Never expected to see it decline into the spammy sketch-ville that it is now.
If they start messing with the releases for servers, we've got big problems.
Wait, no I might be wrong about this, I really thought they were related but rpmforge might be a completely different project.
Yeah I am probably wrong based on this old page:
They just re-used the "forge" name which fine but confused me and I guess I assumed it was run by sourceforge awhile back.
Sourgeforge however is owned by Slashdot's parent company, of that I am virtually positive.
I didn't particularly like the tone, it seemed pretty mocking to me. I did not feel like that was called for.
I will suggest that at some point, if you live long enough, you will cross paths with someone you knew as a young person, someone you liked and respected, who was either charged with robbery or who was earning money in a way that you don't condone. I would ask that you judge carefully at that point. It happened to me when I drove by a friend from high school who was in the median strip asking stopped traffic for money.
Living in the world requires things, supplies, water, food, housing. Unless you can make those things on your own, you're stuck trading money for them. And to trade money, you have to get money. The longer you don't have enough money the lower and lower your standards tend to go. Some folks sadly decide to simply stop trying and check out of the system permanently. Life is real.
So when you see a site like SourceForge, you might ask what happened, or perhaps what changed, but it doesn't get you any points for judging them harshly for trying to survive. GitHub is the new hawtness and I love what those folks are doing, but I've not seen the press release that says they are operationally profitable yet, or even cash flow positive. That will change, and when it changes you may see them having to push "partner" software your way, they may have some other plan by then, or they may just sort of evaporate in some giant acqui-hire .
 Personally I think that Github being bought by, or displaced by, an infrastructure service play like Amazon's AWS is the most likely outcome.
"We've done all this without any outside investment. Our company has been profitable for years, is growing fast, and doesn't need money. So why bother?"
And they went on to raise $100M. Presumably their business model scales with their feature set. I hope this continues for them as I like their service and their approach.
I'm not sure it ever achieved "mightyness". Back when VA failed at what they were trying to do and started SourceForge, it was needed and they deserve praise for trail-blazing / attempting something big. But, I never really felt they carried through successfully.
He wasn't a hugely skilled computer user to start with, just knowing a few patterns of clicks to open a web browser or a word document. I made him a little laminated card next to his screen explaining how to do the few things he needed to do.
It's been 2 years, and not a support call.
My only regret is checking his history to figure out where the viruses were coming from.
So I suggested Ubuntu with Unity, configured for automatic updating of software in background. I first gave him a new computer with a fresh installation, so he could try it for a few weeks first. Surprisingly it went very well (I usually have a few minor problems myself). He learned to use Unity within just a few minutes. He could use it with the Norwegian language(as he don't know english), and it worked great with increased DPI for less strain on his eyes.
Now it's been a few months, and he has not complained once! In fact, he tells me only good things about it! About how much faster it is, how much easier it is to read and how much easier it is to use the computer now.
While Unity is not a very useful desktop environment for myself, it is certainly great for people who mostly need easy access to a few applications.
Oh this sounds painfully familiar. Every time I assist my father I notice Ask toolbar. I occasionally uninstall it, but of course it reappears with the updates. Well, at least I know that he is installing the updates so that's a good thing. But seriously Oracle, do you really need those couple of bucks from Ask?
I'm an expert and I still haven't figured out how to use Unity. If I have so much trouble that every time I've tried it, within a few hours I give up and install traditional Gnome, LXDE, or Mint with Cinnamon, I can scarcely imagine how bad it would be for a novice.
First of all, it crashes a lot.
Secondly, you have to use some magical key combination to start multiple instances of an application.
Thirdly, Unity has no easy discoverability of apps. If I want to see what I have installed on my system using a traditional desktop, I can just read through the Start menu  and its submenu. Unity has no way to do this that I can figure out.
Yes, you can type an app name, but a novice user might not know their Internet browser is called "Firefox" or their email client is called "Thunderbird." (Heck, when I started using Ubuntu, it took me a while to figure out that Totem was a media player, Nautilus was a file manager, and Vinagre was a remote desktop client.) The point is that typing "video" or "file" or "vnc" won't point you in the right direction.
In short, Unity sucks and I wouldn't recommend it to anyone.
 I heard Windows 8 is ditching it too, at least by default.
You may say substance not style, but I prefer style & substance.
Not with Skandiabanken. Their only special requirement is a phone for doing two-factor authentication by SMS.
If you wanna use the horridly flawed BankID, which they do also offer, you probably need Java as you say.
Rant to foreigners about BankID: The conversation must have gone like this at a meeting of Noreay's major banks:
- Public key crypto is good.
- But users are too stupid/lazy to safeguard their private keys...
- Good point. How 'bout some trusted party taking care of those for the users?
- Yes! And you know who you can trust? Banks!
- Agreed then, we'll sit on the private keys, and when the customer wants so sign for say a mortgage, they just authorize us to do so for them.
- That last step sounds cumbersome...
- Nah, we'll just do it over the Internet.
- But won't that put us back where we started?
- Hush! I can't hear you over the sound of future income!
An article written by someone with more than 2 brain cells can be found here:
However I encountered the new installer when trying to download FileZilla only. I had to download a couple of different software since then, but those did download directly, no installer.
"error establishing database connection"
I think this deserves an obligatory "if you aren't paying for the product, you are the product." It seems to always turn out that way. After all, these projects are popular because they are good, and they are good because the developer or developers commit the time to develop, test, and support these projects. Naturally, there has to be a way to make money in order to keep these projects going, hence the Dice move. I'm not saying I agree with it, but I think it's reasonable. In other words, there is no such thing as a free lunch.
As someone who sits in front of Windows but does a lot of development over ssh in Unix this is slap in the face. There are both manual and automatic ways to get the real url that you could type into axel, curl or wget, but it just shows a lack of respect for customers.
I made a point to keep open source projects away from sourceforge because it was a ghetto, the same reason I didn't want to be seen on myspace. Just knowing a project is on sourceforge would bias me to think the project is not worth thinking about.
The last time this was posted on HN, I did a quick writeup on my understanding of it (reposted here):
"For the curious, this is an optional program at SourceForge being offered to developers as a way to monetize their work. The developer needs to specifically request it. SourceForge gets a cut, so does the developer. The installer is their first stab at this process and is using the bundling technology from Ask.com. As offer-based installers go, this one is about as good as it gets. It makes a single offer and has an Accept and Decline button with the user selecting whichever one they want (not a pre-checked box accepting the offer above a Next/Continue button). If accepted, the installer installs the offered software and it gets a standard entry in Windows' Add/Remove Programs that works as expected. If declined, the installer continues. The installer then downloads the originally-requested software.
The two issues with the current installer are that (1) it is served in place of the requested file with no indication that a substitution is made as the user downloads and (2) it requests admin rights before it starts downloading the software, which can be a security issue. Roberto (who posted the article) has stated that they are working on #1 in terms of the text shown on SourceForge as you select to download and download. As for #2, there may be some ways to rework the installer so this is not an issue. I'll mention it to him when I speak to him.
SourceForge has one other revenue-share program with developers where you place the SourceForge-branded download buttons on your own website that link to your downloads on SourceForge and you get a small cut of the ad revenue made from the download page.
If I recall correctly, SourceForge has been losing money for a few years now. Dice Holdings picked up SourceForge and Slashdot while Geek.com kept ThinkGeek.com, so they are now separate entities. These new experiments are attempts to get SourceForge to be self-sustaining/profitable. Ad revenue alone likely won't cut it.
Unfortunately, Google Code, Github and others don't offer the full breadth of services that SourceForge does for open source projects. Google Code, Github, and others have all ditched binary downloads, so SourceForge is one of the only providers to make binary downloads available to Windows and Mac user at no charge. This is why SourceForge is popular for real apps (FileZilla, Pidgin, PortableApps.com, etc) and Github is popular for components (node.js, jquery, rails, etc). The code zips available at other providers are of no use to end users.
As full disclosure, I run PortableApps.com, one of SourceForge's largest projects pushing quite a few TBs of downloads through their mirror network. We make use of the SF-branded download buttons revenue share program but do not make use of nor have any plans to use the "enhanced" installers. Everything I've discussed here is already publicly available, I just thought it would be handy to have in one place."
After that post, it was pointed out to me that Github has added in the ability to host binaries, but I would wager they wouldn't take kindly to the kind of bandwidth that the major SF projects like PortableApps.com push through. I've also been in touch with Roberto who made the mentioned post on SourceForge about some suggestions and options including doing an open source installer that the end-user/sysadmin can verify before installing instead of it being a downloader installer with the offer built in but not the app you want.
Normal (viz., non-computer-literate) users are used to clicking the big green button in the position the "next" button is in installers. A frighteningly high proportion of the populace simply do not notice the contents of the screen. My experience with real users is quite sufficient to lead me to call it drive-by installation: that was never the intent of the user.
(Sure, in a case like FileZilla you're dealing with slightly more competent people, but you'll still get a surprising number of undesired installations, and—my guess—no desired installations.)
"software that is intended to damage or disable computers and computer systems. origin: blend of malicious and software ."
The regard that people hold for these pieces of software aside, most of them are not actively malicious. Yes, they're annoying, but most of them are not doing anything worse to you than what the major ad networks are doing.
I hate that, I block that behavior with noscript and adblock, etc. But it's a stretch to call that malicious.
these toolbars don't have backdoor downloaders, they don't display pop-ups, they're not damaging our devices. they suck, i hate them, i uninstall them for my friends and family. but they're no more malicious than ads on the washington post, and they're there for the same reasons.
for the record, i think this is a bad move on SourceForge's part. it's misleading, it's abusive of user's goodwill and trust, and most users are going to accidentally install these toolbars that they don't want or need. but just because it's a bad idea and it's intrusive and rude, doesn't make it malicious.
Then they are malware.
Ads on the washington post that runs code in my browser is in the same boat. They depend on tricking the users computer into running code contrary to the wishes of those who own the computer. Software like ad-block, ghostery, no-script, disconnect and many other are designed to prevent said malware from running. They are the antivirus tools of 2010s, and is thankfully so far free.
Last, lets just put down Micrsoft own definition of malware:
'Malware' is a general term used to refer to a variety of forms of hostile or intrusive software
If you've ever done user studies with people installing software you'll notice 90% click the next button until it's done without reading the pages
The way that the accept button is positioned in these "optional" offers makes it look like you have to click it to proceed. This is exactly what a dark pattern is (http://darkpatterns.org/ or http://www.90percentofeverything.com/2013/07/23/the-slippery...).
I downloaded Filezilla from Sourceforge to see how this offer system is implemented - http://i.imgur.com/7tZuUoE.png. From quickly glancing at the window it looks like accept is the only valid way of continuing with the installer. Furthermore the program installs Hotspot Shield which will constantly show the user ads after it's installed, I doubt even 1% of the people installing Hotspot shield through this offer want it on their PC.
No, nobody wants it, that's why it's there. Your optimism presupposes that there has ever been a such thing as a person who wouldn't mind more commercials on TV. These people aren't out there, people only tolerate the advertising they do see, and software like this only exists to inflict itself on the user.
In other words, Nike and Budweiser don't advertise on Sourceforge crapware toolbars, but have you suggested to him that he might want to install that kind of thing?
But this isn't a sustainable strategy. You're basically asserting SourceForge's unique selling point/competitive advantage is its ability to host files. You've got to be kidding.
GitHub has taken off like a rocket whose thrust show no signs of abating. SourceForge is going down the drain with a passiveness that shows no sign of abating--unless it is conceptually rethought, from the ground up. You know, does something new and innovative to address project needs from a contemporary point of view. Dice certainly doesn't seem to have an appetite for that kind of risk, just an appetite for the last drops of life sucked out of a dying carcass by throwing leeches on it.
VLC, 7-Zip, PortableApps.com, FileZilla, MinGW, Apache OpenOffice, GIMP, Notepad++, ...
Offer-based installers are one way of monetizing and have become exceedingly popular, especially with closed-source freeware. Unfortunately, most of these installers are designed to trick users into installing (or go so far as to install without use consent). To SourceForge's credit, they make a single offer which is clearly defined and even have a link to a page explaining why the offer is made. Compare this to your typical download from Download.com which includes multiple offers including several tricks to get you to install (pages that seem to be license agreements for the main software but install adware when you click agree, pages that list a standard and a custom install type and you'll get adware unless you pick custom and uncheck the offer, etc).
The other option is freemium pricing, free for smaller users but bigger users pay. To go this route, you basically need to go after the enterprise to make money. Github has taken this route from the beginning and achieved profitability in 2009 if I recall. I'm not sure if Github is still profitable, but they got $100m in funding last year, so they have money to burn. That could be why the added binary hosting back in. They had it originally but removed it due to costs years ago. Still, I'm unsure if they would put up with a project as large as the ones on SourceForge (PortableApps.com, FileZilla, GIMP for Windows, etc) as that is quite a bit of bandwidth to give away for free as a loss leader (since Github wouldn't even make money on ads for those downloads). Unfortunately, SourceForge has no enterprise offerings at present, so this isn't a viable revenue source today. They could explore this route in the future as a competitor to Github, though. It would be a bit of a pivot for them and not without its own risks. But, even if they go down this route, they still need to have the revenue today to keep going. So, it's a bit of a catch 22.
Not that it would by any means be easy, I was suggesting a conceptual re-think of SF to attract and enthrall new users/projects. However your response (and the refrain I hear from others) indicates a strategy of monetizing the big binary projects you already have. That's cool, and that's a market. But I would fear
- those projects being coaxed away by innovations from services in adjacent markets (GitHub using enterprise revenue to cover download costs), and
- those big binary projects eventually dying (as projects sometimes do), without replacement from new young projects (because they will prefer to start on GitHub and will then mature there).
Perhaps go after the conceptual strategy of "SF is where you go when you've grow out of GitHub".
Second, Github doesn't really offer what the big binaries on SourceForge need which is tons of bandwidth to host downloads. Github ditched downloads back in December but appears to have added them back in with 'Releases' last month. It remains to be seen how much bandwidth a free and open source project can actually push through Github, though. And whether Github will keep Releases/downloads around at all since they've only been around for a month and were unceremoniously killed off just 8 months prior.
SourceForge is a known quantity with download mirrors all over the world that you can push 10s of TBs per month through for free as long as you're a fully open source project. Github, on the other hand, is an unknown quantity with respect to big downloads.
Really naive question, I'm sure, probably a simple answer for anyone working in providing services at this scale, but...
Why is everyone's business so dependent on funding expensive bandwidth? We've had bandwidth sharing for over a decade, what didn't P2P solve?
For starters, you have to get the end user to download and install a piece of software first (torrent client, etc) and then direct them to the larger downloads of the actual software you're distributing.
Next, you can't just build this feature into something like our PortableApps.com Platform (with it's built in software downloader/app store/updater) as many end users are prohibited from running P2P software by their ISPs and we can't depend on them being technically knowledgeable enough to know whether or not they're allowed to.
Then you have the issues with routers and firewalls and punching holes in them to allow people to upload to others as well as download (which is a bit easier with upnp but not always automatic).
Then you have the issue that much of the world is still on metered connections. Here in NYC I have the choice between slow DSL provided by one company (and some resellers that use the same line), fast but unreliable cable provided by one company (no resellers or competitors), no fiber (Verizon cancelled FiOS buildouts), or wireless (which carries a limit of 5GB per month and you pay $10 per GB after that). I opted for the fast but unreliable cable and a wireless hotspot as a backup for the several hours a month the cable goes down. Lots of the world has even fewer options than I do.
And finally, most legitimate webhosts prohibit any kind of P2P hosting on their networks, so you can forget about running a torrent tracker on your regular web server. You can go with a second tier provider that is more forgiving (or clueless) but then you have the issues associated with such a provider (likely illegal activities on the same network, likely security issues, etc).
There are other issues and some workarounds for the above, of course, this is just my personal experience with researching it for PortableApps.com over the years.
Some parts of the problem sound like they could be described as a tragedy of the commons. Things would be more efficient all around if we just allowed intelligent bandwidth sharing through P2P, but network administrators concerned about the impact on their particular networks prevent such moves, actually making everything less efficient.
Not to understate the other technical hurdles.
Good points, thanks.
I think this is in part because they charge. I like this model. Its simple. You want to use GitHub for free then you have to make your code freely available. You want to keep it proprietary then you have to pay for your account.
Where this doesn't translate well with SourceForge is that it was designed from the start to be of, by, and for Open Source projects. So the vast majority of projects would be non-paying.
However, they may be able to add some features that appeal to proprietary projects who are willing to pay and use that revenue to offset any losses. It would be hard work but ultimately I think it would be be better than the appearance (if indeed it is just that) of distributing malware.
Agreed. I was a happy user of GitHub for solely public (free) repos, since all our startup projects are OSS. But as soon as we ran into the need for repos for private internal projects, or OSS stuff that we aren't ready to announce yet and want to keep private, it was a very natural, and seamless, process for us to sign up for a paid GitHub account. GitHub have, IMO, found a nice sweet spot in terms of taking advantage of the "freemium" model. And it's one paid service I totally don't mind paying for in the slightest. It just feels like they really got it right with their model.
That said, we don't need a large number of private repositories in our model. I know some people prefer BitBucket's model, if they need a larger number of private repos.
Clarification: they do not offer gratis service based on free code, they offer gratis service based on public code. If you are public, it's no charge, even if you are using a proprietary license.
That seems to be SF's existential problem. What's their strategy? Adware installers are certainly interesting, perhaps even "innovative", but seem to be a near-term monetization tactic that doesn't address the strategic problem of community stagnanation. What happens in the hypothetical situation when all the big projects die or leave (perhaps because they've become so successful they can now support their own infrastructure costs)?
In terms of PortableApps.com, I don't think we'd be a good fit for GitHub since we're a project that's a conglomeration of apps made portable (for USB and cloud use). I think we're around 90TB of bandwidth for downloads in the last month for our open source apps via SourceForge (some of our open source apps the publishers self-host like Inkscape and LibreOffice so we don't push those through our SourceForge project).
Surprisingly expensive business.
Whenever you see the word "toolbar," just think "virus," because that's pretty much what they amount to. See: http://www.cracked.com/blog/6-reasons-guy-whos-fixing-your-c... (#2)
An organization claiming to be for "open source" should not be distributing KNOWN malware, by ANY means. PERIOD.
I have one major project on SourceForge that is pretty much inactive. If I ever do the rewrite of it I'm thinking of, that new code will not be hosted there. It'll probably be on GitHub.
GitHub is a developer tool. Users not interested in viewing/changing/building the source code should get the software from the project's website.
The examples all only show Zips but you can apparently add in EXEs, MSIs, DMGs, etc. I'd wager that they won't put up with high numbers of downloads on free projects ala FileZilla, GIMP, PortableApps.com on SourceForge, though.
Pure speculation. More speculation: I'd wager they'd be OK with it. Bandwidth is practically free.
We could setup on something like an unmetered host. We'd lose the worldwide network and geographic closeness of the servers to the downloaders, of course. You can get a 1gbps dedicated unmetered connection for around $800+ a month (not including the actual server) at several providers. A 100mbps dedicated unmetered would not be sufficient for PortableApps.com as it would only total 20TB a month used fulltime (of the theoretical ~32GB max it could push if you discount overhead, etc).
How far the once mighty SourceForge has fallen…
[Editor's note: This post is the opinion of the author and not necessarily that of the Gluster Community]
SourceForge, once a mighty force for the good of Open Source, has fallen far from its previous lofty heights.
Dice, the new owners, bribe strongly encourage the top projects to use a new (closed source only) installer that pushes spyware / adware / malware.
Developers using SourceForge should migrate away from it if they want to keep their integrity. End users using projects hosted on SourceForge should immediately find an alternative.
When people download software from SourceForge, or any major repository of Open Source software, they expect the software to be trustworthy. (baring unintentional bugs)
They do not expect the software to be a source of “drive by installer” style malware, spyware, adware, or any other unrelated/unintended software.
SourceForge’s new owners, Dice, have consciously and deliberately moved to a model violating this trust.
With their recent changes, users downloading from SourceForge now receive a special closed source installer which attempts to foist unrelated third party software onto them.
For example, when a user clicks on this:
It gets worse.
When SourceForge introduced this, it bribed encouraged the top projects to participate by giving them a cut of the take. So these co-operating projects are also knowingly selling their users down the river.
I’m not against monetisation at all, we all have lives and need to pay our bills. But not through abusing user trust. Not through preying on the unskilled or unwary.
To misquote Marge Simpson; “They not only crossed the line, they threw up on it.”
If you’re a developer or contributor to a SourceForge project, please ask them to move to a new project host (there are several). And cease all further involvement until it’s complete. I’ve already done so with mine.
If you’re a user of a SourceForge project, please find and use an alternative project instead.
We should all demonstrate our commitment to user safety and personal integrity around this issue.
And after a little research, it's clear that this article throws up on the truth.
1) “drive-by installer” Drive-by installers don't require user to download and intall, and are definatelly not OPT-IN like this one
2) "malware / junk ware / crime ware" - He listed all of the wares, except the one that it is, offer-installer is adware.
I'm no fan of opt-in adware, but plenty of quality apps depend on it. I've been using daemon tools for almost 5 years now, and I've never had an issue with it. For such a trivial tool with opensource alternatives, most people won't pay, but developers needs to pay their bills and a little adware gets the job done.
For click bait garbage articles like this I wish HN had someway to unvote.
Who are you to say how open source authors make their money? While I'm not happy about this shady move by Dice, it's the sensationalist writing, full of misinformation that I was calling out.
Fortunately for everyone, the "antivirus community", which produces software I would also classify as malware, does not get to dictate how the rest of us use words.
Why? I know some are better or worse than others, but...
To a user who has their machine slow to a creeping halt or behave in unexpected ways because of these "opt-in" daemon adware suites, that "distinction" breaks down very quickly.
If you use those kinds of tactics, you are taking CPU cycles from people who did not want them taken. Where I come from , we call that stealing - and it makes you something less than an honorable individual if you do it. I spent years working in tech support, so I have the understanding necessary to make that statement.
I am also a developer and I know there are more honest - and proven - ways to make a living with OSS that don't fall on that side of the "shady" line.
I repeat my charge of Shenanigans.
I propose "grayware."
Don't these toolbars usually report your browsing habits anyway though? If so they are spyware which clearly makes them malware.
Either way, I find those installer "offers" are pretty distasteful even when they are deployed by good people with good motives. Roughly what percent of the people who installed the Ask toolbar actually understood what it was and wanted it to be installed? Surely a minority...
Last I checked, Virtual Clone Drive didn't have any sneaky opt-in/ out ad-ware in the installer.
This article is sensationalist BS. After a little research it's clear that DevShare is adware not malware.
That is what happened the very last time I tried to download something from SourceForce.. (SourceForge).
Yes, everyone please ban SourceForge.
I imagine it's OS-sniffing, so any Windows users around to confirm?
Here's a link to the filezilla forums where the dev team appears to be justifying its use: https://forum.filezilla-project.org/viewtopic.php?f=2&t=3024...
I'm on OSX and when downloading the windows version from the repository, I get the same file as the author. Try it yourself here and download the .exe: http://sourceforge.net/projects/filezilla/files/FileZilla_Cl...
- new cockney rhyming slang anyone?
Now, the stable snapshots could go on Bitbucket and the code's remove origin is already on GitHub. That leaves me with two questions:
1. Where to can I move the old projects that can be reasonably expected to stay up for another decade?
2. Where do I host the live demo? I'd prefer a free or near-free service since this is a not-for-profit FOSS project. I have the option of waiting for my Raspberry Pi to come online .
The closest thing to SourceForge in terms of features that I know of is http://developer.berlios.de/. Can anyone share their experiences with it?
* GitHub for SCM and wiki docs.
* SourceForge for mailing lists
* Self-hosted Redmine for bug tracking
* Freenode IRC for realtime collaboration
For hosting file downloads, I recommend nginx. If the bandwidth is more than your server's connection can handle and you don't want to upgrade it, you could either use AWS or other cloud vendors, or provide your download as a torrent.
Email me if you're interested in alpha/beta testing (see my profile).
It's certainly dead to me.
Looks like some remedy in the case of FileZilla is that they host their own installer as well:
(Which matches the SF.net hosted FileZilla_3.7.3.sha512 list.)
Looks like the original files can be gotten if you make your own direct link, e.g.:
Github is great, but as it looks right now they fail to pull in those big legacy software packages. Their main audience seems to be web dev.
I then was able to install filezilla without the offer-installer just by not clicking on the checkmark. After the installation, my VM ran normally, no pop-ups, no changed homepage in firefox or IE.
People that write this drivel make the open source community look like a bunch of nutjob, hippy zealots with no grasp of reality. Ads pay the bills and sadly some open source developers have mouths to feed.
This wrapper presents the same problems as OpenCandy. Can you get the source to the installer? No. Can you guarantee the wrapper only does what they say it's doing. No. Do you have a fiduciary or contractual relationship with the publisher upon which you can rely if their software causes you harm? Probably not.
Avira Free and MS Essentials are certainly not the be-all, end-all to code verification, so don't feel too secure after using them, either.
There are honest ways to monetize development without jeopardizing the safety of a tremendous number of users; unfortunately, this ain't it.
Next time, present your argument without the name calling. It works better.
OK, I'm game. How should SourceForge monetize?
Just about everyone here is running ad blocking software, not that display ads pay much anymore. Not that anyone will tolerate seeing an ad for the free software they're downloading.
Should SourceForge charge a monthly fee to projects? To users? Perhaps SourceForge should arrange licensing deals to make white label SourceForge clones? Maybe they should just start doing consulting on the side?
what myspace is to facebook
what gm is to tesla
and what slashdot is to digg, now to reddit
and so on
There's also Yahoo! Groups.