Tag: FUD

The SFLC and Conservancy: A History

Yesterday, I went over how the Linux Foundation doesn't seem to like the license Linux is published under very much.

Bruce Perens, co-founder of the Open Source Initiative and founder of the Linux Standard Base (which led to the formation of the Linux Foundation), says it's worse than that, and that the Linux Foundation is now undermining GPL enforcement against its member organizations.

This is a complicated story, so strap in. I mean, if this sounds like something you're interested in. If it doesn't, then I don't blame you; come back on Friday, when I'll have about 750 words on April from Teenage Mutant Ninja Turtles.

Still here? Okay.

The Software Freedom Law Center is funded by the Linux Foundation, and provides pro bono legal services and representation to developers of free/open-source software. Its chairman is Eben Moglen, who was pro bono general counsel for the Free Software Foundation from 1994 to 2016. Moglen has done a hell of a lot for free software over the course of the last 25 years.

In 2006, the SFLC launched the Software Freedom Conservancy, an organization that provides free financial and administrative services to free software projects. Today Conservancy represents 48 projects, notably including BusyBox, Git, phpMyAdmin, QEMU, Samba, and Wine. Conservancy is an independent entity and not part of the SFLC, though the SFLC represented Conservancy through 2011.

In 2007, the SFLC and Conservancy began GPL enforcement suits on behalf of BusyBox. BusyBox is a minimal bootable system that's in everything; if you're using a piece of consumer electronics that's more complicated than a microwave oven, there's a good chance it's got BusyBox in it. And a lot of those electronics companies don't bother to follow the GPL and release their source code modifications.

There's been some backlash against GPL enforcement in the years since. BusyBox's maintainer, Rob Landley, later regretted the lawsuits; he deemed them counterproductive, and said they hadn't helped BusyBox or any other project, they'd just convinced companies like Google to avoid the GPL and use permissive licenses instead.

Maybe so. But if nobody ever enforces the GPL, then it's meaningless. A mere suggestion.

Conservancy has continued its GPL enforcement actions. Currently, it's funding Christoph Hellwig's litigation against VMware in Germany. VMware distributes a modified version of the Linux kernel; Hellwig is a kernel contributor and, thus, one of the many copyright holders in the Linux kernel. (While many free/open-source projects require that contributors assign all copyright to a single rightsholder, such as Conservancy or the GNU Project, the Linux kernel does not; every single contributor to the Linux kernel maintains the copyright to the portion of the kernel they contribute, but licenses it under the GPL for anyone else to use.)

Eben Moglen seems to have soured on GPL enforcement. Last year he published an article in the International Free and Open Source Software Law Review titled Whither (Not Wither) Copyleft. His arguments are similar to Landley's: all these GPL enforcement suits are actually bad for the GPL, because they discourage companies from using the GPL at all.

Moglen makes the argument that litigation should be a last resort, and that parties should try to resolve their disputes amicably if at all possible. The thing is, I don't think anybody actually disagrees with that.

When has Conservancy chosen to sue, when there was any other path available? BusyBox v Westinghouse was a default judgement. Westinghouse didn't even bother showing up to court; I don't see how politely-worded E-Mails were going to get it to comply. Conservancy spent three years attempting to negotiate with VMware, to no avail; the lawsuit is a last resort. Whither copyleft? indeed.

Bruce Perens thinks the SFLC's recent trademark action is retaliation for Conservancy's enforcement action against VMware. I'll save the why for my next post. Tune in tomorrow, same Thad-time, same Thad-channel.

The Linux Foundation Hates Copyleft

It's been kinda weird, seeing the Linux Foundation slowly transform into an organization that is fundamentally opposed to the license Linux is published under.

But the Linux Foundation is in the business of turning a profit, and that's meant embracing corporate America -- even Microsoft is now a member. In fact, the board is overwhelmingly made up of corporate representatives now: Facebook, AT&T, Qualcomm, Cisco, VMware (we'll come back to them tomorrow), Intel, HP, Bitnami, Panasonic, Hitachi, Samsung, IBM, Microsoft (Microsoft!), Comcast, Huawei, NEC, Oracle, Fujitsu. There used to be two community representatives on the board, but they eliminated that position (we'll come back to that on Thursday).

Linux is published under the GNU General Public License. The GPL is what GNU/Free Software Foundation founder Richard Stallman calls "copyleft": if a piece of software is licensed under the GPL, then that means anyone else is free to access, modify, and redistribute the source code, provided that if they release a modified version, they publish it under the same license.

Corporations don't much like copyleft or the GPL. They like more permissive licenses, like the MIT License and the BSD Licenses, which allow them to take someone else's code, modify it, and not give their modifications back to the community.

Linus Torvalds, the man who the Linux Foundation is named after, gets this. FOSS Force's Christine Hall recounts his remarks at LinuxCon last year:

“I think that if you actually want to create something bigger, and if you want to create a community around it, the BSD license is not necessarily a great license,” he said.

“I mean, it’s worked fairly well, but you are going to have trouble finding outside developers who feel protected by a big company that says, ‘Hey, here’s this BSD license thing and we’re not making any promises because the copyright allows us to do anything, and allows you to do anything too.’ But as an outside developer, I would not get the warm and fuzzies by that, because I’m like, ‘Oh, this big company is going to take advantage of me,’ while the GPL says, ‘Yes, the company may be big, but nobody’s ever going to take advantage of your code. It will remain free and nobody can take that away from you.’ I think that’s a big deal for community management.

“It wasn’t something I was planning personally when I started, but over the years I’ve become convinced that the BSD license is great for code you don’t care about. I’ll use it myself. If there’s a library routine that I just want to say ‘hey, this is useful to anybody and I’m not going to maintain this,’ I’ll put it under the BSD license.

“Whenever licenses come up, I want to say that this is a personal issue,” he continued, adding a disclaimer most likely meant mainly for the benefit of the BSD folks, some of whom resent Linux’s success, but also to appease big enterprise, which is where the Linux Foundation gets virtually all of it’s funding.

“Some people love the BSD license,” he said. “Some people love proprietary licenses, and do you know what? I understand that. If you want to make a program and you want to feed your kids, it used to make a lot of sense to say that you want to have a proprietary license and sell binaries. I think it makes less sense today, but I really understand the argument. I don’t want to judge, I’m just kind of giving my view on licensing.”

Jim Zemlin, Executive Director of the Linux Foundation, seems to feel a little bit differently. Hall quotes him, in an article titled The Linux Foundation: Not a Friend of Desktop Linux, the GPL, or Openness:

“The most permissive licenses present little risk and few compliance requirements. These licenses include BSD and MIT, and others, that have minimal requirements, all the way to Apache and the Eclipse Public License, which are more elaborate in addressing contributions, patents, and indemnification.

“In the middle of the spectrum are the so-called ‘weak viral licenses’ which require sharing source code to any changes made to the originally licensed code, but not sharing of other source code linked or otherwise bound to the original open source code in question. The most popular and frequently encountered licenses in this category are the Mozilla Public License and the Common Public Attribution License.

“Restrictive Licenses present the most legal risk and complexity for companies that re-distribute or distribute software. These licenses are often termed ‘viral’ because software combined and distributed with this licensed software must be provided in source code format under the terms of those licenses. These requirements present serious risks to the preservation of proprietary software rights. The GNU General Public License is the archetype of this category, and is, in fact, the most widely used open source license in the world.”

Hall adds, "While his points are accurate enough, and reflect what I’ve already written in this article, the terms he uses suggest that the foundation holds the GPL and other copyleft licenses in contempt."

So what's all that got to do with the Software Freedom Law Center filing to have the Software Freedom Conservancy's trademark terminated? Nothing, insist the Linux Foundation and the SFLC. But Bruce Perens -- who founded the Linux Standard Base, one of the organizations that became the Linux Foundation -- thinks it's retaliation for a GPL enforcement lawsuit against VMware.

But that's a story for another post. Or two...

Tracking

I wrote a post about VPNs a few months back, referring to the recent repeal of Obama-era regulations that would have prevented ISPs from selling customer browsing history.

There's a common refrain I've seen from people who favor the repeal, both in the government and in Internet comments sections: "Google and Facebook track you and sell your data, and the government doesn't stop them from doing it, so it's not fair to stop your ISP from doing it!"

Now, this argument is fundamentally dishonest, for the following reasons, off the top of my head:

  • Your ISP sits between you and every single site you visit. Google and Facebook have extensive tracking operations, but not that extensive.

  • You can use the Internet without using Facebook or Google. It may not be easy, but it's possible. You can't use the Internet without your ISP.

  • Google and Facebook's business model is that they provide a service and, in exchange, you allow them to gather your personal data and resell it to third parties. Your ISP's business model is that it provides service and, in exchange, you pay them eighty fucking dollars a month. Did I say eighty? They just kicked it up to one-thirty, if you want unlimited data.

    When you give your personal data to Facebook or Google to sell to third parties, you get their service in return. When you give your personal data to your ISP to sell to third parties, you get fucking nothing in return, because you're already paying your ISP money in exchange for Internet service. Is your ISP going to lower your bill in exchange for taking your personal information to sell to third parties? LOLno.

  • Google and Facebook have competitors. Those competitors don't have the dominant market position that Google and Facebook do; hell, maybe they're just plain not as good. But they exist. They're options.

    There is no significant broadband competition in the US. If I don't like my ISP, I can't just switch to another one, because there is no other one available at my address. My choices consist of Cox, no Internet, and moving.

    There's no incentive for your ISP to behave ethically. There's no incentive for your ISP to charge you fairly. There's no incentive for your ISP to provide quality service. My ISP is a monopoly. Yours probably is too. Or, at best, it might have one competitor that does all the same shit.

  • Google and Facebook have pages where you can opt out of tracking.

But. Despite the intellectual dishonesty of the "but Google and Facebook track you!" argument, there is a kernel of truth in there: yes, Google and Facebook track you, yes it's difficult to avoid that tracking, and no, there are no regulations in place to protect your data. This is a problem.

So, shortly after writing that post, I removed the Google Analytics code from this site. And now I've also updated the site so that the fonts it uses are hosted here at corporate-sellout.com, not called from Google Fonts (hat tip to the Disable Google Fonts WordPress plugin). I'm still using a Google Captcha on the Contact page for now, but I'm looking at alternatives. Plus, there are YouTube videos embedded on this site...and, well, there's nothing I can really do about preventing Google from tracking you when you load YouTube videos. Sorry about that.

I'm also planning on adding SSL to the site, eventually, but I haven't gotten around to it yet.

This blog's not a business. Occasionally somebody buys something through an Amazon Associates link, or buys my book (thanks!), but I've got a day job; I'm not here to make money. I write stuff here because I like to write stuff. Sometimes people like it, and that's cool, and it's cool to know that people are reading. But that's as far as my interest in analytics goes.

I don't resell data; I don't do SEO or A/B headlines or clickbait or any other kind of crap to try and drive people here -- hell, I hate all that shit. But I like looking at site stats once in awhile to see where people are coming from, where somebody's mentioned me, and to laugh at search terms like "did stan lee bone at jack kirby's wife".

So I'm looking for a new stats package. Server-side; just for me, not Google.

Meanwhile, I am looking for ways to use Google as little as possible, not just on this site but in general. I think I can probably get a few more posts out of that subject.

Job Spammers are the Worst

I'm looking for work right now.

So I've got a current resume posted publicly up on CareerBuilder.

And oh God, the spam that brings.

It's kind of amazing how many hiring agencies seem to have taken a look at the scammers who sell penis pills and decided, "Yeah, that looks like a pretty good business strategy."

I'm inundated, every day, with postings for jobs that aren't even in my state. I've gotten ten of them this week alone (and one phone call), and it's only Wednesday morning.

Most of them seem to be coming through one single distributor, or at least one single software kit -- because they follow the same format, and if you click Unsubscribe, all the Unsubscribe pages look exactly the same except for the logo.

Needless to say, they do not actually honor the unsubscribe requests. These are spammers we're talking about.

Of course, the big problem here is that unlike the spambots selling Cialis, I can't just mark these as spam and rely on Bayesian filters to sort the wheat from the chaff -- because aside from the location, these postings are indistinguishable from real job posting E-Mails, of the sort I want and need, because I am trying to find a job. Job spammers have an in that other spammers don't: they're advertising something I actually want, they're just advertising it in a place I don't want it. So I can't filter out an entire class of E-Mails, because the risk of false positives is far too high.

Which leaves me relying on filtering by domain name. Which, as anybody knows, is unreliable Stone Age Whac-a-Mole shit, because spammers use all the domain names they can get their mitts on.

Still, it's better than nothing, and I'll be putting a list of the spam domains I've filtered so far at the end of this post -- maybe it'll be of some help to some other folks out there looking for work. And maybe it'll give these agencies a little bad publicity.

But first, here's a story about the absolute worst, slimiest job spam I've gotten to date.

It's from an organization called Strategic Staffing Solutions, which started out by straight-up brazenly lying to me. Here's a portion of the E-Mail I got, with the rep's last name and E-Mail redacted -- I don't want to rain down Internet mob justice on anybody, even if they are engaging in sleazy tactics; I just want to name and shame the company that encourages this type of behavior.

From: Adam [redacted] <[redacted]@strategicstaff.com>
Subject: data scientist - MO
01/26/2015 02:17 PM

Hello Thad Boyd,

Please contact me as I have many job opportunities to discuss.

We have 24 locations within the USA.

I have called your phone number about your resume. The phone number has been disconnected.

Would you be interested in this job position? Please send me your resume.

Here are two job orders:

What followed were two job listings that have absolutely nothing to do with my education, training, or job experience.

So, straight into the circular file it went.

And then I thought, you know what? No. That line about trying to call me and my phone being disconnected was low. That's just a gross way to start any kind of relationship.

So I replied to the guy, and decided to press him on the "Your phone has been disconnected" lie.

From: Thad Boyd <[redacted]>
Subject: Re: data scientist - MO
01/27/2015 08:45 AM

Hi Adam,

I've had the same phone number for ten years, and haven't had any trouble receiving calls that I'm aware of. What number were you trying to call, and where did you get it?

He, of course, completely ignored my question, and responded with this boilerplate:

From: Adam [redacted] <[redacted]@strategicstaff.com>
Subject: Re: data scientist - MO
01/27/2015 09:55 AM

Hello Thad,

Please send me your resume.
Are you actively seeking work?

Please make use of Central Sourcing@STRATEGIC, as they can accelerate your recruiting.

I decided to press the issue one more time:

From: Thad Boyd <[redacted]>
Subject: Re: data scientist - MO
01/29/2015 09:52 AM

Hi Adam,

Yes, I'm actively seeking work.

Where did you say you got my contact details, and what phone number were you trying to call? I'd like to know if there's something wrong with my phone service. My grandfather is in the hospital right now and I need to know that people can reach me.

(And since he pretended not to notice my question about the phone, I pretended not to notice he'd asked for my resume.)

That last part is true, by the way -- Grandpa's going to be okay but he is currently in the hospital. I brought this up to make a point: lying to somebody about his phone being disconnected has consequences. If I had been gullible enough to believe his lie, I could have wound up wasting a good chunk of my day on the phone with Sprint, trying to figure out what was wrong with my phone service, and worrying all the time that I was missing important calls about a family member's health.

Lying to somebody like that -- what the hell is even the point? You think you're going to build a rapport with me by starting our relationship off by lying to me? Specifically, lying about something that could cause me a considerable amount of stress if I believed you? And how long do you think you can keep somebody believing the lie when you clearly have never even looked at his resume?

Does this actually work often enough to keep Strategic Staffing Solutions in business?

I sent that E-Mail out on the 29th. It's been four business days and I think it's a pretty safe bet that Adam's not going to be getting back to me. Not so much as a "Look, I'm sorry, they make us say that, there's no problem with your phone and I hope your grandpa gets better; is there any way I can still help you?" When faced with the potential consequences of his lie, he didn't take the thirty seconds it would have taken to come clean and apologize to me. He just chalked me up as a loss and moved on to the next sucker.

So I'm pretty comfortable in saying fuck Strategic Staffing Solutions, fuck their sleazy, dishonest recruitment tactics, and fuck the horse they rode in on. If you do business with Strategic Staffing Solutions, know that you are doing business with spammers and liars -- and that if they were so cavalier about lying to me, they're probably going to be more than happy to lie to you too.

Finally, here's a list of domains that have sent me job spam, and I'll probably add to it as time goes on. Please feel free to add them to your own spam filters. And hey, if this creates some negative word association for these domains on Google, I'd be pretty okay with that.

  • strategicstaff.com
  • enterprisesolutioninc.com
  • net2source.com
  • colcon.com
  • pyramidci.com
  • ittblazers.com
  • artechinfo.com
  • usgrpinc.com
  • diverselynx.com
  • axelon.com
  • h3-technologies.com
  • mondo.com
  • simplion.com
  • genuent.net
  • abacusservice.com
  • compnova.com
  • spectraforce.com
  • syscomtechinc.com
  • iit-inc.com
  • eteaminc.com
  • project1.com
  • globalsyst.com
  • ustsmail.com
  • ustechsolutionsinc.com
  • rconnectllc.com
  • lorventech.com
  • talentburst.com
  • softpath.net
  • waddellcareers.com
  • first-tek.com
  • quantitativesystems.com
  • advantageresourcing.com
  • gtt-it.com
  • mamsys.com
  • enterprise-logic.com
  • diversant.com
  • fortek.com
  • stemxpert.com
  • panzersolutions.com
  • opensystemstech.com
  • itstaffinc.com
  • princetoninformation.com
  • rjtcompuquest.com
  • greenlightstaff.com
  • judge.com
  • techdigitalcorp.com
  • ttiofusa.com