How far the gluster server has fallen. Here's the text of the article:
----
How far the once mighty SourceForge has fallen…
[Editor's note: This post is the opinion of the author and not necessarily that of the Gluster Community]
TLDR:
SourceForge, once a mighty force for the good of Open Source, has fallen far from its previous lofty heights.
Dice, the new owners, bribe strongly encourage the top projects to use a new (closed source only) installer that pushes spyware / adware / malware.
Developers using SourceForge should migrate away from it if they want to keep their integrity. End users using projects hosted on SourceForge should immediately find an alternative.
Full version:
When people download software from SourceForge, or any major repository of Open Source software, they expect the software to be trustworthy. (baring unintentional bugs)
They do not expect the software to be a source of “drive by installer” style malware, spyware, adware, or any other unrelated/unintended software.
SourceForge’s new owners, Dice, have consciously and deliberately moved to a model violating this trust.
With their recent changes, users downloading from SourceForge now receive a special closed source installer which attempts to foist unrelated third party software onto them.
This is a “drive-by installer”, designed to catch less technical users and the unwary, to fill their computers with malware / junk ware / crime ware. As abused by the notorious ask.com toolbar and others:
FileZilla_drive_by_downloader_smaller
It gets worse.
When SourceForge introduced this, it bribed encouraged the top projects to participate by giving them a cut of the take. So these co-operating projects are also knowingly selling their users down the river.
I’m not against monetisation at all, we all have lives and need to pay our bills. But not through abusing user trust. Not through preying on the unskilled or unwary.
To misquote Marge Simpson; “They not only crossed the line, they threw up on it.”
If you’re a developer or contributor to a SourceForge project, please ask them to move to a new project host (there are several). And cease all further involvement until it’s complete. I’ve already done so with mine.
If you’re a user of a SourceForge project, please find and use an alternative project instead.
We should all demonstrate our commitment to user safety and personal integrity around this issue.
> This is a “drive-by installer”, designed to catch less technical users and the unwary, to fill their computers with malware / junk ware / crime ware... To misquote Marge Simpson; “They not only crossed the line, they threw up on it.”
And after a little research, it's clear that this article throws up on the truth.
1) “drive-by installer” Drive-by installers don't require user to download and intall, and are definatelly not OPT-IN like this one
2) "malware / junk ware / crime ware" - He listed all of the wares, except the one that it is, offer-installer is adware.
I'm no fan of opt-in adware, but plenty of quality apps depend on it. I've been using daemon tools for almost 5 years now, and I've never had an issue with it. For such a trivial tool with opensource alternatives, most people won't pay, but developers needs to pay their bills and a little adware gets the job done.
For click bait garbage articles like this I wish HN had someway to unvote.
Your objection is a matter of degree, not definition. The author's point is that we are better than this in the OSS community... and it's a valid point. Peole shouldn't get things they didn't want when they use OSS. I join the author in calling shenanigans on this.
There is a clear distinction between malware (virus, trojans, and worms) and adware in the antivirus community. As this is neither drive-by nor malware, it's no stretch; it's an outright lie.
Who are you to say how open source authors make their money? While I'm not happy about this shady move by Dice, it's the sensationalist writing, full of misinformation that I was calling out.
> There is a clear distinction between malware (virus, trojans, and worms) and adware in the antivirus community.
Fortunately for everyone, the "antivirus community", which produces software I would also classify as malware, does not get to dictate how the rest of us use words.
>There is a clear distinction between malware (virus, trojans, and worms) and adware in the antivirus community. As this is neither drive-by nor malware, it's no stretch; it's an outright lie.
To a user who has their machine slow to a creeping halt or behave in unexpected ways because of these "opt-in" daemon adware suites, that "distinction" breaks down very quickly.
If you use those kinds of tactics, you are taking CPU cycles from people who did not want them taken. Where I come from , we call that stealing - and it makes you something less than an honorable individual if you do it. I spent years working in tech support, so I have the understanding necessary to make that statement.
I am also a developer and I know there are more honest - and proven - ways to make a living with OSS that don't fall on that side of the "shady" line.
It's malware. No one wants adware and toolbars. Even if you ask politely and they say yes, no one wants that, and no one should have it. A spade is a spade.
More than that, when I see those kind of opt in/out adware or toolbar things in an installer, I immediately lose trust in the underlying software I'm trying to install. Guilt by association.
as i said in response to another post, i hate adware and toolbars as much as the next person, but semantics is important: malware is malicious software. a toolbar that i did not intend to install, but is not malicious, is not malware.
What do you think those toolbars do? Inspect and Inject javascript into webpages, send my web browsing history to their master servers. It cant imagine a toolbar that isn't malicious.
I consider this sort of software harmful, but there is definitely an important distinction between it and software that actively tries to steal your credit card numbers, run a botnet, or send spam email. We need a word specifically for software that makes an attempt to abide by the law and avoid any outright malice, yet exists in a sort of moral gray area.
Seems like the author just didn't really understand the most common definition of "drive-by installer".
Either way, I find those installer "offers" are pretty distasteful even when they are deployed by good people with good motives. Roughly what percent of the people who installed the Ask toolbar actually understood what it was and wanted it to be installed? Surely a minority...
Your objection to OP is semantics, the gist of his point is true. Asking for one thing and getting unnecessary other crap that eats your time removing is completely against the ethos of OSS. Who cares if it is "offer-installer adware", it is UNREQUESTED, UNWANTED, TIME CONSUMING and TRUST ERRODING.
ImgBurn recently changed to an adware / crapware installer which is set for opt-out. However, the dev was nice enough to post instructions in his forum on how to de-crapify the installer.
Good for Lightning UK! Growing up he was one of my heroes with DVD Decrypter. I hope he can make a few bucks on advertising with its spiritual successor.
This article is sensationalist BS. After a little research it's clear that DevShare is adware not malware.
Its not "opt-in" if you explicitly click "NO" and still get the malware installed all over your machine. Getting rid of it is not as simple as an uninstall..
That is what happened the very last time I tried to download something from SourceForce.. (SourceForge).
The article may get some things twisted with some warez definitions, but the main problem is: a once trusted site lets users download a different software than anyone is searching for - this leads to confusion at first because users don't know what they are downloading and installing anyway...
HN has downvotes if you have over 500 karma. There's always the flag button to report content you consider unfit for HN (this article would match that criterion in your case).
Exactly and I wanted to "un-vote", remove my previous vote. I'm not happy about the adware, so I initially voted for the story, but after checking some sources I discovered the article was full of inaccuracies.
If correct, that's really, really bad. Trying to download some random project from there just gives me a .deb, though, which I am hardly going to install.
I imagine it's OS-sniffing, so any Windows users around to confirm?
No, I don't think it's OS sniffing since downloading the windows version of for example Filezilla doesn't allow you to change mirror and as the article explained, downloads from some other url than Sourceforge (or a mirror).
----
How far the once mighty SourceForge has fallen…
[Editor's note: This post is the opinion of the author and not necessarily that of the Gluster Community]
TLDR:
SourceForge, once a mighty force for the good of Open Source, has fallen far from its previous lofty heights.
Dice, the new owners, bribe strongly encourage the top projects to use a new (closed source only) installer that pushes spyware / adware / malware.
Developers using SourceForge should migrate away from it if they want to keep their integrity. End users using projects hosted on SourceForge should immediately find an alternative.
Full version:
When people download software from SourceForge, or any major repository of Open Source software, they expect the software to be trustworthy. (baring unintentional bugs)
They do not expect the software to be a source of “drive by installer” style malware, spyware, adware, or any other unrelated/unintended software.
SourceForge’s new owners, Dice, have consciously and deliberately moved to a model violating this trust.
With their recent changes, users downloading from SourceForge now receive a special closed source installer which attempts to foist unrelated third party software onto them.
For example, when a user clicks on this:
They instead receive this: This is a “drive-by installer”, designed to catch less technical users and the unwary, to fill their computers with malware / junk ware / crime ware. As abused by the notorious ask.com toolbar and others:FileZilla_drive_by_downloader_smaller
It gets worse.
When SourceForge introduced this, it bribed encouraged the top projects to participate by giving them a cut of the take. So these co-operating projects are also knowingly selling their users down the river.
I’m not against monetisation at all, we all have lives and need to pay our bills. But not through abusing user trust. Not through preying on the unskilled or unwary.
To misquote Marge Simpson; “They not only crossed the line, they threw up on it.”
If you’re a developer or contributor to a SourceForge project, please ask them to move to a new project host (there are several). And cease all further involvement until it’s complete. I’ve already done so with mine.
If you’re a user of a SourceForge project, please find and use an alternative project instead.
We should all demonstrate our commitment to user safety and personal integrity around this issue.