Bonum Certa Men Certa

Beware the Distortion of Terms Like 'Supply Chain', 'Zero Day', and 'Back Door' (New FUD Patterns Against Free Software, a Distraction From the Real Culprits)

Proprietary software is being protected by 'googlebombing' tactics; the biggest weaknesses of proprietary software are being spun as a key problem with "Open Source" and proprietary software's shortcomings are being blamed on the alternative to it

Linux Foundation: repeat what Microsoft says



Summary: Microsofters spread misinformation/disinformation about Free software and security thereof; the corruption (bribery) of organisations such as the so-called 'Linux' Foundation means that Microsoft's misinformation/disinformation now comes out of the mouths of the supposed opposition, too

THE Daily Links in this site habitually add some "Ed"(itorial) comments to highlight FUD (Fear, Uncertainty, Doubt/fear-mongering) and offer some quick response to it. How much can publishers lie for the likes of Microsoft or VMware before those publishers perish due to a lack of credibility and, in turn, a lack of audience?



Earlier today we posted some more examples of this kind in Daily Links. Not a day goes by without several such 'incidents' (misinformation/disinformation).

"The real "supply chain" trouble is Microsoft and proprietary software..."In this post we highlight 3 recent patterns we've noticed. They are semantic lies.

Recently, a Microsoft front group called "Linux Foundation" kept using terms like "supply chain". Years ago nobody used this term in relation to Free software and then Microsoft bought a lot of the so-called 'supply chain', in the form of GitHub and then NPM. Would anyone trust the integrity of code and binaries from a platform controlled by Microsoft and the NSA, whose CSO is a decades-long NSA veteran?

The real "supply chain" trouble is Microsoft and proprietary software; you can't audit what you're getting and it might be intentionally back-doored, taking advantage of this opacity. So why pretend this is a "FOSS" issue?

"If something was fixed or was already patched upstream before disclosure, then it is not a 0-day."Speaking of back-doored code or executables, "backdoor" means not a backdoor anymore. Microsoft-controlled media distorted the term and kept mentioning it in false contexts. Nowadays it just means a server got compromised and then the person who took control of it installed some more stuff. But that's malware and it says nothing about how the malware got on the system in the first place (unless there was an actual back door).

Many would say that servers can be hijacked using critical and remotely-exploitable flaws, set aside bad passwords (those are typically a human failure). But that leads us to the distortion of the definition of "zero day" (or 0-day). If something was fixed or was already patched upstream before disclosure, then it is not a 0-day. If it starts getting exploited the moment it is disclosed, then it's a "1-day". But looking around the Web today, we found several examples of lies to that effect. The media keeps badmouthing Zimbra, but this seems to be a way to distract from several critical Microsoft flaws, including those affecting Exchange. Those are actively being exploited, according to a very recent report. the Zimbra issue is old news (about a month old) and servers have already been patched by responsible administrators, such as my colleagues. Although it seems like the Zimbra hole might be a new one, the last patch partly addresses it. Do not forget that CISA released a list with three Microsoft holes that are actively exploited, including in Exchange, so why shift/divert to talking about Zimbra rather than Exchange? Are they trying to reinforce some false perception that moving away from Exchange would mean equally bad or even worse security?

"The scenario, as per Dan Goodin et al (even sued for defamation already, for utterly poor reporting on security), is nowhere as grim as the Microsoft Exchange situation."What's bothersome here is the repeated distortion of the term "zero day". An associate told us that "'they' must be really worried about the advance of FOSS to spread so much dated FUD about Zimbra and other projects. One giveaway is the use of the marketing phrase "zero-day". That used to mean an exploit that was in active use before the vendor admitted to it existing. Now it just means bug with an exploit."

The scenario, as per Dan Goodin et al (even sued for defamation already, for utterly poor reporting on security), is nowhere as grim as the Microsoft Exchange situation. We already saw that Microsoft goes on for months and months without patching known Exchange flaws, even when it is fully informed that such flaws are actively being exploited already.

Zimbra does E-mail, so that helps distract from what Microsoft is doing, with the real zero days, the real back doors, and the real supply chain crisis. Microsoft monopolises this chain (it's proprietary) and refuses to fix it, leaving the victims helpless. This must be intentional. Or as out associate put it, "paid-for back doors on behalf of those that pay enough, or more specifically bug doors. Those are exploitable bugs about which the payers are informed long in advance of Microsoft getting around to patching them."

"Zimbra does E-mail, so that helps distract from what Microsoft is doing, with the real zero days, the real back doors, and the real supply chain crisis."It's the Windows [sic] of opportunity... Edward Snowden has already provided ample evidence of this. Microsoft keeps giving the NSA and FBI enough time to install a RAT or bootkit before the patches get deployed (too late). "And the FSB and just about any similar agency in all the other Internet-connected countries in the world," our associate noted.

So we're meant to think that the real crisis is Free software and Microsoft lobbyists then push for new, discriminatory laws that stigmatise "Open Source". New zero-day in Microsoft products? Unpatched for months while exploits circulate for months? So the Microsoft shills focus on the something that is "open source"... and repeat endlessly the terms which aren't even applicable to it.

"CISA is a Microsoft reseller working out of the DHS offices," our associated concluded, "which itself is a fraud."

Recent Techrights' Posts

Twitter (X) is Dying, Now It's Just Like a Mafia-Type Operation of the Man Who Does Nazi Salutes in Public
a form of extortion
The Price of Exposing Corruption in Poland (and Elsewhere)
It's easier to participate in corruption than to merely do the right thing and oppose it
Abuse Inside the Polish Patent Office (UPRP) - Part IX: Minimum Wages For You (Experienced Scientist), Alicante/EU Paydays For Me (Unproductive, Corrupt Official)
Does UPRP maladministration extend to the false belief that qualified and experienced scientists can play the role of circus clowns?
"The Liberating Power of Simply Telling People the Truth."
'polite' bullying
Who Imitates Who? Plagiarist as Client (From Microsoft), 'Plagiarism' at the Law Firm?
let's revisit the subject
 
Links 13/06/2025: US Reduces Nonessential Staff at Baghdad Embassy Ahead of Strikes in Iran, Invasion of California Debated
Links for the day
X11 is Free Software
Whether you agree (e.g. on politics) with the person/s forking it doesn't matter
The More Time Passes, the Better Our Advice on Social Control Media Seems
At the end of the day, any platform you do not control yourself is working for someone else
UK High Court Blasts Brett Wilson LLP for Misusing "GDPR" After Failed Efforts to Censor Critics Using 'Libel' Claims
No wonder this firm is rapidly shrinking
Recent Blunders in Microsoft GitHub (e.g. Slop-Generated Bug Reports or GPL Violations 'as a Service') Taking Their Toll?
Put bluntly, if you still use Microsoft GitHub, then you're slave to Microsoft
American Imperialism and Microsoft Plagiarism
Techrights will therefore do what Microsoft does not want it to do: it'll write even more about Microsoft
When They Have Nothing Left to Help Advance Abusive Litigation for Microsoft People... Other Than Throwing ~500 Pages of Someone Else's Work Into a PDF
Microsoft is having a very tough year
Slopwatch and Yet More Holes in 'Secure Boot' (as Usual!), Promoted Inside Linux by the Man We Are Suing
Today's Slopwatch will be short
Gemini Links 13/06/2025: People You've Left Behind, Life Update and OS Changes
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, June 12, 2025
IRC logs for Thursday, June 12, 2025
Links 12/06/2025: Portland Homeless Deaths Quadruple, COVID Cases Surge in Asia
Links for the day
EPO's Gareth Lord Asked About "Quality and Productivity" or, Put Another Way, Why the EPO Keeps Granting So Many Invalid/Illegal Patents
letter to Lord
EPO's Central Staff Committee (CSC) Scrutinises the Man Who Illegally Grants (and Forces Others to Illegally Participate in Granting) Software Patents in Europe
EPO compels examiners to break the law in the name of obeying illegal "rules" or "orders"
The Latest Rumour Says The Next (as Correctly Predicted Before) Wave of Layoffs at Microsoft is 3 Weeks Away, "Larger Than the First Wave"
Step 2
TV Licensing Used to SPAM Your Postbox, Now It Does the Same to E-mail
First they ask for your E-mail address; then they start nagging you via E-mail
The Toxic Playbook
Either you support Prince Mohammed bin Salman or you're a nazi
It's Possible That BetaNews Got Cracked, But Nobody Talks About It, The Site Contains an Outdated Old Image, No Activity
It's possible that they will never explain what happened to the site and users' accounts
Links 12/06/2025: Beach Boys’ Brian Wilson Dies
Links for the day
Gemini Links 12/06/2025: Video Game Diegesis and Steam Next Fest
Links for the day
Why the Militants Have Lost Every Battle Since 2022 (When Attacking My Wife and I in Various Ways, Even Attacking Our Employers)
This takes patience, sure, but at the end most evildoers face the consequences for their actions
Our Priority is Still Tackling Software Patents and Corruption in Patent Offices
Meanwhile we got compliments on our recent articles, which means that they are effective
Politics Will Impact Software Choices
Will those systems respect users' freedom?
EPO: Neglecting Children to Promote American Monopolies by Shielding Them From European Competition
Yesterday the Central Staff Committee at the EPO spoke about another "reform" at the Office
Slopwatch: Another Day, Another Slopfest, LLM Slop Scrapers Slow Down Our Site
We too have some slop issues; this past day this site and the sister site had to answer about 2.5 million requests (not counting Gemini Protocol) and it's slowing things down for everybody
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, June 11, 2025
IRC logs for Wednesday, June 11, 2025
Links 11/06/2025: More Vulnerabilities Found in 'Smart' Phones, China Extends Reach in the Pacific
Links for the day
Gemini Links 11/06/2025: Grain and Steam Next Fest
Links for the day
Links 11/06/2025: "Quantum" Hype From IBM, US Closer to Martial Law, and “The Nation” Celebrates Milestone
Links for the day
IBM's CEO Roasted, Sizzled and Grilled for Dumb and Inconsistent Vapourware Promises
It looks like being a chronic liar is what it takes to lead the company once synonymous with computing
IBM's Goal Is Not (and Never Was) Computer Users' Freedom
More than 1.5 decades ago I found IBM to be an "ally of convenience" because of OpenDocument Format (ODF)
Wayland Shows the IBM/Red Hat Way of Doing Things
IBM is trying to 'kill' X
GitHub is Proprietary, Controlled by Microsoft, and GPL Violation Warehouse
"IRS tax filing software [will be] released to the people as free software" ... In general this is good news
Slopfarm Catastrophe
Seems like BetaNews (or BetaNoise) has just suffered a major data loss and restored the site from a week-old backup
Abuse Inside the Polish Patent Office (UPRP) - Part VIII: Illegal Working Conditions
How many people need to die for these people to get their massive salaries?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, June 10, 2025
IRC logs for Tuesday, June 10, 2025