07.19.21

Is Microsoft a National Security Threat?

Posted in FUD, Microsoft, Security at 5:09 pm by Guest Editorial Team

Reprinted with permission from Mitchel Lewis

Ransom infection vector

Despite entire industries and trade disciplines existing solely to manage Microsoft architecture and mitigate attacks against it, including a partner network consisting of 17 million+ IT professionals, 99% of all ransomware attacks still occur on Windows. Meanwhile, Microsoft architecture, including its cloud services, maintains a monopoly on botnet, brute-force, malware, phishing, virus, and zero-day attacks just the same. From individuals and small businesses to enterprises and government entities with unlimited IT budgets, everyone standardized on seemingly unsecurable Microsoft architecture are being phished, breached, exploited, and ransomed daily with no end to this in sight. Not even Microsoft is safe from this digital blitzkrieg, hence why they tell us to “assume breach”.

This isn’t to say that Linux OSs and macOS don’t see these attacks on their platforms though; they have and will again. Long-term savings and productivity advantages aside, they just don’t garner the same level of attack that Windows does, nor are they as likely to get exploited at the same rate as Windows when they are attacked. Put simply, Mac and Linux have a smaller attack surface and get to treat Windows like an umbrella against attacks due to its prominence in the OS space. Both of which are the two primary reasons why I maintain that the best thing that organizations can do to mitigate these attacks, for now at least, is to migrate away to macOS or a Linux-based operating system such as RedHat, CentOS, Ubuntu, etc.

With the above in mind though and when also accepting that there is no aspect of cyber, economic, environmental, homeland, human, and political security along with the security of our infrastructure and natural resources, national security if you will, that isn’t intricately dependent on Microsoft architecture, this reality alone is more than enough to warrant a discussion on whether or not Microsoft architecture is a consequent threat to national security. So, is Microsoft a threat to national security?


In order to answer this question, we first have to address why Windows and other Microsoft services are being breached so often in the first place. We have to see if they can be faulted for this present state, if there is another causal problem that’s beyond their control, or if anyone with their market share is destined to be a victim of their own success and dominance. And to be fair, not everyone will agree with my assessment above or below.

MalwareTech

For one and in response to a previous article where I suggested migrating to macOS and Linux to mitigate these aforementioned attacks, Michael Gillespie, and Marcus Hutchins (MalwareTech) seem to think that Microsoft architecture is exploited most frequently simply because it is the most prominent architecture and that migrating wouldn’t render you any less vulnerable. Put simply, they seem to think that differing attack surfaces are irrelevant to rates of exploitation and that macOS would be exploited at the same rate as Windows if the tables were turned with respect to market share.

Meanwhile, I’m not denying that that prominence is a factor, at all, I’m just saying that attack surface is on the same footing as prominence and that other solutions with smaller attack surfaces will be attacked and exploited at a lesser rate with the same market share which they disagreed with. However, it is also my stance that Microsoft’s anti-competitive practices aimed at obtaining and maintaining their dominant market share with low-quality products has further exacerbated this issue into what we have before us today; more on this later.

Why this matters to the question of whether or not Microsoft is a national security threat is simple. By suggesting that Microsoft is merely a victim of its own success and that anyone with their market share would see the same rate of exploitation, they’re also absolving Microsoft of responsibility for the present state of threat. But by suggesting that Microsoft’s galactic attack surface is equally responsible with their dominance for their security woes and that Microsoft wouldn’t be in the position they are in now if they had quality products that didn’t have to rely on anti-competitive practices to maintain market share, I’m naturally shouldering Microsoft with their share of the blame in the threat posed to America’s IT infrastructure at present.

One immediate problem with the prominence argument though is that those relying on it seem to resort to it in response to the suggestion of migrating to macOS or RedHat in an effort to mitigate attacks. If you really think about it though, this is irrational and shouldn’t discourage anyone from making the switch. Based on their own logic, Mac and RedHat users would still be much better off than Windows users so long as Windows remains dominant and continues to take all of the flak and function as an attack umbrella.

That said, I’m failing to see how this argument is relevant to their stance, how it invalidates my suggestion, or how it could discourage anyone from migrating to Mac or Linux so long as Windows maintains a dominant market share. If anything, those leveraging this argument seem to be unwittingly reinforcing my suggestion of treating Windows like an umbrella; all of which I’m totally fine with.

Another odd aspect of the prominence argument is that I have yet to see an actual post-mortem or a root cause analysis faulting the dominant market share of Windows as a causal reason for <insert any breach/exploit/ransomware attack here>. In fact, Microsoft doesn’t even take the prominence stance. Instead, their root cause analyses focus on the attack surface, mistakes/oversights, mitigation steps, etc. The anatomy of a breach is never reduced to “They hate us because they ain’t us.” by people who are actually paid to do RCAs for a living as Hutchins and Gillespie suggest; if only it were that simple.

Another major flaw in the prominence fallacy is that those invoking it are unwittingly implying that attack surface has no bearing on rates of exploitation or that the attack surface of each of these platforms is equal; which is bold to say the least. For one and given that attack surface is a function of the overall complexity of their infrastructure, no differently than ownership costs and instability, they might as well be suggesting that all platforms are equally stable with no variance in ownership costs; none of which could be further from the truth.

IBM chart

With Windows generating 3x+ the TCO that MacOS/Linux does, analysts can and do infer this is a reflection of disparity in relative complexity, attack surfaces, and stability because they all come hand in hand. Put simply, if one architecture generates significantly more ownership costs more to maintain over its lifespan than another, it’s rational to assume this is due to it being poorly engineered, consequently overly complex, and unstable; attack surface or otherwise. This is what software engineers refer to as software entropy.

And if they’re going to imply that attack surface doesn’t influence rates of exploitation then the onus is on them to support this stance with data and research. Just as complexity driving cost, instability, and attack surface is fundamental to engineers, so is a ballooning attack surface driving rates of exploitation. This is why engineers treat simplicity like their North Star. That said, great claims that run contrary to fundamentals and conventional wisdom tend to require great amounts of evidence; none of which has been furnished.

On top of lacking a fundamental precedent, yet another oddity of the prominence fallacy is that it lacks historical precedent. It’s important to remember that we’ve only lived in an Information Age with Microsoft at the top. We’ve never lived in a connected world with another OS dominating the market, it’s always been Windows. As such, to say that this would be the case for anyone at the top is a conjecture on its best day.

It’s almost scraping the barrel at this point, but yet another problem with the prominence fallacy is that it ignores how Microsoft obtained its dominant share of the market and why they had to resort to these tactics in the first place. Not only is it Microsoft’s modus operandi to rely on anti-competitive tactics to obtain and maintain a dominant market share, a monopoly if you will, they only have to rely on said tactics because their products couldn’t garner this market share on merit alone.

Natural selection applies to free markets in that the fittest products will naturally dominate a free market. That said, the best architecture would dominate a market naturally and wouldn’t need to resort to anti-competitive practices. And if Microsoft were the best in class, then they wouldn’t need to be optimizing their architecture for lock-in while bullying or buying out their competition at every avenue as they are today. They wouldn’t need to implore their partners to “create stickiness” by entrenching their products to further inflate switching costs.


All said, it’s safe to say that Microsoft is by no means a victim of their own success here so much as they’re a karmatic victim of their own anti-competitive practices and low-rent approach to software engineering; a digital Icarus complex if you will. There is much that Microsoft can do but doesn’t to simplify their products, shrink their attack surface, reduce ownership costs, reduce their rate of infection, and reduce the consequent threat that they present to America and the world. And to say that they aren’t complicit in the security threat that their architecture poses to America borders on the insane. But does the current level of threat that Microsoft poses constitute them as being a national security threat?

Although I’m not an expert in this regard, those that are have a few qualifying questions in order to really answer this question. IE, in order to classify Microsoft as a threat to national security, threat analysts would have to ask if Microsoft’s undue vulnerability and inorganic prominence mentioned above is a critical threat to our cyber, economic, environmental, homeland, human, and political security along with our infrastructure and natural resources.

Even Microsoft would claim that their architecture is detrimental to all of the aforementioned aspects of national security though. And given the extent of Microsoft architecture throughout personal, industrial, and governmental sectors and its rate of exploitation, it’s hard to see how Microsoft doesn’t expose all of these aforementioned categories to undue risk; a threat if you will.

Further, there is nothing to suggest that a platform with a smaller attack surface won’t have a lower rate of exploitation with the same market share while fundamentals and conventional wisdom suggest smaller attack surfaces lead to lower rates of exploitation. And as a consequence of this, it’s probably safe to say that Microsoft and its architecture is indeed a national security threat in comparison to less prominent Linux and Mac alternatives.

And given that ransomware and anti-trust has already been deemed a threat to national security, it’s not much of a stretch, at least in my opinion, to extend this classification to Microsoft when considering their history with anti-trust and monopoly on exploitation. Nor is it a stretch to suggest migrating onto modern platforms rather than crying about it to the competition exploiting weaknesses; no differently than we do with other critical infrastructure. This is why we rely on nuclear subs now instead of wooden ships.

It’s not a coincidence that the same countries exploiting the US as a whole, China and Russia, are the same countries moving to Linux as I’m typing this. It’s not just about cost-savings and productivity for justifying this move though. And mitigating the risk that Microsoft architecture poses to their national security also happens to be a primary motivating force behind their migrations. Maybe they understand something about Microsoft architecture that America is still slow to realize?

I digress, but even if my assessment above is wrong, prominence is all that matters, and Microsoft isn’t a national security threat, individuals and organizations alike are still better off abandoning the Microsoft ecosystem on any scale in favor of more modern alternatives for the foreseeable future. Although Microsoft gets a lot of criticism for the low quality of their products, hence the persistent updates (552 in 2021 thus far) and a revolving door of CVEs, few seem to see the genius behind them. Microsoft doesn’t need to maximize quality or even compete on that field of play when they can render entire organizations dependent on products of less quality.

Because of this, organizations relying on Windows will have a hell of a time migrating away from Windows and the rest of the Microsoft ecosystem which means that they’re naturally going to drag their toes in doing so; the bigger they are, the slower any attempt at a migration will go. In turn, this means that there is plenty of time for those that can easily migrate away from the madness and insecurity of the Microsoft ecosystem as a means of sheltering themselves from a barrage of attacks safely in the shadow of Microsoft for the time being.

06.11.21

New Introduction at Gemini

Posted in Site News at 7:22 am by Guest Editorial Team

A capsule
Our capsule is growing in popularity, so we devote more time to it

Summary: As part of ongoing improvements to our capsule we have a new introductory text, reproduced below

Founded in 2006, this site represents more than just a message; it serves a community and a growing software freedom movement. The goal is to work towards preserving and expanding general-purpose computing. Towards that end, the people using their computers should be in charge of computers and control what the computers do, rather than distant individuals or groups of isolated individuals. These days computers come in all forms and sizes, from handheld devices which can make phonecalls, to cars, refrigerators, radios, washing machines, and so on. This includes traditional routers, servers, desktop computers, and laptops of course.

“These days computers come in all forms and sizes, from handheld devices which can make phonecalls, to cars, refrigerators, radios, washing machines, and so on. This includes traditional routers, servers, desktop computers, and laptops of course.”As of 2021, the Techrights capsule has over 30,000 entries, mostly articles. In order to promote interest in — and put into practice — the goal of software freedom, at the moment, and for quite a few years in the past, a focus has been on eliminating software patents. Ensuring the elimination of software patents around the world, but especially from Europe and North America is a vehicle to retain control over computing for both end users and software developers because software patents threaten end users as much as developers. Furthermore, study after study shows software patents to be a general impediment to innovation. Other topics such as net neutrality, copyright reform, and freedom from censorship all play roles in advancing freedom through software. Therefore, these topics are all covered on a recurring basis throughout the course of the day. Various means, like addressing copyright through software licensing, for example, are steps towards the main goal. Though the primary focus often remains on permanent elimination of software patents.

05.30.21

Alexandre Oliva: A Conversation With Richard Stallman

Posted in Free/Libre Software, GNU/Linux at 4:20 pm by Guest Editorial Team

Live on Monday, May 31, 23:00 UTC

http://debxp.org/ldsrms/

https://stallman.org/live/stream-debxp-may-31.html

Richard Stallman is an activist for digital freedom, fighting to enable users to control their computing and their data; founder, leader and philosopher of the Free Software Movement, that for decades has resisted attacks from computing monopolists; founder, leader and hacker emeritus of the GNU Project, whose operating system millions of people, businesses and governments use, but calling it Linux.

See also: https://stallmansupport.org

RMS Brazil

RMS talk

05.27.21

How to Sign the Letter in Support of Richard Stallman Without Microsoft’s GitHub

Posted in Free/Libre Software at 8:19 am by Guest Editorial Team

Published yesterday, reproduced with permission

Letter
Letters of support or signatures are more about the message than the person; beware personification tactics (e.g. Assange instead of Wikileaks or defamed SUEPO representatives/BoA judges instead of EPO staff)

Summary: New instructions for those who want to combat a censorious trend that seeks to annul, based on lies, voices of software freedom advocacy

First of all, thanks to our friends who have set up the letter in support of RMS. Thanks to all the people who invest their time in adding the signatures that arrive everyday.

We have received requests mainly from non technical people to clarify the process of signing without using GitHub[1]. In response, we have set up this page to try to explain it as clearly as possible. Feel free to contact us if you still have doubts.

  1. Add your signature at https://codeberg.org/rms-support-letter/rms-support-letter/issues/1.
    To do this, the first step is to register.

    • Scroll to the very bottom of the page, and you will see Sign in to join this conversation. Click on Sign in. On that page, choose REGISTER.

    • Enter a username, email address, password, and the Captcha code. This will send a message to your email to activate your account.

    • Go to your email, open the message, which will have a link to a page that will ask you to confirm your password. Enter your password. You will then be told that your account has been activated.

    • Now that you are registered, go back to https://codeberg.org/rms-support-letter/rms-support-letter/issues/1. When you scroll to the bottom of that page, after the last comment, the comment field will be open.

    • You may now write your “comment,” which should consist of ONLY two lines.
      Example:

      name: Your real name
      link: mailto:my-email-address@example.com

      Note that there should be no space between the colon in “mailto:” and the email address.

      Instead of your email address, you can add your website, like this:

      name: Your real name
      link: https://mywebsite-example.com

    • Now click on the green button that says COMMENT and you are done.

  2. Send and email to either ~tyil/rms-support@lists.sr.ht or signrms@prog.cf.
    Important: The email should be in plain text not HTML. How to compose an email in plain text.

    In the subject of the email, write something like “Signing RMS Support Letter” or similar.

    In the body of the email, follow the guidelines as above. ONLY two lines, and the “link” line can be either your email address or your website:

    name: Your real name
    link: mailto:my-email-address@example.com

    Note: The procedure we have described here for sending these emails implies more work for the volunteers in charge of adding the signatures. Therefore, it is intended to be used by non technical people only, in which cases exceptions are likely to be made. The preferred method is the one described in the letter at https://codeberg.org/rms-support-letter/rms-support-letter/issues/1; that is, to send an email attaching a “patch.” The patch makes it easier and faster to add the signature.

How to write emails in plain text(#plain-text)

Each email client or email web platform has its own method for setting the composition format. Here we are describing only two. It shouldn’t be difficult to find the one that applies to what you are using.

  • GMAIL

    If you are using the Gmail web interface (at your own risk!):

    1. Click Compose (upper left angle).
    2. In the email composition window, go to the lower right angle and click on the three vertical dots (more options). Select Plain text mode.
  • Thunderbird

    1. Go to Edit -> Account Settings -> Composition & Addressing
    2. Uncheck “Compose messages in HTML format.”

References and Notes

  1. GitHub is a site that a number of people refuse to use for several reasons, among which: it requires nonfree JavaScript, it discourages copyleft licenses, it’s owned by Microsoft.

05.18.21

Blogging Pioneer Dave Winer: Pleading for Richard Stallman

Posted in Deception, GNU/Linux at 6:51 pm by Guest Editorial Team

Reprinted from the original

  • I feel so sad about what’s happening to Stallman.#
  • He’s 68. I know what that’s like, I’m 65. #
  • He has fixed his whole existence on a single idea that software should be free. Not free of charge, but free to use and to adapt. It’s not that far from the kind of openness I believe in, that I believe is an ethical responsiblity for developers. #
  • It’s useful to have a person like Stallman around, consistently marking an extreme view. It’s like knowing there’s a North Star, you may not be going to it, exactly, but knowing where it is makes it possible to go other places. And some people agree with Stallman in total, and to them he’s their leader.#
  • Now, if you step back and look at what’s being said about him, basically people don’t like things he says or the questions he asks. I read these things completely factoring out the non-factual stuff, where they tell you what his questions mean in some pure sense, when what they’re really saying is what these questions mean to them. To a reasonable person imho they’re just questions. Some people don’t argue with questions, they just ask them. For the people who attack him, it’s the opposite, their questions are accusations. #
  • I think Stallman is actually a naive innocent, almost child-like harmless person. That’s based on years of observing him, being connected through communities. Maybe he did terrible things I don’t know about. But maybe you have too. Is this how we’re going to coexist? All of us worrying about who’s going to make a credible case for destroying each others’ lives? This isn’t about Stallman, it’s about your sense of justice and how far it extends, and how unfair that is for the rest of us who fear being judged by you. #
  • PS: A quote from a 1994 blog post: “I try not to get offended on principle.” I was quoting someone else, but I’ve remembered that. Just because I should be offended, doesn’t mean, if I’m not actually offended, that I have to pretend I was. #
  • PPS: If you still think Stallman should be destroyed, go see Lives of Others, a wonderful film about intellectuals in East Germany during the Cold War. #

05.12.21

System76’s First Keyboard Packs in Plenty of Surprises

Posted in Hardware at 10:56 pm by Guest Editorial Team

System76 keyboard

System76 oops

Summary: Putting the genie back in the bottle is hard, and moreover the corrective post from Joey Sneddon may cause a bit of a ‘Streisand Effect’

05.02.21

Microsoft-Centric “Ransomware Task Force”

Posted in Deception, Microsoft, Security at 3:37 am by Guest Editorial Team

Original by Mitchel Lewis, republished with permission

Microsoft ransom
Source: https://www.statista.com/statistics/701020/major-operating-systems-targeted-by-ransomware/

Summary: Mitchel Lewis, a former Microsoft employee, takes a look at Microsoft-connected or Microsoft-controlled ‘think tanks’ in ‘task force’ clothing

Although most platforms have had their flare-ups with ransomware, it’s well-known that Microsoft’s legacy architecture has a hyper-monopoly with respect to ransomware infections that consequently renders all other platforms into negligible outliers in comparison. In fact, there’s nothing in this world that Microsoft monopolizes better than ransomware attacks at the moment.

Depending on who you ask, anywhere from 85–99% of ransomware attacks occur on Microsoft architecture, often via well-known vulnerabilities. Because of this common denominator, most working within the ransomware space daily would find it supremely difficult gloss to over the vulnerability of Microsoft’s architecture as being a key component in the rising prominence of ransomware and this is especially true if they were asked to write an 80-page report on the matter.

Taskforce ransom
A “venerable” who’s who of the ransomware field.

Recently though, a team of more than 60 lawyers and supposed experts that no one has ever heard of before from software companies, cybersecurity vendors, government agencies, non-profits, and academic institutions came together with the Institute for Security and Technology, an institute that no one has ever heard of before, and achieved the irrational by developing a “comprehensive framework” attempting to tackle the modern threat of ransomware. To no surprise and in true Dunning-Kruger fashion whenever expertise is proclaimed, these experts managed to accomplish the unconscionable by overlooking Microsoft’s blatant complicity in the ransomware space and the fundamental importance of modern infrastructure in the face of IT security and prevention of ransomware in an 81-page report.

ZDNet ransom
This wasn’t even a revelation in December for anyone with half of an ass in the field of assessing root cause.

To be fair, the task farce rightfully highlighted the rise of cryptocurrency as a motivational force behind ransomware attacks and further dubbed ransomware to be a threat against our national security, this is nothing new; even my stupid ass has been talking about this for 6 months now. Many of their suggestions are relevant too and might help to some degree, but they’re reactionary and ancillary at best in comparison to an architectural shift away from Microsoft solutions; the single best preventative measure that a company can take to defend itself against various attacks plaguing industry throughout the world, ransomware or otherwise. Hell, their whole article only mentioned prevention 3 times.

Safety Detectives
Source: https://www.safetydetectives.com/blog/ransomware-statistics/

With the exception of Hafnium, most attacks are rudimentary at best and exploit well-known vulnerabilities throughout the Microsoft ecosystem and the ignorant companies refusing to mitigate these vulnerabilities in favor of convenience. More often than not, ransomware infections are a direct consequence of phishing campaigns, poor password complexity, poor lockout policies that embolden brute force attacks, poorly trained users, no MFA, no VPN, and admins ignorantly exposing RDP to the WAN, etc. All of which are fundamental no-no’s in the world of IT security that are amazingly easy to prevent and almost all of which are targeted exclusively at Microsoft cloud and server solutions hosted on-premise by their clientele. And a task force of supposed experts would have acknowledged this if they were actually experts in ransomware or IT security.

Given all of this, it seems as if Microsoft is just as much of a threat to our national security as ransomware itself; you can’t have one without the other. Although many of these attacks are preventable and much can be done to supplement Microsoft architecture to harden against said attacks, it’s becoming increasingly evident that it’s impossible for most teams to account Microsoft’s entire threat surface, ransomware or otherwise, and that it’s simply too complex, costly, and cumbersome for most IT staff to manage. As such migrating away from the Microsoft ecosystem entirely is the single most viable way to reduce your threat surface against ransomware and pretty much every other form of attack; the drastic reductions in IT ownership costs and improved employee morale are nice too I hear.

This is not easy though. On top of being notorious for ransomware, Microsoft is notorious for optimizing their solutions for lock-in, addiction if you will, which makes them incredibly difficult and costly to migrate away from. The benefits are immediate to those with the grit to migrate though.

But instead of highlighting any of this, the task farce appears to be operating under a false pretense that ransomware is somehow a platform-agnostic affair and that architecture is irrelevant while further ignoring the important role that architecture plays in preventing ransomware and neglecting to showcase Microsoft for being a common denominator that it is; bungling it massively if you will. This is so much the case that they only mentioned the word architecture once in their entire report. If anything, they appear to be adopting Microsoft’s “assume breach” approach which is just their way of shifting blame to the people who support and manage their unsupportable and unmanageable solutions. All of which forces me to question the degree of their expertise and their intentions.

As harsh as this may seem at first, questioning their expertise is fair when there seems to be no focus on preventative measures and devoid of even the most obvious architectural recommendations; no acknowledgment that most ransomware attacks are preventable, no acknowledgment that not all architectures are equal, and no acknowledgment that they often occur when fundamentals are abandoned or forbidden. More often than not, there’s an IT nerd saying, “I told you so.”, to their change-averse management post-mortem with emails to back it up and this just isn’t something that experts can simply ignore when trying to prevent ransomware.

 Katie Nickels with context
Recommendations given, no response as expected.

Katie Nickels

To say the least, the IST report would look markedly different if boots on the ground were at least consulted with beforehand, hence why I began to question it so flagrantly as someone that has dealt with ransomware and its prevention for half a decade now. In an effort to clarify their expertise, I reached out to Katie Nickels, one of the task farce members, and she didn’t argue or lambast me with credentials proving otherwise and merely asked for my recommendations; a low-key admission of my expertise concern having merit if you’re into that whole social engineering thing.

Unsurprisingly and rather than supplying ransomware experts that could provide action items for people that actually work against ransomware on a daily basis which Microsoft has an abundance of, Microsoft instead supplied their digital diplomacy team comprised of Kemba Walden, Ginny Badanes, Kaja Ciglic, and Ping Look, which is curious because none of these people get wake-up calls when ransomware is dominating the infrastructure of their clientele. So far as I can tell, none of them seem to have even gone on the record about ransomware prior to this task farce being formed and it’s hard to see their role in the task farce and the absence of Microsoft’s complicity in their report as a coincidence.

Katie Nickels' reply

When combining these oversights, the dominant presence of Microsoft spin artists within their task farce, and the high likelihood of a sizable donation from Microsoft to the Institute for Security and Technology though, none of this should come as a shock to you. As shown with fraud of dolphin-safe labeling/oversight, we live in a world where industry has a penchant for hijacking its own watchdogs with massive donations and further installing people throughout their ranks that are sympathetic to the plight of starving investors; all of which Microsoft has been accused of before which appears to be the case with the #ransomwaretaskforce. Roy Schestowitz refers to this approach as entryism and it may be time to pay more attention to these nefarious approaches in the tech space.

In summary, trying to cull ransomware via decree alone is only viable in comparison to throwing virgins into a volcano. Given Microsoft’s monopoly on ransomware attacks, the single best thing that any organization can do to prevent ransomware from ravaging your IT infrastructure is to migrate far, far away from Microsoft architecture entirely. Once that is accomplished, companies can implement multi-factor authentication, complex password requirements with password managers, and spare no expense on user training to further reduce their exposure to ransomware and other attacks that leverage these very same threat vectors. And companies can do this while reducing their ownership costs by a factor of 3 conservatively as showcased by IBM when they standardized on the Apple ecosystem; those less efficient at managing PCs at scale than IBM stand to see greater reductions.

You’re welcome to disagree and stay on Microsoft architecture or believe that approaching ransomware via bureaucracy- laden decrees is viable. It’s your funeral. But if you find yourself in this precarious position of deferring to lawyers and people that have never been on the hook to remove ransomware before, it may be a sign that you should do more reading and less talking about the matter instead.

04.28.21

Testimonies, Letters, Writings, and More About Richard Stallman

Posted in Deception, Free/Libre Software, FSF, FUD at 11:02 pm by Guest Editorial Team

Published on April 27, 2021. Reproduced with permission.

As we keep working on this website, we are getting feedback from readers who send us their own writings and testimonies, or point us to writings by other people. We are grateful to all of them for their contributions. We can’t publish all of the materials, but here are some.

Professional Interaction with Richard Stallman #professional

by Andy Farnell – March 2021

Attackers of Prof. Richard Stallman, founder of the Free Software Foundation and GNU project, accuse him of “unprofessionalism.” My experience has been different. I recently had reason to speak with Richard Stallman while researching a new book, as I needed to interview an authority on the subject of “Software Freedom.” Of course, this is my personal experience over a short time. Some people say that he is difficult to get along with, but here’s why I feel any labelling of Stallman as “unprofessional” is undeserved.

As I hit send on an email to Richard Stallman, a person famed for “being weird,” I sighed with resignation at the fact it would likely go unanswered. Five seconds later a reply appeared. Obviously it was an automated response, including some boilerplate addressed to any NSA agents enjoying our conversation. Weird, yes! Check one! But in good humour. Were I an NSA worker it would cause no offence and make me smile. His email was polite, concise, informative and sensible. It explained Richard’s workflow for processing mail and when I might expect a reply.

Now, some might say that a “professional” would delegate their public interface. Having dealt with many prominent people I know it sometimes takes weeks and many attempts just to get through to an agent or handler, let alone win a personal audience. Often when trying to interview other writers or public figures one encounters a fortress of aloof discouragement—just go away, I am way too busy for you. Those who have a great deal to say, often take such pains to hide themselves and make sure nobody gets to speak back. As I see it, Stallman shares with the legendary Noam Chomsky, in being approachable by anyone, whether a professional reporter, student, blogger, or critic.

So, within a few days I received a thoughtful and detailed reply from Richard himself, who suggested we talk, and some choices of technology for a meeting. We found a mutually agreeable solution, being Jit.si, over which Richard devoted hours to helping me with my questions. I had expected a great fuss about encryption, and to find myself awake past midnight recompiling a kernel or fighting with encryption keys in order to talk to Stallman who would be nit-picky, weird and patronising about my weak security practices. That didn’t happen. It’s a character strength of Stallman I have heard others praise, that while ideologically rigid, he is absolutely pragmatic.

Before we were scheduled to talk, Stallman took the initiative to reach out and remind me we had a meeting, pre-emptively suggesting we test the link, and that I should record the meeting on my side as a reference, thus saving me the awkwardness of asking permission. Professional? Certainly well organised and mindful of the needs of others.

Then came the actual meeting. I get to talk to a lot of smart people, but rarely do they engage like Richard Stallman. He listens. Being into communication theory I pay attention to styles of interaction. In several hours of online connection Richard Stallman never once spoke over me, showing extraordinarily adept use of timing and tone for voice communication with latency while clearly thinking about each question. He ended each session by asking if I needed a follow up session and whether the recording had been successful.

At this point, Richard had no idea who I “really was.” He remarked that he was helping a student publish an article on software freedom in higher education—but he had no time to devote to editing the students prose. I took this as a subtle invitation to quid pro quo, and so I offered to edit the article. That lead to a long, productive and very interesting interaction that inspired an article for the Times Higher Education.

My experience of Stallman seemed the very model of consummate professionalism—exemplary use of technology and language, far, far better manners than I expect from many corporate encounters. Contrary to commentators who paint him as socially clumsy, I found his rather charming way of advancing agendas and connecting people for mutual benefit quite skilful.

The word “unprofessional” has been co-opted as an accusation in modern witch-hunts. It is very hurtful to call another person unprofessional, partly because the concept is so poorly defined, and gets conflated with “bad character.” Often the accusation is levelled at someone who is indeed acting at the absolute height of professionalism, following
the true spirit of their profession, but standing against the status quo. Whistle-blowers or those advocating for organisational change toward better ethics come to mind as obvious victims. We must stop abusing the word “unprofessional” as a vague smear against anyone whose opinions we dislike.

A Letter to the FSF #letter1-fsf

Date: Apr 6, 2021, 14:12
From: [Email address redacted]
To: info@fsf.org
Subject: In support of RMS

Dear FSF,

I support Richard’s return to the FSF, and hope that he will continue providing momentum to the Free Software Movement in all ways possible, especially through the FSF and GNU.

I am a doctoral student of condensed matter physics at Savitribai Phule Pune University, Pune, India, and a regular user of free software for almost a decade now. I would like to express my gratitude to Richard’s initiative for software freedom, which has directly and indirectly enabled my research in more ways than one.

Pradeep Thakur
Pune, India.

« Previous entries Next Page » Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts