nmap Maintainer Warns He Doesn't Control nmap SourceForge Mirror

vivaoporto writes: Gordon Lyon (better known as Fyodor, author of nmap and maintainer of the internet security resource sites insecure.org, nmap.org, seclists.org, and sectools.org) warns on the nmap development mailing list that he does not control the SourceForge nmap project.

According to him the old Nmap project page (located at http://sourceforge.net/projects/nmap/, screenshot) was changed to a blank page and its contents were moved to a new page (http://sourceforge.net/projects/nmap.mirror/, screenshot) which is controlled by sf-editor1 and sf-editor3, in a pattern mirroring the much discussed takeover of the GIMP-Win page discussed last week on Ars Technica, IT World and eventually this week on Slashdot.

On Monday, Sourceforge promised to stop "presenting third party offers for unmaintained SourceForge projects," and to their credit Fyodor states, "So far they seem to be providing just the official Nmap files," but reiterates "that you should only download Nmap from our official SSL Nmap site: https://nmap.org/download.html." To browse the projects and mirrors currently controlled by SourceForge, you can look at these account pages: sf-editor1, sf-editor2, and sf-editor3.

Fuck Sourceforge

[weilawei]

They are dead to me.

Re:Fuck Sourceforge

[TWX]

Probably because Soylent News has a godawful colorscheme that drives users away?

Re:Fuck Sourceforge

[DescX]

Holy crap. You're not kidding. I'm just about ready to run screaming back to IRC. I'm getting rather sick of this experiment we call the world wide web and all the trappings of advertising that fuel the beast. ...but I also recall running into all sorts of unpalatable crap before the WWW made it big. Mainly, square eyed nerds with small minded evil streaks. "Will this program attempt to burn out my CPU, or will it sort my email?" is a question I haven't had to worry about realistically for years. As much as I dislike the power "clouds" give to businesses, I will say that such models have made it a lot harder for some depressed person to reason that they can be ruinous. And mistakes actually get noticed... a step in the right direction.

I think we just need to be more stringent about policing our own kind, and the type of ownership problem SF has spurred will fix itself. Specifically, I mean growing a pair as an employee to stop poor management internally, insisting on having competent help, etc. I disagree with a comment below saying we should click buttons to report content. All that does is drive participation numbers. Want change? Spend 20 bucks on an old PC, 10 on a domain, and roll your own SVN/git/etc. Then, treat SF as though they never existed. Problem solved... ...or have I missed something crucial & worthy of an ethical crusade??? ;)

People still use that?

[Lazere]

Honestly, using SorceForge right now is kind of like using Download.com. Sure, you might not get something nasty, but why take the chance?

Re:People still use that?

[gstoddart]

You know, it probably still shows up in a lot of searches.

There's quite possibly people out there who have known it long enough that they still trust it.

If you're following this stuff, you know about it. But it's surprising how long it can take from when a company starts being shady and when everybody stops trusting them.

From the sounds of it, Sourceforge will be able to coast on their reputation for some time before they go away, if at all.

Re:People still use that?

I am one of those people who have used it occasionally in the past and have grown to trust it. I appreciate the effort that /.'ers have made to make the issue public. At first I thought it was some kind of spam or APK or Golden Girls type thing, but then I saw it getting modded up. I easily could have been an unwitting vector in telling other people how great SourceForge is.

Damn, I trusted them

[Pete+(big-pete)]

Sourceforge was always my go-to place for trusted original non-screwed files, and now I check the list of projects owned by sf-editor1, 2, and 3 and I see a lot of projects that I have used in the past.

Sometimes (particularly for older projects) it is very difficult to find a home-page or source that I can trust...and now it just became a lot harder.

-- Pete.

Just Remove The Product

[KermodeBear]

Re-packaging the product as your own is bad enough, but another bad part is that older projects may have security vulnerabilities as well. It seems like it would be far more ethical to me to simply mark the project as "abandoned", then after a while remove it completely. If the project is alive somewhere else, then contact those folks, let them know what is up, give them a chance to close it all down themselves or revive the proejct on SF.

But taking it over? No, that is not cool.

Goodbye Sourceforge

[Stephen+Chadfield]

A good reputation is hard to earn but easily lost.

Look at the bright side.

[idontgno]

We slashdotters complain vociferously about the (lack of) quality of the editors here at Slashdot. But it could always be worse. We could have editors like the ones at that other Dice holding, who steal people's contributions and put their own labels on them, and then wrap them in malware.

It'd be like Timothy personally claiming every +1-or-higher comment made in one of the articles he "edited", leaving only Goatse and GNAA trollage for us plebians.

Re:There is a little hope

Why would they do that, this was done by directive, not by some rogue employee.

Ransoms is my captcha.

I want my old /. With BlackJack and Hookers.

[0100010001010011]

Eh, forget the ./

Dice you've successfully figured out how to run one of the most best 'news' and opensource websites and run them into the ground for profit. /. and Fark were the only 2 places that could handle 9/11 traffic. I rode out that entire day on both sites when CNN was crumbling.

I'm glad I had Slashdot over Reddit when I was an angsty tenager. I took pride in trying to get +5 comments and put effort into doing so. Honestly slashdot made me a better writer. Reddit is nice for short terse communication but sometimes I want to "talk with adults".

Slashdot didn't need much. Unicode support. Newer HTML5 support. CSS3. Make a decent mobile app, move away from HTML for Markdown. Moderation made sense and was much better than a simple +- system. Voting was randomly enabled and you couldn't both vote and comment on the same article. -2 to 5 also limited band wagoning. It's easier to recover from a bunch of early 'down votes'. Instead you drove everyone away to other sites (which still don't quite scratch the /. itch). You shoe horn in what ever fucking agenda is "big in IT". Looking back at all the news I got from /. I can't ever remember thinking "I wonder if a woman did this" or "Too bad a woman didn't do this" because I didn't care. It was about the tech and news for nerds.

On 'Gamergate', 'sexual equality', 'gender issues', we don't care "Trans-gendered" is a big thing in the news these days (and especially around tech) but a long, long time ago I remember a Mac developer made the transition. (This was in the late '90s.) I read her bio. Shrugged my shoulders went "Neat" and moved on. Why? Because she made some awesome Mac games. Most other person I know in IT or engineering think the same way. None of us care what you do with your body or who you take to the bedroom. I do care if you can cut it and get your work done or contribute to society.

On the other side of that is Randi Harper (FreeBSD Girl) who actually write decent code. I've dug through some of her BSD commits, major props to her for doing that. But it can all be done without photoshopping traffic tickets to make it look like you got swatted, begging for money to move on twitter, (When you already earn $3k/month from Patreon), grandstanding on Twitter for no reason and bandwagoning users against anyone that disagrees isn't the way to do it.

You had the same opportunity to fix Sourceforge all of its' convoluted download mirrors (just use a proper CDN), update to Git, and everything else that Sourceforge isn't and GitHub is. Instead you rested on your laurels and are now trying to use this as one last cash grab before the Titanic goes down.

I don't know where I was going with this either. Just thought someone up top should know why your traffic is tanking and a lot of us are pissed off at you for what you've done.

I still won't forget the time you broke the capslock filter, I remember BitTorrent being announced and people thinking it was useless, the iPod's lack of wifi and space compared to a Nomad, et al.

Thanks for the fish?

Re:Sourceforge can go White Hat on this

[houghi]

It will EVENTUALLY translate into revenue? But the CxO needs a new boat NOW. The numbers of this quarter are due in less than 3 months, so we need it now.

Get the golden eggs out of the goose NOW, because there will be at least one in there. Fcuk tomorrow.

Re:Changes from the original submission

[gatzke]

Between /. screwing around with this SF story and them screwing around with the poll, I am about to give up.

After nearly two decades reading /. nearly daily they are pushing me over the edge.