The Gluster Blog

Gluster blog stories provide high-level spotlights on our users all over the world

How far the once mighty SourceForge has fallen…

Gluster
August 22, 2013

[Editor’s note: This post is the opinion of the author and not necessarily that of the Gluster Community]

TLDR: 

SourceForge, once a mighty force for the good of Open Source, has fallen far from its previous lofty heights.

Dice, the new owners, bribe strongly encourage the top projects to use a new (closed source only) installer that pushes spyware / adware / malware.

Developers using SourceForge should migrate away from it if they want to keep their integrity.  End users using projects hosted on SourceForge should immediately find an alternative.

Full version:

When people download software from SourceForge, or any major repository of Open Source software, they expect the software to be trustworthy.  (baring unintentional bugs)

They do not expect the software to be a source of “drive by installer” style malware, spyware, adware, or any other unrelated/unintended software.

SourceForge’s new owners, Dice, have consciously and deliberately moved to a model violating this trust.

With their recent changes, users downloading from SourceForge now receive a special closed source installer which attempts to foist unrelated third party software onto them.

For example, when a user clicks on this:

They instead receive this:

This is a “drive-by installer”, designed to catch less technical users and the unwary, to fill their computers with malware / junk ware / crime ware.  As abused by the notorious ask.com toolbar and others:

FileZilla_drive_by_downloader_smaller

It gets worse.

When SourceForge introduced this, it bribed encouraged the top projects to participate by giving them a cut of the take.  So these co-operating projects are also knowingly selling their users down the river.

I’m not against monetisation at all, we all have lives and need to pay our bills. But not through abusing user trust.  Not through preying on the unskilled or unwary.

To misquote Marge Simpson; “They not only crossed the line, they threw up on it.”

If you’re a developer or contributor to a SourceForge project, please ask them to move to a new project host (there are several).  And cease all further involvement until it’s complete.  I’ve already done so with mine.

If you’re a user of a SourceForge project, please find and use an alternative project instead.

We should all demonstrate our commitment to user safety and personal integrity around this issue.

BLOG

  • 20 Jun 2018
    Announcing GlusterFS release 4.1.0 ...

    The Gluster community is pleased to announce the release of 4.1, our latest long term supported release. This is a major release that includes a range of features enhancing management, performance, monitoring, and providing newer functionality like thin arbiters, cloud archival, time consistency. It also contains several bug fixes. A selection...

    Read more
  • 31 May 2018
    Gluster Monthly Newsletter, May 201...

    Announcing mountpoint, August 27-28, 2018 Our inaugural software-defined storage conference combining Gluster, Ceph and other projects! More details at: http://lists.gluster.org/pipermail/gluster-users/2018-May/034039.html CFP at: http://mountpoint.io/   – closes June 15   Gluster Summit Videos – All our available videos (and slides) from Gluster Summit 2017 are up! Check out the GlusterCommunity YouTube homepage...

    Read more
  • 07 May 2018
    Gluster Monthly Newsletter, April 2...

    Announcing mountpoint, August 27-28, 2018 Our inaugural software-defined storage conference combining Gluster, Ceph and other projects! More details at: http://lists.gluster.org/pipermail/gluster-users/2018-May/034039.html CFP at: http://mountpoint.io/   Out of cycle updates for all maintained Gluster versions: New updates for 3.10, 3.12 and 4.0 http://lists.gluster.org/pipermail/announce/2018-April/000098.html   Project Technical Leadership Council Announced http://lists.gluster.org/pipermail/announce/2018-April/000094.html   Gluster...

    Read more