Jul 102013

UPDATE: Google is rolling out blocking/warning of deceptive site practices Good for Google, hopefully this type of blocking will become more common.

I like to think programmers for the most part try their best to protect the end users from ‘bad things’.  With the announcement of DevShare SourceForge shows that they no longer give a single shit.  I’ll start with the introductory paragraph

Today SourceForge it is [sic] excited to launch DevShare, a new opt-in, revenue-sharing program aimed at giving developers a better way to monetize their projects in a transparent, honest and sustainable way.

Sustainable isn’t even a word that means anything in this context.  The only ‘opt-in’ is on the part of the project so end-users don’t have that choice.  And how about ‘transparent’? If by that they mean invisible to end users that would be correct.  And honest???  Bullshit. If you go to the FileZilla download page with javascript disabled you’ll get a link to the proper clean installer.  Enable javascript and you get something entirely different:fzdownload java

If you click on that nice big green recommended button, you’ll download an ‘installer’ from ASK.com which will in turn try to download something else from ASK.com.  The installer was presumably created by ASK.com as it’s signed with their code signing certificate.  This means that ASK.com has full control over this crapware installer and no mention of oversight on the part of SourceForge.

Further down in the announcement we find this:

We take our role at SourceForge as the trusted source for open source very seriously. That is why we spent considerable time looking for partners we could trust and building a system that does not detract from our core user experience.

Trusted???  Nobody that knows anything trusts ASK.com, they have been surreptitiously installing their crapware on people’s machines using every trick in the book.  I’m pretty sure they invented the ‘industry’.

We know many open source users are skeptical about monetization initiatives. SourceForge will always respect the rights of our users and we will never infringe on them. DevShare offers a transparent installation flow that gives users all the necessary information to make educated choices about what software to install.

What?? This installation ‘flow’ doesn’t give users any information in the beginning.  And there’s the main problem.  If you click the nice big green download button and run that application you will have to give it elevated privileges to your computer (for Vista and beyond) before you will necessarily even know that it’s actually a crapware installer from ASK.com. In addition to that it immediately attempts to contact ASK.com’s servers for some purpose.  My network has blocks in place for bad servers and ASK.com and related are part of that blocking.  All I know is that it tried to do something.

Thanks to DevShare, we are now able to offer a bundle program that is fully compliant with Google’s strictest policies. This includes a solid compliance process for both open source applications and third party offerings. The whole installation flow is clean and has no misleading steps. Uninstallation procedures are exhaustively documented and all applications are verified to be virus and malware free. You can see this on the latest version of FileZilla, our largest DevShare partner to date.

And more bullshit.  Perhaps the part where ASK.com downloads crapware from their servers with full administrator permissions and no notice or choice on your part is outside of what they consider ‘installation flow’.  There is no way they can verify this as virus and malware free, period.

So basically if you download anything from SourceForge there is a serious risk to your systems if you are not careful.  I used to trust SourceForge, I have 3 projects hosted there and I’ve been a developer and contributor for over 11 years.   That ends now.

UPDATE 06/02/2015: this issue has finally hit the mainstream, here and here

UPDATE 06/03/2015: And now they’ve taken over nmap..   Sourceforge is dead, there’s no way they’ll recover from this round of stupid.

Jul 052013

Everybody gets all up in arms when yet another company starts tracking your online activities.  Twitter, Facebook, Google and others are all trying to monitor where you go and what you do.   What everyone seems to ignore is the root cause, stupid consumers.

The reason they want this information is to sell more ads or charge more for the ads they sell (or both)  it’s that simple.  If people stopped responding to ads the money would dry up and he commercial tracking would stop, Micro$oft wouldn’t be trying to spy on you at home and the government would have to find a new way to harvest info (like they haven’t already).  Apparently advertising still works, I’m sure some marketing types will point out all sorts of psychological reasons it works… however it boils down to stupid consumers plain and simple.

On the other hand, keep eating this shit up…  the idiot consumer is subsiding better search tools for rest of us.

Jul 022013

I feel like I’m picking on Waste Management, however it’s just because they’re a very very easy target.

Take this wording from an invoice:

If full payment of the invoiced amount is not received on or before the delinquent date, you will be charged a monthly late fee of 5.0% of the unpaid amount with a minimum monthly charge of $100, or such lesser late fee allowed under applicable law……

In order for them to assess any late charges, the delinquent date must be defined.  Nowhere in the invoice does it state any delinquent date.  The only date is the invoice date and they claim it’s ‘Due Upon Receipt’.   When I called to ask I got nowhere at all.   So, if I don’t receive the bill (USPS could have lost it)… and they try to assess late charges, er… I don’t think so.  I wonder how much money they scammed off people who think they have to pay these fees?  How much money have they made on interest convincing people to pay before they really have to (it’s already a prepay anyway)?’

They of course get away with this because the idiots who make these agreements (cities and counties mostly) don’t give a rats ass about your rates or how hard you get screwed in the deal.  They only care about what they’ll get, kickbacks, re-elected..whatever the leeching rats care about at the moment.