Bonum Certa Men Certa

Microsoft is Still Attacking Free/Open Source Software With Security FUD

Nana the cat



Summary: Free software's "many eyeballs" defence is being slammed by Microsoft employees who cite their own reports and continue to show incompetence and extreme negligence when it comes to security

IS MICROSOFT really changing? Is Microsoft finally accepting that "open source" (as it insists on calling it) is acceptable? Hell no.



Back in December we showed that Microsoft was smearing Free software even though it can run on Windows and now we find the monopolist using its own lies that its arrogant employees have manufactured in order to fuel this latest security spin and lies about Free software's security. Microsoft titled this FUD "Microsoft’s Many Eyeballs and the Security Development Lifecycle". Blankenhorn states in his response that "Closed source still state religion at Microsoft"

But closed source remains a sort of state religion at Microsoft, as I learned this week from Fred Trotter, an expert in open source medical software.

Fred wrote this week about some FUD (Fear, Uncertainty and Doubt) Shawn Hernan of Microsoft is spreading within the security community — that open source is less secure despite its being visible.


Yes, that would be Microsoft, which is still doing extra PR work to pretend that it has an "open source" side and that CodePlex is not just a shell/front for Microsoft. To advertise the CodePlex Foundation as not tied to Microsoft, these liars previously recruited Microsoft MVP Miguel de Icaza (before he was officially their MVP). They also exploit their long-standing friendships with British Library staff in order to achieve this. The true intentions are so obvious to see that it takes gullible or misinformed individuals to fall for it.

Regarding those Microsoft claims of "better" security in proprietary software, here is a new article which attributes the rise in E-mail malware to Microsoft Windows botnets (zombie PCs). The article says: "Malicious spam volumes increased dramatically in the back half of 2009, reaching three billion messages per day, compared to 600 million messages per day in the first half of 2009. But this is still a tiny fraction of the estimated global spam volume, thought to be about 200 billion messages per day.

"A new report by net security firm M86 Security points the finger of blame for the torrent of malware, phishing and other scams (collectively defined as malicious spam) and junk mail more generally towards botnet networks of compromised machines. It reckons five botnets were responsible for 78 per cent of the malicious spam it fought in the second half of 2009.

"M86 reports that the major spam botnets such as Rustock, Pushdo (or Cutwail) and Mega-D continue to dominate spam output, supported by second-tier botnets such as Grum, and Lethic. Rustock alone pushed out 34 per cent of spam in 2H09. Pushdo zombie drones puked out one in five spam messages (20 per cent), with Mega-D zombies account for 9 per cent of the global junk mail nuisance."

“[S]ince 2007, 5 major maintainers on Ubuntu are linked to Novell [...] Mostly the one maintaining .NET packages.”
      --Oiaohm
Needless to say, this is only affecting Windows and Microsoft's utter negligence [1, 2, 3] contributes to it. The last thing we need is for GNU/Linux to inherit the same security problems through Mono and Moonlight. In today's IRC conversations (the relevant part starts here), it came up that "since 2007, 5 major maintainers on Ubuntu are linked to Novell [...] Mostly the one maintaining .NET packages." That's a claim from Oiaohm, who added: "Matt Asay will allow .NET to infect more. Then end of next year MS can drop the patent wall on them." Maybe this is a good opportunity to ask Asay some questions in Slashdot. Well, Slashdot treats him like a celebrity and some months ago he was mentioned in their front page because former Microsoft employees voted him one of the "most influential in FOSS" (no coders at all were seen as worthy for this list, not even Richard Stallman). But then again, as the new call for questions states, "Matt [Asay] is on the board of advisors for Slashdot's parent company, Geeknet." We previously complained about Slashdot's new Microsoft slant [1, 2, 3, 4, 5], not to mention the hiring of former Microsoft employees who can change the agenda and groom particular people who are helpful to them (Matt Asay is the one who brought Microsoft to OSBC [1, 2, 3]). MinceR says that "Geeknet is completely corrupted". Why is it that Slashdot picks questions for Jim Zemlin, for example (he is a marketing person from the Linux Foundation), whereas technical people from the heavily-disrespected GNU receive no opportunity to offer their side of the story? Slashdot reached out in the same way to some Microsoft employees.

DaemonFC, a former Microsoft MVP, says: "I still don't get why many large companies with lots of lawyers don't flinch at shipping Mono if it really is so bad... you'd think they'd clear something like that with their legal dept first..."

MinceR says that Microsoft "does everything they can to make the legal situation about mono-related patents as unclear as possible" and Oiaohm tells DaemonFC that Intel and other companies do know about the problem, which is why they stay out of Moonlight, for example [1, 2]. "Intel will not touch it," Oiaohm insists, "due to legal issues."

MinceR adds: "we see canonical pushing mono... if their legal department didn't warn them about this, when exactly will they do so?"

At a later stage in the day, Oiaohm dropped this interesting new link ("2010 CWE/SANS Top 25 Most Dangerous Programming Errors"). "Good read for those who think languages like .net are majorally more secure," he said. "That is the new list for bugs that common breached systems last year. Lot of them don't link to what .net and java languages protect against. To be correct php and other equal languages have been breached."

"The continuous and broad peer-review enabled by publicly available source code supports software reliability and security efforts through the identification and elimination of defects that might otherwise go unrecognized by a more limited core development team."

--CIO David Wennergren, Department of Defense (October 2009)



Comments

Recent Techrights' Posts

Wayland is About Less Choice, About Removing Choices, It's Not About Freedom
IBM insists that it cares about "diversity"
Keeping Things Accessible
Gemini Protocol seems to be growing
Not Much Better Than LLM Slop: Linux Foundation-Funded 'News' Site Writes Linux Foundation 'News', Composed by Linux Foundation Operative, Quoting Linux Foundation Staff
...they get paid (sponsored) to produce this spam. Then they call it "journalism".
Annual Southern California Linux Expo (SCALE 22x) 'Bought' by Microsoft and Microsoft Exceeded Sponsorship Limits by Giving Double the Maximum Permitted Amount
When people get bribed they tend to forget how to utter a simple word: "No."
EPO Examiners Point Out to the Heads of Delegations in the Administrative Council of the EPO That the "AI Policy" of the Office is Illegal
"the Central Staff Committee (CSC) asks the Administrative Council to exert its supervisory role and instruct EPO management to enter into genuine dialogue with the staff representation on the AI Policy, to revise the “Leverage AI” target of 90% AI-automated classification in the SP2028 and to put in place the measures supported by staff in the resolution."
French Cities Dumping Microsoft Because They Recognise Software Freedom, Open Standards, GNU/Linux Autonomy
We hope that more French cities - maybe Paris - will follow Lyon.
LWN is a Voice of GAFAM (Through Linux Foundation, Their Front Group or Occupying Force Inside Linux)
remember who the chief editor works for and who sponsors many of the articles
 
X is Dying, But Not XServer/X11. Twitter X.com is Dying.
People or businesses or government officials (and departments) that still rely on Social Control Media are playing Russian Roulette with their future online
Escaping Colonialism (or 'Hegemony') Requires Abandoning GAFAM, Microsoft in Particular
Europe is already in the process of abandoning Microsoft
Microsoft Will Shut Down More Studios This Week, Its Media Operatives Will Tell Lies About the Magnitude of the Shutdowns and Layoffs (They Always Do)
Many people who get counted as "workforce" are "temps" or similar
What Linux Foundation 'Research' is: Paid Marketing
What is Linux Foundation 'Research'?
No, IBM Does Not Care About People With Disabilities
"Aktion T4" did not seem to bother Watson
Microsoft's Financial Problems Mean Shutdowns, Not Just Mass Layoffs
If the original rumour is true, then expect almost 30,000 Microsoft workers to be let go this year
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, June 26, 2025
IRC logs for Thursday, June 26, 2025
The Netherlands: GNU/Linux Measured at All-Time High
Are any Dutch cities going to announce dumping Microsoft?
Gemini Links 27/06/2025: "Interstitial Existence" and Autocorrect
Links for the day
Technical People Need Technical Lawyers
Technical Litigants in Person (LIPs) have many real and concrete advantages
10,000+ Articles in About 20 Months (and How We Got Here)
More bloat does not beget efficiency and "bells and whistles" tend to have a hidden cost
Links 26/06/2025: Illegal Kangaroo Court (UPC) Failing Scandinavia, K-Pop Agencies Abuse People
Links for the day
Gemini Links 26/06/2025: AuraGem Twitch Proxy is Back and UI Sluggishness
Links for the day
Links 26/06/2025: Noise Pollution Considered High in Europe, Mass Layoffs Next Week in Microsoft Confirmed, Very Large in Scale and Scope
Links for the day
The 'Case' of the Serial Strangler From Microsoft is a Lot of Copypasta (Maybe Also LLM Slop) From the Matthew Garrett 'Case'
5RB deserves to know and the matter shall be properly reported in due course (when the time is right)
EPO Squeezing the Staff - Part II - Office Breaks Rules, Ignores Courts, Defies Justice
False promises everywhere
No, I Don't Want Your Latest XYZ, ThankYouVeryMuch...
Wayland is finally ready?
China Keeps Breaking Into Microsoft Systems, So for True Sovereignty, Nations Wary of China Need to Dump Microsoft
Looking at data from Taiwan (not China) and Maharlika (not Philippines, the king is dead and Spain is out), there are encouraging signs
Linux Journal Wants Ads on Its LLM Slop or Ads as 'Articles'
it's basically another BetaNews
How to Kill a Monopoly
in 10 simple steps
IBM - Like Microsoft - is a Dying Company and Perishing Brand ("AI" is a Lie and Decoy)
"Arvind is cutting costs (layoffs, PIPs, forced RTO, etc...) like crazy. IBM offices are closing all over the place in the US."
"Code of Conduct" Invoked When Fedora and Red Hat Users (Since the 1990s) Don't Want to Use Wayland
That is IBM "DEI"
Mozambique: GNU/Linux Rose From 0.5% Last Year to 3% This Year
what (or how) statCounter is measuring
Microsoft Layoffs Next Week: About 10% to be Laid Off in Microsoft Gaming (2 Days Before Independence Day), About 20%+ of XBox Staff
Microsoft is rapidly collapsing
Next Month Marks 11 Years Since Our In-Depth EPO Coverage
The same is happening to Microsoft right now
Free Software Foundation (FSF) Campaigns Against Vista 11, Adds 4 New Associate Members Per Day
If more people understood the underlying principles, more of them would flock to Free software overnight
Canonical Seems to Have Culled Some Sources of LLM Slop From Planet Ubuntu
It's like "junk food", it's not information
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, June 25, 2025
IRC logs for Wednesday, June 25, 2025
On "Weak Claims"
For the record, they sent me unjustified threats, repeatedly tried injunctions (censorship)
EPO Squeezing the Staff - Part I - Burnout and Family Health
more exceptional circumstances
This Month's Mail (MX) Server Survey Shows Microsoft at 0.20% "Market Share"
We need to remind people that desktops and laptops decline (in proportion to other client devices) and at the "back end" GNU/Linux is already dominant and has long been dominant
Links 26/06/2025: Filespooler Guide and Learning to Code
Links for the day
Why Techrights Cannot be Vilified (and Instead It Gets SLAPPed Repeatedly by Microsoft People)
Attack dogs are all "bark"; because they have no actual "bite"
Austrian GNU/Linux Usage Up to About 5% as More of Europe Abandons Microsoft
Since inauguration day the Austrian people have adopted more and more of GNU/Linux
Why the "Wayland People" and "Rust People" Will Lose Hearts and Minds (Same Reasons)
Wayland pushers are fast becoming like "Rust People"
5,600 Pages/Articles Per Year
So far this year we've kept all the promises
BetaNews Beginning to Show What Its True Goals Are
The 'new' BetaNews won't be about journalism. It's trying to sell things.
Microsoft Has Lost "The War"
We'll soon see the 9th or 10th wave of Microsoft layoffs in 2025 alone
Slopwatch: A Wreck and a Dreck, "Flooding the Zone With Dreck" or Flooding the Web With Junk
"Slopwatch" continues today because we have many new examples
Links 25/06/2025: Thwarting More Software Patents, Overlap Grows Between EPO Corruption and Illegal Kangaroo Patent Courts in EU
Links for the day
Links 25/06/2025: Elon Musk’s Lawyers Caught Lying, WhatsApp Faces More Bans
Links for the day
Wayland Pushers Lose the Argument, Use LLM Slop and Chatbots to Make Up Arguments for IBM
Another new low and low blow
Brian Fagioli Created Another Slopfarm Targeting "Linux" After BetaNews Became a Slopfarm of Phantom Accounts and Pseudonyms
Mr. Fagioli even had slop about a dead Torvalds (hypothetical) as clickbait
Wayland is Perfect, Nobody Can Escape Its Perfection! (Or Not)
Do not form on opinion on Wayland based on politics
What is "MATA"?
Think of it as GAFAM or "Meta"
Moral Duty for "Linux Sites" to Speak Out Against LLM Slop
My wife has long complained about "Linux bloggers" keeping quiet and thus passive about a growing problem: slop
In Recent Hours Google News Promoted at Least 3 Slopfarms That Relayed Linux Foundation Propaganda Made by Bots or LLM "Bullshit Generators" (as Dr. Stallman Dubbed Them)
Google is circling down the drain and Google News too is hopeless
Linux Journal is a Slopfarm, It's Experimenting With LLM 'Authors'
Is Slashdot next?
WebProNews is a Slopfarm
Please avoid linking to WebProNews
Microsoft LinkedIn is Dying and Many More Layoffs Are on the Way
LinkedIn is just a failed acquisition of Microsoft. It causes losses and debt.
Gemini Links 25/06/2025: Combinatorial Music and Self Hosting
Links for the day
Richard Stallman Coming Back to Europe This Autumn to Give More Talks
His last talk in Europe attracted about 400-450 people
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, June 24, 2025
IRC logs for Tuesday, June 24, 2025
Social Control Media, Technology & Catholicism: Synod on Synodality review and feedback
Reprinted with permission from Daniel Pocock
How Many More Women Will Managers at Microsoft Strangle and Tell to Kill Themselves (or Try to Kill)?
The world needs to know what happened
The New BetaNews: 7 New 'Articles', All of Them LLM Slop
BetaNews is basically defunct. Nobody writes there anymore.
Another "Told You So!": XBox Mass Layoffs at Microsoft (Many Recent Reports Were Chaff and Spin), Many Other Divisions Affected
With mass layoffs at Microsoft the world would be much better