SourceForge Responds To nmap Maintainer's Claims

An anonymous reader writes: A few days ago, the maintainer of nmap (an open source network mapping tool) complained that SourceForge had taken over the nmap project page. SourceForge has now responded with a technical analysis of the nmap project history. They said, "We've confirmed conclusively that no changes were made to the project or data, and that all past download delivery by nmap on SourceForge was through our web hosting service where content is project-administered."

They detail the history of services used by the nmap project, and use screenshots from the Internet Archive to show how long the project was empty. SourceForge said, "The last update date in 2013 relates to the migration of the nmap project (along with all other projects on the site) from SourceForge's sfx code base to the new Apache Allura-based code base. This migration was an automated operation conducted for all projects, and this platform change did not augment data in the Project Web service or File Release System. We therefore conclude that no content has been removed from the nmap project page." They also confirmed that nmap downloads were never bundled with ads: "Infosec professionals do not generally wish to install secondary offers." Note: SourceForge and Slashdot share a corporate overlord.

stick up

for yourself

Nice phrasing dice

There's no apologizing for the malware spewing shitfest that SF has become. Do the right thing and close the site.

How long until you guys face trademark lawsuits from the ors and foundations that don't want to be associated with your site?

Because that's the next step. I'm surprised it's not happened already.

Re:Nice phrasing dice

[antiperimetaparalogo]

SourceForge din du nuffin, was a nice repository trying to help the community by giving back some free stuff - i blame those bigoted developers...

offtopic: i thought Soulskill's weekends started at Tuesday or Wednesday!

Re:Nice phrasing dice

[WCMI92]

Sourceforge might as well be The SCO Group now with what it's done with it's reputation. And I don't see how bundling spyware with GPL'ed code isn't a GPL violation.

I know I'll never download anything there again.

Re:Nice phrasing dice

The one I'm surprised about is, seeing that Dice is a publishing company, you think out of all people, they would know that just because somebody isn't maintaining a project any more doesn't mean they can take over the copyright.

Re:Nice phrasing dice

[HiThere]

It's not a GPL violation, merely unethical. It probably isn't illegal.

Re:Nice phrasing dice

[Megol]

Good thing they didn't then.

Re:Nice phrasing dice

Poor dindu SF. It was probably even thinking about going to college someday. Where should we pile up teddy bears in memory of SF?

Obvious solution

[gatkinso]

Migrate to github. Shut down SF repo.

Re:Obvious solution

Until they just clone it and re-post it bundled with malware like they do now. Then if you argue, a front page post on /. says you're lying and it's all fine.

Re:Obvious solution

You can't. As in the case of GIMP, they took control from the guy who owned the actual dev account for the project, took new binaries from the official GIMP site, put their malware in and called it a day.

Shut down if you like, watch as they reopen a "mirror" of your project.

Re:Obvious solution

[coofercat]

+1 for this, and a strong caution about using someone else's server to host your stuff. One day, Github might well end up doing the same thing (yeah, I know it seems unthinkable now, but SF looked pretty cool and was never going to do something like this just a few years ago too).

PS. This post noticed that you have a virus on your PC. Please download AwesomeSuperWhizzoCrap and run it to fix the problem.

Re:Obvious solution

[mwvdlee]

That's what I'm doing.

Hope to have my SF projects migrated after the weekend.
My actively developed projects are already on GitHub.

But just because a project isn't active doesn't mean it's dead; it just means there has been no need (or requests) for changes.

Luckily none are big enough to be near the top of SF's "loot-&-pillage" list.
But even then, this seems to me to be the last dying breaths of SourceForge.
I don't expect them to exist in any recognizable form this time next year.

Re:Obvious solution

[gatkinso]

yeah that is an obvious problem. sucks.

Re:Obvious solution

[andremerzky400]

They can open a mirror of any OSS project, no matter if it lived on SF to begin with. That does not invalidate the point of the parent poster...

Re:Obvious solution

[Goldenhawk]

Okay, so you can't shut down a SourceForge project page. How about simply uploading a final "release" that is essentially completely blank, and editing all the project information to make sure people know this? Can SF really reach out and pull back in external versions to replace the owner's edits?

There's more than one way to "shut down" an account, even if the website won't really delete it.

Re:Obvious solution

[Em+Adespoton]

This is what TrueCrypt did. However, as the GP pointed out, it will do nothing. SF will shut down the repo, and replace the product offering with their own bundled version taken from github or wherever the live source is located.

I find this sad, because I used SF a lot pre-Dice to host small projects.

Re:Obvious solution

[PRMan]

It's open source, so of course they can put any version they want.

Re:Obvious solution

[Coren22]

Then Github gets bought out by Dice, or Cnet, or whatever other malware company.

Re:Obvious solution

And now you see the real reason they're taking over "abandoned projects". They probably saw a lot of projects actively close shop as people started to abandon the shitfest Sourceforge has become - this prevents the project from leaving and lets them bundle intrusive adware for extra profit as a bonus!

Sure nothing stops them from just starting a "fork" of OS projects on sourceforge, but that takes more work than locking out the original devs before they can take it down.

Re:Obvious solution

How about simply uploading a final "release" that is essentially completely blank

SourceForge provides up to date binaries with their installer, that is how they defend their requisitioning of abandoned accounts. Your completely blank commit will be barely noticed or rolled back for violating the site terms.

Re:Obvious solution

Sourceforge has done a Cnet. If Cnet or Sourceforge are the only source for a piece of software that I want, I will just have to do without that software. I will never download anything fro Sourceforge or Cnet. NEVER!

Re:Obvious solution

[plopez]

Welcome to the cloud.

Re:Obvious solution

[Vasheron]

I Googled AwesomeSuperWhizzoCrap, but all I got was a link back to this post. Please tell me where I can get this AwesomeSuperWhizzoCrap. I can't stand having viruses on my machine!

Re:Obvious solution

I've done my part by removing my mirrors from the internet.

You have a mirror, you get a vote too.

Re:Obvious solution

[david_thornley]

They can reuse code all they want, within the confines of the license, but they can't do the same with trademarks. I think we need to think harder about them.

Re:Obvious solution

[KGIII]

It is funny. We have come so far just to be begging to return to the days of the dumb terminal.

Re:Obvious solution

so modify license, specifically exclude SF

Re:Obvious solution

Sourceforge is historically important. You can't shut it down. It just needs a better management.

Re:Obvious solution

[Error27]

Github is only free for tiny projects. You get what you pay for.

Public Relations Arm

Must be nice for SourceForge to have their own Public Relations arm now via slashdot. Just post the story you want, say "Nah - It's fine trust us" and then boost it to the front page of /.

I'll await my downvotes

Re:Public Relations Arm

From Soulsucker: "Note: SourceForge and Slashdot share a corporate overlord."
 
I guess they're trying to present the front of being edgy and repressed all while stroking that paycheck in their hands.
 
Slashdot really is just another website. Get over it. I'm sure by next week they'll be putting in slideshow formatted articles.

Re:Public Relations Arm

Easy solution. There are soe scary characters on /. SO we just encourage them to post the best of the worst of the internet. Tub girl, goat sex, images from fugly or rotten and probably a host of others. Until the riff raff bail out and the ad revenue dries up. After which either it gets shutdown or sold. Take back /. !

Re:Public Relations Arm

Edgy, bro.

Re:Public Relations Arm

This isn't reddit mate.

dafuq?

[Penguinisto]

"Infosec professionals do not generally wish to install secondary offers."

WTF? Nobody with a clue wants to install "secondary offers". Otherwise we'd seek that crap out and install it ourselves, dumbasses...

Re:dafuq?

After a McAfee popup announced yesterday that my Windows PC passed security inspection, I felt like sending off a slightly edited version of Prof David Mazières' most famous paper to Adobe Systems.

Re:dafuq?

[dunkindave]

"Infosec professionals do not generally wish to install secondary offers."

WTF? Nobody with a clue wants to install "secondary offers".

That's the point. Infosec professionals normally have a clue, and the general population in general does not. Desire isn't the problem, understanding the situation is.

Re:dafuq?

Wow such restraint. These folks aren't by chance is the business of consulting frats on how to treat drunk girls??

"We knew which ones wanted it"

Re:dafuq?

[penguinoid]

WTF? Nobody with a clue wants to install "secondary offers". Otherwise we'd seek that crap out and install it ourselves, dumbasses...

Duh. The few people who actually like these "secondary offers" are 1) extremely unlikely to have found out about that program on their own and 2) extremely unlikely to download and install it themselves. Thus, being bundled with legitimate software is the lifeblood of these "secondary offers".

Re:dafuq?

[praxis]

Yes, but the quote implied that non-infosec professionals did *wish* to install secondary offers. They made no statement about understanding the situation but about desire. "Desire" is the problem with that quote and what Penguinisto was pointing out.

Re:dafuq?

[Coren22]

The women shouldn't have raped those poor drunk frat boys than. /s

Re:dafuq?

[CmdrTamale]

On the contrary, some infosec pros have a professional interest in malware.

Think of it as free samples.
--
Remember the literal definition of the cloud: "Someone else's server."

No Trust

Here's your problem, SourceForge. You've abused your trust with the community. Why should the community trust you? Even the evidence you provide requires the community to trust you haven't been doing nefarious things to ensure the evidence looks good later on when you need it. Sure, it's far fetched.

And 15 years ago, I would have said it's far fetched that SourceForge would include malware with their downloads. Today? We're a stepping stone away.

How can SourceForge fix this? I don't know. I simply don't get myself into this sort of situation in the first place, so I don't have to weasel my way out of them.

Re:No Trust

[emho24]

Attempting to download software from SF is such a disgusting process, it's similar to negotiating with a car salesman. You will be taken advantage of at every opportunity, and if you don't have your guard up at all times you will be hurt. I'm forever done with SF. I nearly exclusively use Chrome as my browser of choice so 2 browser plugins make sure I never visit that site again. "Personal Blocklist (by Google)" will makes sure that no SF results get returned in a Google search, and "Block site" will make sure that I cant navigate there by manually typing in a url.

Changes

[BradleyUffner]

We've confirmed conclusively that no changes were made to the project or data

other than the parts we changed.

Re:Changes

[Khyber]

http://8ch.net/sourcefraud/

Make some real change happen - go there and start helping break down every lie Sourceforge/Slashdot Media is telling. Help us gather more evidence that directly contradicts the lies being told by SDM.

Re: Changes

[Fwipp]

8chan, really? I don't like what sourceforge is doing but I'm sure as heck not going to that cesspool.

Re: Changes

[Scotsman,+True]

I heard it's twice as bad as 4chan

Re: Changes

[TheGratefulNet]

[litella]

but the program changes every 15 minutes with a great big ker-CHUNK!

that's why I dropped 8-track, years ago.

[/litella]

Re:Changes

[KGIII]

The problem I have, and I suspect I am not alone but I have not read any comments about this, is that they can say these things but I simply can not trust them. I was installing an application that I had seen linked from a comment in here. I do not need to shame them. That application installed what was basically a wrapper and I had selected to install a YouTube viewing agent. During the install, and I watch carefully, they downloaded the application separately as it is not a part of the main application. This downloaded application was from SourceForge. I had to scan my machine with my regular AV, I then had to scan it with MBAM - to be sure, and then I went through the registry and the application's folder to look for anything suspicious. Fortunately, there was nothing that was detected or that I could detect. Maybe it is time for me to move to Linux all the time (I use a few distros very often, only the desktops are used for Windows and those are often dual-boot.) and just use Windows in VM? I do not need Windows but I prefer it in many areas.

Re: Changes

8chan's probably the best place to discuss corruption issues with big websites these days. But some loser posted CP there on a board no one visited then wrote an article about how it wasn't deleted right away, so it's totally a cesspool.

Controlling the message

[buk110]

Must be nice for Sourceforge. Controlling the message via slashdot. Listen, no one wants malware. You can shine it up and call it "a secondary offer" but it's still junk. I hope as time goes on more people realize what a virusden that site is and more people rely on github

Re:Controlling the message

[Monty845]

I'm done with Slashdot. Its long had quality issues, but this is just over the top. The whole network of companies is contaminated at this point. Deleting my Slashdot shortcuts.

Re:Controlling the message

[sentientbeing]

Can I have your ID

Re:Controlling the message

LOL.

No article about SourceForge on Slashdot: They are covering it up and hoping it blows over.

Any article about SourceForge on Slashdot: The ministry of truth has taken full control abandon ship!!!!!

Re:Controlling the message

[HiThere]

This is an inherent problem with systems that have a centralized control. Including GitHub. git is inherently decentralized, so it has different problems, which the designers of GitHub tried to resolve through centralization. If you'll notice, it worked. The problems with decentralization were solved. But now we have the problems of centralization.

I don't know what a real solution would be. Google is a good example in another area. Web pages are decentralized, but Google makes it possible to find what you need...but Google is centralized, so if Google doesn't want you to find somthing, it is even more difficult to find than before.

This is the inherent problems of monopolies, even when they aren't abusing their power. But monopolies always eventually abuse their power. Sometimes not until the first generation of management retires, but eventually.

I was worried about SourceForge from the first time that I heard about it. But it was so useful...

Re:Controlling the message

[Megol]

That's the standard MO of conspiracy theorists. Logic isn't their strong side.

Re:Slashdot is Bullshit

"We" haven't come to anything. You're not part of any major projects and have no say in any of this. You're just a worthless spectator.

Re:Slashdot is Bullshit

Khyber, does that mean you're leaving Slashdot?

Sourceforge eats good software and shits it.

[Needs2BeSaid]

They ruined Filezilla
They pissed of GIMP.org
.... now nmap.

Re:Sourceforge eats good software and shits it.

[PPH]

Some things need to be said...

If only there was a discussion group not under the control of the same corporate parent. Hmm ......

Re: Sourceforge eats good software and shits it.

Not defending SF here, but they didn't ruin Filezilla- the creator of Filezilla did. He chose to bundle the SF filezilla download with crapware and is adamantly FOR it and claims it is useful and people like it.

Re: Sourceforge eats good software and shits it.

[Needs2BeSaid]

I agree however, when a drug dealer offers you a free "taste".... in the end, there was still a drug dealer starting it all.

Re: Sourceforge eats good software and shits it.

For reference to others: https://forum.filezilla-project.org/viewtopic.php?p=112970#p112970

Re: Sourceforge eats good software and shits it.

That is what epically pissed me off. It installed shit on my Mac that took quite a bit of effort to remove. Fuck that cunt and fuck that shit. If there was a better alternative to filezilla, I'd use it.

Re:Slashdot is Bullshit

[msobkow]

Who is this ranting, cross-posting idiot with a "mission"? Why should anyone give a damn about them posting the same drivel over and over to every comment branch on this thread?

That's it- I'm out

[eigenstates]

No more DHI Group anything, ever.

You want to bitch about it- call these people- don't even bother posting here:

http://www.dhigroupinc.com/investors/corporate-governance/default.aspx

Dice is rape

[Megaweapon]

Just shut every fucking site you've purchased down already. I can't imagine you guys EVER regaining whatever credibility you might have thought you had. Your websites are bleeding to death while you're picking their pockets for every last penny you can find.

You've "won". It's over. Shut them all down.

Re:Dice is rape

Seriously, who even uses Dice to search for work? It's a shit platform.

Re:Dice is rape

[slashdice]

I did. I got a bunch of shitty job offers that I had time refusing. And it turns out they scraped the job from another site and reposted it.

So, exactly like sourceforge.

Re:Dice is rape

work? i thought they just posted self-serving news.... and now POLLS! cause what we all want is not news, but poll results! can you add more videos too? how about some games or trivia or other content-place-holders?

Re:Dice is rape

I did. I got a bunch of shitty job offers that I had time refusing. And it turns out they scraped the job from another site and reposted it.

So, exactly like sourceforge.

That may explain how I ended up applying for the same job twice, once on DIce and once on Monster. I've always wondered about that.

nmap is for luddites.

Modern app appers app networks using n-app!

Apps!

Apparently graphics artists love them...

[MikeRT]

I'm sure graphics artists and casual users who want a cheap replacement for Photoshop just love them....

I appreciate sourceforge mirrors, not the bundling

[raznorw]

At times (at work) when I can't access various project webpages due to overeager web filtering, and I find a sourceforge mirror of a project, that comes in awful handy. If they follow through with their "opt-in" advertising only, so much the better. Of course, i'm generally downloading source to build, so the advertising doesn't come up.

Alternatives

What alternatives are there to slashdot?

Lately I've noticed more and more that I'm getting my news only from 8chan or peers. But even that's a bit of an echo-box.

I never liked news.combinator too much.

Re:Alternatives

[eigenstates]

Try looking for good subs on Reddit. If you get rid of the defaults and just use your own, it can be a pretty good place.

Re:Alternatives

SoylentNews.

They did a major backend update last weekend and things are still settling, but that's where a lot of us have headed. Hope that helps.

-- kurenai.tsubasa

Re:Alternatives

The company that owns+runs reddit is about as good as the one that owns+runs slashdot.

Re:Alternatives

[0100010001010011]

It's worse. Their CEO is married to a guy that ran a ponzi scheme. They try to shoehorn SJW into everything. Some of us just want a place to talk the merits of tech.

Re:Alternatives

You can talk about tech on any of the thousands of appropriate subreddits. /r/futurology /r/technology /r/science /r/programming /r/security /r/gadgets /r/askscience /r/ted /r/space ... and many, many more.

I've been using Reddit pretty heavily for a little over a year now, and at this point I *might* visit /. once a week, and that's after being a regular user for well over a decade.

Translation

The project hasn't been updated in a while, so we hoped it's maintainer won't notice our takeover. We were interested just in planting our ad/spyware wrapper and didn't intend to actually add any changes to codebase, so nothing has been modified or removed apart from installer. Here are some random stats that are easy to get and that look serious add nothing to discussion.

Wait a mainute, did I read that correctly?

[Narcocide]

Am I confused here, or did the summary wording say they basically are claiming no culpability for the site's contents not being live anymore because they didn't literally change the files, they merely replaced the entire server?? How does it then follow that this wasn't their fault because they "automated" it?

Re:Wait a mainute, did I read that correctly?

[davidleelambert]

Fyodor's original message to the "Nmap Development" list includes the following claim:

The old Nmap project page is now blank:

http://sourceforge.net/projects/nmap/

It's true that if you go to the "files" tab you won't see any files. However, the SF blog posting says that Fyodor never put anything in the File Release System, so "now blank" is literally accurate but misleading. It implies that SF deleted something, which they didn't.

taken over vs. have no control of mirror

this is basically a spin-answer.

What about the others?

[0100010001010011]

Some other projects SourceForge has taken:

• Evolution
• Firefox
• MySQL
• PostgreSQL
• openvz
• Apache HTTP Server
• Apache Hadoop
• SQLite
• SWRare Iron
• Thunderbird
• The R Project
• NetBeans IDE

Those authors haven't gotten up in arms yet but they could (Especially with Firefox's defense of its logo/name for anyone not them)

Your comment has too few characters per line (currently 11.7).

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Integer nec odio. Praesent libero. Sed cursus ante dapibus diam. Sed nisi. Nulla quis sem at nibh elementum imperdiet. Duis sagittis ipsum. Praesent mauris. Fusce nec tellus sed augue semper porta. Mauris massa. Vestibulum lacinia arcu eget nulla. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos.

Re:What about the others?

[buanzo]

Add to the list: audacity

Re:What about the others?

I was disappointed to find that CamStudio's Lossless Codec's installer had SourceForge installware bundled. Maybe I'm more forgiving than most, but I would have accepted that SourceForge was trying out a new strategy, as long as the old/original content was still available for clueful people. However, the download page did not seem to have an alternate link. The file that showed a date from years ago (based on dates shown at CamStudio legacy files but the downloaded file had the content from "Funnel Delivery (Fried Cookie Ltd.)"

But then I found that I could craft this link: file download URL with ?nowrap=1 appended and then I could get the original file.

So they did leave an ability for the super-clueful to get some decent data. They didn't do a good enough job letting semi-clueful people find this information easily, so I do oppose what they did. However, I suspect this technique may be helpful for people seeking to get unaltered older files (particularly for projects where the software maintainers might not be providing other ways to get official installers).

And?

[gstoddart]

"Infosec professionals do not generally wish to install secondary offers."

Honestly, who the fuck does?

I get the sense they didn't do this because they knew Infosec professionals would pillory them, but they're more than willing to embed shit in everything else.

Too little, too late there Sourceforge.

In defense of SourceForge

[davidleelambert]

The "nmap" project really is just a "placeholder". The FRS part is completely empty. If Fyodor doesn't want to put the current release there because of staleness concerns, fine, but it would be polite to at least put a "README.txt" there with a link to the real distribution-site and an explanation of why he chooses not to host the files on SourceForge.

And I'm not happy about all the recent changes (dropping OpenID authentication, for example), but other changes in the last year or so have been positive, SF is still a reasonable place to host a project, and it's good to not have all eggs in the one basket of GitHub. The field of core-technology-agnostic open-source hosting is shrinking, note last week's termination of CodeHaus and the in-process termination of Google Code (which offers a migrate-to-GitHub service, but also provides a link to SF's migrate-from-Google-Code service).

Re:In defense of SourceForge

[ledow]

I worry about using any large project - especially web browsers and network tools - that actually hosts things off-site anyway.

Sure, a mirror used to be handy to combat huge download amounts, but the core of the codebase like git trees, and the like? And with today's cloudiness?

I'm not sure what either github or sourceforce or freshmeat/whatever it's called now actually offer any more. Put a listing up, sure, linking to your page with your software, your licence details, etc. but actual downloads or git-trees? No.

Google Code and this kind of incident just show you why.

Re:In defense of SourceForge

[JohnFen]

SF is still a reasonable place to host a project

SourceForge hasn't been a reasonable place to host a project for years now, and it hasn't been getting any better. I wouldn't touch SF with a ten foot pole, either to host my projects or to download other projects.

Which is a shame. I remember when SF was great.

sad state of affairs

[Phusion]

My god, what the fuck SourceForge. You used to be so good! Now you're packing in shitware with popular open source projects? Filezilla, now nmap, seriously?

Github is the obvious choice, but will no one stand up and create a front end to make it a little more end user friendly, or create a SF clone that doesn't ever mess with the projects they host? I realize this is a costly endeavour, but SF must be stopped :/

Re:sad state of affairs

[DrVxD]

Github is the obvious choice, but will no one stand up and create a front end to make it a little more end user friendly

What's un "user-friendly" about Github? I find it straightforward enough to use.
If you don't say what you think it broken, then nobody's going to fix it for you.

(Of course, there are other obvious alternatives such as GitLab/Gitorious, BitBucket and CodePlex)

I no longer care what sourceforge says

They did what they did and that was bad enough. This isn't even close to "sorry, won't do it again", though that would not have been good enough on its own; they've had their second and third chances. This just confirms their stance is wilful and they are not to be trusted ever again. Well done, dice.

If they're to be believed...

[aardvarkjoe]

If Sourceforge is to be believed -- that all they did was create a mirror, without touching the owner's page -- then that's not in itself a bad thing to do. Providing mirrors of open-source software would be perfectly acceptable for another organization.

But this isn't another organization, this is Sourceforge. They've already demonstrated that they have no qualms about using their "mirrors" to distribute malware by misrepresenting the content of the downloads. Therefore, they have no credibility to be running a mirror, and nobody should trust anything that comes from their download pages.

Re:If they're to be believed...

> without touching the owner's page

But they did. They added malware to it. That is the problem. That is why we are making such a huge deal out of this. You corporate shills are disgusting. I'm sure you and your kind make lots of money from distributing malware, but us normal people aren't stupid enough to believe your Republican kind. sf.net hates us and wants us to die, as they've proven time and time again, so defending their kind is wrong. Wrong. So wrong. We know you are lying.

Re:If they're to be believed...

[Megol]

How about you read and understand a post before replying to it?

Re:If they're to be believed...

Prove it.

What are good Slashdot alternatives?

[gatkinso]

Techdirt? Ars Technica?

I have been around this site for so long, I would be sad to abandon it. But it really seems like things have jumped the shark here.

Re: What are good Slashdot alternatives?

[ranelen]

I don't think you'll find a single site to replace /., except reddit with specific subreddits.

But let's be honest, its never really been that great a site. It was good enough back in the day when it didn't have much competition, but that time has long since past.

Re:What are good Slashdot alternatives?

Hacker News, Slashdot gets all it's stories there anyway.

Re:What are good Slashdot alternatives?

I graduated to http://dailypaul.com, which is now http://popularliberty.com. More of the stories are regarding our liberty, which I (now, later in life) find to be immensely more interesting than the latest gadget or computer language.

Re:What are good Slashdot alternatives?

[Wee]

I hang about on reddit mostly. Slashdot is corporate mouthparts these days.

-B

Re: What are good Slashdot alternatives?

digg.com and phys.org get my usage these days

Re:What are good Slashdot alternatives?

there is actual NEWS i want to read on https://soylentnews.org/

Re: What are good Slashdot alternatives?

they actually have NEWS i want to read at https://soylentnews.org/

2nd time posting this. last was deleted. (i got a you must wait message) waited, clicked again, same. waited, clicked again and my message and their warnoign vanished. content lost/deleted from my browser. i'll do this all day, i learned no to copy the text in case you block one post attempt. since when do you sensor??? 1/2 of all posts on /. ever use cuss words or are otherwise non PG. tons of posts bashing /. and SF and Dice. so what GETS some posts deleted? i am not talking moded down, but i mean GONE

anybody else having even basic usage problems with slashdot? forget the crapware SF adds or intrusive ads here, but i've had the homepage do an auto-refresh while i'm reading, only to have to scroll back to where i was. and i dont know why, but it seems like my cpu pegs if any slashdot page is open. i can have 10 other sites, and nothing. open one slashdot tab in in 30 seconds my cpu fan whirls up to full speed till about a minute after i close all /. tabs. WTF???? maybe it's the ads again. are they fucking mining bitcoins or what? why does an ad need to peg a 3Ghz cpu???? i can watch HD video on my main 2000x1000 display and use software on my other 1800x1400 one and never peg my cpu, so it's not graphics. WHAT are they doing???? seriously somepone out there must know. about to finally add an ad blocker if i am to visit here again.

Re:Slashdot is Bullshit

tell us then!

Re:Slashdot is Bullshit

[sexconker]

Conspiracy to commit cyber terrorism?

Re:Slashdot is Bullshit

[Khyber]

They performed what is essentially IDENTITY THEFT.

When someone downloads something from SourceForge and gets infected, it's the project people, those that made the software, that are going to take the blame.

Sourceforge keeps their name neatly out of it all. Meanwhile, the project devs get to deal with the flak caused by SourceForge.

You can't, and that's the problem

[bradley13]

That's the problem: you can't shut down a SourceForge project. If you try - if your project is popular enough - they will "provide a service to the community" by mirroring your new project page. With ads. And malware.

They've found a way to abuse open source. Precisely because it is open source, they can create a mirror. The only thing that will stop them is publicity - like this has been receiving. I assume that most techies stopped going to SF a year or two ago, when they started with the malware wrappers. Anyone who wasn't put off by that, will surely now be put off.

I would actually prefer that people not all go to GitHub - it's already getting too big and too influential. Bigness seems to inevitably lead to evilness, sooner or later. It would be better to spread hosting around on many different services. We then just need a couple of central directories that say where a particular project's homepage is. If a directory turns evil, that's easier to replace than a whole hosting service.

Re:You can't, and that's the problem

[ralphsiegler]

convenient mirroring could be blocked; wall off all the netblocks owned by SF and affiliates

Re:You can't, and that's the problem

[TFlan91]

Did you forgot that Git is open source?

Don't like github.com? Spin up your own.

Re:You can't, and that's the problem

[TFlan91]

Granted, I absolutely hate all things about Gitlab's "omni-installer".

That thing is a PITA if I've ever experienced one.

But once you find a way to not use their omni-installer, it's really nice having your own "github"

Re:You can't, and that's the problem

I use BitBucket for my FOSS projects.

Works much better than GitHub. They also allow binary downloads; which is nice.

Re:You can't, and that's the problem

[Garfong]

And SVN (that Sourceforge used for revision tracking) is also open source. The Sourceforge platform also used to be open source but fairly early they started making new versions closed source.

Re:You can't, and that's the problem

Maybe start adding 'features' to your program to detect the malware and exit with a 'no sourceforge malware' warning?

Sure, it's OSS so they can remove it, but if every project starts doing this in some way, it'll create lots of work for them.

Soylent News Looks pretty good

[FreeUser]

As a result of this, I've been looking for a slashdot alternative, since I expect Dice to wreck this site as well in the not to terribly distant future. Sad, because I've been here for years.

Anyway, Soylent News looks promising:

https://soylentnews.org/ ... anyone have any other suggestions? Kiro5hin looked good at one time, but went full-bore political.

Re:Soylent News Looks pretty good

All of us long ago moved to reddit.

Re:Soylent News Looks pretty good

[Frederic54]

yeah, even CmdrTco made his AMA on reddit years ago...

Re:Soylent News Looks pretty good

[0100010001010011]

There are some problems with Reddit that I would like to see addressed in Slashdot's successor.

1) Long posts aren't really valued. It's post as fast as you can, as much as you can. Anything longer than a paragraph and people won't read it or want a tl;dr:

2) I liked having taxonomy in voting. +5 funny should be different than +5 informative. Maybe not as many as Slashdot has but

3) Posts limited to -2 to +5. No band-wagoning 1000 points.

4) You couldn't vote and comment on the same thread. Points were also handed out at random. I would take the full 15(?) days to use all my points to make sure I allocated them 'best'.

There are also some things that Reddit does right.

Markdown. It's a lower cost of entry. Not everyone knows HTML these days, I know it's 'news for nerds' but Markdown is much easier and faster to type.

Re:Soylent News Looks pretty good

[Wee]

since I expect Dice to wreck this site as well in the not to terribly distant future. Sad, because I've been here for years.

I've been here a while myself. Dice wrecked this site years ago. You might like reddit.

-B

Re:Soylent News Looks pretty good

[Dr+Caleb]

Kiro5hin looked good at one time, but went full-bore political.

Political?? It went hard core trollfest. I actually liked it better at it's prime than Slashdot at it prime.

But then Rusty sold 'memberships', and it was all downhill since then.

Re:Soylent News Looks pretty good

[KGIII]

Also, see Fark. Stay away from the Teal Tab of Insanity, if you can - it is like the big red button that says, "Do not push!" That tab is for politics and the posters run the gamut. I have been a member there for a long time (UnspokenVoice) but I have not posted there in a very long time because I got tired of reading the comments - I could not avoid the Teal Tab, the draw, a bit like watching the aftermath of a car accident, was too much and I grew weary. I was not tired from commenting, I still commented fairly frequently and those who know me know that I tend to make long, full (robust?), comments. I was/am fairly popular there but I still do not bother returning but that is me and not the site. So, yeah, if you are looking to find another news site that is different then I highly recommend pointing your browser to Fark. The multiple subjects part is nice so you can limit what you encounter to suit your needs better.

Re:Soylent News Looks pretty good

Fark was good until they started banning people for disagreeing with the mods. Of course, they called it "misogyny" but most of the bans handed out had nothing to do with women.

Re:Soylent News Looks pretty good

[Wee]

I've had a fark account since 2002, but I rarely go there any more. Too much blatant censorship under the guise of "moderation". Also, lots of pandering for money. It's OK to have sponsored links, just say so. The lack of threaded comments is also headache-inducing.

-B

Re:Soylent News Looks pretty good

[KGIII]

I must have bailed before that.

Re:Soylent News Looks pretty good

[just_another_sean]

I've only been to /. a handful of times in the last several months. I spend most of my reading on the web time over at news.ycombinator.com (Hacker News) these days. Good signal to noise ration, no ads, a reasonable community of moderators, etc.

Logging Out

[l0ungeb0y]

I know that people posting "I'm done here" is usually a sign over short term anger -- but I am feeling utterly compelled to abandon this site. After the years of general decline and now these actions by Dice Network I really don't see any other option.

Seeing the abuse of SourceForge by Dice was cause for concern
Seeing that they were actively denying the acceptance of stories reporting this was distasteful
Seeing the earlier Slashdot "story" that essentially put words in the complaining code maintainers mouth while downplaying everything was alarming
Being fed this one sided propaganda piece by Dice/Sourceforge/Slashdot is simply taking things too far.

Fact of the matter is people put their trust into SourceForge to host their code repos -- SourceForge decided to no longer act as a trusted partner and started hijacking popular software to repackage it with adware for their own profit -- profits not share with the creators or maintainers of the software nor done with their consent.

Such behavior is exploitative to those who have labored to create those OSS Projects and SourceForge's actions not only damage their relationship with the Developers of those projects, but is an affront to the entire OSS Community world wide.

Due to the actions of Sourceforge and The Dice Network's use of Slashdot as a propaganda tool to first quash all discussion of their actions then disseminating these ridiculously slanted "stories", has caused Slashdot to lose all credibility. I now see Slashdot as a news source to be on the level I view FOX News and will for now on hold them in the same regard

*logging out*

Re:Logging Out

Word.

Thanks for expressing how I feel. Fuck Dice.

Re:Logging Out

Logging Back In (Score:2)
by l0ungeb0y (442022) Alter Relationship on Friday June 05, 2015 @12:33PM (#49849086) Homepage Journal
Hi everyone! The l0ungeb0y account is back. The abandoned account is being maintained by sfeditor01, sfeditor02, and sfeditor03, so that l0ungeb0y can bring you the same quality of comments you've become accustomed to, 24hours a day. The comments will contain encrypted punch lines, which you can decrypt with software from https://sf.net/projects/all-ad...

Re:Slashdot is Bullshit

>make a few extra bucks tricking....

>crap software.

And you really don't have any problem with this business model?

Really...?

Saw them do this twice, and unsubscribed

They can talk till they're blue in the face about why they did what they did. They're no longer welcome in my digital life.

Re:Saw them do this twice, and unsubscribed

[Thing+1]

Remembered my login details so that I could say my last goodbye.

Slashdot should follow suit

[RoccamOccam]

Slashdot should get in on this game - take over "unused" user IDs for the purpose of posting comments ("secondary" opinions) to articles such as this. They could even monetize it by putting in endorsements and links to product.

I jest, I jest - Slashdot is easily my favorite website. Hoping they keep it that way.

Chinese or Russians?

[zerosomething]

Note: SourceForge and Slashdot share a corporate overlord.

Is it the Chinese or Russians. "All this base belong to us!"

Undo

Sounds exactly like what a government would tell them to say.

Goodbye

Another long time reader calling it a day, dice can bite my shiny metal ass.

Captcha: sideline - how quaint.

was this place always such a shithole?

what's with all the conspiracy theory bullshit? it's obvious from sourceforge's rebuttal that gordon lyon is a lying sack of shit. but, i guess dumb people just aren't interested in facts when they're busy hunting witches.

Re:Last Post

I got here last.

Then don't miss an opportunity to leave first!

"Secondary offer"?

[Wee]

That's what you call malware? Because slipping adware into a package is fucking malware. NOBODY wants it, and SourceForge are being whores by including it.

SF are preying on the unsuspecting and they should fucking stop, any Slashdot spin notwithstanding.

-B

Corporate overloads block SF

[khb]

Thanks to all of the SF misbehavior, my corporate overloads have blocked SF entirely.

Great job guys.

All the posturing isn't going to change the fact that projects whose only public repository are SF are now off limits to many.

*sigh*

Re:Slashdot is Bullshit

Why would anyone care? Probably because sourceforge is dragging the name of FOSS through the mud.

Re:Slashdot is Bullshit

[Ramze]

This is the crux of the issue.

When SF takes over a page and replaces an installer from the project with an SF program; it's deceptive and fraudulent.

If that SF program is a modified binary, a modified installer, or even a "download helper" or a wrapper around the original installer which prompts for crapware; SF is misrepresenting the download as coming from the project rather than SF unless stated clearly otherwise.

When a user downloads this fraudulent download, they blame the crapware on the project authors and not SF. This isn't simply a theory - the feedback on many projects includes numerous negative reviews due to this crapware which they falsely attribute to the project creators. This negatively impacts the projects and their reputations with their users. Real financial harm could be done if fewer donations are made due to the harmed reputations - or support contracts not renewed due to suspicions.

I believe SF's recent assertion that they will no longer do this is, at least in part, because they know this sort of activity will not stand up in a court of law and it is detrimental not only the projects they've vandalized, but to themselves in showing their poor character and lack of trustworthiness in choosing to implement such a scheme to begin with. Stopping the harmful practice does not undo the harm already done, so it would be nice to see some legal recourse to inspire fear in those who would dare to do this sort of thing in the future.

Even when an author approves such nefarious wrappers and crapware through an agreement, SF is using deceptive practices towards users by not clearly distinguishing their regular binary downloads from crapware downloads. The same green "download" button appears in either case, but with crapware there is sometimes a small print of "installer enabled" and an "i" in a circle one can hover over which will display that there may be crapware in the installer. In filezilla's case, it warns of an ad-supported installer.

http://sourceforge.net/project...

IMHO, there should be clear distinctions between binaries offered by (or approved by) the project author and those offered or modified by SF as well as clear indications of when one is downloading a "download helper" or advertisement supported downloader or installer.

Re:Slashdot is Bullshit

[vilanye]

Granted, the guy you are responding to is a total idiot but "cyber terrorism"? When did that become a thing?

How is blacklisting addresses terrorism?

How is DDOS'ing terrorism?

By using that word frivolously, you diminish its meaning to almost nothing.

Anything and everything is terrorism these days, including all negative behaviour that neither inspires fear nor intends to spread fear.

Sourceforge sucks but so does Fyodor.

[kaepspubes]

Nmap violates GPLv2.

He is actively abusing the license by adding conditions that remove provisions of the GPL such as the "arms length" exception.

He can do that if he stops using the GPL preamble and rename it to something else, but he hasn't and therefore is as bad as sourceforge.

They kind of deserve each other.

He is no better than the jackass running Filezilla.

Can't copyright be used against this?

[foreverdisillusioned]

If you copyright your project's name and logo, shouldn't you be able to demand that it be re-branded? See: Icecat/Ice Weasel, CentOS, etc. The code stays open source, but SF would have to rename it and give it a different icon and that should hopefully alert anyone who has half a clue.

Re:Can't copyright be used against this?

[david_thornley]

Good idea, but you're referring to trademarks, not copyrights.

Re:Can't copyright be used against this?

[foreverdisillusioned]

Yeah, sorry, that's what I meant.

Which Nmap on Sourceforge?

[Todd+Knarr]

The Nmap project at https://sourceforge.net/projec... appears empty and run by Fyodor. However, there's another Nmap project at https://sourceforge.net/projec... that says clearly "Brought to you by: sf-editor1, sf-editor3".

It's a trap!

[Chelloveck]

"Infosec professionals do not generally blindly click "install" but actually pay attention to what's going on, and aren't as easy to trick to install secondary offers."

FTFY.

Why was this even posted?

[codemachine]

What good did Slashdot editors think it would do to post SourceForge's response in a story like this?

Nobody here is going to believe the corporate spin from Dice, so why bother posting it at all? I know that Slashdot likes to drive traffic and commentary to their stories by posting inflammatory articles or misleading summaries. However, when the topic actually involves Dice/DHI, getting the user base riled up about it is pretty self-defeating.

Also, rather than being from the "before-the-weekend" department, shouldn't this be from the "before-the-5-day-weekend-where-we-pretend-not-to-see-user-submissions-about-sourceforge" department?

Re:Why was this even posted?

Are you sure? Personally, I find them more credible than I do the people yelling about their supposed misdeeds.

Re:Slashdot is Bullshit

+5 Strongly agree. Khyber is a total dick!

Re:Slashdot is Bullshit

Gamergate never tricked people into installing malware to make a buck. But they boycotted sites I like for corruption issues and I read on those sites (truly unbiased sources) that they hate women, so they must be bad people!

Re:Slashdot is Bullshit

Anyone comparing gamergate to nazis needs their head examined.