11.04.09

Orwellian EIF, Fake Open Source, and Security Implications

Posted in Deception, FOSS, Microsoft at 5:53 am by Roy Schestowitz

Open is close enough

Summary: The manipulation of Europe’s interoperability framework (by Microsoft lobbyists and others) is made more visible; other news of relevance

Yesterday we wrote about the European Interoperability Framework (EIF), which Microsoft front groups were leaning on [1, 2, 3] until “open” almost came to mean “proprietary” and “patent-encumbered”. The original analysis has received a lot of response; for instance, Neko Nata compares this to Microsoft’s corruption of ISO and Bob Robertson quotes Orwell as follows: “Languages evolve, sometimes faster than others.” In ComputerWorld UK, E.T. Anderson compares it to “War is peace”.

Here is new coverage from The Register:

The European Union has long promoted open source software, but it seems that years of expensive lobbying by big software companies has finally worn down the bureaucrats’ resistance.

The latest version of the European Interoperability Framework – which aims to offer governments and businesses guidance on using open source software – has substantially weakened its definition of what open source is. This follows years of lobbying by the BSA, representing multinational, and substantially closed-source, companies.

Ars Technica covers this too:

The EIF’s new definition of openness is also troubling. The text no longer explicitly requires that patents on standards be made available under royalty-free terms. Royalty-free patent grants are important because they ensure that open source implementations of the standard can be created without serious intellectual property impediments. The new draft attempts to address that same issue, but does so poorly—it requires that the standard be possible to implement “under different software development approaches” and indicates that open source software is an example of one such approach.

The ambiguity is potentially problematic. There are some cases where standards are provided under terms that make it technically possible to create open source implementations but with significant impediments that inhibit broad downstream redistribution or make it practically unfeasible. An arrangement like the controversial deal between Microsoft and Novell is arguably an example.

Yes, part of Microsoft’s plan is to use patent deals (like that of Microsoft and Novell) to eliminate the Freedom of free software and to make it expensive. Steve Ballmer said at the beginning of 2007: “The deal that we announced at the end of last year with Novell I consider to be very important. It demonstrated clearly the value of intellectual property even in the Open Source world. I would not anticipate that we make a huge additional revenue stream from our Novell deal, but I do think it clearly establishes that Open Source is not free and Open Source will have to respect intellectual property rights of others just as any other competitor will.”

The FSFE’s founder, Georg Greve, became aware of this EIF subversion and he immediately responded. Deep inside he is not a fan of Microsoft’s behaviour; just days ago he wrote: “Unethical, appaling and disgusting: #FamilyGuy corrupted by #Microsoft http://is.gd/4G5QH, a clear violation of http://is.gd/4G5Sh, it seems”

One of our readers gave us input by mail, referring specifically to the news about Skype playing similar tricks with “open source” and interoperability (David Gerard compares it to Helix at Real). According to SJVN, Skype is not going Open Source any time soon. Well, not yet anyway.

The basis for this? Some correspondence between Skype technical support and a Mandriva Linux user (Skype supports generally older versions of Debian, Fedora, openSUSE, and Ubuntu). In it, the French-speaking Skype technical support rep said that it’s possible that the final version of Skype for Linux will be open source.

That wasn’t much, but it did hint that it might be possible that Skype was going to at least make its Linux client open-source. I decided it was worth my time to look further.

I gave Skype a call in Luxembourg. A Skype public relations spokesperson quickly replied: “We appreciate our user community’s enthusiasm and realize this is something they have been wanting for a while. We realize the potential of the open-source community and believe that making Skype for Linux an open source application will help to speed up its development and enhance its compatibility with different versions of Linux. While it is our goal to make Skype for Linux source code available to the community in the near future, we are not at a point to disclose an exact release date yet.”

Our reader explains: “It seems Skype is joining the effort to mislead the public about openness and to try cash in on the need for FOSS while not actually providing it.” A sort of retraction has just been posted.

Our reader continues as follows: “It would be great if it were true that Skype really released an open source package, but like most things that are too good to be true, it isn’t true. The new Skype will be neither open source nor open standards. It will contain a blob and still use that same tired old insecure, proprietary protocol instead of SIP.”

He then cites the original story about EIF being subverted by Microsoft and its allies. “This comes at a time where the word, and advantages, of ‘open’ are under attack even in the EU,” he explains. He adds some links for perspective:

“You’d think that with recent news

• Der Spiegel: Mossad hacked Syrian computer to uncover nuclear site

“…and with not so recent news

• US software ‘blew up Russian gas pipeline’
• The Farewell Dossier
• [ISN] Interview: Theo de Raadt of OpenBSD

“…and with downright old news

• David A. Wheeler’s Page on Countering Trusting Trust through Diverse Double-Compiling (DDC) – Countering Trojan Horse attacks on Compilers

“…and with just plain ancient news

• Reflections on Trusting Trust

“…that jobs, economies and sometimes lives are at stake.”

This leads to another important issue which is cost/debt, not just death.

We previously wrote about Windows malware at NASA facilities that are located in space [1, 2]. They foolishly relied on Microsoft Windows and another reader of ours wrote about “anti virus software on the ISS” in light of this new interview:

Have you ever had hackers infiltrating the ISS systems?

“The software we use to interface with the ground is just a file transfer back and forth, and it would be a very difficult thing to do. The chances of someone hacking up into the station is pretty much non-existent and it has never happened. Even if they could, the laptops themselves do not have a critical function like life support. There is a set of laptops that do provide the crew with cautions and warnings, but from a daily standpoint the astronauts really don’t use them — the ground monitors everything for them.”

“This is 2009,” says our reader, “we should all be going round in flying cars, yet even NASA can’t protect itself from Microsoft Viruses… From the tone of the questions, it’s even considered normal to get ‘viruses’.”

Even Microsoft is finally admitting the scale of the Windows worms epidemic, soon using “malware” to encourage people to pay more to Microsoft.

Microsoft blames malware on illegally copied software

[...]

Jeff Williams, the principal group program manager for the Microsoft Malware Protection Center claims there is a link between use of illegally copied software and malware infection rates.

They are just trying to upsell “licensed” Windows and charge for it in places where Microsoft does not really mind counterfeiting because it is used as a weapon against GNU/Linux adoption.

Our reader Ryan (fourth one mentioned in this post) sent us a pointer to this new Microsoft patch, which he summarises as “new IE patch patches the last patch.” Yes, Microsoft can't even get its patches to work right the first time. It usually means that the code is messy and thus hard to maintain (modify reliably). Ryan also points out that T-Mobile is suffering another major outage following the Sidekick fiasco that we wrote about in:

• Microsoft Pink is Already Declared Dead and Danger Dies with Permanent Data Loss
• Microsoft Sued for Data Loss
• Lawsuits Against Microsoft Turn to Class Action Lawsuit While Microsoft Mobiles Become Dying Breed
• Microsoft Recovers Sidekick Data? Not So Fast!

The next post will look at more distortion of openness, in the context of document formats. █

Permalink  Send this to a friend