Slashdot Mirror

← Back to Stories (view on slashdot.org)

SourceForge and GIMP [Updated]

Posted by Soulskill on from the yelling-on-the-internet dept.

New submitter tresf writes: In response to a Google+ post from the Gimp project claiming that "[Sourceforge] is now distributing an ads-enabled installer of GIMP," Sourceforge had this response: "In cases where a project is no longer actively being maintained, SourceForge has in some cases established a mirror of releases that are hosted elsewhere. This was done for GIMP-Win.

Submitter's note: Gimp is actively being maintained and the definition of "mirror" is quite misleading here as a modified binary is no longer a verbatim copy. Download statistics for Gimp on Windows show SourceForge as offering over 1,000 downloads per day of the Gimp software.

In an official response to this incident, the official Gimp project team reminds users to use official download methods. Slashdotters may remember the last time news like this surfaced (2013) when the Gimp team decided to move downloads from SourceForge to their own FTP service. "Therefore, we remind you again that GIMP only provides builds for Windows via its official Downloads page." Note: SourceForge and Slashdot share a corporate parent. Editor's note: I just got back from a busy weekend to see that a bunch of people are freaking out that we're "burying" this story, so here it is. Go hog wild. Sorry it took so long. (And for future reference, user submissions are easily found in the firehose, listed in the order they appear, newest first.)

Update: 06/01 22:37 GMT by T : The SourceForge blog has a welcome update; SourceForge, it says, has effective today "stopped presenting third party offers for unmaintained SourceForge projects. ... At this time, we present third party offers only with a few projects where it is explicitly approved by the project developer, or if the project is already bundling third party offers."

91 of 384 comments (clear)

  1. Took long enough for you to post this Slashdot by NotDrWho · · Score: 5, Informative

    I remember seeing a submission on this early last week.

    --
    SJW's don't eliminate discrimination. They just expropriate it for themselves.
    1. Re:Took long enough for you to post this Slashdot by weilawei · · Score: 5, Insightful

      I am also pleased that they've finally posted it, but still seriously miffed that it took this long.

    2. Re:Took long enough for you to post this Slashdot by NotDrWho · · Score: 3, Informative

      And his weekends start on Wednesday.

      --
      SJW's don't eliminate discrimination. They just expropriate it for themselves.
    3. Re:Took long enough for you to post this Slashdot by RazorSharp · · Score: 2, Insightful

      Decent journalism? You know you're on slashdot, right?

      --
      "From the depths of my skeptical and rationalist soul, I ask the Lord to protect me from California touchie-feeliedom."
    4. Re:Took long enough for you to post this Slashdot by OzPeter · · Score: 4, Funny

      I suspect Timothy just loads stuff on cron at the start of the weekend and takes off fishing, or something.

      I actually think that someone loads "Timmy" up on cron at the start of the weekend and takes off fishing.

      --
      I am Slashdot. Are you Slashdot as well?
  2. What will they do next? by Chrisq · · Score: 4, Funny

    *** BUY ACME SPEARMINT ***
    Interfere with slashdot posts?
    *** BUY ACME SPEARMINT ***

  3. Not ignoring the story is a good start! by rmdingler · · Score: 5, Interesting

    Issuing an opinion on something the umbrella corporation did that you may have no control over would be a solid follow up.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

    1. Re:Not ignoring the story is a good start! by Luxemburg · · Score: 5, Interesting

      Additionally, offering such a weak*) excuse for sitting on this story (apparently) for a week actually rings all my alarm bells. Please slashdot editors, explicitly deny (or confirm) there has been any kind of pressure influencing your treatment of this topic.

      *) Weak to react to it cynically, dismissively, the editor just had a busy weekend, and how dare the readers ever even imagine there might be some sort of hesitation on your part for not publishing this article promptly. After all, it's only a very grave accusation to a service run by the same company for the same audience.

    2. Re:Not ignoring the story is a good start! by Soulskill · · Score: 4, Informative

      There's been no pressure influencing my treatment of this topic.

      The main reason it's late is that we were asking some questions internally so we could put up a more informative post on the subject. Unfortunately, communications were slow. Rather than keep waiting, I just put up the most accurate submission we've gotten. (May or may not still happen later.)

    3. Re:Not ignoring the story is a good start! by Anonymous Coward · · Score: 5, Insightful

      Then why the hell did you blame a busy weekend to start? Smells like BS to me.

    4. Re:Not ignoring the story is a good start! by sinij · · Score: 2

      While I didn't find DICE response satisfactory (they should rend garments and ash their heads), I appreciated its inclusion. It would have been great follow-up story to original "This just in!" story. Keep in mind, /. is not stale news for nerds for the most part.

    5. Re:Not ignoring the story is a good start! by OzPeter · · Score: 2

      ^^ THIS

      --
      I am Slashdot. Are you Slashdot as well?
    6. Re:Not ignoring the story is a good start! by rmdingler · · Score: 5, Funny
      Hmmm...

      /. being slower than everyone else to report on a story.

      That is suspicious.

      --
      Happiness in intelligent people is the rarest thing I know.

      Ernest Hemingway

    7. Re:Not ignoring the story is a good start! by OzPeter · · Score: 2, Insightful

      Your statement here appears to conflict with your edit in TFS. Both of which look like excuses rather than genuine reasons. As such the damage IS done. You are going to need to be 100% transparent even to start recovering from this debacle.

      --
      I am Slashdot. Are you Slashdot as well?
    8. Re:Not ignoring the story is a good start! by C3ntaur · · Score: 4, Informative

      Keep in mind, /. is not stale news for nerds for the most part.

      Have you been to Arstechnica, Phoronix, and The Register? Browse their headlines and you'll see a 12-24 hour preview of what's going to show up on /.

      --
      Loading...
    9. Re:Not ignoring the story is a good start! by Soulskill · · Score: 5, Informative

      I acknowledge that this was a fuck up. As I said in my note on the story, I'm sorry it took so long for this post to go up.

    10. Re:Not ignoring the story is a good start! by tresf · · Score: 5, Insightful

      Thanks for posting it, @Soulskill. Better late than never. I'll support you a bit in saying that the readers are focusing on the wrong point. It is the FOSS malware bundling which is the real issue here. The misrepresentation of a product against the author's/community's will is THE issue. Stop trolling the journalist, he's not the one installing malware on your computer, SF is.

      Offering a great product for free should be good enough to drive the traffic and ad revenue that SF needs. Taking a sh** on these great projects does nothing but alienate SF from the very community that helped it gain notoriety in the first place. Sure this is old news, but 1,000 malware installations a day aren't old news. 1,000 malware installations a day should be criminal.

      Coincidentally -- the day after posting this article -- a colleague of mine made a similar mistake of installing OpenOffice from a high-ranking search result and is now dealing with the consequences. Long term, I'm not sure how we fix these bait-and-switch problems, but @Soulskill getting the word out is a good start.

      On a personal note... I manage the downloads for a QT-based project known as LMMS and we too feared the day that our installers would be compromized. In anticipation of this, LMMS has moved everything off of SF hosting. This took almost a year as it included forums, downloads, bug tracker, et al. We we very fortunate to get corporate sponsoring, but not all projects have success in this regard.

      On a personal-side-note, I'd like to add that I've been happy enough with the services over at GitHub that I've chosen them for some of non-free projects (private, paid repositories). Is this not how revenue **should** be generated? Should the exchange of good, honest services for cash not be the norm? Should preying on the innocent and invading privacy, installing viruses for those that would least suspect it NOT be ostracized? SF has become a predator against the unsuspecting.

    11. Re:Not ignoring the story is a good start! by Anonymous Coward · · Score: 3, Insightful

      These people are mad, convinced that you are acting against their interests, and are ignoring any evidence which supports a kinder or more reasonable interpretation of your motivations.

      Here's my take: The editors saw a story with claims relevant to their own area of expertise. They decided to do some digging before publishing a story with potentially false or incomplete data. The public outcry convinced Soulskill to publish the best of the unverified stories rather than waiting for the analysis to complete. Soulskill noticed the outcry after a busy weekend.

      This narrative fits the facts and attributes no malicious motives to anyone.

      I suggest that a more open process would avoid recurrent allegations that anyone have acted improperly. I propose this: When a story affecting a company related to /. is submitted, it is posted immediately but bearing the usual related story disclosure and a note saying that the facts have not been verified by /. staff. If there is analysis done that alters the story, then publish that as a separate submission by the editors themselves.

      Am I disappointed in SourceFourge? Sure.
      Will I use it ever again? Probably not.
      Do I trust /. any less? Nope.

    12. Re:Not ignoring the story is a good start! by Khyber · · Score: 3, Informative

      Your statement clearly conflicts with screencaps many have of the firehose, where almost EVERY SINGLE STORY regarding this was removed despite comments and being RED status.

      Would you care to try again, SoulSkill? You seem to forget how easily the internet can keep track of what you do and when.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    13. Re:Not ignoring the story is a good start! by Khyber · · Score: 3, Informative

      I see several that I voted up totally removed (the tell-tale 'imprinting' of the bar when you vote being the giveaway.)

      Every story I see back through Wednesday is one I hadn't voted on.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    14. Re:Not ignoring the story is a good start! by phorm · · Score: 2

      I want *blood* because the site which I use regularly but pay money for doesn't meet my exacting standards, is that right? Geeze, man, chill out a little bit. If you're truly that unhappy, then move on to another site. Otherwise, accept the apology for what it is.

      Seriously, all caps. Demand for a public apology. Perhaps a "the persons responsible have been sacked" message? Geesh.

    15. Re:Not ignoring the story is a good start! by tehcyder · · Score: 2

      so which is it? Long weekend, or gathering more information?

      Clearly these are mutually exclusive, and so it is a CONSPIRACY.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    16. Re:Not ignoring the story is a good start! by ihtoit · · Score: 2

      I don't take my work phone with me when I go hunting.

      --
      Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
  4. Absolutely unacceptable behaviour by sinij · · Score: 5, Insightful

    This behavior should get SourceForge blacklisted as both cyber-squatters and adware, possibly malware vendor.

    1. Re:Absolutely unacceptable behaviour by Anonymous Coward · · Score: 3, Insightful

      This is why nobody uses sourceforge anymore. Years old versions of projects or look alikes of projects distributing malware.

      So yeah...use anything BUT sourceforge. Hell put it in your hosts file as going to 127.0.0.1, apk would approve.

    2. Re:Absolutely unacceptable behaviour by Anonymous Coward · · Score: 5, Insightful

      Cnet irreparably destroyed the reputation of both download.com and the cnet brand.

      Sourceforge's brand is probably damaged to a similar level for me.

      I'm about ready to DNS blackhole sourceforge because it cannot be trusted at all anymore. 10 years ago, it was my go-to site.

    3. Re:Absolutely unacceptable behaviour by Anonymous Coward · · Score: 3, Informative

      RIP SourceForge. You died dishonourably.

    4. Re:Absolutely unacceptable behaviour by NotDrWho · · Score: 3, Insightful

      I'd piss on the grave, but why waste good piss?

      --
      SJW's don't eliminate discrimination. They just expropriate it for themselves.
  5. Re:Douch move for sure on SF by fuzzyfuzzyfungus · · Score: 4, Insightful

    Aren't we all smart enough to turn off the adware during install? I even know some old people who turn off "add-ons" that they don't need.

    Well, given that adware 'offers' still get injected into installers, I'm going to use my incredible mental thinking skills to hypothesize "no, we aren't".

    Aside from that, even if you don't get hit by the adware, having to defang an installer just to use a program leaves the indistinguishable taste of pure sleaze in your mouth for the rest of the process(looking at you, Oracle and the Ask.com toolbar...)

    Sourceforge is dragging the GIMP project's name through the mud by bundling this shit, even if they don't hit anyone. That alone is more than enough to be displeased by.

  6. Re:Finally! by Anonymous Coward · · Score: 2, Insightful

    If it hadn't been for that moron, today's /. submission would've probably not been posted.

  7. I don't buy the /. editors' explanation. by pop+ebp · · Score: 5, Insightful

    I don't buy the /. editors' explanation.

    This story has been repeatedly submitted since at least late Wednesday and has been voted to red multiple times in the firehose.

    Meanwhile, most other red stories have already appeared on the front page, so clearly some editors were still around...

    1. Re:I don't buy the /. editors' explanation. by linkdude64 · · Score: 4, Funny

      Maybe it's time to start emailing some advertisers to expose corruption in Tech journalism?

  8. Seems to Be a Pattern of Behavior by Kunedog · · Score: 5, Interesting

    Anyone buying the "busy weekend" excuse? Can't say I am, since the story broke near the middle of last week, and we've seen /. willfully ignore the community so many times. Look at the amount of pushback it took to defeat Beta and Bennet Hasselton.

    Wonder if they'll ever drop the anti-Gamergate narrative too (probably not, since they have most of the tech media circling wagons with them on the pro-corruption side)?

    1. Re:Seems to Be a Pattern of Behavior by sinij · · Score: 5, Funny

      >>>Bennet Hasselton cannot be defeated. He's merely resting.

      Bennet Hasselton article shows up only if someone mentions Bennet Hasselton three times in a single post.

    2. Re:Seems to Be a Pattern of Behavior by 0100010001010011 · · Score: 5, Insightful

      It's just the Nth 'eternal September'.

      It's also happening to Little Registry Cleaner. If you don't read every dialog box very, very carefully you end up with crapware (look at the reviews).

      The tail end of GenX/Initial GenYs that originally ran Slashdot have moved on with their lives. They sold out (no problem with that, I would have too). Dice put a bunch of kids that grew up on Reddit in charge so you see Slashdot trying to mirror Reddit's content, 'messege', tone & look and it's showing to old hat /.ers.

      If anyone is bored and looking for a place to lure my 30s year old self. Redo slashdot, allow markdown, bbedit, html, LaTeX.. editing. Keep the -2 to +5 moderation system because it limits band-wagoning and group think. Now that everyone can have an opinion it shows. I used to revel in the days that little 19 year old me was bestowed with 5 points to vote with (and tried to ration them accordingly).

      Design a proper responsive layout (It was not Beta) and keep it about tech

      I'm looking for a good place to discuss stuff that is relevant to me like Slashdot used to be. Reddit is good for certain things. Long drawn out posts with actual information isn't one of them. Everyone wants a tl;dr:.

      [And this message took longer to type than one in Markdown because HTML is pretty slow now that I use markdown for everything, blog and all. Not that I don't know but ** is easier, ~~~~, ]

    3. Re:Seems to Be a Pattern of Behavior by chihowa · · Score: 4, Funny

      In his house at R'lyeh, dead Bennet Hasselton waits dreaming.

      --
      If you want a vision of the future, imagine a youtube comments section scrolling - forever.
    4. Re:Seems to Be a Pattern of Behavior by TWX · · Score: 4, Funny

      >>>Bennet Hasselton cannot be defeated. He's merely resting. Bennet Hasselton article shows up only if someone mentions Bennet Hasselton three times in a single post.

      You bastard!

      Aaargh! you made me do it too!

      --
      Do not look into laser with remaining eye.
    5. Re:Seems to Be a Pattern of Behavior by AmiMoJo · · Score: 3, Insightful

      Look at the amount of pushback it took to defeat Beta and Bennet Hasselton.

      I was actually quite surprised at how responsive the owners have been on those two issues. They clearly invested a lot of money and time into beta, and I dread to think what kind of favours Bennet was offering, but in the end they listened to us. I really didn't think it would happen, I expected beta to become the only option and my beloved (in an abusive partner kind of way) Slashdot die a slow and painful death.

      So kudos for listening. And yeah, I can buy the weekend excuse. Come on, this is Slashdot, the "editors" seem barely literate at times and can't remember posting the same story a mere 24 hours previously. Never attribute to malice what can be adequately explained by incompetence.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    6. Re:Seems to Be a Pattern of Behavior by bill_mcgonigle · · Score: 5, Informative

      If anyone is bored and looking for a place to lure my 30s year old self. Redo slashdot, allow markdown, bbedit, html, LaTeX.. editing.

      If this is where your interests are, Soylent has forked an re-opened Slash, so people can contribute to it. There's been tremendous cleanup/ and some refactoring, to make Slash a more sane/maintainable project.

      They're very picky on submissions, though, so the variety and community aspects aren't what Slashdot is.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    7. Re:Seems to Be a Pattern of Behavior by ideonexus · · Score: 5, Insightful

      The adware bundling is also happening with Filezilla now too. I recently downloaded the FTP program to my computer at work and it set off a bunch of virus alerts with our system engineers. It was very embarrassing, but the engineers said they fell for it too.

      The worst part is that there is no opt-out option in the installation process. By downloading the version of the package with the adware, you are agreeing to install the viruses. I eventually found a clean install of Filezilla on Sourceforge, but it's not obvious.

      Google needs to flag Sourceforge as a malware site for these shenanigans.

      --
      i ~ Celebrating Science, Cyberspace, Speculation
    8. Re:Seems to Be a Pattern of Behavior by meta-monkey · · Score: 4, Informative

      I think you dropped this: .org

      soylentnews.org

      --
      We don't have a state-run media we have a media-run state.
    9. Re:Seems to Be a Pattern of Behavior by 0100010001010011 · · Score: 2

      I've taken a look at Slashdot's homepage with no adblock or anything - completely filled with flashing banner ads, video ads for cosmetics, clickbait links from Taboola, etc.

      Are you comparing 1999 Slashdot to 2015 Reddit or 2015 Slashdot to 2015 Reddit?

      Slashdot even used to reward you for not making shit posts. There was a simple checkbox to turn all of that off if you had enough Karma. They actually valued your posts so much to drive people to /. that they allowed you to turn off all ads.

      I used to hate that I never knew what my Karma was. But now I'm glad I didn't. It just turns people into narcissists as they try and go for more link and post karma. "Excellent" is all I needed to know.

    10. Re:Seems to Be a Pattern of Behavior by 0100010001010011 · · Score: 2

      And when all you're doing is trying to communicate a few ideas with links. I shouldn't have to remember the full HREF specification to link out or ul,ol,li to make a list. For short terse online discussion it's a perfectly cromulent language.

    11. Re:Seems to Be a Pattern of Behavior by Culture20 · · Score: 3, Interesting

      Keep in mind, FileZilla agreed to the malware installer, unlike GIMP.

    12. Re:Seems to Be a Pattern of Behavior by pop+ebp · · Score: 5, Informative

      For the record, the FileZilla developers actually opted-in to this, several years ago, in some kind of revenue-sharing program with Sourceforge.

      What is new is that SF now does it with "abandoned" projects without the owners' consent too.

    13. Re:Seems to Be a Pattern of Behavior by stooo · · Score: 2

      >> I've taken a look at Slashdot's homepage with no adblock or anything

      Who would want to surf the net without adblock ?

      --
      aaaaaaa
    14. Re:Seems to Be a Pattern of Behavior by SirSlud · · Score: 4, Informative

      They still let you turn off all ads if you have sufficient karma.

      --
      "Old man yells at systemd"
    15. Re:Seems to Be a Pattern of Behavior by Anonymous Coward · · Score: 3, Insightful

      Yeah, but I didn't agree to anything.

    16. Re:Seems to Be a Pattern of Behavior by SScorpio · · Score: 4, Interesting

      Have you heard of http://ninite.com/?

      You can install Filezilla directly from them without the bundled malware and other shenanigans.

      Their installer does take away choice so software will install to the default location. But it skips desktop shortcuts, bundled toolbars, and other crap I don't want.

      They work especially well when you are setting up a new PC, you simply select what you want to install and it will automatically install the latest versions of everything without you needing to track down individual installers or prompting you during installation.

    17. Re:Seems to Be a Pattern of Behavior by Kazymyr · · Score: 2

      Yes, the checkbox is still there. But it doesn't do anymore what it says it should do. For a while it did, but not anymore.

      And the Slashdot mobile site is even worse, with non-dismissable pop-over boxes that take up to 25% of the screen.

      --
      I hadn't known there were so many idiots in the world until I started using the Internet -Stanislaw Lem
    18. Re:Seems to Be a Pattern of Behavior by readingprofile · · Score: 2

      I suspect this will not get noticed, but for what it's worth...

      You CAN download the clean, non-ad-infected version of FileZilla from its official web site... you just need to know how:

      Go here: https://filezilla-project.org/...

      That link can also be found by going to the FileZilla download page and clicking on "additional download options". You will notice the binary downloads have a URL ending with ?nowrap, which tells SourceForge to point to the clean builds only.

    19. Re:Seems to Be a Pattern of Behavior by thegarbz · · Score: 2

      So kudos for listening.

      They didn't listen. They were ground into submission by an angry mob who were wreaking the very project they were defending. I mean this in a good way. It was a high-impact revolt that was sure to get noticed and forced the hand of the site owners by making it very clear that a) the existing customers cared little for their shit, and b) that new potential customers ended up at a news aggregating site where all comments are filled with hate for the very site they were on.

      It's not kudos for listening. Just be thankful they didn't drive the entire site into the ground with their ignorance. Heck the Beta thing went back for many many months with certain accounts and visitors, the complains from the site were the same complaints as their mobile site had long before (and still has to this day). The rollout was incredibly poorly managed and they backtracked under extreme pressure.

    20. Re:Seems to Be a Pattern of Behavior by tehcyder · · Score: 2

      >> I've taken a look at Slashdot's homepage with no adblock or anything

      Who would want to surf the net without adblock ?

      Well, people at work who aren't allowed to install add-ons or alternative browsers, for one.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    21. Re: Seems to Be a Pattern of Behavior by dave420 · · Score: 2

      The majority of the world are left-wingers. Deal with it, gramps.

  9. For future reference by tomhath · · Score: 3, Insightful

    (And for future reference, user submissions are easily found in the firehose, listed in the order they appear, newest first.)

    Just curious here. Does voting a submission up or down have any effect on whether it's accepted? It seems some stories appear on the front page as soon as they're submitted, others languish for days. Gives the impression the editors are selecting stories based on some agenda other than what slashdot readers want to see.

    1. Re:For future reference by Soulskill · · Score: 4, Interesting

      When we select submissions, voting is the strongest factor, but it's not the only factor — timeliness, factual accuracy, the degree to which it's on topic, and several other characteristics all factor in. For example, we're not going to run a 5-year-old story no matter how many people vote it up, nor a story about the sun being made of freshly chopped artichoke hearts.

    2. Re:For future reference by Anonymous Coward · · Score: 5, Insightful

      And they won't run a story critical of Dice until they persuade the corporate overlords that it's too late to stop it.

    3. Re:For future reference by Rei · · Score: 2

      Yeah, because this is untimely, facturally inaccurate, five years old, and equivalent to a story about the sun being made of freshly chopped artichoke hearts? Meanwhile things like this and this are timely wellsprings of useful information?

      And care to respond to the people mocking your "busy weekend" excuse, given that your weekend appears to be five days long and your "the main reason it's late" post which gives an entirely different reason for the delay?

      --
      "Who the **** put an emergency exit in the interrogation room?!" -- Police chief, "Jesus Christ Supercop"
    4. Re:For future reference by serviscope_minor · · Score: 4, Interesting

      First, thanks for coming on the thread to answer questions.

      Out of interest, what is the criteria for the editorial staff putting together a post. Most of the front page stories are more or less exactly as the submitter submitted them. Under what circumstances do you generally exercise this kind of editorial control?

      --
      SJW n. One who posts facts.
    5. Re:For future reference by 0100010001010011 · · Score: 2, Insightful

      timeliness, factual accuracy, the degree to which it's on topic, and several other characteristics all factor in.

      Factual accuracy and degree on topic hasn't stopped Slashdot from trying to shoehorn a SJW narrative in or other stuff that would have never been relevant on slashdot a decade ago.

      This isn't Reddit, quit trying to shove what ever narrative Dice is pushing and leave it about tech. You're certainly not going to lure any teens and 20 somethings to Slashdot and all you're doing is pissing off all the Slashdotters here that would stay if it wasn't for shit like this.

  10. Re:So? by pop+ebp · · Score: 5, Informative

    This is news because Sourceforge used to be trustworthy.
    It used to be a respected site where open-source developers could host their binaries without fear of someone tampering with it.

  11. Re:Douch move for sure on SF by AthanasiusKircher · · Score: 3, Insightful

    Aren't we all smart enough to turn off the adware during install?

    No -- most people just keep clicking "OK" until the install is finished. Just like most people keep signing pages or initialing forms when presented with a bunch of paperwork... they stop reading the details.

    The number of people who actually stop and read everything they sign is similar to the number that consider all the options during install scripts -- and that number is VERY SMALL.

    (Small anecdote -- quite a few years ago I signed the rental agreement for my first apartment. I was told to initial each of the 10 pages or so and sign the final page. I stopped and read the thing before doing so. My landlord -- who managed something like 40 apartments and had been doing so for a couple decades -- said he could only recall one other person who read the whole rental agreement before signing. And I actually discovered some really interesting rental policies while doing so.)

    Also, more on point -- there's the rather obvious evidence that companies wouldn't bother bundling adware if no one ever installed it.

    I even know some old people who turn off "add-ons" that they don't need.

    And I even know many young people who don't seem to pay any attention while installing and end up with all sorts of weird "add-ons" and don't know how they got there. What's your point?

  12. Re:So? by houstonbofh · · Score: 4, Interesting

    If they are modifying the binary, would that not make it a derivative work? And so by the license, would that not make it a violation to call it "Gimp?" I know that would be the case on my FOSS project.

  13. Re:Douch move for sure on SF by NotDrWho · · Score: 5, Insightful

    Hard to believe that Sourceforge was once a fairly reputable place to download software from. Seems like a millions years ago now.

    --
    SJW's don't eliminate discrimination. They just expropriate it for themselves.
  14. Don't you feel any shame? by Anonymous Coward · · Score: 4, Insightful

    Any at all for being so closely affiliated with a company distributing adware and using deceptive practices riding on the backs of open source?

  15. Re:stopped using sourfeforge after filezilla by Rei · · Score: 4, Informative

    Not only do they bundle it with adware, but they've apparently sabotaged GIMP too - for example, they apparently changed the save dialog so that you can only save XCF files and have to click through a "you have unsaved changes" warning when you export to a different format. They added an very difficult to precisely adjust sliders to things like brush size. They took out 16 bit color support. Basically, sourceforge has really totalled GIMP. ;)

    --
    "Who the **** put an emergency exit in the interrogation room?!" -- Police chief, "Jesus Christ Supercop"
  16. Re:Douch move for sure on SF by ThePhilips · · Score: 4, Interesting

    Do you even have an experience with such malware ridden installers?

    The creators abuse every possible linguistic trick on the book to confuse the user about what s/he had selected and what is going to be installed. Sometimes even blatantly lying and claiming that something will not work properly if you choose not to install the optional "performance enhancer".

    I had to deal once with such installer for a freebie game, which was bundled with 5(?) pieces of malware. Luckily for me it was an InstallShield which was showing a summary screen of what is going to be installed before doing anything. I had to go through the install wizard three times before the summary screen was showing that only the game itself would be installed. The last one was the trickiest: in description they used effectively triple negative and user had to actually check the box to not to install the malware.

    --
    All hope abandon ye who enter here.
  17. Re:So? by serviscope_minor · · Score: 2

    The GIMP is GPL'd so they can make derivative works all they like so long as they're also GPL'd. Mere aggregation (i.e. putting some other crap plus gimp in the same installer) doesn't make the other aggregated things have to fall under the GPL, as is specified in the license.

    --
    SJW n. One who posts facts.
  18. Re:Douch move for sure on SF by LVSlushdat · · Score: 4, Informative

    For those who still use Windows and want GIMP (and a LOT of other opensource and freeware Windows programs) you can't beat Ninite.. https://ninite.com/ Ninite does all of the work to make sure you only get the desired opensource program and NONE of the crapware/malware garbage that so many installers are adding on today.. (Yes, I'm looking at YOU, Oracle... You and your fuckin' Ask toolbar on Java installs)... Thankfully I've switched completely to Linux and don't have to worry about that crap...

    --
    THANK YOU, Edward Snowden!! Americans owe you a debt of gratitude (whether they know it or not..)
  19. Re:So? by LVSlushdat · · Score: 2

    (cough) Ninite (cough) .... The ONLY way to get GIMP and a LOT of other good stuff freeware/opensource programs for Windows.. Back when I still used Windows, I wouldn't be without it...

    --
    THANK YOU, Edward Snowden!! Americans owe you a debt of gratitude (whether they know it or not..)
  20. Re:So? by Megane · · Score: 5, Interesting

    GPL covers the rights to use and distribute code. I was not aware that it also included the right to use of trademarks. (Assuming GIMP was even properly trademarked.) See also "Iceweasel".

    --
    #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
  21. My experiences with SourceForge by jdeisenberg · · Score: 5, Informative
    1) I recommended an open source screencast recorder for Windows to a co-worker. She downloaded it from SourceForge, it loaded adware on her system and made her system pretty much unusable. It cost her quite a bit to have her system restored (she wanted to have it done professionally to make sure it was done right). The next time I recommended some other open source software, her response was "No, I don't want to go to that time and expense again. I don't trust anything Open Source any more." Thanks, SourceForge!

    2) I call bullshit on SourceForge's assertion that their adware only comes with projects that aren't actively maintained. There have been a lot of complaints about FileZilla downloads (see, for example, https://forum.filezilla-projec...), and it is definitely a very active project.

    1. Re:My experiences with SourceForge by pop+ebp · · Score: 4, Informative

      2) I call bullshit on SourceForge's assertion that their adware only comes with projects that aren't actively maintained. There have been a lot of complaints about FileZilla downloads

      FileZilla developers actually opted-in to this though.

      That is not the case with GIMP.

  22. Re: Haven't they been doing this for months alread by Bing+Tsher+E · · Score: 2

    It is particularly an issue with The GIMP because it is an open-source gateway program. GIMP is the first open-source software that some people directly experience. I know artists who use it and it's their first contact with the open source community. Sure, they use a lot of OS software without knowing, but this is a highly visible individual program.

    Lots of geeks suggest The GIMP to their friends who are otherwise pirating Photoshop or languishing in MS Paint. It's just not a good thing for them to end up downloading malware laden crap because they went to a page Google found for them and not the real download site.

  23. Enough is enough by Pollux · · Score: 4, Insightful

    OzPeter,

    Soulskill has apologized. Repeatedly, and professionally. Accept it and move on.

  24. People Still Use Sourceforge? by Greyfox · · Score: 3, Interesting

    I've classified Sourceforge as a malicious site for a long time now. Is there some reason other than their early history with the open source movement that they're still around? It seems like they've been trading on and abusing that good will for a VERY long time.

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  25. SubjectsSuck by aardvarkjoe · · Score: 4, Interesting

    The original announcement for when Sourceforge added the "feature" of injecting malware into installers said that the money earned would be shared with the developers. So I have to wonder: did they send the GIMP a check? Have the GIMP developers demanded that Sourceforge do so?

    On the assumption that Sourceforge did not, it seems like they've just burned a bridge that they shouldn't have. They killed any trust that users would have had for SF projects a long time ago, but developers who were willing to sell out have stuck around. But now that developers know that SF is willing to just assume control of a project (and the associated profits), why would any developer continue to use SF.

    --

    How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
  26. PR Rule: Always disclose a conflict of interest by dcooper_db9 · · Score: 2

    How is it possible that you got blind-sided by this story? For a company with media holdings Dice sure does a lousy job of handling public relations. It's not like slashdot is the first publisher to have a conflict of interest involving it's parent company. The smart thing would have been to simply disclose up front the fact that slashdot's parent company owns sourceforge.

    --
    I do not block ads. I do block third party scripts.
  27. Re:stopped using sourfeforge after filezilla by ColdWetDog · · Score: 2

    You mean they've gimped GIMP?

    --
    Faster! Faster! Faster would be better!
  28. Trust by Andy+Smith · · Score: 4, Insightful

    I blanked my Mac a few weeks ago and when I started reinstalling software I got some survey crap popping up on my screen asking for my details. Turns out it was the SourceForge installer for FileZilla that had sneaked it through. Googling it threw up enough horror stories to make me just blank the Mac again and start over. I'll never download anything from SourceForge again. A decade of trust destroyed in one stupid move.

  29. Re:dupe or new info? by RavenLrD20k · · Score: 4, Informative

    It never posted to the front page, but several people made postings about this to the Firehose and when it was seemingly ignored for several days after many up-votes, /. users started hijacking threads (in many cases thwarting the "first post" trolls) as their method of recourse to bring attention to the general user-base that there was an FOSS story of relative importance that was not being put on the front page. This didn't look too good on the eds since it was a negative piece about SourceForge which led to the hijackers making claims of conspiracy and censorship on the part of /. and Dice. I have to admit, Soulskill may have been on vacation, but someone was running the wheels of /. since Wednesday and making a popular post in the Firehose disappear...multiple times.

  30. Check out FileZilla and how they handle it by future+assassin · · Score: 2

    This one is voluntary though. I even got the crapwere when I denied the install.

    https://forum.filezilla-projec...

    --
    by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
  31. Dice handled this case really bad by cheesybagel · · Score: 2

    What was the problem? Was it the bandwidth costs? AFAIK most of the files you can download from SourceForge are actually not served by SourceForge itself but by mirrors. So those guys are shouldering the brunt of the costs not you. By doing something like this I would not be surprised if some of the mirrors decided they do not want to work with you anymore.

    If you wanted the extra revenue by bundling ads with applications you should have done this explicitly with a prior public notification of this being done. For example News.com for a couple of years now bundles their own installer with the downloads they provide. I've seen other places do the same thing. But you should always be able, as a user, to disable the adware installation. Also the user should know before downloading a binary that it has adware in it. Not stealth adding it without people knowing about it. Last but not least hijacking someone else's account for these shenanigans was quite pathetic and fail. This was all handled quite poorly.

    A lot of people have been leaving SourceForge as is because it has worse Git integration than other more recent sites and this is just another nail in the coffin.

  32. Re:So? by pop+ebp · · Score: 2

    they've been doing stuff like this since 2013. I remember telling it to everyone back then, but was only met with dismissal. Why is everyone so outraged now?

    Because back then they were doing it only for projects whose maintainers consented to it. (as a kind of twisted revenue-sharing program)

    Now they are hijacking the installers of so-called "abandoned" projects, and locking out the owners too.

  33. WARNING: WOT still flags SF as "Trusted" by FreeUser · · Score: 2

    This behavior should get SourceForge blacklisted as both cyber-squatters and adware, possibly malware vendor.

    I agree 100%. 10 years ago sourceforge was a great site. Now it's basically a malware haven. Unfortunately, plugins like Web of Trust (WoT) seem to have been slow to catch up ... WoT is still marking sourceforge as green ("trusted"). Perhaps blackholing the site in DNS really is the best answer...

    --
    The Future of Human Evolution: Autonomy
  34. This whole thing is a lie. Lawsuit Info In Post by Khyber · · Score: 4, Informative

    http://danluu.com/slashdot-sou...

    SF claims the project was abandoned in 2013.

    To quote another user from Ars:

    "the files page has the folder GIMP + GTK+ (stable release) with a last modified time of 2014-11-18. In that, GIMP 2.8.14 is the latest with the 2014-11-18 modification date. The previous file, GIMP 2.8.10 has a modification date of 2014-05-29. (This is just shy of 6 months.) The one before that, GIMP 2.8.8 is also last modified 2014-05-29, and the one before that is GIMP 2.8.6 last modified on 2013-06-24. (This one is just shy of 11 months back.)

    So the project was abandoned, but a year later, it's still updating files. And it had three releases in the year after it was supposedly abandoned. The last release was just a few days over 6 months ago, and the project has a history of up to 11 months between releases. How does that qualify as "abandoned"?

    No, this is a bullshit excuse Sourceforge was hoping no one would delve into the details to call their bullshit on. There is no other way to put it than they flat-out lied about the abandonment."

    Oh, and to boot - According to the gimp-win developer, they locked him out of his account.

    That's right, SourceForge STOLE THE ACCOUNT using an account called SF-editor1 in order to wrap one of the most popular FOSS projects with a malware installer.

    So here's what we do, guys. I've got a really good attorney. Same one that helped me kick EA's ass back in the Spore lawsuit days.

    We band together, we find every person that has had this malware pushed on them, and we sue the ever-living shit out of SourceForge in a class-action suit where accepting a settlement is NOT AN OPTION. Knowingly distributing malware, using misleading language to get the malware to install, and the damage the malware does to the user's computer are all entirely actionable in court and we need to band together to put a legal end to this crap once and for all. We now have the evidence in the testimony of the former account holder, we have copies of the malware, we have copies of the installer, we have screencapped evidence of the lies SourceForge has posted. SourceForge is DEAD IN COURT.

    Look up Mark Punzalan Law. Let him know Alex from the Spore/EA case sent you.

    If you want, I can come forth as class representative again. I will be more than happy to be the headman ripping these people apart in court.

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  35. Compare editing a CSV with a spreadsheet by tepples · · Score: 2

    they've apparently sabotaged GIMP too - for example, they apparently changed the save dialog so that you can only save XCF files and have to click through a "you have unsaved changes" warning when you export to a different format.

    Is that any different from how Microsoft Excel, LibreOffice Calc, or Gnumeric prompts to save a spreadsheet in native format even if you've already exported it to CSV? Or how Microsoft Word, LibreOffice Writer, or AbiWord prompts to save a document in native format even if you've already exported it to plain text or RTF? Most formats other than XCF do not support layers, and if your document has layers, flattening them to save would lose data.

    1. Re:Compare editing a CSV with a spreadsheet by Rei · · Score: 2

      What are you talking about? I just did "echo 1,2 > test.csv" then opened test.csv in OpenOffice Calc, then saved it as test2.csv from the save dialog. No complaints. Then I clicked to close it. No complaints about unsaved changes. Did you actually try that out before you commented? I don't have any of the other programs you mention on this computer, so I'll pick another - let's try OpenOffice Writer. Made a text file, opened it, saved it as a .txt file, it asked me for the encoding, I confirmed it, I clicked closed, and it closed without trying to force me to save as an .odt.

      I'm sorry, but GIMP's change is totally broken behavior. The most common workflow for GIMP (as you can see from all of the rage on the forums when these changes occurred) is not long complex workflows, but simple changes to jpegs or pngs. Open, change it, save it, close it. What sort of moron do you take people for to think that you have to "protect" them from choosing a format of file that doesn't save layers, and instead try to make them always save whatever they do in a format that no other programs support? As if a dialog warning them that it doesn't save layers and asking them if they want to flatten it, like Gimp used to do, isn't enough? What on earth is the point of *banning* people from typing in a file with the suffix that they want to use in the save menu, and instead making them choose an entirely different menu? Actually two different menus, depending on context, only one of which has a keyboard shortcut. It's just ridiculous. We're not preschoolers, we don't need the hand-holding.

      --
      "Who the **** put an emergency exit in the interrogation room?!" -- Police chief, "Jesus Christ Supercop"
  36. Re:stopped using sourfeforge after filezilla by geminidomino · · Score: 2

    Actually, it was the GIMP team themselves broke saving in 2.8. (If they've since fixed it, then sourceforge probably just doesn't have the updates).

    Their GNOME-like "reasoning" was that "professional" users wanted to save in XCF, and that amateurs should just use something else. It rang pretty hollow when the gold-standard Photoshop didn't behave the same way.

  37. user submissions are easily found in the firehose by rewindustry · · Score: 2

    this seems to the takeaway - NEWS is found in the firehose - slashdot per se is more the DICE magazine section.

  38. I might get burned for this, but here goes... by cloud.pt · · Score: 4, Insightful

    Saying you had a "very busy weekend", to my eyes, feels just like a euphemism for "management argued a lot before this got posted, and when it did get posted, the expression modified binary had to replace bundled with malware".

    Personal Note: "bundled with malware" is what every other place I read the article used to define it.

    Personal Note 2: If I happened to stumble on some facts, I want to stress I understand them completely as I also happen to have a very policy-centered full time job. I'm just letting my thoughts fly in a comment, because, well, comment section is still community moderated in full that I know, thus still being free (in the extreme, FSF-like sense of the word "free").