Slashdot Mirror

While Go and Swift are interesting incremental improvements, they are not taking into account what we learned about programming languages. In many ways, these two languages seem firmly stuck in the 1980s. For example, Go has no generics, and as far as I can tell, Swift still does not have the kind of true generic types I introduced in XL in 2000, i.e. the possibility to call "ordered" all types that have a less than, and then define functions with "ordered" instead of having to use <T> all over the place just like in C++ (and please, could we stop using angle brackets?)

More generally, there was a lot to be learned from more dynamic languages deriving from Lisp. Being able to treat code as data (homoiconicity) completely changes things. It means your language can be extended in itself, just like Lisp integrated object-oriented capabilities effortlessly. It means you can do metaprogramming, introspection, reflection, dynamic code generation, in a natural way rather than with specialised ad-hoc features. All things that Go or Swift spectacularly fail to do.

A real language redesign does not bring you incremental benefits, it should bring orders of magnitude on many tasks. I speak from experience. In XL, I can do complex arithmetic in 11 lines of code. What about Swift or Go? Ask yourself why Go can't offer complex arithmetic as a library package? Similarly, in Tao3D, I can do things HTML5 just can't, in a much less verbose, much higher-level language, and simple animations take 30 times less code than in JavaScript. The 30x factor tells me that I invented something new. Many others can demonstrate similar innovation.

I fail to see benefits of a similar order of magnitude with Swift or Go, and it annoys me. Companies like Apple and Google have the means, if only the financial ones, to make bigger things happen, in particular when smaller teams like ours already did a lot of investigative work.

While Go and Swift are interesting incremental improvements, they are not taking into account what we learned about programming languages. In many ways, these two languages seem firmly stuck in the 1980s. For example, Go has no generics, and as far as I can tell, Swift still does not have the kind of true generic types I introduced in XL in 2000, i.e. the possibility to call "ordered" all types that have a less than, and then define functions with "ordered" instead of having to use <T> all over the place just like in C++ (and please, could we stop using angle brackets?)

More generally, there was a lot to be learned from more dynamic languages deriving from Lisp. Being able to treat code as data (homoiconicity) completely changes things. It means your language can be extended in itself, just like Lisp integrated object-oriented capabilities effortlessly. It means you can do metaprogramming, introspection, reflection, dynamic code generation, in a natural way rather than with specialised ad-hoc features. All things that Go or Swift spectacularly fail to do.

A real language redesign does not bring you incremental benefits, it should bring orders of magnitude on many tasks. I speak from experience. In XL, I can do complex arithmetic in 11 lines of code. What about Swift or Go? Ask yourself why Go can't offer complex arithmetic as a library package? Similarly, in Tao3D, I can do things HTML5 just can't, in a much less verbose, much higher-level language, and simple animations take 30 times less code than in JavaScript. The 30x factor tells me that I invented something new. Many others can demonstrate similar innovation.

I fail to see benefits of a similar order of magnitude with Swift or Go, and it annoys me. Companies like Apple and Google have the means, if only the financial ones, to make bigger things happen, in particular when smaller teams like ours already did a lot of investigative work.

I use ipplan, check it out
http://sourceforge/projects/ip...
http://iptrack.sourceforge.net...

I was disappointed to find that CamStudio's Lossless Codec's installer had SourceForge installware bundled. Maybe I'm more forgiving than most, but I would have accepted that SourceForge was trying out a new strategy, as long as the old/original content was still available for clueful people. However, the download page did not seem to have an alternate link. The file that showed a date from years ago (based on dates shown at CamStudio legacy files but the downloaded file had the content from "Funnel Delivery (Fried Cookie Ltd.)"

But then I found that I could craft this link: file download URL with ?nowrap=1 appended and then I could get the original file.

So they did leave an ability for the super-clueful to get some decent data. They didn't do a good enough job letting semi-clueful people find this information easily, so I do oppose what they did. However, I suspect this technique may be helpful for people seeking to get unaltered older files (particularly for projects where the software maintainers might not be providing other ways to get official installers).

The Nmap project at https://sourceforge.net/projec... appears empty and run by Fyodor. However, there's another Nmap project at https://sourceforge.net/projec... that says clearly "Brought to you by: sf-editor1, sf-editor3".

The Nmap project at https://sourceforge.net/projec... appears empty and run by Fyodor. However, there's another Nmap project at https://sourceforge.net/projec... that says clearly "Brought to you by: sf-editor1, sf-editor3".

This is the crux of the issue.

When SF takes over a page and replaces an installer from the project with an SF program; it's deceptive and fraudulent.

If that SF program is a modified binary, a modified installer, or even a "download helper" or a wrapper around the original installer which prompts for crapware; SF is misrepresenting the download as coming from the project rather than SF unless stated clearly otherwise.

When a user downloads this fraudulent download, they blame the crapware on the project authors and not SF. This isn't simply a theory - the feedback on many projects includes numerous negative reviews due to this crapware which they falsely attribute to the project creators. This negatively impacts the projects and their reputations with their users. Real financial harm could be done if fewer donations are made due to the harmed reputations - or support contracts not renewed due to suspicions.

I believe SF's recent assertion that they will no longer do this is, at least in part, because they know this sort of activity will not stand up in a court of law and it is detrimental not only the projects they've vandalized, but to themselves in showing their poor character and lack of trustworthiness in choosing to implement such a scheme to begin with. Stopping the harmful practice does not undo the harm already done, so it would be nice to see some legal recourse to inspire fear in those who would dare to do this sort of thing in the future.

Even when an author approves such nefarious wrappers and crapware through an agreement, SF is using deceptive practices towards users by not clearly distinguishing their regular binary downloads from crapware downloads. The same green "download" button appears in either case, but with crapware there is sometimes a small print of "installer enabled" and an "i" in a circle one can hover over which will display that there may be crapware in the installer. In filezilla's case, it warns of an ad-supported installer.

http://sourceforge.net/project...

IMHO, there should be clear distinctions between binaries offered by (or approved by) the project author and those offered or modified by SF as well as clear indications of when one is downloading a "download helper" or advertisement supported downloader or installer.

Fyodor's original message to the "Nmap Development" list includes the following claim:

The old Nmap project page is now blank:

http://sourceforge.net/projects/nmap/

It's true that if you go to the "files" tab you won't see any files. However, the SF blog posting says that Fyodor never put anything in the File Release System, so "now blank" is literally accurate but misleading. It implies that SF deleted something, which they didn't.

Fyodor's original message to the "Nmap Development" list includes the following claim:

The old Nmap project page is now blank:

http://sourceforge.net/projects/nmap/

It's true that if you go to the "files" tab you won't see any files. However, the SF blog posting says that Fyodor never put anything in the File Release System, so "now blank" is literally accurate but misleading. It implies that SF deleted something, which they didn't.

https://www.tivo.com/shop/roam...

$199 + $499 = $700. How much did you spend on the TV tuner and computer?

http://www.rosswalker.co.uk/ti...

Upgrades are pretty much brain dead simple now. Throw in a new hard drive and off you go. You can also add USB or eSATA hard drives, which is as simple as it can be.

Don't add FUD.

A Tivo can have up to 16 TB of storage. Sure you can get more into a computer, but this is still huge.

Recordings are not trapped in the Tivo, Tivo Desktop is a free piece of software that pulls them off, and they can then easily be converted to MPeg, or just us kmttg. This process is just as complicated as MCE with MCEBuddy. I would like to go to MP4 like MCEBuddy, instead of MPEG with kmttg.

http://www.majorgeeks.com/file...
http://sourceforge.net/project...

SourceForge does not allow project removal, especially when moving the project to a new hosting provider.

Projects which have moved to another hosting provider are typically retained at SourceForge.net (though you can make a note on the project web site and project summary page directing users to the new home) for sake of retaining materials of historical value.

The problem is that SF does not allow project removal. I have a few projects that I hosted with SF in the early 2000s; years later I moved the projects to other places, but I cannot remove them from SF. Any project that has been "abandoned" is at their mercy.

wasn't this issue discussed two days ago, along with an official response? were you mnapping at the time? do you want a new story for every project affected, along with critiques of their website and false allegations of trojans? maybe you dislike their fashion sense or cooking, too? are you that bored? need another mnap?

Some well known projects they've taken:

• Evolution (GNOME Mail Client)
• Firefox
• MySQL
• PostgreSQL
• openvz
• Apache HTTP Server
• Apache Hadoop
• SQLite
• SWRare Iron
• Thunderbird
• The R Project
• NetBeans IDE

Your comment has too few characters per line (currently 11.7).

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Integer nec odio. Praesent libero. Sed cursus ante dapibus diam. Sed nisi. Nulla quis sem at nibh elementum imperdiet. Duis sagittis ipsum. Praesent mauris. Fusce nec tellus sed augue semper porta. Mauris massa. Vestibulum lacinia arcu eget nulla. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos.

Some well known projects they've taken:

• Evolution (GNOME Mail Client)
• Firefox
• MySQL
• PostgreSQL
• openvz
• Apache HTTP Server
• Apache Hadoop
• SQLite
• SWRare Iron
• Thunderbird
• The R Project
• NetBeans IDE

Your comment has too few characters per line (currently 11.7).

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Integer nec odio. Praesent libero. Sed cursus ante dapibus diam. Sed nisi. Nulla quis sem at nibh elementum imperdiet. Duis sagittis ipsum. Praesent mauris. Fusce nec tellus sed augue semper porta. Mauris massa. Vestibulum lacinia arcu eget nulla. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos.

Some well known projects they've taken:

• Evolution (GNOME Mail Client)
• Firefox
• MySQL
• PostgreSQL
• openvz
• Apache HTTP Server
• Apache Hadoop
• SQLite
• SWRare Iron
• Thunderbird
• The R Project
• NetBeans IDE

Your comment has too few characters per line (currently 11.7).

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Integer nec odio. Praesent libero. Sed cursus ante dapibus diam. Sed nisi. Nulla quis sem at nibh elementum imperdiet. Duis sagittis ipsum. Praesent mauris. Fusce nec tellus sed augue semper porta. Mauris massa. Vestibulum lacinia arcu eget nulla. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos.

Some well known projects they've taken:

• Evolution (GNOME Mail Client)
• Firefox
• MySQL
• PostgreSQL
• openvz
• Apache HTTP Server
• Apache Hadoop
• SQLite
• SWRare Iron
• Thunderbird
• The R Project
• NetBeans IDE

Your comment has too few characters per line (currently 11.7).

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Integer nec odio. Praesent libero. Sed cursus ante dapibus diam. Sed nisi. Nulla quis sem at nibh elementum imperdiet. Duis sagittis ipsum. Praesent mauris. Fusce nec tellus sed augue semper porta. Mauris massa. Vestibulum lacinia arcu eget nulla. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos.

Some well known projects they've taken:

• Evolution (GNOME Mail Client)
• Firefox
• MySQL
• PostgreSQL
• openvz
• Apache HTTP Server
• Apache Hadoop
• SQLite
• SWRare Iron
• Thunderbird
• The R Project
• NetBeans IDE

Your comment has too few characters per line (currently 11.7).

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Integer nec odio. Praesent libero. Sed cursus ante dapibus diam. Sed nisi. Nulla quis sem at nibh elementum imperdiet. Duis sagittis ipsum. Praesent mauris. Fusce nec tellus sed augue semper porta. Mauris massa. Vestibulum lacinia arcu eget nulla. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos.

Some well known projects they've taken:

• Evolution (GNOME Mail Client)
• Firefox
• MySQL
• PostgreSQL
• openvz
• Apache HTTP Server
• Apache Hadoop
• SQLite
• SWRare Iron
• Thunderbird
• The R Project
• NetBeans IDE

Your comment has too few characters per line (currently 11.7).

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Integer nec odio. Praesent libero. Sed cursus ante dapibus diam. Sed nisi. Nulla quis sem at nibh elementum imperdiet. Duis sagittis ipsum. Praesent mauris. Fusce nec tellus sed augue semper porta. Mauris massa. Vestibulum lacinia arcu eget nulla. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos.

Some well known projects they've taken:

• Evolution (GNOME Mail Client)
• Firefox
• MySQL
• PostgreSQL
• openvz
• Apache HTTP Server
• Apache Hadoop
• SQLite
• SWRare Iron
• Thunderbird
• The R Project
• NetBeans IDE

Your comment has too few characters per line (currently 11.7).

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Integer nec odio. Praesent libero. Sed cursus ante dapibus diam. Sed nisi. Nulla quis sem at nibh elementum imperdiet. Duis sagittis ipsum. Praesent mauris. Fusce nec tellus sed augue semper porta. Mauris massa. Vestibulum lacinia arcu eget nulla. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos.

Some well known projects they've taken:

• Evolution (GNOME Mail Client)
• Firefox
• MySQL
• PostgreSQL
• openvz
• Apache HTTP Server
• Apache Hadoop
• SQLite
• SWRare Iron
• Thunderbird
• The R Project
• NetBeans IDE

Your comment has too few characters per line (currently 11.7).

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Integer nec odio. Praesent libero. Sed cursus ante dapibus diam. Sed nisi. Nulla quis sem at nibh elementum imperdiet. Duis sagittis ipsum. Praesent mauris. Fusce nec tellus sed augue semper porta. Mauris massa. Vestibulum lacinia arcu eget nulla. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos.

Some well known projects they've taken:

• Evolution (GNOME Mail Client)
• Firefox
• MySQL
• PostgreSQL
• openvz
• Apache HTTP Server
• Apache Hadoop
• SQLite
• SWRare Iron
• Thunderbird
• The R Project
• NetBeans IDE

Your comment has too few characters per line (currently 11.7).

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Integer nec odio. Praesent libero. Sed cursus ante dapibus diam. Sed nisi. Nulla quis sem at nibh elementum imperdiet. Duis sagittis ipsum. Praesent mauris. Fusce nec tellus sed augue semper porta. Mauris massa. Vestibulum lacinia arcu eget nulla. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos.

Some well known projects they've taken:

• Evolution (GNOME Mail Client)
• Firefox
• MySQL
• PostgreSQL
• openvz
• Apache HTTP Server
• Apache Hadoop
• SQLite
• SWRare Iron
• Thunderbird
• The R Project
• NetBeans IDE

Your comment has too few characters per line (currently 11.7).

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Integer nec odio. Praesent libero. Sed cursus ante dapibus diam. Sed nisi. Nulla quis sem at nibh elementum imperdiet. Duis sagittis ipsum. Praesent mauris. Fusce nec tellus sed augue semper porta. Mauris massa. Vestibulum lacinia arcu eget nulla. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos.

Some well known projects they've taken:

• Evolution (GNOME Mail Client)
• Firefox
• MySQL
• PostgreSQL
• openvz
• Apache HTTP Server
• Apache Hadoop
• SQLite
• SWRare Iron
• Thunderbird
• The R Project
• NetBeans IDE

Your comment has too few characters per line (currently 11.7).

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Integer nec odio. Praesent libero. Sed cursus ante dapibus diam. Sed nisi. Nulla quis sem at nibh elementum imperdiet. Duis sagittis ipsum. Praesent mauris. Fusce nec tellus sed augue semper porta. Mauris massa. Vestibulum lacinia arcu eget nulla. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos.

Some well known projects they've taken:

• Evolution (GNOME Mail Client)
• Firefox
• MySQL
• PostgreSQL
• openvz
• Apache HTTP Server
• Apache Hadoop
• SQLite
• SWRare Iron
• Thunderbird
• The R Project
• NetBeans IDE

Your comment has too few characters per line (currently 11.7).

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Integer nec odio. Praesent libero. Sed cursus ante dapibus diam. Sed nisi. Nulla quis sem at nibh elementum imperdiet. Duis sagittis ipsum. Praesent mauris. Fusce nec tellus sed augue semper porta. Mauris massa. Vestibulum lacinia arcu eget nulla. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos.

At this time, we present third party offers only with a few projects where it is explicitly approved by the project developer, or if the project is already bundling third party offers.

2. The reference by Fyodor that even if Sourceforge still isn't bundling anything on nmap, the page is designed to mislead the users with fake download buttons:

"So far they seem to be providing just the official Nmap files (as long as you don't click on the fake download buttons) (...)

Below I repost the original submission so you can compare:

Sourceforge Hijacks the Nmap Sourceforge Account

Gordon Lyon (better known as Fyodor, author of nmap and maintainer of the internet security resource sites insecure.org, nmap.org, seclists.org, and sectools.org) warns on the nmap development mailing list that the Sourceforge Nmap account was hijacked from him.

According to him the old Nmap project page (located at http://sourceforge.net/project..., screenshot) was changed to a blank page and its contents were moved to a new page (http://sourceforge.net/projects/nmap.mirror/, screenshot) which controlled by sf-editor1 and sf-editor3, in pattern mirroring the much discussed the takeover of GIMP-Win page discussed last week on Ars Technica, IT World and eventually this week Slashdot.

That happens after Sourceforge promises to stop "presenting third party offers for unmaintained SourceForge projects. At this time, we present third party offers only with a few projects where it is explicitly approved by the project developer, or if the project is already bundling third party offers."

To their credit Fyodor states that "So far they seem to be providing just the official Nmap files (as long as you don't click on the fake download buttons) and we haven't caught them trojaning Nmap the way they did with GIMP" but reiterates "that you should only download Nmap from our official SSL Nmap site: https://nmap.org/download.html"

At this time, we present third party offers only with a few projects where it is explicitly approved by the project developer, or if the project is already bundling third party offers.

2. The reference by Fyodor that even if Sourceforge still isn't bundling anything on nmap, the page is designed to mislead the users with fake download buttons:

"So far they seem to be providing just the official Nmap files (as long as you don't click on the fake download buttons) (...)

Below I repost the original submission so you can compare:

Sourceforge Hijacks the Nmap Sourceforge Account

Gordon Lyon (better known as Fyodor, author of nmap and maintainer of the internet security resource sites insecure.org, nmap.org, seclists.org, and sectools.org) warns on the nmap development mailing list that the Sourceforge Nmap account was hijacked from him.

According to him the old Nmap project page (located at http://sourceforge.net/project..., screenshot) was changed to a blank page and its contents were moved to a new page (http://sourceforge.net/projects/nmap.mirror/, screenshot) which controlled by sf-editor1 and sf-editor3, in pattern mirroring the much discussed the takeover of GIMP-Win page discussed last week on Ars Technica, IT World and eventually this week Slashdot.

That happens after Sourceforge promises to stop "presenting third party offers for unmaintained SourceForge projects. At this time, we present third party offers only with a few projects where it is explicitly approved by the project developer, or if the project is already bundling third party offers."

To their credit Fyodor states that "So far they seem to be providing just the official Nmap files (as long as you don't click on the fake download buttons) and we haven't caught them trojaning Nmap the way they did with GIMP" but reiterates "that you should only download Nmap from our official SSL Nmap site: https://nmap.org/download.html"

At this time, we present third party offers only with a few projects where it is explicitly approved by the project developer, or if the project is already bundling third party offers.

2. The reference by Fyodor that even if Sourceforge still isn't bundling anything on nmap, the page is designed to mislead the users with fake download buttons:

"So far they seem to be providing just the official Nmap files (as long as you don't click on the fake download buttons) (...)

Below I repost the original submission so you can compare:

Sourceforge Hijacks the Nmap Sourceforge Account

Gordon Lyon (better known as Fyodor, author of nmap and maintainer of the internet security resource sites insecure.org, nmap.org, seclists.org, and sectools.org) warns on the nmap development mailing list that the Sourceforge Nmap account was hijacked from him.

According to him the old Nmap project page (located at http://sourceforge.net/project..., screenshot) was changed to a blank page and its contents were moved to a new page (http://sourceforge.net/projects/nmap.mirror/, screenshot) which controlled by sf-editor1 and sf-editor3, in pattern mirroring the much discussed the takeover of GIMP-Win page discussed last week on Ars Technica, IT World and eventually this week Slashdot.

That happens after Sourceforge promises to stop "presenting third party offers for unmaintained SourceForge projects. At this time, we present third party offers only with a few projects where it is explicitly approved by the project developer, or if the project is already bundling third party offers."

To their credit Fyodor states that "So far they seem to be providing just the official Nmap files (as long as you don't click on the fake download buttons) and we haven't caught them trojaning Nmap the way they did with GIMP" but reiterates "that you should only download Nmap from our official SSL Nmap site: https://nmap.org/download.html"

Because /. editors seem to have inconvenient hollidays I'll just spam this topic with the bahaviour of their mother company:

From http://seclists.org/nmap-dev/2...:

From: Fyodor
Date: Wed, 3 Jun 2015 00:56:23 -0700

Hi Folks! You may have already read the recent news about Sourceforge.net
hijacking the GIMP project account to distribute adware/malware.
Previously GIMP used this Sourceforge account to distribute their Windows
installer, but they quit after Sourceforge started tricking users with fake
download buttons which lead to malware rather than GIMP. Then Sourceforge
took over GIMP's account and began distributing a trojan installer which
tries to trick users into installing various malware and adware before
actually installing GIMP. Of course this goes directly against Sourceforge
CEO Michael Schumacher's promise less than two years ago:

"we want to reassure you that we will NEVER bundle offers with any project
without the developers consent"
--http://sourceforge.net/blog/advertising-bundling-community-and-criticism/

So much for that promise! Anyway, the bad news is that Sourceforge has
also hijacked the Nmap account from me. The old Nmap project page is now
blank:

http://sourceforge.net/project...

Meanwhile they have moved all the Nmap content to their new page which only
they control:

http://sourceforge.net/project...

You can see at the top that the owners of the Nmap page are now
'sf-editor1', and 'sf-editor3'. You can click on those to see other
projects they have hijacked.

So far they seem to be providing just the official Nmap files (as long as
you don't click on the fake download buttons) and we haven't caught them
trojaning Nmap the way they did with GIMP. But we certainly don't trust
them one bit! Sourceforge is pulling the same scheme that CNet
Download.com tried back when they started circling the drain:

http://insecure.org/news/downl...

We will ask Sourceforge to remove the hijacked Nmap page, but more
importantly we want to reiterate that you should only download Nmap from
our official SSL Nmap site:

https://nmap.org/download.html

If you don't trust SSL by itself (and we don't blame you), you can also
check the GPG signatures: https://nmap.org/book/install....

Cheers,
Fyodor

PS: Ars Technica has a good article about the Sourceforge/GIMP fiasco:
http://arstechnica.com/?p=6734...

PPS: Sourceforge now claims they will stop trojaning software without the
developer's permission, but they've broken that exact promise before.

Because /. editors seem to have inconvenient hollidays I'll just spam this topic with the bahaviour of their mother company:

From http://seclists.org/nmap-dev/2...:

From: Fyodor
Date: Wed, 3 Jun 2015 00:56:23 -0700

Hi Folks! You may have already read the recent news about Sourceforge.net
hijacking the GIMP project account to distribute adware/malware.
Previously GIMP used this Sourceforge account to distribute their Windows
installer, but they quit after Sourceforge started tricking users with fake
download buttons which lead to malware rather than GIMP. Then Sourceforge
took over GIMP's account and began distributing a trojan installer which
tries to trick users into installing various malware and adware before
actually installing GIMP. Of course this goes directly against Sourceforge
CEO Michael Schumacher's promise less than two years ago:

"we want to reassure you that we will NEVER bundle offers with any project
without the developers consent"
--http://sourceforge.net/blog/advertising-bundling-community-and-criticism/

So much for that promise! Anyway, the bad news is that Sourceforge has
also hijacked the Nmap account from me. The old Nmap project page is now
blank:

http://sourceforge.net/project...

Meanwhile they have moved all the Nmap content to their new page which only
they control:

http://sourceforge.net/project...

You can see at the top that the owners of the Nmap page are now
'sf-editor1', and 'sf-editor3'. You can click on those to see other
projects they have hijacked.

So far they seem to be providing just the official Nmap files (as long as
you don't click on the fake download buttons) and we haven't caught them
trojaning Nmap the way they did with GIMP. But we certainly don't trust
them one bit! Sourceforge is pulling the same scheme that CNet
Download.com tried back when they started circling the drain:

http://insecure.org/news/downl...

We will ask Sourceforge to remove the hijacked Nmap page, but more
importantly we want to reiterate that you should only download Nmap from
our official SSL Nmap site:

https://nmap.org/download.html

If you don't trust SSL by itself (and we don't blame you), you can also
check the GPG signatures: https://nmap.org/book/install....

Cheers,
Fyodor

PS: Ars Technica has a good article about the Sourceforge/GIMP fiasco:
http://arstechnica.com/?p=6734...

PPS: Sourceforge now claims they will stop trojaning software without the
developer's permission, but they've broken that exact promise before.

I hope Android can go to Turbo Vision style interface before it finally reverts to a command-line interface.

If SourceForge isn't competitive and doesn't do what their competitors do, then they won't get the business. Nobody likes crapware installers, but it's what the customers (who got the money to burn) want and expect. But isn't this over already?

From: https://sourceforge.net/blog/g...

[updated on 28-5-2015] Since yesterday, SourceForge Gimp-Win mirror downloads only the original software without any offers. We also invite the Gimp-Win developer to take back control of the project if that is his desire, while respectfully asking that he maintain any project updates or allow us to do so.

they've been doing stuff like this since 2013. I remember telling it to everyone back then, but was only met with dismissal. Why is everyone so outraged now?

Because back then they were doing it only for projects whose maintainers consented to it. (as a kind of twisted revenue-sharing program)

Now they are hijacking the installers of so-called "abandoned" projects, and locking out the owners too.

As someone who actually uses SourceForge in the way it was originally intended, i.e. a place to host one of my software projects, this is certainly something I would not want to happen. What is a good alternative? Right now I mostly put release tarballs on SourceForge, the git repository and wiki pages have already moved to GitHub.

The original announcement for when Sourceforge added the "feature" of injecting malware into installers said that the money earned would be shared with the developers. So I have to wonder: did they send the GIMP a check? Have the GIMP developers demanded that Sourceforge do so?

On the assumption that Sourceforge did not, it seems like they've just burned a bridge that they shouldn't have. They killed any trust that users would have had for SF projects a long time ago, but developers who were willing to sell out have stuck around. But now that developers know that SF is willing to just assume control of a project (and the associated profits), why would any developer continue to use SF.

This is news because Sourceforge used to be trustworthy. It used to be a respected site where open-source developers could host their binaries without fear of someone tampering with it.

Yeah, I know. USED to be. Seriously guys, they've been doing stuff like this since 2013. I remember telling it to everyone back then, but was only met with dismissal. Why is everyone so outraged now? Here, here's a blog post from that period where they started it. Did nobody keep up with what was going on? Did nobody use Sourceforge at all in that time period?

I know I sound incredulous, but it's because I am. I've known about this for years, yet nobody cared at all. I don't know why GIMP is a special snowflake compared to the other projects whose reputations they've ruined in the meantime, and I'm pretty sure even GIMP's had this installer for quite a bit longer than this last week (I don't know for sure, I don't use GIMP to be truthful).

It's just the Nth 'eternal September'.

It's also happening to Little Registry Cleaner. If you don't read every dialog box very, very carefully you end up with crapware (look at the reviews).

The tail end of GenX/Initial GenYs that originally ran Slashdot have moved on with their lives. They sold out (no problem with that, I would have too). Dice put a bunch of kids that grew up on Reddit in charge so you see Slashdot trying to mirror Reddit's content, 'messege', tone & look and it's showing to old hat /.ers.

If anyone is bored and looking for a place to lure my 30s year old self. Redo slashdot, allow markdown, bbedit, html, LaTeX.. editing. Keep the -2 to +5 moderation system because it limits band-wagoning and group think. Now that everyone can have an opinion it shows. I used to revel in the days that little 19 year old me was bestowed with 5 points to vote with (and tried to ration them accordingly).

Design a proper responsive layout (It was not Beta) and keep it about tech

I'm looking for a good place to discuss stuff that is relevant to me like Slashdot used to be. Reddit is good for certain things. Long drawn out posts with actual information isn't one of them. Everyone wants a tl;dr:.

[And this message took longer to type than one in Markdown because HTML is pretty slow now that I use markdown for everything, blog and all. Not that I don't know but ** is easier, ~~~~, ]

It's just the Nth 'eternal September'.

It's also happening to Little Registry Cleaner. If you don't read every dialog box very, very carefully you end up with crapware (look at the reviews).

The tail end of GenX/Initial GenYs that originally ran Slashdot have moved on with their lives. They sold out (no problem with that, I would have too). Dice put a bunch of kids that grew up on Reddit in charge so you see Slashdot trying to mirror Reddit's content, 'messege', tone & look and it's showing to old hat /.ers.

If anyone is bored and looking for a place to lure my 30s year old self. Redo slashdot, allow markdown, bbedit, html, LaTeX.. editing. Keep the -2 to +5 moderation system because it limits band-wagoning and group think. Now that everyone can have an opinion it shows. I used to revel in the days that little 19 year old me was bestowed with 5 points to vote with (and tried to ration them accordingly).

Design a proper responsive layout (It was not Beta) and keep it about tech

I'm looking for a good place to discuss stuff that is relevant to me like Slashdot used to be. Reddit is good for certain things. Long drawn out posts with actual information isn't one of them. Everyone wants a tl;dr:.

[And this message took longer to type than one in Markdown because HTML is pretty slow now that I use markdown for everything, blog and all. Not that I don't know but ** is easier, ~~~~, ]

It is sad.

Sourceforge used to be a pillar of the community. It seemed something more than what github is now. I'm not sure precisely what caused the demise, but I remember it going downhill since before github was really, really big.

Apparently they decided GIMP-Win was "abandoned". It was after a fashion---the distributor decided to stop using sourceforce and instead goes through the main GIMP site. Naturally the thing to do here is for sourceforge to take over the reigns and start putting the latest GIMP releases in it's place for the 6 or 7 remaining people who still use sourceforge. That in itself is not terrible, but it's the way they hijacked the installer which stinks.

But it's all OK since the account owner never knew^Wobjected.

Here's the delightful corporate weasel wording:

https://sourceforge.net/blog/g...

But it's not "obnoxious shitware" it's "easy to decline third party offers". Right.

Now Dice: grow a spine and let this article on the front page. You fucked up, everyone knows you fucked up now own it.

SoylentNews picked it up: https://soylentnews.org/articl...
SourceForge has since removed the adware from GIMP-Win: https://sourceforge.net/blog/g...

[updated on 28-5-2015] Since yesterday, SourceForge Gimp-Win mirror downloads only the original software without any offers. We also invite the Gimp-Win developer to take back control of the project if that is his desire, while respectfully asking that he maintain any project updates or allow us to do so.

Is that Dice? Little Registry Cleaner now installs a ton of crap by default. Look at the latest reviews. You can still get a clean install by reading each of the dialog boxes but the point is it comes bundled with crap in the first place.

While you can do neat things with a cheap board programmed by block diagrams, that's not going to cut it in my job, where we control machines that cost in six figures.

Right now I program 6 figure machines with block diagrams.

I make my living by addressing the hard parts of getting processes automated. I've only been in industry for 10 years and I've already automated away a few internships. I'm learning Python explicitly for the purpose of automating dSpace + Matlab + hardware and reducing the need for 2-3 full time people.

Programming is one of them.

Programming is a tool. Engineers use programming to automate away their engineering. Photographers use programming to automate away their photography. Farmers use programming to automate away their farming.

Your job isn't programming, it is automating what ever task you are trying to complete. What would have taken Hugin a few minutes to complete can now be done in a cell phone.

Linux had 1 crappy pay-for version of CDE because some schlep company ended up buying copyrights to extort money from people.

I don't even remember there being a pay-for version of CDE for Linux. I'm not saying it didn't happen. I just remember you could buy a Motif tarball from Metrolink that would get you Motif and mwm, not like you would ever use mwm when you had fvwm. And then later you could buy Caldera Network Desktop, which came with Metrolink Motif. You could also buy AccelX, which got you a substantially faster X server back in those days, with meaningful support for your video card's 2d acceleration features... something that XFree eventually achieved, of course. Apparently you can build CDE for Linux these days, but I haven't tried. (why...)

Speaking of which... just wanted to plug the Impress!ve presentation tool for Linux, which renders your PDF slide deck in OpenGL, and has nice and mildly useful highlighting, annotation, and slide-sorter overviews.

http://impressive.sourceforge....

What's so great about Sylpheed that I should care?

Sylpheed's primary advantage over all other e-mail clients is its inability to send HTML formatted mail.

Isn't that awesome?!?

No language is inherently good or evil in and of itself (save for PHP, which is evil incarnate.)

It is simply a tool for expressing logic. A means of structuring data.

Some are elegant for certain classes of problems, some are abused to fit problem sets they aren't suited for.

The sole benefit of Java to me is it's portability for core logic, even though I know that once you're dealing with user interfaces and heavy duty multi-threading, there are "write once, test everywhere" problems with the language.

Java isn't even predictable on my Linux box. It randomly crashes for no apparent reason while running code that has run cleanly thousands upon thousands of times in the past. Yet after years and years of successful runs of my pet project (http://msscodefactory.sourceforge.net/), I had Java 7 on Ubuntu crash a couple weeks ago during a run. The compiler itself crashes on a regular basis; several times per week.

As to why all the Java articles lately? Oracle's "Java World" conference is coming up, so it's time to beat the drums, sacrifice the sheep, and burn the entrails on the altar of the language. The high priests are out in droves preaching the gospel.

It is a lot easier to embrace an "open standard" when you developed it yourself, then donated it to a consortium.

WBEM is a decades old open standard implemented by just about every major software and hardware manufacturer out there. It's shipped with just about every OS. The computer you are using right now probably has CIM implementation built in or at least available in the core OS.

The standard is managed by the Distributed Management Task Force which includes most top software firms. Here is the Java JSR-48: WBEM Services Specification and Implementation for example.

What Microsoft is giving the open-source community is a CIMON ( CIM Object Manager ) implementation. This is fully standards based and Microsoft is just donating the code. But as mentioned earlier Ubuntu and most OSes already ship with a lightweight CIMON.

Build a script library based on short mnemonic commands.

That's easy to do with set-alias. It already has built-in aliases for mv, cp, ls, cat, diff, echo, lp, man, ps, pushd, rm, wget and many more. Use get-alias to see the list of them.

For the other commands you listed, I use UnxUtils. It's a lot lighter than cygwin, although the versions are very old.

Chrome, Dooble, Pale Moon, Superbird, Vivaldi ...

Personally I have found Mendeley frustrating to use anyway. Seemed more interested in shiny features than working well. Wasn't very good at maintaining its bibtex file (which could be a problem using it with other programs) and expected you to have digital references only.

JabRef is a great multiplatform reference manager which combines excellently with Docear for writing a paper/thesis/dissertation (Docear lets you organize your references and annotations as part of your outline). I have also found it worth it to run PDF-XChange Viewer under WINE. It is unfortunately not open source but it supports any feature you can think of for annotating PDFs and integrates nicely (with a bit of non-windows setup) with Docear.

Zotero is another great reference manager. I have also heard good things about BibDesk (OS X only).