The FSF is getting desperate

Stallman must be getting desperate because of the Windows 7 launch, they have a new campaign:

http://windows7sins.org/

“Windows 7 Sins: The case against Microsoft and proprietary software”

The FSF hired professional FUDsters:

http://www.fsf.org/news/campaigns-manager

“The FSF is hiring a campaigns manager to be part of the team that runs DefectiveByDesign and PlayOgg, helps coordinate the GNU Project, and generates new campaign ideas. This is an opportunity to take a leadership role in the organization that sponsors the GNU project, publishes the GPL, and fights for software freedom. “

And it seems 7 sins is the fruit of the labour.

So, here are the 7 sins commited by windows: (from windows7sins.org)

——————————————————–

“The new version of Microsoft’s Windows operating system, Windows 7, has the same problem that Vista, XP, and all previous versions have had — it’s proprietary software. Users are not permitted to share or modify the Windows software, or examine how it works inside.

The fact that Windows 7 is proprietary means that Microsoft asserts legal control over its users through a combination of copyrights, contracts, and patents. Microsoft uses this power to abuse computer users. At windows7sins.org, the Free Software Foundation lists seven examples of abuse committed by Microsoft.

1. Poisoning education: Today, most children whose education involves computers are being taught to use one company’s product: Microsoft’s. Microsoft spends large sums on lobbyists and marketing to corrupt educational departments. An education using the power of computers should be a means to freedom and empowerment, not an avenue for one corporation to instill its monopoly.

2. Invading privacy: Microsoft uses software with backward names like Windows Genuine Advantage to inspect the contents of users’ hard drives. The licensing agreement users are required to accept before using Windows warns that Microsoft claims the right to do this without warning.

3. Monopoly behavior: Nearly every computer purchased has Windows pre-installed — but not by choice. Microsoft dictates requirements to hardware vendors, who will not offer PCs without Windows installed on them, despite many people asking for them. Even computers available with other operating systems like GNU/Linux pre-installed often had Windows on them first.

4. Lock-in: Microsoft regularly attempts to force updates on its users, by removing support for older versions of Windows and Office, and by inflating hardware requirements. For many people, this means having to throw away working computers just because they don’t meet the unnecessary requirements for the new Windows versions.

5. Abusing standards: Microsoft has attempted to block free standardization of document formats, because standards like OpenDocument Format would threaten the control they have now over users via proprietary Word formats. They have engaged in underhanded behavior, including bribing officials, in an attempt to stop such efforts.

6. Enforcing Digital Restrictions Management (DRM): With Windows Media Player, Microsoft works in collusion with the big media companies to build restrictions on copying and playing media into their operating system. For example, at the request of NBC, Microsoft was able to prevent Windows users from recording television shows that they have the legal right to record.

7. Threatening user security: Windows has a long history of security vulnerabilities, enabling the spread of viruses and allowing remote users to take over people’s computers for use in spam-sending botnets. Because the software is secret, all users are dependent on Microsoft to fix these problems — but Microsoft has its own security interests at heart, not those of its users.”

——————————

So, let’s dissect each statement.. (yawn.. this is like a routine job now)

1: “Poisoning education”

“Today, most children whose education involves computers are being taught to use one company’s product: Microsoft’s”

And what does the FSF want? Linux education of course. How is it better? Learning Linux doesn’t make you learn “computers”, it is just Linux that you learn. In what way does learning emacs, vi, KDE, bash etc. has something to do with computer science as such? Just because you know the bash, doesn’t mean that you know how the computer works, how programming in asm works, what opcodes are, memory management and so on. Knowing Linux just means you know how to handle a specific OS and its programs.

“An education using the power of computers should be a means to freedom and empowerment, not an avenue for one corporation to instill its monopoly.”

Windows is much more widely used than Linux. Learning Windows gives more freedom: You can apply for more jobs as example. Even if Linux would be “better” (it isn’t), this would change nothing. Esperanto might be technically a better language than English, but it is harmful to teach pupils Esperanto instead of English, since their chances in the world are much higher if they know English.

2: Invading privacy

“Microsoft uses software with backward names like Windows Genuine Advantage to inspect the contents of users’ hard drives.”

This is plain FUD, WGA doesn’t scan the hard drive. It checks whether the product key is genuine. There are countless of security experts who tried to prove that Microsoft reads the hard disk etc. it was never proven. Many slashtards would get their first orgasm in their lives if there would be a proof of spionage by MS (aside from key checkings).

Besides, Open Source doesn’t save you from phome home:

http://www.mail-archive.com/ubuntu-bugs@lists.ubuntu.com/msg1598530.html

Windows is the most used software in the world, and has tons of freetard haters. Not to mention competition (Apple, IBM, Sun etc.) Never was something proven. And there tons of people who are trying to prove it.

It would be just suicidial to add spying functions. if THIS would be indeed proven, many companies would drop Windows NO MATTER WHAT. Not to mention all those lawsuits that would follow, hell, MS gets lawsuits for decades all around the world just because the inclusion of a browser –  imagine the lawsuits for THIS? They would go on until the year 2345.

3: Monopoly behavior

“Microsoft dictates requirements to hardware vendors, who will not offer PCs without Windows installed on them, despite many people asking for them.”

Dell offers Ubuntu PCs. Not many people want them. Netbooks came with Linux pre-installed, and most people wanted Windows.

And why do most retailers sell PCs only with Windows? To avoid something like that:
http://www.wkowtv.com/global/story.asp?s=9667184
—-
“MCFARLAND (WKOW) — Abbie Schubert paid more than $1,100 for a Dell laptop hoping to enroll in online classes at Madison Area Technical College, or MATC.

But something stopped her: she bought an operating system for her computer she never heard of, Ubuntu.

That’s an operating system for your computer similar to Windows that contains Linux.  It’s highly regarded among some people and extremely popular with certain circles of computer users because it’s free.

Schubert says she ordered her laptop online at Dell.com expecting to buy your classic bread-and-butter computer.

She didn’t realize until the next morning her laptop defaulted to the Ubuntu operating system.

“It’s been a mess,” she said. “I regret ordering the computer.””

—–

Oh, and there are enough freetards at companies at Dell, who seem to harm their customers with their freetard campaigns: (from the same article)

“Schubert says she never heard of Ubuntu until learning that she accidentally bought it.  She called Dell the very next day and says the representative told her there was still time to change back to Windows.

But she says Dell discouraged her.

“The person I was talking to said Ubuntu was great, college students loved it, it was compatible with everything I needed,” said Schubert.

So she stuck with it.

Later, she discovered Ubuntu might look like Windows, but it doesn’t always act like it.

Her Verizon High-Speed Internet CD won’t load, so she can’t access the internet.  She also can’t install Microsoft Word, which she says is a requirement for MATC’s online classes.

As a result, with no internet and no Microsoft Word, Schubert dropped out of MATC’s fall and spring semesters.

She also says Dell claimed it was now too late to get Windows and any changes she made herself would void her warranty.

“I’m extremely frustrated,” said Schubert. “I wanted to get back to school, but I needed a computer to be able to do that.”

27 News contacted Dell, but the company has not responded to us yet.””

—–

So much for the evil Microsoft controlling Dell and others.

4: Lock-in

“Microsoft regularly attempts to force updates on its users, by removing support for older versions of Windows and Office”

Windows 2000, released, well, in 2000, is still supported and will be until 2010. That is 10 years. Windows XP, released in 2001, will be supported until 2014:

http://www.informationweek.com/news/windows/operatingsystems/showArticle.jhtml?articleID=208800494

13 years! How long does a Ubuntu release last? 24 months at most.

If thirteen years are too short, what does the FSF expect? 25 years? 50 years? A lifetime?

5: Abusing standards

“Microsoft has attempted to block free standardization of document formats, because standards like OpenDocument Format would threaten the control they have now over users via proprietary Word formats. They have engaged in underhanded behavior, including bribing officials, in an attempt to stop such efforts.”

Even if it is true, IBM (FOSS darling) did the same:

http://srtsolutions.com/public/item/250886
—-
“I can see why IBM opposes more voices (at least those that don’t agree with its commercially motivated views). It has enjoyed unparalleled influence in international standardization for decades and may not now like more voices and decision makers in this process. Its allies could not have been clearer about that commercial agenda– to force the purchase of their products by blocking governments from procuring Microsoft Office, (http://www.consortiuminfo.org/standardsblog/article.php?story=20080328080930159) regardless of technical merit or actual demand.”

6: Enforcing Digital Restrictions Management (DRM)

“With Windows Media Player, Microsoft works in collusion with the big media companies to build restrictions on copying and playing media into their operating system”

This DRM only activates if you want to see blu-ray, HD DVD movies. Linux doesn’t have it at all, which means, Linux users can’t even watch them.

This argument goes like: showering can cause mold, thus, a house without a shower is better.

7: Threatening user security

“Windows has a long history of security vulnerabilities … Because the software is secret, all users are dependent on Microsoft to fix these problems “

Open Source code doesn’t guarantee that some one looks at it. Take as example this 8 year old vulnerability in the Linux kernel:

http://www.theregister.co.uk/2009/08/14/critical_linux_bug/

Or the OpenSSL bug, undiscovered for years:

http://threatpost.com/en_us/blogs/how-debian-openssl-bug-almost-spawned-disaster-051809

And with grave consequences, like invalid certificates.

And of course, Windows has more exploits, because more people use it, and that attracts malware authors. If Linux would have the same exposure, it would get the same unwanted attention.

Freetards always counter with the “IIS Argument” against this reasoning. Here is it at work:

http://www.inatux.com/gnulinux

——

Most people use Microsoft Windows, and pirates want to do as much damage (or control) as possible: therefore, they target Windows. But that’s not the only reason; the Apache web server (a web server is a program located on a remote computer that sends web pages to your browser when you ask for them), which is open source software, has the biggest market share (against Microsoft’s IIS server), but it still suffers from much fewer attacks/flaws than the Microsoft one.

—-

And this is FALSE.

Here is IIS6:

http://secunia.com/product/1438/

Affected By  6 Secunia advisories

Unpatched  0% (0 of 6 Secunia advisories)

Six holes in six years. Not bad. And all of them patched.

If we compare that to Apache 2.2:

http://secunia.com/product/9633/

Affected By  15 Secunia advisories

Unpatched  13% (2 of 15 Secunia advisories)

The statistics for the new IIS 7 are impressive too:

http://secunia.com/advisories/product/17543/

Affected By  1 Secunia advisories

Unpatched 0% (0 of 1 Secunia advisories)

The “IIS Argument” is pure hogwash, because it proves the total opposite what the freetards want to prove! Perhaps it would help if they didn’t compare the newest Apache to the IIS version from 1996.

Well, that’s it for newest FSF FUD campaign.

They call their previous one, “Bad Vista”, a success by the way:

http://badvista.fsf.org/

“On December 15, 2006, the FSF launched its BadVista.org campaign to advocate for the freedom of computer users, opposing adoption of Microsoft Windows Vista and promoting free — as in freedom — software alternatives. Two years later, the campaign has nearly 7,000 registered supporters, the name Vista is synonymous in the public eye with failure, and we are declaring victory.

For all its problems, Vista has a 17 time higher marketshare than Linux:

http://marketshare.hitslink.com/operating-system-market-share.aspx?qprid=10&qpcal=1&qptimeframe=Y&qpsp=2009
Many freetards would sell their complete family, if Linux would have such a “failure” in return.

What’s really ridiculous about the 7sins campaign is, that it is just a distraction. ALL the points are moot points. The FSF doesn’t really care about them.

Even if Win7 would be the most perfect software ever created, assembled by divine beings, with no WGA whatsoever, given free of charge, even if it would run with blazing speed on a 486 with 8 MB RAM , it wouldn’t matter at all.

Because:

http://broadcast.oreilly.com/2009/04/stallman-discusses-free-softwa.html

Stallman:

“proprietary software is something worse than an inconvenience. Proprietary software is a social problem, and our aim is to put an end to it. Free software is sometimes more powerful and reliable, but what concerns us most is that it is a more ethical way to distribute software.”

As long it’s not “FREE” (as grandmaster RMS defines it), it’s evil. There is no common ground. So the 7sins campaign is just a red herring. It’s a fake cause.

[Note: This article was originally posted in 2009, so the secunia statistics may be different when you read this. Last time I checked them (August 2010), the general trend was the same (Apache had more open holes than IIS 6 & 7)]

Advertisements

6 responses to “The FSF is getting desperate

  1. good molly Penguin Day , i look your blog , this a nice blog and perfect. Great for me. best review for Uncategorized and http://www.wkowtv.com/global/story.asp?s=9667184 content. i will visit to read and comment your website.

  2. Pingback: And Linux still sucks | Penguin Day

  3. Hmm idiot using Secunia advisories. Please note that apache as listed in security numbers 13% of Secunia advisories about apache as false postives vs 9% on iis.

    Now impact gets very interesting. Most of apaches reported weaknesses are dos attack flaws. Yet most of IIS 6 is system access.

    Lets normallise for system breach. 33% of 11 equals 3.4 for IIS6 %7 of 30 is 2.1 for apache 2.2. If your consern is system being breached apache wins. If you consern is that you site might be made non acceessable IIS 6 wins.

    Of course the other important is secuirty bypass. Apache is 4.2 bugs for secuirty bipass and IIS is 2.2 bugs. Again site depends if that is important. Due to Apache having a broader range of secuirty modules that could have flaws a higher number there is to be expected.

    0.6 for privilage exscape on apache and 0.77 on IIS.

    The devil is in the details Penguin Day yes apache vs IIS is not wise todo. The devil in the details normally shows apache as ahead that it fails before being exploited in most cases. Of course that is apache not wrapped in selinux or any complier other hardening solution. Companies like redhat build apache with extra complier options on that also means lot of secuirty reports to secunia don’t work on real world deployments of apache. Were every IIS report works on real world IIS.

    Never ever just read over view secuirty numbers the key points is how those numbers break down and what is really reported. You could have found something with like 100 false postives and zero real and been up say it has stack of secuirty faults when it has none.

    What the unpatched are is also critical to read.
    ii6
    http://secunia.com/advisories/product/1438/?task=advisories
    apache
    http://secunia.com/advisories/product/9633/?task=advisories

    Intersting right the one unpached allows attack on iis6 to take over the complete system remotely.

    The 2 unpatched on apache. 1 requires you to be a local user and can lock apache up. The other allows cross site scripting attacks if your apache configuration file is wrong? Yes strange weired and not that highly critical.

    I think you better in future stay away from secuirty Penguin Day you don’t know enough to read the numbers properly to wake up you are downplaying a major issue in iis6 that might give someone the wrong idea that iis6 is secure when currently its not. So if someone due to your advice swaped from apache 2.2 to iis6 they would have made a very bad mistake.

    So please unless you learn to read secuirty number properly in future don’t go near them. Doing so only creates Myths and puts people at risk.

  4. Intersting right the one unpached allows attack on iis6 to take over the complete system remotely.”>

    Only can be exploited if you allow your users to upload files to your server and if you use classical asp.
    Also, here’s the detailed info for this vulnerability:

    http://translate.google.com/translate?hl=de&sl=es&tl=en&u=http%3A%2F%2Fblog.48bits.com%2F2010%2F09%2F28%2Fiis6-asp-file-upload-for-fun-and-profit%2F

    It’s considered less severe, because it can be mitigated easily:

    “The solution is focused on two different roles:

    Sysadmins: Remove execute permission on the directories where files for uploading. Follow the guide to best security practices for IIS 6 (Ref # 6) ”

    Most run asp.net on Windows servers, and most also have upgraded to IIS 7. Also, you’re aware that IIS 6 is ten years old?

  5. Now impact gets very interesting. Most of apaches reported weaknesses are dos attack flaws. Yet most of IIS 6 is system access.

    I’ve counted now the numbers on the Secunia pages.

    II6 has 5 “system access” holes, Apache 2.2 has 3 of those. Sorry, a difference of 2 is not world shattering. Don’t forget, Apache has in absolute numbers also far more other holes, many DOS and “Exposure of sensitive information” flaws, which IIS 6 lacks.

    The IIS holes were also quicker patched it seems. Apache 2.2 is also younger than IIS 6 by a considerable margin.

    IIS 7, which can be better compared to Apache 2.2, because their release dates are far closer, has only 6 flaws in total, Apache 2.2 has 30. Don’t forget that.

  6. The devil in the details normally shows apache as ahead that it fails before being exploited in most cases. Of course that is apache not wrapped in selinux or any complier other hardening solution. Companies like redhat build apache with extra complier options on that also means lot of secuirty reports to secunia don’t work on real world deployments of apache.

    I doubt that. But even if true, the stats still favour IIS. So let’s be generous and say that out of the 30 flaws in Apache 2.2, Redhat can kill 10 (That’s VERY generous, because your reasoning is bullcrap – Microsoft’s compilers have options for hardening, like ALSR etc. too. Don’t assume that GCC is special) – you have 20 flaws in Apache 2.2, IIS 6 and 7 COMBINED have still less.

    And selinux is nothing magical. MS uses the similiar hardening techniques for IIS 6 and 7: http://learn.iis.net/page.aspx/139/iis7-and-above-security-improvements/.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s