suficiente para promover la percepción de que es “open” y por lo tanto elegible pare uso gubernamental a nivel mundial (candado proprietario).- Recuérden quién saboteó las centrales núcleares Iraníes – Al mismo tiempo constantemente sigue atacandoa a Linux.
“Predique en algun momento coexistencia pacífica con Windows. Pueden reírse a costa de mí.— Lo merezco.”

–Be’s CEO Jean-Louis Gassée

Summary: Free software (FOSS) is still under constant attacks from Microsoft, even if these attacks are shrewdly masqueraded so as to not jeopardise the “Microsoft loves Linux” fantasy

THE E.E.E. strategy of Microsoft (destroying Linux from the inside) is progressing while Microsoft is still trying to actively derail GNU/Linux adoption (usually via proxies). The company also sponsors events that promote software patents (which are antithetical to software freedom), as we showed several times so far this month and it sues (or threatens to sue) Android OEMs unless they hand over crates of cash, or in some cases agree to preload Android with lots of Microsoft spyware.

“The company also sponsors events that promote software patents (which are antithetical to software freedom), as we showed several times so far this month…”Remember that Microsoft does not need to attack Linux/FOSS/Android directly in order to get its way. A lot of people from Microsoft have over the years created spinoffs that are more like Microsoft proxies, still loyal to Microsoft but peripheral to it. Remember, for instance, who bankrolled Xamarin before it got rolled into Microsoft (as expected). Also remember that it’s a unit called Microsoft Licensing (essentially a patent troll) that claims to ‘own’ Android and other Linux-based systems, then systematically goes knocking on OEMs’ doors and demanding money for the use/distribution of Linux.

Tim Greene at IDG props up SourceClear and Black Duck for FOSS FUD; these are two firms that came from Microsoft in order to smear FOSS and make money in the process. The headline says “Open source code is common, potentially dangerous, in enterprise apps” (Ballmer would still say “cancer” as if it’s a fatal disease and Microsoft calls it “Linux infestations" as if it’s a cockroach that must be squashed).

“Also remember that it’s a unit called Microsoft Licensing (essentially a patent troll) that claims to ‘own’ Android and other Linux-based systems, then systematically goes knocking on OEMs’ doors and demanding money for the use/distribution of Linux.”Not only did we spot this one some time yesterday; even readers told us about it today; they too are increasingly noticing that anti-FOSS articles are still featuring those parasites that are Microsoft-connected. Greene’s colleague, Korolov, did this just over a fortnight ago. Remember that both are Microsoft-connected firms, as we noted here before, and towards the end there’s a mention of White Source, which is no friend of FOSS.

Those so-called ‘reporters’ just keep speaking to firms which profit from this FUD and aren’t FOSS at all. It’s like an article about global warming which invites for quotes (expert advice) various ‘experts’ from oil companies. The latest example doesn’t speak about the many equivalent (or worse) proprietary software issues, instead speaking of the “Patch Tuesday” of Microsoft, which leaves back doors in tact for the NSA. That’s irresponsible journalism; it’s more like lobbying (by omission). And remember how much money flows from Microsoft to IDG…

“That’s irresponsible journalism; it’s more like lobbying.”Microsoft thinks that somehow associating its proprietary software with “Linux” will be enough to promote the perception that it’s “open” and thus eligible for government use worldwide (proprietary lock-in). At the same time Microsoft keeps attacking Linux. █

“I once preached peaceful coexistence with Windows. You may laugh at my expense — I deserve it.”

–Be’s CEO Jean-Louis Gassée

Summary: Black Duck, a company that came from a Microsoft guy, continues to generate negative publicity for Free/Open Source software (FOSS) in order to attract business

YESTERDAY afternoon I was sent this bizarre article with a rather bizarre headline. Upon closer inspection it was from IDG and I immediately suspected (based on the headline alone) that Black Duck had something to do with it. It turned out that I was right.

IDG’s Maria Korolov apparently got used by Black Duck for shameless self-promotion, weeks after all that ‘future’ of Open Source PR/publicity stunt [1, 2, 3] (all the articles about it were listed in our daily links without further comment) or the ‘rookies’ stunt [1, 2, 3]. We tried hard to ignore Black Duck, but Black Duck sure isn’t ignoring FOSS. It’s acting like a parasite feeding off FOSS news, in order to sell its proprietary software of course!

“IDG’s Maria Korolov apparently got used by Black Duck for shameless self-promotion…”As usual, Black Duck, a proprietary software company and false prophet for FOSS, interjected itself into articles about FOSS; this yielded FOSS-hostile headlines in IDG, for example “Public concerned about security flaws in government open source code.” (in CSO)

This article contains Black Duck talking points: “In addition, open source code poses two additional security problems, said Mike Pittenger, vice president of security strategy at Black Duck Software. “Open source projects are often ubiquitous, so if there’s a vulnerability it creates a target-rich environment for attackers,” he said.”

“They are trying to sell proprietary software by piggybacking FOSS.”There is also pure marketing there: “Black Duck is currently tracking more than 1.5 million different open source projects, he added.”

Remember the time Black Duck told the media that it can cost $25,000 to fix a bug in FOSS? That was just months ago. Why does the media keep entertaining these propagandists at all? They are trying to sell proprietary software by piggybacking FOSS. █

Publicado in FUD, GNU/Linux at 6:18 am por el Dr. Roy Schestowitz

Sacando a la luz el aberrante y engañoso modelo de los presentes Medios de Comunicación

Summario: Un sitio llamado Linux Insider, que mucha gente asume ser un sitio de noticias de Linux, esta RELLENO de material HÓSTIL a Linux proveniente de personas asalariadas de Microsoft

El ¨cancer¨ (en la Red) que es IDG (dominante cubridor de tecnología en muchos lenguajes y usualmente atacando a GNU/Linux mientras al mismo tiempo ACEPTANDO DINERO de Microsoft y Apple) está oficialmente a la venta por contrato, pero al mismo tiempo vemos que no sólo sus ¨periodistas¨ pero también sus otros empleados (ejemplo IDC) están produciendo propaganda hóstil a FOSS. Esto tiene que acabar. Un montón de gente todavía se queja acerca Gale Gruman (incluso en nuestros canales IRC) por sus últimos ATAQUES ENGAÑOSOS GRATITOUS contra GNU/Linux, pero el problema es mucho más amplio que esto y hemos estado escribiendo acerca de ello por cási una década.

“Linux Insider ¨Propaganda de Microsoft que ´parece´ noticias de Linux¨.”Richard Adhikari, quien por un número de años ha publicad muchas piezas anti-Linux (or anti-Android) como esta, usualmente alrededor de líneas como el tema de ¨seguridad¨, está hablando a Hilwa de Microsoft. Bueno, no es tán malo como hablar al trístemente célebre Enderle (lo que ECT hace frecuentemente, permitiéndole TIRAR BARRO A LOS COMPETIDORES DE MICROSOFT sin revelar sus lazos con Microsoft) (y también lo han hecho otros) Esta vez él ayuda a promover el marketing de Black Duck, una firma anti-FOSS que proviene de Microsoft. Para citar partes de esta pieza promocional de Adhikari, (PROMOVIENDO TEMOR A FOSS E INCREMENTAR las ventas de Black Duck):

¨Los containers han capturado la imaginación de los desarrolladores por que proveen convenientes paquetes para el desarrollo,¨ dijo Al Hilwa, un director de investigación en IDC.

¨Hemos estado esperándo una variedad de herramiéntas de desarrollo para agregar apoyo a containers, y en este contexto, tiene perfecto sentido ver líderes en scanning de código como Black Duck apoyar Docker containers,¨ dijo a LinuxInsider.

[...]

Herramientas de escáneo nos permite mayores seguras implementaciones, pero los desarrolladores todavía tienen que tomar acción, Hilwa de IDC dijo.

La tecnología de código scanning es análoga a software para scanning de virues, continuó.

¨Un repositorio de metadata para vulnerabilidades o firmas tiene que ser mantenida, y el código es scaneado basado en esto.¨ Hilwa said. ¨The role of the software para scanning es para mantener esta metadata actualizada.¨

¿Sabe Adhikari de dónde proviene Black Duck? ¿Chequeó de dónde Al Hilwa viene? Esto fué publicado en un sitio llamado Linux Insider, (A todos nuestros GNU/Linux usuarios en España y LatinoAmérica urgimos NO desperdiciar so dinero y tiempo en sus publicaciones), pero es anti-Linux huevada PROMOVIENDO A UNA FIRMA CONNECTADA A MICROSOFT, usando puntos hablantes de un ¨ANALISTA¨ conectado a Microsoft. Demuestra mucho lo MAL que están los medios de comunicacion cuyos dueños son grandes CORPORACIONES. Agradescamos que Jack Germain todavía escribe por Linux Insider y a diferencia de Adhikari él no escribe artículos atacándo a GNU/Linux. █

Summary: A site called Linux Insider, which many people may assume to be a Linux news site, is stuffed with Linux-hostile material from people who are connected to Microsoft

The ‘cancer’ (on the Web) which is IDG (dominating technology coverage in many languages and usually attacking GNU/Linux whilst accepting money from Microsoft and Apple) is officially up for sale, but in the mean time we see that not only its writers but also its other employees (e.g. in IDC) produce some FOSS-hostile propaganda. This needs to stop. A lot of people still complain about Galen Gruman (even in our IRC channels) for his latest facts-free attack on GNU/Linux, but the problem is much broader than this and we have been writing about it for almost a decade.

“This was posted in a site called Linux Insider, but it’s anti-Linux nonsense promoting a Microsoft-connected firm, using talking points from a Microsoft-connected ‘analyst’.”Richard Adhikari, who for a number of years has published many anti-Linux (or anti-Android) pieces such as this, usually along the ‘security’ theme, is now talking to Hilwa from Microsoft. Well, it’s not as bad as speaking to Enderle (which ECT does very often, allowing him to smear Microsoft’s competitors without disclosing his ties to Microsoft), but it’s still pretty bad. ECT previously spoke to him without disclosing his relationship with Microsoft (and so have others). This time he helps bolster the marketing for Black Duck, an anti-FOSS firm that came from Microsoft. To quote parts of this promotional piece from Adhikari (promoting fear of FOSS and helping Black Duck drive sales):

“Containers have caught the imagination of developers because they provide convenient bundles for deployment,” said Al Hilwa, a research program director at IDC.

“We have been expecting a variety of software development tools to add support for containers, and in this context, it makes perfect sense to see leading code-scanning players like Black Duck support Docker containers,” he told LinuxInsider.

[...]

Scanning tools do enable more secure deployments, but developers still have to take action, IDC’s Hilwa said.

Code-scanning technology is analogous to virus-scanning software, he continued.

“A repository of vulnerability metadata or signatures has to be maintained, and the code is scanned against it.” Hilwa said. “The role of the scanning software is to keep this metadata up to date.”

Does Adhikari know where Black Duck came from? Did he check where Al Hilwa came from? This was posted in a site called Linux Insider, but it’s anti-Linux nonsense promoting a Microsoft-connected firm, using talking points from a Microsoft-connected ‘analyst’. It demonstrates a lot of what’s wrong with today’s corporate media. Thankfully, Jack Germain still writes for ECT’s Linux Insider and unlike Adhikari he doesn’t just write articles that attack Linux. █

–Otto von Bismarck

Summary: Free/Open Source software (FOSS) is under attack again, and it’s the proprietary software lobby that’s responsible for that

EVERY now and then we see claims that Free software is very dangerous because of licensing obligations, as if proprietary software comes with no licensing obligations and potentially severe fines (if not a jail term!). We also occasionally hear about Free software being dangerous on the security side, despite proprietary software being far worse, merely hiding flaws and rarely patching them (or patching them when it’s too late). Several Web sites published this biased ‘analysis’ composed by two proprietary software ‘sales’ people (HeBS Digital’s Max Starkov and Jaan Paljasma) only a few days ago. They rely on non-technical people actually believing that there are no downsides to proprietary software. It should also be noted that, while several sites distribute this ‘article’ as though it’s an original report, it is actually more like a press release commissioned by a stakeholder. It’s not journalism and some sites fail to flag it accordingly.

In my professional capacity I have built sites using FOSS content management systems (e.g. Drupal, WordPress) for commerce, education, and more. These frameworks are so flexible and so full of modules/plug-ins that virtually everything is possible. Not even once have such sites been compromised due to security bugs (even when some existed and remained unpatched for a while).

“It should also be noted that, while several sites distribute this ‘article’ as though it’s an original report, it is actually more like a press release commissioned by a stakeholder.”Speaking of proprietary software salespeople, the Microsoft-connected Black Duck is at it again. “The study’s findings also highlighted a number of other specific ways the adoption of appropriate internal controls has not kept pace with the increasing use of open source software, leaving many organizations exposed to significant potential risks,” wrote a lawyers’ site, based on this self-promotional press release from Black Duck.

“As highlighted in the Information Week blog DARKReading,” the lawyers’ site said, actually referring to a press release, not a blog. We shall guess that it takes more than average levels of intelligence to distinguish blog posts from press releases. We can also safely assume that Black Duck hasn’t changed its ways. It’s a de facto FUD firm which uses scare tactics for sales of its proprietary software (with software patents on it).

Speaking of Black Duck, distrust its figures or statistics regarding software licences because by taking tiny JavaScript bits of code (typically MIT-licensed) and treating these as equal to large GPL-licensed programs they’ll have us believe that copyleft-type licences are dying. They are comparing apples and oranges, but then again, that’s the art of misleading with so-called statistics. █

Summary: Another company whose business model is monetising (and thus often enhancing) fear, uncertainty and doubt (FUD) over Free/Open Source software (FOSS) and this one too comes from Microsoft

THIS trend has grown rather tiresome. Every now and then we see Microsoft’s tentacles reaching out for areas in FOSS where there is an opportunity to badmouth FOSS. They turn Microsoft’s anti-FOSS rhetoric into their business model. They institutionalise it.

“Another Microsoft guy creates a company that says Free software is not secure and needs some proprietary software ‘medicine’.”Based on a new press release in its various forms/variations [1, 2, 3], we may have yet another OpenLogic or Black Duck in our hands. Another Microsoft guy creates a company that says Free software is not secure and needs some proprietary software ‘medicine’.

SourceClear is not even known (we never heard of it, it seemingly came out of nowhere), it’s a very young firm, and immediately it receives a lot of money and even promotional coverage from the News Corp.-owned Wall Street Journal, which is a Microsoft-friendly publication. The first sentence provides the background one needs to be aware of:

Mark Curphey worked to stamp out software bugs for about a decade as head of the security tools team at Microsoft Corp. and in several other jobs before he realized that the problem was getting worse instead of better.

To quote Gordon B-P: ‘”Worked at MS bugs for a decade” – didn’t do a very good job there then. What makes him think he’ll be able to “secure” OSS?’

Jordan Novet, who is a promoter of Microsoft as we noted the other day, covered this as well, using bug branding such as "Heartbleed", coined by a company which is strongly connected to Microsoft. “It turns out that lots of other [FOSS] libraries have exactly the same issues but have not been reported,” Novet quotes Curphey, whom he describes as “previously a former principal group program manager inside Microsoft’s developer division. [...] SourceClear started in Seattle in 2013…”

“SourceClear started in Seattle in 2013…”
      –Jordan NovetWith OpenLogic, Black Duck, Codenomicon and various other Microsoft-connected (often created by Microsoft people and/or managed by Microsoft people) firms that badmouth FOSS we sure expect SourceClear to be no exception. They serve to distract from the built-in and intentional insecurities of proprietary software such as Windows, including quite famously Vista 10 where back doors are an understatement because everything is recorded and broadcast (total remote surveillance), even without a breach or an access through the back doors.

Microsoft cannot produce secure code because ‘national security’, i.e. many back doors, are a design goal. It helps Microsoft establish a ‘special relationship’ with the state and in fact it just got a contract from a highly notorious company, Taser [1].

Here we are in 2013 onwards — a time when simple bugs in FOSS (a defect affecting one line or two) get all the limelight and receive names, logos etc. whereas Microsoft’s critical zero-day flaws hardly make the headlines. There are many high-impact headlines that make a huge deal of fuss every time a security bug is found in Android (again, just in recent years). We suppose it’s part of a PR campaign in which Microsoft and its partners evidently participate. They are often the ones who come up with the names, logos, and much of the accompanying negative publicity. █

Related/contextual items from the news:

1. Microsoft Helping to Store Police Video From Taser Body Cameras

   Microsoft has joined forces with Taser to combine the Azure cloud platform with law enforcement management tools.

   [..]

   In order to ensure Taser maintains a monopoly on police body cameras, the corporation acquired contracts with police departments all across the nation for the purchase of body cameras through dubious ties to certain chiefs of police.

Yours truly feeding the ducks
near home earlier this year (summer)

Summary: Red Hat’s cooperation with Black Duck serves to legitimise a terrible business model, wherein fear of FOSS is being accentuated and proprietary software ‘solutions’ are being offered

YESTERDAY we became aware of Red Hat turning to Microsoft’s friend, Black Duck. It happened with little prior warning and announced with the press release calling it a “[c]ollaboration to help developers, customers and partners build and run trusted, secure applications with Red Hat container technologies” (as if these are inherently less secure than some proprietary software).

What the articles fail to mention is that Black Duck’s former top manager is from Red Hat and he came back to Red Hat after his stint at this FUD firm (see the old press release titled “Black Duck Software CEO Tim Yeaton Rejoins Red Hat to Lead Newly-Formed Infrastructure Group”). Well, the doors basically revolved, twice even. Maybe that’s why Red Hat came to Black Duck, legitimising what is effectively a parasite inside the FOSS world.

“What the articles fail to mention is that Black Duck’s former top manager is from Red Hat and he came back to Red Hat after his stint at this FUD firm…”We have already found some puff pieces about, saying little more than the press release. One of them says that “Red Hat has collaborated with Black Duck Software to establish a secure and trusted model for containerized application delivery by providing verification that application containers are free from known vulnerabilities and include only certified content. This validation is a major step forward in enabling enterprise-ready application containers, and builds upon the strengths of each company – Red Hat’s position in container technologies and solutions, including its platform and certification strategy, and Black Duck’s position as the provider of comprehensive identification and earliest notification technologies of open source vulnerabilities.”

In its marketing, Black Duck would have us believe that FOSS is terrible at security, even though proprietary software has back doors ‘baked in’ intentionally. NSA et al don’t ‘break into’ Windows any more than Microsoft does; they’re allowed access, by design, intent, and agenda. Days ago we showed how marketers from Black Duck had claimed that it can cost $25,000 to fix a bug in FOSS.

As of early this morning, this new relationship received press coverage from Serdar Yegulalp (writing for IDG), Sean Michael Kerner for QuinStreet and Steven J. Vaughan-Nichols for CBS. The way Vaughan-Nichols put it, “Red Hat and Black Duck want to make sure that when you run a container, it’s really the container you want to run and not a rogue package.”

“In many ways, Black Duck is successful as a marketing company, much like polygraph merchants (among other popular scams like homeopathy).”It sounds good on the surface, but is a proprietary dependence healthy in the long term? Based on Vaughan-Nichols, this isn’t a short-term engagement. “In the long run,” he explains (writing from Red Hat’s town), “the companies plan to include Black Duck technologies as a component of Red Hat’s container certification.”

There are some lazy publications that ended up throwing the self-promotional promotional press release around. The Indian English-speaking press sort of rewrote the press release to make it look more original. Where are the sceptics? Where is the genuine reporting? All we see are puff pieces that relay claims made in a press release.

In many ways, Black Duck is successful as a marketing company, much like polygraph merchants (among other popular scams like homeopathy). █

Summary: The latest FUD campaign and the latest channel/distribution deal from Black Duck, a fake ‘friend’ of Free/Open Source software (FOSS)

THE Microsoft-connected (in many ways) firm Black Duck continues trying to monetise fear of FOSS — a fear that it is itself inflaming if not creating in the first place.

Based on this new article, Black Duck’s Kevin Bland, sporting a fancy job title for what is essentially a non-technical marketing role, makes some tall tales. He really wants companies to buy Black Duck’s proprietary software (with software patents on it).

“Kevin Bland,” says the article, “director of channels and alliances at Black Duck, said that developers often used existing code to speed up the process of bringing an app to fruition and there could be vulnerabilities incorporated into the fresh application.”

Right, and that never happens when people reuse proprietary software… never. Never ever! Bland’s bland spiel continues: “If you wait until launch then it can cost $25,000 per problem to remedy it but if you identify vulnerabilities during the development stage it is about $25 per vulnerability” (wow, no data to back this up, just a magical factor of 1000:1).

Making up the facts as they go along, eh? Here is the marketing announcement about it and something related to that. To quote: “Kilpatrick was speaking as it was announced that Wick Hill has been appointed value added distributor for Black Duck Software in the UK and the DACH (Germany, Austria and Switzerland) region. Black Duck is a US-based worldwide vendor, whose industry-leading products secure and manage Open Source Software, eliminating the pain related to security vulnerabilities, compliance, and operational risk. The company is partnering with Wick Hill as part of its drive to grow sales and expand its reach in the EMEA region.”

“f Wick Hill wants to expand, it probably ought to stay out of the snake oil business.”So that’s what it’s all about, sales of proprietary software. Wick Hill is desperate to expand to EMEA based on the latest news and press releases [1, 2, 3, 4], with mergers and acquisitions reportedly likely.

If Wick Hill wants to expand, it probably ought to stay out of the snake oil business. Even companies that are close to Microsoft (Xamarin for sure) have publicly dismissed Black Duck’s products as useless. What might Wick Hill attempt to distribute next? Polygraphs, which are based on pseudo-science and are a fraud which only misleading marketing can sell? █

Summary: Having spent nearly a decade promoting the fear of Free software licensing, Black Duck now does the same regarding Free software security

Black Duck, the company that virtually came from Microsoft (or a Microsoft veteran), is badmouthing security of Free/libre software again, obviously in order to sell its proprietary software but perhaps to also help proprietary software companies (like Microsoft).

“Black Duck is not part of the Free/Open Source software community but a parasite within it.”Black Duck’s CEO, according to CRN, “spoke on a panel at the MassTLC Security Conference this week, said open-source components are frequently and easily breached.

““If you want to know how to exploit open-source [projects], just go to YouTube and you’ll see how to do it. It’s that easy,” he said.”

Unlike proprietary software? Are there no YouTube videos about how to exploit or take advantage of holes in proprietary software? Nonsense. Over the years I came across quite a few, including nearly a dozen about Novell’s proprietary software (while researching Novell back in the days). The same can be said about the licensing FUD that comes out of Black Duck. Why won’t they ever speak of the BSA with its devastating effects that can sometimes bankrupt a business? Black Duck is not part of the Free/Open Source software community but a parasite within it. █

Photo credit: Neil McAllister

Summary: Microsoft’s relentless attacks on GNU/Linux and Free software in general (even if it runs on Windows) are so evident that claims of ‘love’ remain laughable at best (if not infuriating)

MICROSOFT JUST CANNOT HELP itself. It’s like a scorpion riding a tortoise over a river. It keeps attacking GNU/Linux while claiming that it “loves Linux”. The truth is, Microsoft loathes Linux with a deep passion, but it doesn’t want to show this because it needs to infiltrate Linux events such as LinuxCon. It’s a strategy of entryism. It’s really ugly.

Imagine Microsoft having Linux folks as its keynote guests/speakers in its developers’ events, preaching passionately in favour of Free software (GPL for instance). Microsoft keeps infiltrating every single Linux event that matters. Microsoft is paying for it and it knows that it’s annoying people who pay a lot of money to attend (or whose employers are sponsors). Microsoft runs many developers’ events. Imagine Linux ‘infiltrating’ these. That would be entryism in reverse. But FOSS doesn’t play dirty. We leave the crimes and the unethical deeds to Microsoft.

Several days ago someone wrote to point out that Microsoft speaks nonsense and spread FUD again. To quote:

The giant from Redmond must be desperate since it has to use a controversial story from a relatively small Italian city to combat open source software, as in the mean time many larger deployments also in Italy are happy with LibreOffice and the numbers produced by Provincia di Perugia prove the opposite of the Microsoft-publication.

As Robert Pogson put it: “Why do they keep spreading it? Every time they get caught lying they destroy their own credibility amongst their loyal followers, if there are any left…”

Microsoft and its goons recently spread some more lies about Munich, using media partners which took the words of just two people and made that seem like the whole of Munich was upset with GNU/Linux. “Most people don’t really realize that they have Linux and they do not really care,” wrote Mr. Heath yesterday [1]. He was the first person who wrote a story about this in English, foreseeing and properly preparing for Microsoft’s FUD attacks (Microsoft advocacy sites soon took the story out of context to lie about Munich).

Susan Linton, writing her daily column, said that “everyone reading of this knew that couldn’t be entirely right and today Heath reported, “the bulk of users have not taken issue with the move.” He quoted Munich IT developer, Jan-Marek Glogowski, at DebConf15 saying, “Most people don’t really realize that they have Linux and they do not really care, they want to do their stuff.” That’s not to say there aren’t issues and growing pains, primarily keeping up with hardware support with LTS Ubuntu-base, but plans are to keep forging ahead. Robert Pogson linked to the actual video from DebConf15.”

So basically we have just Microsoft FUD going on. Here is a new article that is just more utter lies, maybe ‘prepared’ propaganda from Microsoft (misleading, inaccurate) [2]. They have totally made up the ‘facts’ to sell people the illusion that GNU/Linux is a failure. It’s that same old tired Munich lobbying from Microsoft Germany. As Pogson noted:

Lately, in the news, we read that agitators are still pushing to roll back GNU/Linux desktops.

They really are just “agitators”; there are only 2 of them at the moment, but they are joined by Microsoft spinners who have access to newspapers and/or news sites. “Munich councillors want to return to proprietary software,” wrote Gijs Hillenius in the European press, but we are speaking about just “two councillors [who] have not yet responded to emails seeking their position on interoperability” (if they know what it is at all, as they’re non-technical). Maybe they need to ask Microsoft Germany.

This headline, “Munich Officials Who Dumped Windows For Linux Want Microsoft’s OS Back” [3], is also a lie because it’s not the same officials, there’s no change of mind, there are just 2 dissenting voices.

This latest round of anti-GNU/Linux FUD is not something that we are unfamiliar with. We wrote dozens of in-depth articles about this. Munich is a large-scale migration and as we showed in previous years, Microsoft usually orchestrates this FUD behind the scenes. Sometimes some information leaks out to the media, showing Microsoft’s role in it (occasionally through proxies like HP). All we have here is a PR exercise, not news. █

Related/contextual items from the news:

1. Here’s the one ‘major problem’ facing Munich after switching from Windows to Linux

   In spite of complaints from a couple of councillors about the Limux OS, the city council said the bulk of users have not taken issue with the move.

   “Most people don’t really realize that they have Linux and they do not really care,” said Jan-Marek Glogowski, a developer in the IT team at the City of Munich told the DebConf Debian developers meeting earlier this month.

2. Report: 1 major Linux migration that went awry

   Whatever the case, the city of Munich will have to wait it out for another year at least. According to The Inquirer, a review and subsequent response into the future IT policy will not take place until the end of 2016.

3. Munich Officials Who Dumped Windows For Linux Want Microsoft’s OS Back

Summary: Black Duck is still carrying water for Microsoft and pretends to be working for ‘Open Source’, despite doing it much harm and doing nothing that is actually Open Source

AN ARTICLE titled “The channel’s role in improving open source security” cites a FUD ‘study’ from Black Duck, the firm which, by its very own admission (high level), was created to spread FUD against GPL and discourage its use/adoption.

“Don’t forget that Ohloh, just like Black Duck, was created by people from Microsoft. “The day beforehand we saw gross revisionism that said the firm “set up in 2002 not as an anti-malware tool or a security outfit, but as a ‘curator’” (that’s a lie). All that Black Duck has become is a parasite and a back stabber, wielding software patents and proprietary software.

Another thing that Black Duck turns out to have killed, based on this new post, is Open HUB. It’s said to be “dead” now, maybe because it doesn’t serve the agenda of Black Duck anymore. To quote:

Some may recall it as Ohloh, then it was taken over by Black Duck Software and now runs under the name of Open HUB, the open source network to “Discover, Track and Compare Open Source”. What a laugh. Since Black Duck took over things continuously have gotten worse, spinning repository updates became infrequent, and now OpenHUB simply can’t catch up with all projects, their engine for months was months behind with updating source code, and now completely fails on big repositories.

Don’t forget that Ohloh, just like Black Duck, was created by people from Microsoft. They both should be treated as such. █

–Steve Ballmer, Microsoft’s CEO at the time

Summary: Corporate media helps stigmatise Free/Open Source software as unsuitable for commercial use and once again it uses the ‘security’ card

SEVERAL days ago in our daily links we includes two articles that used the term “commercial software” (to mean proprietary software). Both cited Synopsys. It is amazing that even in 2015 there are some capable of making this error, maybe intentionally. Commercial software just means software that is used commercially. A lot of it is Free/Open Source software (the corporate media prefers the term “Open Source” to avoid discussion about the F word, “freedom”).

“Commercial software just means software that is used commercially.”Yesterday we found yet another headline which repeats the same formula (as if they all received the same memo), calling proprietary software “commercial software”, thereby reinforcing the false dichotomy and the stigma of Free software. “Looking at our Java defect density data through the lens of OWASP Top 10,” says Synopsys, “we observe that commercial software is significantly more secure than open source software.”

Another article from yesterday reminded us that Free software takes security very seriously and top/leading Free software projects are widely regarded (even by Coverity) as more secure than proprietary counterparts. Oddly enough, Synopsys links to a “Coverity Scan Open Source Report 2014″, not 2015, and the report is behind walled gardens, so it is hard to check if these headlines tell the whole story or just part of it. The analysis itself is done by proprietary software, whose methods are basically a secret. Go figure…

We recently saw some very gross distortions where security issues in proprietary software got framed as a Free software issues. As we have repeatedly demonstrated and stressed over the past years and a half, there seems to be a campaign of FUD, ‘branding’, and logos (the latest being targeted at Android/MMS) whose goal is to create or cement a damaging stereotype while always ignoring back doors and even front doors in proprietary software (now out in the open because of the British Prime Minister and the ringleader of the FBI). █

–Microsoft, internal document [PDF]

Summary: At the CBS-owned ZDNet, which is Free/Open Source software-hostile, new FUD surfaces, but the FUD is so flawed that a full rebuttal is easy and almost imperative

Microsoft still chronically hates Free/libre software (especially classic copyleft) and it is desperately craving for some ‘dirt’ on it, no matter how hard it is to find. Microsoft propagandist (for nearly a decade now, or at least half a decade, both at CBS and at IDG) Mary Branscombe decided to pick on Free/libre software. The result is laughable. It’s a terrible piece. ZDNet, part of CBS, published this nonetheless. The editor (probably Larry) was apparently OK with that.

With fair use in mind, we are going to deconstruct everything in Branscombe’s article and show that it’s just a pile of baloney. Let’s start with the headline:

“Open source: Free as in speech, beer – or puppy?”

Not even original. Sun’s old CEO used this analogy (“puppy”) a very long time ago, before Sun defected to Free/Open Source software (FOSS) and got a new CEO. Branscombe is just copying or even ‘stealing’ the analogy without any attribution.

“It’s hard to give developers more control over how their work is used and still keep it open source.”

That’s an insane talking point. It’s like saying that the needs of the developers to oppress the users outweigh the needs and the interests of users. Branscombe encourages and advocates user-subjugating software. How ethical does it make her seem? Moreover, as we shall explain later, this affects all types of software, including proprietary software. It’s not a FOSS issue at all.

“When you put your code out under an open source licence, how much control can you expect over what it’s used for?”

Free software developers are developing because they want people to use their software. If Branscombe had spoken to any developers (even those of proprietary software), she would quickly realise that exercising control over the users is not the goal of these developers. Exploiting users is often the job (or the goal) of non-technical managers, who sometimes share users’ data with marketers, spies, etc.

“Open source has often been described as ‘free as in speech, rather than free as in beer’. Yes, it’s software that’s free to use, but the lack of a price tag isn’t always the main point.”

That’s quoting Richard Stallman without naming him. But to say that free software means “free to use” is to show lack of comprehension of his points. Free/libre software isn’t about “free to use”; the four freedoms which Stallman speaks about are what it’s really about.

“For some it’s about not being encumbered by limiting commercial licences or patents and royalties, for others it’s about the importance of being able to see and modify the source code of what they’re running (or distributing source so users can see it).”

By “commercial licences” she means proprietary licences. That’s a different thing. Regarding “patents and royalties”, this may inadvertently refer to software covered by the terms described under the text of the GPLv3.

The point about “distributing source so users can see it” is bizarre because visibility alone does not make software “Free software” or even “Open Source”. That’s just how Microsoft fraudulently openwashes a lot of its software. Branscombe helps this villainous mirage.

Now comes some of the more horrid stuff, as Branscombe probably believes that she kindly introduced FOSS in a fair and balanced fashion.

“And as I’ve long said, open source can also be ‘free as in puppy’; you take on the responsibility of care and keeping when you start to depend on open source software.”

Right, because nobody ever comes to depend on proprietary software? Whose stewardship and maintenance are both monopolised by people whose agenda differs from yours? This, if anything, is a point against proprietary software.

“You can run into problems if the project is no longer developed, or pulled suddenly when the company is bought by Apple and you discover you were using open source components that depended on a closed source core like FoundationDB, and that core is no longer available.”

Because proprietary software companies never get bought? Or discontinue a product? Oh, wait, they do. And often. If it’s Free software, then you can at least take charge or rely on others to take charge (e.g. forks or newly-created successors). Again, if anything, this is a point against proprietary software. Branscombe twists a problem with proprietary software as one exclusive to Free software. We saw other examples of that shameless spin very recently, as recently as one week ago.

“That makes it vital to always look carefully at the licence for open source software, especially if your business is involved (that’s part of the care and keeping of the free puppy).”

Right, because proprietary software licences never change? Or the EULA (see how Vista 10 trashes privacy this week)? You don’t even get to vote on or reject those. If a Free software project diverges from a licence in a way that people are opposed to, they can then fork while maintaining the more desirable licence. This, in turn, puts more pressure on the developer to obey the needs of the users. It keeps developers honest and obedient to their users; they cannot merely ‘occupy’ and thereby mistreat users. Isn’t that a positive thing in a moral society?

“But for some software developers, the free speech comparison is getting more relevant.”

The example she thus provides is irrelevant to free speech:

“Take the GIMP project, which stopped using SourceForge to distribute the Windows installer for its open source image editor in 2013, because of the ads that started appearing on the site featuring download buttons for alternative versions of the software.”

Advertising is not a matter of free speech and denying advertising is not a matter of free speech, either.

“GIMP left the site up because there were so many links to it online, but stopped updating the installers there. SourceForge deemed the product abandoned and started mirroring the releases from GIMP, but it also ‘experimented’ with wrapping the GIMP installer with adware.”

Therein lies the problem. Adware. It’s not just about ads on a page. It’s proprietary garbage that is not wanted and is improperly bundled.

“The GIMP team wasn’t happy (and SourceForge stopped wrapping the installer, although it didn’t stop mirroring it). But because GIMP is under the GPL and LGPL licences SourceForge did nothing wrong: those licences allow software to be repackaged.”

Nobody ever alleged that SourceForge had violated any software licences, so it’s unclear where Branscombe is going with this. No point is being made except the fact that developers can revoke endorsement (not distribution) of some piece of software if inappropriately packaged. GIMP developers packed up and moved. That’s a good thing. Some call it “free market”.

“Android tool developer Collin Mulliner was equally upset to discover that Hacking Team (an Italian company that sells surveillance tools to governments) had used his Android framework to build their Android voice call monitoring software.”

That is a licence violation. So what’s her point?

“”For the future I will use a license for all my software that excludes use for this kind of purpose,” he said in the blog he wrote to make it clear that he didn’t work on the Hacking Team tool. But that might be hard: writing a licence that lets people use your code freely means they can use the code for anything they want.”

But Hacking Team violated the terms of the GPL. Therein lies the main issue. Proprietary software would not have done any better at preventing use for malicious purposes, so how is this even relevant?

“Douglas Crockford famously added a line to his licence for JSON that said it couldn’t be used for evil (and just as famously said that IBM had asked for a variation because they couldn’t guarantee that their customers wouldn’t use it for evil).”

Is that a bad thing?

“Yes, the GPL has repeatedly been used in court, but mostly to force companies to comply with the rules about open sourcing their own code if they’ve published software based on GLP-licenced code.”

The typo/bad English aside (the verb has an “s” in it, but maybe this poor pieces was composed in a rush), is Branscombe trying to insinuate that honouring a licence is a bad thing?

“Commercial use is easier to police, but anyone who is going to use open source code for evil is unlikely to pay much attention to licences that say they can’t, and having people use your code for purposes you don’t approve of is pretty much the definition of free speech.”

Proprietary software (commercial software as Branscombe calls it) has exactly the same issues, so what is her point anyway? Where is that “free puppy” point ever coming into play?

“It’s going to take some careful writing of licences to give developers more control over how software they open source is used in the ways they want, without stopping the open uses they want to enable.”

Again, nothing to do with “Open Source” (Free software) at all. Branscombe takes an issue that applies to all software and frames it as one pertaining to Free software. But why? Just look at Branscombe’s history of badmouthing Microsoft’s competitors. █

Summary: News sites mislead their readers, teaching them that the biggest dangers associated with proprietary software are in fact problems exclusive to Free/libre Open Source software

FOR Microsoft to ever pretend to care about security would basically mean to lie, blatantly. Microsoft works hand in glove with the NSA and it has, on numerous occasions, admitted that true security isn’t the goal. Its actions too show this repeatedly. Known flaws -- or holes, or bug doors, or whatever one frames them as -- are not being patched unless the public finds out about them.

In order to bolster security perceptions and to give an illusion that Microsoft actually cares about security and invests in security, the company has just hired some staff in Israel (acquisition is one other way to frame this). The media calls it “security provider”, but given Israel’s record on back doors, cracking (e.g. Stuxnet development), wiretapping etc. this is rather laughable. A lot of Microsoft’s so-called ‘security’ products are made in Israel, and some companies in this military-driven industry facilitate and cater for spies using back doors, usually under the guise of ‘security’ (they mean “national security”). We wrote about this in past years.

“This proves that security through obscurity is a myth that merely encourages people to rely on poorly implemented programs with shoddy security, whereupon developers choose to hide the ugliness of the code.”We were rather disturbed to see this bizarre article yesterday. Titled “Hackers targeting .NET shows the growing pains of open source security”, the article is a big lie. The headline is definitely a lie. .NET is PROPRIETARY (still), it has holes in it, and some fool tries to use it to call Free/libre software “not secure”. Let’s assume for a second that .NET code becoming visible to the world exposes many holes, indeed. It proves exactly the opposite of what the headline says then. If anything, it shows that Microsoft keeping the code secret assured low quality code and bred vulnerable code. Once shown to the world, these holes are being exploited. This proves that security through obscurity is a myth that merely encourages people to rely on poorly implemented programs with shoddy security, whereupon developers choose to hide the ugliness of the code. A lot of the claims from the article come from a FOSS foe, Trend Micro, but they can be framed correctly to state that, if anything, a public audit of .NET now shows just how terrible proprietary software can be, having never been subjected to outside scrutiny.

In other disturbing headlines we find another inversion of the truth. The Business Software Alliance (BSA), or the EULA police, has done a lot to show how dangerous proprietary software licences can be. Nevertheless, Slashdot with its pro-Microsoft slant as of late [1, 2] gives a platform to Christopher Allan Webber.

“Is this another false “I really like the GPL except” post,” asked us a reader. To quote the author: “The fastest way to develop software which locks down users for maximum monetary extraction is to use free software as a base” (oh, yes, those greedy Free software developers!)

The article has a misleading/provocative headline (hence we provide no direct link) and Bruce Perens, who had already accused Black Duck of FUD against the GPL (“I think it’s 100% B.S.,” he said three years ago), responded to the piece by stating:

I help GPL violators clean up their act, it’s my main business.

Every one has had a total lack of due diligence. I will come in and find that they have violated the licenses of 21 proprietary software companies (this is a real customer example) by integrating their code into their main product, just like the GPL code. Some of them only had an “evaluation” license, some not even that, some wildly violated the terms of any license they got.

Most of them are in silicon valley. They seem to have the attitude that they will clean up their legal problems when they’re rich, and nothing but getting their product out of the door matters until then.

They don’t ask me to feel sorry for them. I bill them a lot, and in the end, they’re clean and legal.

When it comes to legal risk and licensing, nothing beats proprietary software. It’s risky, it’s expensive (lock-in makes the exit barriers considerably higher), and it is very hard to obey or comply with, especially when you are low on staff and funds (must renew licences all the time). Contrariwise, it is very easy to comply with copyleft; there is no renewal work required and no renewal fees. All one is required to do is to maintain the copyleft of the code used. The rules are very simple. █

Summary: CIO, a Web site of IDG, smears Microsoft’s competition by quoting sources that are closely aligned with and/or subservient to Microsoft

AN old ‘friend’, a branch of Microsoft AstroTurfing ‘Consumer’ ‘Watchdog’, has just reared its ugly head again with help from IDG‘s “CIO” (a misleading site name). Consumer Watchdog is not a watchdog and it’s not for consumers. IDG should know better than that by now. Consumer Watchdog is an attack dog and a front group against Google. Right now it complains that Google is not censoring enough (as if censorship is a good thing). Remember that censorship is not privacy and “Consumer Watchdog” cares only about making Google look bad, it never cared about privacy at all.

To quote the nonsense from IDG’s “CIO” site (neglecting to correctly identify the messenger): “Consumer Watchdog will file a complaint against Google with the U.S. Federal Trade Commission Tuesday, said John Simpson, director of the group’s Privacy Project. The complaint will ask the FTC to rule that Google, by declining to delete search engine links on request from U.S. residents, is an unfair business practice that violates the U.S. FTC Act.”

‘Consumer’ ‘Watchdog’ has a Privacy Project? That’s just hilarious. That’s would be like BP forming a “green group”. Moreover, it is hilarious that IDG covers “privacy” and pretends that it cares about the concept because CIO, for example, based on NoScript, want to run a massive number of scripts on my machine from just about thirty different domains! Holy cow! The reader is the product and browsing habits are up for sale to so many entities at the same time. The same is true for other sites of IDG (there are many of them).

“The original source of that really bad scraper site is a CIO trash opinion piece,” wrote someone to us. IDG has become complicit in lobbying and AstroTurfing, whether it realises this or not.

Another new piece of garbage came from IDG only a short while ago, quoting XenSource (Microsoft-friendly as we have shown many times in past years) as some kind of authority on FOSS. This is again mischaracterising the messenger to give the messenger undeserved credibility. That’s like calling Richard Stallman an “open core” proponent. The headline boldly states that “open source business model is a failure” and the body belatedly adds vital context to this headline: “That’s the conclusion of Peter Levine, a partner at Andreessen Horowitz, the Silicon Valley venture capital firm that backed Facebook, Skype, Twitter and Box as startups. Levine is also former CEO of XenSource, a company that commercialized products based on the open source Xen hypervisor.”

“…sites that pretend to offer ‘news’ often just treat readers (audience) as the product, selling the audience to the real client (the advertiser or agenda setter).”Levine is not a truly technical person and he ignores plenty of evidence that open source as a business model works, and often works very well. A lot of people can easily claim that the proprietary software business model is inherently flawed because very few proprietary software companies sell stuff (only a few giants do). A lot of those claiming that no open source business model can work also say FOSS is sexist, racist, not secure, brings licence/liceinsing risk, etc. — the very same things that can be said about proprietary software. If only 10% of Free/libre software companies manage to survive in the long term (based on level of sustainable income) it might not be any different, statistically, from their proprietary counterparts. The company my wife and I work for does manage to make income from Free/libre software development and maintenance. This company is far from the only one in Europe and many are doing very well. Proprietary software is not a business model. Free/libre software development is not a business model either. It’s modality of distribution/development. People buy services, not zeros and ones. For IDG to publish and republish misleading headlines like “Why the open source business model is a failure” is merely to provoke. For IDG to call ‘Consumer’ ‘Watchdog’ a “privacy group” (even in the headline) and to label censorship “right to be forgotten” is to reveal sheer bias. Remember that Microsoft is a huge client of IDG (advertising, IDC contracts and so on), so maybe we oughtn’t be very shocked by that. Here is a great new example of proprietary software advertment disguised as an article. It bashes Free/libre software as a whole, too, while promoting one particular piece of proprietary software in Computer Weekly.

Watch out what you read because there is plenty of agenda on sale everywhere. Moreover, sites that pretend to offer ‘news’ often just treat readers (audience) as the product, selling the audience to the real client (the advertiser or agenda setter). That’s their business model. Very unethical. █

Summary: Black Duck uses gullible (or easy to manipulate) journalists to spread its marketing talking points, which grossly overstate risks of using Free software

THE Microsoft-connected firm Black Duck was started as an anti-GPL entity, by its very own admission. This firm which keeps openwashing itself at every opportunity is purely proprietary and it holds patents on software. So how can one be fooled into characterising it as “the open source vendor”, as this new article does? ChannelWeb calls it “open source”. That’s like calling a demolition company “builder”. This article is basically a container of typical FUD, not checked for accuracy but just parroted, based on the vendor’s claims (trying to sell its own proprietary software): “He said 80 per cent of enterprises using open source do not know what type of open source code they have, where it is located or if there are any vulnerabilities in it – something his firm’s offering helps with.”

What about vulnerabilities in proprietary software? Many of them cannot be fixed, they are not remediable. What about proprietary software licences? Have they decided to ignore what the BSA does to British businesses?

“Black Duck is just trying to make money by scaring businesses and making them dependent on proprietary snake oil.”ChannelBiz, at the same time (also in the UK) published similar nonsense which may suggest that Black Duck is quite probably pressuring British journalists to print (or reprint) Black Duck nonsense. Here is how the latter put it: “Bland said that while nearly 80 percent of enterprise companies are using open source, a majority acknowledge that they don’t know what open source code they have, where it is located, or if it has known security vulnerabilities. And few, he said, have any open source management processes.”

Taking points again. Not even an independent study.

Black Duck is an ugly parasite that should be shunned by the Free software community. Black Duck is just trying to make money by scaring businesses and making them dependent on proprietary snake oil. █

Summary: Some more FUD from firms such as Sonatype, which hope to make money by making people scared of Free/libre software

The corporate media is in the business of selling (for corporations), not informing. Advertising is the business model, as well as media ‘partnerships’ (euphemism for PR). Security firms too are in the business of selling, not informing. Misinformation often helps improve sales. We have already ranted quite a lot about media misdirection, designed to sell products or malign the competitors of those who try to sell unnecessary products. We must assume that this is happening because it has always been happening; it’s just that it got a lot more frequent now that Free/libre is more widely used.

The other day IDG published some promotion of Veracode. To quote one paragraph: “The scale of the problem is significant. Cryptographic issues are the second most common type of flaws affecting applications across all industries, according to a report this week by application security firm Veracode.”

This is not an independent security researcher; it is the Black Duck-connected Veracode (Black Duck came from Microsoft and VeraCode’s co-founder recently joined Black Duck), which overlooks security issues with proprietary software. Veracode is not an objective observer; it is trying to sell something. Sonatype too, a nasty company which we wrote about before [1, 2, 3, 4, 5, 6], rears its ugly head in the media, in an article provocatively titled “Open-Source Code Can Be More Dangerous Than Useful”.

So Sonatype has launched yet another FUD attack on Free software, using myths and rhetoric, capitalising on gullible ‘journalists’ who would print just about anything, along with clueless pasting of bugs with logos (for extra fear), no discussion about severe bugs in proprietary software, and many other issues. This article is relaying marketing from Sonatype and dramatises it even further. “It gets worse,” says the writer, “according to Sonatype: Many of the software companies that have built insecurities right into their products wouldn’t be able to tell which of their applications are affected by a known component flaw because of poor inventory practices.”

Well, proprietary software deliberately adds flaws to act as secret back doors. How about that in the discussion? The article totally omits that. The article then adds some talking points from the FOSS-hostile Symantec, another company which tries to sell its proprietary software based on perceptions of insecurity.

Thankfully, there are a couple of comments there (below the article) that highlight the issues with the article; both are titled “Not only open source…”

As Free/libre software becomes more mainstream we should expect more parasites like Sonatype to look out for fools who are willing to do their marketing, monetising trash-talk. █

Summary: Many Free/libre software-hostile articles from IDG (worsened this past week) exploit public miscomprehension or misunderstandings about computer security

TECHRIGHTS readers are advised to treat with great caution the output of IDG, perhaps the biggest network writing in a variety of languages about technology on the Internet (the paper publications of IDG are mostly defunct by now).

Readers may still recall the regular FUD from Sonatype [1, 2, 3, 4, 5], a firm which is not itself anything like a Free software firm but sure likes to talk about Free software (negatively). Sonatype’s shameless and self-promotional talking points are now being masqueraded as media articles (in the IDG network) and for extra FUD they are reposted it in many sites of IDG, even rarely-accessed ones. It smacks of misuse of media resources. They are also modifying the headline for extra reach (SEO in the news aggregators) with this same FUD that is based on/derived from a self-promotional Sonatype press release.

“If Edward Snowden’s NSA and GCHQ leaks taught us anything, it’s that proprietary software is not secure and Free software should not tolerate proprietary blobs or hardware (e.g. in hard drives).”Sonatype should issue/produce a study on how many proprietary systems are not being patched. Or worse: say how many don’t get fixed by the vendor; how many bits of proprietary software have severe flaws with never even fix issued? How many flaws are not being revealed to the public? See how Microsoft admits hiding flaws. What about back doors (intentional flaws)? Abandoned software with secret code is almost guaranteed to be Swiss cheese. These debates are mostly missing from corporate media. Only yesterday security guru Bruce Schneier wrote: “One of the biggest conceptual problems we have is that something is believed secure until demonstrated otherwise. We need to reverse that: everything should be believed insecure until demonstrated otherwise.”

Glancing at another IDG piece from the past few days, it looks like there is agenda, maybe the editor’s or publisher’s (Microsoft and Apple are big clients, e.g. with advertising and IDC contracts). The piece is a one-sided attack on Free software security; flaws in Free software aren’t any worse (or more in quantity) than in proprietary software, developers are just not hiding them. That’s not hard to understand, is it? IDG likes to promote this ‘New Illusion’ of Free software being not secure (part of the latest FUD wave/strategy), using bugs with “branding” [1, 2, 3], irrespective or real severity.

If Edward Snowden’s NSA and GCHQ leaks taught us anything, it’s that proprietary software is not secure and Free software should not tolerate proprietary blobs or hardware (e.g. in hard drives). Don’t let IDG change the consensus. Surely IDG has the budget to hire some technical journalists who can challenge myth makers, but would that ultimately suit the agenda and appease existing customers? █