mikegerwitz
/
thoughts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial release of new website 

I had meant to write a blog post right away, but it's late and I haven't yet
decided if I should wait for further enhancements.
master
Mike Gerwitz 2019-01-17 01:30:52 -05:00
parent 8dbde47b65 f24dc3e227
commit 4c55540034
Signed by: mikegerwitz
GPG Key ID: 8C917B7F5DC51BA2
143 changed files with 8850 additions and 807 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
.gitignore vendored
View File

@ -1,11 +1,13 @@
*.html
!docs/about/resume.html
!/src/about/resume.html
!src/cgit/head.html
*.meta
*.mk
/post/list
!/docs/about/resume.html
rss.xml
www-root
docs/papers/.list
/www-root
/cgit-root
/papers/*.pdf
/papers/*.dvi
# repo2html
.clist
.cref-bad
.cref-errlog
.hashcache

6
.gitmodules vendored
View File

@ -4,3 +4,9 @@
[submodule "docs/papers/cptt"]
path = docs/papers/cptt
url = https://mikegerwitz.com/projects/cptt
[submodule "papers/cptt"]
path = papers/cptt
url = https://mikegerwitz.com/projects/cptt
[submodule "papers/coope"]
path = papers/coope
url = https://mikegerwitz.com/projects/coope

192
Makefile
View File

@ -1,107 +1,143 @@
# Builds thoughts (well, not quite like that)
#
# Copyright (C) 2013 Mike Gerwitz
# Copyright (C) 2013, 2018, 2019 Mike Gerwitz
#
# This program is free software: you can redistribute it and/or modify
# This program is free software: you can rewww-ribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# This program is www-ributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# #
#
# This project is a static site generator. This Makefile was written to
# have deep knowledge of every aspect of the site so that it can be
# incrementally built, and so that all relevant portions will be properly
# rebuilt any time something changes.
#
# Source files are automatically identified through either wildcards or
# Makefile generation with one important exception: things in src/. The
# reason is that src/ contains a number of things we don't want published,
# and the distinction is too messy to codify. Of course, another option is
# to clean that up, but I don't mind being explicit for now.
##
pages := $(patsubst %.pg, %.html, \
$(shell find docs/ -name '*.pg'))
pages_md := $(patsubst %.md, %.html, \
$(shell find docs/ -name '*.md'))
articles := $(patsubst %.txt, %.html, \
$(shell find docs/ -maxdepth 2 -name '*.txt' | grep -Fv /gh/))
# articles in TeX with an inappropriate var name
texticles=$(patsubst %/, %.html, $(dir $(shell find docs/ -name 'Makefile')))
www_root := www-root/
url_root := https://mikegerwitz.com
repo_url := https://mikegerwitz.com/projects/thoughts
repo_commit_url := '$(repo_url)/commit/?id=%s'
.DELETE_ON_ERROR:
# configured repo2html command
repo2html := repo2html \
-t 'Mike Gerwitz' \
-d 'Free Software Hacker+Activist' \
-c 'Mike Gerwitz' \
-l 'This content is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License.' \
-C '/style.css' \
-f 'tools/thoughts-fmt' \
-F .listfilter \
-T '$(PWD)/tpl' \
-u '$(repo_url)' \
-U '$(repo_commit_url)' \
-E ''
postsrc := $(wildcard post/*.md)
pmeta := $(postsrc:.md=.meta)
phtml := $(postsrc:.md=.html)
pmk := $(pmeta:.meta=.mk)
.PHONY: default clean pages articles thoughts docs
www-root = www-root
cgit-root = cgit-root
# articles in TeX
texticles = $(wildcard papers/*/)
www-paper = $(patsubst papers/%/, $(www-root)/papers/%.pdf, $(texticles)) \
$(patsubst papers/%/, $(www-root)/papers/%.dvi, $(texticles))
images = $(wildcard images/*.*) $(wildcard images/tp/*.*)
www-images = $(patsubst images/%, $(www-root)/images/%, $(images))
cssfonts := $(shell build-aux/lsfonts)
www-fonts := $(patsubst fonts/%, $(www-root)/fonts/%, $(cssfonts))
# Manually maintain both for simplicity and to ensure something does not get
# unintentionally published.
srcpages = src/index.html src/about.html src/papers.html src/posts.html \
src/talks.html src/404.html src/about/inside.html \
src/about/githubbub.html \
src/about/resume.html $(wildcard src/about/resume/*)
www-pages = $(patsubst src/%, $(www-root)/%, $(srcpages))
www-files = $(www-pages) $(www-root)/style.css $(www-root)/rss.xml $(www-paper) \
$(www-images) $(www-fonts) $(www-root)/redirect-map.php
RSS_N=10
export WWW_URL
.PHONY: default clean webroot cgitroot
default: www-root
thoughts:
mkdir -p "$(www_root)"
$(repo2html) \
-R 40 \
-o "$(www_root)" \
'$(url_root)' \
> "$(www_root)/index.html"
%.meta: %.html src/post2meta src/post2html
src/post2meta $< > $@
src/talks.html: src/talks.rec
src/papers.html: src/papers.rec
%.html %.xml: %.sh post/list src/mkheader src/header.tpl.htm src/footer.tpl.htm $(phtml)
$< > $@
%.html: %.md src/post2html src/mkheader src/h12title src/header.tpl.htm src/footer.tpl.htm src/pandoc.tpl
src/post2html $< > $@
%.html: %.htm src/mkheader src/h12title src/header.tpl.htm src/footer.tpl.htm
src/mkheader about @__PAGE_TITLE__@ \
| cat - $< src/footer.tpl.htm \
| src/h12title @__PAGE_TITLE__@ \
> $@
# all .txt articles will be compiled with asciidoc, then post-processed with the
# mgify script
%.html: %.txt
asciidoc -fasciidoc.conf -v \
-a stylesdir= \
-a themedir=$(PWD)/ \
$<
./tools/mgify "$@"
# special outputs
src/rss.xml: src/rss.sh post/list $(phtml)
head -n$(RSS_N) post/list | xargs $< > $@
# "pages"
%.html: %.pg docs/papers/.list tpl/.config
$(repo2html) -icontent -ftools/extfmt <$< >$@
%.html: %.md tpl/.config
$(repo2html) -icontent -ftools/mdfmt <$< >$@
posts: $(pmeta) $(phtml)
post/list: $(pmeta)
ls post/*.meta | sort -rn > $@
# TeX papers are expected to have their own makefiles as well as an abstract.tex
%.html: %/abstract.tex
$(MAKE) -C '$(dir $<)' pdf dvi
url_root='$(url_root)' ./tools/texdoc '$(dir $<)' | $(repo2html) -icontent -ftools/extfmt >$@
# Rules for generating the final webroot from the posts are themselves
# generated. This also appends dependencies to www-posts.
.PHONY: www-posts
post/%.mk: post/%.meta build-aux/mkmk
build-aux/mkmk $(www-root) $< > $@
# Note the conditional include only for webroot. This is needed for two
# reasons:
# 1. To avoid including them on `clean' (see GNU Make manual, which is
# where this snippet originated from); and
# 2. Because otherwise including the makefiles causes every pmete to be
# built, which is unnecessary for all but `webroot'.
#
# The alternative (and perhaps more proper means) to #2 would be to run mkmk
# as part of the meta target. This was originally done until a solution to
# `clean' was needed; this handles both situations well.
ifeq ($(MAKECMDGOALS),webroot)
include $(pmk)
endif
webroot: www-posts $(www-files)
$(www-root)/style.css: style.css
install -Dma+r $< $@
$(www-root)/%: src/%
install -Dma+r $< $@
$(www-root)/fonts/%: fonts/%
install -Dma+r $< $@
$(www-root)/papers/%: papers/%
install -Dma+r $< $@
$(www-root)/images/%: images/%
install -Dma+r $< $@
# TeX papers are expected to have their own Makefiles as well as an abstract.tex
papers/%.pdf: papers/%/abstract.tex
$(MAKE) -C $(dir $<) pdf
cp $(dir $<)/$*.pdf $@
papers/%.dvi: papers/%/abstract.tex
$(MAKE) -C $(dir $<) dvi
cp $(dir $<)/$*.dvi $@
docs/papers/.list: thoughts articles
echo "$(articles) $(texticles)" | tr ' ' '\n' | tools/doclist >$@
images: images/tp/Makefile
$(MAKE) -C '$(dir $<)' all check
images/tp/Makefile: images/tp/gen-makefile
( cd images/tp/ && ./gen-makefile ) >$@
pages: $(pages) $(pages_md)
articles: $(articles) $(texticles)
docs: pages articles
www-root: docs thoughts images
mkdir -p www-root/papers
( cd docs/ \
&& find . -maxdepth 2 -name '*.html' -exec ../tools/doc-cp {} ../www-root/{} \; \
&& find . -maxdepth 3 \( -name '*.pdf' -o -name '*.dvi' \) -exec cp {} ../www-root/{} \; \
)
mkdir -p www-root/images/
cp -v images/*.* images/tp/*.png www-root/images/
cp -rv fonts/ www-root/
cp -rv _raw/* www-root/
cp -v style.css www-root/
mkdir -p www-root/docs
cp -rv docs/gh/ www-root/docs/
cp -rv docs/about/resume www-root/about/
cp -rv docs/hoxsl www-root/hoxsl
cgitroot: $(cgit-root)/head.html $(cgit-root)/header.html $(cgit-root)/footer.html \
$(cgit-root)/cgitrc
$(cgit-root)/%: src/cgit/%
install -Dma+r $< $@
clean:
rm -rf www-root/
rm -f $(pages) $(pages_md) $(articles) $(texticles)
rm -rf $(www-root) $(pmeta) $(phtml) $(pmk) $(cgit-root)

3
README
View File

@ -1,5 +1,4 @@
The miscellaneous thoughts and ramblings of a free software hacker.
This website is processed with repo2html.
https://mikegerwitz.com/
http://mikegerwitz.com/

78
bootstrap 100755
View File

@ -0,0 +1,78 @@
#!/bin/bash
# Prepares build environment
#
# Copyright (C) 2019 Mike Gerwitz
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# This will also download any necessary third-party files. Note that all
# downloads are proxied over Tor (using `torify').
##
set -euo pipefail
# Source fonts (Apache 2.0)
declare -rA fonts=(
[OpenSans-Regular.woff]=https://fonts.gstatic.com/s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0d.woff
[OpenSans-Light.woff]=https://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN_r8OUuhv.woff
[OpenSans-SemiBold.woff]=https://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UNirkOUuhv.woff
)
declare -r tpimagesdir=images/tp
declare -r fontdir=fonts
# Download third-party images. This not only keeps them out of the
# repository, but explicitly states in a reproducible manner how the images
# were manipulated (if at all).
get-images()
{
echo 'retrieving third-party images...'
( cd "$tpimagesdir" && ./gen-makefile > Makefile )
make -C "$tpimagesdir" all check
}
# Download and verify fonts and license.
get-fonts()
{
local font src dest
echo 'retrieving font files...'
for font in "${!fonts[@]}"; do
src=${fonts[$font]}
dest="$fontdir/$font"
test ! -f "$dest" || continue
torify wget "$src" -O "$dest"
done
# Verify that we haven't been served bad files. This should only happen
# in the case of network failure or a malicious host, since the above URLs
# reference the commit hash.
echo 'verifying font files...'
( cd "$fontdir" && sha512sum -c SHA512SUM )
}
# Bootstrap.
main()
{
get-images
get-fonts
}
main "$@"

22
build-aux/lsfonts 100755
View File

@ -0,0 +1,22 @@
#!/bin/sh
# List fonts used by CSS
#
# Copyright (C) 2019 Mike Gerwitz
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
##
grep -A4 @font-face style.css \
| grep -o "fonts/[^']\+"

48
build-aux/mkmk 100755
View File

@ -0,0 +1,48 @@
#!/bin/bash
# Generate dependency Makefile for post
#
# Copyright (C) 2019 Mike Gerwitz
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# The dependency Makefile is responsible for webroot generation. This is
# necessary since the directory structure of the webroot varies so wildly
# from that of the source.
##
set -euo pipefail
# Generate Makefile. Produces webroot target and adds that target to the
# `www-posts' phony target.
main()
{
local -r distdir=${1?Missing distdir}
local -r meta=${2?Missing post path}
local slug
slug=$( recsel -P slug "$meta" )
local -r dest="$distdir/$slug.html"
local -r src="${meta%%.meta}.html"
cat <<EOF
www-posts: $dest
$dest: $src
install -Dma+r $src $dest
EOF
}
main "$@"

1
docs/papers/coope

@ -1 +0,0 @@
Subproject commit 98583d0e9f72a6e0af4117f013679fca1978f1da

2
fonts/.gitignore vendored 100644
View File

@ -0,0 +1,2 @@
*.woff

201
fonts/LICENSE.apache2
View File

@ -1,201 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

BIN
fonts/OpenSans-Regular.ttf 100644
View File

Binary file not shown.

BIN
fonts/OpenSans-Regular.woff
View File

Binary file not shown.

3
fonts/README
View File

@ -1,2 +1 @@
Open Sans by Steve Matteson
Apache 2.0 License
Run bootstrap to retrieve fonts

3
fonts/SHA512SUM 100644
View File

@ -0,0 +1,3 @@
6b04f0f3e632637dd82b11064502b1036ea20e8824eb973b1b369cb3fbe823e35094764a72eb7fd5e76431131b88287e622055ffa71131d7dc609a2b0371311e OpenSans-Light.woff
5029c9d19e1cb91481cd8f23a90fdd3bdc0058dc36e9a29e1d5c808482806f359365b588b1ec0b9d22ae975eff9475ee662e93a0e3421961bd0620cb307d44d9 OpenSans-Regular.woff
9dbd69e362fe4144c686adc1c53e0d55efe9aa173c2402667559e14a4ed505a00fc6d5ac95b1e0259d26efb9b846c34034359e1d88148610ea5ce89d300d9008 OpenSans-SemiBold.woff

BIN
images/eff-42.png 100644
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.2 KiB

BIN
images/fsf-42.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.6 KiB

After

Width:  |  Height:  |  Size: 1.7 KiB

1
images/tp/SHA256SUM
View File

@ -1 +0,0 @@
3a2fb99c4cbb929ee7a5c404f7b356fa9c5133145feaf834220cad4362d651d0 eff-42.png

3
images/tp/SHA512SUM 100644
View File

@ -0,0 +1,3 @@
3a91c74bec2dc9b65df8a0208b2f640b1971131c2791c8f3f8431219405702e600bdc476f0f792856f7c31f8b8144d125c934105287913a822d14c0aef058993 eff-42.png
81db76e73f274194c82695eb314cae4b371f3a1cb246a18ff702b26440dbe73bb110a8695230c4d75e628f652a245e3675541144003975a650aa5edecb5f72f3 eff-privacy.png
794b6aca4d20e60f876b38127a5d3f5975e4c99b0520dfd8a1895df00b9168f07cf650fb2d2a4d7d818a74d3a9e5a252b94ef70cf50fb17484f4272408420ba9 fsfs-icons-beige.png

6
images/tp/gen-makefile
View File

@ -29,11 +29,11 @@ images := $( cut -d' ' -f1 "$remote_file" | tr '\n' ' ' )
.PHONY: all check clean
all: \$(images)
SHA256SUM: \$(images)
sha256sum \$(images) > \$@
SHA512SUM: \$(images)
sha512sum \$(images) > \$@
check:
sha256sum -c SHA256SUM
sha512sum -c SHA512SUM
clean:
\$(RM) \$(images)

4
images/tp/remote-list
View File

@ -1 +1,5 @@
eff-42.png https://web.archive.org/web/20170922020250/https://www.eff.org/files/2014/01/24/eff-logo-plain-rgb.png -trim -resize 42 -gravity center -extent 42x42
eff-privacy.png https://web.archive.org/web/20190102234255/https://www.eff.org/files/issues/icon-privacy-1_0.png -scale x250 -crop 250x250+125+0
fsfs-icons-beige.png https://web.archive.org/web/20190105011705/http://static.fsf.org/nosvn/images/badges/fsfs_icons_beige-bg.png
lp-2017-crop.png https://web.archive.org/web/20181208025632/https://libreplanet.org/2017/assets/img/site_logo_alternate.png -crop 75x75+29+0

1
papers/coope 160000

@ -0,0 +1 @@
Subproject commit 93fa274206c70606fca0b42d9329e3f8565816f4

1
papers/cptt 160000

@ -0,0 +1 @@
Subproject commit 41a35f3c37fd41772ff7ae8aca62d77c4cafcf6c

1316
post/2012-05-22-a-git-horror-story-repository-integrity-with-signed-commits.md 100644
View File

File diff suppressed because it is too large Load Diff

12
post/2012-10-05-getting-too-tired-to-hack-at-2300.md 100644
View File

@ -0,0 +1,12 @@
# Getting too tired to hack? At 23:00?
This has been normal since becoming a father. I can't complain---I love being a
father. Of course, I also love hacking. I also love sleep. Knowing that my son
is going to wake me up a 6:00 in the morning has a slight influence in a
situation like this.
<!-- more -->
I'd like to just suffer through it, but being a fiancé also has another
obligation: going to bed when your significant other decides that it's bed time
(and by "bed time" I mean sleep). I still manage to fit it in somehow.

29
post/2012-10-05-who-needs-microblogging.md 100644
View File

@ -0,0 +1,29 @@
# Who needs "microblogging"?
I don't. This is just some place safe to store random thoughts that people
probably don't care about (like most comments on most social networking
services), with the added benefit of distributed backup, a simple system and no
character limit.
<!-- more -->
All the thoughts are commit messages; in particular, this means no versioning.
That's okay, because I'm not going to go back and modify them, but I do want
dates and I do want GPG signatures (to show that it's actually me thinking this
crap).
This isn't a journal.
This will mostly be a hacker's thought cesspool.
This isn't a blog.
Though, considering how much I ramble (look at this message), certain thoughts
could certainly seem like blog entries. Don't get the two confused---one
requires only thought defecation and the other endures the disturbing task of
arranging the thought matter into something coherent and useful to present to
others.
Yeah. Enjoy. Or don't. You probably shouldn't, even if you do. If you don't,
you probably should just to see that you shouldn't.

35
post/2012-10-06-trademarks-in-free-software.md 100644
View File

@ -0,0 +1,35 @@
# Trademarks in Free Software
The use of trademarks in free software has always been a curious and unclear
concept to me, primarily due to my ignorance on the topic.
Trademarks, unless abused, are intended to protect consumers' interests---are
they getting the brand that they think they're getting? If you download Firefox,
are you getting Firefox, or a derivative?
<!-- more -->
Firefox is precicely one of those things that has brought this issue to light
for me personally: the name is trademarked and derivatives must use their own
names, leading to IceCat, IceWeasel, Abrowser, etc. Even though FF is free
software, the trademark imposes additional restrictions that seem contrary to
the free software philosophy. As such, it was my opinion that trademarks should
be avoided or, if they exist, should not be exercised. (GNU, for example, is
trademarked[^0], but the FSF certainly [does not exercise it][1]; consider GNUplot,
a highly popular graphing program, which is not even part of the GNU project.)
[This article][2] provides some perspective on the topic and arrives at much the
same conclusions: trademark enforcement stifles adoption and hurts the project
overall.
I recommend that trademarks not be used for free software projects, though I am
not necessarily opposed to registering a trademark "just in case" (for example,
to prevent others from maliciously attempting to register a trademark for your
project).
[1]: http://www.gnu.org/prep/standards/html_node/Trademarks.html
[2]: http://mako.cc/copyrighteous/20120902-00
[^0]: uspto.gov; serial number 85380218; reg. number 4125065.
From what I could find from the USPTO website, it was submitted by
Aaron Williamson of the SFLC (http://www.softwarefreedom.org/about/team/)

17
post/2012-10-09-all-these-election-attack-ads-are-utterly-useless.md 100644
View File

@ -0,0 +1,17 @@
# All these election attack ads are utterly useless
There have been a lot of elections going on lately---local, state and national.
The majority of those ads are attack ads: immature and disrespectful; if you
want my vote, give me something positive to vote for instead of spending all of
your time and money attacking your candidate. If my vote is to go to the "least
horrible" candidate, then there is no point in voting at all.
<!-- more -->
Even more frustrating is the deceptiveness of the ads---intentional
deceptiveness, nonetheless. And these are the ads that many in the United States
will be basing the majority of, if not all, of their vote on come election time
(how many will realistically research instead of sitting in front of the TV
absorbing all of the useless bullshit that they are spoonfed?).
Frightening.

27
post/2012-10-09-always-use-t-with-ssh-add-and-always-set-passwords-on-your-ssh-keys.md 100644
View File

@ -0,0 +1,27 @@
# Always use -t with ssh-add (and always set passwords on your ssh keys)
Many people use SSH keys for the sole purpose of avoiding password entry when
logging into remote boxes. That is legtimate, especially if you frequently run
remote commands or wish to take advantage of remote tab complation, but creating
a key with an empty password is certainly the wrong approach---if an attacker
gets a hold of the key, then they have access to all of your boxes before you
have the chance to notice and revoke the key.
<!-- more -->
ssh-agent exists for this purpose. The problem is---creating an agent only to
place the key in memory indefinately is also a terrible idea. If your system
does become compromised and the attacker is either root access or access as your
user, then they can simply connect to the ssh-agent (unless it's password
protected) and start using your key. Also consider that, should you leave your
box unattended for even a moment without locking it (for whatever reason---shit
happens), an attacker could gain physical access to your PC (and an attacker may
just be a coworker looking to play a prank).
Every morning at work, I begin the day by typing ssh-add followed by an
appropriate lifetime (be it the duration of the work day, or the duration that I
think I will need the key). This way, your key is in memory when you are likely
to be physically present at the box and it is automatically removed from memory
after a given lifetime. Additionally, I like to add `ssh-add -D` to the script
that locks my PC when I walk away from my desk: that will immediately clear all
keys from memory, just in case.

42
post/2012-10-09-why-no-kid-or-kid-at-heart-should-write-an-iphone-game.md 100644
View File

@ -0,0 +1,42 @@
# Why no kid (or kid at heart) should write an iPhone game
I saw [this post][0] appear on HackerNews, talking about how building a game for
iOS is "fun" and "cool". The poster lures the reader in with talk of making
money and talks of a "unique sense of fulfillment" that comes with development
of these games, and then goes on to invite kids to learn how to develop games
for the iPhone (and presumably other iOS devices).
[0]: http://blog.makegameswith.us/post/33263097029/call-to-arms
This is a terrible idea.
<!-- more -->
Getting children involved with hacking is an excellent idea, but introducing
them to the evils of Apple and associating that with a feeling of pleasure does
a great disservice; all software developed for iOS must be "purchased" (even
if it's of zero cost) through a walled garden called the "App Store". The
problem with this is that [the App Store is hostile toward free
software][1]---its overly restrictive terms are incompatible with free software
licenses like the GPL. Teaching children to develop software for this crippled,
DRM-laden system is teaching them that it is good to prevent sharing, stifle
innovation and deny aid to your neighbor.
A better solution would be to suggest developing software for a completely free
mobile operating system instead of iOS, such as [Replicant][2] (a fully free
Android distribution). Even if Replicant itself were not used, Android itself,
so long as proprietary implementations and "stores" are avoided[[3]], is much
more [compatible with education][4] than iOS, since the children are then able
to freely write and distribute the software without being controlled by
malicious entities like Apple. Furthermore, they would then be able to use a
fully free operating system such as GNU/Linux to *write* the software.
Do not let fun and wealth disguise this ugly issue. Even more importantly---do
not pass this practice and woeful acceptance down to our children. I receive a
"unique sense of fulfillment" each and every day hacking free software far
away from Apple's grasp.
[1]: http://www.fsf.org/news/blogs/licensing/more-about-the-app-store-gpl-enforcement
[2]: http://replicant.us/
[3]: http://www.gnu.org/philosophy/android-and-users-freedom.html
[4]: http://www.gnu.org/education/edu-schools.html

21
post/2012-10-10-texas-middle-and-high-schools-tracking-student-locations-with-rfid-tags.md 100644
View File

@ -0,0 +1,21 @@
# Texas middle and high schools tracking student locations with RFID tags
[An article][0] describes how a school district in Texas is attempting to force
its students to wear RFID tags at all times in order to track their location to
"stem the rampant truancy devastating the school's funding".
[0]: http://rt.com/usa/news/texas-school-id-hernandez-033/
What?
<!-- more -->
This is deeply concerning. Not only does this raise serious security and privacy
concerns (as mentioned near the end of the article), but it also costed the
schools over a half a million dollars to implement. In order words: Texas
taxpayer money has been wasted in an effort to track our children.
Good thing they don't have anything [better to spend that money on.][1]
[1]: http://fedupwithlunch.com/

8
post/2012-10-13-day-changed-to-s.md 100644
View File

@ -0,0 +1,8 @@
# "Day changed to S"
Whatever "S" may be (in this case, "13 Oct 2012"), there is always a sense
of peace and gratification that comes with witnessing that line appear in any
type of log; it shows a dedication to an art, should your days contain daylight.
<!-- more -->

8
post/2012-10-16-branch-prediction.md 100644
View File

@ -0,0 +1,8 @@
# Branch Prediction
An enlightening discussion on branch prediction.[0]
[0]: http://stackoverflow.com/questions/11227809/why-is-processing-a-sorted-array-faster-than-an-unsorted-array
<!-- more -->

7
post/2012-10-16-free-speech-in-the-western-world.md 100644
View File

@ -0,0 +1,7 @@
# Free Speech in the Western World
An interesting opinion piece on [free speech in the western world.][0]
[0]: http://www.washingtonpost.com/opinions/the-four-arguments-the-western-world-uses-to-limit-free-speech/2012/10/12/e0573bd4-116d-11e2-a16b-2c110031514a_print.html
<!-- more -->

24
post/2012-10-16-nyc-master-keys.md 100644
View File

@ -0,0 +1,24 @@
# NYC Master Keys
[Bruce Schneier summarizes in a blog post][0] a disturbing topic regarding a New
York City locksmith selling "master keys" on eBay, providing access to various
services such as elevators and subway entrances.
[A discussion about this blog post on Hacker News][1] yielded some interesting
conversation, including an [even more disturbing article describing how simple
it may be to create master keys][2] for a set of locks given only the lock, its
key and a number of attempts.
[0]: http://www.schneier.com/blog/archives/2012/10/master_keys.html
[1]: http://news.ycombinator.com/item?id=4654777
[2]: http://www.crypto.com/masterkey.html
<!-- more -->
I'll let you ponder the implications of both of these topics. Here's something
to get you started: organized crime could use these keys to effectively evade
law enforcement or break into millions of "locked" homes. Crackers could gain
intimate access to various city systems whereby they may be able to further
obstruct or infect systems. A security system is only as strong as its weakest
link. Keeping citizens in the dark about these issues gives them a dangerous and
false sense of security.

27
post/2012-10-16-verizon-router-backdoors.md 100644
View File

@ -0,0 +1,27 @@
# Verizon router backdoors
A [very disturbing article][0] makes mention of a Verizon TOS update for its
Internet service customers:
[0]: http://www.linuxbsdos.com/2012/10/04/is-that-a-backdoor-or-an-administrative-password-on-your-verizon-internet-router/
> Section 10.4 was updated to clarify that Verizon may in limited instances
> modify administrative passwords for home routers in order to safeguard
> Internet security and our network, the security and privacy of subscriber
> information, to comply with the law, and/or to provide, upgrade and maintain
> service.
<!-- more -->
...what? This is deeply disturbing, deeply perverted idea of security. Not only
is this a severe privacy concern (all internet traffic passes through your
router), but it's a deep *security* concern---what if a cracker is able to
figure out Verizon's password scheme, intercept the communication with your
router or otherwise?
I recommend that you (a) use your own router, (b) change its default password if
you have not yet done so and (c) disallow remote access. Furthermore, I
recommend using a free (as in freedom) firmware such as [DD-WRT][1] if supported
by your hardware.
[1]: http://dd-wrt.com/

34
post/2012-10-17-crackers-capable-of-causing-pacemaker-deaths.md 100644
View File

@ -0,0 +1,34 @@
# Crackers capable of causing pacemaker deaths
[This article][0] demonstrates why medical devices must contain free software:
crackers are able to, with this particular type of pacemaker, exploit the device
to trigger a fatal electric shock to its host from as far as 30 feet away (the
article also mentions rewriting the firmware, which could of course be used to
schedule a deadly shock at a predetermined time). These issues would not exist
with free software, as the user and the community would be able to study the
source code and fix any defects (or hire someone who can) before placing it in
their bodies.
[0]: http://www.scmagazine.com.au/News/319508,hacked-terminals-capable-of-causing-pacemaker-mass-murder.aspx
<!-- more -->
(Note that this article mistakenly uses the term "hacker" when they really
mean "cracker".)
The aforementioned article is an excellent supplement to [a discussion on free
software in pacemakers][1]. In particular, I had pointed out within this
discussion [a talk by Karen Sandler of the GNOME Foundation regarding this
issue][2] at OSCON 2011, in which she mentions potential issues of proprietary
software in pacemakers and the difficulty she faced in attempting to get the
source code for one that she was considering for herself.
The discussion on HackerNews also yielded [an article by the SFLC][3] detailing
this issue.
(Please do not use YouTube's proprietary video player to view the mentioned
YouTube video.)
[1]: http://news.ycombinator.com/item?id=3959547
[2]: https://www.youtube.com/watch?v=nFZGpES-St8
[3]: https://www.softwarefreedom.org/news/2010/jul/21/software-defects-cardiac-medical-devices-are-life-/

34
post/2012-10-18-another-crack-at-medical-device-cracking.md 100644
View File

@ -0,0 +1,34 @@
# Another crack at medical device cracking
My previous post mentioned the dangers of running non-free software on implanted
medical devices. While reading over RMS' policital notes[0], I came across [an
article mentioning how viruses are rampant on medical equipment][1].
> "It's not unusual for those devices, for reasons we don't fully understand, to
> become compromised to the point where they can't record and track the data,"
> Olson said during the meeting, referring to high-risk pregnancy monitors.
The devices often run old, unpatches versions of Microsoft's Windoze operating
system. The article also mentions how the maleware often attempts to include its
host as part of a botnet.
[0]: http://stallman.org/archives/2012-jul-oct.html#18_October_2012_%28Computerized_medical_devices_vulnerable_to_viruses%29
[1]: http://www.technologyreview.com/news/429616/computer-viruses-are-rampant-on-medical-devices/
<!-- more -->
This is deeply concerning and incredibly dangerous. As non-free software is used
more and more in equipement that is responsible for our health and safety, we
are at increased risk for not only obvious software flaws, but also for crackers
with malicious intent; harming someone will become as easy as instructing your
botnet to locate and assassinate an individual while you go enjoy a warm (or
cold) beverage.
These problems are *less likely* (not impossible) to occur in free software
beacuse the users and community are able to inspect the source code and fix
problems that arise (or hire someone that can)[2]. In particular, in the case of
the hospitals mentioned in [the article][1], they would be free to hire someone
to fix the problems themselves rather than falling at the mercy of the
corporations who supplied the proprietary software.
[2]: http://www.gnu.org/philosophy/free-sw.html

12
post/2012-10-18-federal-appeals-court-declares-defense-of-marriage-act-unconstitutional.md 100644
View File

@ -0,0 +1,12 @@
# Federal Appeals Court Declares "Defense of Marriage Act" Unconstitutional
A step in the [right direction.][0]
It should also be noted that New York State had also [legalized same sex
marriage back in July of 2011][1]---a move I was particularily proud of as a
resident of NY state.
[0]: http://www.aclu.org/lgbt-rights/federal-appeals-court-declares-defense-marriage-act-unconstitutional
[1]: http://en.wikipedia.org/wiki/Same-sex_marriage_in_New_York
<!-- more -->

8
post/2012-10-19-digitizing-books-is-fair-use-authors-guild-v-hathitrust.md 100644
View File

@ -0,0 +1,8 @@
# Digitizing Books Is Fair Use: Author's Guild v. HathiTrust
A New York court ruled that "digitizing" books for researched and disabled
individuals is lawful.[[0]]
[0]: https://www.eff.org/deeplinks/2012/10/authors-guild-vhathitrustdecision
<!-- more -->

28
post/2012-10-24-obama-and-warrantless-wiretapping.md 100644
View File

@ -0,0 +1,28 @@
# Obama and Warrantless Wiretapping
The EFF has released an article with a [plethora of links describing warrantless
wiretapping under the Obama administration][0], spurred by Obama's response to
Jon Stewart's questioning on The Daily Show last Thursday. (Readers should also
be aware of the [NSA spy center][1] discussed earlier in the year, as is
mentioned in the EFF article.)
[0]: https://www.eff.org/deeplinks/2012/10/fact-check-obamas-misleading-answer-about-warrantless-wiretapping-daily-show
[1]: http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/
<!-- more -->
It is clear that the United States government has no intent on protecting the
freedoms of individuals and instead is actively resisting attempts to correct
the problems. While we can hope that this will change, and we can be confident
that organizations like the EFF will continue to fight for our liberties, one
immediate option is to limit as much as possible what the NSA and other agencies
can discover about you. Consider using [Tor][2] for all of your network traffic
(at the very least, use HTTPS connections to prevent agencies and ISPs from viewing
specific web pages on a particular domain; HTTPS is unnecessary if using Tor.)
PGP/GPG can be used to encrypt e-mail messages to the intended recipients. Etc.
It's unfortunate that such precautions are necessary. Privacy is important even
if you have nothing to hide; any suggestion to the contrary is absolutely
absurd.
[2]: http://torproject.org

15
post/2012-10-24-stingrays-cell-phone-privacy-and-warrantless-surveillance.md 100644
View File

@ -0,0 +1,15 @@
# Stingrays: Cell Phone Privacy and Warrantless Surveillance
How would you feel if law enforcement showed up in your living room, demanded
your cell phone, and started writing down your call history and text messages?
How would you feel if you didn't even know that they were in your home to begin
with, let alone stealing private data? [This is precisely what is happening when
law enforcement uses "Stingrays" to locate individuals][0], collecting data of
every other individual within range of the device in the process. Even *if* you
are the subject of surveillance, this is still an astonishing violation of
privacy. (Of course, law enforcement could always demand such records from your
service provider, but such an act at the very least has a paper trail.)
[0]: https://www.eff.org/deeplinks/2012/10/stingrays-biggest-unknown-technological-threat-cell-phone-privacy
<!-- more -->

63
post/2012-10-27-gnu-trick-or-treat-fsf-crashes-windows-8-launch.md 100644
View File

@ -0,0 +1,63 @@
# GNU Trick-Or-Treat---FSF Crashes Windows 8 Launch
The FSF decided to [crash the Windows 8 launch even in New York City][0],
complete with [Trisquel][1] DVDs, FSF stickers and information about their
[pledge to upgrade to GNU/Linux instead of Windows 8][2].
I find this to be a fun, excellent alternative to blatant protesting that is
likely to be better received by those who would otherwise be turned off to
negativity. At the very least, the [walking gnu][3] would surely turn heads and
demand curiosity.
[0]: http://www.fsf.org/news/activists-trick-or-treat-for-free-software-at-windows-8-launch-event-1
[1]: http://trisquel.info/
[2]: http://www.defectivebydesign.org/windows8
[3]: http://www.fsf.org/blogs/community/gnus-trick-or-treat-at-windows-8-launch
<!-- more -->
Here is the e-mail that was sent to the info at fsf.org mailing list:
> Happy (almost) Halloween, everybody,
>
> You've probably been noticing Microsoft's ads for their new operating
> system -- after all, they've spent more money on them than any other
> software launch campaign in history. In fact, everything about the
> campaign has been meticulously planned and optimized, so you can
> imagine journalists' surprise when an unexpected guest showed up at an
> invite-only launch event on Thursday.
>
> Our volunteer, Tristan Chambers, was there and caught the whole thing
> on camera! Pictures here:
> <http://www.fsf.org/blogs/community/gnus-trick-or-treat-at-windows-8-launch>.
>
> Reporters and security guards at the event weren't sure how to react
> when they were greeted by a real, live gnu. The gnu -- which, on
> closer inspection, was an activist in a gnu suit -- had come for some
> early trick-or-treating. But instead of candy, she had free software
> for the eager journalists. The gnu and the FSF campaigns team handed
> out dozens of copies of Trisquel, a fully free GNU/Linux distribution,
> along with press releases and stickers. Once they got over their
> confusion, the reporters were happy to see us and hear our message --
> that Windows 8 is a downgrade, not an upgrade, because it steals
> users' freedom, security and privacy.
>
> Free software operating systems are the real upgrade, and they don't
> need a zillion-dollar launch event to prove it. To show Microsoft that
> their ads won't change our minds, we're starting an upgrade pledge:
> switch to a free OS, or if you're already using one, help a friend
> switch. We can pay Microsoft a chunk of change for their new,
> proprietary OS, or we can stand up for our freedom. The choice isn't
> as hard as Microsoft wants you to think.
>
> Sign the pledge now! -- <http://www.fsf.org/windows8/pledge>.
>
> Thanks for making a commitment to free software.
>
> PS - If you'd like more details about the action, you can check out
> our press release here:
> <http://www.fsf.org/news/activists-trick-or-treat-for-free-software-at-windows-8-launch-event-1>.
>
> -Zak Rogoff
> Campaigns Manager

30
post/2012-10-30-abolishing-patents.md 100644
View File

@ -0,0 +1,30 @@
# Abolishing Patents
My issue with patents exceeds the [obvious case against software patents][0];
indeed, I have long pondered the problems with patents in other fields. When I
hear the phrase "patent pending" or "patented technology" touted in ads, I
have never thought positive thoughts; instead, I have thought "you are damning
this otherwise excellent work to stagnation". What if someone has an excellent
idea to improve upon that particular product? Well, they'd better be prepared to
jump through some hoops or shell out some hefty licensing fees. Or maybe it's
just easier to abandon the idea entirely and forget that it had never happened.
[0]: http://patentabsurdity.com/
<!-- more -->
However, I thought, it's not a simple case of ridding the world of patents.
How would that affect the incentive to innovate? How would people recoup
expensive R&D costs, especially in industries like pharmacy (both my parents are
pharmacists)? What about the incentive to describe your invention to the world?
Then again, nobody *has* to get a patent for their invention. It may be worth
keeping it secret if nobody can figure it out.
The answers to all of these questions appeared in one place: [The Case Against
Patents][1], which I found referenced in an article regarding the [Swedish Pirate
Party's opinions on patents, trademarks and copyright][2]. While it is still a
draft at the time of this writing, I encourage you to give it a read, as it is
very enlightening.
[1]: http://research.stlouisfed.org/wp/2012/2012-035.pdf
[2]: http://falkvinge.net/2012/10/13/what-the-swedish-pirate-party-wants-with-patents-trademarks-and-copyright/

18
post/2012-10-30-jailbreaking-and-dcmaeff-touts-victory-fsf-warns-of-failure.md 100644
View File

@ -0,0 +1,18 @@
# Jailbreaking and DCMA---EFF Touts Victory, FSF Warns Of Failure
While the [EFF is pleased to announce][0] that the Copyright Office has [renewed
DMCA exceptions upholding jailbreaking rights for cellphones][1], the FSF
cautions that [this right has not been extended to tablets, game consoles or
even PCs with restricted boot][2].
[0]: https://www.eff.org/press/releases/eff-wins-renewal-smartphone-jailbreaking-rights-plus-new-legal-protections-video
[1]: http://www.copyright.gov/fedreg/2012/77fr65260.pdf
[2]: http://www.fsf.org/blogs/licensing/copyright-office-fails-to-protect-users-from-dmca
<!-- more -->
It should be noted that the EFF also successfully gained protection for the use
of short copyrighted clips in remixing,[0] and while this is a positive step
forward in its own, the implications of the first paragraph should not be
ignored.

30
post/2012-10-30-openwirelessorg.md 100644
View File

@ -0,0 +1,30 @@
# OpenWireless.org
The EFF [announces the launch of openwireless.org][0], which encourages users to
[share their network connections][1] to create a global network of freely
available wireless internet access.
This is a noble movement. This reminds me of a point in history when MIT began
password protecting their accounts, which were previously open to anyone.
Stallman, disagreeing with such a practice, [encouraged users to create empty
passwords][2]. Stallman would even give out his account information so that
remote users may log into MIT's systems, all with good intent.
[0]: https://www.eff.org/deeplinks/2012/10/why-we-have-open-wireless-movement
[1]: https://www.openwireless.org/
[2]: http://shop.fsf.org/product/free-as-in-freedom-2/
<!-- more -->
Of course, with malice rampant in today's very different world, Stallman's
actions, although noble, would be both naive and a huge security risk.
Fortunately, [opening your wireless network isn't necessarily one of these
risks][3] and, if done properly, does not equate to opening your private network
to attack.
Consider using [DD-WRT][4] as your router's firmware, if supported by your
device, as it is itself [free software][5].
[3]: https://openwireless.org/myths
[4]: http://dd-wrt.com
[5]: http://www.gnu.org/philosophy/free-sw.html

12
post/2012-10-30-trademark-bullying.md 100644
View File

@ -0,0 +1,12 @@
# "Trademark" Bullying
There's two problems with this post from the EFF describing [The Village Voice
suing Yelp for "Best of" trademark infringement][0]: firstly, there's the
obvious observation that such a trademark should not have been permitted by the
USPTO to begin with. Secondly---why do entities insist on gaming the system in
such a terribly unethical manner? It takes a special breed of people to do such
a thing.
[0]: https://www.eff.org/deeplinks/2012/10/stupid-lawyer-tricks-and-government-officials-who-are-helping-them
<!-- more -->

15
post/2012-10-30-ubuntu-1210-privacy-amazon-ads-and-data-leaks.md 100644
View File

@ -0,0 +1,15 @@
# Ubuntu 12.10 Privacy: Amazon Ads and Data Leaks
The EFF [cautions that Ubuntu 12.10 leaks user information to Amazon by
default][0] rather than requiring the user to opt *into* the system.
Of course, I cannot recommend that you use Ubuntu, as it encourages the
installation of non-free device drivers, readily enables non-free software
repositories and contains non-free components in its kernel.[1] Instead,
consider a [fully free GNU/Linux distribution like Trisquel][2].
[0]: https://www.eff.org/deeplinks/2012/10/privacy-ubuntu-1210-amazon-ads-and-data-leaks
[1]: http://www.fsfla.org/svnwiki/selibre/linux-libre/
[2]: https://trisquel.info
<!-- more -->

8
post/2012-11-03-ban-on-public-rallying-and-demonstrations-in-bahrain.md 100644
View File

@ -0,0 +1,8 @@
# Ban On Public Rallying and Demonstrations in Bahrain
The government of Bahrain found that the best solution to preventing violent
protests was to [ban all public rallying and demonstrations][0].
[0]: https://www.eff.org/deeplinks/2012/11/bahrain-goes-bad-worse
<!-- more -->

8
post/2012-11-03-eff-elaborates-on-dcma-ruling.md 100644
View File

@ -0,0 +1,8 @@
# EFF Elaborates On DCMA Ruling
In addition to my aforementioned links, the EFF has provided [a more detailed
analysis][0] of the decision.
[0]: https://www.eff.org/deeplinks/2012/11/2012-dmca-rulemaking-what-we-got-what-we-didnt-and-how-to-improve
<!-- more -->

9
post/2012-11-05-another-useless-false-sense-of-security-nsa-security-tactic.md 100644
View File

@ -0,0 +1,9 @@
# Another Useless, False-Sense-Of-Security NSA Security Tactic
A police officer [recalls a time he went through airport security][0] and
received a patdown from one of the security agents, which he found to be
absolutely useless.
[0]: http://www.gizmodo.co.uk/2012/10/search-me/
<!-- more -->

22
post/2012-11-05-california-proposition-35-concerns.md 100644
View File

@ -0,0 +1,22 @@
# California Proposition 35 Concerns
The EFF [points out problems with California's Proposition 35][0], which would,
among other things, [require registered sex offenders to "disclose Internet
activities and identities"][1]:
[0]: https://www.eff.org/deeplinks/2012/11/eff-urges-no-vote-california-proposition-35
[1]: http://voterguide.sos.ca.gov/propositions/35/
<!-- more -->
> [...] Proposition 35 would force individuals to provide law enforcement with
> information about online accounts that are wholly unrelated to criminal
> activity such as political discussion groups, book review sites, or blogs.
> In todays online world, users may set up accounts on websites to communicate
> with family members, discuss medical conditions, participate in political
> advocacy, or even listen to Internet radio. An individual on the registered
> sex offender list would be forced to report each of these accounts to law
> enforcement within 24 hours of setting it up or find themselves in jail.
> This will have a powerful chilling effect on free speech rights of tens of
> thousands of Californians.

14
post/2012-11-05-mediagoblin-10k-matching-grant.md 100644
View File

@ -0,0 +1,14 @@
# MediaGoblin $10k Matching Grant
Congratulations to MediaGoblin for not only [meeting the $10k matching grant
from a generous anonymous donor][0], but also for raising $36k to date.
[MediaGoblin][1] is a "free software media publishing platform that anyone can
run"; it is a distributed, free (as in freedom) alternative to services such as
YouTube, Flickr and others, and is part of the [GNU project][2].
[0]: http://mediagoblin.org/news/we-made-10k-matching.html
[1]: http://mediagoblin.org/
[2]: http://gnu.org/
<!-- more -->

11
post/2012-11-06-video-of-2012-voting-machine-altering-votes.md 100644
View File

@ -0,0 +1,11 @@
# Video of 2012 Voting Machine Altering Votes
A Reddit user [posted video of a 2012 voting machine preventing him from
selecting Barak Obama][0]. Malfunction or not, this is the type of thing that
could have possibly been caught if the software were free. Furthermore, from
reading the source code, one would be able to clearly tell whether or not it was
a bug or an intentional "feature".
[0]: http://thenextweb.com/shareables/2012/11/06/reddit-user-captures-video-of-2012-voting-machines-altering-votes/
<!-- more -->

19
post/2012-11-14-olpc-tablet-in-ethiopia.md 100644
View File

@ -0,0 +1,19 @@
# OLPC Tablet in Ethiopia
A story mentions how [Ethiopian kids quickly learned to read and use tablet
PCs][0] provided by the [One Laptop Per Child][1] project. This is not only a
noble feat (as we would expect from OLPC), but also an impressive one,
considering that (as the article mentions) the children did not know how to
read, even in their own language.
[0]: http://dvice.com/archives/2012/10/ethiopian-kids.php
[1]: http://one.laptop.org/
<!-- more -->
Now, while the OLPC does have [its own tablet][2], the article mentions that the
[children were given Motorola Zoom tablets][0]; I would hope that they run free
software to encourage freedom in these developing countries and to encourage the
children to hack and explore their devices in even greater detail.
[2]: http://one.laptop.org/about/xo-3

10
post/2012-11-17-us-copyright-alert-system.md 100644
View File

@ -0,0 +1,10 @@
# U.S. "Copyright Alert System"
[The EFF warns][0] of [the "Copyright Alert System"][1]---a government
endorsed spy system---that will launched shortly to monitor peer-to-peer
networks for so-called "infringing" activity.
[0]: https://www.eff.org/deeplinks/2012/11/us-copyright-surveillance-machine-about-be-switched-on
[1]: http://www.copyrightinformation.org/alerts
<!-- more -->

160
post/2012-11-17-vlcs-move-to-lgpl.md 100644
View File

@ -0,0 +1,160 @@
# VLC's Move to LGPL
Jean-Baptiste Kempf of the VLC project explains that "most of the code of VLC"
has been [relicensed under the LGPL][0], moving *away from* the GPL. Some of the
reasons for the move include "competition, necessity to have more professional
developers around VLC and AppStores".[1] (With the "AppStore" comment,
Jean-Baptiste is likely referring to issues regarding free software in Apple's
App Store, which [the FSF has discussed on their website][2].)
This is unfortunate; using the LGPL in place of the GPL is [not encouraged for
free software projects][3] because, while it ensures the freedom of the project
itself, it does not encourage the development of free software that *uses* the
project---the LGPL allows linking with proprietary software. Let's explore the
aforementioned reasons in a bit more detail.
[0]: http://www.jbkempf.com/blog/post/2012/I-did-it
[1]: http://www.jbkempf.com/blog/post/2012/How-to-properly-relicense-a-large-open-source-project
[2]: http://www.fsf.org/news/blogs/licensing/more-about-the-app-store-gpl-enforcement
[3]: http://www.gnu.org/licenses/why-not-lgpl.html
<!-- more -->
Firstly, let us consider the issue of competition. In one of the [discussions on
Hacker News][4], I pointed out the distinction between "open source" and Free
Software:
[...]
It is important to understand the distinction between "open source" and "free
software". Open source focuses on the benefits of "open" code and development
and how it can create superior software. Free Software focuses on the ethical
issues---while free software developers certainly want contributors, the
emphasis is on the fact that the software respects your freedom and, for that,
it's far superior to any other proprietary alternative; free software users
constantly make sacrifices in functionality and usability, and we're okay with
that.
[http://www.gnu.org/philosophy/open-source-misses-the-point.html][5]
[...]
In this sense, why should competition be considered for software freedom, unless
it is between two free software projects, encouraging innovation in conjunction
*with* freedom? In such a case, one wouldn't change the software license from
the GPL to the LGPL, because the LGPL is less pursuant toward those freedoms.
Therefore, VLC instead adopts the ["open source"][5] development model, as it
cares more for competition.
The next concern was to "have more professional developers around VLC".[1] Is
this to imply that free software hackers cannot be professional developers? I
certainly am. Consider projects like the kernel Linux---many companies have
contributed back to that project, which is licensed under the GPLv2. If the goal
is to have more people contributing to your project, then a license like the GPL
is certainly best, as it puts a legal obligation on the distributor to release
the source code, which the parent project may then incorporate. Now, the LGPL
also forces this (except for linked software); since the only [differences
between the GPL and the LGPL][6] deal with the linking exception, this means
that the author is either (a) mistaken in the concern or (b) wishes for more
*proprietary* development around VLC. Alternatively, the author may be
concerned that the GPL introduces compatibility issues between whatever other
"open source" license developers wish to use when linking VLC code, but
again---that means that VLC is devaluing freedom. Risky business, but this is
the model that BSD follows (permitting proprietary derivatives of the entire
software---not just linking---and receiving contributions back from proprietary
software makers.)
Finally, let us consider the issue of Apple's App Store. This is issue is
certainly of strong concern---Apple's products are very popular and yet they do
not even make an attempt to respect the users' freedoms either with their
software or with any of the software they allow on their "App Store".[2]
However, Jean-Baptiste has made a fatal mistake---we should not be changing our
licenses to suit Apple! In effect, that is giving Apple even more power over
free software by allowing them to exert control not only over their users, but
also over the developers of the users' favorite software! We should instead
express our condolences with those users and suggest instead that they adopt a
device or operating system that respects their freedom, or that they jailbreak
their devices (which is [still legal][7]).
I'll end this commentary with an additional response of mine from the
[aforementioned Hacker News thread][4]:
> The freedoms represent an ethical issue---that software developers have
> unprecedented control over their users. Why should I, as a hacker, be able
> to tell you what you can and cannot do with your device? Furthermore, it
> raises deep privacy issues---what kind of data am I collecting and why
> should I have that data?
>
> I entered the free software movement slowly (I began software development on
> Windows as a young boy and was trained to think that bossing the user around
> was a good thing; I thought it was fun to write DRM system and
> anti-features). I began using GNU/Linux while still rationalizing my use of
> proprietary software through Wine or by dual-booting into Windows. I then
> saw the benefits of the "open source" development model. It wasn't until I
> spent the time researching the reasons behind the free software movement
> that things began to click. I was able to look back on everything I learned
> as a developer for Windows and see that I enjoyed the thought of controlling
> my users. I enjoyed the power I got from programming---programming was
> empowerment, and the only way to squeeze the money out of those unsuspecting
> users was to do it forcefully.
>
> People have fundamentally different philosophies when it comes to
> programming. Do all proprietary software developers do so out of greed? On
> some level, sure---they're not contributing that code so that others may
> benefit from it. But are they doing it for the purpose of controlling their
> users? Not necessarily, but they still are, even if they have the best of
> intentions. Is someone who creates proprietary educational software for
> children in third world companies "evil"? Certainly not. The problem is that
> they're denying them an additional right---the right to modify that
> software, learn from it and use their devices as they please.
>
> Of course, we often see proprietary software used unethically, often times
> for vendor lock-in or greed; corporations are worried that if they lighten
> their grip on their users, that the users may run, or worse, do something
> [il]legal. I don't believe that is the place of software developers. I
> remember, back when I used Windows, I was obsessed with magic/illusion. I
> purchased a ton of videos online teaching me various magic tricks, but the
> videos were laced with DRM (which, at the time, as a Windows developer, I
> applauded). The problem was, that I then upgraded my hardware. My videos no
> longer worked. I contacted them for a new key, and could view them again.
> Then I got a new PC. And now I use GNU/Linux. I can no longer watch those
> videos that I purchased because of this unnecessary, artificial restriction.
> Was I going to distribute those videos? No. Did that prevent others from
> stripping the restrictions and distributing it anyway? Certainly not. I was
> being punished for others' actions and the others weren't any worse off from
> the restrictions, because they understood how to defeat them.
>
> Of course, DRM's only one of the many issues (and DRM cannot exist in free
> software, because the community would simply remove the anti-feature). What
> if I were using some software---let's say Photoshop---and it crashed on me
> in the middle of my work. Crap. Well, if I were using GIMP, I would run gdb
> on the core dump (assuming a segfault) and inspect the problem. I would try
> to repeat it. I could, if I wanted to, get my hands on the source code, fix
> the problem and distribute that fix to others. If I didn't have the time or
> ability, others could fix the problem for me, and we have the right to share
> those changes. We have the right to benefit from those changes. With
> Photoshop, we'd better start waiting. What if I was able to magically come
> up with a fix, perhaps by modifying the machine code? Hold on---I'm not
> allowed to do that! And I'm certainly not allowed to distribute that fix to
> others. And I'm certainly not allowed to give my son a copy for his PC if he
> wanted to do an art project for school.
>
> The FSF provides a great deal of information on their philosophy:
> <http://www.gnu.org/philosophy/>. You could also gain a great deal of
> insight by reading up on the history:
> <http://shop.fsf.org/product/free-as-in-freedom-2/> or by reading RMS'
> essays: <http://shop.fsf.org/product/signed-fsfs/>.
>
> And ultimately, you may find that you do not agree with our
> philosophy---many don't. That's certainly your right, and I respect that.
> What I cannot respect, and will not respect, is when that philosophy is used
> to exert control over others.
>
> (As a final note: many say we control developers through our "viral"
> licenses. But keep in mind that we're trying to protect the users *from*
> developers. This means taking power away from developers. This is
> intentional.)
[4]: http://news.ycombinator.com/item?id=4787965
[5]: http://www.gnu.org/philosophy/open-source-misses-the-point.html
[6]: http://www.gnu.org/licenses/lgpl.html
[7]: https://www.eff.org/press/releases/eff-wins-renewal-smartphone-jailbreaking-rights-plus-new-legal-protections-video

16
post/2012-11-19-copyright-reform-youre-silly.md 100644
View File

@ -0,0 +1,16 @@
# Copyright Reform? You're silly.
Amazingly, the Republican Study Committee (RSC) had [released a report
suggesting copyright reform][0]. Of course, that's a silly thing to do when
you're in bed with organizations like the MPAA and RIAA; [the report was quickly
retracted][1].
It would have been a surprising step forward; maybe there's hope yet, assuming
the GOP can get a handle on itself.
(Disclaimer: I have no party affiliation.)
[0]: http://www.techdirt.com/articles/20121116/16481921080/house-republicans-copyright-law-destroys-markets-its-time-real-reform.shtml
[1]: http://www.techdirt.com/articles/20121117/16492521084/hollywood-lobbyists-have-busy-saturday-convince-gop-to-retract-copyright-reform-brief.shtml
<!-- more -->

58
post/2012-11-19-privacy-in-light-of-the-petraeus-scandal.md 100644
View File

@ -0,0 +1,58 @@
# Privacy In Light of the Petraeus Scandal
I'm not usually one for scandals (in fact, I couldn't care less who government
employees are sleeping with). However, it did bring up deep privacy
concerns---how exactly did the government get a hold of the e-mails?
The [EFF had released an article answering some questions][0] about the scandal,
which is worth a read. In particular, you should take a look at the [EFF's
Surveillance Self-Defense website][1] for an in-depth summary of the laws
surrounding government surveillance and tips on how to protect against it.
[0]: https://www.eff.org/deeplinks/2012/11/when-will-our-email-betray-us-email-privacy-primer-light-petraeus-saga
[1]: https://ssd.eff.org
I'd like to touch upon a couple things. In particular, [the article mentions][0]:
<!-- more -->
> Broadwell apparently accessed the emails from hotels and other locations, not
> her home. So the FBI cross-referenced the IP addresses of these Wi-Fi
> hotspots "against guest lists from other cities and hotels, looking for common
> names."
To stay anonymous in this situation, one should [consider using Tor][2] to mask
his/her IP address. Additionally, remove all cookies (or use your browser's
privacy mode if it will disable storing and sending of cookies for you) and
consider that your User Agent may be used to identify you, especially if
maleware has inserted its own unique identifiers.
Also according to [the EFF article][0]:
> According to reports, Patraeus and Broadwell adopted a technique of drafting
> emails, and reading them in the draft folder rather than sending them.
That didn't work out so well. Consider [encrypting important communications][3]
using GPG/PGP so that (a) the e-mail cannot be deciphered in transit and (b) the
e-mail can only be read by the intended recipient. Of course, you are then at
risk of being asked to divulge your password, so to avoid the situation
entirely, it would be best to delete the e-mails after reading them.
Additionally, if you host your own services, it may be wise to host your own
e-mail (guides for doing this vary between operating system, but consider
looking at software like [Postfix][4] for mail delivery and maybe [Dovecot][5]
for retrieval).
Privacy isn't only for those individuals who are trying to be sneaky or cheat on
their spouses. Feel free joining the EFF in trying to reform the ECPA to respect
our privacy in this modern era; storing a document digitally shouldn't change
its fundamental properties under the law.
I'd also encourage you to read [Schneier's post on this topic][6], which
summarizes points from many articles that I did not cover here.
[2]: https://ssd.eff.org/tech/tor
[3]: https://ssd.eff.org/tech/encryption
[4]: http://www.postfix.org
[5]: http://www.dovecot.org/
[6]: http://www.schneier.com/blog/archives/2012/11/e-mail_security.html

9
post/2012-12-01-tor-exit-node-operator-raided-in-austria.md 100644
View File

@ -0,0 +1,9 @@
# Tor exit node operator raided in Austria
[These things][0] mustn't be allowed to happen; they are an affront to privacy.
Tor exit node operators should not have to fear conviction for activities they
themselves did not perform.
[0]: http://www.lowendtalk.com/discussion/6283/raided-for-running-a-tor-exit-accepting-donations-for-legal-expenses
<!-- more -->

10
post/2012-12-06-warrants-for-e-mails-in-the-united-states.md 100644
View File

@ -0,0 +1,10 @@
# Warrants For E-mails in the United States
The [Senate Judiciary Committee passed an amendment][0] that requires that they
receive a warrant before spying on our e-mails.
This is excellent; let us hope that it becomes law.
[0]: https://www.eff.org/deeplinks/2012/12/deep-dive-updating-electronic-communications-privacy-act
<!-- more -->

53
post/2012-12-22-copyright-assignment-of-free-software-projects.md 100644
View File

@ -0,0 +1,53 @@
# Copyright Assignment Of Free Software Projects
An [e-mail today from Paolo Bonzini][0], a maintainer of GNU sed, has prompted
additional discussion regarding copyright assignment to corporate entities; in
particular, the discussion focuses on copyright assignment to the FSF under the
GNU project.
[0]: http://article.gmane.org/gmane.comp.lang.smalltalk.gnu.general/7873
<!-- more -->
An [article by Michael Kerrisk on LWN.net][1], posted a couple days earlier,
touches on the [same issue brought up by GnuTLS earlier in the month][2]. The
disagreements from the two aforementioned individuals of the GNU-maintained
projects prompt a thoughtful analysis of whether copyright assignment is
appropriate for your own free software project[1]. In contrast, consider the
[developer certificate of origin][3] policy adopted by the Linux project, under
which contributors maintain copyright for their contributions.
There are benefits and downsides to both models---if a project requires
copyright assignment (such as the GNU projects), then enforcement and license
modifications are simplified. As an example, if the Linux project wanted to move
to the GPLv3, they would have to contact each contributor (a similar move was
done recently [by the VLC project][4], except that they moved from the GPL to
the LGPL). However, the Linux project has a much smaller barrier to entry---they
need not [assign copyright of their contributions to the project (such as is the
case with GNU)][5], meaning that individuals may be more likely to contribute.
One of the major benefits touted by the FSF for copyright assignments from
contributors is [copyright enforcement][6]---another complication that would
arise from enforcing the GPL in a project such as Linux. That said, as the LWN
article mentions[2], what if [the FSF cannot find the time to enforce the
copyright on a project violation][7]? Then again, what of the flipside---do you
have the time or money to enforce violations on your own projects were they not
assigned to a corporation like the FSF?
These are interesting discussions and certainly things that should be considered
when determining how to handle both contributions and the copyright for your
entire project. Ultimately, that decision falls on you, the author/maintainer,
and your needs.
(Disclaimer: I am an associate member of the Free Software Foundation. This
article does not reflect any of my personal opinions; whether or not I would
assign copyright to the FSF for any of my projects would be determined based on
the goals and plan of that particular project.)
[1]: http://lwn.net/SubscriberLink/529522/854aed3fb6398b79/
[2]: http://lwn.net/Articles/529558/
[3]: http://elinux.org/Developer_Certificate_Of_Origin
[4]: http://mikegerwitz.com/thoughts/2012/11/VLC-s-Move-to-LGPL.html
[5]: http://git.savannah.gnu.org/cgit/gnulib.git/tree/doc/Copyright/assign.changes.manual#n64
[6]: http://www.gnu.org/licenses/why-assign.html
[7]: http://lwn.net/Articles/529777/

46
post/2012-12-28-congress-approves-fisa-for-another-5-years.md 100644
View File

@ -0,0 +1,46 @@
# Congress Approves FISA For Another 5 Years
At a [vote of 73-23][0], Congress has voted to [extend FISA warentless spying
bill by five more years[1], even shooting down [proposed amendments][2] to the
bill.[3]
[0]: https://www.senate.gov/legislative/LIS/roll_call_lists/roll_call_vote_cfm.cfm?congress=112&session=2&vote=00236
[1]: https://www.eff.org/deeplinks/2012/12/congress-disgracefully-approves-fisa-warrantless-eavesdropping-bill-five-more
[2]: https://www.eff.org/deeplinks/2012/12/why-we-should-all-care-about-senates-vote-fisa-amendments-act-warrantless-domestic
[3]: http://arstechnica.com/tech-policy/2012/12/as-senate-votes-on-warrantless-wiretapping-opponents-offer-fixes/
<!-- more -->
Thank you to those senators that [opposed the bill][0]:
> Akaka (D-HI);
> Baucus (D-MT);
> Begich (D-AK);
> Bingaman (D-NM);
> Brown (D-OH);
> Cantwell (D-WA);
> Coons (D-DE);
> Durbin (D-IL);
> Franken (D-MN);
> Harkin (D-IA);
> Leahy (D-VT);
> Lee (R-UT);
> Menendez (D-NJ);
> Merkley (D-OR);
> Murkowski (R-AK);
> Murray (D-WA);
> Paul (R-KY);
> Sanders (I-VT);
> Schatz (D-HI);
> Tester (D-MT);
> Udall (D-CO);
> Udall (D-NM);
> Wyden (D-OR).
Unfortunately, the two senators from my own state cannot join that list.
The [EFF has sumarized the surveillance issues of 2012][4] recently on their
website.
[4]: https://www.eff.org/deeplinks/2012/12/2012-review-effs-fight-against-secret-surveillance-law

9
post/2013-01-01-happy-new-year.md 100644
View File

@ -0,0 +1,9 @@
# Happy New Year
The greatest excitement in moving into a new year is the prospect of quantified
growth.
Of course, it also means another year to look forward to the health of those you
care for.
<!-- more -->

29
post/2013-01-07-dna-collection.md 100644
View File

@ -0,0 +1,29 @@
# DNA Collection
Consider a recent article from the EFF [regarding "Rapid DNA Analyzers"][0].
The article poses the potetial issues involved, but also consider that any DNA
collected (if not destroyed) would violate not just your privacy, but your
entire blood line. What if DNA from immigrants were collected? Much of that
information is inherited, so generations down the line, your privacy is still
violated.
[0]: https://www.eff.org/deeplinks/2012/12/rapid-dna-analysis
<!-- more -->
I cannot comment intelligently on the matter since I haven't read deeply enough
into the proposed storage/hashing/etc policies, but those polices can be abused
and such data can be leaked. I highly oppose any sort of DNA collection outside
of personal at-home use (when the technology is available with free software)
and use by medical professionals for personal medical reasons so long as the
institution performing the test can provide stringent evidence of its
destruction. But even then, if law enforcement somehow got a hold of the DNA
before it were destroyed, then the problem still exists, so it would be best if
you had your own personal tools to analyze your own DNA and distribute only the
portions that were required (and encryption tools like [GPG][1] could be used
for distribution).
One day, but not now. Let's make those scanners affordable and run free
software.
[1]: http://www.gnupg.org/

15
post/2013-01-07-uspto-wants-to-hear-from-software-community.md 100644
View File

@ -0,0 +1,15 @@
# USPTO Wants To Hear From Software Community
The [USPTO wants to hear from the software community][0]. Interesting, but the
problem is that the "software community" includes more than just those who
find software patents to be an abomination.
I have [mentioned issues with software patents in a previous post][1], but one
resource that may be worth looking at direclty is ["The Case Against
Patents"][2] [pdf].
[0]: http://www.groklaw.net/article.php?story=20130104012214868
[1]: http://mikegerwitz.com/thoughts/2012/10/Abolishing-Patents.html
[2]: http://research.stlouisfed.org/wp/2012/2012-035.pdf
<!-- more -->

41
post/2013-01-14-lulu-says-goodbye-to-drm.md 100644
View File

@ -0,0 +1,41 @@
# LuLu Says Goodbye to DRM
On January 8th, [LuLu announced that they would be dropping DRM][0] for users
who "[download] eBooks directly from Lulu.com to the device of their choice".
This is a wise move (for [those of us who oppose DRM][1]), but unfortunately, as
John Sullivan of the Free Software Foundation noted on the fsf-community-team
mailing list, the [comments on LuLu's website][0] are not all positive:
[0]: http://www.lulu.com/blog/2013/01/drm-update/
[1]: http://defectivebydesign.org/
> This is a positive development, but unfortunately there has been a lot
> of negative reaction in the comments on their announcement.
>
> It'd be great if people could chime in and support them their move away
> from DRM.
<!-- more -->
At first glance, certain authors seem to be concerned that the absense of DRM
will lead to ["more illegal file sharing"][0]:
> [...] Ive got copies of my non-DRM ebooks all over the torrent sites and
> thousands of downloads registered, for which I havent received a cent. As
> soon as you push for them to be taken down, theyre posted up again.
While it is unfortunate that those authors are not receiving compensation for
their hard work, it should be noted that this problem exists even *with*
DRM, so it is not a valid argument toward keeping it.
I applaud this move by LuLu, though I'm disappointed to see [this comment in the
original post][0]:
> Companies like Amazon, Apple and Barnes & Noble integrate a readers
> experience from purchasing to downloading and finally to reading. These
> companies do a fantastic job in this area, and eBooks published through Lulu
> and distributed through these retail sites will continue to have the same
> rights management applied as they do today.
They do not do it well; no DRM is good DRM.

171
post/2013-01-26-re-fsf-wastes-away-another-high-priority-project.md 100644
View File

@ -0,0 +1,171 @@
# Re: FSF Wastes Away Another "High Priority" Project
A couple days ago, my attention was drawn to an article on Phoronix that
[criticized the FSF for its decision to stick with GPLv3 over GPLv2 on
LibreDWG][0] due to the number of projects that make use of it---licensed under
the GPLv2---under [a now incompatible][1] license. This article is very negative
and essentially boils down to this point (the last paragraph):
> Unless the Free Software Foundation becomes more accomodating [sic] of these
> open-source developers -- who should all share a common goal of wanting to
> expand free/open-source software -- LibreDWG is likely another project that
> will ultimately waste away and go without seeing any major adoption due to
> not working with the GPLv2.
It it worth mentioning why this view is misguided (though understandable for
those who adopt the ["open source" philosophy over that of software
freedom][2]).
[0]: http://www.phoronix.com/scan.php?page=news_item&px=MTI4Mjc
[1]: http://www.gnu.org/licenses/gpl-faq.html#WhatDoesCompatMean
[2]: http://www.gnu.org/philosophy/open-source-misses-the-point.html
<!-- more -->
Let me start with [this paragraph from the Phoronix article][0]:
> The Free Software Foundation was contacted about making LibreDWG GPLv2+
> instead (since the FSF is the copyright holder), but the FSF/Richard Stallman
> doesn't the DWG library on the earlier version of their own open-source
> license.
The FSF's founding principle is that of [software freedom][3] (beginning with the
GNU project). Now, consider the reason for the creation of the GPLv3---the GPLv2
[could not sufficiently protect against][4] software patents and newer threats such
as "tivoization". These goals further the FSF's mission of ensuring---in
this case---that free software *remains* free ([a concept that RMS coined
"copyleft"][5]). It would make sense, then, that the FSF (and RMS') position is
that [it is important that we adopt the GPLv3 for our software][6].
From this perspective, it does not make sense to "downgrade" LibreDWG's
license to the GPLv2, which contains various bugs that have since been patched
in GPLv3---it is not pursuant to the FSF's goals. (Of course, not all agree with
the GPLv3; one such notable disagreement (as well as issues
stemming from copyright assignment) leaves the kernel Linux [perpetually licensed
under the GPLv2][7] since it does not contain the ["or later" clause][8]).
That is not to say that the author's concern is not legitimate---a number of
projects are licensed under the GPLv2 and therefore cannot use the newer (and
improved) versions of LibreDWG that are licensed under the GPLv3 (unless they
were to upgrade to the GPLv3, of course). Whether or not upgrading is feasible
(e.g., in the case of the kernel Linux, it is not) is irrelevant---let us
instead focus on the issue of adoption under the assumption that the project is
either unwilling or unable to make use of a library licensed under the GPLv3.
As aforementioned, [the author focuses on the issue of adoption][0]:
> LibreDWG is likely [...to] go without seeing any major adoption due to not
> working with the GPLv2
A focus on adoption is a [focus of "open source", not free software][2], the
latter of which the FSF represents. With a focus on software freedom, the goal
is to create software that respects the [users' four essential freedoms][9]; if
the software is adopted and used, great! However, freedom should never be
sacrificed in order to encourage adoption. One may argue that "downgrading" to
the GPLv2 is not sacrificing freedom because the software is still free (it is
even the GPL)---but it is important to again realize that the GPLv3 is "more
free" than the GPLv2 in the sense that it [*protects* additional freedoms][6];
so, while the GPLv2 isn't necessarily sacrificing users' freedoms directly, it
does have such an indirect effect through means of enforcement.
A reader familiar with GNU may then point out the LGPL---the Lesser General
Public License---under which popular (and very important) [libraries such as
glibc are licensed][10]. In fact, one could extend this argument to any
library---why not have LibreDWG licensed under the LGPL to avoid this problem in
its entirety, while still preserving the users' freedoms for that library in
itself? This understanding requires a brief lesson in history---the rationale
under which the LGPL was born. [To quote the GNU project][11]:
> Using the ordinary GPL is not advantageous for every library. There are
> reasons that can make it better to use the Lesser GPL in certain cases. The
> most common case is when a free library's features are readily available for
> proprietary software through other alternative libraries. In that case, the
> library cannot give free software any particular advantage, so it is better to
> use the Lesser GPL for that library.
It was for this reason that glibc was released under the LGPL---because it was
better to have the users adopt some sort of free software than none at all;
there were other alternatives that existed that users may flock to if they were
forced to liberate their own proprietary software (after all, the C API is also
standardized, so such a feat would be trivial). Now that glibc has since matured
greatly, it could be argued today that it has proved its usefulness and the LGPL
may no longer be necessary, but such a discussion is not necessarily relevant
for this conversation.
What is important is that [the FSF does not recommend the LGPL for most
libraries][11] because that would encourage proprietary software developers to
take advantage of both the hard work of the free software community and the
users of the software. Now, I cannot speak toward the alternatives to
LibreDWG---do there exist proprietary alternatives that are reasonable
alternatives to non-commercial projects? I do not have experience with the
library. However, I hope by this point the FSF's position has been rationalize
(even if you---the reader---do not agree with it).
Of course, this rationalization will still leave a sour taste in the mouth of
those "open source" developers (or perhaps even some free software developers)
that think in terms of what is "lost": these projects---which are themselves
free software and therefore beneficial to our community---cannot take advantage
of *other free software* due to this licensing issue. Since these projects had
already existed when LibreDWG was licensed under the GPLv2, the relicensing to
GPLv3 may seem unfair and, therefore, a "loss". It is difficult to counter
such an argument if the above rationale has not been sufficient; nor will I
argue that the situation is not unfortunate, should the projects be unable to
relicense. However, it must be understood that, to ensure the future of free
software, the FSF must adopt to combat today's threats and so too must other
free software projects.
The Phoronix article mentioned two projects in particular that suffer from
LibreDWG's relicensing: [LibreCAD and FreeCAD][0]. LibreCAD omits the "or later"
clause that was mentioned above, preventing them from easily migrating to the
GPLv2 (which is [against the FSF's recommendation][12]). Unless the project
requires that contributors assign copyright to the project owner, then they
would have to get permission from each contributor (or rewrite the code) in
order to change the license (which is not unheard of; [VLC had done so recently
to migrate from the GPL to the LGPL][13]); this is a significant barrier for any
project with multiple contributors, especially when your project is a derivative
work (of QCad).
The other project mention was FreeCAD, and the author of the article mentions
that the project depends on Coin3D and Open CASCADE, "both of which are
GPLv2", so [the project cannot migrate to GPLv3][0]. A quick look at Coin3D's
website shows that the software is actually licensed under the modified
(3-clause) BSD license, and so [migrating to the GPLv3 is not an issue][15]. Open
CASCADE has its own "public license" that I do not have the time to evaluate
(nor am I lawyer, so I do not wish to give such advice), so I cannot speak to
its compatibility with the GPLv3. That said, I'm unsure if it would be a barrier
toward FreeCAD's adoption of the GPLv3.
Ultimately, the moral of the story is to plan for the *future*---if you use a
project licensed under the GPL, ensure that it has the "or later" clause that
allows it to be licensed under later version of the GPL, since you can be sure
that the FSF and many other free software developers will be quick to adopt the
license. Of course, many may not be comfortable with such a licensing decision:
you effectively are giving the FSF permission to relicense you work by simply
releasing a new version of the GPL. It is your decision whether you are willing
to place this kind of trust in the organization responsible for starting the
free software movement in the first place.
Readers may now assume that I am placing the entire blame and onus on the
implementors of LibreDWG. The onus, perhaps, but not the blame---this truly is
an unfortunate circumstance that takes away from hacking a free software
project. Unfortunately, the projects are stuck in a bad place, but the FSF is
not to blame for standing firm in their ideals. Instead, this can be thought of
as a maintenance issue---rather than a source code refactoring resulting from a
library API change, we instead require a "legal code" refactoring resulting
from a "legal API" change.
[3]: http://www.fsf.org/about/
[4]: http://www.gnu.org/licenses/quick-guide-gplv3.html
[5]: http://www.gnu.org/copyleft/
[6]: http://www.gnu.org/licenses/rms-why-gplv3.html
[7]: http://lwn.net/Articles/200422/
[8]: http://www.gnu.org/licenses/gpl-faq.html#v2v3Compatibility
[9]: http://www.gnu.org/philosophy/free-sw.html
[10]: http://www.gnu.org/licenses/lgpl.html
[11]: http://www.gnu.org/licenses/why-not-lgpl.html
[12]: http://www.gnu.org/licenses/gpl-howto.html
[13]: http://mikegerwitz.com/thoughts/2012/11/VLC-s-Move-to-LGPL.html
[14]: https://bitbucket.org/Coin3D/coin/wiki/Home
[15]: http://www.gnu.org/licenses/license-list.html#ModifiedBSD
[16]: http://www.opencascade.org/getocc/license/

7
post/2013-01-30-phone-unlocking-once-again-illegal.md 100644
View File

@ -0,0 +1,7 @@
# Phone "Unlocking" Once Again Illegal
[Ridiculous.][0] We should own the hardware that we purchase.
[0]: https://www.eff.org/is-it-illegal-to-unlock-a-phone
<!-- more -->

102
post/2013-01-30-re-who-does-skype-let-spy.md 100644
View File

@ -0,0 +1,102 @@
# Re: Who Does Skype Let Spy?
Today, [Bruce Schneier brought attention to privacy concerns surrounding
Skype][0], a very popular ([over 600 million users][1]) VoIP service that has
since been acquired by Microsoft. In particular, [users are concerned over what
entities may be able to gain access to their "private" conversations][1]
through the service---Microsoft has refused to answer those kinds of questions.
While the specific example of Skype is indeed concerning, it raises a more
general issue that I wish to discuss: The role of free software and SaaS
(software as a service).
[0]: http://www.schneier.com/blog/archives/2013/01/who_does_skype.html
[1]: http://www.skypeopenletter.com/
<!-- more -->
To [quote Schneier][0]:
> We have no choice but to trust Microsoft. Microsoft has reasons to be
> trustworthy, but they also have reasons to betray our trust in favor of other
> interests. And all we can do is ask them nicely to tell us first.
Schneier continues to admit, in similar words, that [we are but "vassals" to
these entities and that they are our serfs][2]. His essays regarding the [power of
corporations and governments over their users][3] echo the words of Lawrence
Lessig in his [predictions of a "perfectly regulated" future made possible by
the Internet][4]. While Lessig (despite what his critics have stated in the
past) seems to have been correct in many regards, we need not jump into the
perspective of an Orwellian dystopia where we are but "vassals" to the
Party.[^5] Indeed, this is only the case---at least at present---if you choose to
participate in the use of services such as Skype, as ubiquitous as they may be.
Skype is a useful demonstration of the unfortunate situation that many users
place themselves in by trusting their private data to Microsoft. Skype itself is
proprietary---we cannot inspect its source code (easily) in order to ensure that
it is respecting our privacy. (Indeed, as a user on [the HackerNews
discussion][6] pointed out, [Skype has installed undesirable software in the
past][7].) If Skype were [free software][8], we would be able to inspect its
source code and modify it to suit our needs, ensuring that the software did only
what we wanted it to do---ensuring that Microsoft was not in control of us.
However, even if Skype were free software, there is another issue at work that
is often overlooked by users: Software as a Service (SaaS). When you make use of
services that are hosted on remote servers (often called "cloud"
services)---such as with Skype, Facebook, Twitter, Flickr, Instagram, iTunes,
iCloud and many other popular services---you are blindly entrusting your data to
them. Even if the Skype software were free (as in freedom), for example, [we
still cannot know what their servers are doing with the data we provide to
them][9]. Even if Skype's source code was plainly visible, the servers act as a
black box. Do they monitor your calls? [Does Facebook abuse your data?][10] How is
that data stored---[what happens][1] in the event of a data breach, or in the event
of a warrant/subpoena?
The only way to be safe from these providers is to [reject these services
entirely and use your own software on your own PC][9], or use software that will
connect directly to your intended recipient without going through a 3rd
party. (Never mind your ISP; that is a separate issue entirely.) If you must
use a 3rd party service, ensure that you can adequately encrypt your
communications (e.g. using GPG to encrypt e-mail communications)---something
that may not necessarily be easy/possible to do, especially if the software is
proprietary and works against you.
The EFF has published [useful information on protecting yourself against
surveillance][11], covering topics such as encryption and anonymization.
If we are to resist the worlds that [Lessig][4] and [Schneier][3] describe, then we
must [stand up for our right to privacy and demand action][12]. [Who will have
your back][13] when we're on the brink of ["perfect regulation"][4]; who will
stand up for your rights and work *with* you---not against you---to preserve
your liberties? Without this push, services like Skype empower governments and
other entities to work toward perfect regulation---to continuously spy on
everything that we do. With everyone putting their every thought and movement on
services like Facebook, [Twitter][14] and Skype, the Orwellian Thought Police have
the ability to manifest in a form that not even Orwell could have
imagined---unless it is stopped.
To help [preserve your ever-dwindling rights online][15], consider becoming a
member of or participating in the campaigns of the [Free Software
Foundation][16], [Electronic Frontier Foundation][17], the [American Civil
Liberties Union][18] or any other organizations dedicated toward free society.
(Disclaimer: I am a member of the Free Software Foundation.)
[2]: http://www.schneier.com/essay-406.html
[3]: http://www.schneier.com/essay-409.html
[4]: http://codev2.cc/
[6]: http://news.ycombinator.com/item?id=5139801
[7]: http://blogs.skype.com/garage/2011/05/easybits_update_disabled_for_s.html
[8]: http://www.gnu.org/philosophy/free-sw.html
[9]: http://www.gnu.org/philosophy/who-does-that-server-really-serve.html
[10]: https://www.eff.org/deeplinks/2013/01/facebook-graph-search-privacy-control-you-still-dont-have
[11]: https://ssd.eff.org
[12]: https://www.eff.org/deeplinks/2013/01/its-time-transparency-reports-become-new-normal
[13]: https://www.eff.org/pages/when-government-comes-knocking-who-has-your-back
[14]: https://www.eff.org/deeplinks/2013/01/google-twitters-new-transparency-report-shows-increase-government-demands-sheds
[15]: https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=8750
[16]: http://www.fsf.org/register_form?referrer=5804
[17]: https://supporters.eff.org/donate
[18]: https://www.aclu.org/donate/join-renew-give
[^5]: Orwell, George. Nineteen Eighty-Four. ISBN 978-0-452-28423-4.

8
post/2013-02-26-what-is-cispa-and-why-is-it-dangerous.md 100644
View File

@ -0,0 +1,8 @@
# What is CISPA and Why is it Dangerous?
The EFF has put together an excellent [FAQ on CISPA][0], the "cybersecurity"
bill that was reintroduced to congress earlier this month.
[0]: https://www.eff.org/deeplinks/2013/02/cispas-back-faq-what-it-and-why-its-still-dangerous
<!-- more -->

15
post/2013-03-01-dmr-very-early-c-compilers-and-language.md 100644
View File

@ -0,0 +1,15 @@
# DMR: "Very early C compilers and language"
An interesting article by Dennis Ritchie discussing [early C compilers][0]
recovered from old DECtapes. The source code and history are fascinating reads.
The quality of the code (the "kludgery"[1], as he puts it) to me just brings
smiles---I appreciate seeing the code in its original glory.
It is also saddening reading the words of such a great man who is no longer with
us; perhaps it helps to better appreciate his legacy.
[0]: http://cm.bell-labs.com/cm/cs/who/dmr/primevalC.html
[1]: http://www.catb.org/~esr/jargon/html/K/kludge.html
<!-- more -->

8
post/2013-03-01-libreated-pixel-cup-winners-announced.md 100644
View File

@ -0,0 +1,8 @@
# Libreated Pixel Cup Winners Announced
[Congratulations][0] to the [winners of the Liberated Pixel Cup][1].
[0]: http://www.fsf.org/news/winners-announced-for-free-software-gamings-highest-honor-the-liberated-pixel-cup
[1]: http://lpc.opengameart.org/content/code-judging-is-in
<!-- more -->

35
post/2013-03-06-google-says-the-fbi-is-secretly-spying-on-some-of-its-customers.md 100644
View File

@ -0,0 +1,35 @@
# Google Says the FBI Is Secretly Spying on Some of Its Customers
A Wired article mentions [figures released from Google][0] regarding National
Security Letters issued by the NSA under the Patriot Act. It is too early to
comment in much detail on this matter (I would like to wait for commentary from
the EFF), but, as the article mentions:
[0]: http://www.wired.com/threatlevel/2013/03/google-nsl-range/?cid=co6199824
> Google said the number of accounts connected to National Security letters
> ranged between “1000-1999″ for each of the reported years other than 2010. In
> that year, the range was “2000-2999.”
<!-- more -->
The [EFF provides additional information, including recommendations on what to
do about such requests][1] via their Surveillance Self-Defense website. As
quoted from that website:
> And it's even worse for FISA subpoenas, which can be used to force anyone to
> hand over anything in complete secrecy, and which were greatly strengthened
> by Section 215 of the USA PATRIOT Act. The government doesn't have to show
> probable cause that the target is a foreign power or agent — only that they
> are seeking the requested records "for" an intelligence or terrorism
> investigation. Once the government makes this assertion, the court must
> issue the subpoena.
To add insult to injury:
> FISA orders and National Security Letters will also come with a gag order that
> forbids you from discussing them. Do NOT violate the gag order. Only speak to
> members of your organization whose participation is necessary to comply with
> the order, and your lawyer.
[1]: https://ssd.eff.org/foreign/fisa

41
post/2013-03-09-adding-1-and-1-in-php.md 100644
View File

@ -0,0 +1,41 @@
# Adding 1 and 1 in PHP
An amusing demonstration; it is my hope that [readers will not take this PHP
library seriously][0]. This is likely a parody of the over-engineering that
often takes foot in Object-Oriented development (a game of "how many GoF[^4]
design patterns can we use in this project" anyone?).
[0]: https://github.com/Herzult/SimplePHPEasyPlus
<!-- more -->
That is not to say that "OOP is bad" (just as object-oriented developers often
consider procedural code bad, when they may just be terrible at writing
procedural code). Indeed, I wrote [an ECMAScript framework for Classical OOP
(ease.js)][1]. The problem is that, with the excitement and misunderstandings
that surround "good" object-oriented design, designers are eager to
over-abstract their implementations (I have been guilty of the same thing).
Object oriented programming is often taught to novice CS students (often with
the reign of Java in schools)---teaching practices that can be good principles
when properly applied and in moderation---which [I have also seen contribute to
such madness][2].
Abstractions are highly important, but only when necessary and when they lead to
more concise representations of the problem than would otherwise occur (note
that some problems are inherently complicated and, as such, a concise
representation may not seen concise). I'm a strong advocate of DSLs when
abstractions begin to get in the way and increase the verbosity of the code
(languages with strong macro systems like lisp help eliminate the need for
DSLs written from scratch)---design patterns exist because of deficiencies in
the language: They are "patterns" of code commonly used to achieve a certain
effect.
[Criticisms against OOP are abundant][3], just as every other paradigm.
[1]: http://easejs.org
[2]: http://c2.com/cgi/wiki?TextbookOo
[3]: http://c2.com/cgi/wiki?ArgumentsAgainstOop
[^4]: Design Patterns: Elements of Reusable Object-Oriented Software. ISBN
0-201-63361-2. Gamma, Helm, Johnson and Vlissides (the "Gang of Four").

50
post/2013-03-09-oxford-university-blocks-google-docs.md 100644
View File

@ -0,0 +1,50 @@
# Oxford University Blocks Google Docs
Oxford University decided to [block Google Docs][0] last month due to phishing
attacks against its users. To quote the blog post:
[0]: http://blogs.oucs.ox.ac.uk/oxcert/2013/02/18/google-blocks/
> Almost all the recent attacks have used Google Docs URLs, and in some cases
> the phishing emails have been sent from an already-compromised University
> account to large numbers of other Oxford users. Seeing multiple such incidents
> the other afternoon tipped things over the edge. We considered these to be
> exceptional circumstances and felt that the impact on legitimate University
> business by temporarily suspending access to Google Docs was outweighed by the
> risks to University business by not taking such action.
<!-- more -->
This incident was brought to my attention by [a blog post by Schneier][1], in
which he referenced his [essay on "feudal security"][2] (I commented in more
detail on this essay in [my response to a previous blog post of
his][3].[^blog]) In this case, Oxford is trusting that it knows better than its
users and has the right to exercise this power over them in light of their
inexperience with handling these situations (or even recognizing them).
This may very well be the case---the Oxford IT department probably does have a
better understanding of security than many of their users. However, by blocking
access to Google Docs, they are also blocking access to millions of legitimate
articles hosted there, which is far from acceptable. Oxford is more than just a
workplace---for which many would argue these actions are acceptable; it is a
university that should encourage freedom of expression. They simply must find a
better way of dealing with these problems. If a user falls victim to a phishing
attack within Oxford, they will likely fall victim outside of it.
Would Oxford consider blocking e-mail access too (where phishing attacks are
very cheap and common)?
> We appreciate and apologise for the disruption this caused for our users.
> Nevertheless, we must always think in terms of the overall risk to the
> University as a whole, and we certainly cannot rule out taking such action
> again in future [...]
N.B.: Google Docs is proprietary and I cannot recommend its use any more than I
can recommend use of Microsoft Office.
[1]: https://www.schneier.com/blog/archives/2013/03/oxford_universi.html
[2]: https://www.schneier.com/essay-406.html
[3]: /2013/01/re-who-does-skype-let-spy
[^blog]: (I posted a link to my response on his blog, but he did not approve the comment.)

40
post/2013-03-09-white-house-supports-cell-phone-unlocking.md 100644
View File

@ -0,0 +1,40 @@
# White House Supports Cell Phone Unlocking
Earlier this week, the starter of the [White House petition to "Make Unlocking
Cell Phones Legal"][0] posted a [thread on Hacker News][1] stating that the
White House had officially responded, stating:
> The White House agrees with the 114,000+ of you who believe that consumers
> should be able to unlock their cell phones without risking criminal or other
> penalties. In fact, we believe the same principle should also apply to
> tablets, which are increasingly similar to smart phones. And if you have paid
> for your mobile device, and aren't bound by a service agreement or other
> obligation, you should be able to use it on another network. It's common
> sense, crucial for protecting consumer choice, and important for ensuring we
> continue to have the vibrant, competitive wireless market that delivers
> innovative products and solid service to meet consumers' needs.
<!-- more -->
The petition---as stated in the above response---garnered over 114,000
signatures. The response is exciting news because the Library of Congress had
[removed the phone unlocking exemption][2] at the beginning of this year. (As
the EFF points out, [this may not necessarily mean that unlocking your phone is
"illegal"][3]).
However, although this response is getting a lot of attention (I was surprised
to see my local news station report on it), this is not yet cause for
celebration; it is my hope that the White House will now follow through with
this statement and act upon it appropriately.
(The [EFF has also posted their own comments on the White House's response][4].)
This is just one issue in [a string of problems that is the DMCA][5].
[0]: https://petitions.whitehouse.gov/petition/make-unlocking-cell-phones-legal/1g9KhZG7
[1]: https://news.ycombinator.com/item?id=5319577
[2]: /2013/01/phone-unlocking-once-again-illegal
[3]: https://www.eff.org/is-it-illegal-to-unlock-a-phone
[4]: https://www.eff.org/deeplinks/2013/03/white-house-supports-unlocking-phones-real-problem-runs-deeper
[5]: https://www.eff.org/wp/unintended-consequences-under-dmca

33
post/2013-03-15-federal-judge-rules-nsls-national-security-letters-unconstitutional.md 100644
View File

@ -0,0 +1,33 @@
# Federal Judge Rules NSLs (National Security Letters) Unconstitutional
This news is huge and an incredible win for both the EFF and all U.S. citizens.
Today, [United States District Judge Susan Illston found the National Security
Letters' gag provisions unconstitutional][0] and---since the review procedures
violate the separation of powers and cannot be separated from the rest of the
statute---has consequently [ruled the NSLs themselves to be
unconstitutional][1]:
[0]: http://www.wired.com/threatlevel/2013/03/nsl-found-unconstitutional/
[1]: https://www.eff.org/press/releases/national-security-letters-are-unconstitutional-federal-judge-rules
> In today's ruling, the court held that the gag order provisions of the statute
> violate the First Amendment and that the review procedures violate separation
> of powers. Because those provisions were not separable from the rest of the
> statute, the court declared the entire statute unconstitutional
<!-- more -->
This is an exciting decision; let's see where it takes us.
> U.S. District Judge Susan Illston ordered the government to stop issuing
> so-called NSLs across the board, in a stunning defeat for the Obama
> administrations surveillance practices. She also ordered the government to
> cease enforcing the gag provision in any other cases. However, she stayed her
> order for 90 days to give the government a chance to appeal to the Ninth
> Circuit Court of Appeals.[[0]]
[The issues surrounding NSLs][2] were highlighted just last week when [Google
released numbers relating to the orders that it received][3].
[2]: https://www.eff.org/issues/national-security-letters
[3]: /2013/03/google-says-the-fbi-is-secretly-spying-on-some-of-its-customers

109
post/2013-03-15-html5-drm.md 100644
View File

@ -0,0 +1,109 @@
# HTML5 DRM
Two acronyms that, until very recently, would seem entirely incompatible---HTML,
which is associated with an unencumbered, free (as in freedom) representation of
a document, and [DRM][0], which [exists for the sole purpose of restricting
freedom][1].[^bias] Unfortunately, Tim Berners-Lee---the man attributed to
["inventing" the Internet][18]---mentioned in a [keynote talk at SXSW][15] that [he is
not opposed to introducing DRM into the HTML5 standard][4]:
[^bias]: (Disclaimer: I am an associate member of the [Free Software
Foundation][2] and, as such, this reference is intentionally bias; feel free
to see the [Wikipedia article on DRM][3] for more general information.)
> [Tim Berners-Lee] did not, however, present himself as an opponent of digital
> locks. During a post-talk Q&A, he defended proposals to add support for
> "digital rights management" usage restrictions to HTML5 as necessary to get
> more content on the open Web: "If we don't put the hooks for the use of DRM
> in, people will just go back to using Flash," he claimed.
<!-- more -->
Many who oppose DRM refer to it as ["digital restrictions management"][0]---a
phrase that better describes how it affects the user. The "rights" that
"digital rights management" describes are the "rights" (in terms of
copyright) of publishers and copyright holders: They wish to lock down their
content so that [you, the user, can only access it as *they* please][5]. Has
["your" device][25] ever told you that [you cannot share a book with your
friends][6][17][24]? Has your device ever [deleted your content without your
permission][7][8]? Does your device grant you [less privileges if you decide to
liberate yourself from it][9] through "jailbreaking"?[^jb] Does the software you
run [potentially spy on you without telling you][11], without giving you the
option to correct it? Or perhaps the games you play [require you to be online,
even in single-player mode][12].
[^jb]: I go into more detail on jailbreaking and its current legality as of
the time of writing [in a previous article of mine][10].
These are but a small handful of [examples of the many mistakes and injustices
of Digital Restrictions Management][5]. These restrictions take additional
effort---that is, development time, which also means more money---to build into
software; computers, by their very nature, do exactly as they are told, meaning
that they can only work against you if someone else tells it to (unless you tell
your computer to make your life miserable...if you're into that sort of thing).
As such, we refer to these restrictions as ["anti-features"][23].
> Corporations claim that DRM is necessary to fight copyright infringement
> online and keep consumers safe from viruses. But there's no evidence that DRM
> helps fight either of those. Instead DRM helps big business stifle innovation
> and competition by making it easy to quash "unauthorized" uses of media and
> technology.
It is this logic that [corporations][13] (and even some individuals, such as
[authors][14]) use to influence entities such as the W3C---and Tim
Berners-Lee---into [thinking that DRM is necessary][15]. The [W3C describes a
"trust infastructure"][16] that could be standardized for bringing DRM to the
web:
> It is clear that user domains (eg eBook trading, sub-rights trading, streaming
> music, etc.) each require sets of Rights Primitives that those domains wish do
> useful things with.
This is an unfortunate perspective, especially since those "useful things" are
exactly the opposite for users. The Internet strongly promotes the free,
(generally) unencumbered flow of information. To [quote W3C][19]:
> The social value of the Web is that it enables human communication, commerce,
> and opportunities to share knowledge. One of W3C's primary goals is to make
> these benefits available to all people, whatever their hardware, software,
> network infrastructure, native language, culture, geographical location, or
> physical or mental ability.
A DRM implementation flies in the face of those goals, as it is, by definition,
restrictive---how can we be encouraged to share by using systems that aim to
[prevent that very thing][0]?
Richard Stallman has already announced that the [FSF will "campaign against W3C
support for DRM"][20]; let's hope that many others will join in on this
campaign, hope that organizations like the EFF will continue to fight for our
rights, and further hope that users will [reject DRM-laden products][22]
outright. [DRM cannot exist in free software][25] and it cannot exist on a
network that facilitates free information.
[0]: http://www.defectivebydesign.org/what_is_drm
[1]: http://www.defectivebydesign.org/
[2]: http://fsf.org
[3]: https://en.wikipedia.org/wiki/Digital_rights_management
[4]: http://boingboing.net/2013/03/10/tim-berners-lee-the-web-needs.html
[5]: https://www.eff.org/issues/drm
[6]: http://www.amazon.com/gp/help/customer/display.html?nodeId=200549320
[7]: http://www.defectivebydesign.org/blog/1248
[8]: http://boingboing.net/2012/10/22/kindle-user-claims-amazon-dele.html
[9]: http://arstechnica.com/apple/2011/02/ibooks-to-jailbreakers-no-yuo/
[10]: /2013/03/white-house-supports-cell-phone-unlocking
[11]: /2013/01/re-who-does-skype-let-spy
[12]: https://www.eff.org/deeplinks/2013/03/tale-simcity-users-struggle-against-onerous-drm
[13]: http://venturebeat.com/2012/10/12/together-html5-and-drm-can-take-out-native-apps/
[14]: /2013/01/lulu-says-goodbye-to-drm
[15]: http://www.guardian.co.uk/technology/blog/2013/mar/12/tim-berners-lee-drm-cory-doctorow
[16]: http://www.w3.org/2000/12/drm-ws/
[17]: https://www.fsf.org/bulletin/e-books-must-increase-our-freedom-not-decrease-it
[18]: http://www.w3.org/People/Berners-Lee/
[19]: http://www.w3.org/Consortium/mission#principles
[20]: http://lists.libreplanet.org/archive/html/libreplanet-discuss/2013-03/msg00007.html
[21]: https://www.eff.org/deeplinks/2012/11/2012-dmca-rulemaking-what-we-got-what-we-didnt-and-how-to-improve
[22]: http://www.defectivebydesign.org/guide
[23]: https://www.fsf.org/bulletin/2007/fall/antifeatures/
[24]: https://www.gnu.org/philosophy/right-to-read.html
[25]: https://www.gnu.org/philosophy/can-you-trust.html

22
post/2013-03-23-congratulations-to-the-2012-free-software-award-winners.md 100644
View File

@ -0,0 +1,22 @@
# Congratulations to the 2012 Free Software Award Winners
Each year, the [Free Software Foundation][0] presents awards to individuals who
have made a [strong contribution to free software][1]:
[0]: http://fsf.org
> The Award for the Advancement of Free Software is given annually to an
> individual who has made a great contribution to the progress and development
> of free software, through activities that accord with the spirit of free
> software.
[1]: https://www.fsf.org/news/2012-free-software-award-winners-announced-2
<!-- more -->
This year, announced at the LibrePlanet 2013 conference, [the winner was Dr.
Fernando Perez][1]---creator of IPython. The winner of the Award for Projects of
Social Benefit was [OpenMRS][2], which is a free (as in freedom) medical records
system for developing countries.
[2]: http://openmrs.org/

46
post/2013-03-23-defective-by-design-campaign-against-w3c-drm-standard.md 100644
View File

@ -0,0 +1,46 @@
# Defective By Design Campaign Against W3C DRM Standard
[As I had mentioned late last week][0], RMS had mentioned that Defective By
Design (DBD) would be campaigning against the [introduction of DRM into the W3C
HTML5 standards][1]. (Please see [my previous mention of this topic][0] for a
detailed explanation of the problem and a slew of references for additional
information.) Well, [this campaign is now live and looking for
signatures][2]---50,000 by May 3rd, which is the [International Day Against
DRM][3]:
> Hollywood is at it again. Its latest ploy to take over the Web? Use its
> influence at the World Wide Web Consortium (W3C) to weave [Digital
> Restrictions Management (DRM)][4] into HTML5 -- in other words, into the very
> fabric of the Web.
>
> [...]
>
> Help us reach 50,000 signers by May 3rd, 2013, the [International Day Against
> DRM][3]. We will deliver the signatures to the W3C (they are right down the
> street from us!) and [make your voice heard[[1].
[0]: /2013/03/html5-drm
[1]: https://www.eff.org/deeplinks/2013/03/defend-open-web-keep-drm-out-w3c-standards
[2]: http://www.defectivebydesign.org/no-drm-in-html5
[3]: http://www.defectivebydesign.org/dayagainstdrm
[4]: http://www.defectivebydesign.org/what_is_drm
<!-- more -->
To summarize the issue as [stated by the EFF][5]:
> W3C is there to create comprehensible, publicly-implementable standards that
> will guarantee interoperability, not to facilitate an explosion of new
> mutually-incompatible software and of sites and services that can only be
> accessed by particular devices or applications. But EME is a proposal to bring
> exactly that dysfunctional dynamic into HTML5, even risking a return to the
> ["bad old days, before the Web"][5] of deliberately limited
> interoperability.
>
> it would be a terrible mistake for the Web community to leave the door open
> for Hollywood's gangrenous anti-technology culture to infect W3C standards.
So please---[sign the petition now][2]!
[5]: http://www.anybrowser.org/campaign/index.html

20
post/2013-04-20-us-house-passes-cispa.md 100644
View File

@ -0,0 +1,20 @@
# U.S. House Passes CISPA
Two days ago---on the 18th--[the U.S. House of Representatives decided to pass
CISPA 288-127][0].
> The legislation passed 288-127, despite a veto threat from Pres. Barack Obama,
> who expressed serious concerns about the danger CISPA poses to civil
> liberties.
[0]: https://www.eff.org/deeplinks/2013/04/us-house-representatives-shamefully-passes-cispa-internet-freedom-advocates
<!-- more -->
As the bill moves into the senate, [civil liberties groups will continue to
oppose it][1]; I personally hope that you will do the same.
Move [information on CISPA][2] is available on the EFF's website.
[1]: https://www.eff.org/deeplinks/2012/04/voices-against-cispa
[2]: https://www.eff.org/cybersecurity-bill-faq

14
post/2013-06-06-improved-website.md 100644
View File

@ -0,0 +1,14 @@
# Improved Website
The old WordPress website has been replaced entirely by the "thoughts" site
(which was previously located at /thoughts). This website is generated from its
git repository---available on the Projects page---which is freely licensed.
There is some content that existed on the old site that is still useful; should
that content be transferred to this site, a redirect will be set up (assuming
that it hadn't already been lost to the search engines).
Since all this content is static, there is no discussion system. I am still
debating whether or not I will add this in the future. Until that time, feel
free to contact me via e-mail.
<!-- more -->

631
post/2013-06-10-national-uproar-a-comprehensive-overview-of-the-nsa-leaks-and-revelations.md 100644
View File

@ -0,0 +1,631 @@
# National Uproar: A Comprehensive Overview of the NSA Leaks and Revelations
I am finding it difficult to keep up with the flood of reports in my little free
time, while still finding the time to brush up on relevant history. My hope is
to provide a summary of recent events and additional background---along with a
plethora of references---that will allow the reader to perform further research
and to formulate educated, personal opinions on the topics. If you do not care
for my commentary, simply scroll to the list of references at the bottom of this
article.
Many [individuals and organizations][0] have long warned of [digital privacy
issues][1], but there has been one agency in particular that has been the
subject of much scrutiny---the [National Security Agency (NSA)][2], which is a
[United States government agency][3] that has a [long history of controversial
spying tactics][4] on its country's own citizens. It is a chilling topic---one
that can easily make any person sound like they've latched onto an Orwellian
conspiracy.
[0]: /2013/01/re-who-does-skype-let-spy
[1]: https://www.schneier.com/essay-418.html "The Internet Is a Surveillance State"
[2]: https://www.eff.org/nsa-spying "The EFF on NSA Spying"
[3]: https://www.eff.org/agency/national-security-agency "The National Security Agency"
[4]: https://www.eff.org/nsa-spying/timeline "Timeline of NSA Spying"
<!-- more -->
**Wednesday, June 5th, 2013**---[the Guardian newspaper publishes a leaked
document][5][6][7] ordering Verizon to
> [...] produce to the National Security Agency (NSA) upon service of this
> Order, and continue production on an ongoing daily basis thereafter for the
> duration of this Order, [...] an *electronic copy of* the following tangible
> things: *all call detail records or "telephony metadata"* created by Verizon
> for communications (i) between the United States and abroad; or (ii) wholly
> within the United States, *including local telephone calls*.[[6]] [emphasis
> added]
The order goes on to describe "telephony metadata" to include routing
information, source and destination telephone numbers, IMSI and IMEI numbers,
and time and duration of the call; it "does not include the substantive content
of any communication"---the communication content itself.[[6]] This order was
[issued by the Foreign Intelligence Surveillance Court (FISC)][8] under [section 215
of the Patriot Act][9]. (This news comes [less than three months after United
States District Judge Susal Illston ruled NSA Letters' gag provisions
unconstitutional][10].)
This report caused a massive uproar, but [came as no surprise][11] to many
security researchers and privacy advocates. Early last year, Wired released an
article stating that [the NSA "Is Building the Country's Biggest Spy
Center"][14]. Privacy concerns were raised in November of last year by [the
Petraeus scandal][14]. In March of this year, Google released figures showing
that [the NSA is secretly spying on some of its customers][15]. Two months later,
[outrage][17] after the Associated Press discovers that [the Justice Department
collected the calling records of many of its reporters and editors][18].
Additionally, [the EFF already had cases against the NSA's actions][2]---[Jewel
v. NSA][12] and [Hepting v. AT&T][13] both focus on unconstitutional dragnet
surveillance of innocent citizens' data and communications. These cases will be
explored in further detail throughout this article.
But the chaos didn't end there.
**Thursday, June 6th, 2013**---just one day after the Guardian reported on the
leaked Verizon order, the newspaper reports on [a leaked slideshow describing
PRISM][19], a top-secret program that "claims direct access to servers of firms
including Google, Apple and Facebook. According to the leaked document, the NSA
supposedly has the ability to collect material including e-mail, chat, video and
voice communications, photos, stored data and more.[[19]]. Responses from most
companies was immediate. In a [blog post entitled "What that...?"][20], Larry
Page---Google's CEO---put very plainly that Google does not participate in such
a program and denied any knowledge of PRISM:
> First, we have not joined any program that would give the U.S. government—or
> any other government—direct access to our servers. Indeed, the U.S. government
> does not have direct access or a "back door" to the information stored in
> our data centers. We had not heard of a program called PRISM until yesterday.
> Second, we provide user data to governments only in accordance with the
> law.[[20]] --Larry Page, Google CEO
[Mark Zuckerberg of Facebook also denied involvement][21], calling such claims
"outrageous" and encouraging governments to be "much more transparent about
all programs aimed at keep the public safe":
> I want to respond personally to the outrageous press reports about PRISM:
> Facebook is not and has never been part of any program to give the US or any
> other government direct access to our servers. We have never received a
> blanket request or court order from any government agency asking for
> information or metadata in bulk, like the one Verizon reportedly received. And
> if we did, we would fight it aggressively. We hadn't even heard of PRISM
> before yesterday. [...] We strongly encourage all governments to be much more
> transparent about all programs aimed at keeping the public safe. It's the only
> way to protect everyone's civil liberties and create the safe and free society
> we all want over the long term.[[21]] --Mark Zuckerberg, Facebook CEO
Indeed, [all companies eventually denied involvement with PRISM][22].
**Friday, June 7th, 2013**---Two days after the [initial Verizon report][5] and one day
after the publishing of [portions of the PRISM documents][19], the White House
responded to the Guardian reports with President Obama [defending his
administration][16]. Unfortunately, given the [history of the NSA surveillance
programs][4]---especially since the Bush administration after the 9/11
attacks---it may be difficult to believe that his words are the whole truth. As
such, we will use [portions of his transcript][16] to guide the remainder of this
discussion.
> **Jackie Calmes:** Mr. President, could you please react to the reports of
> secret government surveillance of phones and Internet? And can you also assure
> Americans that the government — your government doesnt have some massive
> secret database of all their personal online information and activity?
>
> **Obama:** [...] Now, the programs that have been discussed over the last
> couple days in the press are secret in the sense that theyre classified, but
> theyre not secret in the sense that when it comes to telephone calls, every
> member of Congress has been briefed on this program.
>
> With respect to all these programs, the relevant intelligence committees are
> fully briefed on these programs. These are programs that have been authorized
> by broad, bipartisan majorities repeatedly since 2006. And so I think at the
> outset, it's important to understand that your duly elected representatives
> have been consistently informed on exactly what were doing.[[16]]
There are some important notes regarding the phrasing of the President's
statement. Firstly, it is important to note that the President is *confirming the
existence of* the programs that "have been discussed over the last couple days
in the press"---that is, the [Verizon FISA Court order][5] and the [PRISM][19]
leak. However, it is also important to take a step back and note that the
President did *not* state outright that the reports tell the whole---or even the
correct---story. So what do we know?
On June 6th---a day before the White House responded to the leaks---the Director
of National Intelligence James Clapper [declassified certain information pertaining
to the "business records" provision of FISA][23], stating, "I believe it is
important for the American people to understand the limits of this targeted
counterterrorism program and the principles that govern its use". This statement
mentions that:
> Although this program has been properly classified, the leak of one order,
> without any context, has created a misleading impression of how it operates.
> [...] The program does not allow the Government to listen in on anyone's phone
> calls. The information acquired does not include the content of any
> communications or the identity of any subscriber. The only type of information
> acquired under the Court's order is telephony metadata, such as telephone
> numbers dialed and length of calls.[[23]]
The term "telephony metadata" could mean anything; the "numbers dialed" and
"length of calls" are part of it, but what does [the Court order][6]
specifically request?
> IT IS HEREBY ORDERED that [Verizon] shall produce to the [NSA] [...], and
> continue production on an ongoing daily basis [...] for the duration of this
> Order, [...] all call detail records or "telephony metadata" [...].
> Telephony metadata includes comprehensive communications routing information,
> including but not limited to [...] originating and terminating telephone
> number, [...] International Mobile Subscriber Identity (IMSI) number,
> International Mobile station Equipment Identity (IMEI) number, [...] trunk
> identifier, telephone calling card numbers, and time and duration of call.
> Telephony metadata does not include the substantive content of any
> communication [...], or the name, address, or financial information of a
> subscriber or customer.[[6]] --FISA Court order
The President made this point very clear:
> **Obama:** When it comes to telephone calls, nobody is listening to your
> telephone calls. Thats not what this programs about. As was indicated, what
> the intelligence community is doing is looking at phone numbers and durations
> of calls. They are not looking at peoples names, and theyre not looking at
> content. But by sifting through this so-called metadata, they may identify
> potential leads with respect to folks who might engage in terrorism. If these
> folks — if the intelligence community then actually wants to listen to a phone
> call, theyve got to go back to a federal judge, just like they would in a
> criminal investigation. So I want to be very clear. Some of the hype that
> weve been hearing over the last day or so — nobodys listening to the content
> of peoples phone calls.[[16]]
The EFF provides compelling arguments as to why [metadata is important to our
privacy][24]. One such example: "They know you spoke with an HIV testing
service, then your doctor, then your health insurance company in the same hour.
But they don't know what was discussed." The EFF further states, "the
government has given no assurances that this data will never be correlated with
other easily obtained data". So, while the President may try reassuring us by
stating that "they've got to go back to a federal judge", he certainly does
not make it clear that they may already have enough information *without* having
to do so---from this supposedly non-content metadata. They do not need to
subpoena the phone company for the name or address of the individual in most
cases, as reverse telephone directories are readily available. With that, they
then have the names of yourself, everyone you have called and GPS data.
Another argument worthy of strong consideration is posed by Daniel J.
Solove---[what if the government is wrong about your intentions][25]? How can
you go about correcting incorrect data if its very existence is hidden from the
public?
> What if the government leaks the information to the public? What if the
> government mistakenly determines that based on your pattern of activities,
> you're likely to engage in a criminal act? What if it denies you the right to
> fly? What if the government thinks your financial transactions look odd—even
> if you've done nothing wrong—and freezes your accounts? What if the government
> doesn't protect your information with adequate security, and an identity thief
> obtains it and uses it to defraud you?[[25]]
These are serious questions. Even if you---the reader---are of the type that sates
"I don't care; I have nothing to hide", then consider that, despite the government's
best efforts to secure and protect the data, [it could possibly fall prey to
enemies of the United States][25]. Consider that the [Chinese cracked into
Pentagon systems][26], taking "designs for more than two dozen major weapon systems
used by the United States military".
Of course, we are now assuming that that the NSA is (a) operating in accordance with the
Court order with respect to the privacy of communications content and (b) that
the President's statement is not intentionally omitting projects that *do*
warrantlessly wiretap innocent Americans' communications. Historically, the NSA has not
given us reason to entertain either of these thoughts.
**January 31, 2006**---[Hepting v. AT&T][13]; the EFF files a case suing AT&T on
behalf of its customers for "violating privacy law by collaborating with the
NSA in the massive, illegal program to wiretap and data-min Americans'
communications". This case included "undisputed evidence" from former AT&T technician
Mark Klein showing that [AT&T routed a copy of all Internet traffic to an NSA-controlled
room in San Francisco][27]:
> Through the "splitter cabinet," the content of all of the electronic voice
> and data communications going across the Peering Links [...] was transferred
> from the WorldNet Internet room's fiber optical circuits into the
> [NSA-controlled] SG3 Secure Room [...] including such equipment as Sun servers
> and Juniper (M40e and M160) "backbone" routers. The list also included a
> Narus STA 6400, which is a "Semantic Traffic Analyzer."[[27]]
That is---allegedly, AT&T indiscriminately passed *all* of the traffic passing
through its San Francisco facility into the NSA-controlled "SG3 Secure Room"
where the NSA performed their *own* filtering, storage and analysis however they
pleased. This is an astounding accusation. Additionally, Klein further states
that "other such `splitter cabinets' were being installed in other cities,
including Seattle, San Jose, Los Angeles and San Diego".[[27]]
Unfortunately, Hepting was dealt a fatal blow in July 2008 when both the
government and AT&T were [awarded retroactive immunity][28] by the [FISA
Amendments Act (FAA)][29]. This startling turn was signed by President Bush in
response to the EFF's court victories in the case and "allows the Attourney
General to require the dismissal of the lawsuits over the telecoms'
participation in the warrantless surveillance program".[[13]] The case was
dismissed in June 2009 and dozens of other lawsuits.
Fortunately, the battle is not over. The EFF then filed [Jewel v. NSA][12] which
directly targets the "NSA and other government agencies on behalf of AT&T
customers to stop the illegal unconstitutional and ongoing dragnet surveillance
of their communications and communications records". This case was too based
on [the testimony of Klein][27]. Additionally, the EFF had declarations of William
Binney, Thomas Drake and Kirk Wiebe---[three NSA whistleblowers][30]. Most
interesting (and damning) for the purposes of our discussion is the [Summary of
Voluminous Evidence][31].
> I have served on the Intelligence Committee for over a decade and I wish to
> deliver a warning this afternoon. When the American people find out how their
> government has secretly interpreted [the business records provision of
> FISA], they are going to be stunned and they are going to be angry.[^32]
> --Senator Ron Wyden
Note that the Senator is referring to precisely the same provision---business
records---that was partly declassified by James Clapper on Thursday.[[23]] Of
course, we are assuming that the NSA decides to go to the FISA Court for
permission; this apparently has not always been the case.
According to [the summary of evidence][31], the NSA stated:
> To perform both its offensive and defensive mission, NSA must "live on the
> network." [The program would be] a powerful and permanent presence on a
> global telecommunications infrastructure where protected American
> communications and targeted adversary communications will coexist.
This certainly shares some similarities with the Verizon case. But FISA stood
in the way of this goal; John Yoo explains why FISA was insufficient for such
a dragnet operation:
> [U]nder existing laws like FISA, you have to have the name of somebody, have
> to already suspect that someone's a terrorist before you can get a warrant.
> [...] it doesn't allow you as a government to use judgment based on
> probability to say: "[...] there's a high probability that some of those
> calls are terrorist communications. But we don't know the names of the people
> making those calls." You want to get at those phone calls, those e-mails, but
> under FISA you can't do that.[^33] --Jon Yoo
After the September 11th attacks, "FISA ceased to be an operative
concern".[[31]] If that statement sounds unsettling, that is because it is;
President Bush subsequently authorized the NSA to "conduct electronic
surveillance within the United States" without an order from the FISA Court
(FISC). General Hayden phrased it as such: the program "is a more [...]
`aggressive' program than would be traditionally available under FISA".[^34]
What---if anything---does this mean about any current NSA operations (including
the Verizon order)? If Bush is able to authorize such actions, what is to say
that Obama will not (and has not)?
Let us return to the statements from both Clapper[[23]] and Obama stating that
"nobody is listening to the content of your phone calls".[[16]] We can certainly
hope that this is the case, but we shall continue to draw from evidence in the
[Jewel v. NSA case][12] to see what the NSA has done in the past.
> It was the biggest legal mess I've ever encountered.[^35] --Jack Goldsmith, Justice
> Department's Office of Legal Consel
The program operated "in lieu of" court orders.[^36] Even more alarming (if such a
thing is possible), "neither the President nor Attorney General approved the specific
interceptions; rather, the decision to listen or read particular communications was
made by intelligence analysts"; the only authorization needed was by an NSA
"shift supervisor".[^37] So, let's reiterate:
> **Obama:** If these folks — if the intelligence community then actually wants to listen
> to a phone call, they've got to go back to a federal judge, just like they
> would in a criminal investigation.[[16]]
It may very well be that Obama is being truthful within context of the Verizon
order; perhaps they have learned from their mistakes with the AT&T dragnet.
Unfortunately, their secrecy is making it very difficult for the public to make
an informed analysis of the matter.
Ultimately, it is believed that Attorney General Comey's initial certifications of
the program were "based on a misimpression of those activities" due to a botched
legal analysis by Jon Yoo that was described as "at a minimum [...] factually
flawed". Yoo was the only OLC official to read into the program since its
inception in October 2001 until his leaving in May 2003.[[31]] When Comey refused
to reauthorize the program, Bush did so himself, resulting in threats of resignation
from Comey and "about two dozen Bush appointees". However, "[d]espite the illegality
of the Program, no officials resigned."[[31]].
In 2009, the New York Times published a series of articles regarding the
program, exposing a ["serious issue involving the NSA" concerning
"significant misconduct"][38]. This included a "`flagrant' overcollection
of domestic email".[[31]]
> Because each court order could single out hundreds or even thousands of phone
> numbers or e-mail addresses, the number of individual communications that
> were improperly collected could number in the millions, officials said.[[31]]
That was then; this is now, right? How can we be sure of any connection between
the NSA of a decade ago vs. the NSA of today? Well, as an average citizen with
no security clearance, I can't. However, there are some important connections that
can be made. Firstly, recall Ron Wyden's quote above stating that the public
will be "stunned" and "angry".[^32] On Thursday, June 6th, he [released this
statement on his Senate website][39]:
> The program Senators Feinstein and Chambliss publicly referred to today is one
> that I have been concerned about for years. I am barred by Senate rules from
> commenting on some of the details at this time. However, I believe that when
> law-abiding Americans call their friends, who they call, when they call, and
> where they call from is private information. Collecting this data about every
> single phone call that every American makes every day would be a massive
> invasion of Americans privacy.[[39]] --Senator Ron Wyden
Perhaps the most obvious and direct connection is that the [government asked for
more time in Jewel v. NSA (and Shubert v. Obama) in light of the NSA
revelations][40].
> The revelations not only confirmed what EFF has long alleged, they went even
> further and honestly, were still reeling. EFF will, of course, be continuing
> its efforts to get this egregious situation addressed by the courts.
>
> [...] EFF and others had long alleged that, despite the rhetoric surrounding
> the Patriot Act and the FISA Amendments Act, the government was still
> vacuuming up the records of the purely domestic communications of millions of
> Americans. And yesterday, of course, with the Verizon order, we got solid
> proof.. And it appears that the reach of this vacuum goes much further, into
> the records of our Internet service providers as well.[[41]] --Electronic
> Frontier Foundation
This brings us back to [PRISM][19]. Numerous sources reported that [the White
House confirmed][42] its existence. Indeed, if you consider the President's
original words--- "the programs that have been discussed over the last couple
days in the press are secret in the sense that theyre classified"[[16]]---this
does seem to be a verification of the project's existence. However, confusion ensued
when [companies like Google and Facebook denied involvement][43], despite what
the [leaked information seems to state][19]. Yonatan Zunger---chief architect at
Google---[reiterated the words of Larry Page][44]:
> I can also tell you that the suggestion that PRISM involved anything happening
> directly inside our datacenters surprised me a great deal; owing to the nature
> of my work at Google over the past decade, it would have been challenging --
> not impossible, but definitely a major surprise -- if something like this
> could have been done without my ever hearing of it. And I can categorically
> state that *nothing* resembling the mass surveillance of individuals by
> governments within our systems has ever crossed my plate.[[44]] --Yonatan
> Zunger, Chief Architect, Google
Questions then arose as to what exactly "PRISM" is. Marc Ambinder with The Week
reported that [PRISM is nothing more than one of many different "data collection
tools"][45] that may be used by the NSA. One day later, Marc posted another article
entitled ["Solving the mystery of PRISM"][46]
> Each data processing tool, collection platform, mission and source for raw
> intelligence is given a specific numeric signals activity/address designator,
> or a SIGAD. [...] PRISM is US-984XN. Each SIGAD is basically a collection
> site, physical or virtual; [...] PRISM is a kick-ass GUI that allows an
> analyst to look at, collate, monitor, and cross-check different data types
> provided to the NSA from internet companies located inside the United States.[[46]]
Others hypothesized that, due to the denial of involvement from various
companies[[44]], PRISM may operate by intercepting communications. The Guardian
[countered by releasing another slide from the leaked presentation][47], stating
outright that "[b]oth of these theories appear to be contradicted by internal
NSA documents".
> It clearly distinguishes Prism, which involves data collection from servers,
> as distinct from four different programs involving data collection from "fiber
> cables and infrastructure as data flows past".[[47]]
This sounds a great deal like Klein's description of the SG3 Secure Room at
AT&T[[27]] (though I do not intend to imply that they are the same thing---that is
not clear, nor does Klien state that he ever noted the word "PRISM" on any
documents). The Guardian goes on to state that "[a] far fuller picture of the exact
operation of Prism [...] is expected to emerge in the coming weeks and months".
(Is that foreshadowing or an educated guess?)
There is, of course, the other obvious hypothesis---that organizations including
Google, Facebook and Microsoft are being [deceptive or not telling the whole
truth][48]. Alternatively, maybe such operations were being done under the noses
of executives. On Friday, the New York Times published an article stating that
the technology companies ["cooperated at least a bit"][49].
> [Google, Micorsoft, Yahoo, Facebook, AOL, Apple and Paltalk] were legally
> required to share the data under the Foreign Intelligence Surveillance Act.
> [...] But instead of adding a back door to their servers, the companies were
> essentially asked to erect a locked mailbox and give the government the key,
> people briefed on the negotiations said. Facebook, for instance, built such a
> system for requesting and sharing the information, they said.[[49]]
This does not necessarily mean that these companies had any knowledge,
specifically, of "PRISM". As the Guardian said, I will be curious to see what
information surfaces in the coming months; the gag provisions of the orders make
for an unfortunate situation for everyone involved.
Let us return to the President's statements.
> **Obama:** And I welcome this debate. And I think it's healthy for our
> democracy. I think it's a sign of maturity, because probably five years ago,
> six years ago, we might not have been having this debate.[[16]]
This is a difficult debate to have, Mr. President, when the public does not know
of the existence of these programs; we only have knowledge of these programs due
to the aforementioned leaks---courageous individuals who feel that their
government is not representative of the democracy and freedom that it supposedly
represents. This segues into another statement from the President:
> **Jackie Calmes:** Do you welcome the leak, sir? Do you welcome the leak if
> you welcome the debate?
>
> **Obama:** I don't---I don't welcome leaks, because there's a reason why these
> programs are classified. [...] But that's also why we've set up congressional
> oversight. These are the folks you all vote for as your representative in
> Congress, and theyre being fully briefed on these programs.
Unfortunately, Obama seems to have missed another critical fact. We---the
people---vote for representatives that, well, "represent" *the issues that we
care about*. Those who are strongly opposed to gun legislation will vote for
those representatives that share those feelings and will fight to oppose such
legislation. Similarly, a pro-life supporter will probably not vote for a
candidate in favor of abortion. But what if there is a candidate that shares one
opinion but not another---say, opposes gun regulation but supports abortion,
when you as a voter are a pro-life gun-owner against gun legislation? Then you
will likely vote for the issues that you feel most strongly about (or what you
feel is a fair balance between all the other issues you follow). The problem
here, Mr. President, is that we---the people---are not made aware of these
issues because they are *classified*. How many people may not have voted for
you, Mr. President, had they known that you would support dragnet surveillance
of innocent Americans?
**Sunday, June 9th, 2013**---The Guardian continues to surprise the world by
[releasing the name of the NSA whistleblower at his request][50]. Edward
Snowden, a 29-year-old former CIA technical assistant and current defense
contractor employee is responsible for what The Guardian is calling "the
biggest intelligence leak in the NSA's history". Reporting from Hong
Kong---where Snowden fled to on May 20th in the hope of resisting the
U.S. government---Glenn Greenwald, Ewen MacAskill and Laura Poitras report
on his motives.
> Three weeks ago, Snowden made final preparations [...] [a]t the NSA office in
> Hawaii where he was working, [copying] the last set of documents he intended
> to disclose.[[50]]
Snowden describes situations where he began to begin questioning his government,
such as a case where a CIA operative purposely encouraged a Swiss banker to get
intoxicated and drive drunk so that he would be arrested. "Much of what I saw
in Geneva really disillusioned me about how my government functions and what its
impact is in the world." He mentioned that the election of Obama in 2008 gave
him hope for reform, but watched in 2009 as "Obama advanced the very policies
that I thought would be reined in. [...] I got hardened."[[50]]
It is this statement from Snowden that, if accurate, suggests that Obama not
only supports Bush's initial dragnet operation[[31]], but has further expanded it.
At this point, since the news is still quite young at the time that this article
was written, the world must wait to see what action the government will attempt
to take against Snowden. Reuters had already reported the previous day that
[the government is likely to open a criminal probe into the NSA leaks][51].
> James Clapper, the director of U.S. national intelligence, condemned the leaks
> and asserted that the news articles about PRISM contained "numerous
> inaccuracies."[[51]]
Snowden is not the first to come forward as a whistleblower from the NSA---as we
discussed previously, three NSA whistleblowers came fourth previously to back the
EFF in Jewel v. NSA;[[30]] they each had the charges either cleared or dropped. That
said, [Obama has been aggressively pursuing whistleblowers][59]. Snowden
mentioned that he views his best hope of freedom as the possibility of asylum
with Iceland.[[50]] It appears that such may already be working in his favor, with
[Iclandic Legislator Birgitta Jonsdottir already starting the process to apply
for asylum][52], although it is not clear if Snowden has already applied.
There is a great deal to think about. Even though the [evidence against the NSA
dates far back][4], the recent revelations invoke emotions that are difficult to
describe. With countless individuals working to sift through the information,
the Obama administration under attack and nobody knowing if the Guardian is
sitting on even more information, the entire world will continue to watch
impatiently...and act.
While all this is going on, it would be useful to reiterate certain privacy and
security topics that have already been covered at large. Firstly, consider
checking out the EFF's [Surveillance Self-Defense][53] website, which contains
information on a number of topics including anonymity and how to respond to
court orders. Consider using [Tor for anonymity][54] online (but recognize that
it is not a full solution in itself). Consider [keeping your data to
yourself][55] rather than storing it on "cloud" services---[Richard Stallman
explains how Software as a Service (SaaS) differs in dangers from proprietary
software][56]. Consider using only [free software][57] to limit further
sacrifices in personal freedom and to limit the information that corporations
and third parties collect from you while using your computer and other devices.
Finally, if you have information that you want to leak to the press (whether or
not you are an [NSA employee][58]), you may be able to consider tools such as
[The New Yorker's Strongbox][60]; it uses [software created by Aaron Swartz][61]
shortly before his untimely death early this year.
Finally, aid senators like Rand Paul in developing [legislation to curb the powers
of the government][62]. We must also do our best to fight for the rights of
brave whistleblowers like Snowden. To end with the words of the EFF, ["we need
a new church committee and we need it now"][41].
[5]: http://www.guardian.co.uk/world/2013/jun/06/nsa-phone-records-verizon-court-order
"NSA collecting phone records of millions of Verizon customers daily"
[6]: http://s3.documentcloud.org/documents/709012/verizon.pdf "PDF of the FISA Court order to Verizon."
[7]: http://s3.documentcloud.org/documents/709012/verizon.txt "Ibid; plain text version."
[8]: https://www.eff.org/deeplinks/2013/06/confirmed-nsa-spying-millions-americans
"Confirmed: NSA Spying on Millions of Americans"
[9]: https://www.eff.org/deeplinks/2011/10/ten-years-later-look-three-scariest-provisions-usa-patriot-act
"Three Scariest Provisions of thet USA Patriot Act"
[10]: /2013/03/federal-judge-rules-nsls-national-security-letters-unconstitutional
"Federal Judge Declares National Security Letters Unconstitutional"
[11]: http://www.theatlantic.com/politics/archive/2013/06/what-we-dont-know-about-spying-on-citizens-scarier-than-what-we-know/276607/
"Bruce Schneier comments on NSA leak"
[12]: https://www.eff.org/cases/jewel "Jewel v. NSA"
[13]: https://www.eff.org/cases/hepting "Hepting v. AT&T"
[14]: /2012/11/privacy-in-light-of-the-petraeus-scandal
"Privacy In Light of the Petraeus Scandal"
[15]: /2013/03/google-says-the-fbi-is-secretly-spying-on-some-of-its-customers
"Google Says the FBI Is Secretly Spying on Some of Its Customers"
[16]: http://blogs.wsj.com/washwire/2013/06/07/transcript-what-obama-said-on-nsa-controversy/
"Obama on the NSA controversy"
[17]: https://www.eff.org/deeplinks/2013/05/congressional-outrage-over-ap-phone-records
"Congressional outrate of AP phone records"
[18]: https://www.eff.org/deeplinks/2013/05/doj-subpoena-ap-journalists-shows-need-protect-calling-records
[19]: http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-data
[20]: http://googleblog.blogspot.com/2013/06/what.html "Larry Page denies PRISM involvement"
[21]: https://www.facebook.com/zuck/posts/10100828955847631 "Mark Zuckerberg denies PRISM involvement"
[22]: http://www.guardian.co.uk/world/2013/jun/07/google-facebook-prism-surveillance-program
[23]: http://www.dni.gov/index.php/newsroom/press-releases/191-press-releases-2013/868-dni-statement-on-recent-unauthorized-disclosures-of-classified-information
"James Clapper---Directory of National Intelligence---declassifies
information pertaining to the "business records" provision of FISA"
[24]: https://www.eff.org/deeplinks/2013/06/why-metadata-matters
"The EFF describes why telephony metadata can have a significant impact on our privacy."
[25]: http://mashable.com/2013/06/08/china-hack-nsa/ "What if crackers get a hold of the NSA's databases?"
[26]: http://rt.com/usa/us-chinese-report-defense-888/ "The Chinese crack into Pentagon systems."
[27]: https://www.eff.org/file/28823 "Public unredacted Mark Klein declaration"
[28]: https://www.eff.org/pages/case-against-retroactive-amnesty-telecoms "The Case Against Retroactive Amnesty for Telecoms."
[29]: http://www.govtrack.us/congress/bills/110/hr6304/text "FISA Amendments Act (FAA)."
[30]: https://www.eff.org/press/releases/three-nsa-whistleblowers-back-effs-lawsuit-over-governments-massive-spying-program
"Three NSA whistleblowers back the EFF in Jewel v. NSA"
[31]: https://www.eff.org/node/72021 "Summary of Voluminous Evidence, Jewel v. NSA"
[38]: http://www.nytimes.com/2009/04/16/us/16nsa.html?pagewanted=all "Officials Say U.S. Wiretaps Exceeded Law"
[39]: http://www.wyden.senate.gov/news/press-releases/wyden-statement-on-alleged-large-scale-collection-of-phone-records
"Ron Wyden comments on the collection of Verizon phone records"
[40]: https://www.eff.org/deeplinks/2013/06/government-asks-more-time-eff-surveillance-cases
"In Light of NSA Revelations, Government Asks for More Time in EFF Surveillance Cases"
[41]: https://www.eff.org/deeplinks/2013/06/response-nsa-we-need-new-church-commission-and-we-need-it-now
"In Response to the NSA, We Need A New Church Committee and We Need It Now"
[42]: http://www.theweek.co.uk/us/53475/white-house-admits-it-has-access-facebook-google
"White House admits it has "access" to Facebook, Google"
[43]: http://www.guardian.co.uk/world/2013/jun/07/google-facebook-prism-surveillance-program
"Facebook and Google insist they did not know of Prism surveillance program"
[44]: https://plus.google.com/+YonatanZunger/posts/huwQsphBron
"Yonatan Zunger---Chief Architect at Google---expresses his distaste of PRISM"
[45]: http://theweek.com/article/index/245311/sources-nsa-sucks-in-data-from-50-companies
"Sources: NSA sucks in data from 50 companies"
[46]: http://theweek.com/article/index/245360/solving-the-mystery-of-prism
"Solving the mystery of PRISM"
[47]: http://www.guardian.co.uk/world/2013/jun/08/nsa-prism-server-collection-facebook-google
"NSA's Prism surveillance program: how it works and what it can do."
[48]: http://www.guardian.co.uk/world/2013/jun/08/obama-response-nsa-surveillance-democrats
"Obama deflects criticism over NSA surveillance as Democrats sound alarm."
[49]: http://www.nytimes.com/2013/06/08/technology/tech-companies-bristling-concede-to-government-surveillance-efforts.html?ref=global-home&_r=2&pagewanted=all&
"Tech Companies Concede to Surveillance Program"
[50]: http://www.guardian.co.uk/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance
"Edward Snowden: the whistleblower behind the NSA surveillance revelations."
[51]: http://www.reuters.com/article/2013/06/08/us-usa-security-leaks-idUSBRE95700C20130608
"Government likely to open criminal probe into NSA leaks: officials."
[52]: http://www.forbes.com/sites/andygreenberg/2013/06/09/icelandic-legislator-im-ready-to-help-nsa-whistleblower-seek-asylum/
"Icelandic Legislator: I'm Ready To Help NSA Whistleblower Edward Snowden Seek Asylum"
[53]: https://ssd.eff.org/ "EFF Surveillance Self-Defense."
[54]: https://www.torproject.org/ "The Tor project offers anonymity online."
[55]: http://www.guardian.co.uk/technology/2008/sep/29/cloud.computing.richard.stallman
"Cloud computing is a trap, warns GNU founder Richard Stallman"
[56]: http://www.gnu.org/philosophy/who-does-that-server-really-serve.html
"Who does that server really serve?"
[57]: http://www.gnu.org/philosophy/free-sw.html "What is free software?"
[58]: http://www.whistleblowers.org/index.php?option=com_content&task=view&id=984&Itemid=173
"National Security Employees Know Your Rights"
[59]: http://www.theatlanticwire.com/politics/2011/05/obamas-war-whistle-blowers/38106/
"Obama's War on Whistle-Blowers"
[60]: http://www.newyorker.com/strongbox/ "The New Yorker Strongbox"
[61]: http://www.newyorker.com/online/blogs/newsdesk/2013/05/strongbox-and-aaron-swartz.html
"Strongbox and Aaron Swartz"
[62]: http://abcnews.go.com/blogs/politics/2013/06/rand-paul-bill-would-curb-nsa-on-phone-records/
"Rand Paul Bill Would Curb NSA on Phone Records"
[^32]: Ibid.[[31]] 157 Cong. Rec. S3372--3402, S3386 (May 26, 2011) [Vol. VI, Ex. 111, p. 4286]
(Statement of Sen. Ron Wyden, On Patriot Act Reauthorization)
[^33]: Ibid.[[31]] PBS Frontline, Spying on the Homefront, Interview with John C. Yoo at 4
(Jan. 10, 2007) [Vol. I, Ex. 10, p. 394]
[^34]: Ibid.[[31]] Press Briefing by Atty Gen. Alberto Gonzalez and Gen. Michael Hayden,
Principal Dep. Dir. for Natl Intelligence (Dec. 19, 2005)
[^35]: Ibid.[[31]] Preserving the Rule of Law in the Fight Against Terror:
Hearing before the S. Comm. on the Judiciary, 110th Cong. 7 (Oct. 2, 2007)
[Vol. III, Ex. 42, p. 1307] (testimony of Jack Goldsmith)
[^36]: Ibid.[[31]] Press Briefing by Atty Gen. Alberto Gonzalez and Gen. Michael Hayden, Principal Dep. Dir.
for Natl Intelligence (Dec. 19, 2005)
[^37]: Ibid.[[31]] Remarks by Gen. Michael Hayden, Address to the National Press Club, Washington, D.C. (Jan. 23, 2006)
[Vol. IV, Ex. 73, p. 1809]

159
post/2013-06-16-all-thoughts-and-site-text-now-licensed-under-cc-by-sa.md 100644
View File

@ -0,0 +1,159 @@
# All "Thoughts" and Site Text Now Licensed Under CC BY-SA
All "thoughts"---that is, my blog-like entries that are generated by the
repository commit messages---and site text are hereby retroactively relicensed
under the [Creative Commons Attribution-ShareAlike 3.0 Unported License][0].
This license shall not supersede any license that is explicitly put forth within
a work; see the COPYING file within the thoughts repository---available on the
"Projects" page---for more information.
[0]: http://creativecommons.org/licenses/by-sa/3.0/
<!-- more -->
This is not a decision I take lightly; it has received much thought over the
course of recent years. For some time, I accepted [the view of Richard Stallman
and the Free Software Foundation][1] on opinion pieces in that, since they
express personal opinions, it is not unreasonable to require that they be
distributed verbatim. Indeed, it would seem wise not to allow someone to change
your words, especially on something that you are passionate about.
However, I have come to adopt another perspective. What is the motivation behind
releasing content under a license that permits modification (that is, the
creation of derivative works)? Often, the primary reason is to allow others to
improve upon the content or to modify it to suit their particular needs. To
prevent others from locking down those changes---preventing others from having
the same rights as they did---many will often release their works under licenses
that require that all derivatives be released under the same terms. In the case
of Creative Commons, this is called ["ShareAlike"][2], which is motivated by
GNU's copyright hack called [copyleft][3] (popularized by the [GNU General
Public License][4]).
For [free software][5] advocates, the question of whether or not to permit
modification is generally not even raised---it is a necessity. Software serves a
functional purpose: Prohibiting modification could prevent users from altering
the software in ways that they may find useful and could be used to exert
control over the users. Software does stuff. Software can control what the user
can and cannot do.
Creative works are often considered in a different light. Like software, they
are indeed useful---they can be tools to learn, to entertain, etc. However, does
prohibiting modification do any harm? In the case of [documentation for free
software][6], yes---documentation is very important and can make the difference
between highly useful software and impenetrable software. Free documentation
ensures that, as the software grows, the documentation can grow with it. Since
the documentation for many projects is often scarce or poorly written (great
computer hackers are not necessarily great language hackers), the freedom to
modify the documentation is a necessity.
Then what of texts that have nothing to do with a free software project? Texts
that serve as an educational resource of any kind would benefit from being free
just as a free software project would---experts could contribute, teachers could
alter it to suit their particular teaching style or their classroom setting,
etc. But what of texts that exist purely as opinion pieces?
I'm not sure there's such a thing as a "pure" opinion piece, unless it is
utter garbage.
An author would do well to substantiate their opinion with appropriate
references (though often times, this is not the case). With those
references (or lack thereof) comes the need to connect them to the content---the
author must explain his or her opinion. This explanation is educational, even if
the reader does not agree with the opinion. Perhaps the reader wishes to use the
opinion piece as a resource, but notices that it is lacking in some respect.
Should they not be able to improve it, perhaps to even further the author's
point? Or, perhaps the opinion piece could be extended to the contrary---to
prove additional references to either make it neutral or even work against the
author's original opinion. Even though this may not be what the author wants,
this is still a useful derivation of the original work.
As an example, consider this very post. This is clearly an opinion piece---I
have made the choice to release my content under a Creative Commons license and
I am substantiating my opinion in the hope that others may gain insight and
possibly even choose the same path for their own creative works. What if someone
wished to present this article to a group of individuals---maybe in the
workplace---but found my "garbage" comment to be unnecessarily harsh? What
personal harm would I incur if they were to remove that statement? However, what
if they wished to go further by replacing all references to "free software"
with references to "open source"---a term which I [reject][7]? Well, this
could potentially affect my image, depending on the group's philosophy. What
now?
There are a few important points to note from this. Firstly, the license
mandates that:
> If You Distribute, or Publicly Perform the Work or any Adaptations or
> Collections, You must, unless a request has been made pursuant to Section
> 4(a), keep intact all copyright notices for the Work and provide, reasonable
> to the medium or means You are utilizing: (i) the name of the Original Author
> (or pseudonym, if applicable) if supplied, and/or if the Original Author
> and/or Licensor designate another party or parties (e.g., a sponsor institute,
> publishing entity, journal) for attribution ("Attribution Parties") in
> Licensor's copyright notice, terms of service or by other reasonable means,
> the name of such party or parties; (ii) the title of the Work if supplied;
> (iii) to the extent reasonably practicable, the URI, if any, that Licensor
> specifies to be associated with the Work, unless such URI does not refer to
> the copyright notice or licensing information for the Work; and (iv) ,
> consistent with Ssection [sic] 3(b), in the case of an Adaptation, a credit
> identifying the use of the Work in the Adaptation (e.g., "French translation
> of the Work by Original Author," or "Screenplay based on original Work by
> Original Author").[8]
In plain English---you must provide attribution to the original author and
indicate that the work has been modified from the original. Furthermore:
> The credit required by this Section 4(c) may be implemented in any reasonable
> manner; provided, however, that in the case of a Adaptation or Collection, at
> a minimum such credit will appear, if a credit for all contributing authors of
> the Adaptation or Collection appears, then as part of these credits and in a
> manner at least as prominent as the credits for the other contributing
> authors.[8]
It would therefore be appropriate to assume that an author of a derivate work
will, in good faith, make clear attribution. Should this not be the case, then
what is to say that the author would not have simply modified a work which is
not licensed to permit modifications?
The next point is another simple one: Under United States copyright law, the
[fair use doctrine][9] permits limited use of a copyrighted work without prior
consent from the author; it is this doctrine that allows, for example, authors
and journalists to quote portions of other works to report on or back up their
arguments. This means that, even if the license did not permit, an author could
still incorporate *portions* of my work to support their own arguments or agenda,
regardless of whether or not I may agree with it. This segues into the final
point.
Who am I to [dictate others opinions][10]? It would not be right of me to limit
one's freedom simply because they violate my own personal opinions or beliefs.
Therefore, if this is one condition under which I would decide to restrict my
creative works, then that reason should be immediately dismissed. This means
that---within the context of my previous example---if someone wanted to alter
all the references to "free software" in my work to adapt it to their own
personal style, then they should be permitted to do so. Such a work is no longer
my own: They must clearly state that it has been altered from the original.
Hopefully readers take notice of that. My works are always published on my own
personal website where the originals can be found; with today's search engines,
such a task is trivial. If someone neglects to do so---and I do understand that
many will neglect to do so---then they have not made an informed opinion on the
material.
Another minor point would be that, for the majority of my works, it is unlikely
that anyone will be making any sort of alteration.
As such, I find that I have little ground to stand on should I attempt to
rationalize a more restrictive license. Any remaining arguments, such as "what
if they sell your content or modify it only slightly and are given more credit
for the work than they deserve?" are already covered by the free software
philosophy can may be easily adopted here.
[1]: http://www.gnu.org/licenses/license-list.html#OpinionLicenses
[2]: http://creativecommons.org/licenses/
[3]: https://www.gnu.org/copyleft/copyleft.html
[4]: https://www.gnu.org/copyleft/gpl.html
[5]: https://www.gnu.org/philosophy/free-sw.html
[6]: https://www.gnu.org/philosophy/free-doc.html
[7]: http://www.gnu.org/philosophy/open-source-misses-the-point.html
[8]: http://creativecommons.org/licenses/by-sa/3.0/legalcode
[9]: http://en.wikipedia.org/wiki/Fair_use
[10]: http://www.gnu.org/philosophy/programs-must-not-limit-freedom.html

64
post/2013-07-12-snowden-statement-at-moscow-airport-accepts-asylum-offers.md 100644
View File

@ -0,0 +1,64 @@
# Snowden Statement at Moscow Airport; Accepts Asylum Offers
**See Also:** [National Uproar: A Comprehensive Overview of the NSA Leaks and
Revelations][0]; I have not yet had the time to devote to writing a thorough
follow-up of recent events and will likely wait until further information and
leaks are presented.
[Edward Snowden][1]---the whistleblower responsible for [exposing various NSA
dragnet spying programs][0], among other documents---has been [stuck in the
Moscow airport][2] for quite some time while trying to figure out how he will
travel to countries offering him asylum, which may involve traveling through
territories that may cooperate with the United States' extradition requests.
[0]: /2013/06/national-uproar-a-comprehensive-overview-of-the-nsa-leaks-and-revelations
[1]: https://en.wikipedia.org/wiki/Edward_Snowden (Now with his own Wikipedia page)
[2]: http://www.guardian.co.uk/world/2013/jul/01/edward-snowden-escape-moscow-airport
<!-- more -->
Snowden [issued a statement today to Human Rights groups at Moscow's
Sheremetyevo airport][3], within which he mentioned:
> I announce today my formal acceptance of all offers of support or asylum I
> have been extended and all others that may be offered in the future. With, for
> example, the grant of asylum provided by Venezuelas President Maduro, my
> asylee status is now formal, and no state has a basis by which to limit or
> interfere with my right to enjoy that asylum. [...] I ask for your assistance
> in requesting guarantees of safe passage from the relevant nations in securing
> my travel to Latin America, as well as requesting asylum in Russia until such
> time as these states accede to law and my legal travel is permitted. I will be
> submitting my request to Russia today, and hope it will be accepted
> favorably.[3]
Snowden had previously [withdrawn his request for political asylum in Russia][4]
after [Vladmir Putin stated that he could stay][5] only if he stopped "bringing
harm to our American partners"---something which [Snowden does not believe that
he is doing][6]. Although Venezuela has offered Snowden asylum, as [explained by
the Guardian][6], "he remains unable to travel there without travel
documents". Even if he does obtain travel documents, there are still
worries---earlier this month, the [Bolivian president's plane was diverted with
suspicion that Snowden was on board][7], showing that certain countries may be
willing to aid the U.S. in his extradition or otherwise prevent him from
traveling.
My focus on these issues will seldom be on Snowden himself---I would prefer to
focus primarily on what he sacrificed his life to bring to light. But it is
precisely this sacrifice that makes it important to ensure that Snowden does not
fall out of the picture (though it does not appear that he will any time soon).
The Guardian also seems to have adopted the strategy of slowly providing more
information on the leaks over time---such as the recent revelation that
[Microsoft cooperated with the NSA's Prisim program to provide access to
unencrypted contents of Outlook.com, Hotmail, Skype and SkyDrive services][8]; I
will have more on that later.
I end this with a photograph taken yesterday of [Richard Stallman with Julian
Assange holding up a picture of Snowden][9] that brings a smile to my face.
[3]: http://wikileaks.org/Statement-by-Edward-Snowden-to.html
[4]: http://www.guardian.co.uk/world/2013/jul/02/edward-snowden-nsa-withdraws-asylum-russia-putin
[5]: http://www.guardian.co.uk/world/2013/jul/01/putin-snowden-remain-russia-offer
[6]: http://m.guardiannews.com/world/2013/jul/12/edward-snowden-accuses-us-illegal-campaign
[7]: http://www.guardian.co.uk/world/2013/jul/05/european-states-snowden-morales-plane-nsa
[8]: http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data
[9]: http://twitpic.com/d279tx

99
post/2013-08-11-london-trashcan-spies.md 100644
View File

@ -0,0 +1,99 @@
# London Trashcan Spies
We're not talking about kids hiding out in trashcans talking on
walkie-talkies and giggling to each other.
[Ars has reported on London trashcans][0] rigged to collect the [MAC
addresses][1] of mobile devices that pass by. Since we do not often see
mobile devices carrying themselves around, we may as well rephrase this as
"collect the MAC addresses of people that pass by":
> During a one-week period in June, just 12 cans, or about 10 percent of the
> company's fleet, tracked more than 4 million devices and allowed company
> marketers to map the "footfall" of their owners within a 4-minute
> walking distance to various stores.
[0]: http://arstechnica.com/security/2013/08/no-this-isnt-a-scene-from-minority-report-this-trash-can-is-stalking-you/
[1]: http://en.wikipedia.org/wiki/MAC_address
<!-- more -->
Your device's---er, *your*---MAC address is a unique identifier that, in
the case of wireless networks, is used by the networks to state that a
message is intended specifically for you---something that is necessary since
wireless devices communicate through open air and, therefore, your device is
[also able to pick up the communications of other devices][2]:
> In IEEE 802 networks such as Ethernet, token ring, and IEEE 802.11, and in
> FDDI, each frame includes a destination Media Access Control address (MAC
> address). In non-promiscuous mode, when a NIC receives a frame, it
> normally drops it unless the frame is addressed to that NIC's MAC address
> or is a broadcast or multicast frame.
Therefore, in such networks, a MAC address is required for communication. So
why does your device freely give away such a unique identifier that can be
used to track you? Consider that, when wireless is enabled (and, as [the Ars
article][0] mentions, sometimes [even when it's not][3]), your device
generally scans your surroundings in order to provide you with a list of
networks to connect to. This list is generally populated when various access
points broadcast their own information to advertise themselves so that you
can select them to connect. However, some access points are hidden---they do
not broadcast their information, which helps to deter unwanted or malicious
users. To connect to these access points, you generally provide the name
that the access point administrator has given to it (e.g. "mysecretap").
Let's say you disconnect from mysecretap. Since the access point (AP) is not
broadcasting itself, how does your device know when it is available again?
It must attempt to ping it and see if it gets a response. With this ping is
your MAC address. Since many devices conveniently like to connect
automatically to known access points when they become available, it is
likely that your device is pinging rather frequently.
But what if you do not use hidden access points? Well, it is likely that the
same issue still stands---what if the access point that you connected to was
once listed but then becomes hidden? (Maybe the administrator of the access
point allowed broadcasts for a period of time to allow people to connect
easily, but then hid it at a later time.) Your device would need to account
for that, and therefore, to be helpful, likely broadcasts pings for any
access point you have connected to recently (where "recently" would depend
on your device).
Now, back to the [NSA][5]-wannabe-trashcans: At this point, all an observer
must do is lay in wait for those broadcasts and record the MAC addresses. By
placing these devices at various locations, you could easily track the
movements of individuals, including their speed, destinations, durations of
their visits, visit frequencies, favorite areas, dwellings, travel patterns,
etc. Since devices may broadcast a whole slew of recent access points that
it connected to, you could also see areas that the owner may have been to
(oh, I see that you connected to the free wifi in that strip joint). You
[could be evil][6].
Turn off wireless on your device when you are not using it---especially when
you are traveling. Ensure that your device [does not continue pinging access
points when wireless is disabled][3].
Better yet, fight back. Consider exploring how to spoof your MAC address,
perhaps randomly generating one every so often. Consider the possibilities
of activist groups that may pollute these spy databases by gathering a list
of unique MAC addresses of passerbys for the purpose of rebroadcasting them
at random intervals---which you could even do using long-range antennas
targeted at these devices.[^7] If done properly to mimic models of common
travel patterns, the data that these spy devices gather would become
unreliable.[^8]
Surveillance by any entity---be it [governments][5], corporations,
individuals or otherwise---is not acceptable.
[2]: http://en.wikipedia.org/wiki/Promiscuous_mode
[3]: http://arstechnica.com/gadgets/2013/08/review-android-4-3-future-proofs-the-platform-with-multitude-of-minor-changes/3/#p15
[4]: http://arstechnica.com/security/2013/08/diy-stalker-boxes-spy-on-wi-fi-users-cheaply-and-with-maximum-creep-value/
[5]: /2013/06/national-uproar-a-comprehensive-overview-of-the-nsa-leaks-and-revelations
[6]: http://renewlondon.com
[^7]: Disclaimer: Please research your local laws.
[^8]: Of course, it is important that such an activity in itself does not
violate a person's privacy, and so such collection must be done in a manner
that cannot in itself identify the person's travel patterns (e.g. by
not storing information on what access point the data was collected from).

17
post/2013-08-12-facebook-knows-about-you-even-if-you-are-not-a-member.md 100644
View File

@ -0,0 +1,17 @@
# Facebook knows about you even if you are not a member
An article about [the scope of Facebook's data collection][0] speaks for
itself; this really does not come as a surprise, but is nonetheless
unsettling.
[0]: http://www.groovypost.com/news/facebook-shadow-accounts-non-users/
<!-- more -->
Encourage your friends, colleagues and acquaintances to use services like
[Diaspora][1] that are respectful of your data instead. Better yet: explain
to those individuals the problems of social media services and ask that they
respectfully leave you out of it.
[1]: https://joindiaspora.com/

40
post/2013-08-12-windows-81-to-display-targeted-advertisements-on-local-system-searches.md 100644
View File

@ -0,0 +1,40 @@
# Windows 8.1 to display targeted advertisements on local system searches
It is very disturbing that [Microsoft decided that it would be a good idea
to display targeted ads on local searches][0]---that is, if you search for a
file on your PC named "finances", you may get ads for finance software,
taxes, etc. If you search for "porn", well, you get the idea.
> Bing Ads will be an integral part of this new Windows 8.1 Smart Search
> experience. Now, with a single campaign setup, advertisers can connect
> with consumers across Bing, Yahoo! and the new Windows Search with highly
> relevant ads for their search queries. In addition, Bing Ads will include
> Web previews of websites and the latest features like site links, location
> and call extensions, making it easier for consumers to complete tasks and
> for advertisers to drive qualified leads.[[1]]
[0]: http://www.computerworld.com/s/article/9241524/Steven_J._Vaughan_Nichols_Microsoft_Bing_bang_bungles_local_search
[1]: http://community.bingads.microsoft.com/ads/en/bingads/b/blog/archive/2013/07/02/new-search-ad-experiences-within-windows-8-1.aspx
<!-- more -->
While that is certainly obnoxious, consider the larger issue of privacy
(which seems to be in the news a lot lately[[2]][[3]]): Late last year, there
was an uproar in the Free Software community when [Ubuntu decided to query
Amazon---enabled by default---on local searches][4] using their new Unity
interface. The problem is that your personal queries are being sent to a
third party---queries that you generally would expect to be private. If I
run a `find' or `grep' command on my system, I certainly do not expect it to
report to Amazon or Microsoft what I am searching for.
And to make matters even worse, Microsoft is exploiting this information to
allow advertisers to target you. [Ironic.][5]
[Do not use Windows 8][6] (or any other proprietary software, for that
matter).
[2]: /2013/08/facebook-knows-about-you-even-if-you-are-not-a-member
[3]: /2013/06/national-uproar-a-comprehensive-overview-of-the-nsa-leaks-and-revelations
[4]: http://www.fsf.org/blogs/rms/ubuntu-spyware-what-to-do
[5]: http://www.scroogled.com/email/
[6]: https://www.fsf.org/windows8

209
post/2013-08-13-freebsd-clang-and-gcc-copyleft-vs-community.md 100644
View File

@ -0,0 +1,209 @@
# FreeBSD, Clang and GCC: Copyleft vs. Community
A useful perspective explaining why [FreeBSD is moving away from GCC in
favor of Clang][0]; indeed, they are moving away from GPL-licensed software
in general. While this is [not a perspective that I personally agree
with][1], it is one that I will respect for the project. It is worth
understanding the opinions of those who disagree with you to better
understand and formulate your own perspective.
[0]: http://unix.stackexchange.com/a/49970
[1]: /2012/11/vlcs-move-to-lgpl
But I am still a free software activist.
<!-- more -->
According to the [FreeBSD FAQ][2]:
> The goal of the FreeBSD Project is to provide a stable and fast general
> purpose operating system that may be used for any purpose without strings
> attached.
As is mentioned in [the aforementioned article][0], the BSD community does not
hold the same opinions on what constitutes "without strings
attached"---the BSD community [considers the restriction on the user's
right to make proprietary use of the software to be a "string"][2],
whereas the free software community under [RMS][3] believes that [the
ability to make a free program proprietary is unjust][4]:
> Making a program proprietary is an exercise of power. Copyright law today
> grants software developers that power, so they and only they choose the
> rules to impose on everyone else—a relatively small number of people make
> the basic software decisions for all users, typically by denying their
> freedom. When users lack the freedoms that define free software, they
> can't tell what the software is doing, can't check for back doors, can't
> monitor possible viruses and worms, can't find out what personal
> information is being reported (or stop the reports, even if they do find
> out). If it breaks, they can't fix it; they have to wait for the developer
> to exercise its power to do so. If it simply isn't quite what they need,
> they are stuck with it. They can't help each other improve it.
The [Modified BSD License][5] is a GPL-compatible Free Software
license---that is, software licensed under the Modified BSD license meets
the requirements of the [Free Software Definition][6]. The additional
"string" that the BSD community is referring to is the concept of
[copyleft][7]---Richard Stallman's copyright hack and one of his most
substantial contributions to free software and free society. To put it into
the [words of the FSF][7]:
> Copyleft is a general method for making a program (or other work) free,
> and requiring all modified and extended versions of the program to be free
> as well.
Critics often adopt the term ["viral" in place of "copyleft"][8] because
of the requirement that all derivatives must contain the same copyleft
terms---the derivative must itself be Free Software, perpetually (until, of
course, the copyright term expires and it becomes part of the public domain,
[if such a thing will ever happen at this rate][9]). In the case of the
Modified BSD license---being a more permissive license that is non-copyleft
and thus allows proprietary derivatives---derivative works that include both
BSD- and GPL-licensed code essentially consume the [Modified BSD license's
terms][10], which are a subset of the [GPL's][11]. Of course, this is not
pursuant to [FreeBSD's goals][2] and so they consider this to be a bad
thing: There are "strings attached".
This is more demonstrative of the ["open source" philosophy than that of
"Free Software"][12] (yes, notice the bias in my capitalization of these
terms).
[Copyleft is important][7] because it ensures that all users will forever
have the [four fundamental freedoms associated with Free Software][6]. The
GPL incorporates copyleft; BSD licenses do not. Consider why this is a
problem: Imagine some software Foo licensed under [the Modified BSD
license][10]. Foo is free software; it is licensed under a [free software
license (Modified BSD)][5]. Now consider that someone makes a fork---a
derivative---of Foo, which we will call "Foobar". Since [the Modified BSD
license is not copyleft][10], the author of Foobar decides that he or she
does not wish to release its source code; this is perfectly compliant with
the Modified BSD license, as it does not require that source code be
distributed with a binary (it only requires---via its [second
clause][10]---that the copyright notice, list of conditions and disclaimer be
provided).
The author has just taken Foo and made it proprietary.
The FreeBSD community is okay with this; [the free software community is
not][4]. There is a distinction between these two parties: When critics of
copyleft state that they believe the GPL is "less free" than more
permissive licenses such as the BSD licenses, they are taking into
consideration the freedoms of developers and distributors; the GPL, on the
other hand, explicirly *restricts* these parties' rights in order to protect
the *users* because those parties are precisely those that seek to *restrict
the users' freedoms*; we cannot provide such freedoms to developers and
distributors without sacrificing the rights of the vulnerable users who
generally do not have the skills to protect themselves from being taken
advantage of.[^13] Free software advocates have exclusive, unwaivering
loyalty to users.
As an example of the friction between the two communities, consider a
concept that has been termed ["tivoization"][14]:
> Tivoization means certain “appliances” (which have computers inside)
> contain GPL-covered software that you can't effectively change, because
> the appliance shuts down if it detects modified software. The usual
> motive for tivoization is that the software has features the manufacturer
> knows people will want to change, and aims to stop people from changing
> them. The manufacturers of these computers take advantage of the freedom
> that free software provides, but they don't let you do likewise.
This [anti-feature][15] is a type of [Digital Restrictions Management
(DRM)][16] that exposes a [loophole in the GPL that was closed in
Section 3 of the GPLv3][14], which [requires that][11]:
> When you convey a covered work, you waive any legal power to forbid
> circumvention of technological measures to the extent such circumvention
> is effected by exercising rights under this License with respect to the
> covered work, and you disclaim any intention to limit operation or
> modification of the work as a means of enforcing, against the work's
> users, your or third parties' legal rights to forbid circumvention of
> technological measures.
Unfortunately, not everyone has agreed with this move. A number of
[developers of the kernel Linux expressed their opposition of GPLv3][17]. In
response to the aforementioned GPLv3 provision, they stated:
> While we find the use of DRM by media companies in their attempts to reach
> into user owned devices to control content deeply disturbing, our belief
> in the essential freedoms of section 3 forbids us from ever accepting any
> licence which contains end use restrictions. The existence of DRM abuse is
> no excuse for curtailing freedoms.
Linus Torvalds---the original author of the kernel Linux---also [expressed
his distaste toward the GPLv3][18]; the kernel is today still licensed under
the GPLv2.
[The BSD camp has similar objections][19]:
> Appliance vendors in particular have the most to lose if the large body of
> software currently licensed under GPLv2 today migrates to the new license.
> They will no longer have the freedom to use GPLv3 software and restrict
> modification of the software installed on their hardware. High support
> costs ("I modified the web server on my Widget 2000 and it stopped
> running...") and being unable to guarantee adherence to specifications in
> order to gain licensing (e.g. FCC spectrum use, Cable TV and media DRM
> requirements) are only two of a growing list of issues for these
> users. --Justin Gibbs, VP of The FreeBSD Foundation
My thoughts while reading the above where echoed by Gibbs further on in his
statement: "[T]he stark difference between the BSD licensing philosophy and
that of the Free Software Foundation are only too clear." For the FreeBSD
community, this is a very serious issue and their argument is certainly a
legitimate concern on the surface. However, it is an argument that the Free
Software community would do well to reject: Why would we wish to sacrifice
users' freedoms for any reason, let alone these fairly absurd ones. In
particular, a support contract could dictate that only unmodified software
will be provided assistance and even mandate that the hardware indicate
changes in software: like breaking the "void" sticker when opening a
hardware component. Moreover, how frequently would such a situation
actually happen relative to their entire customer base? My guess is: fairly
infrequently. The second issue is a more complicated one, as I am not as
familiar on such topics, but a manufacturer can still assert that the
software that it provides with its devices is compliant. If the compliance
process forbids any possibility of brining the software into
non-compliance---that is, allowing the user to modify the software---then
the hardware manufacturer can choose to not use free software (and free
software advocates will subsequently reject it until standards bodies grow
up).
As I mentioned at the beginning of this article: this is a view that I will
respect for the project. I disagree with it, but FreeBSD is still free
software and we would do well not to discriminate against it simply because
someone else may decide to bastardize it and betray their users by making it
proprietary or providing [shackles][16]. However, provided the licensing;
option for your own software, you should choose the GPL.
**Colophon:** The title of this article is a play on [RMS' "Copyright vs.
Communty"][20], which is a title to a speech he frequently provides
worldwide. His speech covers how copyright works against the interests of
the community; here, BSD advocates aruge that [copyleft][7] works against
the interests of *their* community and their users; I figured that I would
snag this title as a free software advocate before someone else opposing
copyleft did.
[2]: http://www.freebsd.org/doc/faq/introduction.html#FreeBSD-goals
[3]: http://en.wikipedia.org/wiki/Richard_Stallman
[4]: http://www.gnu.org/philosophy/freedom-or-power.html
[5]: http://www.gnu.org/licenses/license-list.html#ModifiedBSD
[6]: http://www.gnu.org/philosophy/free-sw.html
[7]: http://www.gnu.org/copyleft/
[8]: http://en.wikipedia.org/wiki/Copyleft#Viral_licensing
[9]: http://www.gnu.org/philosophy/misinterpreting-copyright.html
[10]: http://en.wikipedia.org/wiki/BSD_licenses
[11]: http://www.gnu.org/licenses/gpl.html
[12]: http://www.gnu.org/philosophy/open-source-misses-the-point.html
[^13]: Technically, the GPL exercises restrictions only on distributors; a
developer can integrate GPL'd code into their proprietary software so
long as they do not distribute it [(as defined in the GPL)][11]. However,
developers often have to cater to distributors, since software will
generally be distributed; if it is not, then it is not relevant to this
discussion.
[14]: http://www.gnu.org/licenses/rms-why-gplv3.html
[15]: http://www.fsf.org/blogs/community/antifeatures
[16]: http://www.defectivebydesign.org/what_is_drm_digital_restrictions_management
[17]: http://lwn.net/Articles/200422/
[18]: http://en.wikipedia.org/wiki/Linux_kernel
[19]: http://www.freebsdfoundation.org/press/2007Aug-newsletter.shtml
[20]: http://www.gnu.org/philosophy/copyright-versus-community.html

64
post/2013-08-13-measuring-air-temperature-with-phone-batteries.md 100644
View File

@ -0,0 +1,64 @@
# Measuring Air Temperature With Phone Batteries
OpenSignal---a company responsible for mapping wireless signal
strength by gathering data using mobile device software---noticed [an
interest correlation between battery temperature on devices and air
temperature][0].
> Aggregating daily battery temperature readings to city level revealed a
> strong correlation with historic outdoor air temperature. With a
> mathematical transformation, the average battery temperature across a
> group of phones gives the outdoor air temperature.
[0]: http://opensignal.com/reports/battery-temperature-weather/
<!-- more -->
**Note:** Graph renderings on their website require proprietary JavaScript, but
the article does describe it in detail, so it is not necessary. In
particular, note that, from [their provided equation][0], their scaling factor
`m' implies that there is a smaller variance in battery temperature in the
graph than there is in the actual air temperature, but that there is still a
correlation.
This is an interesting find. The article further states that "[...] we have
one data point where the Android data is actually more reliable than the
traditional source."
Such data can be very useful in providing decentralized data, so long as
[issues of privacy][1] are addressed. Doing so is not terribly difficult,
but would have a number of factors. In particular, the user would need the
means to submit data anonymously, which could be done via software/networks
such as [Tor][2]. GPS location data is certainly a privacy issue when it is
tied to your mobile device, but fortunately, it's unneeded: you can trust
your users to let you know where they reside by either (a) opting into using
location services or (b) allowing them to specify a location or approximate
location of their choosing (approximations would be important since a user
may not wish to change their location manually while they travel, say, to
and from work). If enough devices submit data, then legitimate data would
drown out those who are trying to purposefully pollute the database. Such an
example can be seen with Bitcoin, in which networks will [reach a consensus
on correct blockchains][3] so long as "a majority of computing power is
controlled by nodes that are not cooperating to attack the network". Of
course, users would be able to pollute the network by sending false data as
it is, and the [data is already tarnished from various factors such as body
heat][0].
Of course, I do assume that mobile devices will contain temperature sensors
in the future; [some already do][4] (but I cannot encourage their use, as
they use [proprietary software][5]). However, this is still a clever hack (I
suppose that term is redundant). In my searching while writing this article,
I did notice [prior examples of ambient temperature readings using Android
software][6] ([proprietary][5]), but the software does not aggregate data
for purposes of determining weather patterns.
Finally, please do not download OpenSignal's app; it too is
[proprietary][5]; this discussion was purely from a conceptual standpoint
and does not endorse any software.
[1]: /2013/08/london-trashcan-spies
[2]: https://www.torproject.org/
[3]: http://en.wikipedia.org/wiki/Protocol_of_Bitcoin
[4]: http://stackoverflow.com/a/11628921
[5]: http://www.gnu.org/philosophy/free-sw.html
[6]: https://play.google.com/store/apps/details?id=androidesko.android.electronicthermometer&hl=en

60
post/2014-03-20-re-freebsd-clang-and-gcc-copyleft-vs-community.md 100644
View File

@ -0,0 +1,60 @@
# Re: FreeBSD, Clang and GCC: Copyleft vs. Community
I recently received a comment via e-mail from a fellow GNU hacker Antonio
Diaz, who is the author and maintainer of [GNU Ocrad][0], a [free (as in
freedom)][1] optical character recognition (OCR) program. His comment was in
response to my article entitled [FreeBSD, Clang and GCC: Copyleft vs.
Community][2], which details the fundamental difference in philosophy
between free software and "open source".
[0]: https://www.gnu.org/software/ocrad/ocrad.html
[1]: https://www.gnu.org/philosophy/free-sw.html
[2]: /2013/08/freebsd-clang-and-gcc-copyleft-vs.community
I found Antonio's perspective to be enlightening, so I asked for his
permission to share it here.
<!-- more -->
> I imagine a world where all the Free Software is GPLed. The amount and
> usefulness of Free Software grows incesantly because free projects can
> reuse the code of previous free projects. Proprietary software is
> expensive because every company has to write most of its "products" from
> scratch. Most people use Free Software, and proprietary software is mainly
> used for specialized tasks for which no free replacement exists yet.
>
> Now I imagine a world where all the Free Software is really "open source"
> (BSD license). Free Software is restricted to the operating system and
> basic aplications because the license does not guarantee reciprocity.
> Proprietary software is cheap to produce because it is built using the
> code of free projects, but it is expensive for the user (in money and
> freedom) because there is no real competition from Free Software. Most
> people use proprietary software, as Free Software is too basic for most
> tasks.
>
> I think "open source" organizations (specially BSD) are wilfully
> destroying the long-term benefits for society of the GPL, and they are
> doing it for short-term benefits like popularity and greed:
>
> "As these companies devise strategies for dealing with GPLv3, so must the
> FreeBSD community - strategies that capitalize on this opportunity to
> increase adoption of FreeBSD." "Fundraising Update [...] This has
> increased the number of people actively approaching companies to make
> large contributions."
>
> https://www.freebsdfoundation.org/press/2007Aug-newsletter.shtml
>
> Human beings have an innate sense of justice. In absence of reciprocity
> one wants to be paid, but I think that reciprocity is much better for
> society in the long term.[^3]
Antonio compels us to think toward the future: while developers releasing
their code under permissive licenses like the [Modified BSD License][4] are
still making a generous contribution to the free software community today,
it may eventually lead to negative consequences by empowering non-free
software tomorrow.
[^3]: Comment by Antonio Diaz; the only modifications made were for
formatting.
[4]: https://www.gnu.org/licenses/license-list.html#ModifiedBSD

128
post/2014-05-16-fsf-condemns-partnership-between-mozilla-and-adobe-to-support-drm.md 100644
View File

@ -0,0 +1,128 @@
# FSF Condemns Partnership Between Mozilla and Adobe to Support DRM
Two days ago, the Free Software Foundation published [an announcement
strongly condemning Mozilla's partnership with Adobe][0] to implement the
[controversial W3C Encrypted Media Extensions (EME) API][1]. EME has been
strongly criticized by a number of organizations, including the [EFF][2] and
the [FSF's DefectiveByDesign campaign team][3] ("Hollyweb").
[Digital Restrictions Management][4] imposes artificial restrictions on
users, telling them what they can and cannot do; it is a system [that does
not make sense][5] and is harmful to society. Now, just about [a week after
the International Day Against DRM][6], Mozilla decides to [cave into the
pressure in an attempt to stay relevant][7] to modern web users, instead of
sticking to their [core philosophy about "openness, innovation, and
opportunity"][8].
[0]: http://www.fsf.org/news/fsf-condemns-partnership-between-mozilla-and-adobe-to-support-digital-restrictions-management
[1]: https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-media/encrypted-media.html
[2]: https://www.eff.org/deeplinks/2013/03/defend-open-web-keep-drm-out-w3c-standards
[3]: /2013/03/defective-by-design-campaign-against-w3c-drm-standard
[4]: http://www.defectivebydesign.org/what_is_drm_digital_restrictions_management
[5]: https://plus.google.com/+IanHickson/posts/iPmatxBYuj2
[6]: http://www.defectivebydesign.org/dayagainstdrm
[7]: https://blog.mozilla.org/blog/2014/05/14/drm-and-the-challenge-of-serving-users/
[8]: http://www.mozilla.org/en-US/about/manifesto/
John Sullivan requested in the [FSF's announcement] that the community
contact Mozilla CTO Andreas Gal in opposition of the decision. This is my
message to him:
<!-- more -->
```
Date: Wed, 14 May 2014 22:57:02 -0400
From: Mike Gerwitz <mikegerwitz@gnu.org>
To: agal@mozilla.com
Subject: Firefox EME
Andreas,
I am writing to you as a free software hacker, activist, and user; notably,
I have been using Firefox for over ten years. It has been pivotal, as I do
not need to tell you, in creating a free (as in freedom), standard, and
accessible internet for millions of users. Imagine my bewildered
disappointment, then, to learn that Firefox has chosen to cave into the
pressure to [support Digital Restrictions Management through the
implementation of EME][0].
Mitchell Baker made a feeble attempt at [rationalizing this decision][0] as
follows:
[...] Mozilla alone cannot change the industry on DRM at this point. In
the past Firefox has changed the industry, and we intend to do so again.
Today, however, we cannot cause the change we want regarding DRM. The
other major browser vendors =E2=80=94 Google, Microsoft and Apple have already
implemented the new system. In addition, the old system will be retired
shortly. As a result, the new implementation of DRM will soon become the
only way browsers can provide access to DRM-controlled content.
She goes on to explain how "video is an important aspect of online life"
and that Firefox would be "deeply flawed as a consumer product" if it did
not implement Digital Restrictions Management. This is precisely the FUD
that the "content owners" she describes, and corporations like Adobe, have
been pushing: Mozilla understands that the solution is not to implement DRM,
but to fight to encourage content to be published *without* being
DRM-encumbered. Unfortunately, they will now have little motivation to do
so, with every major browser endorsing EME.
She defers to a post by Andreas Gal [for more implementation details][1], in
which he mentions that the proprietary CDM virus (which will be happily
provided by Adobe) will be protected by a sandbox to prevent certain spying
activities like fingerprinting. While this is better than nothing, it's a
clear attempt by Mozilla to help make a terrible situation a little bit
better.
He goes on to say:
There is also a silver lining to the W3C EME specification becoming
ubiquitous. With direct support for DRM we are eliminating a major use
case of plugins on the Web, and in the near future this should allow us to
retire plugins altogether.=20
Let us not try to veil the problem and make things look more rosy than they
actually are: this is not a silver lining; it is not appropriate to have a
standardized way of manipulating and taking advantage of users.
It is true that Firefox was in an unfortunate position: many users would
indeed grow frustrated that they cannot watch their favorite TV shows and
movies using Firefox. But Firefox could have served, when the EME API was
used, static content that provided a brief explanation and a link for more
information on the problem. They could have educated users and encourage an
even stronger outcry.
Instead, we are working with the corrupt W3C to implement a seamlessly
shackled web. Mozilla wants to propose alternative solutions to DRM/EME, but
by implementing it, their position is weakened.
This is a difficult and uncomfortable step for us given our vision of a
completely open Web, but it also gives us the opportunity to actually
shape the DRM space and be an advocate for our users and their rights in
this debate. [1]
Such advocacy has been done and can continue to be done by Mozilla without
the implementation of EME; once implemented, the standard will be virtually
solidified---what is the incentive for W3C et. al. to find alternatives to a
system that is already "better than" the existing Flash and Silverlight
situation?
On behalf of the free software community, I strongly encourage your
reconsideration on the matter. Mozilla is valued by the free software
community for its attention to freedoms. Stand with us and fight. You're in
a powerful position to do so.
[0]: https://blog.mozilla.org/blog/2014/05/14/drm-and-the-challenge-of-serving-users/
[1]: https://hacks.mozilla.org/2014/05/reconciling-mozillas-mission-and-w3c-eme/
```
The following day, I [submitted the FSF announcement to HackerNews][9]
(surprised that it was not there already) in an attempt to bring further
coverage to the matter and hopefully spur on some discussion. And discuss
they did: it was on the front page for the entire day and, at the time of
writing, boasts 261 comments, many of them confused and angry. I sent the HN
link to Andreas in a follow-up as well.
Mozilla has a vast userbase and is in the position to fight for a DRM-free
web. Please voice your opinion and hope that they reverse their decision.
[9]: https://news.ycombinator.com/item?id=7749108

65
post/2014-11-30-please-stop-using-slideshare.md 100644
View File

@ -0,0 +1,65 @@
# Please stop using SlideShare
There are many great presentations out there---many that I enjoy
reading, or that I would enjoy to read. Unfortunately, many of them
are hosted on SlideShare, which requires me to download proprietary
JavaScript.
[JavaScript programs require the same freedoms as any other
software][0]. While SlideShare does (sometimes/always?) provide a
transcript in plain text---which is viewable without JavaScript---this
is void of the important and sometimes semantic formatting/images that
presenters put much time into; you know: the actual presentation bits.
(I'm a fan of plain-text presentations, but they each have their own
design elements).
[0]: https://www.gnu.org/software/easejs/whyfreejs.html
There are ways around this. SlideShare's interactive UI appears to
simply be an image viewer, so it is possible to display all sides
using a fairly simple hack:
<!-- more -->
```javascript
Array.prototype.slice.call(
document.getElementsByClassName( 'slide' ) )
.forEach( function( slide ) {
slide.classList.add( 'show' );
var img = slide.getElementsByClassName( 'slide_image' )[0];
img.src = img.dataset.full;
} );
```
This will display all slides inline. But there's a clear problem with
this: how is the non-JS-programmer supposed to know that? Even
JavaScript programmers have to research the issue in order to come up
with a solution.
But ideally, I'd like to download the presentation PDF. SlideShare
does offer a download link, but not only does it not work with
JavaScript disabled, but it requires that the user create an account.
This is no good, as it can be used to track users or discover
identities by analyzing viewing habits. This would allow
de-anonymizing users, even if they have [taken measures to remain
anonymous][1].
(By the way: at the time that I wrote this post, the [EFF's
Surveillance Self-Defense Guide][1] is [LibreJS compatible][2] and the
JavaScript code that it runs is mostly free.)
I encourage presenters (and authors in general) to release the slides
in an [unencumbered document format][3], like PDF, HTML, OpenDocument,
or plain text. Those formats should be hosted on their own website,
or websites that allow downloading those files without having to
execute proprietary JavaScript, and without having to log in. If
those authors *must* use SlideShare for whatever reason, then they
should clearly provide a link to that free document format somewhere
that users can access without having to execute SlideShare's
proprietary JavaScript, such as on the first slide. (The description
is iffy, since it is truncated and requires JavaScript to expand.)
[1]: https://ssd.eff.org/
[2]: https://www.gnu.org/software/librejs/
[3]: http://www.fsf.org/campaigns/opendocument/reject

257
post/2015-05-20-gitlab-gitorious-and-free-software.md 100644
View File

@ -0,0 +1,257 @@
# Gitlab, Gitorious, and Free Software
*This article originally appeared as a guest post on the [GitLab
blog][orig-post].*
In early March of this year, it was announced that
[GitLab would acquire Gitorious][0] and shut down `gitorious.org` by 1
June, 2015. [Reactions from the community][1] were mixed, and
understandably so: while GitLab itself is a formidable alternative to wholly
proprietary services, its acquisition of Gitorious strikes a chord with the
free software community that gathered around Gitorious in the name of
[software freedom][2].
[0]: https://about.gitlab.com/2015/03/03/gitlab-acquires-gitorious/
[1]: https://news.ycombinator.com/item?id=9138419
[2]: https://www.gnu.org/philosophy/free-sw.html
<!-- more -->
After hearing that announcement,
[as a free software hacker and activist myself][11], I was naturally
uneasy. Discussions of alternatives to Gitorious and GitLab ensued on the
[`libreplanet-discuss`][12] mailing list. Sytse Sijbrandij (GitLab
B.V. CEO) happened to be present on that list;
[I approached him very sternly][13] with a number of concerns, just as I
would with anyone that I feel does not understand certain aspects of the
[free software philosophy][2]. To my surprise, this was not the case at
all.
Sytse has spent a lot of time accepting and considering community input for
both the Gitorious acquisition and GitLab itself. He has also worked with
me to address some of the issues that I had raised. And while these issues
won't address everyone's concerns, they do strengthen GitLab's commitment to
[software freedom][2], and are commendable.
I wish to share some of these details here; but to do so, I first have to
provide some background to explain what the issues are, and why they are
important.
## Free Software Ideology
[Gitorious][3] was (and still is) one of the most popular Git repository
hosts, and largely dominated until the introduction of GitHub. But even as
users flocked to [GitHub's proprietary services][28], users who value freedom
continued to support Gitorious, both on `gitorious.org` and by installing
their own instances on their own servers. Since Gitorious is
[free software][2], users are free to study, modify, and share it with
others. But [software freedom does not apply to Services as a
Software Substitute (SaaSS)][4] or remote services---you cannot apply the
[four freedoms][2] to something that you do not yourself possess---so why do
users still insist on using `gitorious.org` despite this?
The matter boils down to supporting a philosophy: The
[GNU General Public License (GPL)][6] is a license that turns copyright on
its head: rather than using copyright to restrict what users can do with a
program, the GPL instead [ensures users' freedoms][8] to study, modify, and
share it. But that isn't itself enough: to ensure that the software always
remains free (as in freedom), the GPL ensures that all *derivatives* are
*also* licensed under similar terms. This is known as [copyleft][9], and it
is vital to the free software movement.
Gitorious is licensed under the
[GNU Affero General Public License Version 3 (AGPLv3)][5]---this takes the
[GPL][6] and adds an additional requirement: if a modified version of the
program is run on a sever, users communicating with the program on that
server must have access to the modified program's source code. This ensures
that [modifications to the program are available to all users][7]; they
would otherwise be hidden in private behind the server, with others unable
to incorporate, study, or share them. The AGPLv3 is an ideal license for
Gitorious, since most of its users will only ever interact with it over a
network.
GitLab is also free software: its [Expat license][10] (commonly referred to
ambiguously as the "MIT license") permits all of the same freedoms that
are granted under the the GNU GPL. But it does so in a way that is highly
permissive: it permits relicensing under *any* terms, free or not. In other
words, one can fork GitLab and derive a proprietary version from it, making
changes that deny users [their freedoms][2] and cannot be incorporated back
into the original work.
This is the issue that the free software community surrounding Gitorious has
a problem with: any changes contributed to GitLab could in turn benefit a
proprietary derivative. This situation isn't unique to GitLab: it applies
to all non-copyleft ("permissive") [free software licenses][26]. And this
issue is realized by GitLab itself in the form of its GitLab Enterprise
Edition (GitLab EE): a proprietary derivative that adds additional
features atop of GitLab's free Community Edition (CE). For this reason,
many free software advocates are uncomfortable contributing to GitLab, and
feel that they should instead support other projects; this, in turn, means
not supporting GitLab by using and drawing attention to their hosting
services.
The copyleft vs. permissive licensing debate is one of the free software
movement's most heated. I do not wish to get into such a debate here. One
thing is clear: GitLab Community Edition (GitLab CE) is free
software. Richard Stallman (RMS) [responded directly to the thread on
`libreplanet-discuss`][20], stating plainly:
> We have a simple way of looking at these two versions. The free
> version is free software, so it is ethical. The nonfree version is
> nonfree software, so it is not ethical.
Does GitLab CE deserve attention from the free software community? I
believe so. Importantly, there is another strong consideration: displacing
proprietary services like GitHub and Bitbucket, which host a large number of
projects and users. GitLab has a strong foothold, which is an excellent
place for a free software project to be in.
If we are to work together as a community, we need to respect GitLab's
free licensing choices just as we expect GitLab to respect ours. Providing
respect does not mean that you are conceding: I will never personally use a
non-copyleft license for my software; I'm firmly rooted in my dedication to
the [free software philosophy][2], and I'm sure that many other readers are
too. But using a non-copyleft license, although many of us consider it to
be a weaker alternative, [is not wrong][23].
## Free JavaScript
As I mentioned above,
[software freedom and network services are separate issues][4]---the four
freedoms do not apply to interacting with `gitlab.com` purely over a network
connection, for example, because you are not running its software on your
computer. However, there is an overlap: JavaScript code downloaded to be
executed in your web browser.
[Non-free JavaScript][15] is a particularly nasty concern: it is software
that is downloaded automatically from a server---often without prompting
you---and then immediately executed. Software is now being executed on your
machine, and [your four freedoms][2] are once again at risk. This, then,
[is the primary concern][16] for any users visiting `gitlab.com`: not only
would this affect users that use `gitlab.com` as a host, but it would also
affect *any user that visits* the website. That would be a problem, since
hosting your project there would be inviting users to run proprietary
JavaScript.
As I was considering migrating my projects to GitLab, this was the
[first concern I brought up to Sytse][14]. This problem arises because
`gitlab.com` uses a GitLab EE instance: if it had used only its Community
Edition (GitLab CE)---which is free software---then all served JavaScript
would have been free. But any scripts served by GitLab EE that are not
identical to those served by GitLab CE are proprietary, and therefore
unethical. This same concern applies to GitHub, Bitbucket, and other
proprietary hosts that serve JavaScript.
Sytse surprised me by stating that he would be willing to
[freely license all JavaScript in GitLab EE][17], and by offering to give
anyone access to the GitLab EE source code who wants to help out. I took
him up on that offer. Initially, I had submitted a patch to merge all
GitLab EE JavaScript into GitLab CE, but Sytse came up with another,
superior suggestion, that ultimately provided even greater reach.
**I'm pleased to announce that Sytse and I were able to agree on a license
change (with absolutely no friction or hesitation on his part) that
liberates all JavaScript served to the client from GitLab EE instances.**
There are two concerns that I had wanted to address: JavaScript code
directly written for the client, and any code that produced JavaScript as
output. In the former case, this includes JavaScript derived from other
sources: for example, GitLab uses CoffeeScript, which compiles *into*
JavaScript. The latter case is important: if there is any code that
generates fragments of JavaScript---e.g. dynamically at runtime---then that
code must also be free, or users would not be able to modify and share the
resulting JavaScript that is actually being run on the client. Sytse
accepted my change verbatim, while adding his own sentence after mine to
disambiguate. At the time of writing this post, GitLab EE's source code
isn't yet publicly visible, so here is the relevant snippet from its
`LICENSE` file:
> The above copyright notices applies only to the part of this Software that
> is not distributed as part of GitLab Community Edition (CE), and that is
> not a file that produces client-side JavaScript, in whole or in part. Any
> part of this Software distributed as part of GitLab CE or that is a file
> that produces client-side JavaScript, in whole or in part, is copyrighted
> under the MIT Expat license.
## Further Discussion
My discussions with Sytse did not end there: there are other topics that
have not been able to be addressed before my writing of this post that would
do well to demonstrate commitment toward [software freedom][2].
The license change liberating client-side JavaScript was an excellent
move. To expand upon it, I wish to submit a patch that would make GitLab
[LibreJS compliant][21]; this provides even greater guarantees, since it
would allow for users to continue to block other non-free JavaScript that
may be served by the GitLab instance, but not produced by it. For example:
a website/host that uses GitLab may embed proprietary JavaScript, or modify
it without releasing the source code. Another common issue is the user of
analytics software; `gitlab.com` uses Google Analytics.
If you would like to help with LibreJS compliance, please [contact me][11].
I was brought into another discussion between Sytse and RMS that is
unrelated to the GitLab software itself, but still a positive demonstration
of a commitment to [software freedom][2]---the replacement of Disqus on the
`gitlab.com` blog with a free alternative. Sytse ended up making a
suggestion, saying he'd be "happy to switch to" [Juvia][22] if I'd help with
the migration. I'm looking forward to this, as it is an important
discussion area (that I honestly didn't know existed until Sytse told me
about it, because I don't permit proprietary JavaScript!). He was even kind
enough to compile a PDF of comments for one of our discussions, since he was
cognizant ahead of time that I would not want to use Disqus. (Indeed, I
will be unable to read and participate in the comments to this guest post
unless I take the time to freely read and reply without running Disqus'
proprietary JavaScript.)
Considering the genuine interest and concern expressed by Sytse in working
with myself and the free software community, I can only expect that GitLab
will continue to accept and apply community input.
It is not possible to address the copyleft issue without a change in
license, which GitLab is not interested in doing. So the best way to
re-assure the community is through action. [To quote Sytse][18]:
> I think the only way to prove we're serious about open source is in our
> actions, licenses or statements don't help.
There are fundamental disagreements that will not be able to be
resolved between GitLab and the free software community---like their
["open core" business model][19]. But after working with Sytse and seeing
his interactions with myself, RMS, and many others in the free software
community, I find his actions to be very encouraging.
*Are you interested in helping other websites liberate their JavaScript?
Consider [joining the FSF's campaign][27], and
[please liberate your own][16]!*
*This post is licensed under the
[Creative Commons Attribution-ShareAlike 3.0 Unported License][25].*
[3]: https://gitorious.org/
[4]: https://www.gnu.org/philosophy/who-does-that-server-really-serve.html
[5]: https://www.gnu.org/licenses/agpl.html
[6]: https://www.gnu.org/licenses/gpl.html
[7]: https://www.gnu.org/licenses/why-affero-gpl.html
[8]: https://www.gnu.org/licenses/quick-guide-gplv3.html
[9]: https://www.gnu.org/philosophy/pragmatic.html
[10]: https://www.gnu.org/licenses/license-list.html#Expat
[11]: http://mikegerwitz.com/
[12]: https://lists.gnu.org/mailman/listinfo/libreplanet-discuss
[13]: https://lists.gnu.org/archive/html/libreplanet-discuss/2015-03/msg00075.html
[14]: https://lists.gnu.org/archive/html/libreplanet-discuss/2015-04/msg00019.html
[15]: https://www.gnu.org/philosophy/javascript-trap.html
[16]: https://www.gnu.org/software/easejs/whyfreejs.html
[17]: https://lists.gnu.org/archive/html/libreplanet-discuss/2015-04/msg00020.html
[18]: https://news.ycombinator.com/item?id=9141801
[19]: https://lists.gnu.org/archive/html/libreplanet-discuss/2015-03/msg00076.html
[20]: https://lists.gnu.org/archive/html/libreplanet-discuss/2015-03/msg00095.html
[21]: https://www.gnu.org/software/librejs/free-your-javascript.html
[22]: https://github.com/phusion/juvia
[23]: https://www.fsf.org/blogs/rms/selling-exceptions
[24]: https://gnu.org/software/easejs
[25]: http://creativecommons.org/licenses/by-sa/3.0/
[26]: https://www.gnu.org/licenses/license-list.html
[27]: https://fsf.org/campaigns/freejs
[28]: http://mikegerwitz.com/about/githubbub
[orig-post]: https://about.gitlab.com/2015/05/20/gitlab-gitorious-free-software/

60
post/2015-11-20-comcast-injects-javascript-into-web-pages.md 100644
View File

@ -0,0 +1,60 @@
# Comcast injects JavaScript into web pages
It seems that Comcast has decided that it is a good idea to [inject
JavaScript into web pages][js] visited by its customers in order to inform
them of Copyright violations.
[js]: https://gist.github.com/Jarred-Sumner/90362639f96807b8315b
This is a huge violation of user privacy and trust. Further, it shows that
an ISP (and probably others) feel that they have the authority to dictate
what is served to the user on a free (as in speech) Internet. Why should we
believe that they won't start injecting other types of scripts that spy on
the user or introduce advertising? What if a malicious actor compromises
Comcast's servers and serves exploits to users?
It is no surprise that Comcast is capable of doing this---they know the IP
address of the customer, so they are able to intercept traffic and alter it
in transit. But the fact that they _can_ do this demonstrates something far
more important: _that they have spent the money on the infrastructure to do
so_!
<!-- more -->
Comcast isn't the only ISP to have betrayed users by injecting data. One
year ago, it was discovered that [Verizon was injecting "perma-cookies" into
requests to track users][verizon]. This is only one example of the
insidious abuses that unchecked ISPs can take.
So what can you do to protect yourself?
What Comcast is doing is called a [man-in-the-middle (MITM) attack][mitm]:
Comcast sits in the middle of you and your connection to the website that
you are visiting, proxying your request. Before relaying the website's
response to you, it modifies it.
In order to do this, Comcast needs to be able to read your communications,
and must be able to modify them: the request must be read in order to
determine how the JavaScript should be injected and what request it should
be injected into; and it must be modified to perform the injection. It
cannot (given a properly configured web server) do so if your connection is
encrypted. In the case of web traffic, `https` URLs with the little lock
icon in your web browser generally indicates that your communications are
encrypted, making MITM attacks
unlikely.
(We're assuming that Comcast won't ask you to install a root CA so that they
can decrypt your traffic! But that would certainly be noticed, if they did
so on a large enough scale.)
Not all websites use SSL. Another method is to use encrypted proxies, VPNs,
or services like like [Tor][tor]. This way, Comcast will not be able to
read or modify the communications.
See also: [HackerNews discussion][hn]; [original Reddit discussion][reddit].
[verizon]: https://www.eff.org/deeplinks/2014/11/verizon-x-uidh
[mitm]: https://en.wikipedia.org/wiki/Man-in-the-middle_attack
[hn]: https://news.ycombinator.com/item?id=10592775
[reddit]: https://www.reddit.com/r/HuntsvilleAlabama/comments/35v4sn/comcast_is_injecting_bad_javascript_to_your/
[tor]: https://tor.org/

14
post/2015-12-09-now-hosting-personal-gnu-social-instance.md 100644
View File

@ -0,0 +1,14 @@
# Now Hosting Personal GNU Social Instance
When I started writing this blog, my intent was to post notices more
frequently and treat it more like a microblogging platform; but that's not
how it ended up. Instead, I use this site to write more detailed posts with
solid references to back up my statements.
[GNU Social](https://gnu.org/software/social/) is a federated social
network---you can host your own instances and they all communicate with
one-another. You can find mine at the top of this page under "Notices", or
at [https://social.mikegerwitz.com/](https://social.mikegerwitz.com/). I
will be using this site to post much more frequent miscellaneous notices.
<!-- more -->

92
post/2016-01-24-google-analytics-removed-from-gitlabcom-instance.md 100644
View File

@ -0,0 +1,92 @@
# Google Analytics Removed from GitLab.com Instance
*This was originally written as a guest post for GitLab in November of 2015,
but they [decided not to publish it][gitlab-merge].*
[gitlab-merge]: https://gitlab.com/gitlab-com/www-gitlab-com/merge_requests/1094
Back in May of of 2015, I [announced GitLab's liberation of their Enterprise
Edition JavaScript][ggfs] and made some comments about GitLab's course and
approach to software freedom. In liberating GitLab EE's JavaScript, all
code served to the browser by GitLab.com's GitLab instance was [Free (as in
freedom)][free-sw], except for one major offender: Google Analytics.
[ggfs]: https://about.gitlab.com/2015/05/20/gitlab-gitorious-free-software/
[free-sw]: https://www.gnu.org/philosophy/free-sw.html
Since Google Analytics was not necessary for the site to function, users
could simply block the script and continue to use GitLab.com
[ethically][free-sw]. However, encouraging users to visit a project on
GitLab.com while knowing that it loads Google Analytics is a problem both
for users' freedoms, and for their privacy.
<!-- more -->
GitLab is more than service and front-end to host Git repositories; it has a
number of other useful features as well. Using those features, however,
would mean that GitLab.com is no longer just a mirror for a project---it
would be endorsed by the project's author, requiring that users visit the
project on GitLab.com in order to collaborate. For example, if an author
were to use the GitLab issue tracker on GitLab.com, then she would be
actively inviting users to the website by telling them to report issues and
feature requests there.
We cannot realistically expect that anything more than a minority of
visitors will know how to block Google Analytics (or even understand that it
is a problem). Therefore, if concerned authors wanted to use those features
of GitLab, they had to use another hosted instance of GitLab, or host their
own. But the better option was to encourage GitLab.com to remove Google
Analytics entirely, so that _all_ JavaScript code served to the users is
[Free][free-sw].
GitLab has chosen to actively
[work with the Free Software movement][ggfs]---enough so that they are now
considered an [acceptable host for GNU projects][gitlab-gnu-criteria]
according to [GNU's ethical repository criteria][gnu-repo-criteria]. And
they have chosen to do so again---headed by Sytse Sijbrandij (GitLab
Inc. CEO), Google Analytics has been removed from the GitLab.com instance
and replaced with [Piwik][piwik].
## More Than Just Freedom
This change is more than a commitment to users' freedoms---it's also a
commitment to users' privacy that cannot be understated. By downloading and
running Google Analytics, users are being infected with some of the most
[sophisticated examples of modern spyware][ga-wikipedia]: vast amounts of
[personal and behavioral data][ga-google] are sent to Google for them to use
and share as they wish. Google Analytics also tracks users across [many
different websites][ga-popularity], allowing them to discover your interests
and behaviors in ways that users themselves may not even know.
GitLab.com has committed to using [Piwik][piwik] on their GitLab instance,
which [protects users' privacy][piwik-privacy] in a number of very important
ways: it allows users to opt out of tracking, anonymizes IP addresses,
retains logs for limited time periods, respects [DoNotTrack][eff-dnt], and
more. Further, all logs _will be kept on GitLab.com's own servers_, and is
therefore governed solely by
[GitLab.com's Privacy Policy][gitlab-privacy]; this means that other
services will not be able to use these data to analyze users' behavior on
other websites, and advertisers and others will know less about them.
Users should not have to try to [anonymize themselves][eff-ssd] in
order to maintain their privacy---privacy should be a default, and a
respected one at that. GitLab has taken a strong step in the right
direction; I hope that others will take notice and do the same.
*Are you interested in helping other websites liberate their JavaScript?
Consider [joining the FSF's campaign][freejs], and
[please liberate your own][whyfreejs]!*
[eff-dnt]: https://www.eff.org/dnt-policy
[eff-ssd]: http://ssd.eff.org/
[freejs]: https://fsf.org/campaigns/freejs
[ga-google]: https://www.google.com/analytics/standard/features/
[ga-popularity]: http://w3techs.com/technologies/overview/traffic_analysis/all
[ga-wikipedia]: https://en.wikipedia.org/wiki/Google_Analytics
[gitlab-featurse]: https://about.gitlab.com/features/
[gitlab-gnu-criteria]: https://lists.gnu.org/archive/html/repo-criteria-discuss/2015-11/msg00012.html
[gitlab-privacy]: https://about.gitlab.com/privacy/
[gnu-repo-criteria]: https://www.gnu.org/software/repo-criteria.html
[mtg]: http://mikegerwitz.com/
[piwik]: https://piwik.org/
[piwik-privacy]: https://piwik.org/privacy/
[whyfreejs]: https://www.gnu.org/software/easejs/whyfreejs.html

45
post/2016-02-28-join-me-at-libreplanet-2016-for-my-talk-restore-online-freedom.md 100644
View File

@ -0,0 +1,45 @@
# Join me at LibrePlanet 2016 for my talk "Restore Online Freedom!"
I will be [speaking at LibrePlanet this year][lp2016] (2016) about freedom
on the Web. Here's the session description:
[lp2016]: https://www.libreplanet.org/2016/program/
> Imagine a world where surveillance is the default and users must opt-in to
> privacy. Imagine that your every action is logged and analyzed to learn
> how you behave, what your interests are, and what you might do next.
> Imagine that, even on your fully free operating system, proprietary
> software is automatically downloaded and run not only without your
> consent, but often without your knowledge. In this world, even free
> software cannot be easily modified, shared, or replaced. In many cases,
> you might not even be in control of your own computing -- your actions and
> your data might be in control by a remote entity, and only they decide
> what you are and are not allowed to do.
>
> This may sound dystopian, but this is the world you're living in right
> now. The Web today is an increasingly hostile, freedom-denying place that
> propagates to nearly every aspect of the average users' lives -- from
> their PCs to their phones, to their TVs and beyond. But before we can
> stand up and demand back our freedoms, we must understand what we're being
> robbed of, how it's being done, and what can (or can't) be done to stop
> it.
<!-- more -->
There are a number of other [great sessions][lp2016] this year from a
[number of speakers][lp2016s], many well-known. We also have an opening
keynote from Edward Snowden!
All [FSF associate members get free entry][fsfmember]. If you can't join
us, the conference will be streamed live. You can also see [videos of past
talks][lpvideos] on the FSF's self-hosted [GNU MediaGoblin][goblin]
instance.
Special thanks to the FSF for covering a large portion of my travel
expenses; I otherwise might not have been able to attend. Thank you to all
who donated to the conference scholarship fund.
[lp2016s]: https://www.libreplanet.org/2016/program/speakers.html
[fsfmember]: https://crm.fsf.org/join
[lpvideos]: https://media.libreplanet.org/
[goblin]: http://mediagoblin.org/

37
post/2016-04-02-reddit-suspected-to-have-been-served-with-an-nsl.md 100644
View File

@ -0,0 +1,37 @@
# Reddit suspected to have been served with an NSL
It is suspected that Reddit has been [served with an NSL][schneier].
[National Security Letters (NSLs)][nsl] are subpoena served by the United
States federal government and often come with a gag order that prevents the
recipient from even stating that they received the letter.
[schneier]: https://www.schneier.com/blog/archives/2016/04/reddits_warrant.html
[nsl]: https://en.wikipedia.org/wiki/National_Security_Letter
<!-- more -->
[Warrant canaries][canary] are used to circumvent gag orders by stating
that requests have *not* been received, under the [legal theory][court]
that, while courts can compel persons not to speak, they can't compel them
to lie. [Reddit's canary has died][reddit-report]---the canary is absent
from their most recent 2015 transparency report, where it was [present in
the 2014 report][reddit-report-2014].
Does this mean that you should stop using Reddit? No; canaries are an
important transparency method. If you are worried about your privacy, you
shouldn't disclose the information to a third party to begin with. Note
that this includes metadata that are gathered about you when you, for
example, browse subreddits while logged in. You can help mitigate that by
[browsing anonymously using Tor][donot], being sure never to log in during
the same session.
The website [Canary Watch][cw] is a website that tracks warrant canaries.
I'm awaiting further analysis after the weekend.
[canary]: https://en.wikipedia.org/wiki/Warrant_canary
[cw]: https://www.canarywatch.org/
[court]: https://gigaom.com/2014/10/10/are-warrant-canaries-legal-twitter-wants-to-save-techs-warning-signal-of-government-spying/
[reddit-report]: https://web.archive.org/web/20160331210850/https://www.reddit.com/wiki/transparency/2015
[reddit-report-2014]: https://web.archive.org/web/20160331204815/https://www.reddit.com/wiki/transparency/2014
[donot]: https://www.whonix.org/wiki/DoNot

27
post/2016-04-03-facebook-will-use-software-for-the-vr-headset-occulus-rift-to-spy-on-you.md 100644
View File

@ -0,0 +1,27 @@
# Facebook will use software for the VR headset Occulus Rift to spy on you
Anything coming out of Facebook should be [cause for concern][rms-fb]. So,
naturally, one might be concerned when they decide to get into the virtual
reality (VR) scene by [purchasing the startup Occulus VR][fb-vr], makers of
the Occulus Rift VR headset. One can only imagine all the fun ways Facebook
will be able to track, manipulate, spy on, and otherwise screw over users
while they are immersed in a virtual reality.
[rms-fb]: https://stallman.org/facebook.html#privacy
[fb-vr]: http://www.theguardian.com/technology/2014/jul/22/facebook-oculus-rift-acquisition-virtual-reality
Sure enough, we have our first peak: [the software that Facebook has you
install for the Occulus Rift is spyware][fb-spy], reporting on what
*unrelated* software you use on your system, your location (including GPS
data and nearby Wifi networks), the type of device you're using, unique
device identifiers, your movements while using the VR headset, and more.
[fb-spy]: http://uploadvr.com/facebook-oculus-privacy/
<!-- more -->
This is absurd. Do not play into Facebook's games through temptation of
cool new technology; reject their terms and see if there's other ways you
can use the headset without their proprietary spyware. If not, perhaps you
should ask for a refund, and tell them why.

Some files were not shown because too many files have changed in this diff Show More