mikegerwitz
/
thoughts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Convert posts to markdown files 

This was considerable effort, and took a bit more time than I had
hoped.  While newer posts were written with Markdown, previous ones were
writen with my own Markdown-like formatting, but they had enough differences
that it was quite an effort to get things updated.  I also checked the HTML
output of each, though I didn't read every article in detail.

Some of these were more substantial than others; National Uproar, for
example.

These conversions were markup translations: the actual text remains
unchanged, except in one minor instance to add text for the sake of
providing some text to hold a link to a quote.  Any changes to post text
will happen in future commits so that the diffs are clearly visible.
master
Mike Gerwitz 2018-12-17 23:31:08 -05:00
parent 2a674052b0
commit 64e1341075
Signed by: mikegerwitz
GPG Key ID: 8C917B7F5DC51BA2
91 changed files with 4875 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
post/2012-10-05-microblogging.md 100644
View File

@ -0,0 +1,29 @@
# Who needs "microblogging"?
I don't. This is just some place safe to store random thoughts that people
probably don't care about (like most comments on most social networking
services), with the added benefit of distributed backup, a simple system and no
character limit.
<!-- more -->
All the thoughts are commit messages; in particular, this means no versioning.
That's okay, because I'm not going to go back and modify them, but I do want
dates and I do want GPG signatures (to show that it's actually me thinking this
crap).
This isn't a journal.
This will mostly be a hacker's thought cesspool.
This isn't a blog.
Though, considering how much I ramble (look at this message), certain thoughts
could certainly seem like blog entries. Don't get the two confused---one
requires only thought defecation and the other endures the disturbing task of
arranging the thought matter into something coherent and useful to present to
others.
Yeah. Enjoy. Or don't. You probably shouldn't, even if you do. If you don't,
you probably should just to see that you shouldn't.

12
post/2012-10-05-tired.md 100644
View File

@ -0,0 +1,12 @@
# Getting too tired to hack? At 23:00?
This has been normal since becoming a father. I can't complain---I love being a
father. Of course, I also love hacking. I also love sleep. Knowing that my son
is going to wake me up a 6:00 in the morning has a slight influence in a
situation like this.
<!-- more -->
I'd like to just suffer through it, but being a fiancé also has another
obligation: going to bed when your significant other decides that it's bed time
(and by "bed time" I mean sleep). I still manage to fit it in somehow.

32
post/2012-10-06-trademarks.md 100644
View File

@ -0,0 +1,32 @@
# The use of trademarks in free software has always been a curious and unclear concept to me, primarily due to my ignorance on the topic
Trademarks, unless abused, are intended to protect consumers' interests---are
they getting the brand that they think they're getting? If you download Firefox,
are you getting Firefox, or a derivative?
<!-- more -->
Firefox is precicely one of those things that has brought this issue to light
for me personally: the name is trademarked and derivatives must use their own
names, leading to IceCat, IceWeasel, Abrowser, etc. Even though FF is free
software, the trademark imposes additional restrictions that seem contrary to
the free software philosophy. As such, it was my opinion that trademarks should
be avoided or, if they exist, should not be exercised. (GNU, for example, is
trademarked[^0], but the FSF certainly [does not exercise it][1]; consider GNUplot,
a highly popular graphing program, which is not even part of the GNU project.)
[This article][2] provides some perspective on the topic and arrives at much the
same conclusions: trademark enforcement stifles adoption and hurts the project
overall.
I recommend that trademarks not be used for free software projects, though I am
not necessarily opposed to registering a trademark "just in case" (for example,
to prevent others from maliciously attempting to register a trademark for your
project).
[1]: http://www.gnu.org/prep/standards/html_node/Trademarks.html
[2]: http://mako.cc/copyrighteous/20120902-00
[^0]: uspto.gov; serial number 85380218; reg. number 4125065.
From what I could find from the USPTO website, it was submitted by
Aaron Williamson of the SFLC (http://www.softwarefreedom.org/about/team/)

17
post/2012-10-09-election-attack-ads.md 100644
View File

@ -0,0 +1,17 @@
# All these election attack ads are utterly useless
There have been a lot of elections going on lately---local, state and national.
The majority of those ads are attack ads: immature and disrespectful; if you
want my vote, give me something positive to vote for instead of spending all of
your time and money attacking your candidate. If my vote is to go to the "least
horrible" candidate, then there is no point in voting at all.
<!-- more -->
Even more frustrating is the deceptiveness of the ads---intentional
deceptiveness, nonetheless. And these are the ads that many in the United States
will be basing the majority of, if not all, of their vote on come election time
(how many will realistically research instead of sitting in front of the TV
absorbing all of the useless bullshit that they are spoonfed?).
Frightening.

42
post/2012-10-09-kid-iphone-game.md 100644
View File

@ -0,0 +1,42 @@
# Why no kid (or kid at heart) should write an iPhone game
I saw [this post][0] appear on HackerNews, talking about how building a game for
iOS is "fun" and "cool". The poster lures the reader in with talk of making
money and talks of a "unique sense of fulfillment" that comes with development
of these games, and then goes on to invite kids to learn how to develop games
for the iPhone (and presumably other iOS devices).
[0]: http://blog.makegameswith.us/post/33263097029/call-to-arms
This is a terrible idea.
<!-- more -->
Getting children involved with hacking is an excellent idea, but introducing
them to the evils of Apple and associating that with a feeling of pleasure does
a great disservice; all software developed for iOS must be "purchased" (even
if it's of zero cost) through a walled garden called the "App Store". The
problem with this is that [the App Store is hostile toward free
software][1]---its overly restrictive terms are incompatible with free software
licenses like the GPL. Teaching children to develop software for this crippled,
DRM-laden system is teaching them that it is good to prevent sharing, stifle
innovation and deny aid to your neighbor.
A better solution would be to suggest developing software for a completely free
mobile operating system instead of iOS, such as [Replicant][2] (a fully free
Android distribution). Even if Replicant itself were not used, Android itself,
so long as proprietary implementations and "stores" are avoided[[3]], is much
more [compatible with education][4] than iOS, since the children are then able
to freely write and distribute the software without being controlled by
malicious entities like Apple. Furthermore, they would then be able to use a
fully free operating system such as GNU/Linux to *write* the software.
Do not let fun and wealth disguise this ugly issue. Even more importantly---do
not pass this practice and woeful acceptance down to our children. I receive a
"unique sense of fulfillment" each and every day hacking free software far
away from Apple's grasp.
[1]: http://www.fsf.org/news/blogs/licensing/more-about-the-app-store-gpl-enforcement
[2]: http://replicant.us/
[3]: http://www.gnu.org/philosophy/android-and-users-freedom.html
[4]: http://www.gnu.org/education/edu-schools.html

27
post/2012-10-09-ssh-t.md 100644
View File

@ -0,0 +1,27 @@
# Always use -t with ssh-add (and always set passwords on your ssh keys)
Many people use SSH keys for the sole purpose of avoiding password entry when
logging into remote boxes. That is legtimate, especially if you frequently run
remote commands or wish to take advantage of remote tab complation, but creating
a key with an empty password is certainly the wrong approach---if an attacker
gets a hold of the key, then they have access to all of your boxes before you
have the chance to notice and revoke the key.
<!-- more -->
ssh-agent exists for this purpose. The problem is---creating an agent only to
place the key in memory indefinately is also a terrible idea. If your system
does become compromised and the attacker is either root access or access as your
user, then they can simply connect to the ssh-agent (unless it's password
protected) and start using your key. Also consider that, should you leave your
box unattended for even a moment without locking it (for whatever reason---shit
happens), an attacker could gain physical access to your PC (and an attacker may
just be a coworker looking to play a prank).
Every morning at work, I begin the day by typing ssh-add followed by an
appropriate lifetime (be it the duration of the work day, or the duration that I
think I will need the key). This way, your key is in memory when you are likely
to be physically present at the box and it is automatically removed from memory
after a given lifetime. Additionally, I like to add `ssh-add -D` to the script
that locks my PC when I walk away from my desk: that will immediately clear all
keys from memory, just in case.

21
post/2012-10-10-school-rfid.md 100644
View File

@ -0,0 +1,21 @@
# Texas middle and high schools tracking student locations with RFID tags
[An article][0] describes how a school district in Texas is attempting to force
its students to wear RFID tags at all times in order to track their location to
"stem the rampant truancy devastating the school's funding".
[0]: http://rt.com/usa/news/texas-school-id-hernandez-033/
What?
<!-- more -->
This is deeply concerning. Not only does this raise serious security and privacy
concerns (as mentioned near the end of the article), but it also costed the
schools over a half a million dollars to implement. In order words: Texas
taxpayer money has been wasted in an effort to track our children.
Good thing they don't have anything [better to spend that money on.][1]
[1]: http://fedupwithlunch.com/

8
post/2012-10-13-day-changed.md 100644
View File

@ -0,0 +1,8 @@
# "Day changed to S"
Whatever "S" may be (in this case, "13 Oct 2012"), there is always a sense
of peace and gratification that comes with witnessing that line appear in any
type of log; it shows a dedication to an art, should your days contain daylight.
<!-- more -->

8
post/2012-10-16-branch-pred.md 100644
View File

@ -0,0 +1,8 @@
# Branch Prediction
An enlightening discussion on branch prediction.[0]
[0]: http://stackoverflow.com/questions/11227809/why-is-processing-a-sorted-array-faster-than-an-unsorted-array
<!-- more -->

7
post/2012-10-16-free-speech-western.md 100644
View File

@ -0,0 +1,7 @@
# Free Speech in the Western World
An interesting opinion piece on [free speech in the western world.][0]
[0]: http://www.washingtonpost.com/opinions/the-four-arguments-the-western-world-uses-to-limit-free-speech/2012/10/12/e0573bd4-116d-11e2-a16b-2c110031514a_print.html
<!-- more -->

24
post/2012-10-16-nyc-master-keys.md 100644
View File

@ -0,0 +1,24 @@
# NYC Master Keys
[Bruce Schneier summarizes in a blog post][0] a disturbing topic regarding a New
York City locksmith selling "master keys" on eBay, providing access to various
services such as elevators and subway entrances.
[A discussion about this blog post on Hacker News][1] yielded some interesting
conversation, including an [even more disturbing article describing how simple
it may be to create master keys][2] for a set of locks given only the lock, its
key and a number of attempts.
[0]: http://www.schneier.com/blog/archives/2012/10/master_keys.html
[1]: http://news.ycombinator.com/item?id=4654777
[2]: http://www.crypto.com/masterkey.html
<!-- more -->
I'll let you ponder the implications of both of these topics. Here's something
to get you started: organized crime could use these keys to effectively evade
law enforcement or break into millions of "locked" homes. Crackers could gain
intimate access to various city systems whereby they may be able to further
obstruct or infect systems. A security system is only as strong as its weakest
link. Keeping citizens in the dark about these issues gives them a dangerous and
false sense of security.

27
post/2012-10-16-verizon-router-backdoors.md 100644
View File

@ -0,0 +1,27 @@
# Verizon router backdoors
A [very disturbing article][0] makes mention of a Verizon TOS update for its
Internet service customers:
[0]: http://www.linuxbsdos.com/2012/10/04/is-that-a-backdoor-or-an-administrative-password-on-your-verizon-internet-router/
> Section 10.4 was updated to clarify that Verizon may in limited instances
> modify administrative passwords for home routers in order to safeguard
> Internet security and our network, the security and privacy of subscriber
> information, to comply with the law, and/or to provide, upgrade and maintain
> service.
<!-- more -->
...what? This is deeply disturbing, deeply perverted idea of security. Not only
is this a severe privacy concern (all internet traffic passes through your
router), but it's a deep *security* concern---what if a cracker is able to
figure out Verizon's password scheme, intercept the communication with your
router or otherwise?
I recommend that you (a) use your own router, (b) change its default password if
you have not yet done so and (c) disallow remote access. Furthermore, I
recommend using a free (as in freedom) firmware such as [DD-WRT][1] if supported
by your hardware.
[1]: http://dd-wrt.com/

34
post/2012-10-17-pacemaker-cracking.md 100644
View File

@ -0,0 +1,34 @@
# Crackers capable of causing pacemaker deaths
[This article][0] demonstrates why medical devices must contain free software:
crackers are able to, with this particular type of pacemaker, exploit the device
to trigger a fatal electric shock to its host from as far as 30 feet away (the
article also mentions rewriting the firmware, which could of course be used to
schedule a deadly shock at a predetermined time). These issues would not exist
with free software, as the user and the community would be able to study the
source code and fix any defects (or hire someone who can) before placing it in
their bodies.
[0]: http://www.scmagazine.com.au/News/319508,hacked-terminals-capable-of-causing-pacemaker-mass-murder.aspx
<!-- more -->
(Note that this article mistakenly uses the term "hacker" when they really
mean "cracker".)
The aforementioned article is an excellent supplement to [a discussion on free
software in pacemakers][1]. In particular, I had pointed out within this
discussion [a talk by Karen Sandler of the GNOME Foundation regarding this
issue][2] at OSCON 2011, in which she mentions potential issues of proprietary
software in pacemakers and the difficulty she faced in attempting to get the
source code for one that she was considering for herself.
The discussion on HackerNews also yielded [an article by the SFLC][3] detailing
this issue.
(Please do not use YouTube's proprietary video player to view the mentioned
YouTube video.)
[1]: http://news.ycombinator.com/item?id=3959547
[2]: https://www.youtube.com/watch?v=nFZGpES-St8
[3]: https://www.softwarefreedom.org/news/2010/jul/21/software-defects-cardiac-medical-devices-are-life-/

12
post/2012-10-18-defense-of-marriage-act.md 100644
View File

@ -0,0 +1,12 @@
# Federal Appeals Court Declares "Defense of Marriage Act" Unconstitutional
A step in the [right direction.][0]
It should also be noted that New York State had also [legalized same sex
marriage back in July of 2011][1]---a move I was particularily proud of as a
resident of NY state.
[0]: http://www.aclu.org/lgbt-rights/federal-appeals-court-declares-defense-marriage-act-unconstitutional
[1]: http://en.wikipedia.org/wiki/Same-sex_marriage_in_New_York
<!-- more -->

34
post/2012-10-18-med-device-cracking.md 100644
View File

@ -0,0 +1,34 @@
# Another crack at medical device cracking
My previous post mentioned the dangers of running non-free software on implanted
medical devices. While reading over RMS' policital notes[0], I came across [an
article mentioning how viruses are rampant on medical equipment][1].
> "It's not unusual for those devices, for reasons we don't fully understand, to
> become compromised to the point where they can't record and track the data,"
> Olson said during the meeting, referring to high-risk pregnancy monitors.
The devices often run old, unpatches versions of Microsoft's Windoze operating
system. The article also mentions how the maleware often attempts to include its
host as part of a botnet.
[0]: http://stallman.org/archives/2012-jul-oct.html#18_October_2012_%28Computerized_medical_devices_vulnerable_to_viruses%29
[1]: http://www.technologyreview.com/news/429616/computer-viruses-are-rampant-on-medical-devices/
<!-- more -->
This is deeply concerning and incredibly dangerous. As non-free software is used
more and more in equipement that is responsible for our health and safety, we
are at increased risk for not only obvious software flaws, but also for crackers
with malicious intent; harming someone will become as easy as instructing your
botnet to locate and assassinate an individual while you go enjoy a warm (or
cold) beverage.
These problems are *less likely* (not impossible) to occur in free software
beacuse the users and community are able to inspect the source code and fix
problems that arise (or hire someone that can)[2]. In particular, in the case of
the hospitals mentioned in [the article][1], they would be free to hire someone
to fix the problems themselves rather than falling at the mercy of the
corporations who supplied the proprietary software.
[2]: http://www.gnu.org/philosophy/free-sw.html

8
post/2012-10-19-aguild-v-hathitrust.md 100644
View File

@ -0,0 +1,8 @@
# Digitizing Books Is Fair Use: Author's Guild v. HathiTrust
A New York court ruled that "digitizing" books for researched and disabled
individuals is lawful.[[0]]
[0]: https://www.eff.org/deeplinks/2012/10/authors-guild-vhathitrustdecision
<!-- more -->

28
post/2012-10-24-obama-wiretapping.md 100644
View File

@ -0,0 +1,28 @@
# Obama and Warrantless Wiretapping
The EFF has released an article with a [plethora of links describing warrantless
wiretapping under the Obama administration][0], spurred by Obama's response to
Jon Stewart's questioning on The Daily Show last Thursday. (Readers should also
be aware of the [NSA spy center][1] discussed earlier in the year, as is
mentioned in the EFF article.)
[0]: https://www.eff.org/deeplinks/2012/10/fact-check-obamas-misleading-answer-about-warrantless-wiretapping-daily-show
[1]: http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/
<!-- more -->
It is clear that the United States government has no intent on protecting the
freedoms of individuals and instead is actively resisting attempts to correct
the problems. While we can hope that this will change, and we can be confident
that organizations like the EFF will continue to fight for our liberties, one
immediate option is to limit as much as possible what the NSA and other agencies
can discover about you. Consider using [Tor][2] for all of your network traffic
(at the very least, use HTTPS connections to prevent agencies and ISPs from viewing
specific web pages on a particular domain; HTTPS is unnecessary if using Tor.)
PGP/GPG can be used to encrypt e-mail messages to the intended recipients. Etc.
It's unfortunate that such precautions are necessary. Privacy is important even
if you have nothing to hide; any suggestion to the contrary is absolutely
absurd.
[2]: http://torproject.org

15
post/2012-10-24-stingrays.md 100644
View File

@ -0,0 +1,15 @@
# Stingrays: Cell Phone Privacy and Warrantless Surveillance
How would you feel if law enforcement showed up in your living room, demanded
your cell phone, and started writing down your call history and text messages?
How would you feel if you didn't even know that they were in your home to begin
with, let alone stealing private data? [This is precisely what is happening when
law enforcement uses "Stingrays" to locate individuals][0], collecting data of
every other individual within range of the device in the process. Even *if* you
are the subject of surveillance, this is still an astonishing violation of
privacy. (Of course, law enforcement could always demand such records from your
service provider, but such an act at the very least has a paper trail.)
[0]: https://www.eff.org/deeplinks/2012/10/stingrays-biggest-unknown-technological-threat-cell-phone-privacy
<!-- more -->

63
post/2012-10-27-gnu-win8-launch.md 100644
View File

@ -0,0 +1,63 @@
# GNU Trick-Or-Treat---FSF Crashes Windows 8 Launch
The FSF decided to [crash the Windows 8 launch even in New York City][0],
complete with [Trisquel][1] DVDs, FSF stickers and information about their
[pledge to upgrade to GNU/Linux instead of Windows 8][2].
I find this to be a fun, excellent alternative to blatant protesting that is
likely to be better received by those who would otherwise be turned off to
negativity. At the very least, the [walking gnu][3] would surely turn heads and
demand curiosity.
[0]: http://www.fsf.org/news/activists-trick-or-treat-for-free-software-at-windows-8-launch-event-1
[1]: http://trisquel.info/
[2]: http://www.defectivebydesign.org/windows8
[3]: http://www.fsf.org/blogs/community/gnus-trick-or-treat-at-windows-8-launch
<!-- more -->
Here is the e-mail that was sent to the info at fsf.org mailing list:
> Happy (almost) Halloween, everybody,
>
> You've probably been noticing Microsoft's ads for their new operating
> system -- after all, they've spent more money on them than any other
> software launch campaign in history. In fact, everything about the
> campaign has been meticulously planned and optimized, so you can
> imagine journalists' surprise when an unexpected guest showed up at an
> invite-only launch event on Thursday.
>
> Our volunteer, Tristan Chambers, was there and caught the whole thing
> on camera! Pictures here:
> <http://www.fsf.org/blogs/community/gnus-trick-or-treat-at-windows-8-launch>.
>
> Reporters and security guards at the event weren't sure how to react
> when they were greeted by a real, live gnu. The gnu -- which, on
> closer inspection, was an activist in a gnu suit -- had come for some
> early trick-or-treating. But instead of candy, she had free software
> for the eager journalists. The gnu and the FSF campaigns team handed
> out dozens of copies of Trisquel, a fully free GNU/Linux distribution,
> along with press releases and stickers. Once they got over their
> confusion, the reporters were happy to see us and hear our message --
> that Windows 8 is a downgrade, not an upgrade, because it steals
> users' freedom, security and privacy.
>
> Free software operating systems are the real upgrade, and they don't
> need a zillion-dollar launch event to prove it. To show Microsoft that
> their ads won't change our minds, we're starting an upgrade pledge:
> switch to a free OS, or if you're already using one, help a friend
> switch. We can pay Microsoft a chunk of change for their new,
> proprietary OS, or we can stand up for our freedom. The choice isn't
> as hard as Microsoft wants you to think.
>
> Sign the pledge now! -- <http://www.fsf.org/windows8/pledge>.
>
> Thanks for making a commitment to free software.
>
> PS - If you'd like more details about the action, you can check out
> our press release here:
> <http://www.fsf.org/news/activists-trick-or-treat-for-free-software-at-windows-8-launch-event-1>.
>
> -Zak Rogoff
> Campaigns Manager

30
post/2012-10-30-abolishing-patents.md 100644
View File

@ -0,0 +1,30 @@
# Abolishing Patents
My issue with patents exceeds the [obvious case against software patents][0];
indeed, I have long pondered the problems with patents in other fields. When I
hear the phrase "patent pending" or "patented technology" touted in ads, I
have never thought positive thoughts; instead, I have thought "you are damning
this otherwise excellent work to stagnation". What if someone has an excellent
idea to improve upon that particular product? Well, they'd better be prepared to
jump through some hoops or shell out some hefty licensing fees. Or maybe it's
just easier to abandon the idea entirely and forget that it had never happened.
[0]: http://patentabsurdity.com/
<!-- more -->
However, I thought, it's not a simple case of ridding the world of patents.
How would that affect the incentive to innovate? How would people recoup
expensive R&D costs, especially in industries like pharmacy (both my parents are
pharmacists)? What about the incentive to describe your invention to the world?
Then again, nobody *has* to get a patent for their invention. It may be worth
keeping it secret if nobody can figure it out.
The answers to all of these questions appeared in one place: [The Case Against
Patents][1], which I found referenced in an article regarding the [Swedish Pirate
Party's opinions on patents, trademarks and copyright][2]. While it is still a
draft at the time of this writing, I encourage you to give it a read, as it is
very enlightening.
[1]: http://research.stlouisfed.org/wp/2012/2012-035.pdf
[2]: http://falkvinge.net/2012/10/13/what-the-swedish-pirate-party-wants-with-patents-trademarks-and-copyright/

18
post/2012-10-30-dcma-jailbreaking.md 100644
View File

@ -0,0 +1,18 @@
# Jailbreaking and DCMA---EFF Touts Victory, FSF Warns Of Failure
While the [EFF is pleased to announce][0] that the Copyright Office has [renewed
DMCA exceptions upholding jailbreaking rights for cellphones][1], the FSF
cautions that [this right has not been extended to tablets, game consoles or
even PCs with restricted boot][2].
[0]: https://www.eff.org/press/releases/eff-wins-renewal-smartphone-jailbreaking-rights-plus-new-legal-protections-video
[1]: http://www.copyright.gov/fedreg/2012/77fr65260.pdf
[2]: http://www.fsf.org/blogs/licensing/copyright-office-fails-to-protect-users-from-dmca
<!-- more -->
It should be noted that the EFF also successfully gained protection for the use
of short copyrighted clips in remixing,[0] and while this is a positive step
forward in its own, the implications of the first paragraph should not be
ignored.

30
post/2012-10-30-openwireless.md 100644
View File

@ -0,0 +1,30 @@
# OpenWireless.org
The EFF [announces the launch of openwireless.org][0], which encourages users to
[share their network connections][1] to create a global network of freely
available wireless internet access.
This is a noble movement. This reminds me of a point in history when MIT began
password protecting their accounts, which were previously open to anyone.
Stallman, disagreeing with such a practice, [encouraged users to create empty
passwords][2]. Stallman would even give out his account information so that
remote users may log into MIT's systems, all with good intent.
[0]: https://www.eff.org/deeplinks/2012/10/why-we-have-open-wireless-movement
[1]: https://www.openwireless.org/
[2]: http://shop.fsf.org/product/free-as-in-freedom-2/
<!-- more -->
Of course, with malice rampant in today's very different world, Stallman's
actions, although noble, would be both naive and a huge security risk.
Fortunately, [opening your wireless network isn't necessarily one of these
risks][3] and, if done properly, does not equate to opening your private network
to attack.
Consider using [DD-WRT][4] as your router's firmware, if supported by your
device, as it is itself [free software][5].
[3]: https://openwireless.org/myths
[4]: http://dd-wrt.com
[5]: http://www.gnu.org/philosophy/free-sw.html

12
post/2012-10-30-trademark-bullying.md 100644
View File

@ -0,0 +1,12 @@
# "Trademark" Bullying
There's two problems with this post from the EFF describing [The Village Voice
suing Yelp for "Best of" trademark infringement][0]: firstly, there's the
obvious observation that such a trademark should not have been permitted by the
USPTO to begin with. Secondly---why do entities insist on gaming the system in
such a terribly unethical manner? It takes a special breed of people to do such
a thing.
[0]: https://www.eff.org/deeplinks/2012/10/stupid-lawyer-tricks-and-government-officials-who-are-helping-them
<!-- more -->

15
post/2012-10-30-ubuntu-amazon-ads.md 100644
View File

@ -0,0 +1,15 @@
# Ubuntu 12.10 Privacy: Amazon Ads and Data Leaks
The EFF [cautions that Ubuntu 12.10 leaks user information to Amazon by
default][0] rather than requiring the user to opt *into* the system.
Of course, I cannot recommend that you use Ubuntu, as it encourages the
installation of non-free device drivers, readily enables non-free software
repositories and contains non-free components in its kernel.[1] Instead,
consider a [fully free GNU/Linux distribution like Trisquel][2].
[0]: https://www.eff.org/deeplinks/2012/10/privacy-ubuntu-1210-amazon-ads-and-data-leaks
[1]: http://www.fsfla.org/svnwiki/selibre/linux-libre/
[2]: https://trisquel.info
<!-- more -->

8
post/2012-11-03-bahrain-rallying.md 100644
View File

@ -0,0 +1,8 @@
# Ban On Public Rallying and Demonstrations in Bahrain
The government of Bahrain found that the best solution to preventing violent
protests was to [ban all public rallying and demonstrations][0].
[0]: https://www.eff.org/deeplinks/2012/11/bahrain-goes-bad-worse
<!-- more -->

8
post/2012-11-03-eff-dmca.md 100644
View File

@ -0,0 +1,8 @@
# EFF Elaborates On DCMA Ruling
In addition to my aforementioned links, the EFF has provided [a more detailed
analysis][0] of the decision.
[0]: https://www.eff.org/deeplinks/2012/11/2012-dmca-rulemaking-what-we-got-what-we-didnt-and-how-to-improve
<!-- more -->

22
post/2012-11-05-cali-prop-35.md 100644
View File

@ -0,0 +1,22 @@
# California Proposition 35 Concerns
The EFF [points out problems with California's Proposition 35][0], which would,
among other things, [require registered sex offenders to "disclose Internet
activities and identities"][1]:
[0]: https://www.eff.org/deeplinks/2012/11/eff-urges-no-vote-california-proposition-35
[1]: http://voterguide.sos.ca.gov/propositions/35/
<!-- more -->
> [...] Proposition 35 would force individuals to provide law enforcement with
> information about online accounts that are wholly unrelated to criminal
> activity such as political discussion groups, book review sites, or blogs.
> In todays online world, users may set up accounts on websites to communicate
> with family members, discuss medical conditions, participate in political
> advocacy, or even listen to Internet radio. An individual on the registered
> sex offender list would be forced to report each of these accounts to law
> enforcement within 24 hours of setting it up or find themselves in jail.
> This will have a powerful chilling effect on free speech rights of tens of
> thousands of Californians.

14
post/2012-11-05-mediagoblin-grant.md 100644
View File

@ -0,0 +1,14 @@
# MediaGoblin $10k Matching Grant
Congratulations to MediaGoblin for not only [meeting the $10k matching grant
from a generous anonymous donor][0], but also for raising $36k to date.
[MediaGoblin][1] is a "free software media publishing platform that anyone can
run"; it is a distributed, free (as in freedom) alternative to services such as
YouTube, Flickr and others, and is part of the [GNU project][2].
[0]: http://mediagoblin.org/news/we-made-10k-matching.html
[1]: http://mediagoblin.org/
[2]: http://gnu.org/
<!-- more -->

9
post/2012-11-05-nsa-useless.md 100644
View File

@ -0,0 +1,9 @@
# Another Useless, False-Sense-Of-Security NSA Security Tactic
A police officer [recalls a time he went through airport security][0] and
received a patdown from one of the security agents, which he found to be
absolutely useless.
[0]: http://www.gizmodo.co.uk/2012/10/search-me/
<!-- more -->

11
post/2012-11-06-voting-machine-alter.md 100644
View File

@ -0,0 +1,11 @@
# Video of 2012 Voting Machine Altering Votes
A Reddit user [posted video of a 2012 voting machine preventing him from
selecting Barak Obama][0]. Malfunction or not, this is the type of thing that
could have possibly been caught if the software were free. Furthermore, from
reading the source code, one would be able to clearly tell whether or not it was
a bug or an intentional "feature".
[0]: http://thenextweb.com/shareables/2012/11/06/reddit-user-captures-video-of-2012-voting-machines-altering-votes/
<!-- more -->

19
post/2012-11-14-olpc-ethiopia.md 100644
View File

@ -0,0 +1,19 @@
# OLPC Tablet in Ethiopia
A story mentions how [Ethiopian kids quickly learned to read and use tablet
PCs][0] provided by the [One Laptop Per Child][1] project. This is not only a
noble feat (as we would expect from OLPC), but also an impressive one,
considering that (as the article mentions) the children did not know how to
read, even in their own language.
[0]: http://dvice.com/archives/2012/10/ethiopian-kids.php
[1]: http://one.laptop.org/
<!-- more -->
Now, while the OLPC does have [its own tablet][2], the article mentions that the
[children were given Motorola Zoom tablets][0]; I would hope that they run free
software to encourage freedom in these developing countries and to encourage the
children to hack and explore their devices in even greater detail.
[2]: http://one.laptop.org/about/xo-3

10
post/2012-11-17-us-copyright-alert-system.md 100644
View File

@ -0,0 +1,10 @@
# U.S. "Copyright Alert System"
[The EFF warns][0] of [the "Copyright Alert System"][1]---a government
endorsed spy system---that will launched shortly to monitor peer-to-peer
networks for so-called "infringing" activity.
[0]: https://www.eff.org/deeplinks/2012/11/us-copyright-surveillance-machine-about-be-switched-on
[1]: http://www.copyrightinformation.org/alerts
<!-- more -->

160
post/2012-11-17-vlc-lgpl.md 100644
View File

@ -0,0 +1,160 @@
# VLC's Move to LGPL
Jean-Baptiste Kempf of the VLC project explains that "most of the code of VLC"
has been [relicensed under the LGPL][0], moving *away from* the GPL. Some of the
reasons for the move include "competition, necessity to have more professional
developers around VLC and AppStores".[1] (With the "AppStore" comment,
Jean-Baptiste is likely referring to issues regarding free software in Apple's
App Store, which [the FSF has discussed on their website][2].)
This is unfortunate; using the LGPL in place of the GPL is [not encouraged for
free software projects][3] because, while it ensures the freedom of the project
itself, it does not encourage the development of free software that *uses* the
project---the LGPL allows linking with proprietary software. Let's explore the
aforementioned reasons in a bit more detail.
[0]: http://www.jbkempf.com/blog/post/2012/I-did-it
[1]: http://www.jbkempf.com/blog/post/2012/How-to-properly-relicense-a-large-open-source-project
[2]: http://www.fsf.org/news/blogs/licensing/more-about-the-app-store-gpl-enforcement
[3]: http://www.gnu.org/licenses/why-not-lgpl.html
<!-- more -->
Firstly, let us consider the issue of competition. In one of the [discussions on
Hacker News][4], I pointed out the distinction between "open source" and Free
Software:
[...]
It is important to understand the distinction between "open source" and "free
software". Open source focuses on the benefits of "open" code and development
and how it can create superior software. Free Software focuses on the ethical
issues---while free software developers certainly want contributors, the
emphasis is on the fact that the software respects your freedom and, for that,
it's far superior to any other proprietary alternative; free software users
constantly make sacrifices in functionality and usability, and we're okay with
that.
[http://www.gnu.org/philosophy/open-source-misses-the-point.html][5]
[...]
In this sense, why should competition be considered for software freedom, unless
it is between two free software projects, encouraging innovation in conjunction
*with* freedom? In such a case, one wouldn't change the software license from
the GPL to the LGPL, because the LGPL is less pursuant toward those freedoms.
Therefore, VLC instead adopts the ["open source"][5] development model, as it
cares more for competition.
The next concern was to "have more professional developers around VLC".[1] Is
this to imply that free software hackers cannot be professional developers? I
certainly am. Consider projects like the kernel Linux---many companies have
contributed back to that project, which is licensed under the GPLv2. If the goal
is to have more people contributing to your project, then a license like the GPL
is certainly best, as it puts a legal obligation on the distributor to release
the source code, which the parent project may then incorporate. Now, the LGPL
also forces this (except for linked software); since the only [differences
between the GPL and the LGPL][6] deal with the linking exception, this means
that the author is either (a) mistaken in the concern or (b) wishes for more
*proprietary* development around VLC. Alternatively, the author may be
concerned that the GPL introduces compatibility issues between whatever other
"open source" license developers wish to use when linking VLC code, but
again---that means that VLC is devaluing freedom. Risky business, but this is
the model that BSD follows (permitting proprietary derivatives of the entire
software---not just linking---and receiving contributions back from proprietary
software makers.)
Finally, let us consider the issue of Apple's App Store. This is issue is
certainly of strong concern---Apple's products are very popular and yet they do
not even make an attempt to respect the users' freedoms either with their
software or with any of the software they allow on their "App Store".[2]
However, Jean-Baptiste has made a fatal mistake---we should not be changing our
licenses to suit Apple! In effect, that is giving Apple even more power over
free software by allowing them to exert control not only over their users, but
also over the developers of the users' favorite software! We should instead
express our condolences with those users and suggest instead that they adopt a
device or operating system that respects their freedom, or that they jailbreak
their devices (which is [still legal][7]).
I'll end this commentary with an additional response of mine from the
[aforementioned Hacker News thread][4]:
> The freedoms represent an ethical issue---that software developers have
> unprecedented control over their users. Why should I, as a hacker, be able
> to tell you what you can and cannot do with your device? Furthermore, it
> raises deep privacy issues---what kind of data am I collecting and why
> should I have that data?
>
> I entered the free software movement slowly (I began software development on
> Windows as a young boy and was trained to think that bossing the user around
> was a good thing; I thought it was fun to write DRM system and
> anti-features). I began using GNU/Linux while still rationalizing my use of
> proprietary software through Wine or by dual-booting into Windows. I then
> saw the benefits of the "open source" development model. It wasn't until I
> spent the time researching the reasons behind the free software movement
> that things began to click. I was able to look back on everything I learned
> as a developer for Windows and see that I enjoyed the thought of controlling
> my users. I enjoyed the power I got from programming---programming was
> empowerment, and the only way to squeeze the money out of those unsuspecting
> users was to do it forcefully.
>
> People have fundamentally different philosophies when it comes to
> programming. Do all proprietary software developers do so out of greed? On
> some level, sure---they're not contributing that code so that others may
> benefit from it. But are they doing it for the purpose of controlling their
> users? Not necessarily, but they still are, even if they have the best of
> intentions. Is someone who creates proprietary educational software for
> children in third world companies "evil"? Certainly not. The problem is that
> they're denying them an additional right---the right to modify that
> software, learn from it and use their devices as they please.
>
> Of course, we often see proprietary software used unethically, often times
> for vendor lock-in or greed; corporations are worried that if they lighten
> their grip on their users, that the users may run, or worse, do something
> [il]legal. I don't believe that is the place of software developers. I
> remember, back when I used Windows, I was obsessed with magic/illusion. I
> purchased a ton of videos online teaching me various magic tricks, but the
> videos were laced with DRM (which, at the time, as a Windows developer, I
> applauded). The problem was, that I then upgraded my hardware. My videos no
> longer worked. I contacted them for a new key, and could view them again.
> Then I got a new PC. And now I use GNU/Linux. I can no longer watch those
> videos that I purchased because of this unnecessary, artificial restriction.
> Was I going to distribute those videos? No. Did that prevent others from
> stripping the restrictions and distributing it anyway? Certainly not. I was
> being punished for others' actions and the others weren't any worse off from
> the restrictions, because they understood how to defeat them.
>
> Of course, DRM's only one of the many issues (and DRM cannot exist in free
> software, because the community would simply remove the anti-feature). What
> if I were using some software---let's say Photoshop---and it crashed on me
> in the middle of my work. Crap. Well, if I were using GIMP, I would run gdb
> on the core dump (assuming a segfault) and inspect the problem. I would try
> to repeat it. I could, if I wanted to, get my hands on the source code, fix
> the problem and distribute that fix to others. If I didn't have the time or
> ability, others could fix the problem for me, and we have the right to share
> those changes. We have the right to benefit from those changes. With
> Photoshop, we'd better start waiting. What if I was able to magically come
> up with a fix, perhaps by modifying the machine code? Hold on---I'm not
> allowed to do that! And I'm certainly not allowed to distribute that fix to
> others. And I'm certainly not allowed to give my son a copy for his PC if he
> wanted to do an art project for school.
>
> The FSF provides a great deal of information on their philosophy:
> <http://www.gnu.org/philosophy/>. You could also gain a great deal of
> insight by reading up on the history:
> <http://shop.fsf.org/product/free-as-in-freedom-2/> or by reading RMS'
> essays: <http://shop.fsf.org/product/signed-fsfs/>.
>
> And ultimately, you may find that you do not agree with our
> philosophy---many don't. That's certainly your right, and I respect that.
> What I cannot respect, and will not respect, is when that philosophy is used
> to exert control over others.
>
> (As a final note: many say we control developers through our "viral"
> licenses. But keep in mind that we're trying to protect the users *from*
> developers. This means taking power away from developers. This is
> intentional.)
[4]: http://news.ycombinator.com/item?id=4787965
[5]: http://www.gnu.org/philosophy/open-source-misses-the-point.html
[6]: http://www.gnu.org/licenses/lgpl.html
[7]: https://www.eff.org/press/releases/eff-wins-renewal-smartphone-jailbreaking-rights-plus-new-legal-protections-video

16
post/2012-11-19-copyright-reform.md 100644
View File

@ -0,0 +1,16 @@
# Copyright Reform? You're silly.
Amazingly, the Republican Study Committee (RSC) had [released a report
suggesting copyright reform][0]. Of course, that's a silly thing to do when
you're in bed with organizations like the MPAA and RIAA; [the report was quickly
retracted][1].
It would have been a surprising step forward; maybe there's hope yet, assuming
the GOP can get a handle on itself.
(Disclaimer: I have no party affiliation.)
[0]: http://www.techdirt.com/articles/20121116/16481921080/house-republicans-copyright-law-destroys-markets-its-time-real-reform.shtml
[1]: http://www.techdirt.com/articles/20121117/16492521084/hollywood-lobbyists-have-busy-saturday-convince-gop-to-retract-copyright-reform-brief.shtml
<!-- more -->

58
post/2012-11-19-privacy-petraeus.md 100644
View File

@ -0,0 +1,58 @@
# Privacy In Light of the Petraeus Scandal
I'm not usually one for scandals (in fact, I couldn't care less who government
employees are sleeping with). However, it did bring up deep privacy
concerns---how exactly did the government get a hold of the e-mails?
The [EFF had released an article answering some questions][0] about the scandal,
which is worth a read. In particular, you should take a look at the [EFF's
Surveillance Self-Defense website][1] for an in-depth summary of the laws
surrounding government surveillance and tips on how to protect against it.
[0]: https://www.eff.org/deeplinks/2012/11/when-will-our-email-betray-us-email-privacy-primer-light-petraeus-saga
[1]: https://ssd.eff.org
I'd like to touch upon a couple things. In particular, [the article mentions][0]:
<!-- more -->
> Broadwell apparently accessed the emails from hotels and other locations, not
> her home. So the FBI cross-referenced the IP addresses of these Wi-Fi
> hotspots "against guest lists from other cities and hotels, looking for common
> names."
To stay anonymous in this situation, one should [consider using Tor][2] to mask
his/her IP address. Additionally, remove all cookies (or use your browser's
privacy mode if it will disable storing and sending of cookies for you) and
consider that your User Agent may be used to identify you, especially if
maleware has inserted its own unique identifiers.
Also according to [the EFF article][0]:
> According to reports, Patraeus and Broadwell adopted a technique of drafting
> emails, and reading them in the draft folder rather than sending them.
That didn't work out so well. Consider [encrypting important communications][3]
using GPG/PGP so that (a) the e-mail cannot be deciphered in transit and (b) the
e-mail can only be read by the intended recipient. Of course, you are then at
risk of being asked to divulge your password, so to avoid the situation
entirely, it would be best to delete the e-mails after reading them.
Additionally, if you host your own services, it may be wise to host your own
e-mail (guides for doing this vary between operating system, but consider
looking at software like [Postfix][4] for mail delivery and maybe [Dovecot][5]
for retrieval).
Privacy isn't only for those individuals who are trying to be sneaky or cheat on
their spouses. Feel free joining the EFF in trying to reform the ECPA to respect
our privacy in this modern era; storing a document digitally shouldn't change
its fundamental properties under the law.
I'd also encourage you to read [Schneier's post on this topic][6], which
summarizes points from many articles that I did not cover here.
[2]: https://ssd.eff.org/tech/tor
[3]: https://ssd.eff.org/tech/encryption
[4]: http://www.postfix.org
[5]: http://www.dovecot.org/
[6]: http://www.schneier.com/blog/archives/2012/11/e-mail_security.html

9
post/2012-12-01-tor-node-raid.md 100644
View File

@ -0,0 +1,9 @@
# Tor exit node operator raided in Austria
[These things][0] mustn't be allowed to happen; they are an affront to privacy.
Tor exit node operators should not have to fear conviction for activities they
themselves did not perform.
[0]: http://www.lowendtalk.com/discussion/6283/raided-for-running-a-tor-exit-accepting-donations-for-legal-expenses
<!-- more -->

10
post/2012-12-06-email-warrant-us.md 100644
View File

@ -0,0 +1,10 @@
# Warrants For E-mails in the United States
The [Senate Judiciary Committee passed an amendment][0] that requires that they
receive a warrant before spying on our e-mails.
This is excellent; let us hope that it becomes law.
[0]: https://www.eff.org/deeplinks/2012/12/deep-dive-updating-electronic-communications-privacy-act
<!-- more -->

53
post/2012-12-22-free-copyright-assign.md 100644
View File

@ -0,0 +1,53 @@
# Copyright Assignment Of Free Software Projects
An [e-mail today from Paolo Bonzini][0], a maintainer of GNU sed, has prompted
additional discussion regarding copyright assignment to corporate entities; in
particular, the discussion focuses on copyright assignment to the FSF under the
GNU project.
[0]: http://article.gmane.org/gmane.comp.lang.smalltalk.gnu.general/7873
<!-- more -->
An [article by Michael Kerrisk on LWN.net][1], posted a couple days earlier,
touches on the [same issue brought up by GnuTLS earlier in the month][2]. The
disagreements from the two aforementioned individuals of the GNU-maintained
projects prompt a thoughtful analysis of whether copyright assignment is
appropriate for your own free software project[1]. In contrast, consider the
[developer certificate of origin][3] policy adopted by the Linux project, under
which contributors maintain copyright for their contributions.
There are benefits and downsides to both models---if a project requires
copyright assignment (such as the GNU projects), then enforcement and license
modifications are simplified. As an example, if the Linux project wanted to move
to the GPLv3, they would have to contact each contributor (a similar move was
done recently [by the VLC project][4], except that they moved from the GPL to
the LGPL). However, the Linux project has a much smaller barrier to entry---they
need not [assign copyright of their contributions to the project (such as is the
case with GNU)][5], meaning that individuals may be more likely to contribute.
One of the major benefits touted by the FSF for copyright assignments from
contributors is [copyright enforcement][6]---another complication that would
arise from enforcing the GPL in a project such as Linux. That said, as the LWN
article mentions[2], what if [the FSF cannot find the time to enforce the
copyright on a project violation][7]? Then again, what of the flipside---do you
have the time or money to enforce violations on your own projects were they not
assigned to a corporation like the FSF?
These are interesting discussions and certainly things that should be considered
when determining how to handle both contributions and the copyright for your
entire project. Ultimately, that decision falls on you, the author/maintainer,
and your needs.
(Disclaimer: I am an associate member of the Free Software Foundation. This
article does not reflect any of my personal opinions; whether or not I would
assign copyright to the FSF for any of my projects would be determined based on
the goals and plan of that particular project.)
[1]: http://lwn.net/SubscriberLink/529522/854aed3fb6398b79/
[2]: http://lwn.net/Articles/529558/
[3]: http://elinux.org/Developer_Certificate_Of_Origin
[4]: http://mikegerwitz.com/thoughts/2012/11/VLC-s-Move-to-LGPL.html
[5]: http://git.savannah.gnu.org/cgit/gnulib.git/tree/doc/Copyright/assign.changes.manual#n64
[6]: http://www.gnu.org/licenses/why-assign.html
[7]: http://lwn.net/Articles/529777/

46
post/2012-12-28-fisa-5yr.md 100644
View File

@ -0,0 +1,46 @@
# Congress Approves FISA For Another 5 Years
At a [vote of 73-23][0], Congress has voted to [extend FISA warentless spying
bill by five more years[1], even shooting down [proposed amendments][2] to the
bill.[3]
[0]: https://www.senate.gov/legislative/LIS/roll_call_lists/roll_call_vote_cfm.cfm?congress=112&session=2&vote=00236
[1]: https://www.eff.org/deeplinks/2012/12/congress-disgracefully-approves-fisa-warrantless-eavesdropping-bill-five-more
[2]: https://www.eff.org/deeplinks/2012/12/why-we-should-all-care-about-senates-vote-fisa-amendments-act-warrantless-domestic
[3]: http://arstechnica.com/tech-policy/2012/12/as-senate-votes-on-warrantless-wiretapping-opponents-offer-fixes/
<!-- more -->
Thank you to those senators that [opposed the bill][0]:
> Akaka (D-HI);
> Baucus (D-MT);
> Begich (D-AK);
> Bingaman (D-NM);
> Brown (D-OH);
> Cantwell (D-WA);
> Coons (D-DE);
> Durbin (D-IL);
> Franken (D-MN);
> Harkin (D-IA);
> Leahy (D-VT);
> Lee (R-UT);
> Menendez (D-NJ);
> Merkley (D-OR);
> Murkowski (R-AK);
> Murray (D-WA);
> Paul (R-KY);
> Sanders (I-VT);
> Schatz (D-HI);
> Tester (D-MT);
> Udall (D-CO);
> Udall (D-NM);
> Wyden (D-OR).
Unfortunately, the two senators from my own state cannot join that list.
The [EFF has sumarized the surveillance issues of 2012][4] recently on their
website.
[4]: https://www.eff.org/deeplinks/2012/12/2012-review-effs-fight-against-secret-surveillance-law

9
post/2013-01-01-new-year.md 100644
View File

@ -0,0 +1,9 @@
# Happy New Year
The greatest excitement in moving into a new year is the prospect of quantified
growth.
Of course, it also means another year to look forward to the health of those you
care for.
<!-- more -->

29
post/2013-01-07-dna-collection.md 100644
View File

@ -0,0 +1,29 @@
# DNA Collection
Consider a recent article from the EFF [regarding "Rapid DNA Analyzers"][0].
The article poses the potetial issues involved, but also consider that any DNA
collected (if not destroyed) would violate not just your privacy, but your
entire blood line. What if DNA from immigrants were collected? Much of that
information is inherited, so generations down the line, your privacy is still
violated.
[0]: https://www.eff.org/deeplinks/2012/12/rapid-dna-analysis
<!-- more -->
I cannot comment intelligently on the matter since I haven't read deeply enough
into the proposed storage/hashing/etc policies, but those polices can be abused
and such data can be leaked. I highly oppose any sort of DNA collection outside
of personal at-home use (when the technology is available with free software)
and use by medical professionals for personal medical reasons so long as the
institution performing the test can provide stringent evidence of its
destruction. But even then, if law enforcement somehow got a hold of the DNA
before it were destroyed, then the problem still exists, so it would be best if
you had your own personal tools to analyze your own DNA and distribute only the
portions that were required (and encryption tools like [GPG][1] could be used
for distribution).
One day, but not now. Let's make those scanners affordable and run free
software.
[1]: http://www.gnupg.org/

15
post/2013-01-07-uspto-freefw-community.md 100644
View File

@ -0,0 +1,15 @@
# USPTO Wants To Hear From Software Community
The [USPTO wants to hear from the software community][0]. Interesting, but the
problem is that the "software community" includes more than just those who
find software patents to be an abomination.
I have [mentioned issues with software patents in a previous post][1], but one
resource that may be worth looking at direclty is ["The Case Against
Patents"][2] [pdf].
[0]: http://www.groklaw.net/article.php?story=20130104012214868
[1]: http://mikegerwitz.com/thoughts/2012/10/Abolishing-Patents.html
[2]: http://research.stlouisfed.org/wp/2012/2012-035.pdf
<!-- more -->

41
post/2013-01-14-lulu-bye-drm.md 100644
View File

@ -0,0 +1,41 @@
# LuLu Says Goodbye to DRM
On January 8th, [LuLu announced that they would be dropping DRM][0] for users
who "[download] eBooks directly from Lulu.com to the device of their choice".
This is a wise move (for [those of us who oppose DRM][1]), but unfortunately, as
John Sullivan of the Free Software Foundation noted on the fsf-community-team
mailing list, the [comments on LuLu's website][0] are not all positive:
[0]: http://www.lulu.com/blog/2013/01/drm-update/
[1]: http://defectivebydesign.org/
> This is a positive development, but unfortunately there has been a lot
> of negative reaction in the comments on their announcement.
>
> It'd be great if people could chime in and support them their move away
> from DRM.
<!-- more -->
At first glance, certain authors seem to be concerned that the absense of DRM
will lead to ["more illegal file sharing"][0]:
> [...] Ive got copies of my non-DRM ebooks all over the torrent sites and
> thousands of downloads registered, for which I havent received a cent. As
> soon as you push for them to be taken down, theyre posted up again.
While it is unfortunate that those authors are not receiving compensation for
their hard work, it should be noted that this problem exists even *with*
DRM, so it is not a valid argument toward keeping it.
I applaud this move by LuLu, though I'm disappointed to see [this comment in the
original post][0]:
> Companies like Amazon, Apple and Barnes & Noble integrate a readers
> experience from purchasing to downloading and finally to reading. These
> companies do a fantastic job in this area, and eBooks published through Lulu
> and distributed through these retail sites will continue to have the same
> rights management applied as they do today.
They do not do it well; no DRM is good DRM.

171
post/2013-01-26-re-fsf-waste-high-priority.md 100644
View File

@ -0,0 +1,171 @@
# Re: FSF Wastes Away Another "High Priority" Project
A couple days ago, my attention was drawn to an article on Phoronix that
[criticized the FSF for its decision to stick with GPLv3 over GPLv2 on
LibreDWG][0] due to the number of projects that make use of it---licensed under
the GPLv2---under [a now incompatible][1] license. This article is very negative
and essentially boils down to this point (the last paragraph):
> Unless the Free Software Foundation becomes more accomodating [sic] of these
> open-source developers -- who should all share a common goal of wanting to
> expand free/open-source software -- LibreDWG is likely another project that
> will ultimately waste away and go without seeing any major adoption due to
> not working with the GPLv2.
It it worth mentioning why this view is misguided (though understandable for
those who adopt the ["open source" philosophy over that of software
freedom][2]).
[0]: http://www.phoronix.com/scan.php?page=news_item&px=MTI4Mjc
[1]: http://www.gnu.org/licenses/gpl-faq.html#WhatDoesCompatMean
[2]: http://www.gnu.org/philosophy/open-source-misses-the-point.html
<!-- more -->
Let me start with [this paragraph from the Phoronix article][0]:
> The Free Software Foundation was contacted about making LibreDWG GPLv2+
> instead (since the FSF is the copyright holder), but the FSF/Richard Stallman
> doesn't the DWG library on the earlier version of their own open-source
> license.
The FSF's founding principle is that of [software freedom][3] (beginning with the
GNU project). Now, consider the reason for the creation of the GPLv3---the GPLv2
[could not sufficiently protect against][4] software patents and newer threats such
as "tivoization". These goals further the FSF's mission of ensuring---in
this case---that free software *remains* free ([a concept that RMS coined
"copyleft"][5]). It would make sense, then, that the FSF (and RMS') position is
that [it is important that we adopt the GPLv3 for our software][6].
From this perspective, it does not make sense to "downgrade" LibreDWG's
license to the GPLv2, which contains various bugs that have since been patched
in GPLv3---it is not pursuant to the FSF's goals. (Of course, not all agree with
the GPLv3; one such notable disagreement (as well as issues
stemming from copyright assignment) leaves the kernel Linux [perpetually licensed
under the GPLv2][7] since it does not contain the ["or later" clause][8]).
That is not to say that the author's concern is not legitimate---a number of
projects are licensed under the GPLv2 and therefore cannot use the newer (and
improved) versions of LibreDWG that are licensed under the GPLv3 (unless they
were to upgrade to the GPLv3, of course). Whether or not upgrading is feasible
(e.g., in the case of the kernel Linux, it is not) is irrelevant---let us
instead focus on the issue of adoption under the assumption that the project is
either unwilling or unable to make use of a library licensed under the GPLv3.
As aforementioned, [the author focuses on the issue of adoption][0]:
> LibreDWG is likely [...to] go without seeing any major adoption due to not
> working with the GPLv2
A focus on adoption is a [focus of "open source", not free software][2], the
latter of which the FSF represents. With a focus on software freedom, the goal
is to create software that respects the [users' four essential freedoms][9]; if
the software is adopted and used, great! However, freedom should never be
sacrificed in order to encourage adoption. One may argue that "downgrading" to
the GPLv2 is not sacrificing freedom because the software is still free (it is
even the GPL)---but it is important to again realize that the GPLv3 is "more
free" than the GPLv2 in the sense that it [*protects* additional freedoms][6];
so, while the GPLv2 isn't necessarily sacrificing users' freedoms directly, it
does have such an indirect effect through means of enforcement.
A reader familiar with GNU may then point out the LGPL---the Lesser General
Public License---under which popular (and very important) [libraries such as
glibc are licensed][10]. In fact, one could extend this argument to any
library---why not have LibreDWG licensed under the LGPL to avoid this problem in
its entirety, while still preserving the users' freedoms for that library in
itself? This understanding requires a brief lesson in history---the rationale
under which the LGPL was born. [To quote the GNU project][11]:
> Using the ordinary GPL is not advantageous for every library. There are
> reasons that can make it better to use the Lesser GPL in certain cases. The
> most common case is when a free library's features are readily available for
> proprietary software through other alternative libraries. In that case, the
> library cannot give free software any particular advantage, so it is better to
> use the Lesser GPL for that library.
It was for this reason that glibc was released under the LGPL---because it was
better to have the users adopt some sort of free software than none at all;
there were other alternatives that existed that users may flock to if they were
forced to liberate their own proprietary software (after all, the C API is also
standardized, so such a feat would be trivial). Now that glibc has since matured
greatly, it could be argued today that it has proved its usefulness and the LGPL
may no longer be necessary, but such a discussion is not necessarily relevant
for this conversation.
What is important is that [the FSF does not recommend the LGPL for most
libraries][11] because that would encourage proprietary software developers to
take advantage of both the hard work of the free software community and the
users of the software. Now, I cannot speak toward the alternatives to
LibreDWG---do there exist proprietary alternatives that are reasonable
alternatives to non-commercial projects? I do not have experience with the
library. However, I hope by this point the FSF's position has been rationalize
(even if you---the reader---do not agree with it).
Of course, this rationalization will still leave a sour taste in the mouth of
those "open source" developers (or perhaps even some free software developers)
that think in terms of what is "lost": these projects---which are themselves
free software and therefore beneficial to our community---cannot take advantage
of *other free software* due to this licensing issue. Since these projects had
already existed when LibreDWG was licensed under the GPLv2, the relicensing to
GPLv3 may seem unfair and, therefore, a "loss". It is difficult to counter
such an argument if the above rationale has not been sufficient; nor will I
argue that the situation is not unfortunate, should the projects be unable to
relicense. However, it must be understood that, to ensure the future of free
software, the FSF must adopt to combat today's threats and so too must other
free software projects.
The Phoronix article mentioned two projects in particular that suffer from
LibreDWG's relicensing: [LibreCAD and FreeCAD][0]. LibreCAD omits the "or later"
clause that was mentioned above, preventing them from easily migrating to the
GPLv2 (which is [against the FSF's recommendation][12]). Unless the project
requires that contributors assign copyright to the project owner, then they
would have to get permission from each contributor (or rewrite the code) in
order to change the license (which is not unheard of; [VLC had done so recently
to migrate from the GPL to the LGPL][13]); this is a significant barrier for any
project with multiple contributors, especially when your project is a derivative
work (of QCad).
The other project mention was FreeCAD, and the author of the article mentions
that the project depends on Coin3D and Open CASCADE, "both of which are
GPLv2", so [the project cannot migrate to GPLv3][0]. A quick look at Coin3D's
website shows that the software is actually licensed under the modified
(3-clause) BSD license, and so [migrating to the GPLv3 is not an issue][15]. Open
CASCADE has its own "public license" that I do not have the time to evaluate
(nor am I lawyer, so I do not wish to give such advice), so I cannot speak to
its compatibility with the GPLv3. That said, I'm unsure if it would be a barrier
toward FreeCAD's adoption of the GPLv3.
Ultimately, the moral of the story is to plan for the *future*---if you use a
project licensed under the GPL, ensure that it has the "or later" clause that
allows it to be licensed under later version of the GPL, since you can be sure
that the FSF and many other free software developers will be quick to adopt the
license. Of course, many may not be comfortable with such a licensing decision:
you effectively are giving the FSF permission to relicense you work by simply
releasing a new version of the GPL. It is your decision whether you are willing
to place this kind of trust in the organization responsible for starting the
free software movement in the first place.
Readers may now assume that I am placing the entire blame and onus on the
implementors of LibreDWG. The onus, perhaps, but not the blame---this truly is
an unfortunate circumstance that takes away from hacking a free software
project. Unfortunately, the projects are stuck in a bad place, but the FSF is
not to blame for standing firm in their ideals. Instead, this can be thought of
as a maintenance issue---rather than a source code refactoring resulting from a
library API change, we instead require a "legal code" refactoring resulting
from a "legal API" change.
[3]: http://www.fsf.org/about/
[4]: http://www.gnu.org/licenses/quick-guide-gplv3.html
[5]: http://www.gnu.org/copyleft/
[6]: http://www.gnu.org/licenses/rms-why-gplv3.html
[7]: http://lwn.net/Articles/200422/
[8]: http://www.gnu.org/licenses/gpl-faq.html#v2v3Compatibility
[9]: http://www.gnu.org/philosophy/free-sw.html
[10]: http://www.gnu.org/licenses/lgpl.html
[11]: http://www.gnu.org/licenses/why-not-lgpl.html
[12]: http://www.gnu.org/licenses/gpl-howto.html
[13]: http://mikegerwitz.com/thoughts/2012/11/VLC-s-Move-to-LGPL.html
[14]: https://bitbucket.org/Coin3D/coin/wiki/Home
[15]: http://www.gnu.org/licenses/license-list.html#ModifiedBSD
[16]: http://www.opencascade.org/getocc/license/

7
post/2013-01-30-phone-unlocking-illegal.md 100644
View File

@ -0,0 +1,7 @@
# Phone "Unlocking" Once Again Illegal
[Ridiculous.][0] We should own the hardware that we purchase.
[0]: https://www.eff.org/is-it-illegal-to-unlock-a-phone
<!-- more -->

102
post/2013-01-30-re-skype-let-spy.md 100644
View File

@ -0,0 +1,102 @@
# Re: Who Does Skype Let Spy?
Today, [Bruce Schneier brought attention to privacy concerns surrounding
Skype][0], a very popular ([over 600 million users][1]) VoIP service that has
since been acquired by Microsoft. In particular, [users are concerned over what
entities may be able to gain access to their "private" conversations][1]
through the service---Microsoft has refused to answer those kinds of questions.
While the specific example of Skype is indeed concerning, it raises a more
general issue that I wish to discuss: The role of free software and SaaS
(software as a service).
[0]: http://www.schneier.com/blog/archives/2013/01/who_does_skype.html
[1]: http://www.skypeopenletter.com/
<!-- more -->
To [quote Schneier][0]:
> We have no choice but to trust Microsoft. Microsoft has reasons to be
> trustworthy, but they also have reasons to betray our trust in favor of other
> interests. And all we can do is ask them nicely to tell us first.
Schneier continues to admit, in similar words, that [we are but "vassals" to
these entities and that they are our serfs][2]. His essays regarding the [power of
corporations and governments over their users][3] echo the words of Lawrence
Lessig in his [predictions of a "perfectly regulated" future made possible by
the Internet][4]. While Lessig (despite what his critics have stated in the
past) seems to have been correct in many regards, we need not jump into the
perspective of an Orwellian dystopia where we are but "vassals" to the
Party.[^5] Indeed, this is only the case---at least at present---if you choose to
participate in the use of services such as Skype, as ubiquitous as they may be.
Skype is a useful demonstration of the unfortunate situation that many users
place themselves in by trusting their private data to Microsoft. Skype itself is
proprietary---we cannot inspect its source code (easily) in order to ensure that
it is respecting our privacy. (Indeed, as a user on [the HackerNews
discussion][6] pointed out, [Skype has installed undesirable software in the
past][7].) If Skype were [free software][8], we would be able to inspect its
source code and modify it to suit our needs, ensuring that the software did only
what we wanted it to do---ensuring that Microsoft was not in control of us.
However, even if Skype were free software, there is another issue at work that
is often overlooked by users: Software as a Service (SaaS). When you make use of
services that are hosted on remote servers (often called "cloud"
services)---such as with Skype, Facebook, Twitter, Flickr, Instagram, iTunes,
iCloud and many other popular services---you are blindly entrusting your data to
them. Even if the Skype software were free (as in freedom), for example, [we
still cannot know what their servers are doing with the data we provide to
them][9]. Even if Skype's source code was plainly visible, the servers act as a
black box. Do they monitor your calls? [Does Facebook abuse your data?][10] How is
that data stored---[what happens][1] in the event of a data breach, or in the event
of a warrant/subpoena?
The only way to be safe from these providers is to [reject these services
entirely and use your own software on your own PC][9], or use software that will
connect directly to your intended recipient without going through a 3rd
party. (Never mind your ISP; that is a separate issue entirely.) If you must
use a 3rd party service, ensure that you can adequately encrypt your
communications (e.g. using GPG to encrypt e-mail communications)---something
that may not necessarily be easy/possible to do, especially if the software is
proprietary and works against you.
The EFF has published [useful information on protecting yourself against
surveillance][11], covering topics such as encryption and anonymization.
If we are to resist the worlds that [Lessig][4] and [Schneier][3] describe, then we
must [stand up for our right to privacy and demand action][12]. [Who will have
your back][13] when we're on the brink of ["perfect regulation"][4]; who will
stand up for your rights and work *with* you---not against you---to preserve
your liberties? Without this push, services like Skype empower governments and
other entities to work toward perfect regulation---to continuously spy on
everything that we do. With everyone putting their every thought and movement on
services like Facebook, [Twitter][14] and Skype, the Orwellian Thought Police have
the ability to manifest in a form that not even Orwell could have
imagined---unless it is stopped.
To help [preserve your ever-dwindling rights online][15], consider becoming a
member of or participating in the campaigns of the [Free Software
Foundation][16], [Electronic Frontier Foundation][17], the [American Civil
Liberties Union][18] or any other organizations dedicated toward free society.
(Disclaimer: I am a member of the Free Software Foundation.)
[2]: http://www.schneier.com/essay-406.html
[3]: http://www.schneier.com/essay-409.html
[4]: http://codev2.cc/
[6]: http://news.ycombinator.com/item?id=5139801
[7]: http://blogs.skype.com/garage/2011/05/easybits_update_disabled_for_s.html
[8]: http://www.gnu.org/philosophy/free-sw.html
[9]: http://www.gnu.org/philosophy/who-does-that-server-really-serve.html
[10]: https://www.eff.org/deeplinks/2013/01/facebook-graph-search-privacy-control-you-still-dont-have
[11]: https://ssd.eff.org
[12]: https://www.eff.org/deeplinks/2013/01/its-time-transparency-reports-become-new-normal
[13]: https://www.eff.org/pages/when-government-comes-knocking-who-has-your-back
[14]: https://www.eff.org/deeplinks/2013/01/google-twitters-new-transparency-report-shows-increase-government-demands-sheds
[15]: https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=8750
[16]: http://www.fsf.org/register_form?referrer=5804
[17]: https://supporters.eff.org/donate
[18]: https://www.aclu.org/donate/join-renew-give
[^5]: Orwell, George. Nineteen Eighty-Four. ISBN 978-0-452-28423-4.

8
post/2013-02-26-cispa.md 100644
View File

@ -0,0 +1,8 @@
# What is CISPA and Why is it Dangerous?
The EFF has put together an excellent [FAQ on CISPA][0], the "cybersecurity"
bill that was reintroduced to congress earlier this month.
[0]: https://www.eff.org/deeplinks/2013/02/cispas-back-faq-what-it-and-why-its-still-dangerous
<!-- more -->

15
post/2013-03-01-dmr-very-early-c.md 100644
View File

@ -0,0 +1,15 @@
# DMR: "Very early C compilers and language"
An interesting article by Dennis Ritchie discussing [early C compilers][0]
recovered from old DECtapes. The source code and history are fascinating reads.
The quality of the code (the "kludgery"[1], as he puts it) to me just brings
smiles---I appreciate seeing the code in its original glory.
It is also saddening reading the words of such a great man who is no longer with
us; perhaps it helps to better appreciate his legacy.
[0]: http://cm.bell-labs.com/cm/cs/who/dmr/primevalC.html
[1]: http://www.catb.org/~esr/jargon/html/K/kludge.html
<!-- more -->

8
post/2013-03-01-lpc-winners.md 100644
View File

@ -0,0 +1,8 @@
# Libreated Pixel Cup Winners Announced
[Congratulations][0] to the [winners of the Liberated Pixel Cup][1].
[0]: http://www.fsf.org/news/winners-announced-for-free-software-gamings-highest-honor-the-liberated-pixel-cup
[1]: http://lpc.opengameart.org/content/code-judging-is-in
<!-- more -->

35
post/2013-03-06-google-fbi-spying.md 100644
View File

@ -0,0 +1,35 @@
# Google Says the FBI Is Secretly Spying on Some of Its Customers
A Wired article mentions [figures released from Google][0] regarding National
Security Letters issued by the NSA under the Patriot Act. It is too early to
comment in much detail on this matter (I would like to wait for commentary from
the EFF), but, as the article mentions:
[0]: http://www.wired.com/threatlevel/2013/03/google-nsl-range/?cid=co6199824
> Google said the number of accounts connected to National Security letters
> ranged between “1000-1999″ for each of the reported years other than 2010. In
> that year, the range was “2000-2999.”
<!-- more -->
The [EFF provides additional information, including recommendations on what to
do about such requests][1] via their Surveillance Self-Defense website. As
quoted from that website:
> And it's even worse for FISA subpoenas, which can be used to force anyone to
> hand over anything in complete secrecy, and which were greatly strengthened
> by Section 215 of the USA PATRIOT Act. The government doesn't have to show
> probable cause that the target is a foreign power or agent — only that they
> are seeking the requested records "for" an intelligence or terrorism
> investigation. Once the government makes this assertion, the court must
> issue the subpoena.
To add insult to injury:
> FISA orders and National Security Letters will also come with a gag order that
> forbids you from discussing them. Do NOT violate the gag order. Only speak to
> members of your organization whose participation is necessary to comply with
> the order, and your lawyer.
[1]: https://ssd.eff.org/foreign/fisa

41
post/2013-03-09-1-1-php.md 100644
View File

@ -0,0 +1,41 @@
# Adding 1 and 1 in PHP
An amusing demonstration; it is my hope that [readers will not take this PHP
library seriously][0]. This is likely a parody of the over-engineering that
often takes foot in Object-Oriented development (a game of "how many GoF[^4]
design patterns can we use in this project" anyone?).
[0]: https://github.com/Herzult/SimplePHPEasyPlus
<!-- more -->
That is not to say that "OOP is bad" (just as object-oriented developers often
consider procedural code bad, when they may just be terrible at writing
procedural code). Indeed, I wrote [an ECMAScript framework for Classical OOP
(ease.js)][1]. The problem is that, with the excitement and misunderstandings
that surround "good" object-oriented design, designers are eager to
over-abstract their implementations (I have been guilty of the same thing).
Object oriented programming is often taught to novice CS students (often with
the reign of Java in schools)---teaching practices that can be good principles
when properly applied and in moderation---which [I have also seen contribute to
such madness][2].
Abstractions are highly important, but only when necessary and when they lead to
more concise representations of the problem than would otherwise occur (note
that some problems are inherently complicated and, as such, a concise
representation may not seen concise). I'm a strong advocate of DSLs when
abstractions begin to get in the way and increase the verbosity of the code
(languages with strong macro systems like lisp help eliminate the need for
DSLs written from scratch)---design patterns exist because of deficiencies in
the language: They are "patterns" of code commonly used to achieve a certain
effect.
[Criticisms against OOP are abundant][3], just as every other paradigm.
[1]: http://easejs.org
[2]: http://c2.com/cgi/wiki?TextbookOo
[3]: http://c2.com/cgi/wiki?ArgumentsAgainstOop
[^4]: Design Patterns: Elements of Reusable Object-Oriented Software. ISBN
0-201-63361-2. Gamma, Helm, Johnson and Vlissides (the "Gang of Four").

50
post/2013-03-09-oxford-uni-block-gdocs.md 100644
View File

@ -0,0 +1,50 @@
# Oxford University Blocks Google Docs
Oxford University decided to [block Google Docs][0] last month due to phishing
attacks against its users. To quote the blog post:
[0]: http://blogs.oucs.ox.ac.uk/oxcert/2013/02/18/google-blocks/
> Almost all the recent attacks have used Google Docs URLs, and in some cases
> the phishing emails have been sent from an already-compromised University
> account to large numbers of other Oxford users. Seeing multiple such incidents
> the other afternoon tipped things over the edge. We considered these to be
> exceptional circumstances and felt that the impact on legitimate University
> business by temporarily suspending access to Google Docs was outweighed by the
> risks to University business by not taking such action.
<!-- more -->
This incident was brought to my attention by [a blog post by Schneier][1], in
which he referenced his [essay on "feudal security"][2] (I commented in more
detail on this essay in [my response to a previous blog post of
his][3].[^blog]) In this case, Oxford is trusting that it knows better than its
users and has the right to exercise this power over them in light of their
inexperience with handling these situations (or even recognizing them).
This may very well be the case---the Oxford IT department probably does have a
better understanding of security than many of their users. However, by blocking
access to Google Docs, they are also blocking access to millions of legitimate
articles hosted there, which is far from acceptable. Oxford is more than just a
workplace---for which many would argue these actions are acceptable; it is a
university that should encourage freedom of expression. They simply must find a
better way of dealing with these problems. If a user falls victim to a phishing
attack within Oxford, they will likely fall victim outside of it.
Would Oxford consider blocking e-mail access too (where phishing attacks are
very cheap and common)?
> We appreciate and apologise for the disruption this caused for our users.
> Nevertheless, we must always think in terms of the overall risk to the
> University as a whole, and we certainly cannot rule out taking such action
> again in future [...]
N.B.: Google Docs is proprietary and I cannot recommend its use any more than I
can recommend use of Microsoft Office.
[1]: https://www.schneier.com/blog/archives/2013/03/oxford_universi.html
[2]: https://www.schneier.com/essay-406.html
[3]: /2013/01/re-who-does-skype-let-spy
[^blog]: (I posted a link to my response on his blog, but he did not approve the comment.)

40
post/2013-03-09-white-house-phone-unlocking.md 100644
View File

@ -0,0 +1,40 @@
# White House Supports Cell Phone Unlocking
Earlier this week, the starter of the [White House petition to "Make Unlocking
Cell Phones Legal"][0] posted a [thread on Hacker News][1] stating that the
White House had officially responded, stating:
> The White House agrees with the 114,000+ of you who believe that consumers
> should be able to unlock their cell phones without risking criminal or other
> penalties. In fact, we believe the same principle should also apply to
> tablets, which are increasingly similar to smart phones. And if you have paid
> for your mobile device, and aren't bound by a service agreement or other
> obligation, you should be able to use it on another network. It's common
> sense, crucial for protecting consumer choice, and important for ensuring we
> continue to have the vibrant, competitive wireless market that delivers
> innovative products and solid service to meet consumers' needs.
<!-- more -->
The petition---as stated in the above response---garnered over 114,000
signatures. The response is exciting news because the Library of Congress had
[removed the phone unlocking exemption][2] at the beginning of this year. (As
the EFF points out, [this may not necessarily mean that unlocking your phone is
"illegal"][3]).
However, although this response is getting a lot of attention (I was surprised
to see my local news station report on it), this is not yet cause for
celebration; it is my hope that the White House will now follow through with
this statement and act upon it appropriately.
(The [EFF has also posted their own comments on the White House's response][4].)
This is just one issue in [a string of problems that is the DMCA][5].
[0]: https://petitions.whitehouse.gov/petition/make-unlocking-cell-phones-legal/1g9KhZG7
[1]: https://news.ycombinator.com/item?id=5319577
[2]: /2013/01/phone-unlocking-once-again-illegal
[3]: https://www.eff.org/is-it-illegal-to-unlock-a-phone
[4]: https://www.eff.org/deeplinks/2013/03/white-house-supports-unlocking-phones-real-problem-runs-deeper
[5]: https://www.eff.org/wp/unintended-consequences-under-dmca

109
post/2013-03-15-html5-drm.md 100644
View File

@ -0,0 +1,109 @@
# HTML5 DRM
Two acronyms that, until very recently, would seem entirely incompatible---HTML,
which is associated with an unencumbered, free (as in freedom) representation of
a document, and [DRM][0], which [exists for the sole purpose of restricting
freedom][1].[^bias] Unfortunately, Tim Berners-Lee---the man attributed to
["inventing" the Internet][18]---mentioned in a [keynote talk at SXSW][15] that [he is
not opposed to introducing DRM into the HTML5 standard][4]:
[^bias]: (Disclaimer: I am an associate member of the [Free Software
Foundation][2] and, as such, this reference is intentionally bias; feel free
to see the [Wikipedia article on DRM][3] for more general information.)
> [Tim Berners-Lee] did not, however, present himself as an opponent of digital
> locks. During a post-talk Q&A, he defended proposals to add support for
> "digital rights management" usage restrictions to HTML5 as necessary to get
> more content on the open Web: "If we don't put the hooks for the use of DRM
> in, people will just go back to using Flash," he claimed.
<!-- more -->
Many who oppose DRM refer to it as ["digital restrictions management"][0]---a
phrase that better describes how it affects the user. The "rights" that
"digital rights management" describes are the "rights" (in terms of
copyright) of publishers and copyright holders: They wish to lock down their
content so that [you, the user, can only access it as *they* please][5]. Has
["your" device][25] ever told you that [you cannot share a book with your
friends][6][17][24]? Has your device ever [deleted your content without your
permission][7][8]? Does your device grant you [less privileges if you decide to
liberate yourself from it][9] through "jailbreaking"?[^jb] Does the software you
run [potentially spy on you without telling you][11], without giving you the
option to correct it? Or perhaps the games you play [require you to be online,
even in single-player mode][12].
[^jb]: I go into more detail on jailbreaking and its current legality as of
the time of writing [in a previous article of mine][10].
These are but a small handful of [examples of the many mistakes and injustices
of Digital Restrictions Management][5]. These restrictions take additional
effort---that is, development time, which also means more money---to build into
software; computers, by their very nature, do exactly as they are told, meaning
that they can only work against you if someone else tells it to (unless you tell
your computer to make your life miserable...if you're into that sort of thing).
As such, we refer to these restrictions as ["anti-features"][23].
> Corporations claim that DRM is necessary to fight copyright infringement
> online and keep consumers safe from viruses. But there's no evidence that DRM
> helps fight either of those. Instead DRM helps big business stifle innovation
> and competition by making it easy to quash "unauthorized" uses of media and
> technology.
It is this logic that [corporations][13] (and even some individuals, such as
[authors][14]) use to influence entities such as the W3C---and Tim
Berners-Lee---into [thinking that DRM is necessary][15]. The [W3C describes a
"trust infastructure"][16] that could be standardized for bringing DRM to the
web:
> It is clear that user domains (eg eBook trading, sub-rights trading, streaming
> music, etc.) each require sets of Rights Primitives that those domains wish do
> useful things with.
This is an unfortunate perspective, especially since those "useful things" are
exactly the opposite for users. The Internet strongly promotes the free,
(generally) unencumbered flow of information. To [quote W3C][19]:
> The social value of the Web is that it enables human communication, commerce,
> and opportunities to share knowledge. One of W3C's primary goals is to make
> these benefits available to all people, whatever their hardware, software,
> network infrastructure, native language, culture, geographical location, or
> physical or mental ability.
A DRM implementation flies in the face of those goals, as it is, by definition,
restrictive---how can we be encouraged to share by using systems that aim to
[prevent that very thing][0]?
Richard Stallman has already announced that the [FSF will "campaign against W3C
support for DRM"][20]; let's hope that many others will join in on this
campaign, hope that organizations like the EFF will continue to fight for our
rights, and further hope that users will [reject DRM-laden products][22]
outright. [DRM cannot exist in free software][25] and it cannot exist on a
network that facilitates free information.
[0]: http://www.defectivebydesign.org/what_is_drm
[1]: http://www.defectivebydesign.org/
[2]: http://fsf.org
[3]: https://en.wikipedia.org/wiki/Digital_rights_management
[4]: http://boingboing.net/2013/03/10/tim-berners-lee-the-web-needs.html
[5]: https://www.eff.org/issues/drm
[6]: http://www.amazon.com/gp/help/customer/display.html?nodeId=200549320
[7]: http://www.defectivebydesign.org/blog/1248
[8]: http://boingboing.net/2012/10/22/kindle-user-claims-amazon-dele.html
[9]: http://arstechnica.com/apple/2011/02/ibooks-to-jailbreakers-no-yuo/
[10]: /2013/03/white-house-supports-cell-phone-unlocking
[11]: /2013/01/re-who-does-skype-let-spy
[12]: https://www.eff.org/deeplinks/2013/03/tale-simcity-users-struggle-against-onerous-drm
[13]: http://venturebeat.com/2012/10/12/together-html5-and-drm-can-take-out-native-apps/
[14]: /2013/01/lulu-says-goodbye-to-drm
[15]: http://www.guardian.co.uk/technology/blog/2013/mar/12/tim-berners-lee-drm-cory-doctorow
[16]: http://www.w3.org/2000/12/drm-ws/
[17]: https://www.fsf.org/bulletin/e-books-must-increase-our-freedom-not-decrease-it
[18]: http://www.w3.org/People/Berners-Lee/
[19]: http://www.w3.org/Consortium/mission#principles
[20]: http://lists.libreplanet.org/archive/html/libreplanet-discuss/2013-03/msg00007.html
[21]: https://www.eff.org/deeplinks/2012/11/2012-dmca-rulemaking-what-we-got-what-we-didnt-and-how-to-improve
[22]: http://www.defectivebydesign.org/guide
[23]: https://www.fsf.org/bulletin/2007/fall/antifeatures/
[24]: https://www.gnu.org/philosophy/right-to-read.html
[25]: https://www.gnu.org/philosophy/can-you-trust.html

33
post/2013-03-15-nsl-unconstitutional.md 100644
View File

@ -0,0 +1,33 @@
# Federal Judge Rules NSLs (National Security Letters) Unconstitutional
This news is huge and an incredible win for both the EFF and all U.S. citizens.
Today, [United States District Judge Susan Illston found the National Security
Letters' gag provisions unconstitutional][0] and---since the review procedures
violate the separation of powers and cannot be separated from the rest of the
statute---has consequently [ruled the NSLs themselves to be
unconstitutional][1]:
[0]: http://www.wired.com/threatlevel/2013/03/nsl-found-unconstitutional/
[1]: https://www.eff.org/press/releases/national-security-letters-are-unconstitutional-federal-judge-rules
> In today's ruling, the court held that the gag order provisions of the statute
> violate the First Amendment and that the review procedures violate separation
> of powers. Because those provisions were not separable from the rest of the
> statute, the court declared the entire statute unconstitutional
<!-- more -->
This is an exciting decision; let's see where it takes us.
> U.S. District Judge Susan Illston ordered the government to stop issuing
> so-called NSLs across the board, in a stunning defeat for the Obama
> administrations surveillance practices. She also ordered the government to
> cease enforcing the gag provision in any other cases. However, she stayed her
> order for 90 days to give the government a chance to appeal to the Ninth
> Circuit Court of Appeals.[[0]]
[The issues surrounding NSLs][2] were highlighted just last week when [Google
released numbers relating to the orders that it received][3].
[2]: https://www.eff.org/issues/national-security-letters
[3]: /2013/03/google-says-the-fbi-is-secretly-spying-on-some-of-its-customers

46
post/2013-03-23-dbd-w3c-drm.md 100644
View File

@ -0,0 +1,46 @@
# Defective By Design Campaign Against W3C DRM Standard
[As I had mentioned late last week][0], RMS had mentioned that Defective By
Design (DBD) would be campaigning against the [introduction of DRM into the W3C
HTML5 standards][1]. (Please see [my previous mention of this topic][0] for a
detailed explanation of the problem and a slew of references for additional
information.) Well, [this campaign is now live and looking for
signatures][2]---50,000 by May 3rd, which is the [International Day Against
DRM][3]:
> Hollywood is at it again. Its latest ploy to take over the Web? Use its
> influence at the World Wide Web Consortium (W3C) to weave [Digital
> Restrictions Management (DRM)][4] into HTML5 -- in other words, into the very
> fabric of the Web.
>
> [...]
>
> Help us reach 50,000 signers by May 3rd, 2013, the [International Day Against
> DRM][3]. We will deliver the signatures to the W3C (they are right down the
> street from us!) and [make your voice heard[[1].
[0]: /2013/03/html5-drm
[1]: https://www.eff.org/deeplinks/2013/03/defend-open-web-keep-drm-out-w3c-standards
[2]: http://www.defectivebydesign.org/no-drm-in-html5
[3]: http://www.defectivebydesign.org/dayagainstdrm
[4]: http://www.defectivebydesign.org/what_is_drm
<!-- more -->
To summarize the issue as [stated by the EFF][5]:
> W3C is there to create comprehensible, publicly-implementable standards that
> will guarantee interoperability, not to facilitate an explosion of new
> mutually-incompatible software and of sites and services that can only be
> accessed by particular devices or applications. But EME is a proposal to bring
> exactly that dysfunctional dynamic into HTML5, even risking a return to the
> ["bad old days, before the Web"][5] of deliberately limited
> interoperability.
>
> it would be a terrible mistake for the Web community to leave the door open
> for Hollywood's gangrenous anti-technology culture to infect W3C standards.
So please---[sign the petition now][2]!
[5]: http://www.anybrowser.org/campaign/index.html

22
post/2013-03-23-freesw-award-winners.md 100644
View File

@ -0,0 +1,22 @@
# Congratulations to the 2012 Free Software Award Winners
Each year, the [Free Software Foundation][0] presents awards to individuals who
have made a [strong contribution to free software][1]:
[0]: http://fsf.org
> The Award for the Advancement of Free Software is given annually to an
> individual who has made a great contribution to the progress and development
> of free software, through activities that accord with the spirit of free
> software.
[1]: https://www.fsf.org/news/2012-free-software-award-winners-announced-2
<!-- more -->
This year, announced at the LibrePlanet 2013 conference, [the winner was Dr.
Fernando Perez][1]---creator of IPython. The winner of the Award for Projects of
Social Benefit was [OpenMRS][2], which is a free (as in freedom) medical records
system for developing countries.
[2]: http://openmrs.org/

20
post/2013-04-20-cispa-passes.md 100644
View File

@ -0,0 +1,20 @@
# U.S. House Passes CISPA
Two days ago---on the 18th--[the U.S. House of Representatives decided to pass
CISPA 288-127][0].
> The legislation passed 288-127, despite a veto threat from Pres. Barack Obama,
> who expressed serious concerns about the danger CISPA poses to civil
> liberties.
[0]: https://www.eff.org/deeplinks/2013/04/us-house-representatives-shamefully-passes-cispa-internet-freedom-advocates
<!-- more -->
As the bill moves into the senate, [civil liberties groups will continue to
oppose it][1]; I personally hope that you will do the same.
Move [information on CISPA][2] is available on the EFF's website.
[1]: https://www.eff.org/deeplinks/2012/04/voices-against-cispa
[2]: https://www.eff.org/cybersecurity-bill-faq

14
post/2013-06-06-improved-website.md 100644
View File

@ -0,0 +1,14 @@
# Improved Website
The old WordPress website has been replaced entirely by the "thoughts" site
(which was previously located at /thoughts). This website is generated from its
git repository---available on the Projects page---which is freely licensed.
There is some content that existed on the old site that is still useful; should
that content be transferred to this site, a redirect will be set up (assuming
that it hadn't already been lost to the search engines).
Since all this content is static, there is no discussion system. I am still
debating whether or not I will add this in the future. Until that time, feel
free to contact me via e-mail.
<!-- more -->

631
post/2013-06-10-national-uproar.md 100644
View File

@ -0,0 +1,631 @@
# National Uproar: A Comprehensive Overview of the NSA Leaks and Revelations
I am finding it difficult to keep up with the flood of reports in my little free
time, while still finding the time to brush up on relevant history. My hope is
to provide a summary of recent events and additional background---along with a
plethora of references---that will allow the reader to perform further research
and to formulate educated, personal opinions on the topics. If you do not care
for my commentary, simply scroll to the list of references at the bottom of this
article.
Many [individuals and organizations][0] have long warned of [digital privacy
issues][1], but there has been one agency in particular that has been the
subject of much scrutiny---the [National Security Agency (NSA)][2], which is a
[United States government agency][3] that has a [long history of controversial
spying tactics][4] on its country's own citizens. It is a chilling topic---one
that can easily make any person sound like they've latched onto an Orwellian
conspiracy.
[0]: /2013/01/re-who-does-skype-let-spy
[1]: https://www.schneier.com/essay-418.html "The Internet Is a Surveillance State"
[2]: https://www.eff.org/nsa-spying "The EFF on NSA Spying"
[3]: https://www.eff.org/agency/national-security-agency "The National Security Agency"
[4]: https://www.eff.org/nsa-spying/timeline "Timeline of NSA Spying"
<!-- more -->
**Wednesday, June 5th, 2013**---[the Guardian newspaper publishes a leaked
document][5][6][7] ordering Verizon to
> [...] produce to the National Security Agency (NSA) upon service of this
> Order, and continue production on an ongoing daily basis thereafter for the
> duration of this Order, [...] an *electronic copy of* the following tangible
> things: *all call detail records or "telephony metadata"* created by Verizon
> for communications (i) between the United States and abroad; or (ii) wholly
> within the United States, *including local telephone calls*.[[6]] [emphasis
> added]
The order goes on to describe "telephony metadata" to include routing
information, source and destination telephone numbers, IMSI and IMEI numbers,
and time and duration of the call; it "does not include the substantive content
of any communication"---the communication content itself.[[6]] This order was
[issued by the Foreign Intelligence Surveillance Court (FISC)][8] under [section 215
of the Patriot Act][9]. (This news comes [less than three months after United
States District Judge Susal Illston ruled NSA Letters' gag provisions
unconstitutional][10].)
This report caused a massive uproar, but [came as no surprise][11] to many
security researchers and privacy advocates. Early last year, Wired released an
article stating that [the NSA "Is Building the Country's Biggest Spy
Center"][14]. Privacy concerns were raised in November of last year by [the
Petraeus scandal][14]. In March of this year, Google released figures showing
that [the NSA is secretly spying on some of its customers][15]. Two months later,
[outrage][17] after the Associated Press discovers that [the Justice Department
collected the calling records of many of its reporters and editors][18].
Additionally, [the EFF already had cases against the NSA's actions][2]---[Jewel
v. NSA][12] and [Hepting v. AT&T][13] both focus on unconstitutional dragnet
surveillance of innocent citizens' data and communications. These cases will be
explored in further detail throughout this article.
But the chaos didn't end there.
**Thursday, June 6th, 2013**---just one day after the Guardian reported on the
leaked Verizon order, the newspaper reports on [a leaked slideshow describing
PRISM][19], a top-secret program that "claims direct access to servers of firms
including Google, Apple and Facebook. According to the leaked document, the NSA
supposedly has the ability to collect material including e-mail, chat, video and
voice communications, photos, stored data and more.[[19]]. Responses from most
companies was immediate. In a [blog post entitled "What that...?"][20], Larry
Page---Google's CEO---put very plainly that Google does not participate in such
a program and denied any knowledge of PRISM:
> First, we have not joined any program that would give the U.S. government—or
> any other government—direct access to our servers. Indeed, the U.S. government
> does not have direct access or a "back door" to the information stored in
> our data centers. We had not heard of a program called PRISM until yesterday.
> Second, we provide user data to governments only in accordance with the
> law.[[20]] --Larry Page, Google CEO
[Mark Zuckerberg of Facebook also denied involvement][21], calling such claims
"outrageous" and encouraging governments to be "much more transparent about
all programs aimed at keep the public safe":
> I want to respond personally to the outrageous press reports about PRISM:
> Facebook is not and has never been part of any program to give the US or any
> other government direct access to our servers. We have never received a
> blanket request or court order from any government agency asking for
> information or metadata in bulk, like the one Verizon reportedly received. And
> if we did, we would fight it aggressively. We hadn't even heard of PRISM
> before yesterday. [...] We strongly encourage all governments to be much more
> transparent about all programs aimed at keeping the public safe. It's the only
> way to protect everyone's civil liberties and create the safe and free society
> we all want over the long term.[[21]] --Mark Zuckerberg, Facebook CEO
Indeed, [all companies eventually denied involvement with PRISM][22].
**Friday, June 7th, 2013**---Two days after the [initial Verizon report][5] and one day
after the publishing of [portions of the PRISM documents][19], the White House
responded to the Guardian reports with President Obama [defending his
administration][16]. Unfortunately, given the [history of the NSA surveillance
programs][4]---especially since the Bush administration after the 9/11
attacks---it may be difficult to believe that his words are the whole truth. As
such, we will use [portions of his transcript][16] to guide the remainder of this
discussion.
> **Jackie Calmes:** Mr. President, could you please react to the reports of
> secret government surveillance of phones and Internet? And can you also assure
> Americans that the government — your government doesnt have some massive
> secret database of all their personal online information and activity?
>
> **Obama:** [...] Now, the programs that have been discussed over the last
> couple days in the press are secret in the sense that theyre classified, but
> theyre not secret in the sense that when it comes to telephone calls, every
> member of Congress has been briefed on this program.
>
> With respect to all these programs, the relevant intelligence committees are
> fully briefed on these programs. These are programs that have been authorized
> by broad, bipartisan majorities repeatedly since 2006. And so I think at the
> outset, it's important to understand that your duly elected representatives
> have been consistently informed on exactly what were doing.[[16]]
There are some important notes regarding the phrasing of the President's
statement. Firstly, it is important to note that the President is *confirming the
existence of* the programs that "have been discussed over the last couple days
in the press"---that is, the [Verizon FISA Court order][5] and the [PRISM][19]
leak. However, it is also important to take a step back and note that the
President did *not* state outright that the reports tell the whole---or even the
correct---story. So what do we know?
On June 6th---a day before the White House responded to the leaks---the Director
of National Intelligence James Clapper [declassified certain information pertaining
to the "business records" provision of FISA][23], stating, "I believe it is
important for the American people to understand the limits of this targeted
counterterrorism program and the principles that govern its use". This statement
mentions that:
> Although this program has been properly classified, the leak of one order,
> without any context, has created a misleading impression of how it operates.
> [...] The program does not allow the Government to listen in on anyone's phone
> calls. The information acquired does not include the content of any
> communications or the identity of any subscriber. The only type of information
> acquired under the Court's order is telephony metadata, such as telephone
> numbers dialed and length of calls.[[23]]
The term "telephony metadata" could mean anything; the "numbers dialed" and
"length of calls" are part of it, but what does [the Court order][6]
specifically request?
> IT IS HEREBY ORDERED that [Verizon] shall produce to the [NSA] [...], and
> continue production on an ongoing daily basis [...] for the duration of this
> Order, [...] all call detail records or "telephony metadata" [...].
> Telephony metadata includes comprehensive communications routing information,
> including but not limited to [...] originating and terminating telephone
> number, [...] International Mobile Subscriber Identity (IMSI) number,
> International Mobile station Equipment Identity (IMEI) number, [...] trunk
> identifier, telephone calling card numbers, and time and duration of call.
> Telephony metadata does not include the substantive content of any
> communication [...], or the name, address, or financial information of a
> subscriber or customer.[[6]] --FISA Court order
The President made this point very clear:
> **Obama:** When it comes to telephone calls, nobody is listening to your
> telephone calls. Thats not what this programs about. As was indicated, what
> the intelligence community is doing is looking at phone numbers and durations
> of calls. They are not looking at peoples names, and theyre not looking at
> content. But by sifting through this so-called metadata, they may identify
> potential leads with respect to folks who might engage in terrorism. If these
> folks — if the intelligence community then actually wants to listen to a phone
> call, theyve got to go back to a federal judge, just like they would in a
> criminal investigation. So I want to be very clear. Some of the hype that
> weve been hearing over the last day or so — nobodys listening to the content
> of peoples phone calls.[[16]]
The EFF provides compelling arguments as to why [metadata is important to our
privacy][24]. One such example: "They know you spoke with an HIV testing
service, then your doctor, then your health insurance company in the same hour.
But they don't know what was discussed." The EFF further states, "the
government has given no assurances that this data will never be correlated with
other easily obtained data". So, while the President may try reassuring us by
stating that "they've got to go back to a federal judge", he certainly does
not make it clear that they may already have enough information *without* having
to do so---from this supposedly non-content metadata. They do not need to
subpoena the phone company for the name or address of the individual in most
cases, as reverse telephone directories are readily available. With that, they
then have the names of yourself, everyone you have called and GPS data.
Another argument worthy of strong consideration is posed by Daniel J.
Solove---[what if the government is wrong about your intentions][25]? How can
you go about correcting incorrect data if its very existence is hidden from the
public?
> What if the government leaks the information to the public? What if the
> government mistakenly determines that based on your pattern of activities,
> you're likely to engage in a criminal act? What if it denies you the right to
> fly? What if the government thinks your financial transactions look odd—even
> if you've done nothing wrong—and freezes your accounts? What if the government
> doesn't protect your information with adequate security, and an identity thief
> obtains it and uses it to defraud you?[[25]]
These are serious questions. Even if you---the reader---are of the type that sates
"I don't care; I have nothing to hide", then consider that, despite the government's
best efforts to secure and protect the data, [it could possibly fall prey to
enemies of the United States][25]. Consider that the [Chinese cracked into
Pentagon systems][26], taking "designs for more than two dozen major weapon systems
used by the United States military".
Of course, we are now assuming that that the NSA is (a) operating in accordance with the
Court order with respect to the privacy of communications content and (b) that
the President's statement is not intentionally omitting projects that *do*
warrantlessly wiretap innocent Americans' communications. Historically, the NSA has not
given us reason to entertain either of these thoughts.
**January 31, 2006**---[Hepting v. AT&T][13]; the EFF files a case suing AT&T on
behalf of its customers for "violating privacy law by collaborating with the
NSA in the massive, illegal program to wiretap and data-min Americans'
communications". This case included "undisputed evidence" from former AT&T technician
Mark Klein showing that [AT&T routed a copy of all Internet traffic to an NSA-controlled
room in San Francisco][27]:
> Through the "splitter cabinet," the content of all of the electronic voice
> and data communications going across the Peering Links [...] was transferred
> from the WorldNet Internet room's fiber optical circuits into the
> [NSA-controlled] SG3 Secure Room [...] including such equipment as Sun servers
> and Juniper (M40e and M160) "backbone" routers. The list also included a
> Narus STA 6400, which is a "Semantic Traffic Analyzer."[[27]]
That is---allegedly, AT&T indiscriminately passed *all* of the traffic passing
through its San Francisco facility into the NSA-controlled "SG3 Secure Room"
where the NSA performed their *own* filtering, storage and analysis however they
pleased. This is an astounding accusation. Additionally, Klein further states
that "other such `splitter cabinets' were being installed in other cities,
including Seattle, San Jose, Los Angeles and San Diego".[[27]]
Unfortunately, Hepting was dealt a fatal blow in July 2008 when both the
government and AT&T were [awarded retroactive immunity][28] by the [FISA
Amendments Act (FAA)][29]. This startling turn was signed by President Bush in
response to the EFF's court victories in the case and "allows the Attourney
General to require the dismissal of the lawsuits over the telecoms'
participation in the warrantless surveillance program".[[13]] The case was
dismissed in June 2009 and dozens of other lawsuits.
Fortunately, the battle is not over. The EFF then filed [Jewel v. NSA][12] which
directly targets the "NSA and other government agencies on behalf of AT&T
customers to stop the illegal unconstitutional and ongoing dragnet surveillance
of their communications and communications records". This case was too based
on [the testimony of Klein][27]. Additionally, the EFF had declarations of William
Binney, Thomas Drake and Kirk Wiebe---[three NSA whistleblowers][30]. Most
interesting (and damning) for the purposes of our discussion is the [Summary of
Voluminous Evidence][31].
> I have served on the Intelligence Committee for over a decade and I wish to
> deliver a warning this afternoon. When the American people find out how their
> government has secretly interpreted [the business records provision of
> FISA], they are going to be stunned and they are going to be angry.[^32]
> --Senator Ron Wyden
Note that the Senator is referring to precisely the same provision---business
records---that was partly declassified by James Clapper on Thursday.[[23]] Of
course, we are assuming that the NSA decides to go to the FISA Court for
permission; this apparently has not always been the case.
According to [the summary of evidence][31], the NSA stated:
> To perform both its offensive and defensive mission, NSA must "live on the
> network." [The program would be] a powerful and permanent presence on a
> global telecommunications infrastructure where protected American
> communications and targeted adversary communications will coexist.
This certainly shares some similarities with the Verizon case. But FISA stood
in the way of this goal; John Yoo explains why FISA was insufficient for such
a dragnet operation:
> [U]nder existing laws like FISA, you have to have the name of somebody, have
> to already suspect that someone's a terrorist before you can get a warrant.
> [...] it doesn't allow you as a government to use judgment based on
> probability to say: "[...] there's a high probability that some of those
> calls are terrorist communications. But we don't know the names of the people
> making those calls." You want to get at those phone calls, those e-mails, but
> under FISA you can't do that.[^33] --Jon Yoo
After the September 11th attacks, "FISA ceased to be an operative
concern".[[31]] If that statement sounds unsettling, that is because it is;
President Bush subsequently authorized the NSA to "conduct electronic
surveillance within the United States" without an order from the FISA Court
(FISC). General Hayden phrased it as such: the program "is a more [...]
`aggressive' program than would be traditionally available under FISA".[^34]
What---if anything---does this mean about any current NSA operations (including
the Verizon order)? If Bush is able to authorize such actions, what is to say
that Obama will not (and has not)?
Let us return to the statements from both Clapper[[23]] and Obama stating that
"nobody is listening to the content of your phone calls".[[16]] We can certainly
hope that this is the case, but we shall continue to draw from evidence in the
[Jewel v. NSA case][12] to see what the NSA has done in the past.
> It was the biggest legal mess I've ever encountered.[^35] --Jack Goldsmith, Justice
> Department's Office of Legal Consel
The program operated "in lieu of" court orders.[^36] Even more alarming (if such a
thing is possible), "neither the President nor Attorney General approved the specific
interceptions; rather, the decision to listen or read particular communications was
made by intelligence analysts"; the only authorization needed was by an NSA
"shift supervisor".[^37] So, let's reiterate:
> **Obama:** If these folks — if the intelligence community then actually wants to listen
> to a phone call, they've got to go back to a federal judge, just like they
> would in a criminal investigation.[[16]]
It may very well be that Obama is being truthful within context of the Verizon
order; perhaps they have learned from their mistakes with the AT&T dragnet.
Unfortunately, their secrecy is making it very difficult for the public to make
an informed analysis of the matter.
Ultimately, it is believed that Attorney General Comey's initial certifications of
the program were "based on a misimpression of those activities" due to a botched
legal analysis by Jon Yoo that was described as "at a minimum [...] factually
flawed". Yoo was the only OLC official to read into the program since its
inception in October 2001 until his leaving in May 2003.[[31]] When Comey refused
to reauthorize the program, Bush did so himself, resulting in threats of resignation
from Comey and "about two dozen Bush appointees". However, "[d]espite the illegality
of the Program, no officials resigned."[[31]].
In 2009, the New York Times published a series of articles regarding the
program, exposing a ["serious issue involving the NSA" concerning
"significant misconduct"][38]. This included a "`flagrant' overcollection
of domestic email".[[31]]
> Because each court order could single out hundreds or even thousands of phone
> numbers or e-mail addresses, the number of individual communications that
> were improperly collected could number in the millions, officials said.[[31]]
That was then; this is now, right? How can we be sure of any connection between
the NSA of a decade ago vs. the NSA of today? Well, as an average citizen with
no security clearance, I can't. However, there are some important connections that
can be made. Firstly, recall Ron Wyden's quote above stating that the public
will be "stunned" and "angry".[^32] On Thursday, June 6th, he [released this
statement on his Senate website][39]:
> The program Senators Feinstein and Chambliss publicly referred to today is one
> that I have been concerned about for years. I am barred by Senate rules from
> commenting on some of the details at this time. However, I believe that when
> law-abiding Americans call their friends, who they call, when they call, and
> where they call from is private information. Collecting this data about every
> single phone call that every American makes every day would be a massive
> invasion of Americans privacy.[[39]] --Senator Ron Wyden
Perhaps the most obvious and direct connection is that the [government asked for
more time in Jewel v. NSA (and Shubert v. Obama) in light of the NSA
revelations][40].
> The revelations not only confirmed what EFF has long alleged, they went even
> further and honestly, were still reeling. EFF will, of course, be continuing
> its efforts to get this egregious situation addressed by the courts.
>
> [...] EFF and others had long alleged that, despite the rhetoric surrounding
> the Patriot Act and the FISA Amendments Act, the government was still
> vacuuming up the records of the purely domestic communications of millions of
> Americans. And yesterday, of course, with the Verizon order, we got solid
> proof.. And it appears that the reach of this vacuum goes much further, into
> the records of our Internet service providers as well.[[41]] --Electronic
> Frontier Foundation
This brings us back to [PRISM][19]. Numerous sources reported that [the White
House confirmed][42] its existence. Indeed, if you consider the President's
original words--- "the programs that have been discussed over the last couple
days in the press are secret in the sense that theyre classified"[[16]]---this
does seem to be a verification of the project's existence. However, confusion ensued
when [companies like Google and Facebook denied involvement][43], despite what
the [leaked information seems to state][19]. Yonatan Zunger---chief architect at
Google---[reiterated the words of Larry Page][44]:
> I can also tell you that the suggestion that PRISM involved anything happening
> directly inside our datacenters surprised me a great deal; owing to the nature
> of my work at Google over the past decade, it would have been challenging --
> not impossible, but definitely a major surprise -- if something like this
> could have been done without my ever hearing of it. And I can categorically
> state that *nothing* resembling the mass surveillance of individuals by
> governments within our systems has ever crossed my plate.[[44]] --Yonatan
> Zunger, Chief Architect, Google
Questions then arose as to what exactly "PRISM" is. Marc Ambinder with The Week
reported that [PRISM is nothing more than one of many different "data collection
tools"][45] that may be used by the NSA. One day later, Marc posted another article
entitled ["Solving the mystery of PRISM"][46]
> Each data processing tool, collection platform, mission and source for raw
> intelligence is given a specific numeric signals activity/address designator,
> or a SIGAD. [...] PRISM is US-984XN. Each SIGAD is basically a collection
> site, physical or virtual; [...] PRISM is a kick-ass GUI that allows an
> analyst to look at, collate, monitor, and cross-check different data types
> provided to the NSA from internet companies located inside the United States.[[46]]
Others hypothesized that, due to the denial of involvement from various
companies[[44]], PRISM may operate by intercepting communications. The Guardian
[countered by releasing another slide from the leaked presentation][47], stating
outright that "[b]oth of these theories appear to be contradicted by internal
NSA documents".
> It clearly distinguishes Prism, which involves data collection from servers,
> as distinct from four different programs involving data collection from "fiber
> cables and infrastructure as data flows past".[[47]]
This sounds a great deal like Klein's description of the SG3 Secure Room at
AT&T[[27]] (though I do not intend to imply that they are the same thing---that is
not clear, nor does Klien state that he ever noted the word "PRISM" on any
documents). The Guardian goes on to state that "[a] far fuller picture of the exact
operation of Prism [...] is expected to emerge in the coming weeks and months".
(Is that foreshadowing or an educated guess?)
There is, of course, the other obvious hypothesis---that organizations including
Google, Facebook and Microsoft are being [deceptive or not telling the whole
truth][48]. Alternatively, maybe such operations were being done under the noses
of executives. On Friday, the New York Times published an article stating that
the technology companies ["cooperated at least a bit"][49].
> [Google, Micorsoft, Yahoo, Facebook, AOL, Apple and Paltalk] were legally
> required to share the data under the Foreign Intelligence Surveillance Act.
> [...] But instead of adding a back door to their servers, the companies were
> essentially asked to erect a locked mailbox and give the government the key,
> people briefed on the negotiations said. Facebook, for instance, built such a
> system for requesting and sharing the information, they said.[[49]]
This does not necessarily mean that these companies had any knowledge,
specifically, of "PRISM". As the Guardian said, I will be curious to see what
information surfaces in the coming months; the gag provisions of the orders make
for an unfortunate situation for everyone involved.
Let us return to the President's statements.
> **Obama:** And I welcome this debate. And I think it's healthy for our
> democracy. I think it's a sign of maturity, because probably five years ago,
> six years ago, we might not have been having this debate.[[16]]
This is a difficult debate to have, Mr. President, when the public does not know
of the existence of these programs; we only have knowledge of these programs due
to the aforementioned leaks---courageous individuals who feel that their
government is not representative of the democracy and freedom that it supposedly
represents. This segues into another statement from the President:
> **Jackie Calmes:** Do you welcome the leak, sir? Do you welcome the leak if
> you welcome the debate?
>
> **Obama:** I don't---I don't welcome leaks, because there's a reason why these
> programs are classified. [...] But that's also why we've set up congressional
> oversight. These are the folks you all vote for as your representative in
> Congress, and theyre being fully briefed on these programs.
Unfortunately, Obama seems to have missed another critical fact. We---the
people---vote for representatives that, well, "represent" *the issues that we
care about*. Those who are strongly opposed to gun legislation will vote for
those representatives that share those feelings and will fight to oppose such
legislation. Similarly, a pro-life supporter will probably not vote for a
candidate in favor of abortion. But what if there is a candidate that shares one
opinion but not another---say, opposes gun regulation but supports abortion,
when you as a voter are a pro-life gun-owner against gun legislation? Then you
will likely vote for the issues that you feel most strongly about (or what you
feel is a fair balance between all the other issues you follow). The problem
here, Mr. President, is that we---the people---are not made aware of these
issues because they are *classified*. How many people may not have voted for
you, Mr. President, had they known that you would support dragnet surveillance
of innocent Americans?
**Sunday, June 9th, 2013**---The Guardian continues to surprise the world by
[releasing the name of the NSA whistleblower at his request][50]. Edward
Snowden, a 29-year-old former CIA technical assistant and current defense
contractor employee is responsible for what The Guardian is calling "the
biggest intelligence leak in the NSA's history". Reporting from Hong
Kong---where Snowden fled to on May 20th in the hope of resisting the
U.S. government---Glenn Greenwald, Ewen MacAskill and Laura Poitras report
on his motives.
> Three weeks ago, Snowden made final preparations [...] [a]t the NSA office in
> Hawaii where he was working, [copying] the last set of documents he intended
> to disclose.[[50]]
Snowden describes situations where he began to begin questioning his government,
such as a case where a CIA operative purposely encouraged a Swiss banker to get
intoxicated and drive drunk so that he would be arrested. "Much of what I saw
in Geneva really disillusioned me about how my government functions and what its
impact is in the world." He mentioned that the election of Obama in 2008 gave
him hope for reform, but watched in 2009 as "Obama advanced the very policies
that I thought would be reined in. [...] I got hardened."[[50]]
It is this statement from Snowden that, if accurate, suggests that Obama not
only supports Bush's initial dragnet operation[[31]], but has further expanded it.
At this point, since the news is still quite young at the time that this article
was written, the world must wait to see what action the government will attempt
to take against Snowden. Reuters had already reported the previous day that
[the government is likely to open a criminal probe into the NSA leaks][51].
> James Clapper, the director of U.S. national intelligence, condemned the leaks
> and asserted that the news articles about PRISM contained "numerous
> inaccuracies."[[51]]
Snowden is not the first to come forward as a whistleblower from the NSA---as we
discussed previously, three NSA whistleblowers came fourth previously to back the
EFF in Jewel v. NSA;[[30]] they each had the charges either cleared or dropped. That
said, [Obama has been aggressively pursuing whistleblowers][59]. Snowden
mentioned that he views his best hope of freedom as the possibility of asylum
with Iceland.[[50]] It appears that such may already be working in his favor, with
[Iclandic Legislator Birgitta Jonsdottir already starting the process to apply
for asylum][52], although it is not clear if Snowden has already applied.
There is a great deal to think about. Even though the [evidence against the NSA
dates far back][4], the recent revelations invoke emotions that are difficult to
describe. With countless individuals working to sift through the information,
the Obama administration under attack and nobody knowing if the Guardian is
sitting on even more information, the entire world will continue to watch
impatiently...and act.
While all this is going on, it would be useful to reiterate certain privacy and
security topics that have already been covered at large. Firstly, consider
checking out the EFF's [Surveillance Self-Defense][53] website, which contains
information on a number of topics including anonymity and how to respond to
court orders. Consider using [Tor for anonymity][54] online (but recognize that
it is not a full solution in itself). Consider [keeping your data to
yourself][55] rather than storing it on "cloud" services---[Richard Stallman
explains how Software as a Service (SaaS) differs in dangers from proprietary
software][56]. Consider using only [free software][57] to limit further
sacrifices in personal freedom and to limit the information that corporations
and third parties collect from you while using your computer and other devices.
Finally, if you have information that you want to leak to the press (whether or
not you are an [NSA employee][58]), you may be able to consider tools such as
[The New Yorker's Strongbox][60]; it uses [software created by Aaron Swartz][61]
shortly before his untimely death early this year.
Finally, aid senators like Rand Paul in developing [legislation to curb the powers
of the government][62]. We must also do our best to fight for the rights of
brave whistleblowers like Snowden. To end with the words of the EFF, ["we need
a new church committee and we need it now"][41].
[5]: http://www.guardian.co.uk/world/2013/jun/06/nsa-phone-records-verizon-court-order
"NSA collecting phone records of millions of Verizon customers daily"
[6]: http://s3.documentcloud.org/documents/709012/verizon.pdf "PDF of the FISA Court order to Verizon."
[7]: http://s3.documentcloud.org/documents/709012/verizon.txt "Ibid; plain text version."
[8]: https://www.eff.org/deeplinks/2013/06/confirmed-nsa-spying-millions-americans
"Confirmed: NSA Spying on Millions of Americans"
[9]: https://www.eff.org/deeplinks/2011/10/ten-years-later-look-three-scariest-provisions-usa-patriot-act
"Three Scariest Provisions of thet USA Patriot Act"
[10]: /2013/03/federal-judge-rules-nsls-national-security-letters-unconstitutional
"Federal Judge Declares National Security Letters Unconstitutional"
[11]: http://www.theatlantic.com/politics/archive/2013/06/what-we-dont-know-about-spying-on-citizens-scarier-than-what-we-know/276607/
"Bruce Schneier comments on NSA leak"
[12]: https://www.eff.org/cases/jewel "Jewel v. NSA"
[13]: https://www.eff.org/cases/hepting "Hepting v. AT&T"
[14]: /2012/11/privacy-in-light-of-the-petraeus-scandal
"Privacy In Light of the Petraeus Scandal"
[15]: /2013/03/google-says-the-fbi-is-secretly-spying-on-some-of-its-customers
"Google Says the FBI Is Secretly Spying on Some of Its Customers"
[16]: http://blogs.wsj.com/washwire/2013/06/07/transcript-what-obama-said-on-nsa-controversy/
"Obama on the NSA controversy"
[17]: https://www.eff.org/deeplinks/2013/05/congressional-outrage-over-ap-phone-records
"Congressional outrate of AP phone records"
[18]: https://www.eff.org/deeplinks/2013/05/doj-subpoena-ap-journalists-shows-need-protect-calling-records
[19]: http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-data
[20]: http://googleblog.blogspot.com/2013/06/what.html "Larry Page denies PRISM involvement"
[21]: https://www.facebook.com/zuck/posts/10100828955847631 "Mark Zuckerberg denies PRISM involvement"
[22]: http://www.guardian.co.uk/world/2013/jun/07/google-facebook-prism-surveillance-program
[23]: http://www.dni.gov/index.php/newsroom/press-releases/191-press-releases-2013/868-dni-statement-on-recent-unauthorized-disclosures-of-classified-information
"James Clapper---Directory of National Intelligence---declassifies
information pertaining to the "business records" provision of FISA"
[24]: https://www.eff.org/deeplinks/2013/06/why-metadata-matters
"The EFF describes why telephony metadata can have a significant impact on our privacy."
[25]: http://mashable.com/2013/06/08/china-hack-nsa/ "What if crackers get a hold of the NSA's databases?"
[26]: http://rt.com/usa/us-chinese-report-defense-888/ "The Chinese crack into Pentagon systems."
[27]: https://www.eff.org/file/28823 "Public unredacted Mark Klein declaration"
[28]: https://www.eff.org/pages/case-against-retroactive-amnesty-telecoms "The Case Against Retroactive Amnesty for Telecoms."
[29]: http://www.govtrack.us/congress/bills/110/hr6304/text "FISA Amendments Act (FAA)."
[30]: https://www.eff.org/press/releases/three-nsa-whistleblowers-back-effs-lawsuit-over-governments-massive-spying-program
"Three NSA whistleblowers back the EFF in Jewel v. NSA"
[31]: https://www.eff.org/node/72021 "Summary of Voluminous Evidence, Jewel v. NSA"
[38]: http://www.nytimes.com/2009/04/16/us/16nsa.html?pagewanted=all "Officials Say U.S. Wiretaps Exceeded Law"
[39]: http://www.wyden.senate.gov/news/press-releases/wyden-statement-on-alleged-large-scale-collection-of-phone-records
"Ron Wyden comments on the collection of Verizon phone records"
[40]: https://www.eff.org/deeplinks/2013/06/government-asks-more-time-eff-surveillance-cases
"In Light of NSA Revelations, Government Asks for More Time in EFF Surveillance Cases"
[41]: https://www.eff.org/deeplinks/2013/06/response-nsa-we-need-new-church-commission-and-we-need-it-now
"In Response to the NSA, We Need A New Church Committee and We Need It Now"
[42]: http://www.theweek.co.uk/us/53475/white-house-admits-it-has-access-facebook-google
"White House admits it has "access" to Facebook, Google"
[43]: http://www.guardian.co.uk/world/2013/jun/07/google-facebook-prism-surveillance-program
"Facebook and Google insist they did not know of Prism surveillance program"
[44]: https://plus.google.com/+YonatanZunger/posts/huwQsphBron
"Yonatan Zunger---Chief Architect at Google---expresses his distaste of PRISM"
[45]: http://theweek.com/article/index/245311/sources-nsa-sucks-in-data-from-50-companies
"Sources: NSA sucks in data from 50 companies"
[46]: http://theweek.com/article/index/245360/solving-the-mystery-of-prism
"Solving the mystery of PRISM"
[47]: http://www.guardian.co.uk/world/2013/jun/08/nsa-prism-server-collection-facebook-google
"NSA's Prism surveillance program: how it works and what it can do."
[48]: http://www.guardian.co.uk/world/2013/jun/08/obama-response-nsa-surveillance-democrats
"Obama deflects criticism over NSA surveillance as Democrats sound alarm."
[49]: http://www.nytimes.com/2013/06/08/technology/tech-companies-bristling-concede-to-government-surveillance-efforts.html?ref=global-home&_r=2&pagewanted=all&
"Tech Companies Concede to Surveillance Program"
[50]: http://www.guardian.co.uk/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance
"Edward Snowden: the whistleblower behind the NSA surveillance revelations."
[51]: http://www.reuters.com/article/2013/06/08/us-usa-security-leaks-idUSBRE95700C20130608
"Government likely to open criminal probe into NSA leaks: officials."
[52]: http://www.forbes.com/sites/andygreenberg/2013/06/09/icelandic-legislator-im-ready-to-help-nsa-whistleblower-seek-asylum/
"Icelandic Legislator: I'm Ready To Help NSA Whistleblower Edward Snowden Seek Asylum"
[53]: https://ssd.eff.org/ "EFF Surveillance Self-Defense."
[54]: https://www.torproject.org/ "The Tor project offers anonymity online."
[55]: http://www.guardian.co.uk/technology/2008/sep/29/cloud.computing.richard.stallman
"Cloud computing is a trap, warns GNU founder Richard Stallman"
[56]: http://www.gnu.org/philosophy/who-does-that-server-really-serve.html
"Who does that server really serve?"
[57]: http://www.gnu.org/philosophy/free-sw.html "What is free software?"
[58]: http://www.whistleblowers.org/index.php?option=com_content&task=view&id=984&Itemid=173
"National Security Employees Know Your Rights"
[59]: http://www.theatlanticwire.com/politics/2011/05/obamas-war-whistle-blowers/38106/
"Obama's War on Whistle-Blowers"
[60]: http://www.newyorker.com/strongbox/ "The New Yorker Strongbox"
[61]: http://www.newyorker.com/online/blogs/newsdesk/2013/05/strongbox-and-aaron-swartz.html
"Strongbox and Aaron Swartz"
[62]: http://abcnews.go.com/blogs/politics/2013/06/rand-paul-bill-would-curb-nsa-on-phone-records/
"Rand Paul Bill Would Curb NSA on Phone Records"
[^32]: Ibid.[[31]] 157 Cong. Rec. S3372--3402, S3386 (May 26, 2011) [Vol. VI, Ex. 111, p. 4286]
(Statement of Sen. Ron Wyden, On Patriot Act Reauthorization)
[^33]: Ibid.[[31]] PBS Frontline, Spying on the Homefront, Interview with John C. Yoo at 4
(Jan. 10, 2007) [Vol. I, Ex. 10, p. 394]
[^34]: Ibid.[[31]] Press Briefing by Atty Gen. Alberto Gonzalez and Gen. Michael Hayden,
Principal Dep. Dir. for Natl Intelligence (Dec. 19, 2005)
[^35]: Ibid.[[31]] Preserving the Rule of Law in the Fight Against Terror:
Hearing before the S. Comm. on the Judiciary, 110th Cong. 7 (Oct. 2, 2007)
[Vol. III, Ex. 42, p. 1307] (testimony of Jack Goldsmith)
[^36]: Ibid.[[31]] Press Briefing by Atty Gen. Alberto Gonzalez and Gen. Michael Hayden, Principal Dep. Dir.
for Natl Intelligence (Dec. 19, 2005)
[^37]: Ibid.[[31]] Remarks by Gen. Michael Hayden, Address to the National Press Club, Washington, D.C. (Jan. 23, 2006)
[Vol. IV, Ex. 73, p. 1809]

159
post/2013-06-16-thoughts-cc-by-sa.md 100644
View File

@ -0,0 +1,159 @@
# All "Thoughts" and Site Text Now Licensed Under CC BY-SA
All "thoughts"---that is, my blog-like entries that are generated by the
repository commit messages---and site text are hereby retroactively relicensed
under the [Creative Commons Attribution-ShareAlike 3.0 Unported License][0].
This license shall not supersede any license that is explicitly put forth within
a work; see the COPYING file within the thoughts repository---available on the
"Projects" page---for more information.
[0]: http://creativecommons.org/licenses/by-sa/3.0/
<!-- more -->
This is not a decision I take lightly; it has received much thought over the
course of recent years. For some time, I accepted [the view of Richard Stallman
and the Free Software Foundation][1] on opinion pieces in that, since they
express personal opinions, it is not unreasonable to require that they be
distributed verbatim. Indeed, it would seem wise not to allow someone to change
your words, especially on something that you are passionate about.
However, I have come to adopt another perspective. What is the motivation behind
releasing content under a license that permits modification (that is, the
creation of derivative works)? Often, the primary reason is to allow others to
improve upon the content or to modify it to suit their particular needs. To
prevent others from locking down those changes---preventing others from having
the same rights as they did---many will often release their works under licenses
that require that all derivatives be released under the same terms. In the case
of Creative Commons, this is called ["ShareAlike"][2], which is motivated by
GNU's copyright hack called [copyleft][3] (popularized by the [GNU General
Public License][4]).
For [free software][5] advocates, the question of whether or not to permit
modification is generally not even raised---it is a necessity. Software serves a
functional purpose: Prohibiting modification could prevent users from altering
the software in ways that they may find useful and could be used to exert
control over the users. Software does stuff. Software can control what the user
can and cannot do.
Creative works are often considered in a different light. Like software, they
are indeed useful---they can be tools to learn, to entertain, etc. However, does
prohibiting modification do any harm? In the case of [documentation for free
software][6], yes---documentation is very important and can make the difference
between highly useful software and impenetrable software. Free documentation
ensures that, as the software grows, the documentation can grow with it. Since
the documentation for many projects is often scarce or poorly written (great
computer hackers are not necessarily great language hackers), the freedom to
modify the documentation is a necessity.
Then what of texts that have nothing to do with a free software project? Texts
that serve as an educational resource of any kind would benefit from being free
just as a free software project would---experts could contribute, teachers could
alter it to suit their particular teaching style or their classroom setting,
etc. But what of texts that exist purely as opinion pieces?
I'm not sure there's such a thing as a "pure" opinion piece, unless it is
utter garbage.
An author would do well to substantiate their opinion with appropriate
references (though often times, this is not the case). With those
references (or lack thereof) comes the need to connect them to the content---the
author must explain his or her opinion. This explanation is educational, even if
the reader does not agree with the opinion. Perhaps the reader wishes to use the
opinion piece as a resource, but notices that it is lacking in some respect.
Should they not be able to improve it, perhaps to even further the author's
point? Or, perhaps the opinion piece could be extended to the contrary---to
prove additional references to either make it neutral or even work against the
author's original opinion. Even though this may not be what the author wants,
this is still a useful derivation of the original work.
As an example, consider this very post. This is clearly an opinion piece---I
have made the choice to release my content under a Creative Commons license and
I am substantiating my opinion in the hope that others may gain insight and
possibly even choose the same path for their own creative works. What if someone
wished to present this article to a group of individuals---maybe in the
workplace---but found my "garbage" comment to be unnecessarily harsh? What
personal harm would I incur if they were to remove that statement? However, what
if they wished to go further by replacing all references to "free software"
with references to "open source"---a term which I [reject][7]? Well, this
could potentially affect my image, depending on the group's philosophy. What
now?
There are a few important points to note from this. Firstly, the license
mandates that:
> If You Distribute, or Publicly Perform the Work or any Adaptations or
> Collections, You must, unless a request has been made pursuant to Section
> 4(a), keep intact all copyright notices for the Work and provide, reasonable
> to the medium or means You are utilizing: (i) the name of the Original Author
> (or pseudonym, if applicable) if supplied, and/or if the Original Author
> and/or Licensor designate another party or parties (e.g., a sponsor institute,
> publishing entity, journal) for attribution ("Attribution Parties") in
> Licensor's copyright notice, terms of service or by other reasonable means,
> the name of such party or parties; (ii) the title of the Work if supplied;
> (iii) to the extent reasonably practicable, the URI, if any, that Licensor
> specifies to be associated with the Work, unless such URI does not refer to
> the copyright notice or licensing information for the Work; and (iv) ,
> consistent with Ssection [sic] 3(b), in the case of an Adaptation, a credit
> identifying the use of the Work in the Adaptation (e.g., "French translation
> of the Work by Original Author," or "Screenplay based on original Work by
> Original Author").[8]
In plain English---you must provide attribution to the original author and
indicate that the work has been modified from the original. Furthermore:
> The credit required by this Section 4(c) may be implemented in any reasonable
> manner; provided, however, that in the case of a Adaptation or Collection, at
> a minimum such credit will appear, if a credit for all contributing authors of
> the Adaptation or Collection appears, then as part of these credits and in a
> manner at least as prominent as the credits for the other contributing
> authors.[8]
It would therefore be appropriate to assume that an author of a derivate work
will, in good faith, make clear attribution. Should this not be the case, then
what is to say that the author would not have simply modified a work which is
not licensed to permit modifications?
The next point is another simple one: Under United States copyright law, the
[fair use doctrine][9] permits limited use of a copyrighted work without prior
consent from the author; it is this doctrine that allows, for example, authors
and journalists to quote portions of other works to report on or back up their
arguments. This means that, even if the license did not permit, an author could
still incorporate *portions* of my work to support their own arguments or agenda,
regardless of whether or not I may agree with it. This segues into the final
point.
Who am I to [dictate others opinions][10]? It would not be right of me to limit
one's freedom simply because they violate my own personal opinions or beliefs.
Therefore, if this is one condition under which I would decide to restrict my
creative works, then that reason should be immediately dismissed. This means
that---within the context of my previous example---if someone wanted to alter
all the references to "free software" in my work to adapt it to their own
personal style, then they should be permitted to do so. Such a work is no longer
my own: They must clearly state that it has been altered from the original.
Hopefully readers take notice of that. My works are always published on my own
personal website where the originals can be found; with today's search engines,
such a task is trivial. If someone neglects to do so---and I do understand that
many will neglect to do so---then they have not made an informed opinion on the
material.
Another minor point would be that, for the majority of my works, it is unlikely
that anyone will be making any sort of alteration.
As such, I find that I have little ground to stand on should I attempt to
rationalize a more restrictive license. Any remaining arguments, such as "what
if they sell your content or modify it only slightly and are given more credit
for the work than they deserve?" are already covered by the free software
philosophy can may be easily adopted here.
[1]: http://www.gnu.org/licenses/license-list.html#OpinionLicenses
[2]: http://creativecommons.org/licenses/
[3]: https://www.gnu.org/copyleft/copyleft.html
[4]: https://www.gnu.org/copyleft/gpl.html
[5]: https://www.gnu.org/philosophy/free-sw.html
[6]: https://www.gnu.org/philosophy/free-doc.html
[7]: http://www.gnu.org/philosophy/open-source-misses-the-point.html
[8]: http://creativecommons.org/licenses/by-sa/3.0/legalcode
[9]: http://en.wikipedia.org/wiki/Fair_use
[10]: http://www.gnu.org/philosophy/programs-must-not-limit-freedom.html

64
post/2013-07-12-snowden-asylum.md 100644
View File

@ -0,0 +1,64 @@
# Snowden Statement at Moscow Airport; Accepts Asylum Offers
**See Also:** [National Uproar: A Comprehensive Overview of the NSA Leaks and
Revelations][0]; I have not yet had the time to devote to writing a thorough
follow-up of recent events and will likely wait until further information and
leaks are presented.
[Edward Snowden][1]---the whistleblower responsible for [exposing various NSA
dragnet spying programs][0], among other documents---has been [stuck in the
Moscow airport][2] for quite some time while trying to figure out how he will
travel to countries offering him asylum, which may involve traveling through
territories that may cooperate with the United States' extradition requests.
[0]: /2013/06/national-uproar-a-comprehensive-overview-of-the-nsa-leaks-and-revelations
[1]: https://en.wikipedia.org/wiki/Edward_Snowden (Now with his own Wikipedia page)
[2]: http://www.guardian.co.uk/world/2013/jul/01/edward-snowden-escape-moscow-airport
<!-- more -->
Snowden [issued a statement today to Human Rights groups at Moscow's
Sheremetyevo airport][3], within which he mentioned:
> I announce today my formal acceptance of all offers of support or asylum I
> have been extended and all others that may be offered in the future. With, for
> example, the grant of asylum provided by Venezuelas President Maduro, my
> asylee status is now formal, and no state has a basis by which to limit or
> interfere with my right to enjoy that asylum. [...] I ask for your assistance
> in requesting guarantees of safe passage from the relevant nations in securing
> my travel to Latin America, as well as requesting asylum in Russia until such
> time as these states accede to law and my legal travel is permitted. I will be
> submitting my request to Russia today, and hope it will be accepted
> favorably.[3]
Snowden had previously [withdrawn his request for political asylum in Russia][4]
after [Vladmir Putin stated that he could stay][5] only if he stopped "bringing
harm to our American partners"---something which [Snowden does not believe that
he is doing][6]. Although Venezuela has offered Snowden asylum, as [explained by
the Guardian][6], "he remains unable to travel there without travel
documents". Even if he does obtain travel documents, there are still
worries---earlier this month, the [Bolivian president's plane was diverted with
suspicion that Snowden was on board][7], showing that certain countries may be
willing to aid the U.S. in his extradition or otherwise prevent him from
traveling.
My focus on these issues will seldom be on Snowden himself---I would prefer to
focus primarily on what he sacrificed his life to bring to light. But it is
precisely this sacrifice that makes it important to ensure that Snowden does not
fall out of the picture (though it does not appear that he will any time soon).
The Guardian also seems to have adopted the strategy of slowly providing more
information on the leaks over time---such as the recent revelation that
[Microsoft cooperated with the NSA's Prisim program to provide access to
unencrypted contents of Outlook.com, Hotmail, Skype and SkyDrive services][8]; I
will have more on that later.
I end this with a photograph taken yesterday of [Richard Stallman with Julian
Assange holding up a picture of Snowden][9] that brings a smile to my face.
[3]: http://wikileaks.org/Statement-by-Edward-Snowden-to.html
[4]: http://www.guardian.co.uk/world/2013/jul/02/edward-snowden-nsa-withdraws-asylum-russia-putin
[5]: http://www.guardian.co.uk/world/2013/jul/01/putin-snowden-remain-russia-offer
[6]: http://m.guardiannews.com/world/2013/jul/12/edward-snowden-accuses-us-illegal-campaign
[7]: http://www.guardian.co.uk/world/2013/jul/05/european-states-snowden-morales-plane-nsa
[8]: http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data
[9]: http://twitpic.com/d279tx

99
post/2013-08-11-london-trash-spies.md 100644
View File

@ -0,0 +1,99 @@
# London Trashcan Spies
We're not talking about kids hiding out in trashcans talking on
walkie-talkies and giggling to each other.
[Ars has reported on London trashcans][0] rigged to collect the [MAC
addresses][1] of mobile devices that pass by. Since we do not often see
mobile devices carrying themselves around, we may as well rephrase this as
"collect the MAC addresses of people that pass by":
> During a one-week period in June, just 12 cans, or about 10 percent of the
> company's fleet, tracked more than 4 million devices and allowed company
> marketers to map the "footfall" of their owners within a 4-minute
> walking distance to various stores.
[0]: http://arstechnica.com/security/2013/08/no-this-isnt-a-scene-from-minority-report-this-trash-can-is-stalking-you/
[1]: http://en.wikipedia.org/wiki/MAC_address
<!-- more -->
Your device's---er, *your*---MAC address is a unique identifier that, in
the case of wireless networks, is used by the networks to state that a
message is intended specifically for you---something that is necessary since
wireless devices communicate through open air and, therefore, your device is
[also able to pick up the communications of other devices][2]:
> In IEEE 802 networks such as Ethernet, token ring, and IEEE 802.11, and in
> FDDI, each frame includes a destination Media Access Control address (MAC
> address). In non-promiscuous mode, when a NIC receives a frame, it
> normally drops it unless the frame is addressed to that NIC's MAC address
> or is a broadcast or multicast frame.
Therefore, in such networks, a MAC address is required for communication. So
why does your device freely give away such a unique identifier that can be
used to track you? Consider that, when wireless is enabled (and, as [the Ars
article][0] mentions, sometimes [even when it's not][3]), your device
generally scans your surroundings in order to provide you with a list of
networks to connect to. This list is generally populated when various access
points broadcast their own information to advertise themselves so that you
can select them to connect. However, some access points are hidden---they do
not broadcast their information, which helps to deter unwanted or malicious
users. To connect to these access points, you generally provide the name
that the access point administrator has given to it (e.g. "mysecretap").
Let's say you disconnect from mysecretap. Since the access point (AP) is not
broadcasting itself, how does your device know when it is available again?
It must attempt to ping it and see if it gets a response. With this ping is
your MAC address. Since many devices conveniently like to connect
automatically to known access points when they become available, it is
likely that your device is pinging rather frequently.
But what if you do not use hidden access points? Well, it is likely that the
same issue still stands---what if the access point that you connected to was
once listed but then becomes hidden? (Maybe the administrator of the access
point allowed broadcasts for a period of time to allow people to connect
easily, but then hid it at a later time.) Your device would need to account
for that, and therefore, to be helpful, likely broadcasts pings for any
access point you have connected to recently (where "recently" would depend
on your device).
Now, back to the [NSA][5]-wannabe-trashcans: At this point, all an observer
must do is lay in wait for those broadcasts and record the MAC addresses. By
placing these devices at various locations, you could easily track the
movements of individuals, including their speed, destinations, durations of
their visits, visit frequencies, favorite areas, dwellings, travel patterns,
etc. Since devices may broadcast a whole slew of recent access points that
it connected to, you could also see areas that the owner may have been to
(oh, I see that you connected to the free wifi in that strip joint). You
[could be evil][6].
Turn off wireless on your device when you are not using it---especially when
you are traveling. Ensure that your device [does not continue pinging access
points when wireless is disabled][3].
Better yet, fight back. Consider exploring how to spoof your MAC address,
perhaps randomly generating one every so often. Consider the possibilities
of activist groups that may pollute these spy databases by gathering a list
of unique MAC addresses of passerbys for the purpose of rebroadcasting them
at random intervals---which you could even do using long-range antennas
targeted at these devices.[^7] If done properly to mimic models of common
travel patterns, the data that these spy devices gather would become
unreliable.[^8]
Surveillance by any entity---be it [governments][5], corporations,
individuals or otherwise---is not acceptable.
[2]: http://en.wikipedia.org/wiki/Promiscuous_mode
[3]: http://arstechnica.com/gadgets/2013/08/review-android-4-3-future-proofs-the-platform-with-multitude-of-minor-changes/3/#p15
[4]: http://arstechnica.com/security/2013/08/diy-stalker-boxes-spy-on-wi-fi-users-cheaply-and-with-maximum-creep-value/
[5]: /2013/06/national-uproar-a-comprehensive-overview-of-the-nsa-leaks-and-revelations
[6]: http://renewlondon.com
[^7]: Disclaimer: Please research your local laws.
[^8]: Of course, it is important that such an activity in itself does not
violate a person's privacy, and so such collection must be done in a manner
that cannot in itself identify the person's travel patterns (e.g. by
not storing information on what access point the data was collected from).

17
post/2013-08-12-facebook-spying.md 100644
View File

@ -0,0 +1,17 @@
# Facebook knows about you even if you are not a member
An article about [the scope of Facebook's data collection][0] speaks for
itself; this really does not come as a surprise, but is nonetheless
unsettling.
[0]: http://www.groovypost.com/news/facebook-shadow-accounts-non-users/
<!-- more -->
Encourage your friends, colleagues and acquaintances to use services like
[Diaspora][1] that are respectful of your data instead. Better yet: explain
to those individuals the problems of social media services and ask that they
respectfully leave you out of it.
[1]: https://joindiaspora.com/

40
post/2013-08-12-win8-ads.md 100644
View File

@ -0,0 +1,40 @@
# Windows 8.1 to display targeted advertisements on local system searches
It is very disturbing that [Microsoft decided that it would be a good idea
to display targeted ads on local searches][0]---that is, if you search for a
file on your PC named "finances", you may get ads for finance software,
taxes, etc. If you search for "porn", well, you get the idea.
> Bing Ads will be an integral part of this new Windows 8.1 Smart Search
> experience. Now, with a single campaign setup, advertisers can connect
> with consumers across Bing, Yahoo! and the new Windows Search with highly
> relevant ads for their search queries. In addition, Bing Ads will include
> Web previews of websites and the latest features like site links, location
> and call extensions, making it easier for consumers to complete tasks and
> for advertisers to drive qualified leads.[[1]]
[0]: http://www.computerworld.com/s/article/9241524/Steven_J._Vaughan_Nichols_Microsoft_Bing_bang_bungles_local_search
[1]: http://community.bingads.microsoft.com/ads/en/bingads/b/blog/archive/2013/07/02/new-search-ad-experiences-within-windows-8-1.aspx
<!-- more -->
While that is certainly obnoxious, consider the larger issue of privacy
(which seems to be in the news a lot lately[[2]][[3]]): Late last year, there
was an uproar in the Free Software community when [Ubuntu decided to query
Amazon---enabled by default---on local searches][4] using their new Unity
interface. The problem is that your personal queries are being sent to a
third party---queries that you generally would expect to be private. If I
run a `find' or `grep' command on my system, I certainly do not expect it to
report to Amazon or Microsoft what I am searching for.
And to make matters even worse, Microsoft is exploiting this information to
allow advertisers to target you. [Ironic.][5]
[Do not use Windows 8][6] (or any other proprietary software, for that
matter).
[2]: /2013/08/facebook-knows-about-you-even-if-you-are-not-a-member
[3]: /2013/06/national-uproar-a-comprehensive-overview-of-the-nsa-leaks-and-revelations
[4]: http://www.fsf.org/blogs/rms/ubuntu-spyware-what-to-do
[5]: http://www.scroogled.com/email/
[6]: https://www.fsf.org/windows8

64
post/2013-08-13-air-temp-phone-battery.md 100644
View File

@ -0,0 +1,64 @@
# Measuring Air Temperature With Phone Batteries
OpenSignal---a company responsible for mapping wireless signal
strength by gathering data using mobile device software---noticed [an
interest correlation between battery temperature on devices and air
temperature][0].
> Aggregating daily battery temperature readings to city level revealed a
> strong correlation with historic outdoor air temperature. With a
> mathematical transformation, the average battery temperature across a
> group of phones gives the outdoor air temperature.
[0]: http://opensignal.com/reports/battery-temperature-weather/
<!-- more -->
**Note:** Graph renderings on their website require proprietary JavaScript, but
the article does describe it in detail, so it is not necessary. In
particular, note that, from [their provided equation][0], their scaling factor
`m' implies that there is a smaller variance in battery temperature in the
graph than there is in the actual air temperature, but that there is still a
correlation.
This is an interesting find. The article further states that "[...] we have
one data point where the Android data is actually more reliable than the
traditional source."
Such data can be very useful in providing decentralized data, so long as
[issues of privacy][1] are addressed. Doing so is not terribly difficult,
but would have a number of factors. In particular, the user would need the
means to submit data anonymously, which could be done via software/networks
such as [Tor][2]. GPS location data is certainly a privacy issue when it is
tied to your mobile device, but fortunately, it's unneeded: you can trust
your users to let you know where they reside by either (a) opting into using
location services or (b) allowing them to specify a location or approximate
location of their choosing (approximations would be important since a user
may not wish to change their location manually while they travel, say, to
and from work). If enough devices submit data, then legitimate data would
drown out those who are trying to purposefully pollute the database. Such an
example can be seen with Bitcoin, in which networks will [reach a consensus
on correct blockchains][3] so long as "a majority of computing power is
controlled by nodes that are not cooperating to attack the network". Of
course, users would be able to pollute the network by sending false data as
it is, and the [data is already tarnished from various factors such as body
heat][0].
Of course, I do assume that mobile devices will contain temperature sensors
in the future; [some already do][4] (but I cannot encourage their use, as
they use [proprietary software][5]). However, this is still a clever hack (I
suppose that term is redundant). In my searching while writing this article,
I did notice [prior examples of ambient temperature readings using Android
software][6] ([proprietary][5]), but the software does not aggregate data
for purposes of determining weather patterns.
Finally, please do not download OpenSignal's app; it too is
[proprietary][5]; this discussion was purely from a conceptual standpoint
and does not endorse any software.
[1]: /2013/08/london-trashcan-spies
[2]: https://www.torproject.org/
[3]: http://en.wikipedia.org/wiki/Protocol_of_Bitcoin
[4]: http://stackoverflow.com/a/11628921
[5]: http://www.gnu.org/philosophy/free-sw.html
[6]: https://play.google.com/store/apps/details?id=androidesko.android.electronicthermometer&hl=en

209
post/2013-08-13-copyleft-vs-community.md 100644
View File

@ -0,0 +1,209 @@
# FreeBSD, Clang and GCC: Copyleft vs. Community
A useful perspective explaining why [FreeBSD is moving away from GCC in
favor of Clang][0]; indeed, they are moving away from GPL-licensed software
in general. While this is [not a perspective that I personally agree
with][1], it is one that I will respect for the project. It is worth
understanding the opinions of those who disagree with you to better
understand and formulate your own perspective.
[0]: http://unix.stackexchange.com/a/49970
[1]: /2012/11/vlcs-move-to-lgpl
But I am still a free software activist.
<!-- more -->
According to the [FreeBSD FAQ][2]:
> The goal of the FreeBSD Project is to provide a stable and fast general
> purpose operating system that may be used for any purpose without strings
> attached.
As is mentioned in [the aforementioned article][0], the BSD community does not
hold the same opinions on what constitutes "without strings
attached"---the BSD community [considers the restriction on the user's
right to make proprietary use of the software to be a "string"][2],
whereas the free software community under [RMS][3] believes that [the
ability to make a free program proprietary is unjust][4]:
> Making a program proprietary is an exercise of power. Copyright law today
> grants software developers that power, so they and only they choose the
> rules to impose on everyone else—a relatively small number of people make
> the basic software decisions for all users, typically by denying their
> freedom. When users lack the freedoms that define free software, they
> can't tell what the software is doing, can't check for back doors, can't
> monitor possible viruses and worms, can't find out what personal
> information is being reported (or stop the reports, even if they do find
> out). If it breaks, they can't fix it; they have to wait for the developer
> to exercise its power to do so. If it simply isn't quite what they need,
> they are stuck with it. They can't help each other improve it.
The [Modified BSD License][5] is a GPL-compatible Free Software
license---that is, software licensed under the Modified BSD license meets
the requirements of the [Free Software Definition][6]. The additional
"string" that the BSD community is referring to is the concept of
[copyleft][7]---Richard Stallman's copyright hack and one of his most
substantial contributions to free software and free society. To put it into
the [words of the FSF][7]:
> Copyleft is a general method for making a program (or other work) free,
> and requiring all modified and extended versions of the program to be free
> as well.
Critics often adopt the term ["viral" in place of "copyleft"][8] because
of the requirement that all derivatives must contain the same copyleft
terms---the derivative must itself be Free Software, perpetually (until, of
course, the copyright term expires and it becomes part of the public domain,
[if such a thing will ever happen at this rate][9]). In the case of the
Modified BSD license---being a more permissive license that is non-copyleft
and thus allows proprietary derivatives---derivative works that include both
BSD- and GPL-licensed code essentially consume the [Modified BSD license's
terms][10], which are a subset of the [GPL's][11]. Of course, this is not
pursuant to [FreeBSD's goals][2] and so they consider this to be a bad
thing: There are "strings attached".
This is more demonstrative of the ["open source" philosophy than that of
"Free Software"][12] (yes, notice the bias in my capitalization of these
terms).
[Copyleft is important][7] because it ensures that all users will forever
have the [four fundamental freedoms associated with Free Software][6]. The
GPL incorporates copyleft; BSD licenses do not. Consider why this is a
problem: Imagine some software Foo licensed under [the Modified BSD
license][10]. Foo is free software; it is licensed under a [free software
license (Modified BSD)][5]. Now consider that someone makes a fork---a
derivative---of Foo, which we will call "Foobar". Since [the Modified BSD
license is not copyleft][10], the author of Foobar decides that he or she
does not wish to release its source code; this is perfectly compliant with
the Modified BSD license, as it does not require that source code be
distributed with a binary (it only requires---via its [second
clause][10]---that the copyright notice, list of conditions and disclaimer be
provided).
The author has just taken Foo and made it proprietary.
The FreeBSD community is okay with this; [the free software community is
not][4]. There is a distinction between these two parties: When critics of
copyleft state that they believe the GPL is "less free" than more
permissive licenses such as the BSD licenses, they are taking into
consideration the freedoms of developers and distributors; the GPL, on the
other hand, explicirly *restricts* these parties' rights in order to protect
the *users* because those parties are precisely those that seek to *restrict
the users' freedoms*; we cannot provide such freedoms to developers and
distributors without sacrificing the rights of the vulnerable users who
generally do not have the skills to protect themselves from being taken
advantage of.[^13] Free software advocates have exclusive, unwaivering
loyalty to users.
As an example of the friction between the two communities, consider a
concept that has been termed ["tivoization"][14]:
> Tivoization means certain “appliances” (which have computers inside)
> contain GPL-covered software that you can't effectively change, because
> the appliance shuts down if it detects modified software. The usual
> motive for tivoization is that the software has features the manufacturer
> knows people will want to change, and aims to stop people from changing
> them. The manufacturers of these computers take advantage of the freedom
> that free software provides, but they don't let you do likewise.
This [anti-feature][15] is a type of [Digital Restrictions Management
(DRM)][16] that exposes a [loophole in the GPL that was closed in
Section 3 of the GPLv3][14], which [requires that][11]:
> When you convey a covered work, you waive any legal power to forbid
> circumvention of technological measures to the extent such circumvention
> is effected by exercising rights under this License with respect to the
> covered work, and you disclaim any intention to limit operation or
> modification of the work as a means of enforcing, against the work's
> users, your or third parties' legal rights to forbid circumvention of
> technological measures.
Unfortunately, not everyone has agreed with this move. A number of
[developers of the kernel Linux expressed their opposition of GPLv3][17]. In
response to the aforementioned GPLv3 provision, they stated:
> While we find the use of DRM by media companies in their attempts to reach
> into user owned devices to control content deeply disturbing, our belief
> in the essential freedoms of section 3 forbids us from ever accepting any
> licence which contains end use restrictions. The existence of DRM abuse is
> no excuse for curtailing freedoms.
Linus Torvalds---the original author of the kernel Linux---also [expressed
his distaste toward the GPLv3][18]; the kernel is today still licensed under
the GPLv2.
[The BSD camp has similar objections][19]:
> Appliance vendors in particular have the most to lose if the large body of
> software currently licensed under GPLv2 today migrates to the new license.
> They will no longer have the freedom to use GPLv3 software and restrict
> modification of the software installed on their hardware. High support
> costs ("I modified the web server on my Widget 2000 and it stopped
> running...") and being unable to guarantee adherence to specifications in
> order to gain licensing (e.g. FCC spectrum use, Cable TV and media DRM
> requirements) are only two of a growing list of issues for these
> users. --Justin Gibbs, VP of The FreeBSD Foundation
My thoughts while reading the above where echoed by Gibbs further on in his
statement: "[T]he stark difference between the BSD licensing philosophy and
that of the Free Software Foundation are only too clear." For the FreeBSD
community, this is a very serious issue and their argument is certainly a
legitimate concern on the surface. However, it is an argument that the Free
Software community would do well to reject: Why would we wish to sacrifice
users' freedoms for any reason, let alone these fairly absurd ones. In
particular, a support contract could dictate that only unmodified software
will be provided assistance and even mandate that the hardware indicate
changes in software: like breaking the "void" sticker when opening a
hardware component. Moreover, how frequently would such a situation
actually happen relative to their entire customer base? My guess is: fairly
infrequently. The second issue is a more complicated one, as I am not as
familiar on such topics, but a manufacturer can still assert that the
software that it provides with its devices is compliant. If the compliance
process forbids any possibility of brining the software into
non-compliance---that is, allowing the user to modify the software---then
the hardware manufacturer can choose to not use free software (and free
software advocates will subsequently reject it until standards bodies grow
up).
As I mentioned at the beginning of this article: this is a view that I will
respect for the project. I disagree with it, but FreeBSD is still free
software and we would do well not to discriminate against it simply because
someone else may decide to bastardize it and betray their users by making it
proprietary or providing [shackles][16]. However, provided the licensing;
option for your own software, you should choose the GPL.
**Colophon:** The title of this article is a play on [RMS' "Copyright vs.
Communty"][20], which is a title to a speech he frequently provides
worldwide. His speech covers how copyright works against the interests of
the community; here, BSD advocates aruge that [copyleft][7] works against
the interests of *their* community and their users; I figured that I would
snag this title as a free software advocate before someone else opposing
copyleft did.
[2]: http://www.freebsd.org/doc/faq/introduction.html#FreeBSD-goals
[3]: http://en.wikipedia.org/wiki/Richard_Stallman
[4]: http://www.gnu.org/philosophy/freedom-or-power.html
[5]: http://www.gnu.org/licenses/license-list.html#ModifiedBSD
[6]: http://www.gnu.org/philosophy/free-sw.html
[7]: http://www.gnu.org/copyleft/
[8]: http://en.wikipedia.org/wiki/Copyleft#Viral_licensing
[9]: http://www.gnu.org/philosophy/misinterpreting-copyright.html
[10]: http://en.wikipedia.org/wiki/BSD_licenses
[11]: http://www.gnu.org/licenses/gpl.html
[12]: http://www.gnu.org/philosophy/open-source-misses-the-point.html
[^13]: Technically, the GPL exercises restrictions only on distributors; a
developer can integrate GPL'd code into their proprietary software so
long as they do not distribute it [(as defined in the GPL)][11]. However,
developers often have to cater to distributors, since software will
generally be distributed; if it is not, then it is not relevant to this
discussion.
[14]: http://www.gnu.org/licenses/rms-why-gplv3.html
[15]: http://www.fsf.org/blogs/community/antifeatures
[16]: http://www.defectivebydesign.org/what_is_drm_digital_restrictions_management
[17]: http://lwn.net/Articles/200422/
[18]: http://en.wikipedia.org/wiki/Linux_kernel
[19]: http://www.freebsdfoundation.org/press/2007Aug-newsletter.shtml
[20]: http://www.gnu.org/philosophy/copyright-versus-community.html

60
post/2014-03-20-re-copyleft-vs-community.md 100644
View File

@ -0,0 +1,60 @@
# Re: FreeBSD, Clang and GCC: Copyleft vs. Community
I recently received a comment via e-mail from a fellow GNU hacker Antonio
Diaz, who is the author and maintainer of [GNU Ocrad][0], a [free (as in
freedom)][1] optical character recognition (OCR) program. His comment was in
response to my article entitled [FreeBSD, Clang and GCC: Copyleft vs.
Community][2], which details the fundamental difference in philosophy
between free software and "open source".
[0]: https://www.gnu.org/software/ocrad/ocrad.html
[1]: https://www.gnu.org/philosophy/free-sw.html
[2]: /2013/08/freebsd-clang-and-gcc-copyleft-vs.community
I found Antonio's perspective to be enlightening, so I asked for his
permission to share it here.
<!-- more -->
> I imagine a world where all the Free Software is GPLed. The amount and
> usefulness of Free Software grows incesantly because free projects can
> reuse the code of previous free projects. Proprietary software is
> expensive because every company has to write most of its "products" from
> scratch. Most people use Free Software, and proprietary software is mainly
> used for specialized tasks for which no free replacement exists yet.
>
> Now I imagine a world where all the Free Software is really "open source"
> (BSD license). Free Software is restricted to the operating system and
> basic aplications because the license does not guarantee reciprocity.
> Proprietary software is cheap to produce because it is built using the
> code of free projects, but it is expensive for the user (in money and
> freedom) because there is no real competition from Free Software. Most
> people use proprietary software, as Free Software is too basic for most
> tasks.
>
> I think "open source" organizations (specially BSD) are wilfully
> destroying the long-term benefits for society of the GPL, and they are
> doing it for short-term benefits like popularity and greed:
>
> "As these companies devise strategies for dealing with GPLv3, so must the
> FreeBSD community - strategies that capitalize on this opportunity to
> increase adoption of FreeBSD." "Fundraising Update [...] This has
> increased the number of people actively approaching companies to make
> large contributions."
>
> https://www.freebsdfoundation.org/press/2007Aug-newsletter.shtml
>
> Human beings have an innate sense of justice. In absence of reciprocity
> one wants to be paid, but I think that reciprocity is much better for
> society in the long term.[^3]
Antonio compels us to think toward the future: while developers releasing
their code under permissive licenses like the [Modified BSD License][4] are
still making a generous contribution to the free software community today,
it may eventually lead to negative consequences by empowering non-free
software tomorrow.
[^3]: Comment by Antonio Diaz; the only modifications made were for
formatting.
[4]: https://www.gnu.org/licenses/license-list.html#ModifiedBSD

128
post/2014-05-16-fsf-mozilla-adobe-drm.md 100644
View File

@ -0,0 +1,128 @@
# FSF Condemns Partnership Between Mozilla and Adobe to Support DRM
Two days ago, the Free Software Foundation published [an announcement
strongly condemning Mozilla's partnership with Adobe][0] to implement the
[controversial W3C Encrypted Media Extensions (EME) API][1]. EME has been
strongly criticized by a number of organizations, including the [EFF][2] and
the [FSF's DefectiveByDesign campaign team][3] ("Hollyweb").
[Digital Restrictions Management][4] imposes artificial restrictions on
users, telling them what they can and cannot do; it is a system [that does
not make sense][5] and is harmful to society. Now, just about [a week after
the International Day Against DRM][6], Mozilla decides to [cave into the
pressure in an attempt to stay relevant][7] to modern web users, instead of
sticking to their [core philosophy about "openness, innovation, and
opportunity"][8].
[0]: http://www.fsf.org/news/fsf-condemns-partnership-between-mozilla-and-adobe-to-support-digital-restrictions-management
[1]: https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-media/encrypted-media.html
[2]: https://www.eff.org/deeplinks/2013/03/defend-open-web-keep-drm-out-w3c-standards
[3]: /2013/03/defective-by-design-campaign-against-w3c-drm-standard
[4]: http://www.defectivebydesign.org/what_is_drm_digital_restrictions_management
[5]: https://plus.google.com/+IanHickson/posts/iPmatxBYuj2
[6]: http://www.defectivebydesign.org/dayagainstdrm
[7]: https://blog.mozilla.org/blog/2014/05/14/drm-and-the-challenge-of-serving-users/
[8]: http://www.mozilla.org/en-US/about/manifesto/
John Sullivan requested in the [FSF's announcement] that the community
contact Mozilla CTO Andreas Gal in opposition of the decision. This is my
message to him:
<!-- more -->
```
Date: Wed, 14 May 2014 22:57:02 -0400
From: Mike Gerwitz <mikegerwitz@gnu.org>
To: agal@mozilla.com
Subject: Firefox EME
Andreas,
I am writing to you as a free software hacker, activist, and user; notably,
I have been using Firefox for over ten years. It has been pivotal, as I do
not need to tell you, in creating a free (as in freedom), standard, and
accessible internet for millions of users. Imagine my bewildered
disappointment, then, to learn that Firefox has chosen to cave into the
pressure to [support Digital Restrictions Management through the
implementation of EME][0].
Mitchell Baker made a feeble attempt at [rationalizing this decision][0] as
follows:
[...] Mozilla alone cannot change the industry on DRM at this point. In
the past Firefox has changed the industry, and we intend to do so again.
Today, however, we cannot cause the change we want regarding DRM. The
other major browser vendors =E2=80=94 Google, Microsoft and Apple have already
implemented the new system. In addition, the old system will be retired
shortly. As a result, the new implementation of DRM will soon become the
only way browsers can provide access to DRM-controlled content.
She goes on to explain how "video is an important aspect of online life"
and that Firefox would be "deeply flawed as a consumer product" if it did
not implement Digital Restrictions Management. This is precisely the FUD
that the "content owners" she describes, and corporations like Adobe, have
been pushing: Mozilla understands that the solution is not to implement DRM,
but to fight to encourage content to be published *without* being
DRM-encumbered. Unfortunately, they will now have little motivation to do
so, with every major browser endorsing EME.
She defers to a post by Andreas Gal [for more implementation details][1], in
which he mentions that the proprietary CDM virus (which will be happily
provided by Adobe) will be protected by a sandbox to prevent certain spying
activities like fingerprinting. While this is better than nothing, it's a
clear attempt by Mozilla to help make a terrible situation a little bit
better.
He goes on to say:
There is also a silver lining to the W3C EME specification becoming
ubiquitous. With direct support for DRM we are eliminating a major use
case of plugins on the Web, and in the near future this should allow us to
retire plugins altogether.=20
Let us not try to veil the problem and make things look more rosy than they
actually are: this is not a silver lining; it is not appropriate to have a
standardized way of manipulating and taking advantage of users.
It is true that Firefox was in an unfortunate position: many users would
indeed grow frustrated that they cannot watch their favorite TV shows and
movies using Firefox. But Firefox could have served, when the EME API was
used, static content that provided a brief explanation and a link for more
information on the problem. They could have educated users and encourage an
even stronger outcry.
Instead, we are working with the corrupt W3C to implement a seamlessly
shackled web. Mozilla wants to propose alternative solutions to DRM/EME, but
by implementing it, their position is weakened.
This is a difficult and uncomfortable step for us given our vision of a
completely open Web, but it also gives us the opportunity to actually
shape the DRM space and be an advocate for our users and their rights in
this debate. [1]
Such advocacy has been done and can continue to be done by Mozilla without
the implementation of EME; once implemented, the standard will be virtually
solidified---what is the incentive for W3C et. al. to find alternatives to a
system that is already "better than" the existing Flash and Silverlight
situation?
On behalf of the free software community, I strongly encourage your
reconsideration on the matter. Mozilla is valued by the free software
community for its attention to freedoms. Stand with us and fight. You're in
a powerful position to do so.
[0]: https://blog.mozilla.org/blog/2014/05/14/drm-and-the-challenge-of-serving-users/
[1]: https://hacks.mozilla.org/2014/05/reconciling-mozillas-mission-and-w3c-eme/
```
The following day, I [submitted the FSF announcement to HackerNews][9]
(surprised that it was not there already) in an attempt to bring further
coverage to the matter and hopefully spur on some discussion. And discuss
they did: it was on the front page for the entire day and, at the time of
writing, boasts 261 comments, many of them confused and angry. I sent the HN
link to Andreas in a follow-up as well.
Mozilla has a vast userbase and is in the position to fight for a DRM-free
web. Please voice your opinion and hope that they reverse their decision.
[9]: https://news.ycombinator.com/item?id=7749108

65
post/2014-11-30-stop-using-slideshare.md 100644
View File

@ -0,0 +1,65 @@
# Please stop using SlideShare
There are many great presentations out there---many that I enjoy
reading, or that I would enjoy to read. Unfortunately, many of them
are hosted on SlideShare, which requires me to download proprietary
JavaScript.
[JavaScript programs require the same freedoms as any other
software][0]. While SlideShare does (sometimes/always?) provide a
transcript in plain text---which is viewable without JavaScript---this
is void of the important and sometimes semantic formatting/images that
presenters put much time into; you know: the actual presentation bits.
(I'm a fan of plain-text presentations, but they each have their own
design elements).
[0]: https://www.gnu.org/software/easejs/whyfreejs.html
There are ways around this. SlideShare's interactive UI appears to
simply be an image viewer, so it is possible to display all sides
using a fairly simple hack:
<!-- more -->
```javascript
Array.prototype.slice.call(
document.getElementsByClassName( 'slide' ) )
.forEach( function( slide ) {
slide.classList.add( 'show' );
var img = slide.getElementsByClassName( 'slide_image' )[0];
img.src = img.dataset.full;
} );
```
This will display all slides inline. But there's a clear problem with
this: how is the non-JS-programmer supposed to know that? Even
JavaScript programmers have to research the issue in order to come up
with a solution.
But ideally, I'd like to download the presentation PDF. SlideShare
does offer a download link, but not only does it not work with
JavaScript disabled, but it requires that the user create an account.
This is no good, as it can be used to track users or discover
identities by analyzing viewing habits. This would allow
de-anonymizing users, even if they have [taken measures to remain
anonymous][1].
(By the way: at the time that I wrote this post, the [EFF's
Surveillance Self-Defense Guide][1] is [LibreJS compatible][2] and the
JavaScript code that it runs is mostly free.)
I encourage presenters (and authors in general) to release the slides
in an [unencumbered document format][3], like PDF, HTML, OpenDocument,
or plain text. Those formats should be hosted on their own website,
or websites that allow downloading those files without having to
execute proprietary JavaScript, and without having to log in. If
those authors *must* use SlideShare for whatever reason, then they
should clearly provide a link to that free document format somewhere
that users can access without having to execute SlideShare's
proprietary JavaScript, such as on the first slide. (The description
is iffy, since it is truncated and requires JavaScript to expand.)
[1]: https://ssd.eff.org/
[2]: https://www.gnu.org/software/librejs/
[3]: http://www.fsf.org/campaigns/opendocument/reject

257
post/2015-05-20-gitlab-gitorious-freesw.md 100644
View File

@ -0,0 +1,257 @@
# Gitlab, Gitorious, and Free Software
*This article originally appeared as a guest post on the [GitLab
blog][orig-post].*
In early March of this year, it was announced that
[GitLab would acquire Gitorious][0] and shut down `gitorious.org` by 1
June, 2015. [Reactions from the community][1] were mixed, and
understandably so: while GitLab itself is a formidable alternative to wholly
proprietary services, its acquisition of Gitorious strikes a chord with the
free software community that gathered around Gitorious in the name of
[software freedom][2].
[0]: https://about.gitlab.com/2015/03/03/gitlab-acquires-gitorious/
[1]: https://news.ycombinator.com/item?id=9138419
[2]: https://www.gnu.org/philosophy/free-sw.html
<!-- more -->
After hearing that announcement,
[as a free software hacker and activist myself][11], I was naturally
uneasy. Discussions of alternatives to Gitorious and GitLab ensued on the
[`libreplanet-discuss`][12] mailing list. Sytse Sijbrandij (GitLab
B.V. CEO) happened to be present on that list;
[I approached him very sternly][13] with a number of concerns, just as I
would with anyone that I feel does not understand certain aspects of the
[free software philosophy][2]. To my surprise, this was not the case at
all.
Sytse has spent a lot of time accepting and considering community input for
both the Gitorious acquisition and GitLab itself. He has also worked with
me to address some of the issues that I had raised. And while these issues
won't address everyone's concerns, they do strengthen GitLab's commitment to
[software freedom][2], and are commendable.
I wish to share some of these details here; but to do so, I first have to
provide some background to explain what the issues are, and why they are
important.
## Free Software Ideology
[Gitorious][3] was (and still is) one of the most popular Git repository
hosts, and largely dominated until the introduction of GitHub. But even as
users flocked to [GitHub's proprietary services][28], users who value freedom
continued to support Gitorious, both on `gitorious.org` and by installing
their own instances on their own servers. Since Gitorious is
[free software][2], users are free to study, modify, and share it with
others. But [software freedom does not apply to Services as a
Software Substitute (SaaSS)][4] or remote services---you cannot apply the
[four freedoms][2] to something that you do not yourself possess---so why do
users still insist on using `gitorious.org` despite this?
The matter boils down to supporting a philosophy: The
[GNU General Public License (GPL)][6] is a license that turns copyright on
its head: rather than using copyright to restrict what users can do with a
program, the GPL instead [ensures users' freedoms][8] to study, modify, and
share it. But that isn't itself enough: to ensure that the software always
remains free (as in freedom), the GPL ensures that all *derivatives* are
*also* licensed under similar terms. This is known as [copyleft][9], and it
is vital to the free software movement.
Gitorious is licensed under the
[GNU Affero General Public License Version 3 (AGPLv3)][5]---this takes the
[GPL][6] and adds an additional requirement: if a modified version of the
program is run on a sever, users communicating with the program on that
server must have access to the modified program's source code. This ensures
that [modifications to the program are available to all users][7]; they
would otherwise be hidden in private behind the server, with others unable
to incorporate, study, or share them. The AGPLv3 is an ideal license for
Gitorious, since most of its users will only ever interact with it over a
network.
GitLab is also free software: its [Expat license][10] (commonly referred to
ambiguously as the "MIT license") permits all of the same freedoms that
are granted under the the GNU GPL. But it does so in a way that is highly
permissive: it permits relicensing under *any* terms, free or not. In other
words, one can fork GitLab and derive a proprietary version from it, making
changes that deny users [their freedoms][2] and cannot be incorporated back
into the original work.
This is the issue that the free software community surrounding Gitorious has
a problem with: any changes contributed to GitLab could in turn benefit a
proprietary derivative. This situation isn't unique to GitLab: it applies
to all non-copyleft ("permissive") [free software licenses][26]. And this
issue is realized by GitLab itself in the form of its GitLab Enterprise
Edition (GitLab EE): a proprietary derivative that adds additional
features atop of GitLab's free Community Edition (CE). For this reason,
many free software advocates are uncomfortable contributing to GitLab, and
feel that they should instead support other projects; this, in turn, means
not supporting GitLab by using and drawing attention to their hosting
services.
The copyleft vs. permissive licensing debate is one of the free software
movement's most heated. I do not wish to get into such a debate here. One
thing is clear: GitLab Community Edition (GitLab CE) is free
software. Richard Stallman (RMS) [responded directly to the thread on
`libreplanet-discuss`][20], stating plainly:
> We have a simple way of looking at these two versions. The free
> version is free software, so it is ethical. The nonfree version is
> nonfree software, so it is not ethical.
Does GitLab CE deserve attention from the free software community? I
believe so. Importantly, there is another strong consideration: displacing
proprietary services like GitHub and Bitbucket, which host a large number of
projects and users. GitLab has a strong foothold, which is an excellent
place for a free software project to be in.
If we are to work together as a community, we need to respect GitLab's
free licensing choices just as we expect GitLab to respect ours. Providing
respect does not mean that you are conceding: I will never personally use a
non-copyleft license for my software; I'm firmly rooted in my dedication to
the [free software philosophy][2], and I'm sure that many other readers are
too. But using a non-copyleft license, although many of us consider it to
be a weaker alternative, [is not wrong][23].
## Free JavaScript
As I mentioned above,
[software freedom and network services are separate issues][4]---the four
freedoms do not apply to interacting with `gitlab.com` purely over a network
connection, for example, because you are not running its software on your
computer. However, there is an overlap: JavaScript code downloaded to be
executed in your web browser.
[Non-free JavaScript][15] is a particularly nasty concern: it is software
that is downloaded automatically from a server---often without prompting
you---and then immediately executed. Software is now being executed on your
machine, and [your four freedoms][2] are once again at risk. This, then,
[is the primary concern][16] for any users visiting `gitlab.com`: not only
would this affect users that use `gitlab.com` as a host, but it would also
affect *any user that visits* the website. That would be a problem, since
hosting your project there would be inviting users to run proprietary
JavaScript.
As I was considering migrating my projects to GitLab, this was the
[first concern I brought up to Sytse][14]. This problem arises because
`gitlab.com` uses a GitLab EE instance: if it had used only its Community
Edition (GitLab CE)---which is free software---then all served JavaScript
would have been free. But any scripts served by GitLab EE that are not
identical to those served by GitLab CE are proprietary, and therefore
unethical. This same concern applies to GitHub, Bitbucket, and other
proprietary hosts that serve JavaScript.
Sytse surprised me by stating that he would be willing to
[freely license all JavaScript in GitLab EE][17], and by offering to give
anyone access to the GitLab EE source code who wants to help out. I took
him up on that offer. Initially, I had submitted a patch to merge all
GitLab EE JavaScript into GitLab CE, but Sytse came up with another,
superior suggestion, that ultimately provided even greater reach.
**I'm pleased to announce that Sytse and I were able to agree on a license
change (with absolutely no friction or hesitation on his part) that
liberates all JavaScript served to the client from GitLab EE instances.**
There are two concerns that I had wanted to address: JavaScript code
directly written for the client, and any code that produced JavaScript as
output. In the former case, this includes JavaScript derived from other
sources: for example, GitLab uses CoffeeScript, which compiles *into*
JavaScript. The latter case is important: if there is any code that
generates fragments of JavaScript---e.g. dynamically at runtime---then that
code must also be free, or users would not be able to modify and share the
resulting JavaScript that is actually being run on the client. Sytse
accepted my change verbatim, while adding his own sentence after mine to
disambiguate. At the time of writing this post, GitLab EE's source code
isn't yet publicly visible, so here is the relevant snippet from its
`LICENSE` file:
> The above copyright notices applies only to the part of this Software that
> is not distributed as part of GitLab Community Edition (CE), and that is
> not a file that produces client-side JavaScript, in whole or in part. Any
> part of this Software distributed as part of GitLab CE or that is a file
> that produces client-side JavaScript, in whole or in part, is copyrighted
> under the MIT Expat license.
## Further Discussion
My discussions with Sytse did not end there: there are other topics that
have not been able to be addressed before my writing of this post that would
do well to demonstrate commitment toward [software freedom][2].
The license change liberating client-side JavaScript was an excellent
move. To expand upon it, I wish to submit a patch that would make GitLab
[LibreJS compliant][21]; this provides even greater guarantees, since it
would allow for users to continue to block other non-free JavaScript that
may be served by the GitLab instance, but not produced by it. For example:
a website/host that uses GitLab may embed proprietary JavaScript, or modify
it without releasing the source code. Another common issue is the user of
analytics software; `gitlab.com` uses Google Analytics.
If you would like to help with LibreJS compliance, please [contact me][11].
I was brought into another discussion between Sytse and RMS that is
unrelated to the GitLab software itself, but still a positive demonstration
of a commitment to [software freedom][2]---the replacement of Disqus on the
`gitlab.com` blog with a free alternative. Sytse ended up making a
suggestion, saying he'd be "happy to switch to" [Juvia][22] if I'd help with
the migration. I'm looking forward to this, as it is an important
discussion area (that I honestly didn't know existed until Sytse told me
about it, because I don't permit proprietary JavaScript!). He was even kind
enough to compile a PDF of comments for one of our discussions, since he was
cognizant ahead of time that I would not want to use Disqus. (Indeed, I
will be unable to read and participate in the comments to this guest post
unless I take the time to freely read and reply without running Disqus'
proprietary JavaScript.)
Considering the genuine interest and concern expressed by Sytse in working
with myself and the free software community, I can only expect that GitLab
will continue to accept and apply community input.
It is not possible to address the copyleft issue without a change in
license, which GitLab is not interested in doing. So the best way to
re-assure the community is through action. [To quote Sytse][18]:
> I think the only way to prove we're serious about open source is in our
> actions, licenses or statements don't help.
There are fundamental disagreements that will not be able to be
resolved between GitLab and the free software community---like their
["open core" business model][19]. But after working with Sytse and seeing
his interactions with myself, RMS, and many others in the free software
community, I find his actions to be very encouraging.
*Are you interested in helping other websites liberate their JavaScript?
Consider [joining the FSF's campaign][27], and
[please liberate your own][16]!*
*This post is licensed under the
[Creative Commons Attribution-ShareAlike 3.0 Unported License][25].*
[3]: https://gitorious.org/
[4]: https://www.gnu.org/philosophy/who-does-that-server-really-serve.html
[5]: https://www.gnu.org/licenses/agpl.html
[6]: https://www.gnu.org/licenses/gpl.html
[7]: https://www.gnu.org/licenses/why-affero-gpl.html
[8]: https://www.gnu.org/licenses/quick-guide-gplv3.html
[9]: https://www.gnu.org/philosophy/pragmatic.html
[10]: https://www.gnu.org/licenses/license-list.html#Expat
[11]: http://mikegerwitz.com/
[12]: https://lists.gnu.org/mailman/listinfo/libreplanet-discuss
[13]: https://lists.gnu.org/archive/html/libreplanet-discuss/2015-03/msg00075.html
[14]: https://lists.gnu.org/archive/html/libreplanet-discuss/2015-04/msg00019.html
[15]: https://www.gnu.org/philosophy/javascript-trap.html
[16]: https://www.gnu.org/software/easejs/whyfreejs.html
[17]: https://lists.gnu.org/archive/html/libreplanet-discuss/2015-04/msg00020.html
[18]: https://news.ycombinator.com/item?id=9141801
[19]: https://lists.gnu.org/archive/html/libreplanet-discuss/2015-03/msg00076.html
[20]: https://lists.gnu.org/archive/html/libreplanet-discuss/2015-03/msg00095.html
[21]: https://www.gnu.org/software/librejs/free-your-javascript.html
[22]: https://github.com/phusion/juvia
[23]: https://www.fsf.org/blogs/rms/selling-exceptions
[24]: https://gnu.org/software/easejs
[25]: http://creativecommons.org/licenses/by-sa/3.0/
[26]: https://www.gnu.org/licenses/license-list.html
[27]: https://fsf.org/campaigns/freejs
[28]: http://mikegerwitz.com/about/githubbub
[orig-post]: https://about.gitlab.com/2015/05/20/gitlab-gitorious-free-software/

60
post/2015-11-20-comcast-inject-js.md 100644
View File

@ -0,0 +1,60 @@
# Comcast injects JavaScript into web pages
It seems that Comcast has decided that it is a good idea to [inject
JavaScript into web pages][js] visited by its customers in order to inform
them of Copyright violations.
[js]: https://gist.github.com/Jarred-Sumner/90362639f96807b8315b
This is a huge violation of user privacy and trust. Further, it shows that
an ISP (and probably others) feel that they have the authority to dictate
what is served to the user on a free (as in speech) Internet. Why should we
believe that they won't start injecting other types of scripts that spy on
the user or introduce advertising? What if a malicious actor compromises
Comcast's servers and serves exploits to users?
It is no surprise that Comcast is capable of doing this---they know the IP
address of the customer, so they are able to intercept traffic and alter it
in transit. But the fact that they _can_ do this demonstrates something far
more important: _that they have spent the money on the infrastructure to do
so_!
<!-- more -->
Comcast isn't the only ISP to have betrayed users by injecting data. One
year ago, it was discovered that [Verizon was injecting "perma-cookies" into
requests to track users][verizon]. This is only one example of the
insidious abuses that unchecked ISPs can take.
So what can you do to protect yourself?
What Comcast is doing is called a [man-in-the-middle (MITM) attack][mitm]:
Comcast sits in the middle of you and your connection to the website that
you are visiting, proxying your request. Before relaying the website's
response to you, it modifies it.
In order to do this, Comcast needs to be able to read your communications,
and must be able to modify them: the request must be read in order to
determine how the JavaScript should be injected and what request it should
be injected into; and it must be modified to perform the injection. It
cannot (given a properly configured web server) do so if your connection is
encrypted. In the case of web traffic, `https` URLs with the little lock
icon in your web browser generally indicates that your communications are
encrypted, making MITM attacks
unlikely.
(We're assuming that Comcast won't ask you to install a root CA so that they
can decrypt your traffic! But that would certainly be noticed, if they did
so on a large enough scale.)
Not all websites use SSL. Another method is to use encrypted proxies, VPNs,
or services like like [Tor][tor]. This way, Comcast will not be able to
read or modify the communications.
See also: [HackerNews discussion][hn]; [original Reddit discussion][reddit].
[verizon]: https://www.eff.org/deeplinks/2014/11/verizon-x-uidh
[mitm]: https://en.wikipedia.org/wiki/Man-in-the-middle_attack
[hn]: https://news.ycombinator.com/item?id=10592775
[reddit]: https://www.reddit.com/r/HuntsvilleAlabama/comments/35v4sn/comcast_is_injecting_bad_javascript_to_your/
[tor]: https://tor.org/

14
post/2015-12-09-gnu-social-instance.md 100644
View File

@ -0,0 +1,14 @@
# Now Hosting Personal GNU Social Instance
When I started writing this blog, my intent was to post notices more
frequently and treat it more like a microblogging platform; but that's not
how it ended up. Instead, I use this site to write more detailed posts with
solid references to back up my statements.
[GNU Social](https://gnu.org/software/social/) is a federated social
network---you can host your own instances and they all communicate with
one-another. You can find mine at the top of this page under "Notices", or
at [https://social.mikegerwitz.com/](https://social.mikegerwitz.com/). I
will be using this site to post much more frequent miscellaneous notices.
<!-- more -->

92
post/2016-01-24-more-than-freedom.md 100644
View File

@ -0,0 +1,92 @@
# Google Analytics Removed from GitLab.com Instance
*This was originally written as a guest post for GitLab in November of 2015,
but they [decided not to publish it][gitlab-merge].*
[gitlab-merge]: https://gitlab.com/gitlab-com/www-gitlab-com/merge_requests/1094
Back in May of of 2015, I [announced GitLab's liberation of their Enterprise
Edition JavaScript][ggfs] and made some comments about GitLab's course and
approach to software freedom. In liberating GitLab EE's JavaScript, all
code served to the browser by GitLab.com's GitLab instance was [Free (as in
freedom)][free-sw], except for one major offender: Google Analytics.
[ggfs]: https://about.gitlab.com/2015/05/20/gitlab-gitorious-free-software/
[free-sw]: https://www.gnu.org/philosophy/free-sw.html
Since Google Analytics was not necessary for the site to function, users
could simply block the script and continue to use GitLab.com
[ethically][free-sw]. However, encouraging users to visit a project on
GitLab.com while knowing that it loads Google Analytics is a problem both
for users' freedoms, and for their privacy.
<!-- more -->
GitLab is more than service and front-end to host Git repositories; it has a
number of other useful features as well. Using those features, however,
would mean that GitLab.com is no longer just a mirror for a project---it
would be endorsed by the project's author, requiring that users visit the
project on GitLab.com in order to collaborate. For example, if an author
were to use the GitLab issue tracker on GitLab.com, then she would be
actively inviting users to the website by telling them to report issues and
feature requests there.
We cannot realistically expect that anything more than a minority of
visitors will know how to block Google Analytics (or even understand that it
is a problem). Therefore, if concerned authors wanted to use those features
of GitLab, they had to use another hosted instance of GitLab, or host their
own. But the better option was to encourage GitLab.com to remove Google
Analytics entirely, so that _all_ JavaScript code served to the users is
[Free][free-sw].
GitLab has chosen to actively
[work with the Free Software movement][ggfs]---enough so that they are now
considered an [acceptable host for GNU projects][gitlab-gnu-criteria]
according to [GNU's ethical repository criteria][gnu-repo-criteria]. And
they have chosen to do so again---headed by Sytse Sijbrandij (GitLab
Inc. CEO), Google Analytics has been removed from the GitLab.com instance
and replaced with [Piwik][piwik].
## More Than Just Freedom
This change is more than a commitment to users' freedoms---it's also a
commitment to users' privacy that cannot be understated. By downloading and
running Google Analytics, users are being infected with some of the most
[sophisticated examples of modern spyware][ga-wikipedia]: vast amounts of
[personal and behavioral data][ga-google] are sent to Google for them to use
and share as they wish. Google Analytics also tracks users across [many
different websites][ga-popularity], allowing them to discover your interests
and behaviors in ways that users themselves may not even know.
GitLab.com has committed to using [Piwik][piwik] on their GitLab instance,
which [protects users' privacy][piwik-privacy] in a number of very important
ways: it allows users to opt out of tracking, anonymizes IP addresses,
retains logs for limited time periods, respects [DoNotTrack][eff-dnt], and
more. Further, all logs _will be kept on GitLab.com's own servers_, and is
therefore governed solely by
[GitLab.com's Privacy Policy][gitlab-privacy]; this means that other
services will not be able to use these data to analyze users' behavior on
other websites, and advertisers and others will know less about them.
Users should not have to try to [anonymize themselves][eff-ssd] in
order to maintain their privacy---privacy should be a default, and a
respected one at that. GitLab has taken a strong step in the right
direction; I hope that others will take notice and do the same.
*Are you interested in helping other websites liberate their JavaScript?
Consider [joining the FSF's campaign][freejs], and
[please liberate your own][whyfreejs]!*
[eff-dnt]: https://www.eff.org/dnt-policy
[eff-ssd]: http://ssd.eff.org/
[freejs]: https://fsf.org/campaigns/freejs
[ga-google]: https://www.google.com/analytics/standard/features/
[ga-popularity]: http://w3techs.com/technologies/overview/traffic_analysis/all
[ga-wikipedia]: https://en.wikipedia.org/wiki/Google_Analytics
[gitlab-featurse]: https://about.gitlab.com/features/
[gitlab-gnu-criteria]: https://lists.gnu.org/archive/html/repo-criteria-discuss/2015-11/msg00012.html
[gitlab-privacy]: https://about.gitlab.com/privacy/
[gnu-repo-criteria]: https://www.gnu.org/software/repo-criteria.html
[mtg]: http://mikegerwitz.com/
[piwik]: https://piwik.org/
[piwik-privacy]: https://piwik.org/privacy/
[whyfreejs]: https://www.gnu.org/software/easejs/whyfreejs.html

45
post/2016-02-28-lp2016-rof.md 100644
View File

@ -0,0 +1,45 @@
# Join me at LibrePlanet 2016 for my talk "Restore Online Freedom!"
I will be [speaking at LibrePlanet this year][lp2016] (2016) about freedom
on the Web. Here's the session description:
[lp2016]: https://www.libreplanet.org/2016/program/
> Imagine a world where surveillance is the default and users must opt-in to
> privacy. Imagine that your every action is logged and analyzed to learn
> how you behave, what your interests are, and what you might do next.
> Imagine that, even on your fully free operating system, proprietary
> software is automatically downloaded and run not only without your
> consent, but often without your knowledge. In this world, even free
> software cannot be easily modified, shared, or replaced. In many cases,
> you might not even be in control of your own computing -- your actions and
> your data might be in control by a remote entity, and only they decide
> what you are and are not allowed to do.
>
> This may sound dystopian, but this is the world you're living in right
> now. The Web today is an increasingly hostile, freedom-denying place that
> propagates to nearly every aspect of the average users' lives -- from
> their PCs to their phones, to their TVs and beyond. But before we can
> stand up and demand back our freedoms, we must understand what we're being
> robbed of, how it's being done, and what can (or can't) be done to stop
> it.
<!-- more -->
There are a number of other [great sessions][lp2016] this year from a
[number of speakers][lp2016s], many well-known. We also have an opening
keynote from Edward Snowden!
All [FSF associate members get free entry][fsfmember]. If you can't join
us, the conference will be streamed live. You can also see [videos of past
talks][lpvideos] on the FSF's self-hosted [GNU MediaGoblin][goblin]
instance.
Special thanks to the FSF for covering a large portion of my travel
expenses; I otherwise might not have been able to attend. Thank you to all
who donated to the conference scholarship fund.
[lp2016s]: https://www.libreplanet.org/2016/program/speakers.html
[fsfmember]: https://crm.fsf.org/join
[lpvideos]: https://media.libreplanet.org/
[goblin]: http://mediagoblin.org/

37
post/2016-04-02-reddit-nsl.md 100644
View File

@ -0,0 +1,37 @@
# Reddit suspected to have been served with an NSL
It is suspected that Reddit has been [served with an NSL][schneier].
[National Security Letters (NSLs)][nsl] are subpoena served by the United
States federal government and often come with a gag order that prevents the
recipient from even stating that they received the letter.
[schneier]: https://www.schneier.com/blog/archives/2016/04/reddits_warrant.html
[nsl]: https://en.wikipedia.org/wiki/National_Security_Letter
<!-- more -->
[Warrant canaries][canary] are used to circumvent gag orders by stating
that requests have *not* been received, under the [legal theory][court]
that, while courts can compel persons not to speak, they can't compel them
to lie. [Reddit's canary has died][reddit-report]---the canary is absent
from their most recent 2015 transparency report, where it was [present in
the 2014 report][reddit-report-2014].
Does this mean that you should stop using Reddit? No; canaries are an
important transparency method. If you are worried about your privacy, you
shouldn't disclose the information to a third party to begin with. Note
that this includes metadata that are gathered about you when you, for
example, browse subreddits while logged in. You can help mitigate that by
[browsing anonymously using Tor][donot], being sure never to log in during
the same session.
The website [Canary Watch][cw] is a website that tracks warrant canaries.
I'm awaiting further analysis after the weekend.
[canary]: https://en.wikipedia.org/wiki/Warrant_canary
[cw]: https://www.canarywatch.org/
[court]: https://gigaom.com/2014/10/10/are-warrant-canaries-legal-twitter-wants-to-save-techs-warning-signal-of-government-spying/
[reddit-report]: https://web.archive.org/web/20160331210850/https://www.reddit.com/wiki/transparency/2015
[reddit-report-2014]: https://web.archive.org/web/20160331204815/https://www.reddit.com/wiki/transparency/2014
[donot]: https://www.whonix.org/wiki/DoNot

27
post/2016-04-03-fb-vr-spy.md 100644
View File

@ -0,0 +1,27 @@
# Facebook will use software for the VR headset Occulus Rift to spy on you
Anything coming out of Facebook should be [cause for concern][rms-fb]. So,
naturally, one might be concerned when they decide to get into the virtual
reality (VR) scene by [purchasing the startup Occulus VR][fb-vr], makers of
the Occulus Rift VR headset. One can only imagine all the fun ways Facebook
will be able to track, manipulate, spy on, and otherwise screw over users
while they are immersed in a virtual reality.
[rms-fb]: https://stallman.org/facebook.html#privacy
[fb-vr]: http://www.theguardian.com/technology/2014/jul/22/facebook-oculus-rift-acquisition-virtual-reality
Sure enough, we have our first peak: [the software that Facebook has you
install for the Occulus Rift is spyware][fb-spy], reporting on what
*unrelated* software you use on your system, your location (including GPS
data and nearby Wifi networks), the type of device you're using, unique
device identifiers, your movements while using the VR headset, and more.
[fb-spy]: http://uploadvr.com/facebook-oculus-privacy/
<!-- more -->
This is absurd. Do not play into Facebook's games through temptation of
cool new technology; reject their terms and see if there's other ways you
can use the headset without their proprietary spyware. If not, perhaps you
should ask for a refund, and tell them why.

183
post/2016-04-06-gnu-kwindows.md 100644
View File

@ -0,0 +1,183 @@
# GNU/kWindows
There has been a lot of talk lately about a most unique combination:
[GNU][gnu]---the [fully free/libre][free-sw] operating system---and
Microsoft Windows---the [freedom-denying, user-controlling,
surveillance system][woe].
There has also been a great deal of misinformation.
I'd like to share my thoughts.
[gnu]: https://gnu.org/gnu/gnu.html
[free-sw]: https://gnu.org/philosophy/free-sw.html
[woe]: https://www.gnu.org/proprietary/malware-microsoft.en.html
<!-- more -->
Before we can discuss this subject,
we need to clarify some terminology:
We have a [free/libre][free-sw] operating system called [GNU][gnu].
Usually, it's used with the kernel Linux, and is together called the
[GNU/Linux (or GNU+Linux) operating system][gnulinux].
But that's not always the case.
For example, GNU can be run with its own kernel, [The GNU Hurd][hurd]
(GNU/Hurd).
It might be run on a system with a BSD kernel (e.g. GNU/kFreeBSD).
But now, we have a situation where we're taking GNU/Linux, removing Linux,
and adding in its place a Windows kernel.
This combination is referred to as GNU/kWindows (GNU with the Windows kernel
added).[^kwindows]
GNU values users' freedoms.
Windows [does exactly the opposite][woe].
When users talk about the operating system "Linux", what they are referring
to is the [GNU operating system][gnu] with the kernel Linux added.
If you are using the GNU operating system in some form, then many of the
programs you are familiar with on the command line are GNU programs:
`bash`, `(g)awk`, `grep`, `ls`, `cat`, `bc`, `tr`, `gcc`, `emacs`, and
so on.
But GNU is a fully free/libre Unix replacement, [not just a collection of GNU
programs][gnu].
Linux is the kernel that supports what the operating system is trying to do;
it provides what are called system calls to direct the kernel to perform
certain actions, like fork new processes or allocate memory.
This is an important distinction---not only is calling all of this software
"Linux" incorrect, but it discredits the project that created a fully
free/libre Unix replacement---[GNU][gnu].
This naming issue is so widespread that
[most users would not recognize what GNU is][gnu-noheard], even if they
are _using_ a [GNU/Linux][gnulinux] operating system.
I recently read an article that referred to GNU Bash as "Linux's Bash";
this is simply a slap in the face to all the hackers that have for the
past 26 years been writing what is one of today's most widely used
shells on Unix-like systems (including on [Apple's][apple] proprietary
Mac OSX), and all the other GNU hackers.
Microsoft and Canonical have apparently been working together to write a
subsystem that translates Linux system calls into something Windows will
understand---a compatibility layer.
So, software compiled to run on a system with the kernel Linux will work on
Windows through system call translation.
Many articles are calling this "Linux on Windows".
This is a fallacy: the kernel Linux is not at all involved!
What we are witnessing is the [_GNU_ operating system][gnu] running with
a Windows kernel _instead_ of Linux.
This is undoubtedly a technical advantage for Microsoft---Windows users want
to do their computing in a superior environment that they might be
familiar with on [GNU/Linux][gnulinux] or other Unix-like operating
systems, like [Apple's][apple] freedom-denying Mac OSX.
But thinking about it like this is missing an essential concept:
When users talk about "Linux" as the name of the operating system, they
avoid talking about [GNU][gnu].
And by avoiding mention of GNU,
they are also avoiding discussion of the core principles upon which GNU is
founded---the belief that all users deserve
[software granting _four essential freedoms_][free-sw]:
the freedom to use the program for any purpose;
the freedom to study the program and modify it to suit your needs (or
have someone do it on your behalf);
the freedom to share the program with others;
and the freedom to share your changes with others.
We call software that respects these four freedoms
[_free/libre software_][free-sw].
Free software is absolutely essential:
it ensures that _users_,
who are the most vulnerable,
are in control of their computing---not software developers or
corporations.
Any program that denies users any one of their [four freedoms][free-sw] is
_non-free_ (or _proprietary_)---that is, freedom-denying software.
This means that any non-free software, no matter its features or
performance, will [_always_ be inferior to free software][oss] that
performs a similar task.
Not everyone likes talking about freedom or the
[free software philosophy][free-sw].
This disagreement resulted in the
["open source" development methodology][oss],
which exists to sell the benefits of free software to businesses *without*
discussing the essential ideological considerations.
Under the "open source" philosophy,
if a non-free program provides better features or performance,
then surely it must be "better",
because they have outperformed the "open source" development methodology;
non-free software isn't always considered to be a bad thing.
So why would users want to use GNU/kWindows?
Well, probably for the same reason that they want GNU tools on Mac OSX:
they want to use software they want to use, but they also want the
technical benefits of GNU that they like.
What we have here is the ["open source" philosophy][oss]---because if the
user truly valued her freedom, she would use a
[fully free operating system like GNU/Linux][gnulinux-distros].
If a user is _already_ using Windows (that is, before considering
GNU/kWindows), then she does gain some freedom by installing GNU:
she has more software on her system that respects her freedoms,
and she is better off because of that.
But what if you're using GNU/Linux today?
In that case,
it is a major downgrade to switch to a GNU/kWindows system;
by doing so, you are [surrendering your freedom to Microsoft][woe].
It does not matter how many shiny features Microsoft might introduce into
its [freedom-denying surveillance system][woe];
an [operating system that respects your freedoms][gnulinux-distros] will
_always_ be a superior choice.
We would do our best to dissuade users from switching to a GNU/kWindows
system for the technical benefits that GNU provides.
So we have a couple different issues---some factual, some philosophical:
Firstly,
please don't refer to GNU/kWindows as "Linux on Windows", or any variant
thereof;
doing so simply propagates misinformation that not only confounds the
situation, but discredits the thousands of hackers working on the
[GNU operating system][gnu].
It would also be best if you avoid calling it "Ubuntu on Windows";
it isn't a factually incorrect statement---you are running Ubuntu's
distribution of GNU---but it still avoids mentioning the
[GNU Project][gnu]. If you want to give Ubuntu credit for working with
Microsoft, please call it "Ubuntu GNU/kWindows" instead of "Ubuntu".
By mentioning GNU,
users will ask questions about the project,
and might look it up on their own.
They will read about [the free software philosophy][free-sw],
and will hopefully begin to understand these issues---issues that they
might not have even been aware of to begin with.
Secondly,
when you see someone using a GNU/kWindows system,
politely ask them why.
Tell them that there is a _better_ operating system out there---the
[GNU/Linux operating system][gnu]---that not only provides those technical
features,
but also provides the feature of _freedom_!
Tell them what [free software][free-sw] is,
and try to relate it to them so that they understand why it is important,
and even practical.
It's good to see more people benefiting from GNU;
but we can't be happy when it is being sold as a means to draw users into
an otherwise [proprietary surveillance system][woe],
without so much as a mention of our name,
or [what it is that we stand for][gnu].
[^kwindows]: This name comes from [Richard Stallman][rms], founder of the
[GNU Project][gnu].
[hurd]: https://gnu.org/software/hurd/
[oss]: http://www.gnu.org/philosophy/open-source-misses-the-point.html
[gnulinux]: https://www.gnu.org/gnu/linux-and-gnu.html
[gnulinux-distros]: https://www.gnu.org/distros/free-distros.html
[apple]: https://stallman.org/apple.html
[rms]: https://www.fsf.org/about/staff-and-board
[gnu-noheard]: https://gnu.org/gnu/gnu-users-never-heard-of-gnu.html
---
featured: true
---

88
post/2016-05-03-idad.md 100644
View File

@ -0,0 +1,88 @@
# International Day Against DRM 2016
Today is the [10th annual International Day Against DRM][day-drm]---a day
where activists from around the world organize events in protest against
[Digital Restrictions Management][drm].
[day-drm]: https://www.defectivebydesign.org/dayagainstdrm
[drm]: https://www.defectivebydesign.org/what_is_drm_digital_restrictions_management
<!-- more -->
DRM is a scheme by which tyrants use [antifeatures][] to lock down what
users are able to do with their systems, often cryptographically.
For example,
your media player might tell you how many times you can listen to a song,
or watch a video, or read a book;
it might [delete books][1984] that you thought you owned;
it might require that you are [always online][always-on] when playing a
game, and then stop working when you disconnect, or when they decide to
stop supporting the game.
If you try to circumvent these locks,
then you might be [called a pirate][pirate] and be thrown in prision under
the ["anti-circumvention" privisons of the Digital Millenium Copyright Act
(DMCA)][dmca].
These are all things [that have been long predicated][right-to-read], and
are only expected to get worse with time.
That is, unless we take a stand and fight back.
I had the pleasure of participating in
the [largest ever protest against the W3C][w3c-protest] and their attempts
to introduce DRM as a _web standard_ via the [Encrypted Media Extensions
(EME)][eme] proposal.[^photos]
This event was organized beautifully by Zak Rogoff of the [Free Software
Foundation][fsf] and began just outside the Strata Center doors where the
W3C was _actively meeting_,
and then continued to stop outside the Google and Microsoft offices,
both just blocks away.
We were [joined outside Microsoft][eff-protest] by Danny O'Brien,
the EFF's International Director,
who stepped out of the W3C meeting to address the protesters.
Afterward, most of us [traveled to the MIT Media Lab][media-lab] where
Richard Stallman---who joined us in the protest---sat on a panel along
with Danny O'Brien, Joi Ito of the MIT Media Lab, and Harry Halpin of the
W3C.
The W3C was invited to participate in a discussion on EME, but they never
showed.
As a demonstration of the severity of these issues,
[Harry Halpin vowed to resign from the W3C][hh-resign] if the EME proposal
ever became a W3C Recommendation.
I can say without hesitation that the protest and following discussion were
some of the most powerful and memorable events of my life---there is no
feeling like being a part of a group that shares such a fundamental
passion (and distaste!) for something important.
And it _is_ very important.
[DRM is pervasive][dbd]---the Web is just one corner where it rears its ugly
head.
The [International Day Against DRM][day-drm] gives you and others an
excellent opportunity to hold your own protests, demonstrations, and events
to raise these issues to others---and to do so as part of an
_international group_;
to send a strong, world-wide message:
a message that it is _not_ acceptable to act as tyrants and treat users as
slaves and puppets through use of digital handcuffs and [draconian
punishments for circumventing them][dmca].
[^photos]: The EFF has some [great photots][eff-protest]; I'm the one in the
hoodie between the giant GNU head and Zak Rogoff.
[antifeatures]: https://www.fsf.org/bulletin/2007/fall/antifeatures/
[lp2016]: https://libreplanet.org/2016/
[w3c-protest]: https://www.defectivebydesign.org/from-the-web-to-the-streets-protesting-drm
[eme]: https://w3c.github.io/encrypted-media/
[eff-protest]: https://w3c.github.io/encrypted-media/
[w3c]: https://www.w3.org/
[fsf]: https://fsf.org/
[media-lab]: https://motherboard.vice.com/read/we-marched-with-richard-stallman-at-a-drm-protest-last-night-w3-consortium-MIT-joi-ito
[hh-resign]: https://www.defectivebydesign.org/blog/w3c_staff_member_pledges_resignation_if_drm_added_web_standards
[dmca]: https://www.eff.org/issues/dmca
[dbd]: https://www.defectivebydesign.org/
[1984]: https://www.defectivebydesign.org/amazon-kindle-swindle
[always-on]: https://en.wikipedia.org/wiki/Always-on_DRM
[right-to-read]: https://www.gnu.org/philosophy/right-to-read.en.html
[pirate]: https://www.eff.org/deeplinks/2015/02/go-prison-sharing-files-thats-what-hollywood-wants-secret-tpp-deal

55
post/2016-07-16-cfaa.md 100644
View File

@ -0,0 +1,55 @@
# CFAA, "Authorized" Access, and Common Sense
There is little common sense to be had with the [Computer Fraud and Abuse
Act][cfaa] (CFAA) to begin with.
To add to the confusion,
the Ninth Circuit Court of Appeals last week held 2-1 in [United States
v. Nosal][uvn] that accessing a service using someone else's
password---even if that person gave you permission to do so---[violates
the CFAA][cfaa-passwd],
stating that only the _owner_ of a computer can give such authorization.
This is absurd even with complete lack of understanding of what the law is:
should your spouse be held criminally liable for paying your bills online
using your account?
[cfaa]: https://www.eff.org/issues/cfaa
[uvn]: https://www.eff.org/cases/u-s-v-nosal
[cfaa-passwd]: https://www.eff.org/deeplinks/2016/07/ever-use-someone-elses-password-go-jail-says-ninth-circuit
Common sense says no.
<!-- more -->
In another case this week---[Facebook v. Power Ventures][fvp]---the same
court (though a different panel of judges) stepped back from the original
decision and stated that computer _users_ can indeed provide
authorization.
This authorization holds even if the service's Terms of Service say
otherwise.
Yet: the computer owner (in this case, Facebook) can revoke authorization,
which takes precedence over any authorization provided by a user of that
system.
So with a seemingly magical incantation,
a benign situation can be made into a federal crime,
just like that.
These situations highlight dangerous confusion over the interpretation of an
already dangerously vague law.
The CFAA is the law that was used to prosecute Aaron Swartz for federal
"crimes"---with a punishment of up to thirty-five years in prison---for
liberating documents hosted on JSTOR.
Because of this [draconian threat][eff-punish],
[Aaron committed suicide][aaron] on January 11th, 2013.
The CFAA already has blood on its hands;
it needs to be reined _in_,
not be given further broad powers.
So don't take news of the decisions in US v. Nosal and Facebook v. Power
Ventures as canceling one-another out;
things may appear the same for now,
but serious problems still need to be resolved.
[cfaa-back]: https://www.eff.org/deeplinks/2016/07/ninth-circuit-panel-backs-away-dangerous-password-sharing-decision-creates-even
[fvp]: https://www.eff.org/cases/facebook-v-power-ventures
[eff-punish]: https://www.eff.org/deeplinks/2013/02/rebooting-computer-crime-part-3-punishment-should-fit-crime
[aaron]: https://www.eff.org/deeplinks/2013/01/farewell-aaron-swartz

41
post/2016-07-29-election.md 100644
View File

@ -0,0 +1,41 @@
# "Election"
The past few days of the DNC have demanded pause. I am an Independent. I
do not like Hillary Clinton. I am a Bernie supporter, and I was upset by his
endorsement of Hillary. I had vowed not to vote for Hillary; I would
instead vote for Jill Stein. The DNC, while very well done with a deeply
compelling facade, has not changed my perspective on Clinton.
It is perhaps said best by Bernie himself: "It's easy to boo, but it's
harder to look your kids in the face who would be living under a Donald
Trump presidency". The conflict here is between my deep ideologies and
reality. It's often said that a vote for Hillary is a vote against Trump;
such a perspective would shallow and purposeless. But this isn't an
election for president---this is the most threatening assault on everything
I stand for that I hope I will ever witness in my lifetime. To stand for
ideological purity would be to stand atop a mountain while the world around
me burns. This is why Bernie chose to unite.
Should Trump win, my ideals that seem within reach could be blown back
decades. As a matter of strategy, I cannot justify _not_ swallowing every
ounce of my pride. Hillary's presidency is an unfortunate but necessary
consequence of the only permissible outcome. I am not electing a president
of the United States. I am electing _a United States_.
<!-- more -->
So I am doing what I never thought I would do: proposing that others too
factor this obscene equation and recognize how the very few remaining
variables affect the result. My ideals continue to exist in part and in
spirit with Hillary as president. With Trump, they are all but
vanquished. Donald Trump must not be elected president of the United
States. When (and if) you vote, think of it as a shot fired, not as a vote
cast.
"Election".
More information about my opinions on this topic can be found
[here][social-1] and [here][social-2].
[social-1]: https://social.mikegerwitz.com/conversation/21864
[social-2]: https://social.mikegerwitz.com/conversation/22026

103
post/2016-08-25-nso-group-target-activist.md 100644
View File

@ -0,0 +1,103 @@
# NSO Group, Pegasus, Trident---iOS Exploits Targeting Human Rights Activist
[Citizen Lab released a report][cl] describing the attempted use of iOS
0-days on human rights activist [Ahmed Mansoor][] by the United Arab
Emirates.
They named this chain of exploits _Trident_,
and with the help of [Lookout Security][paper],
were able to analyze them.
It begins with [arbitrary code execution (CVE-2016-4655)][4655] by
exploiting a memory corruption vulnerability in WebKit,
which downloads a payload unknown to the user.
That payload is able to bypass KASLR and [determine the kernel memory
location (CVE-2016-4656)][4656],
then allowing it to exploit a [memory corruption vulnerability in the
kernel itself (CVE-2016-4657)][4657];
this "jailbreaks" the device and is a complete compromise of the system.
[cl]: https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/
[Ahmed Mansoor]: https://en.wikipedia.org/wiki/Ahmed_Mansoor
[paper]: https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf
[4655]: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4655
[4656]: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4656
[4657]: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4657
<!-- more -->
This payload is [Pegasus][paper],
a complex surveillance tool sold to governments,
often used for espionage.
In this case,
Monsoor received a suspicious text message and wisely [tipped off Citizen
Lab][cl] rather than opening the presented link.
Had he done so,
he would have unknowingly downloaded this spyware that could very well
have put his life in extreme danger:
it has the capability to track his location;
record his calls and texts;
record communications through software like WhatsApp and Skype;
download his contact information;
grab passwords and encryption keys from his keyring;
and much more.
This malware was written by [NSO Group][],
which is so poorly known that their [Wikipedia page didn't even exist
until today][nso-wikipedia].
The software company is based in Israel,
founded in 2010 by Niv Carmi, Omri Lavie, and Shalev Hulio.
They were purchased in 2014 by [Francisco Partners][],
a private equity firm in the United States,
for $110 million.
They exist to sell exploits to governments.
Anyone familiar with security research is aware of [responsible
disclosure][]:
it is a model whereby researchers who discover a vulnerability
release their research publicly only _after_ they notify the authors
of the software,
and a patch mitigating the vulnerability has been released.
This is what Citizen Lab did---Apple [fixed the vulnerability][apple] in
iOS 9.3.5.[^rms-apple]
This is not what NSO Group does:
Instead, they horde their exploits[^0day] and sell them to governments as
weapons for surveillance or espionage.
In this case,
the United Arab Emirates (or so it seems).
This is not only unethical,
but to sell to a government that is known for this type of abuse is
inexcusable and negligent---the people behind NSO Group are absolute
scum.[^scum]
They are empowering a foreign government known for their civil and human
rights abuses.
I have trouble finding words.
There is much more that can be said on this topic with respect to security,
civil and human rights,
and various other topics.
But I don't want to distract from the topic at hand.
Let this sink in.
Read the [Citizen Lab][cl] report and the [paper by Lookout Security][paper].
Today I leave my soapbox be.
[NSO Group]: https://en.wikipedia.org/wiki/NSO_Group
[nso-wikipedia]: https://en.wikipedia.org/w/index.php?title=NSO_Group&action=history
[Francisco Partners]: https://en.wikipedia.org/wiki/Francisco_Partners
[responsible disclosure]: https://en.wikipedia.org/wiki/Responsible_disclosure
[apple]: https://support.apple.com/en-us/HT207107
[^rms-apple]: I [can't recommend that you use Apple
devices](https://stallman.org/apple.html), but if you do, you
should upgrade immediately;
you are vulnerable to exploitation by simply visiting a
malicious webpage.
[^0day]: Called 0-days,
because they haven't been disclosed and there has been no time to
prepare or release a fix.
[^scum]: For other scum, see the organization behind [FinFisher][]; and the
group [Hacking Team][].
[FinFisher]: https://en.wikipedia.org/wiki/FinFisher
[Hacking Team]: https://en.wikipedia.org/wiki/Hacking_Team

79
post/2017-05-16-self-discovery-pre-internet.md 100644
View File

@ -0,0 +1,79 @@
# Self-Discovery Before the Internet
This is an autobiographical opinion piece prompted by [a HackerNews
post][hn] discussing what it was like to learn programming before Stack
Overflow (and other parts of the Internet).
[hn]: https://news.ycombinator.com/item?id=14339293
<!-- more -->
I'm not old. I was born in 1989. I started programming around 1999. The
Internet sure did exist back then, but I was 10, and my parents weren't keen
on having me just go exploring. Besides, it was dial-up---you couldn't go
search real quick; especially if someone was on the phone. Using the
Internet was an _event_, and an exciting one at that, listening to those
dial tones, logging in using that old Prodigy dialog. Back then you had
Dogpile and Ask Jeeves. Most sites I'd visit by name; usually that was
GameFAQs or CNET download.com, because those are the sites my friend told me
about when he introduced me to the Internet.
I'm entirely self-taught. I didn't know any programmers. I didn't have
contact with any. I told my parents that I wanted to learn how to program
and they skeptically brought me to Barnes and Noble where we picked out
Learn to Program with Visual Basic 6 by John Smiley (*gasp* yes I started as
a Windows programmer). It came with a VB6 CD that for a while I was
convinced could only run the book examples, because I had no idea what I was
doing. I struggled. I tinkered. Hacker culture was on the complete
opposite end of where I was, but by the time I discovered it years later, I
felt like I finally found myself---I finally discovered who I was. The
struggle made me a hacker.
It's easy to half-ass it today. It's easy to simply say "eh I can Google
it" and forego committing knowledge. But it also makes it easy to gain
knowledge, for those who do care to do so. It makes trivia easy. It makes
discovery easy. It also exposes people to subcultures quickly and
demands conformance to stereotypes and norms before one can discover
_themselves_. Who would I be today without having to struggle for myself
rather than someone else _telling_ me who I am, and what I do?
This is more than just technical knowledge. This is the difference between
dropping a child off in the wild or dropping them off at the local
scouts. And at least scouts will discover themselves together. With the
Internet, you absorb a body of existing knowledge; you _rediscover others_,
not yourself. You often read blogs containing opinions of others, not books
or manuals.
That's not to say that you can't learn on your own. Many still do. Many
focus on manuals and books and source code rather than social media. It's
sure hard, though, when everything is integrated as such. Social media
can be beneficial---you do want communication and collaboration. I sure as
hell want to communicate with others. Opinions of others are deeply
important too. Some of the best things I've read are on blogs, not in
books. But I've already found my niche. I've found myself. I wasn't
tainted or manipulated---I learned in a world of proprietary software where
developing license systems was fun and emerged a free software
activist. Because I was forced to look inward, not post on Stack Overflow
or HN or Reddit expecting a hand-guided tour or `dd` of thoughts (okay,
you're not getting that on HN).
Not everyone needs to be a passionate hacker or developer. Really, the
world needs both. And based on what I've seen being pumped out of schools
and universities, the self-taught are generally better off either way. The
vast resources available to modern programmers make many tasks easier and
cheaper, though it also increases maintenance costs if all the programmer is
doing is using code snippets or concepts without actually grokking
them. But this is what most of the world runs off of.
Let yourself struggle. Go offline. Sit down with a print book and get out
a pen and take notes in the margin, write out your ideas. Getting syntax
errors in your editor or REPL? Figure it out! Or maybe consult the manual,
or the book you're reading. Don't search for the solution. When I learned
Algebra in middle school, I had little interest, and forgot all of
it. Years later, I needed it as a foundation for other things. I
discovered the rules for myself on pen and paper. Not only do I remember it
now (or can rediscover on a whim), but I understand _why_ it works the way
it does. I've had those epiphanies. It's easy to miss the forest for the
trees when you don't gain that essential intuition to help yourself
out. And the forest is vast and beautiful.

35
post/2017-06-03-gnu-more-software.md 100644
View File

@ -0,0 +1,35 @@
# GNU is more than a collection of software
GNU is more than just a collection of software; it is an operating system:
[https://www.gnu.org/gnu/thegnuproject.html]()
Many hackers and activists within the free software community don't
understand this well, and it's a shame to see attacks on GNU's relevance (as
measured by programs written by GNU on a given system) going
unchallenged. Software for GNU was written by the GNU Project when a
suitable free program was not available. It wouldn't have made sense to
write everything from scratch if free programs already solved the problem.
<!-- more -->
When we say GNU/Linux, we really are referring to the GNU operating system
that just happens to be using Linux. It could be using the FreeBSD kernel
([GNU/kFreeBSD][]). It could be using a Windows kernel with a Linux API
([GNU/kWindows][]). It could be using the [Hurd][] ([GNU/Hurd][]). The
disambiguation is important, but the end result is pretty much the same.
There are many systems that use Linux that are not GNU. Android is not GNU,
for example. We shouldn't attempt to call those systems "GNU/Linux"
blindly. (Also note how it's called "Android", not "Android/Linux", or just
"Linux". Somehow GNU is controversial, though.)
So if you see someone challenging GNU's relevance because GNU/Linux contains
so much software that isn't part of a GNU package, then please provide the
above link, and kindly explain to them that their observation is correct,
because GNU is an operating system, not a collection of programs.
[GNU/kFreeBSD]: https://en.wikipedia.org/wiki/Debian_GNU/kFreeBSD
[GNU/kWindows]: https://mikegerwitz.com/2016/04/GNU-kWindows
[Hurd]: https://www.gnu.org/software/hurd/
[GNU/Hurd]: https://www.debian.org/ports/hurd/

79
post/2017-06-24-russia-review-source.md 100644
View File

@ -0,0 +1,79 @@
# Russia wants to review source code of Western security software
Reuters [released an article][0] entitled "Under pressure, Western tech
firms bow to Russian demands to share cyber secrets".
Should Russia be permitted to do so?
Should companies "bow" to these demands?
I want to draw a parallel to another highly controversial case regarding
access to source code:
the [Apple v. FBI][2] case early last year.
For those who don't recall,
one of the concerns was the government trying to compel Apple to make
changes to iOS to permit brute forcing the San Bernardino attacker's
PIN;
this is a [violation of First Amendment rights][3] (compelled speech),
and this afforded Apple strong support from even communities that
otherwise oppose them on nearly all other issues.
The alternative was to have the FBI make changes to the software instead of
compelling Apple to do so,
which would require access to the source code of iOS.
[0]: http://www.reuters.com/article/us-usa-russia-tech-insight-idUSKBN19E0XB
[2]: https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_dispute
<!-- more -->
Becuase of the hostility toward the FBI in this case,
even many in the [free software community][4] took the stance that the FBI
being able to modify the software would set terrible precedent.
But that's missing the point a bit.
Being able to modify software doesn't give you the right to install it on
others' devices;
the FBI would have had to compell Apple to release their signing keys
as well---_that_ is a dangerous precedent.
If the government compelled Apple to made changes themselves,
_that_ is dangerous precedent.
"Cyber secrets" in the above title refers to source code to software written
by companies like Cisco, IBM, SAP, and others;
secrets that can only exist in proprietary software that
[denies users the right to inspect, modify, and share][1] the software
that they are running.
For those who agree with the free software philosophy,
it's important to remove consideration of _who_ is trying to exercise their
[four freedoms][1].
In the case of the FBI,
from a free software perspective,
of course they should be able to modify the software---we
believe that _all_ software should be free!
(But that doesn't mean they should be able to install it on _someone
else's_ device.)
In the context of this article by Reuters:
Russia doesn't have to ask to examine software that is free/libre.
And if they did, it shouldn't be a concern;
restricting who can use and examine software is [a slippery slope][5].
Unfortunately, not all software is free/libre.
But if we extend the free software philsophy---there
should be no _ethical_ concerns with a foreign power wanting to inspect
proprietary source code.
But proprietary software might have something of concern to hide:
it might be something malicious like a backdoor,
or it might be something like a lack of security or poor development
practices;
[proprietary software exists only to keep secrets][6], after all.
If Russia has to ask to inspect source code for security software,
you probably do too.
And if that's the case,
the security being provided to you is merely a facade.
It's not Russia to be suspicious of for asking---it's
the companies that keep secrets to begin with.
[1]: https://www.gnu.org/philosophy/free-software-even-more-important.html
[3]: https://www.eff.org/deeplinks/2016/03/deep-dive-why-forcing-apple-write-and-sign-code-violates-first-amendment
[4]: https://www.gnu.org/philosophy/free-sw.en.html
[5]: https://www.gnu.org/philosophy/programs-must-not-limit-freedom.html
[6]: https://www.gnu.org/proprietary/proprietary.html

85
post/2017-06-27-no-force-use-tools.md 100644
View File

@ -0,0 +1,85 @@
# Don't force me to use your tools [on the Web]
There was an interesting discussion on [libreplanet-discuss][] recently
regarding web interfaces.
Below is a rather informal off-the-cuff statement regarding the use of Web
interfaces (specificlaly Discourse) over my own tools.
[libreplanet-discuss]: https://lists.gnu.org/archive/html/libreplanet-discuss/2017-06/msg00032.html
<!-- more -->
-----
I live a huge chunk of my life in my mail client
(which happens to be my editor as well).
It's scripted,
heavily customized,
and integrated with other things.
I do task management with Org mode,
which integrates simply but well enough with Gnus.
I can use my editor keybindings and such when composing messages.
The same goes with my IRC client.
I never have to leave home, if you will.
Contrast that with websites:
if I have to write anything substantial,
I often have to write it in my editor first and paste it in.
Many of us hackers don't care for flashy interfaces;
we'd rather use the tools we've invested our lives into and know well.
Tools that can compose and work well in pipelines.
Trying to use interfaces that reinvent the wheel poorly is painful.
And let's not be fooled---these are programs.
Especially when they're heavy on JavaScript.
There's no difference between this and someone asking me to download Foo and
put my Emacs toy away, as cute as it is.
But I know that many people don't feel that way.
I have coworkers that think I'm crazy (respectfully so).
And I think they're crazy too. ;)
Admittedly, using your own tools is a large barrier to entry---my
tools are useful because I've spent a great deal of time learning and
researching and customizing.
And now I can reuse them for everything.
For your average user looking to get into activism,
who may not even be a programmer,
that's a bit different;
it's easier to say "here's your single tool (Web)---go use it".
There are systems that allow for a level of integration
(e.g. mailing lists and forums).
But they're often treated as fallbacks---as second-class citizens.
They might provide a subset of features;
it leaves certain members of the community out---those
who want to use their own tools.
I haven't used Discourse.
I do see "mailing list support";
maybe that's a good sign.
But one of the phrases at the top of the features page is
"[w]e're reimagining what a modern discussion platform should
be".
Many of us don't want to see it reimagined.
That's the opposite of what many want.
Trying to strike a balance isn't a bad thing if that's the audience
we're looking to attract.
But it's difficult,
and something I struggle with a great deal.
-----
tl;dr:
Asking someone to use an interface on the Web is asking them to use
/your/ program instead of their own.
Be respectful by using [Web standards for accessibility][accessibility];
[progressive enhancement][];
and make use of well-established standards with rich histories,
especially if your audience makes use of them
(e.g. mailing lists, RSS feeds, federation standards, etc).
Thank you.
[accessibility]: https://en.wikipedia.org/wiki/Web_accessibility
[progressive enhancement]: https://en.wikipedia.org/wiki/Progressive_enhancement

40
post/2018-01-05-lp2018-ev.md 100644
View File

@ -0,0 +1,40 @@
# The Ethics Void: Join Me at LibrePlanet 2018!
I got word today that I'll be speaking again at this year's [LibrePlanet][]!
I was going to attend even if I were not speaking,
but I'm very excited to be able to continue to build off of last year's
talk and further my activism on these topics.
[LibrePlanet]: https://libreplanet.org/2018/
The title of this year's talk is _The Ethics Void_.
Here's a rough abstract:
<!-- more -->
> Medicine, legal, finance, journalism, scientific research—each of these
> fields and many others have widely adopted codes of ethics governing the
> lives of their professionals. Some of these codes may even be enshrined in
> law. And this is for good reason: these are fields that have enormous
> consequences.
> Software and technology pervade not only through these fields, but through
> virtually every aspect of our lives. Yet, when compared to other fields, our
> community leaders and educators have produced an ethics void. Last year, I
> introduced numerous topics concerning #privacy, #security, and #freedom that
> raise serious ethical concerns. Join me this year as we consider some of
> those examples and others in an attempt to derive a code of ethics that
> compares to each of these other fields, and to consider how leaders and
> educators should approach ethics within education and guidance.
(My previous talks can be found on my ["Talks" page][talks].)
For this talk,
I want to solicit the community at various points.
I know what _I_ want to talk about,
but what are some of the most important ethical issues to _you_?
Unfortunately there's far too much to fit into a 40-minute talk!
Feel free to send me an e-mail or reply to the [thread on GNU Social][thread].
[talks]: /talks
[thread]: https://social.mikegerwitz.com/conversation/99140

44
post/2018-01-08-meltdown-spectre-web.md 100644
View File

@ -0,0 +1,44 @@
# Meltdown/Spectre and the Web
The recently-released [Meltdown][] and [Spectre][] CPU timing attacks
affect virtually every user in some way;
the consequences are profound.
There are plenty of good write-ups on the topic,
so I don't feel the need to re-iterate the technical details here.
(See an easily digestible one [from the Raspberry Pi][rpi] project, and an
in-depth analysis [from Project Zero][zero].)
[Meltdown]: https://meltdownattack.com/
[Spectre]: https://spectreattack.com/
[rpi]: https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/
[zero]: https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
What I do want to draw attention to is that these attacks [are exploitable
via web browsers][mozilla].
[mozilla]: https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
<!-- more -->
The reason for this is that your web browser,
by default,
automatically downloads and executes programs without your knowledge or
consent.
Most commonly,
web pages embed software in the form of JavaScript code.
Because of the features available in modern JavaScript environments,
CPU cache timing attacks are possible.
[I spoke about the security issues][lp2016] of running these programs in your web
browser back in 2016---it
was a bad idea then,
and it's still a bad idea now.
[I spoke further of privacy issues][lp2017] last year at LibrePlanet 2017.
I encourage you to use extensions like [NoScript][] to block the execution of
JavaScript by default,
and stop random people from treating your computer as a puppet to do
their own bidding.
[lp2016]: https://media.libreplanet.org/u/libreplanet/collection/restore-online-freedom/
[lp2017]: https://media.libreplanet.org/u/libreplanet/m/the-surreptitious-assault-on-privacy-security-and-freedom/
[NoScript]: http://noscript.net/

60
post/2018-04-15-mobile-tracking-veil.md 100644
View File

@ -0,0 +1,60 @@
# When Talking About Mobile Tracking, Don't Veil Bad Actors With Blanket Statements
It's difficult to have useful conversations about mobile tracking when
someone says "your phone / mobile device tracks you";
such statements don't often lead to constructive conversation because they
are too vague and therefore easily dismissed as sensationalism or
paranoia.
And they are all too often without substance because,
while users do have legitimate concerns,
they aren't necessarily aware of the specific problems contributing to
those concerns.
<!-- more -->
A mobile device is nothing more than a small computer that you carry around
with you.
The networks that you connect to can spy on you---your
cellular network, bluetooth, wifi, etc.
To help mitigate these threats,
you can disable those communications until you are in a safe place that
you don't mind others knowing about.
We can only have confidence that these connections have been disabled by
physical means,
like a hardware switch or a bag that acts like a Faraday cage.
[iOS deceives users][ios-deceive] when they ask to disable those communications
for example.
The software running on your device often spies on you:
the operating system itself often spies;
the apps you install often spy.
This is the fault of the individual _authors_---_they_
are the problem.
Consider using free/libre software that empowers you and serves _you_ rather
than its creators;
it's much harder to hide secrets in free software.
On Android,
consider using only free software available in [F-Droid][].
We also need fully free mobile operating systems,
like [Replicant][] and hopefully Purism's Librem 5 that is still under
development.
Don't be fooled into thinking the Android on most phones is free
software---only
its core (AOSP) is.
Call out those that do harm---don't
veil and protect them using statements like "your phone tracks you".
Talk about the specific issues.
Demand change and have the courage to reject them entirely.
This involves inconvenience and sacrifice.
But if we're strong now,
then in the near future perhaps we won't have to make any sacrifices,
much like the fully free GNU/Linux system desktops we have today.
Fore more information on tracking,
see my [LibrePlanet 2017 and 2018 talks](/talks) "The Surreptitious Assault on Privacy,
Security, and Freedom" and "The Ethics Void", respectively.
[F-Droid]: https://f-droid.org
[ios-deceive]: https://web.archive.org/web/20170922011748/https://support.apple.com/en-us/HT208086
[Replicant]: https://replicant.us

28
post/2018-09-06-lp2019-announce.md 100644
View File

@ -0,0 +1,28 @@
# LibrePlanet 2019 will be March 23--24 in Boston, MA
It's already time to start thinking about LibrePlanet 2019, which will be
March 23--24 in the Greater Boston Area in MA:
[https://libreplanet.org/2019/]()
This is the one event that I must make it to each year, and I encourage
everyone to attend and see the faces of many that are at the heart of the
free software community.
<!-- more -->
Consider [submitting a session][submit]! Or, if you can't make it but plan
on watching online, maybe help someone else attend by [contributing to the
travel fund][travel-fund]. The call for sessions ends October 26th.
I'll be attending again this year, and I plan on submitting a session
proposal. I won't have the time to do [my 100+hr research talks like the
past couple years][talks], so maybe I'll fall back on something more
technical that I won't have to research.
It's still a ways off, but if you do plan on attending, do let me know so I
can say hello!
[submit]: https://my.fsf.org/lp-call-for-sessions
[travel-fund]: https://my.fsf.org/civicrm/contribute/transact?reset=1&id=60
[talks]: /talks/

66
post/2018-10-05-webmaster-no-block-tor.md 100644
View File

@ -0,0 +1,66 @@
# Webmasters: Please, Don't Block Tor
[Tor][] is a privacy and anonymity tool that [helps users to defend
themselves][tor-about] against traffic analysis online.
Some people, like me, use it as an important tool to help defend against
[various online threats to privacy][sapsf].
[Others use it][tor-users] to avoid censorship,
perhaps by the country in which they live.
Others use it because their lives depend on it---they
may live under an oppressive regime that forbids access to certain
information or means of communication.
[Tor]: https://www.torproject.org/
[tor-about]: https://www.torproject.org/about/overview.html.en#whyweneedtor
[tor-users]: https://www.torproject.org/about/torusers.html.en
[sapsf]: /talks/sapsf
Unfortunately, some people also hide behind Tor to do bad things,
like attack websites or commit fraud.
Because of this,
many website owners and network administrators see Tor as a security threat,
and choose to block Tor users from accessing their website.
<!-- more -->
But in doing so,
you aren't just keeping out some of the malicious users:
you're also keeping out those who [use Tor for important, legitimate
reasons][tor-users].
Malicious users have other means to achieve anonymity and often have the
skill and understanding to do so.
But average Tor users aren't necessarily technology experts,
and certainly don't have the extra (often maliciously-acquired) resources
that bad actors do,
so they are disprortionally affected by blocks.
A particularly unsettling problem I often encounter is that a website will
outright prohibit access by Tor users _even on read-only resources like
articles or information_.
I've even seen this on informational resources on United States Government
domains!
Blocking access to interactive website features---like
posting comments or making purchases---can
be understandable,
or maybe even necessary sometimes.
For example,
Wikipedia prohibits page edits over Tor.
But Wikipedia _does not block reading_ over Tor.
If you are considering threats that may mask themselves behind Tor and you
are running a blog, news site, or other informational resource,
please, consider how your actions [may affect innocent
users][tor-users].
Allow users to read over Tor,
even if you decide to prohibit them from interacting.
For users of Tor who do find themselves stuck from time to time:
I will often prepend `https://web.achive.org/` to the URL of a page that
is blocked,
which allows me to view the page in the Internet Archive's [Wayback
Machine][].
For example,
to view my website in the Wayback Machine,
you'd visit `https://web.archive.org/https://mikegerwitz.com/`.
[Wayback Machine]: https://web.archive.org/