06.12.09

“Mark Fink” Has Nothing to Do With Us

Posted in Site News at 4:05 pm by Roy Schestowitz

What began as a rude message to the Ubuntu mailing lists — improperly associating part of the discussion with this Web site (or at least that’s what some people thought) — has developed into some abhorrent personal attacks from “Mark Fink”. The poster then lied by claiming that Boycott Novell (or me personally) had something to do with it. This is a lie. There is nothing connecting the two other than the fact that one person, “Mark Fink”, may be reading this site. I only attempted to approach “Mark Fink” for the first time after he had attacked an innocent person (I tried to mention this gently and not lead “Mark Fink” to attacking us too). He later lied about me by claiming that I was responsible for all this. This is totally made up. It’s outrageous. He may have tried to cause unnecessary confrontations (there is a lot of confused E-mail correspondence going on).

The whole thing achieves nothing but cause a lot of people a lot of trouble. It also raises tension and wastes people’s time. I have been truthful about it all along.

One has to wonder if all that disruption in the Ubuntu mailing lists was actually intended to incite people and make this Web site look bad.

What was actually more repulsive were the attempts to characterise this as a setup. There was none. It is one man picking a bone with Ubuntu or Mono — rudely and independently.

Why is it that it’s impossible to just peacefully write about the topics that matter without all these repeated aggravations? Is it intended to lead contributors to fatigue? If so, it’s not going to work. Considering the very sharp rise in trolling, this could all be related, but we cope with it. █

Rating: 0.0/10 (0 votes cast)

Permalink Comments off Mail Send this to a friend

Smears Against Boycott Novell

Posted in Boycott Novell, Deception, FUD, Microsoft, Mono, Site News at 11:36 am by Roy Schestowitz

Summary: Dispelling and exposing the FUD tactics where trolls get treated as spokesmen (or spokeswomen) of this Web site

A LOT OF Internet trolls have been attacking our Web site via comments and IRC recently. Some weeks ago, DDoS attacks began as well (they still return occasionally, the last time being 3 days ago) and there is personal abuse. But the last thing we need is people spreading criminal accusations against us, so here are some urgent clarifications.

Jo Shields, the Mono packager from Debian and Ubuntu, has just had Linux Today publish a guest post. We won’t delve into the details, but there are some serious smears against our site in there. To give examples, Shields says:

“Many of those who advertise themselves as anti-Mono are, quite frankly, frightening. Calling for the deaths of Microsoft employees (see comments on Boycott Novell)

What???

It says “see comments”, but there is no link. Which one among ~20,000 comments would it be? Who said such a thing? There is nothing there but the cold insinuation that we are some kind of a site that wants to kill people.

Nice, eh?

Shields carries on by saying that we are “trying to have people who make positive comments about Mono fired (see recent comments on Ubuntu mailing lists)…”

That has absolutely nothing to do with us. For those who have not been following this, someone who chose to link to our site caused a big mess in the Ubuntu mailing lists and now we are getting accused of being responsible. Why? Because the poster linked to our site as source/proof. We were also seen as accountable for Boycott Novell protests in India — ones which we didn’t even know about after they had happened.

“There is nothing there but the cold insinuation that we are some kind of a site that wants to kill people.”We quickly addressed this issue last night (upon the request of a victim) and since there have been lot more issues with IRC logs recently (sites that hate us sending anonymous trolls to fill the logs with hateful, nauseating, racist garbage), it then serves as weapon against ‘us’ (trolls who enter the IRC channel) which they themselves plant through feedback mechanisms. In a ways, voices are being hijacked. We have reasons to believe that it’s this type of behaviour that led Bruce Perens to closing down his good Web site, Technocrat.

As one of our readers points out, Winston Churchill once said: “You have enemies? Good. That means you’ve stood up for something, sometime in your life.” But we — and by “we” it’s reasonable to refer to editorship — never “called for the deaths of Microsoft employees.” And if Mono folks, or supposedly one who represents them in this case, descend to such disgusting unsubstantiated accusations, then where to go from here? Shields’ last comment in this Web site said: “Fuck it, and fuck you.” I did not do anything to provoke such language, but this is the stuff we need to deal with for daring to write critically about Mono. █

“It’s [Windows is] an operating system, not a religion.”

–Ted Waitt, then CEO of Gateway.

Rating: 6.2/10 (43 votes cast)

Permalink 91 Comments Mail Send this to a friend

06.11.09

Manners

Posted in Site News at 8:04 pm by Roy Schestowitz

IT has come to our attention that impolite messages have been sent out which do not represent the views of this Web site but make it look as though they do. In a similar vein, a group of disruptors entered the IRC channel in recent days and uttered things that are intended to paint this site in a negative light. It was group work from the same people who had attacked us from other Web sites.

It is important to stress that such statements are by no means representative of this site’s message. It is hard to regulate such things because we don’t censor. Any advice would be appreciated. █

Rating: 6.6/10 (21 votes cast)

Permalink 41 Comments Mail Send this to a friend

06.08.09

Perception Management at Microsoft, Using Web Agents

Posted in Microsoft, Site News at 2:11 am by Roy Schestowitz

Microsoft’s strategy is also used by the Department
of Defense for political purposes

Summary: Another exploration of how a brand’s value is defended while its opponent’s gets tarnished

A WORD ought to be said about attempts to disrupt this Web site either by derailing the subject of discussion, attacking the server, or insulting people who are involved — both editors and contributors. One such contributor, “The Mad Matter”, wrote about this last night:

You know there are some things that really piss me off. Some goof ball using the name “Yggdrasil” posted a comment to my article Trolls and Linux and the rotten little son of a bitch had the gall to call me sensitive!

Actually I find it quite funny. I write about trolls, and lo and behold, Yggie, a fairly well known troll shows up, and proceeds to write a pro-Microsoft screed which accuses me of being dishonest. Think of the odds. I write something critical of Microsoft, on a blog that almost no one knows exists besides a few friends. It gets one mention on a relatively popular site, and I get a pro-Microsoft troll popping up the next day. A fairly well known troll. What does this tell you?

We’ve had a lot of trolls not only in the comments but also in IRC — trolls whose nature was rather vile, not just rude. They try to spoil it for everyone. They’ve tried the same thing with Groklaw too, especially recently (earlier this year, based what PJ told me).

“The Mad Matter” responded to an issue we’ve seen here for years. Mere comments get discouraged when anonymous trolls start attacking commenters personally for merely daring to comment. From the same thread which led to some of the flames (a comment from Linux Today) we also have this new bit [via Slated]

June 5, 2009 1:11 AM
Ex-Microsoft marketing manager said:

Of course Microsoft has a perception management team and specifically targets Web 2.0 sites like Digg and Reddit. Some of this is outsourced as well. It is felt inside MS that the reason why Vista failed was that on Web 2.0 sites it became fashionable to bad mouth the OS, this turned in to group think and thus the OS failed. Seriously, that is the belief and there is at least some merit to it. Lets be real, Vista is just not as bad as it is painted.

Now contrast that to Windows 7; Microsoft have spent a lot of money manipulating user generated content sites to hype the OS. Let me tell you, it is not so much different from Vista but the perception is that is it much better. Again, lets be real, Windows 7 is just Vista with some UI tweaks and *much* better marketing.

Watch for the talking points used, this is starting now but will be pushed harder after Win7 is released, I would expect “Windows 7 is the death blow to Linux on the desktop” will be a favourite.

I think it is poor form for MS to manipulate sites like Digg, there will be a backlash when the users figure it out.

As Slated points out, “This anonymous comment may be purely anecdotal, but it is nonetheless highly convincing. He certainly seems to know what he’s talking about.”

Waggener Edstrom, which is Microsoft's PR department, explains quite openly this practice of "perception management", so this should surprise nobody. Slated borrows an explanation of this term from Wikipedia.

Perception management is a term originated by the U. S. military. The U. S. Department of Defense (DOD) gives this definition:

Actions to convey and/or deny selected information and indicators to foreign audiences to influence their emotions, motives, and objective reasoning as well as to intelligence systems and leaders at all levels to influence official estimates, ultimately resulting in foreign behaviors and official actions favorable to the originator’s objectives. In various ways, perception management combines truth projection, operations security, cover and deception, and psychological operations.[1]

The phrase “perception management” has often functioned as a “euphemism” for “an aspect of information warfare.”

Adds Slated: “Well now we know how to formally address the shills in comp.os.linux.advocacy … they’re “Perception Management contractors”.

“Is this comparable to Dubya’s “Regime Change” hit-squads, I wonder?”

Also he says, “First there was the “Technology Evangelist” (TE):”

For eight years (1992-2000), I was the driving force behind Microsoft’s effort to make its Technology Evangelism (TE) efforts more efficient, effective, and ruthless, by studying both the practice and the theory of TE. After leaving Microsoft in 2000, I spurned the inquiries of numerous Microsoft competitors to testify on their behalf. As recently as year, I fell on my sword on Microsoft’s behalf.

[...]

My belief that I was one of the Good Guys was similarly flawed. This is now inescapable. I was wrong. Many of the TE practices that I developed, taught, and espoused were wrong. Anyone who continues to practice them is wrong. As a first step towards making amends for my past wrongdoing, I must make this clear, and widely known.

We have already written a lot more about it [1, 2]. Carla from LinuxToday added yesterday (in light of a lot of trolling in the Web site she manages):

Some of the grumpiness comes from the endless torrents of anti-Linux FUD, propaganda, misinformation, astroturfing, and just plain whining that keep pounding on the same theme: that Windows is easy, Linux is hard, and expecting computer users to spend more than eight or fifteen seconds in study is a sin. It has never been true that learning to use a personal computer is easy; that is a plain lie. Conversely, it’s not that hard.

Microsoft AstroTurfing is a reality, not mere speculation. Microsoft admits it, but it contracts those who are responsible through outside entities. Microsoft is not alone by the way, but it is very unique in its field. █

Related:

Rating: 7.8/10 (8 votes cast)

Permalink 3 Comments Mail Send this to a friend

06.02.09

Site Filtering and Ethical Advertising

Posted in FSF, Site News at 3:33 pm by Roy Schestowitz

Novell cloud

Summary: Loads of requests have been blocked for the past two weeks and connectivity issues caused due to an overly aggressive firewall (there are still zombies knocking on the Web site every now and then, so it’s better to serve poorly than not to serve anything at all due to downtime); We also adopt ethical means for paying the hosting bills from now on

MANY readers have said that they experienced issues accessing this Web site since the DDoS attacks began. Our Web host has just changed the settings in such a way so that not so many legitimate visitors will be treated as suspect zombie PCs that still hammer on the server. On top of that we also have smear campaigns and mod-bombing campaigns against us, but we won’t draw attention to these. Those who still experience issues can hopefully pop into IRC and let us know about it because if disruption persists, then opposers of this Web site will get their way.

The more important news is that Google ads are gone for good. They were used only to pay the old Web host and Google was assigning proprietary software ads to pages (it’s beyond our control), which did a bit of harm. We now advertise with AdBard, whose official launch has just been announced in the form of an FSF endorsement (as per the press release below). █

FSF welcomes AdBard network for free software advertising

The Free Software Community now has an ethical alternative to ad networks that promote proprietary software

BOSTON, Massachusetts, USA — Tuesday June 2, 2009 — The Free Software Foundation (FSF) today welcomed the launch of AdBard a new advertising network for technology based websites based upon the promotion of Free, Libre and Open Source Software (FLOSS) friendly products and services.

The AdBard Network has been created by Tag1 Consulting to serve websites dedicated to free software ideals, helping them connect with companies selling products and services targeting a FLOSS audience. AdBard solves the problem that more generic advertising has led to the display of proprietary software products on sites that otherwise promote computer user freedom.

“The Free Software Community now has an ethical alternative to ad networks that promote proprietary software” said Peter Brown, Executive Director of the Free Software Foundation. “This is a huge win for many of the sites that serve our community. And we wish AdBard and the websites that display AdBard adverts every success. We also hope this will inspire other ad networks to adopt similar policies.”

“AdBard is a great way for advertisers and publishers in the free software community to come together and help grow the free software services market.” said Jeremy Andrew, CEO of Tag1.

The FSF receives no money from AdBard and has no financial interest in Tag1 Consulting, but is making this announcement to help the advertising-supported web sites in the free software community to stop legitimizing proprietary software by advertising it.

Websites already using AdBard include http://Kerneltrap.org, http://Libre.FM and http://BoycottNovell.com. For a complete list visit http://adbard.net/adbard/websites.

Advertisers can find out more by visiting http://adbard.net/advertise.

About the Free Software Foundation

The Free Software Foundation, founded in 1985, is dedicated to promoting computer users’ right to use, study, copy, modify, and redistribute computer programs. The FSF promotes the development and use of free (as in freedom) software — particularly the GNU operating system and its GNU/Linux variants — and free documentation for free software. The FSF also helps to spread awareness of the ethical and political issues of freedom in the use of software, and its Web sites, located at fsf.org and gnu.org, are an important source of information about GNU/Linux. Donations to support the FSF’s work can be made at http://donate.fsf.org. Its headquarters are in Boston, MA, USA.

About Tag1 Consulting, Inc.

Tag1 Consulting, Inc. is a distinguished professional consulting company headquartered in sunny Florida, with an international presence providing computer consulting services worldwide. Tag1 focuses on performance and scalability consulting of GNU/Linux and *BSD, using Apache, PHP, MySQL and PostgreSQL, specializing on Drupal performance. For more information visit www.tag1consulting.com.

Media Contact

Matt Lee Campaigns Manager Free Software Foundation
PHONE +1 (617) 542 5942 x25 campaigns@fsf.org

Rating: 8.2/10 (10 votes cast)

Permalink 11 Comments Mail Send this to a friend

05.27.09

BNP Attacked via Windows Zombies, Blames Conspirators

Posted in GNU/Linux, Microsoft, Security, Site News, Windows at 7:45 am by Roy Schestowitz

Better DDoSed than defaced?

Summary: The problem with Windows botnets raises greater concerns as yet another Web site goes offline for the weekend

T

HE INHERENT insecurity of Microsoft Windows is some serious business. It is not only used for spamming at a biblical scale, but with an army of hundreds of millions of Windows zombies one truly becomes a master of the World Wide Web, deciding which Web sites go offline and which ones stay offline. That’s a lot of power to have and it requires no Australia-style secret filters. At worst, entire nations get be paralysed and there are real-world examples of this.

The problem is confirmed to be a hugely severe one because some security experts believe that only luck or mercy has permitted the Web to persist living. According to a new report from Heise, “ITU calls for global cybersecurity measures.”

The International Telecommunication Union ITU has published its proposals for harmonising global cybersecurity legislation on the periphery of a conference on the information society in Geneva.

This would not resolve anything. As we stressed the other day, banning of software tools would not be effective and fining vendors would not help either (Linux vendors agree). But if the FBI can't keep Windows secure, who can? Would a solution be to phase out (maybe eradicate or quarantine) Windows? Botnets consistently comprise Windows boxes because evidence suggests that UNIX and Linux are a lot more secure. No version of Windows will ever be secure, based on evidence too.

Over a week ago (13 days to be precise) we began suffering downtimes due to DDoS attacks and this morning we found this report in The Register:

BNP pleads for cash after reported DDoS assault

[...]

A conspiracy by “Marxist cyber criminals” campaigning against the BNP is alleged to be behind the assault, which remains ongoing, according to an appeal email, which was sent out on Monday.

The size of the renewed assault is unparalleled and there is no doubt that whoever has organised this has had to pay out a serious amount of money to the criminal underworld.

On Friday the servers of Clear Channel, part of a huge conglomerate that provides billboard advertising to the BNP, suffered a similar attack. Their IT professionals tracked the criminal activity back to a notorious “anti-fascist” organisation openly aligned to the Labour Party and supported by the Conservatives and the Liberal Democrats. This organisation was protesting at the decision by Clear Channel to allow the BNP to display advertising in support of our European Election Campaign.

As a consequence of the criminal actions against Clear Channel we understand that their legal team is currently in the process of issuing writs against the perpetrators which as well as civil actions will involve the possibility of potential criminal charges including racketeering.

Whether one believes them or not is a separate matter. Tracking the source of a DDos attack is next to impossible unless a comprehensive investigation is launched.

As for ourselves, we made no accusations against anyone, but we were privately sent information that may show the motive for an attack. There were about half a dozen such attacks. It was mostly likely targeted, it was not some random selection of a victim. █

“Our products just aren’t engineered for security.”

–Brian Valentine, Microsoft executive and Windows manager

Rating: 10.0/10 (6 votes cast)

Permalink Comments off Mail Send this to a friend

05.21.09

Minor Update (Maintenance)

Posted in Site News at 8:29 am by Roy Schestowitz

T

HERE was another DDoS attack yesterday and we are running things through Squid at the moment. This means that requests arrive indirectly through localhost and thus the rating system won’t permit more than a single vote (from localhost). This disruption will end at a later stage. The highest priority at the moment is to issue posts and serve pages. █

Permalink Comments off Mail Send this to a friend

05.19.09

DDOS and Migration (Updated)

Posted in Boycott Novell, Site News at 7:33 pm by Roy Schestowitz

Summary: Boycott Novell had been under DDOS attacks for almost 4 days. We were struggling to just stay online while hosts investigated where the attacks came from. We moved between hosts (to semi-dedicated) and the same pattern of attack persisted until yesterday.

WE have kept silent about it in order not to encourage the attacker/s, but it’s true. We have been under heavy DDOS attacks since Thursday night. What has happened since then? Well, a lot. Our previous host is no more as far as we are concerned. After struggling with the botnet for like 10 hours (filtering to no avail) our Web site got isolated. It did not serve any pages for almost 2 days. A reader of Boycott Novell was kind enough to lend us room on his server (more or less dedicated), on which he fought the botnets for over a day. The attackers kept changing tactics. Some other readers offered filtering advice and we are grateful to all of them. Ultimately, the attacks halted yesterday afternoon.

“Ultimately, the attacks halted yesterday afternoon.”The migration from the old server was not simple because the site was disabled abruptly following the early attacks. But now we have ensured that all data has been migrated. The only ‘good’ thing which came out of this attack is that, as oiaohm put it, the ordeal sort of made us more robust to future attacks.

Now that we have a new host in place, we also have more features. Data on the site (comments, posts, etc.) was not lost in the migration, just heaps of time and effort affecting several people. We have moved to a bigger, more robust environment that will hopefully facilitate the needs of the Web site as it continues to grow (we served about 200GB of data last month). We apologise for the downtime, which is unprecedented.

The plan is to carry on exposing Comes exhibits next month and also organise the Wiki. There is enough for years of work.

Again: we would like to thank all those who helped during the downtime and especially our generous reader ( Copilotco) who offered to host the Web site, taking us away from shared hosting in the process. Dedicated servers on normal Web hosts are just far too expensive for us to afford and I swear that I never made a single dime from this Web site. The ads merely covered the hosting fees which Shane has been paying since 2006.

One last clarification for lunatics who are now suggesting that we DDOSed ourselves, where to even begin refuting such nonsense (coupled with personal abuse)?

The attacks came from many addresses, for example 88.198.60.8 which is “tor-proxy.va6.de”. Multiple such IPs hit us constantly and relentlessly (all tor exit nodes at first). At one stage it seemed like the front page alone received 3 page requests per second. But the IPs were also doing a HEAD on the Web site as many times as possible, bringing the server down to its knees (both the old server and new server, the former running Red Hat and the latter CentOS). █

Update: Here is a report from the administrator.

I took over hosting of boycottnovell.com for Roy in the middle of the DDOS attack. I am looking at the squid log for boycottnovell.com during the DDOS. I have squid caching/proxying/url-rewriting for apache for various reasons.

The attack initially (or at least, at the time the DNS was re-pointed to my server) consisted of lots of HEAD requests. Then I wrote up a script to tail the log finding anyone doing lots of HEAD requests and putting the offending IP into the iptables packet filter while I cooked up a more permanent solution. Eventually they figured this out and switched to a full on GET of the root of the site and then I think they started getting random pages from the site as fast as they could although I’m not sure about that.

The interesting part starts around timestamp 1242543590.804 which is apparently when most of the world’s DNS cut over to me including that of the machines in whatever bot net was employed in the attack.

If we run this command on the logfile with the logfile being /tmp/bn.log:
grep " HEAD http://boycottnovell.com/ " /tmp/bn.log | awk
'{print $3}' | sort | uniq -c |sort -n | tail -10
we get:
   2716 81.175.61.4
   2960 212.24.147.228
   3056 204.209.56.56
   5637 87.236.199.73
   6645 145.100.100.190
   7261 212.42.236.140
   8487 88.198.14.120
   9640 62.141.58.13
  11008 87.118.104.203
  11269 88.198.60.8
and if we do:
grep " GET http://boycottnovell.com/ " /tmp/bn.log |
awk '{print $3}' | sort | uniq -c |sort -n|tail -10
we get:
   5801 94.136.16.242
   5854 85.25.152.185
   5865 212.24.147.228
   6367 66.35.1.170
   6682 205.209.142.210
   6977 87.118.104.203
   8102 83.140.125.188
   8300 85.25.145.98
   8441 212.42.236.140
  20065 66.230.230.230
So one IP did a get of the root of the site 20k times before I really effectively got everything blocked off and another did a HEAD around 11k times. You can get a feel for how the attack progressed using:
egrep ' GET http://boycottnovell.com/ | HEAD
http://boycottnovell.com/ ' /tmp/bn.log | less
Assuming that everyone who did a GET or a HEAD more than 100 times (a conservative estimate) is involved in the attack:
egrep ' GET http://boycottnovell.com/ | HEAD http://boycottnovell.com/ '
/tmp/bn.log | awk '{print $3}' | sort | uniq -c| sort -n > /tmp/attackers
and then counting only the lines with greater than 100 hits we can see that there were 281 unique IP addresses involved in the attack.

However, it looks like they switched to targeting various different parts of the site later on or maybe just random pages because if we look at all of the accesses to the site which made more than 100 requests we get 863 IPs involved the top 19 being the following:
   6193 62.141.53.224
   7153 85.25.151.22
   7764 145.100.100.190
   8524 66.35.1.170
   8757 94.136.16.242
   9256 85.25.152.185
  10369 83.140.125.188
  10464 212.24.147.228
  10874 205.209.142.210
  10935 87.236.199.73
  11441 88.198.14.120
  12094 62.141.58.13
  12208 88.198.60.8
  12994 66.249.70.134
  13940 85.25.145.98
  19119 212.42.236.140
  19867 87.118.104.203
  26480 216.105.40.113
  29854 66.230.230.230
So 66.230.230.230 made 29k requests to the site in total.

Putting some iptables rules in place (which I document here):

http://www.kernel-panic.org/pipermail/kplug-list/2009-May/108075.html

nicely cut the problem down to size and now the effect of the DOS is unnoticeable.

11M of gzipped log are used for this sample.