-- Leo's gemini proxy
-- Connecting to gemini.techrights.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Gemini version available ♊︎
Posted in Free/Libre Software, FUD, Law, Microsoft, Security at 9:29 am by Dr. Roy Schestowitz
Video download link | md5sum a8f9ceff0ad97d546e30338a3c0ce610Media FUD and Anti-FOSS Bills Creative Commons Attribution-No Derivative Works 4.0
http://techrights.org/videos/security-fud-abundant.webm
Summary: There’s not only a wave of attacks falsely attributing security issues to Free software (the media says “Open Source”) but also new legislation in the United States, likely crafted by lobbyists, which discriminates against Free software whilst ignoring the elephant in the room, e.g. government back doors
THE corporate media, which is being fed a set of mindless talking points from corporations that fund it (e.g. by buying advertising space), is spreading a lot of Free software-hostile misinformation. It has been particularly true this month. Not a day goes by without us providing several examples in Daily Links, usually with accompanying editorial remarks/response. Thanks to gross bias and corrupting influence of money, so-called ‘journalists’ (stenographers) try to convince us the worst thing to security is “Open Source”, using terms like “supply chain”, which became fashionable (distracting from the real culprit, e.g. “MS SQL [proprietary] servers are getting hacked to deliver ransomware to orgs,” as just pointed out in Help Net Security, or never noting that this “supply chain” is controlled by proprietary frameworks, e.g. GitHub or NPM, i.e. Microsoft/NSA).
> “Some of these sources (e.g. Recorded Future) are connected to spy agencies and spy on IRC networks.”
One recent rebuttal to the torrent of FUD comes from a podcast of Josh Bressers. It’s entitled “Holding open source to a higher standard”, alleging that Free software is scrutinised a lot more harshly than proprietary rivals/counterparts. “Open source has always been held to a higher standard,” Bressers says. “It has always surpassed this standard.”
↺ alleging that Free software is scrutinised a lot more harshly than proprietary rivals/counterparts
Sadly, this is the only link we can recommend that readers follow and read. We put it in Daily Links several days ago.
The annoying part was pointed out to us by an associate, alleging that Microsoft “is still milking the log4j vuln[erability] for political gain,” based on shallow blog posts and reports [1, 2, 3]. “The FSF, EFF, and OSI (in their old incarnations) need to be in proactive,” the associate said, and “contact with the OMB immediately.”
Some of these sources (e.g. Recorded Future) are connected to spy agencies and spy on IRC networks. It’s a sinister entity.
> “CISA, a Microsoft booster, is involved in this.”
The above corresponds to S.4913 – Securing Open Source Software Act of 2022, which can be found in congress.gov under the title “Securing Open Source Software Act of 2022″. It’s formalised “concern trolling” in a suit with a tie. The title is misleading.
CISA, a Microsoft booster, is involved in this. To quote from one of the links above: “The Securing Open Source Software Act — sponsored by Senators Gary Peters (D-Mich.) and Rob Portman (R-Ohio) — would require the Cybersecurity and Infrastructure Security Agency (CISA) to create a “risk framework” around the use of open source code within the government and critical infrastructure agency.”
“CISA would need to find ways to “mitigate risks in systems that use open source software” as well as hire experienced open source experts to address issues like Log4j. The bill also requires the Office of Management and Budget (OMB) to publish guidance for agencies about how to use open source software securely.”
Based on CISA’a own list of actively-exploited flaws, Microsoft is a vast part of the problem, but S.4913 was “[r]ead twice and referred to the Committee on Homeland Security and Governmental Affairs.”
> “Notice how they keep mentioning “Log4j”; even about a year later! It had been patched before the public even knew about it.”
As if the problem is what Microsoft keeps attacking or what’s replacing Microsoft.
“The overwhelming majority of computers in the world rely on open source code – freely available code that anyone can contribute to,” says this page. But that’s its strength, not the weakness, as I explain in the video above. Anyone can fix it, so it gets fixed very fast.
Notice how they keep mentioning “Log4j”; even about a year later! It had been patched before the public even knew about it.
Many publishers intentionally participate in a FUD campaign, e.g. Help Net Security with “Open source projects under attack, with enterprises as the ultimate targets” just a couple of days ago. That’s just another wave of anti-Free software FUD; so back doors in proprietary software are OK, but this is… the end of the world? And the sky is falling? This selective attention is a propaganda technique. █
Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
Permalink > Image: Mail
Send this to a friend
----------
➮ Sharing is caring. Content is available under CC-BY-SA.
-- Response ended
-- Page fetched on Thu Jun 13 11:30:29 2024