The "legally-binding" and "transparency" conundrums grossly distorted

Summary: News sites mislead their readers, teaching them that the biggest dangers associated with proprietary software are in fact problems exclusive to Free/libre Open Source software

FOR Microsoft to ever pretend to care about security would basically mean to lie, blatantly. Microsoft works hand in glove with the NSA and it has, on numerous occasions, admitted that true security isn't the goal. Its actions too show this repeatedly. Known flaws -- or holes, or bug doors, or whatever one frames them as -- are not being patched unless the public finds out about them.

In order to bolster security perceptions and to give an illusion that Microsoft actually cares about security and invests in security, the company has just hired some staff in Israel (acquisition is one other way to frame this). The media calls it "security provider", but given Israel's record on back doors, cracking (e.g. Stuxnet development), wiretapping etc. this is rather laughable. A lot of Microsoft's so-called 'security' products are made in Israel, and some companies in this military-driven industry facilitate and cater for spies using back doors, usually under the guise of 'security' (they mean "national security"). We wrote about this in past years.

“This proves that security through obscurity is a myth that merely encourages people to rely on poorly implemented programs with shoddy security, whereupon developers choose to hide the ugliness of the code.”We were rather disturbed to see this bizarre article yesterday. Titled "Hackers targeting .NET shows the growing pains of open source security", the article is a big lie. The headline is definitely a lie. .NET is PROPRIETARY (still), it has holes in it, and some fool tries to use it to call Free/libre software "not secure". Let's assume for a second that .NET code becoming visible to the world exposes many holes, indeed. It proves exactly the opposite of what the headline says then. If anything, it shows that Microsoft keeping the code secret assured low quality code and bred vulnerable code. Once shown to the world, these holes are being exploited. This proves that security through obscurity is a myth that merely encourages people to rely on poorly implemented programs with shoddy security, whereupon developers choose to hide the ugliness of the code. A lot of the claims from the article come from a FOSS foe, Trend Micro, but they can be framed correctly to state that, if anything, a public audit of .NET now shows just how terrible proprietary software can be, having never been subjected to outside scrutiny.

In other disturbing headlines we find another inversion of the truth. The Business Software Alliance (BSA), or the EULA police, has done a lot to show how dangerous proprietary software licences can be. Nevertheless, Slashdot with its pro-Microsoft slant as of late [1, 2] gives a platform to Christopher Allan Webber.

"Is this another false "I really like the GPL except" post," asked us a reader. To quote the author: "The fastest way to develop software which locks down users for maximum monetary extraction is to use free software as a base" (oh, yes, those greedy Free software developers!)

The article has a misleading/provocative headline (hence we provide no direct link) and Bruce Perens, who had already accused Black Duck of FUD against the GPL (“I think it's 100% B.S.," he said three years ago), responded to the piece by stating:

I help GPL violators clean up their act, it's my main business.

Every one has had a total lack of due diligence. I will come in and find that they have violated the licenses of 21 proprietary software companies (this is a real customer example) by integrating their code into their main product, just like the GPL code. Some of them only had an "evaluation" license, some not even that, some wildly violated the terms of any license they got.

Most of them are in silicon valley. They seem to have the attitude that they will clean up their legal problems when they're rich, and nothing but getting their product out of the door matters until then.

They don't ask me to feel sorry for them. I bill them a lot, and in the end, they're clean and legal.

When it comes to legal risk and licensing, nothing beats proprietary software. It's risky, it's expensive (lock-in makes the exit barriers considerably higher), and it is very hard to obey or comply with, especially when you are low on staff and funds (must renew licences all the time). Contrariwise, it is very easy to comply with copyleft; there is no renewal work required and no renewal fees. All one is required to do is to maintain the copyleft of the code used. The rules are very simple. ⬆