JBoss Caught in Anonymous Posting Scheme 380
Reader scubabear writes "For years rumors have run rampant about employees of JBoss Inc. being actively encouraged to post anonymously, drumming up business by flooding the net with fake posts and simultaneously attacking competitors, all from behind a safe veil of anonymity. With the advent of a new feature for tracking users by IP on TheServerSide.com, the floodgates have been opened and those rumors have apparently been confirmed.
The Java blog space now erupted with posts from a variety of bloggers (here, here, and here for a start) exposing a variety of anonymous/pseudonymous accounts used by JBoss employees to put forth their Professional Open Source message and simultaneously slam anyone who gets in their way in online technical communities such as TheServerSide, JavaLobby, and various personal blogs. The evidence shows how a corporation can manipulate popular opinion via anonymous personalities, that open source companies can be just as ruthless as closed source when it comes to marketing their wares, and that you should never forget that your cookies and IP address can and will be tracked online. No official response has been heard yet from the JBoss crew. Disclosure: I'm one of those bloggers erupting on this issue (see my story here)."
Re:Anonymous or not opinions count. (Score:5, Informative)
You obviously have no familiarity with JBOSS. Shy retiring innocents they are not. For years now they have been haranging anyone who listen that JBOSS is the best Application Server in the known universe, this despite substantial evidence that some of their critical systems were well below standard.
I have no problems with an organistion hawking their wares. I do have a problem with it being turned into propaganda and stuck down my throat when I know it to be patently false.
The JBOSS organisation are doing the OSS movement a serious disservice.
Re:One question (Score:4, Informative)
There is a lot more than PHP out there, you know?
Re:And this is news because??? (Score:2, Informative)
SCO, Microsoft, William Gates Foundation, RIAA, MPAA, Government, big companies not mentioned already, patents: bad
Linux, Linus, Apple (with regards to BSD), BSD, Java (with regards to Sun opening it), Freedom of Speech, Natalie Portman: good
There are probably a few I've missed (and they will be posted below along with complaining how I missed it) but you get the idea.
BileBlog Mirror (Score:1, Informative)
Since JRoller seems to be Slashdotted already, here's the text of fate's BileBlog:
This can never happen on Slashdot, thankfully. (Score:2, Informative)
Re:More common than you think (Score:5, Informative)
-fren
Re:Anonymous or not opinions count. (Score:2, Informative)
I think people have grudges against JBoss because of these online forum practices. I've followed a couple of flame wars in the past and believe me, the JBoss guys just do not shut up. I remember looking back at how often they would post and wonder how much spare time they had on their hands - and that didn't include any of these 'anonymous' posts.
They always shoot people down, telling them to put their money where their mouth is but their problem now is that people are actually starting to do this - eg. Geronimo and these blogs.
I still use JBoss as I use JMX heavily, but their online participation has seriously put me off. I only hope that Hibernate doesn't fall to the same standards.
What is JBoss? (Score:5, Informative)
JBoss
From Wikipedia, the free encyclopedia.
JBoss (pronounced Jay Boss) is an open source, Java based application server. Because it is Java based, JBoss can be used on any operating system that supports Java. It is open source, but a company (also named JBoss) creates it. The company has a tech consultation service, but the consultants spend half of their time programming.
JBoss implements the entire J2EE suite of services.
The Sims Online uses JBoss to run its multiplayer games.
Re:Story is a Reminder (Score:3, Informative)
Re:Story is a Reminder (Score:3, Informative)
Re:This can never happen on Slashdot, thankfully. (Score:1, Informative)
Sorry, but Slashdot does not exist primarily as a medium for people who are making ethically right use of anonymous publishing. It is a community for dissemination and discussion of technology-related news. While it does have features to allow for some reasonable level of anonymity, Slashdot also has a number of hostile adversaries sufficient enough to warrant counter-measures, including the ones you highlight.
With these measures it may be unuseable for extremely serious anonymous posting. But that doesn't mean Slashdot is a failure, for without these measures it would be completely unuseable in the way that the vast majority of users want it to be - the trolling, garbage, automated attacks, etc. would make it intolerable.
So it is unfortunate that it is difficult for the noble people you describe to find a secure medium with which they can do what they need to, but it is not the purpose of Slashdot to solve that problem.
If the editors are interested in this problem, they can act like real journalists and break a story while refusing to reveal their source. If the source requires technologically guaranteed anonymity, they will have to deal with the pitfalls that (necessarily? or just contingently) plague any medium that can provide it, including a very low signal to noise ratio.
Links not /.ed, more thoughts... (Score:2, Informative)
I agree that some of the posts seem a little shady, but nothing as bad as this group of bitter blooggers seem to make it out to be. I didn't even see a lot of good examples of real problem posts - there was one like "Hey in the last six months JBoss CMP has got way better!" - but even that is OK with me, if it is true (have no personal experience with JBoss CMP yet).
But take a look at this quote from the posters blog:
As far as distributed tx and recovery and logging goes, yes, that is a weakpoint, but how often do apps require that kind of functionality. My guess the number is in the minority. I guess what I am saying is that the JBoss J2EE stack is quite complete minus distributed tx and recovery based from what I've seen
That all sounds fine to me, even if I didn't know that came from JBoss it still makes a lot of sense to me. I personally also believe that not a lot of people need distributed TX (sometimes I wonder if ANYONE really needs distributed TX really) or distributed logging. I have played around a very little with JBoss and it does indeed seem very complete - I use Weblogic during the course of my job and of course that is pretty good, but it's also very expensive and for a lot of work I see going on in my company JBoss would more than suffice (and has, some groups have been using it and are only moving to Weblogic to keep with a corperate standard).
One thing not mentioned by the original poster is there seems to be an undercurrent of this CDN company (I think the poster is an employee from his blog?) which split off from JBoss and they were very pissed about the whole thing, as it seemed to have been done in an underhanded way (which they support with dates of the domain registration). So from that aspect I think a lot of the worst posts were sort of revenge for this action, and this have at least some explanation behind them beyond mere astroturfing - there were strong emotions involved. So this whole blogging attack against posters from JBoss seems to be orchistrated by CDN people resentful of people attacked by multiple sources they felt were from the parent company (which they may have screwed over).
Re:Links not /.ed, more thoughts... (Score:5, Informative)
The reason I blogged about this is really simple: truth. Yeah, I know, that sounds trite and stupid, but that really is the main motivation. JBoss people have been posing with very convincing names like "Chip Tyler" and "Joe Murray" for quite some time now, talking up their own product, dissing people like the CDN folks, and directly going after people like me. Some of it got quite nasty as well - and all under the cover of fake names. NOT anonymous ones - no Anonymous Coward. One of them - someone claiming to be Arun Patel but really a senior JBoss executive - went so far as to say online that he worked for WIPRO in Bangalore, India, and to attempt to prove that I was a shill. And he did this when the guy actually has e-mailed me and knew exactly who I really am. The icing on the cake is that the individual _setup the fake Arun Patel account using his real corporate e-mail address_.
This isn't about a vendetta, or revenge, or personalities clashing. It's about exposing a company that uses deceitful tactics to gain market share and simultaneosuly attack individuals and companies. I personally don't care if it's common or not - no matter how prevalent it may, it's still wrong and it should be rooted out and exposed when it's discovered.
Keep in mind also that this was a coordinated corporate policy, and it involved the "big names" at JBoss, and sometimes the weight of faker posts would actually overwhelm entire threads.
It was coordinated, it was nasty, and had high volumes over a span of well over a year.
-Mike Spille
Re:Anonymous (Score:3, Informative)
Given the MD5 hashes, you could find the IP within a few hours with a brute-force search. IPv4 space isn't *that* big.
Subnet would be within milliseconds, as there are only 32 normally-sane values, and only about 10 are actually used.
One-way hashes don't help much if the space of possible keys is small (that's why we have
Re:So what was the real motivation? (Score:4, Informative)
A big key of this is hijacking threads. If a thread started going "bad" from a JBoss perspective, both employees with their real names and fake names would sweep in simultaneously posting positive things about JBoss and refuting negative parts. They literally turned some threads from being anti-JBoss to looking positive.
Along the way, they made people who posted any negative JBoss posts look like they were the bad guys. "Oh poor us, look, these mean people are persecuting us!". This is a prime JBoss tactic - do something underhanded and slimy, and if there's a whiff of being caught make the people doing the catching look like the bad guys - and make yourself look like a poor victim.
Keep in mind that, having literally done it for years, they're pretty good at it. No blatant cheerleading. Sometimes they would put a mild negative comment in to make the post look more realistic "gee, CMP really sucked, but I hear it's better in 3.2", or "yeah their JMS wasn't that good, but they say they're making it better - anyone know anymore about that?".
To judge it, you have to look at the volume of threads and volume of posts over time. The blogs referenced have touched upon only maybe 5-10% of the total! We had neither the time or energy to exhaustively post everything the fake users did. If you happen to have the time, check out some of the threads on TheServerSide. Watch for their entry into them, and watch them turn the tide of opinion on a thread, and discredit naysayers along the way. In an odd way you have to respect it - they've raised these fake posts to an art form, they've honed their craft over many years.
Re:Who cares? (Score:2, Informative)
Re:Anonymous (Score:3, Informative)
The problem is that this secret must be transferred from one party to the other before it can be used. That makes it much less secretive. A discussion of the key exchange problem (of which this is a subset) is beyond the scope of this thread.
Not in this case. They just have to track what secret they use, possibly changing it regularly, as all they use it for is generating and then verifying a hash.
Re:I am crying big fat crocodile tears of this. (Score:4, Informative)
Amazon Glitch Unmasks War of Reviewers [donswaim.com]
This quote says it all: "John Rechy, author of the best-selling 1963 novel "City of Night" and winner of the PEN-USA West lifetime achievement award, is one of several prominent authors who have apparently pseudonymously written themselves five-star reviews, Amazon's highest rating. Mr. Rechy, who laughed about it when approached, sees it as a means to survival when online stars mean sales."
Frankly I'm not surprised (Score:3, Informative)
If you go to their forums you'll get a taste of the sheer nastiness around JBoss:
Altogether a very unpleasant community. So the kinds of slimey, underhand and outright dishonest behaviour by JBoss people being reported here doesn't exactly surprise me. I guess they must take Microsoft and SCO as their inspiration.
The bad behaviour of the JBoss community has been reported previously on Slashdot.
Such a shame really as JBoss itself is an excellent App Server.