Tag Archives: sourceforge

Slashdot burying stories about Slashdot Media owned SourceForge

Posted on by

If you’ve followed any tech news aggregator in the past week, you’ve probably seen the story about how SourceForge is taking over admin accounts for existing projects and injecting adware in installers for packages like GIMP. For anyone not following the story, SourceForge has a long history of adware laden installers, but they used to be opt-in. It appears that the process is now mandatory for many projects.

Source: Slashdot burying stories about Slashdot Media owned SourceForge

How is it possible that someone, somewhere, thinks that censoring SourceForge’s adware bundling on Slashdot is a net positive for Slashdot Media, the holding company that owns Slashdot and SourceForge? A quick search on either Google or Google News shows that the story has already made it to a number of major tech publications, making the value of suppressing the story nearly zero in the best case.

I find this entire situation incredible.  Sourceforge was my go to site for FOSS and I have been using them for as long as I can remember.

Ever since the Linux world has moved to repositories where a simple yum install or apt-get loads up the entire package it has been awhile since I perused Sourceforge.  I have a set of FOSS utilities for PCs that I always download from the site that produced the software, not Sourceforge.  Many of those sites are listed on the sidebar under Tools.

All this started on Sourceforge a couple of years ago but people seem to be upset that it has recently hit the popular photo editor GIMP for Windows.  On Linux it’s just:

sudo yum install gimp

… and that’s all there is to it.  No adware, malware, nothing to worry about … so far.

As for FileZilla, the ftp program Sourceforge began making custom installers for a couple years ago, I prefer WinSCP on my Windows boxes nowadays although I have used FileZilla for many many years.   Always download from the source site of the software and you shouldn’t have any problems.  Sourceforge was the last one standing and now they have gone the route taken by CNET and Download.com many many years ago.

Here’s a Reddit thread posted a year ago about FileZilla and Sourceforge so this story isn’t something new.

That’s really deceptive. Filezilla for example, the big green DOWNLOAD button that is the correct way for downloading a file says the file name. Yet when you click it, you are taken to a page that offers you a different file name.Someone also pointed out that it’s signed by ASK.com and reporting back in with ASK.com for data. I never want ask.com associated with anything I do.

Source: Sourceforge starts using “enhanced” (adware) installers : technology

phpMyAdmin Back Door

Posted on by

On September 25th, SourceForge became aware of a corrupted copy of phpMyAdmin being served from the ‘cdnetworks-kr-1′ mirror in Korea. This mirror was immediately removed from rotation.

The mirror provider has confirmed the attack vector has been identified and is limited to their mirror; with exploit having occurred on or around September 22nd.

via phpMyAdmin Back Door | SourceForge Community Blog.

This corrupted copy of phpMyAdmin included a backdoor which permitted execution of arbitrary commands by the web server user. The notice from phpMyAdmin may be seen at:
http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php

UNetbootin

Posted on by

UNetbootin allows you to create bootable Live USB drives for Ubuntu, Fedora, and other Linux distributions without burning a CD. It runs on Windows, Linux, and Mac OS X. You can either let UNetbootin download one of the many distributions supported out-of-the-box for you, or supply your own Linux .iso file if you’ve already downloaded one or your preferred distribution isn’t on the list.

via UNetbootin – Homepage and Downloads.