Slashdot Mirror
SourceForge Appeals To Readers For Help Nixing Bad Ad Actors
Last week, we mentioned that the GIMP project had elected to leave SourceForge as its host, citing SourceForge's advertising policies. SourceForge (which shares a parent company with Slashdot) has released a statement about those policies, addressing in particular both ads that are confusing in themselves and their revenue-sharing system called DevShare, based on the provision of third-party software along with users' downloads. Among other things, the SF team is appealing to users to help them find and block misleading ads, and has this to say about the additional downloads: "The DevShare program has been designed to be fully transparent. The installation flow has no deceptive steps, all offers are fully disclosed, and the clear option to completely decline the offer is always available. All uninstallation procedures are exhaustively documented, and all third party offers go through a comprehensive compliance process to make sure they are virus and malware free."
I don't want useless add on application/browser extension/etc being installed when I chose to download something. No matter how much vetting and transparency, this is simply wrong.
If you don't want complaints then make the DevShare program opt-in instead of opt-out.
You may argue that few people would choose to opt-in, but that's the point, isn't it?
just not doing the installation share thing AT ALL. I don't care how well it gets documented, it's a tactic that is built to take advantage of the large group of people that will do nothing but hit "next" 7 or 8 times and not look at anything.
All they are doing now is stepping up their tap dancing in the hopes that people will fail to see the obvious about their bundled downloads.
I am Slashdot. Are you Slashdot as well?
With rare, mutually beneficial, exceptions, it seems to generally be the case that if I can get paid for putting an 'offer' in front of a user, no matter how transparent and not-spyware and whatnot, that's a good sign that the value to the user is negative.
Gosh, yes, I'd love to receive offers from your carefully selected content partners!
Obviously, a continuum exists, from pure drive-by malware to the-box-isn't-even-checked-by-default opt-in stuff; with various levels of 'all the boxes start checked; but you can uncheck them if you can find them' and 'sure, just go down the stairs, take a left at the sign that says "beware of the leopard", pick the lock on the third door on your right, and choose the 'advanced install' package from the bottom drawer of the filing cabinet'; but just because sleaze occupies a continuum doesn't mean you want to get any on you...
dont mind ads and most people that use Sf are smart enough to see around them.
But SF had a reputation for be clean installs that could be trusted. That is no longer the case.
SF you blew your done and gone.
Linux modi 2.6.26-2-parisc
SVN is lame; Gimp is where it's at, baby.
Github is 6th Street. Sourceforge is the old Main Street, with mostly boarded-up buildings.
I have I better idea. Don't partner with ad vendors/networks that try to put malware on your user's computers.
Adblock plus is security software.
When I want to download software, I want that software, not other piece of software that's going to install itself in my browsers and mine my information.
As others have said, make it purely opt-in and I can live with it. The opt-out stuff just pisses me off because it is so transparently trying to profit off people that aren't paying attention.
SourceForge has shown it can't be trusted. The only way they could regain trust at this point is by legally committing themselves to never bundling anything with an installer, and using an open source installer. Instead, their terms still read "We reserve the right at our sole discretion and at any time to ... change the terms and conditions of this Agreement."
Sorry, SourceForge. You got caught. Promising you won't do it again isn't good enough. That's just PR spin.
... and I left them too, almost a decade ago. it cost me downloads, but saved my customers from their intrusive bundled downloads.
The bottom line is that GIMP didn't want to be associated with tricking its users into installing borderline malware. If a program's installer is filled with traps that you have to carefully watch for to avoid - that sets off huge blaring alarms in the heads of most experienced users.
This is especially a problem for the open-source community, which still struggles to get a fair comparison with commercial software in the corporate IT world. If even major software gets saddled with nonsense like SourceForge is trying to pull, it could set back progress by years.
SourceForge had better smarten up before it becomes a ghost town. GIMP is certainly not going to be the last high-profile departure if things don't change.
While we're at it, the summary of this story was blatantly whitewashed. Mentioning the parent company link should be a bare minimum, not an excuse to abandon all pretense of impartiality.
Alphanos
And those who promote, err advertise it.
Cesspool of reality.
zenlessyank was here..
PS. Fuck your karma ratings slashdot....
I just want a clean layout without adding additional code to my installers and passing it off as something i added. Seems fraudulent, and there are other people who will offer me clean installs with fewer ads.
I hope they don't mess up /. too.
Help stamp out iliturcy.
All uninstallation procedures are exhaustively documented, and all third party offers go through a comprehensive compliance process to make sure they are virus and malware free.
Except that you and the Sourceforge people know damn well that next to no one actually wants that crapware. 99% of cases it will be installef by someone merely clicking through not expecting crapware in the installer.
If a program's installer is filled with traps that you have to carefully watch for to avoid - that sets off huge blaring alarms in the heads of most experienced users.
This is why I will never willingly install Chrome. Just once too often I found it was going to be installed by default with a java update. McAfee AV now seems to be the beneficiary of such stealth installation.
And worse are the ones where it isn't just stealth by having small text somewhere during the download, it's complete secrecy. I needed an AC3 codec for my PVR device and found myself the proud owner of a new web search provider that would reset itself to be my search provider every time I unset it.
I actually read the article (I know, you can't do that on Slashdot). It says DevShare is opt-in for developers, not opt-out, and that's what inserts the additional stuff in the executables. So were the GIMP folks just confused? It sounds like GIMP left over something that was in their control in the first place. (No, I don't work for any of these folks.)
- David A. Wheeler (see my Secure Programming HOWTO)
They are putting these ads on their site and they are getting the revenue from the ads and they want me to to tell them which ads are appropriate and which are not. For free! Screw you, I already have a paying job, I don't need to do your job for you as well.
Thousands of apps have already left the site. They just don't announce it.
They just stop using it.
I've run into more than a few programs that sourceforge was outdated on by a long time.
I needed an AC3 codec for my PVR device and found myself the proud owner of a new web search provider that would reset itself to be my search provider every time I unset it.
I have found that FFDShow is all you need for codecs, and has no crapware. Most of the other things you'll come across seem sketchy.
In the wake of the scandal I have just finished moving all my projects to GitHub, and man, it's been worth it. I mean, have you noticed how incredibly slow SourceForge is lately? I've been using it for over ten years now, and it's been getting slower and slower. I got used to it, but now on GitHub I'm constantly amazed that I don't have to wait a few minutes for the project page to load. Or the fact that I don't even have to go there any more because I can make releases by creating a tag and project web page is just another git branch. How do you update a SourceForge web page again? I'll have to look it up, 'cause I don't remember at all. I only remember that ssh, scp, and lots of manual copying was involved. SourceForge's release system is a pain, and really, the only feature SourceForge has that GitHub does not is access statistics, but this feature hasn't worked properly ever since the big UI overhaul a few years back. Frankly, I don't see any reason to ever go back to SourceForge.
Won't go there any longer. Devs better start leaving in droves and hosting their own stuff.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
This is near the top of a(quickly growing) list of reasons I no longer tolerate, and now simply hate, Oracle. Gee SourceForge, want to be bucketed with Oracle? Yeah... kind of thought not.
As far as I'm concerned third-party inclusion-ware might as well be called parasite-ware, and is a form of Malware that's just easier to remove. It's the same level as crapware that comes pre-installed on a laptop.
Stop providing services that I don't need.
Stop giving me software I don't want.
Stop getting in my way.
If I need something, I'll come find it. Promise.
Many companies are afraid I won't come to them. That's often because they provide inferior tools / services. Make better things that I actually need, and I'll give a damn (For a counter-example, see Atlassian and JetBrains).
This sig has been enciphered with a one-time pad. It could say almost anything.
What a transparent sham. Dice knows full well what misleading advertising is - that is what they are selling.
The answer is simple - eliminate the MITM installer and make all adds click-proof.
Obviously that is not going to happen, so good bye SF, I'm moving my projects elsewhere.
Their explanation sound like the lawyers/marketing people have been heavily involved.
Don't bundle /anything/ other than what the user wanted with the download. Don't bundle toolbars, helper programs, utilities, assistants, or anything else you choose to call your advertising product.
Trust that is lost can't ever really be regained, especially on the Internet. The quick dollars gained came at the expense of the dollars in the long run. You need to start with an apology that acknowledges what was wrong along with a promise in plain English never to do it again.
Now, I didn't say anything about not running advertising on the pages. Advertising is what makes sites run, and anyone with any length of time in the industry understands their importance. Google style ads that aren't disruptive are generally respected and static graphical ads from companies like Microsoft and IBM must work as they have advertised here for years. The problem is if things get pushed too far and the content can't be read without irritation.
If the website isn't functional (loads within 1 second without distractions or intermission ads) than you site has gone over too far and the next visit and every visit thereafter will be filtered. We also understand how these things work on the back-end, know how to implement ABP, No Script, Ghostery and other things with advertising gets overbearing.
At this point it is up to the WebMasters to show that they understand "don't be evil". You can't do it with fine print though, for this audience, reads the fine print.
I was quite disgusted that Chrome used to be pushed on the unsuspecting this way, sad to know SourceForge has joined the dodgy crowd too.
If I can't run it in vanilla VLC, it ain't worth it. (Granted, this is on a desktop)
Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
All uninstallation procedures are exhaustively documented, and all third party offers go through a comprehensive compliance process to make sure they are virus and malware free.
You clowns at SourceForge/Dice are missing the point. Users DON'T WANT this garbage on their system. You are deliberately trying to get them to install it, even if it's by mistake.
And what about all the institutions providing you with mirroring? Are they getting a cut of this revenue now? If they're not, then you are DELIBERATELY attempting to profit from their charity and generosity. Personally, I hope every single mirror deletes any SourceForge related material from their servers and tells you to go die in a fire. You are attempting to profit from the work and resources of others who believed they were contributing to the free software community. For that, you are to be shamed, shunned, and written off as yet another group of clueless MBA's out to monitize the entire fucking world at the expense of others. Go fuck yourselves and look for a real job where you have to WORK instead of ruining other people's reputations by bundling useless shit with their software.
"So after all this, you make my case for me. To end this stalemate, you must die..."
Everybody in the know has already migrated to a GitHub.
At this point, hosting a project on SourceForge just seems quaint.
I mean, I don't really understand why SourceForge is behind this, but hey, I definitely support the effort:
Pauly Shore
Keanu Reeves
Sarah Jessica Parker
Stallone and Schwarzeneggar, of course, but they're almost too old to be worth the effort. Same for Madonna....
Aside from that off-the-cuff list, there's a host of really bad female and male actors that are hot, so I'd say give them a pass.
-Styopa
This is especially a problem for the open-source community, which still struggles to get a fair comparison with commercial software in the corporate IT world.
Does it? Every Fortune (insert ever decreasing numbers) company I've worked with has been all over open source.
Where it makes sense.
Office alternatives rarely make sense. Gimp never makes any sense. Apache/Lighty/nginx? Absofuckinglutely everywhere. Various open source content management solutions? As far as the eye can goddamned see.
So yeah, I don't buy the age old excuse. (Baaaw, they don't like us, because, uh, just cause!) It hasn't been the case for at least a decade.
I haven't posted much since the takeover but I wanted to log in one last time to say:
1) Thanks for ruining SF, that was remarkably fast.
and
2) FUCK OFF!
/. feeds will be deleted now, no more clicks to read comments for you parasites.
All
Imagination drew in bold strokes, instantly serving hopes and fears, while knowledge advanced by slow increments...
are the slopbucket add-ons. I download Audacity and GIMP, and I can't find a way to get rid of sneakware throwing "congratulations! take my survey" when I open another tab, or "you need to upgrade Chrome now," both of which are adware that should NOT be served in the first place. two thumbs down.
if this is supposed to be a new economy, how come they still want my old fashioned money?
Hey SourceForge: Here's a hint you clueless idiots. We don't care how much vetting you've done with the third party shitware you're trying to convince us to install. We do not use your site so we can be convinced to install a bunch of crap we're never going to use. The community has voted, and you lost.
You ate too much of your own cake.
The migration to other services has begun.
You might never recover from this.
May it be a lesson for all other "free" services trying to make hasty profit.
"Find and block misleading ads"
Why is this our job?
Why do you not know what's being advertised on your own website?
Why do you run a business based on something you can't control?
Why don't YOU go through your ads and start removing the misleading crap?
William Shatner has to make a living some how.
In short SourceForge, fuck you.
[they] strongly encourage the top projects to use a new (closed source only) installer
SourceForge not only seems to have missed this key point but has completely reversed it's previous position on Open Source being a key component to transparency. Instead, SourceForge claims:
The DevShare program has been designed to be fully transparent. The installation flow has no deceptive steps...
Who says it has no deceptive steps? How do I audit the source code to the installation flow?
For anyone that reads the SourceForge blog, this seems to be a very jarring change in prospective on the part of SourceForge. Several previous SourceForge blog posts bring up transparency, but always in the context Open Source Software. Before November 2013, I can't find any SourceForge blog posts that refer to close source as "fully transparent." I also can't find any other SourceForge blog post that tries to claim close source software contain no deceptive steps. Once SourceForge is able to make the leap that a close source installer is fully transparent, there really is no common ground to continue a discussion on. It isn't a matter of a third party being a bad actor, SourceForge itself is the bad actor. This SourceForge blog post is proof of erosion taking place on fundamental ideal which where the foundation of SourceForge.
I hadn't used SF in a while but I was expecting the same straight forward, no BS install I've always had. I didn't navigate the fine print and whamo! "Conduit" is installed. OK, uninstall Conduit. Not so much. It inserted itself all over the place. I had to resort to regedit and directory deletion to (mostly) wipe it out. I still have someplace that's causing a "cannot find .dll" pop-up to show. SF you are now flagged as "BAD-BAD-BAD" in my list.
Are they even seriously asking right now? All of them. 100% of them. Fucking pick one at random. They ALL have undesireable, misleading, coinstalled crapware. None of them don't have it. How else can I phrase it so these dishonest scam artists?
Is it time for us to point Sourceforge to a non-address in our hosts files, and let Sourceforge know we have done same?
systemd is Roko's Basilisk.
I think I'm careful enough to avoid including the malware during an installation. But the install program doesn't work at all from behind my employer's corporate firewall. It looks like it tries to connect to a server at a TCP port number not normally associated with HTTP.
For the record, I haven't used sourceforge for a long time. On the other hand... Last few weeks I had several autoplaying video adds on /. front page.
I often leave slashdot open when I do something else. For a few days straight I went gaming with a couple of friends using skype. In the middle of the game a frigging add starts playing... yeah. ,,,on /. main page... I do understand having adds on main page...
BUT GODDAMN AUTOPLAYING VIDEO ADDS ON /. FRONT PAGE THAT REFRESH WITHOUT ASKING:
Contemplating on finding a better source for my nerd news.
You had a great run. I'll remember the good ol' days.
Per the Sourceforge blog article:
If it's so fucking wonderful it doesn't need bundling.
Dicetastic...
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
...in protest of this behavior. I don't think any active OSS project should stay there if they think this is ethical behavior.
I stopped using C-Net when they started pulling this little trick and thought Sourceforge had more respect for open software. I can understand why they need to do this, but why didn't they reach out to the community to discuss new revenue streams rather than pull this stunt and then "reach out to the community" after the fact? Maybe they actually want to kill the project hosting service?
Sorry, guys. SF needs to back down from this before I D/L there again. I'll probably continue to use Freecode and D/L direct from the developers where possible, but even that seems like it won't last for long.
We are the 198 proof..
>> SourceForge Appeals To Readers For Help Nixing Bad Ad Actors
So you're sticking it to yourself? /sorry
The government which is strong enough to protect you from everything is strong enough to take everything from you.
The suits and money spot something successful and wade in without understanding why it's successful then mucking it up.
I want a list of atrocities done in your name - Recoil
Block THESE ad-servers from SourceForge, like so:
0.0.0.0 ads.sourceforge.net
0.0.0.0 master.sourceforge.net
0.0.0.0 images-aud.sourceforge.net
0.0.0.0 gipacipam.sourceforge.net
0.0.0.0 sflogo.sourceforge.net
0.0.0.0 boincwapstats.sourceforge.net
* Those are what are in my custom hosts file here! You DON'T have to "block ALL of sourceforge"...
( & I download + assist projects there - yet I never ever have issues downloading others' work though either... seems to work for me, JUST fine!)
---
In any event, as to what you said about ME? Yea, usually am, lol - Even IF only in "the long run"...why?? Einstein said it better than I ever could:
"Great spirits have always encountered violent opposition from mediocre minds."" - Einstein
APK
P.S.=> Ctfrost (another replier to you) has "a way", however ONLY IF you have a DNS server locally @ home, & most folks, don't!
(& doing so would waste either the extra electricity on it on a SEPARATE system, or on a single system wasting CPU cycles, RAM, & other forms of I/O (& yes electric power too))!
HOWEVER - the thing is, you'd only be doing what hosts can do for you, but "adding on" something, creating complexity + room for breakdowns, that you DON'T REALLY NEED!
(Especially considering you can supplement hosts with "secured" filtering DNS servers like OpenDNS or ScrubIT DNS & hosts DO compliment external DNS servers (via hardcoding your favorite sites in hosts), actually overcoming/shoring up DNS' weaknesses vs. Dynamic DNS or FastFlux utilizing botnets for your FAV. site, since those types of botnet designs take advantage of weaknesses in DNS itself in order to work via their misdirect-redirect &/or "spoof" zone-transfers they cause/create to do so - or EVEN vs. DOWNED dns servers also!))...
... apk
They can just curl up and die, they betrayed the users with their adware several years ago.
Fake download buttons in ads should be illegal.
Try downloading paint.net or 7zip with AdBlock turned off to see what I mean.
>and the clear option to completely decline the offer is always available
Yes except the opt-out does not take. When opting out the additional offers always install. Always. For me, it is easy to abandon the site due to this.
g bogus unjustified downmods? I won't allow it: Hosts do more w/ less (1 file) @ a faster level (ring 0) vs redundant addons (slowing up slower ring 3 browsers) by filtering 4 the IP stack (coded in C, loads w/ OS, & 1st resolver queried & 45++ yrs.optimization):
---
APK Hosts File Engine 9.0++ 32/64-bit:
http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74
(Details of hosts' benefits in link)
Summary:
---
A. ) Hosts do more than AdBlock ("souled-out" 2 Google/Crippled by default) + Ghostery (Advertiser owned) - "Fox guards henhouse", or Request Policy -> http://yro.slashdot.org/comments.pl?sid=4127345&cid=44701775
B. ) Hosts add reliability vs. downed & redirected DNS + secure vs. known malicious domains too -> http://tech.slashdot.org/comments.pl?sid=3985079&cid=44310431 w/ less added "moving parts" complexity + room 4 breakdown,
C. ) Hosts files yield more speed (blocks ads & hardcodes fav sites - faster than remote DNS), security (vs. bad domains serving mal-content + block spam/phish), reliability (vs. downed or Kaminsky redirect vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets), & anonymity (vs. dns request logs + DNSBL's).
---
* "A fool makes things bigger + more complex: It takes a touch of genius & a lot of courage to move in the opposite direction." - Einstein
(Addons = more complex + slow browsers in message passing (use a few concurrently - you'll see))
---
** "Less is more" = GOOD engineering!
(Vs. slowing SLOWER usermode browsers layering on MORE in addons slowing them more: I work w/ what you have in kernelmode, via hosts - A tightly integrated PART of the IP stack)
APK
P.S.=> "The premise is, quite simple: Take something designed by nature & reprogram it to make it work FOR the body, rather than against it..." - Dr. Alice Krippen "I AM LEGEND"
...apk
Dear Timmie,
Sourceforge is dead, just like Santa and the Tooth Fairy.
And anything sourced from Timothy.
Good night, sleep tight, get a real job in the morning.
--
Oblivion keeps looking better every day.
Hosts do more w/ less (1 file) @ a faster level (ring 0) vs redundant browser addons (slowing up slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ OS, & 1st net resolver queried w\ 45++ yrs.of optimization):
---
APK Hosts File Engine 9.0++ 32/64-bit:
http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74
(Details of hosts' benefits enumerated in link)
Summary:
---
A. ) Hosts do more than AdBlock ("souled-out" 2 Google/Crippled by default) + Ghostery (Advertiser owned) - "Fox guards henhouse", or Request Policy -> http://yro.slashdot.org/comments.pl?sid=4127345&cid=44701775
B. ) Hosts add reliability vs. downed or redirected DNS + secure vs. known malicious domains too -> http://tech.slashdot.org/comments.pl?sid=3985079&cid=44310431 w/ less added "moving parts" complexity + room 4 breakdown,
C. ) Hosts files yield more speed (blocks ads & hardcodes fav sites - faster than remote DNS), security (vs. malicious domains serving mal-content + block spam/phish), reliability (vs. downed or Kaminsky redirect vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets), & anonymity (vs. dns request logs + DNSBL's).
---
* "A fool makes things bigger + more complex: It takes a touch of genius & a lot of courage to move in the opposite direction." - Einstein
(Addons are more complex + slowup browsers in message passing (use a few concurrently - you'll see))
---
** "Less is more" = GOOD engineering!
(Vs. slowing down SLOWER usermode browsers layering on MORE in addons which slow them down more: I work w/ what you have in kernelmode, via hosts - A tightly integrated PART of the IP stack itself)
APK
P.S.=> "The premise is, quite simple: Take something designed by nature & reprogram it to make it work FOR the body, rather than against it..." - Dr. Alice Krippen "I AM LEGEND"
...apk