09.28.22

Gemini version available ♊︎

Attempts to Legislate Against Free Software in Order to Elbow Such Software Aside

Posted in Free/Libre Software, FUD, Law, Microsoft, Security at 9:29 am by Dr. Roy Schestowitz

Video download link | md5sum a8f9ceff0ad97d546e30338a3c0ce610
Media FUD and Anti-FOSS Bills
Creative Commons Attribution-No Derivative Works 4.0

Summary: There’s not only a wave of attacks falsely attributing security issues to Free software (the media says “Open Source”) but also new legislation in the United States, likely crafted by lobbyists, which discriminates against Free software whilst ignoring the elephant in the room, e.g. government back doors

THE corporate media, which is being fed a set of mindless talking points from corporations that fund it (e.g. by buying advertising space), is spreading a lot of Free software-hostile misinformation. It has been particularly true this month. Not a day goes by without us providing several examples in Daily Links, usually with accompanying editorial remarks/response. Thanks to gross bias and corrupting influence of money, so-called ‘journalists’ (stenographers) try to convince us the worst thing to security is “Open Source”, using terms like “supply chain”, which became fashionable (distracting from the real culprit, e.g. MS SQL [proprietary] servers are getting hacked to deliver ransomware to orgs,” as just pointed out in Help Net Security, or never noting that this “supply chain” is controlled by proprietary frameworks, e.g. GitHub or NPM, i.e. Microsoft/NSA).

“Some of these sources (e.g. Recorded Future) are connected to spy agencies and spy on IRC networks.”One recent rebuttal to the torrent of FUD comes from a podcast of Josh Bressers. It’s entitled “Holding open source to a higher standard”, alleging that Free software is scrutinised a lot more harshly than proprietary rivals/counterparts. “Open source has always been held to a higher standard,” Bressers says. “It has always surpassed this standard.”

Sadly, this is the only link we can recommend that readers follow and read. We put it in Daily Links several days ago.

The annoying part was pointed out to us by an associate, alleging that Microsoft “is still milking the log4j vuln[erability] for political gain,” based on shallow blog posts and reports [1, 2, 3]. “The FSF, EFF, and OSI (in their old incarnations) need to be in proactive,” the associate said, and “contact with the OMB immediately.”

Some of these sources (e.g. Recorded Future) are connected to spy agencies and spy on IRC networks. It’s a sinister entity.

“CISA, a Microsoft booster, is involved in this.”The above corresponds to S.4913 – Securing Open Source Software Act of 2022, which can be found in congress.gov under the title “Securing Open Source Software Act of 2022″. It’s formalised “concern trolling” in a suit with a tie. The title is misleading.

CISA, a Microsoft booster, is involved in this. To quote from one of the links above: “The Securing Open Source Software Act — sponsored by Senators Gary Peters (D-Mich.) and Rob Portman (R-Ohio) — would require the Cybersecurity and Infrastructure Security Agency (CISA) to create a “risk framework” around the use of open source code within the government and critical infrastructure agency.”

“CISA would need to find ways to “mitigate risks in systems that use open source software” as well as hire experienced open source experts to address issues like Log4j. The bill also requires the Office of Management and Budget (OMB) to publish guidance for agencies about how to use open source software securely.”

Based on CISA’a own list of actively-exploited flaws, Microsoft is a vast part of the problem, but S.4913 was “[r]ead twice and referred to the Committee on Homeland Security and Governmental Affairs.”

“Notice how they keep mentioning “Log4j”; even about a year later! It had been patched before the public even knew about it.”As if the problem is what Microsoft keeps attacking or what’s replacing Microsoft.

“The overwhelming majority of computers in the world rely on open source code – freely available code that anyone can contribute to,” says this page. But that’s its strength, not the weakness, as I explain in the video above. Anyone can fix it, so it gets fixed very fast.

Notice how they keep mentioning “Log4j”; even about a year later! It had been patched before the public even knew about it.

Many publishers intentionally participate in a FUD campaign, e.g. Help Net Security with “Open source projects under attack, with enterprises as the ultimate targets” just a couple of days ago. That’s just another wave of anti-Free software FUD; so back doors in proprietary software are OK, but this is… the end of the world? And the sky is falling? This selective attention is a propaganda technique.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New


  1. When a Company Simply Refuses to Talk to Technical and Exerienced Staff Through Internal Avenues

    When companies behave like monarchies where staff has no role at all in decision-making and decisions are made in violation of those companies’ tenets (or mission statements) it is inevitable that staff will issue concerns, first internally and — failing that — in other channels



  2. [Meme] Kings Instead of Open Consultation Among Peers

    In Sirius there’s no room for debate, even among half a dozen or so technical colleagues; decisions are made in the dark by a tightly-knit cabal (with rather childish superhero cartoons as their avatars) and then imposed on everybody else (hardly democratic, not sane)



  3. Sirius Open Source: The Home of Stress and Bullying by Management

    Part 3 of a report regarding Sirius Open Source, which is imploding after bad judgement and misuse of power against employees



  4. Links 04/12/2022: Fosshost Shudown and OpenIndiana Hipster 2022.10

    Links for the day



  5. Links 03/12/2022: pgAdmin 4 Version 6.17

    Links for the day



  6. IRC Proceedings: Saturday, December 03, 2022

    IRC logs for Saturday, December 03, 2022



  7. Office Manager in Company Without an Office

    Imagine having an “Office Manager” in a company that does not even have an office. Welcome to corporate posturing.



  8. Dishonest Companies Disguised as 'Open Source' (After Abandoning It)

    A deeper look at the way Sirius Open Source presents itself to the public (including prospective and existing clients); This is clearly not the company that I joined nearly 12 years ago



  9. When the Founder of Your Company Supports Donald Trump the Company Ends up Active in Fascist Platforms

    Politics weren’t allowed in Sirius ‘Open Source’, but there were exceptions for some people (close to management) and it didn’t look good



  10. [Meme] Sirius Actually Used to Promote Free/Libre and Open Source Software

    Before people who reject Free/Libre and Open Source software were put in charge of Sirius ‘Open Source’ concrete steps had been taken to support the wider community (or the suppliers, who were mostly volunteers)



  11. Sirius 'Open Source' When It Actually Understood and Respected Software Freedom

    The company my wife and I joined was (at the time) still Free software-centric and reasonably friendly towards staff; today we examine Sirius of a decade ago



  12. Links 03/12/2022: 4MLinux 41, GNOME E-mail System Melting Down

    Links for the day



  13. Links 03/12/2022: KDE Report and Canonical Lying to Staff

    Links for the day



  14. Sirius 'Open Source' Lists 49 Firms/Organisations as Clients But Only 4 of Them Currently Are

    Sirius Open Source is nowhere as popular as it wants people to think



  15. Sirius 'Open Source' Lists 15 People as Staff, But Only 6 Work in the Company

    Sirius Open Source is nowhere as big as it wants people to believe (like it is a trans-Atlantic thriving firm, the “Sirius Group”)



  16. Storm Brewing Over the Future and Nature of the Internet

    Subsidies for Web giants (and shareholders of such giants) will run out; what will happen to the Internet when this inevitably happens?



  17. IRC Proceedings: Friday, December 02, 2022

    IRC logs for Friday, December 02, 2022



  18. 10 Good Things That Happened in 2022

    In the technical domain, 2022 saw some positive developments, especially from the perspective of Freedom-centric and environmentalist folks



  19. Rumour: More Microsoft Layoffs (Big Layoffs) Next Month

    TheLayoff.com, a moderated forum for anonymous voices, has a new comment (less than a day old) about more Microsoft layoffs



  20. Engineers Are Too Expensive for Sirius 'Open Source'

    Sirius Open Source has become almost like a one-man operation, occasionally assisted by associates (external to the company, paid as contractors by the hour), and management that neglects basic duties while it lies to the staff in an effort to ‘pacify’ it



  21. A December Series About the Demise of Sirius 'Open Source'

    Sirius has not been functioning properly for years, but this year it got a lot worse and the story ought to be told; there are many aspects in it that may be applicable to other companies, including those that engage in openwashing for marketing purposes (opportunism)



  22. The Fall of Sirius Open Source: How a Leader and FSF Sponsor (for Multiple Years) Became an Abject Failure

    Statement on SIRIUS OPEN SOURCE LTD Compiled for Roy and Rianne Schestowitz, Sirius Staff Since 2011 and 2013, respectively



  23. Links 02/12/2022: Linux Mint 21.1 Beta Imminent and Linux (SUID-root) Has Bugs

    Links for the day



  24. [Meme] Job Ethics

    Ethical development jobs may not be easy to find; some ethical jobs can turn immoral after many years and then it’s time to leave (there’s no turnaround when HR gravitates towards immoral business and chronically relies on deceit)



  25. The Morality of Your Clients and Suppliers Should Matter (It No Longer Matters in Sirius 'Open Source')

    One very important (and perhaps lifelong) lesson learned in my last job is that clients and agenda can change rapidly as a result of rotation in management and a loss of moral compass; it's critical to check not only what employer one works for but who the upstream and downstream entities are (their nature can change for the worse when the employer becomes desperate and neglects ethics in pursuit of money)



  26. Links 02/12/2022: Fedora Gets Sway Spin; Samsung, LG, Mediatek Certificates Compromised

    Links for the day



  27. [Meme] Sirius Open Wash Ltd.

    Limited openness or pure openwashing; the company formerly known as SIRIUS CORPORATION LIMITED (03633198) and now known as SIRIUS OPEN SOURCE LTD (11014042) is not what it says on the tin



  28. Sirius Open Source is No Longer Open Source and It's Simply Unethical to Stay There

    The company where I've worked since my twenties is going under; now it's trying to find excuses to deny compensation to staff while failing to pay very basic bills and liabilities; there are many other issues that deserve the light of day



  29. Links 02/12/2022: GNU/Linux Growing Fast in Steam, Twitter Crumbling

    Links for the day



  30. IRC Proceedings: Thursday, December 01, 2022

    IRC logs for Thursday, December 01, 2022


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts