The trap of proprietary software - no money no upgrade - Ubuntu forum hacked

12 replies [Last post]
dadix
Offline
Joined: 01, Jul 2013

Ubuntu lost 1.8 million passwords, e-mails & usernames was stolen.

Ubuntu used Vbuletin proprietary software but an older version.
So they don't have money to upgrade the forum to get atest security patch.
They would have used free software under gnu license and money which they ha
he spent with Vb may give to the team where he would have download the forum.

When we spend money on proprietary software you go to a trap but when we pay for libre software we make an investment.

Cyberhawk

I am a translator!

Offline
Joined: 27, Jul 2010

This is really fishy, why would they use a proprietary forum software? They got a dev-team after all. I recon it is much easier to pay one person from the team to write a patch for an existing free program (if there really is something important missing) than to accept the burden of proprietary.

P.S.: just checked out the German Ubuntu forum (www.ubuntuusers.de) and they are not down. Their forum is powered by some Python application called Inyoka, I quote: "Inyoka itself is based on a number of OpenSource-programs, -libraries and -technologies."

Looks like someone had more luck. Or was that logical thinking? I sometimes confuse those two. /sarcasm.

miga
Offline
Joined: 17, Sep 2011

They did use the proprietary VBulletin software for their forum.

The reason probably being the way that Ubuntu works in general nowadays: 'good' quality proprietary software over free software. They saw that VBulletin was a 'good' solution, didn't care whether it was free software or not, and used it.

To be honest this isn't surprising to me since Ubuntu hosts quite a lot of proprietary services now (Ubuntu One, their forum, etc). As for why they didn't just write a patch for an existing free program, just think about it: why haven't they created a patch for something like the free Nouveau driver or Radeon driver to improve it instead of making the decision to include the proprietary drivers in their distribution?

Ubuntu nowadays just doesn't care about free software. Hell, isn't that the reason Trisquel exists?

Anyway, there were plenty of forum choices for them to use, the most well-known being phpBB or even Simple Machines (SMF) v2.0+ (released under the BSD license).

Also, I'm pretty sure that the German Ubuntu forum isn't run by Canonical.

icarolongo
Offline
Joined: 26, Mar 2011

Ask Ubuntu is proprietary also, uses Stack Overflow.
Ask Fedora uses Askbot (free software). [0][1]
Ask Debian uses Shapado, free software too. [2]

Ubuntu always prefer the proprietary software.

[0] https://en.wikipedia.org/wiki/Askbot
[1] http://askbot.org/doc/about.html?highlight=license
[2] https://en.wikipedia.org/wiki/Shapado

MagicFab
Offline
Joined: 13, Dec 2010

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2013-07-22 08:15, icarolongo [at] gmail [dot] com wrote:
> Ask Ubuntu is proprietary also, uses Stack Overflow. Ask Fedora
> uses Askbot (free software). [0][1]

Regarding Ask Ubuntu and how / when it started, here is a bit of history.

At the time I was working at Canonical and tried to influence the
decision of such tools towards Shapado. This post summarizes it:

http://www.fabianrodriguez.com/blog/2010/07/19/an-invitation-to-try-ubuntus-qa-on-shapado-com
or
http://www.ur1.ca/er4ia

Canonical put all its weight behind the non-free solution, but an
interesting side effect of this was Debian going for Shapado [3].

The question always remains to me: with such resources (although far
from unlimited) and mot importantly, recognition/influence, which do
they make such decisions?

*shrugs*

Shapado never really took off as expected, but there are now many more
similar systems that respect your freedom and can be self-hosted.

F.

> [0] https://en.wikipedia.org/wiki/Askbot [1]
> http://askbot.org/doc/about.html?highlight=license
[2] http://shapado.com/
[3] http://ask.debian.net/

- --
Fabián Rodríguez
http://fsf.magicfab.ca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: PGP/Mime available upon request
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iEYEARECAAYFAlHvu/YACgkQfUcTXFrypNXSnQCffLqE/JKKoAbDksmjWwEWM03k
D7IAoM2sRLtrBFTCW2ZGsA6JHoYtUINC
=McVW
-----END PGP SIGNATURE-----

quantumgravity
Offline
Joined: 22, Apr 2013

>Also, I'm pretty sure that the German Ubuntu forum isn't run by Canonical.

Yeah but the people there don't care about free software just like canonical.
They're happy with steam now being included in their wonderful "linux" distribution; even more proprietary software, wonderful.
And they're unfriendly as hell towards newbies.
That's the truth now, though things were different a few years ago.

If you dare to talk about free software at uu.de and the ethics behind it, you're an extremist and should go back to rms.
And my experience is that there is an unbelievable number of fools in this forum;
no comparison to the intellectual and friendly trisquel board users, who have a great culture of discussion.
You get the impression people there are around 15 years old and a bit drunk.

Really, I can give the advice to stay away from uu.de
Horrible community.

miga
Offline
Joined: 17, Sep 2011

I was actually just saying moreso that the German forum, since it isn't run by Canonical, that's probably why it isn't using the same forum software that the official Ubuntu forums uses, so they had to come up with their own solution (they were probably looking for something free and stumbled upon whatever they use, that just happens to be free/open software).

Or, something like that. I don't know and don't really care.

Cyberhawk

I am a translator!

Offline
Joined: 27, Jul 2010

This is sad to hear, uu.de was the place where I made my first steps with GNU/Linux (Ubuntu 6.04 I believe) and the community was very beginner-friendly, there were several users who knew a good deal about "Linux" and explained things or posted relevant links to the wiki located on the same domain.

No one cared too much about free software back then either, but people told you that installing non-free stuff can make the system less stable and every article in the wiki about it warned against doing so.

t3g
t3g
Offline
Joined: 15, May 2011

There are alternatives like phpBB, but their latest release is almost a year old and I'm not sure of how secure that one is.

andrew
Offline
Joined: 19, Apr 2012

On 22/07/13 23:37, t3g wrote:
> There are alternatives like phpBB, but their latest release is
> almost a year old and I'm not sure of how secure that one is.

phpBB3 underwent a paid security audit years ago and no vulnerabilities
were found. Only minor security vulnerabilities have been found since
then, and none found for the past three years AFAIK.

Andrew.

muhammed
Offline
Joined: 13, Apr 2013

Here are a few statements on Ubuntu's page from November 2004. They seem to use free and open source interchangably.

"The Ubuntu community is built on the ideas [...] and that people should have the freedom to customise and alter their software in whatever way they see fit."

"These freedoms make Ubuntu fundamentally different from traditional proprietary software: [...] you have the right to modify your software until it works the way you want it to."

[...]

"Ubuntu is entirely committed to the principles of open source software development; we encourage people to use open source software, improve it and pass it on."

http://web.archive.org/web/20040415000000*/http://ubuntu.com

jbar
Offline
Joined: 22, Jan 2011

From quidam's blog, the ubuntu promise evolution over the years

http://quidam.cc/03-05-2010/ubuntu-promise-point-4