Convert posts to markdown files
This was considerable effort, and took a bit more time than I had hoped. While newer posts were written with Markdown, previous ones were writen with my own Markdown-like formatting, but they had enough differences that it was quite an effort to get things updated. I also checked the HTML output of each, though I didn't read every article in detail. Some of these were more substantial than others; National Uproar, for example. These conversions were markup translations: the actual text remains unchanged, except in one minor instance to add text for the sake of providing some text to hold a link to a quote. Any changes to post text will happen in future commits so that the diffs are clearly visible.master
parent
2a674052b0
commit
64e1341075
|
@ -0,0 +1,29 @@
|
||||||
|
# Who needs "microblogging"?
|
||||||
|
|
||||||
|
I don't. This is just some place safe to store random thoughts that people
|
||||||
|
probably don't care about (like most comments on most social networking
|
||||||
|
services), with the added benefit of distributed backup, a simple system and no
|
||||||
|
character limit.
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
All the thoughts are commit messages; in particular, this means no versioning.
|
||||||
|
That's okay, because I'm not going to go back and modify them, but I do want
|
||||||
|
dates and I do want GPG signatures (to show that it's actually me thinking this
|
||||||
|
crap).
|
||||||
|
|
||||||
|
This isn't a journal.
|
||||||
|
|
||||||
|
This will mostly be a hacker's thought cesspool.
|
||||||
|
|
||||||
|
This isn't a blog.
|
||||||
|
|
||||||
|
Though, considering how much I ramble (look at this message), certain thoughts
|
||||||
|
could certainly seem like blog entries. Don't get the two confused---one
|
||||||
|
requires only thought defecation and the other endures the disturbing task of
|
||||||
|
arranging the thought matter into something coherent and useful to present to
|
||||||
|
others.
|
||||||
|
|
||||||
|
Yeah. Enjoy. Or don't. You probably shouldn't, even if you do. If you don't,
|
||||||
|
you probably should just to see that you shouldn't.
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
# Getting too tired to hack? At 23:00?
|
||||||
|
|
||||||
|
This has been normal since becoming a father. I can't complain---I love being a
|
||||||
|
father. Of course, I also love hacking. I also love sleep. Knowing that my son
|
||||||
|
is going to wake me up a 6:00 in the morning has a slight influence in a
|
||||||
|
situation like this.
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
I'd like to just suffer through it, but being a fiancé also has another
|
||||||
|
obligation: going to bed when your significant other decides that it's bed time
|
||||||
|
(and by "bed time" I mean sleep). I still manage to fit it in somehow.
|
|
@ -0,0 +1,32 @@
|
||||||
|
# The use of trademarks in free software has always been a curious and unclear concept to me, primarily due to my ignorance on the topic
|
||||||
|
|
||||||
|
Trademarks, unless abused, are intended to protect consumers' interests---are
|
||||||
|
they getting the brand that they think they're getting? If you download Firefox,
|
||||||
|
are you getting Firefox, or a derivative?
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
Firefox is precicely one of those things that has brought this issue to light
|
||||||
|
for me personally: the name is trademarked and derivatives must use their own
|
||||||
|
names, leading to IceCat, IceWeasel, Abrowser, etc. Even though FF is free
|
||||||
|
software, the trademark imposes additional restrictions that seem contrary to
|
||||||
|
the free software philosophy. As such, it was my opinion that trademarks should
|
||||||
|
be avoided or, if they exist, should not be exercised. (GNU, for example, is
|
||||||
|
trademarked[^0], but the FSF certainly [does not exercise it][1]; consider GNUplot,
|
||||||
|
a highly popular graphing program, which is not even part of the GNU project.)
|
||||||
|
|
||||||
|
[This article][2] provides some perspective on the topic and arrives at much the
|
||||||
|
same conclusions: trademark enforcement stifles adoption and hurts the project
|
||||||
|
overall.
|
||||||
|
|
||||||
|
I recommend that trademarks not be used for free software projects, though I am
|
||||||
|
not necessarily opposed to registering a trademark "just in case" (for example,
|
||||||
|
to prevent others from maliciously attempting to register a trademark for your
|
||||||
|
project).
|
||||||
|
|
||||||
|
[1]: http://www.gnu.org/prep/standards/html_node/Trademarks.html
|
||||||
|
[2]: http://mako.cc/copyrighteous/20120902-00
|
||||||
|
|
||||||
|
[^0]: uspto.gov; serial number 85380218; reg. number 4125065.
|
||||||
|
From what I could find from the USPTO website, it was submitted by
|
||||||
|
Aaron Williamson of the SFLC (http://www.softwarefreedom.org/about/team/)
|
|
@ -0,0 +1,17 @@
|
||||||
|
# All these election attack ads are utterly useless
|
||||||
|
|
||||||
|
There have been a lot of elections going on lately---local, state and national.
|
||||||
|
The majority of those ads are attack ads: immature and disrespectful; if you
|
||||||
|
want my vote, give me something positive to vote for instead of spending all of
|
||||||
|
your time and money attacking your candidate. If my vote is to go to the "least
|
||||||
|
horrible" candidate, then there is no point in voting at all.
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
Even more frustrating is the deceptiveness of the ads---intentional
|
||||||
|
deceptiveness, nonetheless. And these are the ads that many in the United States
|
||||||
|
will be basing the majority of, if not all, of their vote on come election time
|
||||||
|
(how many will realistically research instead of sitting in front of the TV
|
||||||
|
absorbing all of the useless bullshit that they are spoonfed?).
|
||||||
|
|
||||||
|
Frightening.
|
|
@ -0,0 +1,42 @@
|
||||||
|
# Why no kid (or kid at heart) should write an iPhone game
|
||||||
|
|
||||||
|
I saw [this post][0] appear on HackerNews, talking about how building a game for
|
||||||
|
iOS is "fun" and "cool". The poster lures the reader in with talk of making
|
||||||
|
money and talks of a "unique sense of fulfillment" that comes with development
|
||||||
|
of these games, and then goes on to invite kids to learn how to develop games
|
||||||
|
for the iPhone (and presumably other iOS devices).
|
||||||
|
|
||||||
|
[0]: http://blog.makegameswith.us/post/33263097029/call-to-arms
|
||||||
|
|
||||||
|
This is a terrible idea.
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
Getting children involved with hacking is an excellent idea, but introducing
|
||||||
|
them to the evils of Apple and associating that with a feeling of pleasure does
|
||||||
|
a great disservice; all software developed for iOS must be "purchased" (even
|
||||||
|
if it's of zero cost) through a walled garden called the "App Store". The
|
||||||
|
problem with this is that [the App Store is hostile toward free
|
||||||
|
software][1]---its overly restrictive terms are incompatible with free software
|
||||||
|
licenses like the GPL. Teaching children to develop software for this crippled,
|
||||||
|
DRM-laden system is teaching them that it is good to prevent sharing, stifle
|
||||||
|
innovation and deny aid to your neighbor.
|
||||||
|
|
||||||
|
A better solution would be to suggest developing software for a completely free
|
||||||
|
mobile operating system instead of iOS, such as [Replicant][2] (a fully free
|
||||||
|
Android distribution). Even if Replicant itself were not used, Android itself,
|
||||||
|
so long as proprietary implementations and "stores" are avoided[[3]], is much
|
||||||
|
more [compatible with education][4] than iOS, since the children are then able
|
||||||
|
to freely write and distribute the software without being controlled by
|
||||||
|
malicious entities like Apple. Furthermore, they would then be able to use a
|
||||||
|
fully free operating system such as GNU/Linux to *write* the software.
|
||||||
|
|
||||||
|
Do not let fun and wealth disguise this ugly issue. Even more importantly---do
|
||||||
|
not pass this practice and woeful acceptance down to our children. I receive a
|
||||||
|
"unique sense of fulfillment" each and every day hacking free software far
|
||||||
|
away from Apple's grasp.
|
||||||
|
|
||||||
|
[1]: http://www.fsf.org/news/blogs/licensing/more-about-the-app-store-gpl-enforcement
|
||||||
|
[2]: http://replicant.us/
|
||||||
|
[3]: http://www.gnu.org/philosophy/android-and-users-freedom.html
|
||||||
|
[4]: http://www.gnu.org/education/edu-schools.html
|
|
@ -0,0 +1,27 @@
|
||||||
|
# Always use -t with ssh-add (and always set passwords on your ssh keys)
|
||||||
|
|
||||||
|
Many people use SSH keys for the sole purpose of avoiding password entry when
|
||||||
|
logging into remote boxes. That is legtimate, especially if you frequently run
|
||||||
|
remote commands or wish to take advantage of remote tab complation, but creating
|
||||||
|
a key with an empty password is certainly the wrong approach---if an attacker
|
||||||
|
gets a hold of the key, then they have access to all of your boxes before you
|
||||||
|
have the chance to notice and revoke the key.
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
ssh-agent exists for this purpose. The problem is---creating an agent only to
|
||||||
|
place the key in memory indefinately is also a terrible idea. If your system
|
||||||
|
does become compromised and the attacker is either root access or access as your
|
||||||
|
user, then they can simply connect to the ssh-agent (unless it's password
|
||||||
|
protected) and start using your key. Also consider that, should you leave your
|
||||||
|
box unattended for even a moment without locking it (for whatever reason---shit
|
||||||
|
happens), an attacker could gain physical access to your PC (and an attacker may
|
||||||
|
just be a coworker looking to play a prank).
|
||||||
|
|
||||||
|
Every morning at work, I begin the day by typing ssh-add followed by an
|
||||||
|
appropriate lifetime (be it the duration of the work day, or the duration that I
|
||||||
|
think I will need the key). This way, your key is in memory when you are likely
|
||||||
|
to be physically present at the box and it is automatically removed from memory
|
||||||
|
after a given lifetime. Additionally, I like to add `ssh-add -D` to the script
|
||||||
|
that locks my PC when I walk away from my desk: that will immediately clear all
|
||||||
|
keys from memory, just in case.
|
|
@ -0,0 +1,21 @@
|
||||||
|
# Texas middle and high schools tracking student locations with RFID tags
|
||||||
|
|
||||||
|
[An article][0] describes how a school district in Texas is attempting to force
|
||||||
|
its students to wear RFID tags at all times in order to track their location to
|
||||||
|
"stem the rampant truancy devastating the school's funding".
|
||||||
|
|
||||||
|
[0]: http://rt.com/usa/news/texas-school-id-hernandez-033/
|
||||||
|
|
||||||
|
What?
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
This is deeply concerning. Not only does this raise serious security and privacy
|
||||||
|
concerns (as mentioned near the end of the article), but it also costed the
|
||||||
|
schools over a half a million dollars to implement. In order words: Texas
|
||||||
|
taxpayer money has been wasted in an effort to track our children.
|
||||||
|
|
||||||
|
Good thing they don't have anything [better to spend that money on.][1]
|
||||||
|
|
||||||
|
[1]: http://fedupwithlunch.com/
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
# "Day changed to S"
|
||||||
|
|
||||||
|
Whatever "S" may be (in this case, "13 Oct 2012"), there is always a sense
|
||||||
|
of peace and gratification that comes with witnessing that line appear in any
|
||||||
|
type of log; it shows a dedication to an art, should your days contain daylight.
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
# Branch Prediction
|
||||||
|
|
||||||
|
An enlightening discussion on branch prediction.[0]
|
||||||
|
|
||||||
|
[0]: http://stackoverflow.com/questions/11227809/why-is-processing-a-sorted-array-faster-than-an-unsorted-array
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
# Free Speech in the Western World
|
||||||
|
|
||||||
|
An interesting opinion piece on [free speech in the western world.][0]
|
||||||
|
|
||||||
|
[0]: http://www.washingtonpost.com/opinions/the-four-arguments-the-western-world-uses-to-limit-free-speech/2012/10/12/e0573bd4-116d-11e2-a16b-2c110031514a_print.html
|
||||||
|
|
||||||
|
<!-- more -->
|
|
@ -0,0 +1,24 @@
|
||||||
|
# NYC Master Keys
|
||||||
|
|
||||||
|
[Bruce Schneier summarizes in a blog post][0] a disturbing topic regarding a New
|
||||||
|
York City locksmith selling "master keys" on eBay, providing access to various
|
||||||
|
services such as elevators and subway entrances.
|
||||||
|
|
||||||
|
[A discussion about this blog post on Hacker News][1] yielded some interesting
|
||||||
|
conversation, including an [even more disturbing article describing how simple
|
||||||
|
it may be to create master keys][2] for a set of locks given only the lock, its
|
||||||
|
key and a number of attempts.
|
||||||
|
|
||||||
|
[0]: http://www.schneier.com/blog/archives/2012/10/master_keys.html
|
||||||
|
[1]: http://news.ycombinator.com/item?id=4654777
|
||||||
|
[2]: http://www.crypto.com/masterkey.html
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
I'll let you ponder the implications of both of these topics. Here's something
|
||||||
|
to get you started: organized crime could use these keys to effectively evade
|
||||||
|
law enforcement or break into millions of "locked" homes. Crackers could gain
|
||||||
|
intimate access to various city systems whereby they may be able to further
|
||||||
|
obstruct or infect systems. A security system is only as strong as its weakest
|
||||||
|
link. Keeping citizens in the dark about these issues gives them a dangerous and
|
||||||
|
false sense of security.
|
|
@ -0,0 +1,27 @@
|
||||||
|
# Verizon router backdoors
|
||||||
|
|
||||||
|
A [very disturbing article][0] makes mention of a Verizon TOS update for its
|
||||||
|
Internet service customers:
|
||||||
|
|
||||||
|
[0]: http://www.linuxbsdos.com/2012/10/04/is-that-a-backdoor-or-an-administrative-password-on-your-verizon-internet-router/
|
||||||
|
|
||||||
|
> Section 10.4 was updated to clarify that Verizon may in limited instances
|
||||||
|
> modify administrative passwords for home routers in order to safeguard
|
||||||
|
> Internet security and our network, the security and privacy of subscriber
|
||||||
|
> information, to comply with the law, and/or to provide, upgrade and maintain
|
||||||
|
> service.
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
...what? This is deeply disturbing, deeply perverted idea of security. Not only
|
||||||
|
is this a severe privacy concern (all internet traffic passes through your
|
||||||
|
router), but it's a deep *security* concern---what if a cracker is able to
|
||||||
|
figure out Verizon's password scheme, intercept the communication with your
|
||||||
|
router or otherwise?
|
||||||
|
|
||||||
|
I recommend that you (a) use your own router, (b) change its default password if
|
||||||
|
you have not yet done so and (c) disallow remote access. Furthermore, I
|
||||||
|
recommend using a free (as in freedom) firmware such as [DD-WRT][1] if supported
|
||||||
|
by your hardware.
|
||||||
|
|
||||||
|
[1]: http://dd-wrt.com/
|
|
@ -0,0 +1,34 @@
|
||||||
|
# Crackers capable of causing pacemaker deaths
|
||||||
|
|
||||||
|
[This article][0] demonstrates why medical devices must contain free software:
|
||||||
|
crackers are able to, with this particular type of pacemaker, exploit the device
|
||||||
|
to trigger a fatal electric shock to its host from as far as 30 feet away (the
|
||||||
|
article also mentions rewriting the firmware, which could of course be used to
|
||||||
|
schedule a deadly shock at a predetermined time). These issues would not exist
|
||||||
|
with free software, as the user and the community would be able to study the
|
||||||
|
source code and fix any defects (or hire someone who can) before placing it in
|
||||||
|
their bodies.
|
||||||
|
|
||||||
|
[0]: http://www.scmagazine.com.au/News/319508,hacked-terminals-capable-of-causing-pacemaker-mass-murder.aspx
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
(Note that this article mistakenly uses the term "hacker" when they really
|
||||||
|
mean "cracker".)
|
||||||
|
|
||||||
|
The aforementioned article is an excellent supplement to [a discussion on free
|
||||||
|
software in pacemakers][1]. In particular, I had pointed out within this
|
||||||
|
discussion [a talk by Karen Sandler of the GNOME Foundation regarding this
|
||||||
|
issue][2] at OSCON 2011, in which she mentions potential issues of proprietary
|
||||||
|
software in pacemakers and the difficulty she faced in attempting to get the
|
||||||
|
source code for one that she was considering for herself.
|
||||||
|
|
||||||
|
The discussion on HackerNews also yielded [an article by the SFLC][3] detailing
|
||||||
|
this issue.
|
||||||
|
|
||||||
|
(Please do not use YouTube's proprietary video player to view the mentioned
|
||||||
|
YouTube video.)
|
||||||
|
|
||||||
|
[1]: http://news.ycombinator.com/item?id=3959547
|
||||||
|
[2]: https://www.youtube.com/watch?v=nFZGpES-St8
|
||||||
|
[3]: https://www.softwarefreedom.org/news/2010/jul/21/software-defects-cardiac-medical-devices-are-life-/
|
|
@ -0,0 +1,12 @@
|
||||||
|
# Federal Appeals Court Declares "Defense of Marriage Act" Unconstitutional
|
||||||
|
|
||||||
|
A step in the [right direction.][0]
|
||||||
|
|
||||||
|
It should also be noted that New York State had also [legalized same sex
|
||||||
|
marriage back in July of 2011][1]---a move I was particularily proud of as a
|
||||||
|
resident of NY state.
|
||||||
|
|
||||||
|
[0]: http://www.aclu.org/lgbt-rights/federal-appeals-court-declares-defense-marriage-act-unconstitutional
|
||||||
|
[1]: http://en.wikipedia.org/wiki/Same-sex_marriage_in_New_York
|
||||||
|
|
||||||
|
<!-- more -->
|
|
@ -0,0 +1,34 @@
|
||||||
|
# Another crack at medical device cracking
|
||||||
|
|
||||||
|
My previous post mentioned the dangers of running non-free software on implanted
|
||||||
|
medical devices. While reading over RMS' policital notes[0], I came across [an
|
||||||
|
article mentioning how viruses are rampant on medical equipment][1].
|
||||||
|
|
||||||
|
> "It's not unusual for those devices, for reasons we don't fully understand, to
|
||||||
|
> become compromised to the point where they can't record and track the data,"
|
||||||
|
> Olson said during the meeting, referring to high-risk pregnancy monitors.
|
||||||
|
|
||||||
|
The devices often run old, unpatches versions of Microsoft's Windoze operating
|
||||||
|
system. The article also mentions how the maleware often attempts to include its
|
||||||
|
host as part of a botnet.
|
||||||
|
|
||||||
|
[0]: http://stallman.org/archives/2012-jul-oct.html#18_October_2012_%28Computerized_medical_devices_vulnerable_to_viruses%29
|
||||||
|
[1]: http://www.technologyreview.com/news/429616/computer-viruses-are-rampant-on-medical-devices/
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
This is deeply concerning and incredibly dangerous. As non-free software is used
|
||||||
|
more and more in equipement that is responsible for our health and safety, we
|
||||||
|
are at increased risk for not only obvious software flaws, but also for crackers
|
||||||
|
with malicious intent; harming someone will become as easy as instructing your
|
||||||
|
botnet to locate and assassinate an individual while you go enjoy a warm (or
|
||||||
|
cold) beverage.
|
||||||
|
|
||||||
|
These problems are *less likely* (not impossible) to occur in free software
|
||||||
|
beacuse the users and community are able to inspect the source code and fix
|
||||||
|
problems that arise (or hire someone that can)[2]. In particular, in the case of
|
||||||
|
the hospitals mentioned in [the article][1], they would be free to hire someone
|
||||||
|
to fix the problems themselves rather than falling at the mercy of the
|
||||||
|
corporations who supplied the proprietary software.
|
||||||
|
|
||||||
|
[2]: http://www.gnu.org/philosophy/free-sw.html
|
|
@ -0,0 +1,8 @@
|
||||||
|
# Digitizing Books Is Fair Use: Author's Guild v. HathiTrust
|
||||||
|
|
||||||
|
A New York court ruled that "digitizing" books for researched and disabled
|
||||||
|
individuals is lawful.[[0]]
|
||||||
|
|
||||||
|
[0]: https://www.eff.org/deeplinks/2012/10/authors-guild-vhathitrustdecision
|
||||||
|
|
||||||
|
<!-- more -->
|
|
@ -0,0 +1,28 @@
|
||||||
|
# Obama and Warrantless Wiretapping
|
||||||
|
|
||||||
|
The EFF has released an article with a [plethora of links describing warrantless
|
||||||
|
wiretapping under the Obama administration][0], spurred by Obama's response to
|
||||||
|
Jon Stewart's questioning on The Daily Show last Thursday. (Readers should also
|
||||||
|
be aware of the [NSA spy center][1] discussed earlier in the year, as is
|
||||||
|
mentioned in the EFF article.)
|
||||||
|
|
||||||
|
[0]: https://www.eff.org/deeplinks/2012/10/fact-check-obamas-misleading-answer-about-warrantless-wiretapping-daily-show
|
||||||
|
[1]: http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
It is clear that the United States government has no intent on protecting the
|
||||||
|
freedoms of individuals and instead is actively resisting attempts to correct
|
||||||
|
the problems. While we can hope that this will change, and we can be confident
|
||||||
|
that organizations like the EFF will continue to fight for our liberties, one
|
||||||
|
immediate option is to limit as much as possible what the NSA and other agencies
|
||||||
|
can discover about you. Consider using [Tor][2] for all of your network traffic
|
||||||
|
(at the very least, use HTTPS connections to prevent agencies and ISPs from viewing
|
||||||
|
specific web pages on a particular domain; HTTPS is unnecessary if using Tor.)
|
||||||
|
PGP/GPG can be used to encrypt e-mail messages to the intended recipients. Etc.
|
||||||
|
|
||||||
|
It's unfortunate that such precautions are necessary. Privacy is important even
|
||||||
|
if you have nothing to hide; any suggestion to the contrary is absolutely
|
||||||
|
absurd.
|
||||||
|
|
||||||
|
[2]: http://torproject.org
|
|
@ -0,0 +1,15 @@
|
||||||
|
# Stingrays: Cell Phone Privacy and Warrantless Surveillance
|
||||||
|
|
||||||
|
How would you feel if law enforcement showed up in your living room, demanded
|
||||||
|
your cell phone, and started writing down your call history and text messages?
|
||||||
|
How would you feel if you didn't even know that they were in your home to begin
|
||||||
|
with, let alone stealing private data? [This is precisely what is happening when
|
||||||
|
law enforcement uses "Stingrays" to locate individuals][0], collecting data of
|
||||||
|
every other individual within range of the device in the process. Even *if* you
|
||||||
|
are the subject of surveillance, this is still an astonishing violation of
|
||||||
|
privacy. (Of course, law enforcement could always demand such records from your
|
||||||
|
service provider, but such an act at the very least has a paper trail.)
|
||||||
|
|
||||||
|
[0]: https://www.eff.org/deeplinks/2012/10/stingrays-biggest-unknown-technological-threat-cell-phone-privacy
|
||||||
|
|
||||||
|
<!-- more -->
|
|
@ -0,0 +1,63 @@
|
||||||
|
# GNU Trick-Or-Treat---FSF Crashes Windows 8 Launch
|
||||||
|
|
||||||
|
The FSF decided to [crash the Windows 8 launch even in New York City][0],
|
||||||
|
complete with [Trisquel][1] DVDs, FSF stickers and information about their
|
||||||
|
[pledge to upgrade to GNU/Linux instead of Windows 8][2].
|
||||||
|
|
||||||
|
I find this to be a fun, excellent alternative to blatant protesting that is
|
||||||
|
likely to be better received by those who would otherwise be turned off to
|
||||||
|
negativity. At the very least, the [walking gnu][3] would surely turn heads and
|
||||||
|
demand curiosity.
|
||||||
|
|
||||||
|
[0]: http://www.fsf.org/news/activists-trick-or-treat-for-free-software-at-windows-8-launch-event-1
|
||||||
|
[1]: http://trisquel.info/
|
||||||
|
[2]: http://www.defectivebydesign.org/windows8
|
||||||
|
[3]: http://www.fsf.org/blogs/community/gnus-trick-or-treat-at-windows-8-launch
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
Here is the e-mail that was sent to the info at fsf.org mailing list:
|
||||||
|
|
||||||
|
> Happy (almost) Halloween, everybody,
|
||||||
|
>
|
||||||
|
> You've probably been noticing Microsoft's ads for their new operating
|
||||||
|
> system -- after all, they've spent more money on them than any other
|
||||||
|
> software launch campaign in history. In fact, everything about the
|
||||||
|
> campaign has been meticulously planned and optimized, so you can
|
||||||
|
> imagine journalists' surprise when an unexpected guest showed up at an
|
||||||
|
> invite-only launch event on Thursday.
|
||||||
|
>
|
||||||
|
> Our volunteer, Tristan Chambers, was there and caught the whole thing
|
||||||
|
> on camera! Pictures here:
|
||||||
|
> <http://www.fsf.org/blogs/community/gnus-trick-or-treat-at-windows-8-launch>.
|
||||||
|
>
|
||||||
|
> Reporters and security guards at the event weren't sure how to react
|
||||||
|
> when they were greeted by a real, live gnu. The gnu -- which, on
|
||||||
|
> closer inspection, was an activist in a gnu suit -- had come for some
|
||||||
|
> early trick-or-treating. But instead of candy, she had free software
|
||||||
|
> for the eager journalists. The gnu and the FSF campaigns team handed
|
||||||
|
> out dozens of copies of Trisquel, a fully free GNU/Linux distribution,
|
||||||
|
> along with press releases and stickers. Once they got over their
|
||||||
|
> confusion, the reporters were happy to see us and hear our message --
|
||||||
|
> that Windows 8 is a downgrade, not an upgrade, because it steals
|
||||||
|
> users' freedom, security and privacy.
|
||||||
|
>
|
||||||
|
> Free software operating systems are the real upgrade, and they don't
|
||||||
|
> need a zillion-dollar launch event to prove it. To show Microsoft that
|
||||||
|
> their ads won't change our minds, we're starting an upgrade pledge:
|
||||||
|
> switch to a free OS, or if you're already using one, help a friend
|
||||||
|
> switch. We can pay Microsoft a chunk of change for their new,
|
||||||
|
> proprietary OS, or we can stand up for our freedom. The choice isn't
|
||||||
|
> as hard as Microsoft wants you to think.
|
||||||
|
>
|
||||||
|
> Sign the pledge now! -- <http://www.fsf.org/windows8/pledge>.
|
||||||
|
>
|
||||||
|
> Thanks for making a commitment to free software.
|
||||||
|
>
|
||||||
|
> PS - If you'd like more details about the action, you can check out
|
||||||
|
> our press release here:
|
||||||
|
> <http://www.fsf.org/news/activists-trick-or-treat-for-free-software-at-windows-8-launch-event-1>.
|
||||||
|
>
|
||||||
|
> -Zak Rogoff
|
||||||
|
> Campaigns Manager
|
||||||
|
|
|
@ -0,0 +1,30 @@
|
||||||
|
# Abolishing Patents
|
||||||
|
|
||||||
|
My issue with patents exceeds the [obvious case against software patents][0];
|
||||||
|
indeed, I have long pondered the problems with patents in other fields. When I
|
||||||
|
hear the phrase "patent pending" or "patented technology" touted in ads, I
|
||||||
|
have never thought positive thoughts; instead, I have thought "you are damning
|
||||||
|
this otherwise excellent work to stagnation". What if someone has an excellent
|
||||||
|
idea to improve upon that particular product? Well, they'd better be prepared to
|
||||||
|
jump through some hoops or shell out some hefty licensing fees. Or maybe it's
|
||||||
|
just easier to abandon the idea entirely and forget that it had never happened.
|
||||||
|
|
||||||
|
[0]: http://patentabsurdity.com/
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
However, I thought, it's not a simple case of ridding the world of patents.
|
||||||
|
How would that affect the incentive to innovate? How would people recoup
|
||||||
|
expensive R&D costs, especially in industries like pharmacy (both my parents are
|
||||||
|
pharmacists)? What about the incentive to describe your invention to the world?
|
||||||
|
Then again, nobody *has* to get a patent for their invention. It may be worth
|
||||||
|
keeping it secret if nobody can figure it out.
|
||||||
|
|
||||||
|
The answers to all of these questions appeared in one place: [The Case Against
|
||||||
|
Patents][1], which I found referenced in an article regarding the [Swedish Pirate
|
||||||
|
Party's opinions on patents, trademarks and copyright][2]. While it is still a
|
||||||
|
draft at the time of this writing, I encourage you to give it a read, as it is
|
||||||
|
very enlightening.
|
||||||
|
|
||||||
|
[1]: http://research.stlouisfed.org/wp/2012/2012-035.pdf
|
||||||
|
[2]: http://falkvinge.net/2012/10/13/what-the-swedish-pirate-party-wants-with-patents-trademarks-and-copyright/
|
|
@ -0,0 +1,18 @@
|
||||||
|
# Jailbreaking and DCMA---EFF Touts Victory, FSF Warns Of Failure
|
||||||
|
|
||||||
|
While the [EFF is pleased to announce][0] that the Copyright Office has [renewed
|
||||||
|
DMCA exceptions upholding jailbreaking rights for cellphones][1], the FSF
|
||||||
|
cautions that [this right has not been extended to tablets, game consoles or
|
||||||
|
even PCs with restricted boot][2].
|
||||||
|
|
||||||
|
[0]: https://www.eff.org/press/releases/eff-wins-renewal-smartphone-jailbreaking-rights-plus-new-legal-protections-video
|
||||||
|
[1]: http://www.copyright.gov/fedreg/2012/77fr65260.pdf
|
||||||
|
[2]: http://www.fsf.org/blogs/licensing/copyright-office-fails-to-protect-users-from-dmca
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
It should be noted that the EFF also successfully gained protection for the use
|
||||||
|
of short copyrighted clips in remixing,[0] and while this is a positive step
|
||||||
|
forward in its own, the implications of the first paragraph should not be
|
||||||
|
ignored.
|
||||||
|
|
|
@ -0,0 +1,30 @@
|
||||||
|
# OpenWireless.org
|
||||||
|
|
||||||
|
The EFF [announces the launch of openwireless.org][0], which encourages users to
|
||||||
|
[share their network connections][1] to create a global network of freely
|
||||||
|
available wireless internet access.
|
||||||
|
|
||||||
|
This is a noble movement. This reminds me of a point in history when MIT began
|
||||||
|
password protecting their accounts, which were previously open to anyone.
|
||||||
|
Stallman, disagreeing with such a practice, [encouraged users to create empty
|
||||||
|
passwords][2]. Stallman would even give out his account information so that
|
||||||
|
remote users may log into MIT's systems, all with good intent.
|
||||||
|
|
||||||
|
[0]: https://www.eff.org/deeplinks/2012/10/why-we-have-open-wireless-movement
|
||||||
|
[1]: https://www.openwireless.org/
|
||||||
|
[2]: http://shop.fsf.org/product/free-as-in-freedom-2/
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
Of course, with malice rampant in today's very different world, Stallman's
|
||||||
|
actions, although noble, would be both naive and a huge security risk.
|
||||||
|
Fortunately, [opening your wireless network isn't necessarily one of these
|
||||||
|
risks][3] and, if done properly, does not equate to opening your private network
|
||||||
|
to attack.
|
||||||
|
|
||||||
|
Consider using [DD-WRT][4] as your router's firmware, if supported by your
|
||||||
|
device, as it is itself [free software][5].
|
||||||
|
|
||||||
|
[3]: https://openwireless.org/myths
|
||||||
|
[4]: http://dd-wrt.com
|
||||||
|
[5]: http://www.gnu.org/philosophy/free-sw.html
|
|
@ -0,0 +1,12 @@
|
||||||
|
# "Trademark" Bullying
|
||||||
|
|
||||||
|
There's two problems with this post from the EFF describing [The Village Voice
|
||||||
|
suing Yelp for "Best of" trademark infringement][0]: firstly, there's the
|
||||||
|
obvious observation that such a trademark should not have been permitted by the
|
||||||
|
USPTO to begin with. Secondly---why do entities insist on gaming the system in
|
||||||
|
such a terribly unethical manner? It takes a special breed of people to do such
|
||||||
|
a thing.
|
||||||
|
|
||||||
|
[0]: https://www.eff.org/deeplinks/2012/10/stupid-lawyer-tricks-and-government-officials-who-are-helping-them
|
||||||
|
|
||||||
|
<!-- more -->
|
|
@ -0,0 +1,15 @@
|
||||||
|
# Ubuntu 12.10 Privacy: Amazon Ads and Data Leaks
|
||||||
|
|
||||||
|
The EFF [cautions that Ubuntu 12.10 leaks user information to Amazon by
|
||||||
|
default][0] rather than requiring the user to opt *into* the system.
|
||||||
|
|
||||||
|
Of course, I cannot recommend that you use Ubuntu, as it encourages the
|
||||||
|
installation of non-free device drivers, readily enables non-free software
|
||||||
|
repositories and contains non-free components in its kernel.[1] Instead,
|
||||||
|
consider a [fully free GNU/Linux distribution like Trisquel][2].
|
||||||
|
|
||||||
|
[0]: https://www.eff.org/deeplinks/2012/10/privacy-ubuntu-1210-amazon-ads-and-data-leaks
|
||||||
|
[1]: http://www.fsfla.org/svnwiki/selibre/linux-libre/
|
||||||
|
[2]: https://trisquel.info
|
||||||
|
|
||||||
|
<!-- more -->
|
|
@ -0,0 +1,8 @@
|
||||||
|
# Ban On Public Rallying and Demonstrations in Bahrain
|
||||||
|
|
||||||
|
The government of Bahrain found that the best solution to preventing violent
|
||||||
|
protests was to [ban all public rallying and demonstrations][0].
|
||||||
|
|
||||||
|
[0]: https://www.eff.org/deeplinks/2012/11/bahrain-goes-bad-worse
|
||||||
|
|
||||||
|
<!-- more -->
|
|
@ -0,0 +1,8 @@
|
||||||
|
# EFF Elaborates On DCMA Ruling
|
||||||
|
|
||||||
|
In addition to my aforementioned links, the EFF has provided [a more detailed
|
||||||
|
analysis][0] of the decision.
|
||||||
|
|
||||||
|
[0]: https://www.eff.org/deeplinks/2012/11/2012-dmca-rulemaking-what-we-got-what-we-didnt-and-how-to-improve
|
||||||
|
|
||||||
|
<!-- more -->
|
|
@ -0,0 +1,22 @@
|
||||||
|
# California Proposition 35 Concerns
|
||||||
|
|
||||||
|
The EFF [points out problems with California's Proposition 35][0], which would,
|
||||||
|
among other things, [require registered sex offenders to "disclose Internet
|
||||||
|
activities and identities"][1]:
|
||||||
|
|
||||||
|
[0]: https://www.eff.org/deeplinks/2012/11/eff-urges-no-vote-california-proposition-35
|
||||||
|
[1]: http://voterguide.sos.ca.gov/propositions/35/
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
> [...] Proposition 35 would force individuals to provide law enforcement with
|
||||||
|
> information about online accounts that are wholly unrelated to criminal
|
||||||
|
> activity – such as political discussion groups, book review sites, or blogs.
|
||||||
|
> In today’s online world, users may set up accounts on websites to communicate
|
||||||
|
> with family members, discuss medical conditions, participate in political
|
||||||
|
> advocacy, or even listen to Internet radio. An individual on the registered
|
||||||
|
> sex offender list would be forced to report each of these accounts to law
|
||||||
|
> enforcement within 24 hours of setting it up – or find themselves in jail.
|
||||||
|
> This will have a powerful chilling effect on free speech rights of tens of
|
||||||
|
> thousands of Californians.
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
# MediaGoblin $10k Matching Grant
|
||||||
|
|
||||||
|
Congratulations to MediaGoblin for not only [meeting the $10k matching grant
|
||||||
|
from a generous anonymous donor][0], but also for raising $36k to date.
|
||||||
|
|
||||||
|
[MediaGoblin][1] is a "free software media publishing platform that anyone can
|
||||||
|
run"; it is a distributed, free (as in freedom) alternative to services such as
|
||||||
|
YouTube, Flickr and others, and is part of the [GNU project][2].
|
||||||
|
|
||||||
|
[0]: http://mediagoblin.org/news/we-made-10k-matching.html
|
||||||
|
[1]: http://mediagoblin.org/
|
||||||
|
[2]: http://gnu.org/
|
||||||
|
|
||||||
|
<!-- more -->
|
|
@ -0,0 +1,9 @@
|
||||||
|
# Another Useless, False-Sense-Of-Security NSA Security Tactic
|
||||||
|
|
||||||
|
A police officer [recalls a time he went through airport security][0] and
|
||||||
|
received a patdown from one of the security agents, which he found to be
|
||||||
|
absolutely useless.
|
||||||
|
|
||||||
|
[0]: http://www.gizmodo.co.uk/2012/10/search-me/
|
||||||
|
|
||||||
|
<!-- more -->
|
|
@ -0,0 +1,11 @@
|
||||||
|
# Video of 2012 Voting Machine Altering Votes
|
||||||
|
|
||||||
|
A Reddit user [posted video of a 2012 voting machine preventing him from
|
||||||
|
selecting Barak Obama][0]. Malfunction or not, this is the type of thing that
|
||||||
|
could have possibly been caught if the software were free. Furthermore, from
|
||||||
|
reading the source code, one would be able to clearly tell whether or not it was
|
||||||
|
a bug or an intentional "feature".
|
||||||
|
|
||||||
|
[0]: http://thenextweb.com/shareables/2012/11/06/reddit-user-captures-video-of-2012-voting-machines-altering-votes/
|
||||||
|
|
||||||
|
<!-- more -->
|
|
@ -0,0 +1,19 @@
|
||||||
|
# OLPC Tablet in Ethiopia
|
||||||
|
|
||||||
|
A story mentions how [Ethiopian kids quickly learned to read and use tablet
|
||||||
|
PCs][0] provided by the [One Laptop Per Child][1] project. This is not only a
|
||||||
|
noble feat (as we would expect from OLPC), but also an impressive one,
|
||||||
|
considering that (as the article mentions) the children did not know how to
|
||||||
|
read, even in their own language.
|
||||||
|
|
||||||
|
[0]: http://dvice.com/archives/2012/10/ethiopian-kids.php
|
||||||
|
[1]: http://one.laptop.org/
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
Now, while the OLPC does have [its own tablet][2], the article mentions that the
|
||||||
|
[children were given Motorola Zoom tablets][0]; I would hope that they run free
|
||||||
|
software to encourage freedom in these developing countries and to encourage the
|
||||||
|
children to hack and explore their devices in even greater detail.
|
||||||
|
|
||||||
|
[2]: http://one.laptop.org/about/xo-3
|
|
@ -0,0 +1,10 @@
|
||||||
|
# U.S. "Copyright Alert System"
|
||||||
|
|
||||||
|
[The EFF warns][0] of [the "Copyright Alert System"][1]---a government
|
||||||
|
endorsed spy system---that will launched shortly to monitor peer-to-peer
|
||||||
|
networks for so-called "infringing" activity.
|
||||||
|
|
||||||
|
[0]: https://www.eff.org/deeplinks/2012/11/us-copyright-surveillance-machine-about-be-switched-on
|
||||||
|
[1]: http://www.copyrightinformation.org/alerts
|
||||||
|
|
||||||
|
<!-- more -->
|
|
@ -0,0 +1,160 @@
|
||||||
|
# VLC's Move to LGPL
|
||||||
|
|
||||||
|
Jean-Baptiste Kempf of the VLC project explains that "most of the code of VLC"
|
||||||
|
has been [relicensed under the LGPL][0], moving *away from* the GPL. Some of the
|
||||||
|
reasons for the move include "competition, necessity to have more professional
|
||||||
|
developers around VLC and AppStores".[1] (With the "AppStore" comment,
|
||||||
|
Jean-Baptiste is likely referring to issues regarding free software in Apple's
|
||||||
|
App Store, which [the FSF has discussed on their website][2].)
|
||||||
|
|
||||||
|
This is unfortunate; using the LGPL in place of the GPL is [not encouraged for
|
||||||
|
free software projects][3] because, while it ensures the freedom of the project
|
||||||
|
itself, it does not encourage the development of free software that *uses* the
|
||||||
|
project---the LGPL allows linking with proprietary software. Let's explore the
|
||||||
|
aforementioned reasons in a bit more detail.
|
||||||
|
|
||||||
|
[0]: http://www.jbkempf.com/blog/post/2012/I-did-it
|
||||||
|
[1]: http://www.jbkempf.com/blog/post/2012/How-to-properly-relicense-a-large-open-source-project
|
||||||
|
[2]: http://www.fsf.org/news/blogs/licensing/more-about-the-app-store-gpl-enforcement
|
||||||
|
[3]: http://www.gnu.org/licenses/why-not-lgpl.html
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
Firstly, let us consider the issue of competition. In one of the [discussions on
|
||||||
|
Hacker News][4], I pointed out the distinction between "open source" and Free
|
||||||
|
Software:
|
||||||
|
|
||||||
|
[...]
|
||||||
|
It is important to understand the distinction between "open source" and "free
|
||||||
|
software". Open source focuses on the benefits of "open" code and development
|
||||||
|
and how it can create superior software. Free Software focuses on the ethical
|
||||||
|
issues---while free software developers certainly want contributors, the
|
||||||
|
emphasis is on the fact that the software respects your freedom and, for that,
|
||||||
|
it's far superior to any other proprietary alternative; free software users
|
||||||
|
constantly make sacrifices in functionality and usability, and we're okay with
|
||||||
|
that.
|
||||||
|
|
||||||
|
[http://www.gnu.org/philosophy/open-source-misses-the-point.html][5]
|
||||||
|
[...]
|
||||||
|
|
||||||
|
In this sense, why should competition be considered for software freedom, unless
|
||||||
|
it is between two free software projects, encouraging innovation in conjunction
|
||||||
|
*with* freedom? In such a case, one wouldn't change the software license from
|
||||||
|
the GPL to the LGPL, because the LGPL is less pursuant toward those freedoms.
|
||||||
|
Therefore, VLC instead adopts the ["open source"][5] development model, as it
|
||||||
|
cares more for competition.
|
||||||
|
|
||||||
|
The next concern was to "have more professional developers around VLC".[1] Is
|
||||||
|
this to imply that free software hackers cannot be professional developers? I
|
||||||
|
certainly am. Consider projects like the kernel Linux---many companies have
|
||||||
|
contributed back to that project, which is licensed under the GPLv2. If the goal
|
||||||
|
is to have more people contributing to your project, then a license like the GPL
|
||||||
|
is certainly best, as it puts a legal obligation on the distributor to release
|
||||||
|
the source code, which the parent project may then incorporate. Now, the LGPL
|
||||||
|
also forces this (except for linked software); since the only [differences
|
||||||
|
between the GPL and the LGPL][6] deal with the linking exception, this means
|
||||||
|
that the author is either (a) mistaken in the concern or (b) wishes for more
|
||||||
|
*proprietary* development around VLC. Alternatively, the author may be
|
||||||
|
concerned that the GPL introduces compatibility issues between whatever other
|
||||||
|
"open source" license developers wish to use when linking VLC code, but
|
||||||
|
again---that means that VLC is devaluing freedom. Risky business, but this is
|
||||||
|
the model that BSD follows (permitting proprietary derivatives of the entire
|
||||||
|
software---not just linking---and receiving contributions back from proprietary
|
||||||
|
software makers.)
|
||||||
|
|
||||||
|
Finally, let us consider the issue of Apple's App Store. This is issue is
|
||||||
|
certainly of strong concern---Apple's products are very popular and yet they do
|
||||||
|
not even make an attempt to respect the users' freedoms either with their
|
||||||
|
software or with any of the software they allow on their "App Store".[2]
|
||||||
|
However, Jean-Baptiste has made a fatal mistake---we should not be changing our
|
||||||
|
licenses to suit Apple! In effect, that is giving Apple even more power over
|
||||||
|
free software by allowing them to exert control not only over their users, but
|
||||||
|
also over the developers of the users' favorite software! We should instead
|
||||||
|
express our condolences with those users and suggest instead that they adopt a
|
||||||
|
device or operating system that respects their freedom, or that they jailbreak
|
||||||
|
their devices (which is [still legal][7]).
|
||||||
|
|
||||||
|
I'll end this commentary with an additional response of mine from the
|
||||||
|
[aforementioned Hacker News thread][4]:
|
||||||
|
|
||||||
|
> The freedoms represent an ethical issue---that software developers have
|
||||||
|
> unprecedented control over their users. Why should I, as a hacker, be able
|
||||||
|
> to tell you what you can and cannot do with your device? Furthermore, it
|
||||||
|
> raises deep privacy issues---what kind of data am I collecting and why
|
||||||
|
> should I have that data?
|
||||||
|
>
|
||||||
|
> I entered the free software movement slowly (I began software development on
|
||||||
|
> Windows as a young boy and was trained to think that bossing the user around
|
||||||
|
> was a good thing; I thought it was fun to write DRM system and
|
||||||
|
> anti-features). I began using GNU/Linux while still rationalizing my use of
|
||||||
|
> proprietary software through Wine or by dual-booting into Windows. I then
|
||||||
|
> saw the benefits of the "open source" development model. It wasn't until I
|
||||||
|
> spent the time researching the reasons behind the free software movement
|
||||||
|
> that things began to click. I was able to look back on everything I learned
|
||||||
|
> as a developer for Windows and see that I enjoyed the thought of controlling
|
||||||
|
> my users. I enjoyed the power I got from programming---programming was
|
||||||
|
> empowerment, and the only way to squeeze the money out of those unsuspecting
|
||||||
|
> users was to do it forcefully.
|
||||||
|
>
|
||||||
|
> People have fundamentally different philosophies when it comes to
|
||||||
|
> programming. Do all proprietary software developers do so out of greed? On
|
||||||
|
> some level, sure---they're not contributing that code so that others may
|
||||||
|
> benefit from it. But are they doing it for the purpose of controlling their
|
||||||
|
> users? Not necessarily, but they still are, even if they have the best of
|
||||||
|
> intentions. Is someone who creates proprietary educational software for
|
||||||
|
> children in third world companies "evil"? Certainly not. The problem is that
|
||||||
|
> they're denying them an additional right---the right to modify that
|
||||||
|
> software, learn from it and use their devices as they please.
|
||||||
|
>
|
||||||
|
> Of course, we often see proprietary software used unethically, often times
|
||||||
|
> for vendor lock-in or greed; corporations are worried that if they lighten
|
||||||
|
> their grip on their users, that the users may run, or worse, do something
|
||||||
|
> [il]legal. I don't believe that is the place of software developers. I
|
||||||
|
> remember, back when I used Windows, I was obsessed with magic/illusion. I
|
||||||
|
> purchased a ton of videos online teaching me various magic tricks, but the
|
||||||
|
> videos were laced with DRM (which, at the time, as a Windows developer, I
|
||||||
|
> applauded). The problem was, that I then upgraded my hardware. My videos no
|
||||||
|
> longer worked. I contacted them for a new key, and could view them again.
|
||||||
|
> Then I got a new PC. And now I use GNU/Linux. I can no longer watch those
|
||||||
|
> videos that I purchased because of this unnecessary, artificial restriction.
|
||||||
|
> Was I going to distribute those videos? No. Did that prevent others from
|
||||||
|
> stripping the restrictions and distributing it anyway? Certainly not. I was
|
||||||
|
> being punished for others' actions and the others weren't any worse off from
|
||||||
|
> the restrictions, because they understood how to defeat them.
|
||||||
|
>
|
||||||
|
> Of course, DRM's only one of the many issues (and DRM cannot exist in free
|
||||||
|
> software, because the community would simply remove the anti-feature). What
|
||||||
|
> if I were using some software---let's say Photoshop---and it crashed on me
|
||||||
|
> in the middle of my work. Crap. Well, if I were using GIMP, I would run gdb
|
||||||
|
> on the core dump (assuming a segfault) and inspect the problem. I would try
|
||||||
|
> to repeat it. I could, if I wanted to, get my hands on the source code, fix
|
||||||
|
> the problem and distribute that fix to others. If I didn't have the time or
|
||||||
|
> ability, others could fix the problem for me, and we have the right to share
|
||||||
|
> those changes. We have the right to benefit from those changes. With
|
||||||
|
> Photoshop, we'd better start waiting. What if I was able to magically come
|
||||||
|
> up with a fix, perhaps by modifying the machine code? Hold on---I'm not
|
||||||
|
> allowed to do that! And I'm certainly not allowed to distribute that fix to
|
||||||
|
> others. And I'm certainly not allowed to give my son a copy for his PC if he
|
||||||
|
> wanted to do an art project for school.
|
||||||
|
>
|
||||||
|
> The FSF provides a great deal of information on their philosophy:
|
||||||
|
> <http://www.gnu.org/philosophy/>. You could also gain a great deal of
|
||||||
|
> insight by reading up on the history:
|
||||||
|
> <http://shop.fsf.org/product/free-as-in-freedom-2/> or by reading RMS'
|
||||||
|
> essays: <http://shop.fsf.org/product/signed-fsfs/>.
|
||||||
|
>
|
||||||
|
> And ultimately, you may find that you do not agree with our
|
||||||
|
> philosophy---many don't. That's certainly your right, and I respect that.
|
||||||
|
> What I cannot respect, and will not respect, is when that philosophy is used
|
||||||
|
> to exert control over others.
|
||||||
|
>
|
||||||
|
> (As a final note: many say we control developers through our "viral"
|
||||||
|
> licenses. But keep in mind that we're trying to protect the users *from*
|
||||||
|
> developers. This means taking power away from developers. This is
|
||||||
|
> intentional.)
|
||||||
|
|
||||||
|
[4]: http://news.ycombinator.com/item?id=4787965
|
||||||
|
[5]: http://www.gnu.org/philosophy/open-source-misses-the-point.html
|
||||||
|
[6]: http://www.gnu.org/licenses/lgpl.html
|
||||||
|
[7]: https://www.eff.org/press/releases/eff-wins-renewal-smartphone-jailbreaking-rights-plus-new-legal-protections-video
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
# Copyright Reform? You're silly.
|
||||||
|
|
||||||
|
Amazingly, the Republican Study Committee (RSC) had [released a report
|
||||||
|
suggesting copyright reform][0]. Of course, that's a silly thing to do when
|
||||||
|
you're in bed with organizations like the MPAA and RIAA; [the report was quickly
|
||||||
|
retracted][1].
|
||||||
|
|
||||||
|
It would have been a surprising step forward; maybe there's hope yet, assuming
|
||||||
|
the GOP can get a handle on itself.
|
||||||
|
|
||||||
|
(Disclaimer: I have no party affiliation.)
|
||||||
|
|
||||||
|
[0]: http://www.techdirt.com/articles/20121116/16481921080/house-republicans-copyright-law-destroys-markets-its-time-real-reform.shtml
|
||||||
|
[1]: http://www.techdirt.com/articles/20121117/16492521084/hollywood-lobbyists-have-busy-saturday-convince-gop-to-retract-copyright-reform-brief.shtml
|
||||||
|
|
||||||
|
<!-- more -->
|
|
@ -0,0 +1,58 @@
|
||||||
|
# Privacy In Light of the Petraeus Scandal
|
||||||
|
|
||||||
|
I'm not usually one for scandals (in fact, I couldn't care less who government
|
||||||
|
employees are sleeping with). However, it did bring up deep privacy
|
||||||
|
concerns---how exactly did the government get a hold of the e-mails?
|
||||||
|
|
||||||
|
The [EFF had released an article answering some questions][0] about the scandal,
|
||||||
|
which is worth a read. In particular, you should take a look at the [EFF's
|
||||||
|
Surveillance Self-Defense website][1] for an in-depth summary of the laws
|
||||||
|
surrounding government surveillance and tips on how to protect against it.
|
||||||
|
|
||||||
|
[0]: https://www.eff.org/deeplinks/2012/11/when-will-our-email-betray-us-email-privacy-primer-light-petraeus-saga
|
||||||
|
[1]: https://ssd.eff.org
|
||||||
|
|
||||||
|
I'd like to touch upon a couple things. In particular, [the article mentions][0]:
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
> Broadwell apparently accessed the emails from hotels and other locations, not
|
||||||
|
> her home. So the FBI cross-referenced the IP addresses of these Wi-Fi
|
||||||
|
> hotspots "against guest lists from other cities and hotels, looking for common
|
||||||
|
> names."
|
||||||
|
|
||||||
|
To stay anonymous in this situation, one should [consider using Tor][2] to mask
|
||||||
|
his/her IP address. Additionally, remove all cookies (or use your browser's
|
||||||
|
privacy mode if it will disable storing and sending of cookies for you) and
|
||||||
|
consider that your User Agent may be used to identify you, especially if
|
||||||
|
maleware has inserted its own unique identifiers.
|
||||||
|
|
||||||
|
Also according to [the EFF article][0]:
|
||||||
|
|
||||||
|
> According to reports, Patraeus and Broadwell adopted a technique of drafting
|
||||||
|
> emails, and reading them in the draft folder rather than sending them.
|
||||||
|
|
||||||
|
That didn't work out so well. Consider [encrypting important communications][3]
|
||||||
|
using GPG/PGP so that (a) the e-mail cannot be deciphered in transit and (b) the
|
||||||
|
e-mail can only be read by the intended recipient. Of course, you are then at
|
||||||
|
risk of being asked to divulge your password, so to avoid the situation
|
||||||
|
entirely, it would be best to delete the e-mails after reading them.
|
||||||
|
Additionally, if you host your own services, it may be wise to host your own
|
||||||
|
e-mail (guides for doing this vary between operating system, but consider
|
||||||
|
looking at software like [Postfix][4] for mail delivery and maybe [Dovecot][5]
|
||||||
|
for retrieval).
|
||||||
|
|
||||||
|
Privacy isn't only for those individuals who are trying to be sneaky or cheat on
|
||||||
|
their spouses. Feel free joining the EFF in trying to reform the ECPA to respect
|
||||||
|
our privacy in this modern era; storing a document digitally shouldn't change
|
||||||
|
its fundamental properties under the law.
|
||||||
|
|
||||||
|
I'd also encourage you to read [Schneier's post on this topic][6], which
|
||||||
|
summarizes points from many articles that I did not cover here.
|
||||||
|
|
||||||
|
[2]: https://ssd.eff.org/tech/tor
|
||||||
|
[3]: https://ssd.eff.org/tech/encryption
|
||||||
|
[4]: http://www.postfix.org
|
||||||
|
[5]: http://www.dovecot.org/
|
||||||
|
[6]: http://www.schneier.com/blog/archives/2012/11/e-mail_security.html
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
# Tor exit node operator raided in Austria
|
||||||
|
|
||||||
|
[These things][0] mustn't be allowed to happen; they are an affront to privacy.
|
||||||
|
Tor exit node operators should not have to fear conviction for activities they
|
||||||
|
themselves did not perform.
|
||||||
|
|
||||||
|
[0]: http://www.lowendtalk.com/discussion/6283/raided-for-running-a-tor-exit-accepting-donations-for-legal-expenses
|
||||||
|
|
||||||
|
<!-- more -->
|
|
@ -0,0 +1,10 @@
|
||||||
|
# Warrants For E-mails in the United States
|
||||||
|
|
||||||
|
The [Senate Judiciary Committee passed an amendment][0] that requires that they
|
||||||
|
receive a warrant before spying on our e-mails.
|
||||||
|
|
||||||
|
This is excellent; let us hope that it becomes law.
|
||||||
|
|
||||||
|
[0]: https://www.eff.org/deeplinks/2012/12/deep-dive-updating-electronic-communications-privacy-act
|
||||||
|
|
||||||
|
<!-- more -->
|
|
@ -0,0 +1,53 @@
|
||||||
|
# Copyright Assignment Of Free Software Projects
|
||||||
|
|
||||||
|
An [e-mail today from Paolo Bonzini][0], a maintainer of GNU sed, has prompted
|
||||||
|
additional discussion regarding copyright assignment to corporate entities; in
|
||||||
|
particular, the discussion focuses on copyright assignment to the FSF under the
|
||||||
|
GNU project.
|
||||||
|
|
||||||
|
[0]: http://article.gmane.org/gmane.comp.lang.smalltalk.gnu.general/7873
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
An [article by Michael Kerrisk on LWN.net][1], posted a couple days earlier,
|
||||||
|
touches on the [same issue brought up by GnuTLS earlier in the month][2]. The
|
||||||
|
disagreements from the two aforementioned individuals of the GNU-maintained
|
||||||
|
projects prompt a thoughtful analysis of whether copyright assignment is
|
||||||
|
appropriate for your own free software project[1]. In contrast, consider the
|
||||||
|
[developer certificate of origin][3] policy adopted by the Linux project, under
|
||||||
|
which contributors maintain copyright for their contributions.
|
||||||
|
|
||||||
|
There are benefits and downsides to both models---if a project requires
|
||||||
|
copyright assignment (such as the GNU projects), then enforcement and license
|
||||||
|
modifications are simplified. As an example, if the Linux project wanted to move
|
||||||
|
to the GPLv3, they would have to contact each contributor (a similar move was
|
||||||
|
done recently [by the VLC project][4], except that they moved from the GPL to
|
||||||
|
the LGPL). However, the Linux project has a much smaller barrier to entry---they
|
||||||
|
need not [assign copyright of their contributions to the project (such as is the
|
||||||
|
case with GNU)][5], meaning that individuals may be more likely to contribute.
|
||||||
|
|
||||||
|
One of the major benefits touted by the FSF for copyright assignments from
|
||||||
|
contributors is [copyright enforcement][6]---another complication that would
|
||||||
|
arise from enforcing the GPL in a project such as Linux. That said, as the LWN
|
||||||
|
article mentions[2], what if [the FSF cannot find the time to enforce the
|
||||||
|
copyright on a project violation][7]? Then again, what of the flipside---do you
|
||||||
|
have the time or money to enforce violations on your own projects were they not
|
||||||
|
assigned to a corporation like the FSF?
|
||||||
|
|
||||||
|
These are interesting discussions and certainly things that should be considered
|
||||||
|
when determining how to handle both contributions and the copyright for your
|
||||||
|
entire project. Ultimately, that decision falls on you, the author/maintainer,
|
||||||
|
and your needs.
|
||||||
|
|
||||||
|
(Disclaimer: I am an associate member of the Free Software Foundation. This
|
||||||
|
article does not reflect any of my personal opinions; whether or not I would
|
||||||
|
assign copyright to the FSF for any of my projects would be determined based on
|
||||||
|
the goals and plan of that particular project.)
|
||||||
|
|
||||||
|
[1]: http://lwn.net/SubscriberLink/529522/854aed3fb6398b79/
|
||||||
|
[2]: http://lwn.net/Articles/529558/
|
||||||
|
[3]: http://elinux.org/Developer_Certificate_Of_Origin
|
||||||
|
[4]: http://mikegerwitz.com/thoughts/2012/11/VLC-s-Move-to-LGPL.html
|
||||||
|
[5]: http://git.savannah.gnu.org/cgit/gnulib.git/tree/doc/Copyright/assign.changes.manual#n64
|
||||||
|
[6]: http://www.gnu.org/licenses/why-assign.html
|
||||||
|
[7]: http://lwn.net/Articles/529777/
|
|
@ -0,0 +1,46 @@
|
||||||
|
# Congress Approves FISA For Another 5 Years
|
||||||
|
|
||||||
|
At a [vote of 73-23][0], Congress has voted to [extend FISA warentless spying
|
||||||
|
bill by five more years[1], even shooting down [proposed amendments][2] to the
|
||||||
|
bill.[3]
|
||||||
|
|
||||||
|
[0]: https://www.senate.gov/legislative/LIS/roll_call_lists/roll_call_vote_cfm.cfm?congress=112&session=2&vote=00236
|
||||||
|
[1]: https://www.eff.org/deeplinks/2012/12/congress-disgracefully-approves-fisa-warrantless-eavesdropping-bill-five-more
|
||||||
|
[2]: https://www.eff.org/deeplinks/2012/12/why-we-should-all-care-about-senates-vote-fisa-amendments-act-warrantless-domestic
|
||||||
|
[3]: http://arstechnica.com/tech-policy/2012/12/as-senate-votes-on-warrantless-wiretapping-opponents-offer-fixes/
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
Thank you to those senators that [opposed the bill][0]:
|
||||||
|
|
||||||
|
> Akaka (D-HI);
|
||||||
|
> Baucus (D-MT);
|
||||||
|
> Begich (D-AK);
|
||||||
|
> Bingaman (D-NM);
|
||||||
|
> Brown (D-OH);
|
||||||
|
> Cantwell (D-WA);
|
||||||
|
> Coons (D-DE);
|
||||||
|
> Durbin (D-IL);
|
||||||
|
> Franken (D-MN);
|
||||||
|
> Harkin (D-IA);
|
||||||
|
> Leahy (D-VT);
|
||||||
|
> Lee (R-UT);
|
||||||
|
> Menendez (D-NJ);
|
||||||
|
> Merkley (D-OR);
|
||||||
|
> Murkowski (R-AK);
|
||||||
|
> Murray (D-WA);
|
||||||
|
> Paul (R-KY);
|
||||||
|
> Sanders (I-VT);
|
||||||
|
> Schatz (D-HI);
|
||||||
|
> Tester (D-MT);
|
||||||
|
> Udall (D-CO);
|
||||||
|
> Udall (D-NM);
|
||||||
|
> Wyden (D-OR).
|
||||||
|
|
||||||
|
Unfortunately, the two senators from my own state cannot join that list.
|
||||||
|
|
||||||
|
The [EFF has sumarized the surveillance issues of 2012][4] recently on their
|
||||||
|
website.
|
||||||
|
|
||||||
|
[4]: https://www.eff.org/deeplinks/2012/12/2012-review-effs-fight-against-secret-surveillance-law
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
# Happy New Year
|
||||||
|
|
||||||
|
The greatest excitement in moving into a new year is the prospect of quantified
|
||||||
|
growth.
|
||||||
|
|
||||||
|
Of course, it also means another year to look forward to the health of those you
|
||||||
|
care for.
|
||||||
|
|
||||||
|
<!-- more -->
|
|
@ -0,0 +1,29 @@
|
||||||
|
# DNA Collection
|
||||||
|
|
||||||
|
Consider a recent article from the EFF [regarding "Rapid DNA Analyzers"][0].
|
||||||
|
The article poses the potetial issues involved, but also consider that any DNA
|
||||||
|
collected (if not destroyed) would violate not just your privacy, but your
|
||||||
|
entire blood line. What if DNA from immigrants were collected? Much of that
|
||||||
|
information is inherited, so generations down the line, your privacy is still
|
||||||
|
violated.
|
||||||
|
|
||||||
|
[0]: https://www.eff.org/deeplinks/2012/12/rapid-dna-analysis
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
I cannot comment intelligently on the matter since I haven't read deeply enough
|
||||||
|
into the proposed storage/hashing/etc policies, but those polices can be abused
|
||||||
|
and such data can be leaked. I highly oppose any sort of DNA collection outside
|
||||||
|
of personal at-home use (when the technology is available with free software)
|
||||||
|
and use by medical professionals for personal medical reasons so long as the
|
||||||
|
institution performing the test can provide stringent evidence of its
|
||||||
|
destruction. But even then, if law enforcement somehow got a hold of the DNA
|
||||||
|
before it were destroyed, then the problem still exists, so it would be best if
|
||||||
|
you had your own personal tools to analyze your own DNA and distribute only the
|
||||||
|
portions that were required (and encryption tools like [GPG][1] could be used
|
||||||
|
for distribution).
|
||||||
|
|
||||||
|
One day, but not now. Let's make those scanners affordable and run free
|
||||||
|
software.
|
||||||
|
|
||||||
|
[1]: http://www.gnupg.org/
|
|
@ -0,0 +1,15 @@
|
||||||
|
# USPTO Wants To Hear From Software Community
|
||||||
|
|
||||||
|
The [USPTO wants to hear from the software community][0]. Interesting, but the
|
||||||
|
problem is that the "software community" includes more than just those who
|
||||||
|
find software patents to be an abomination.
|
||||||
|
|
||||||
|
I have [mentioned issues with software patents in a previous post][1], but one
|
||||||
|
resource that may be worth looking at direclty is ["The Case Against
|
||||||
|
Patents"][2] [pdf].
|
||||||
|
|
||||||
|
[0]: http://www.groklaw.net/article.php?story=20130104012214868
|
||||||
|
[1]: http://mikegerwitz.com/thoughts/2012/10/Abolishing-Patents.html
|
||||||
|
[2]: http://research.stlouisfed.org/wp/2012/2012-035.pdf
|
||||||
|
|
||||||
|
<!-- more -->
|
|
@ -0,0 +1,41 @@
|
||||||
|
# LuLu Says Goodbye to DRM
|
||||||
|
|
||||||
|
On January 8th, [LuLu announced that they would be dropping DRM][0] for users
|
||||||
|
who "[download] eBooks directly from Lulu.com to the device of their choice".
|
||||||
|
This is a wise move (for [those of us who oppose DRM][1]), but unfortunately, as
|
||||||
|
John Sullivan of the Free Software Foundation noted on the fsf-community-team
|
||||||
|
mailing list, the [comments on LuLu's website][0] are not all positive:
|
||||||
|
|
||||||
|
[0]: http://www.lulu.com/blog/2013/01/drm-update/
|
||||||
|
[1]: http://defectivebydesign.org/
|
||||||
|
|
||||||
|
> This is a positive development, but unfortunately there has been a lot
|
||||||
|
> of negative reaction in the comments on their announcement.
|
||||||
|
>
|
||||||
|
> It'd be great if people could chime in and support them their move away
|
||||||
|
> from DRM.
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
At first glance, certain authors seem to be concerned that the absense of DRM
|
||||||
|
will lead to ["more illegal file sharing"][0]:
|
||||||
|
|
||||||
|
> [...] I’ve got copies of my non-DRM ebooks all over the torrent sites and
|
||||||
|
> thousands of downloads registered, for which I haven’t received a cent. As
|
||||||
|
> soon as you push for them to be taken down, they’re posted up again.
|
||||||
|
|
||||||
|
While it is unfortunate that those authors are not receiving compensation for
|
||||||
|
their hard work, it should be noted that this problem exists even *with*
|
||||||
|
DRM, so it is not a valid argument toward keeping it.
|
||||||
|
|
||||||
|
I applaud this move by LuLu, though I'm disappointed to see [this comment in the
|
||||||
|
original post][0]:
|
||||||
|
|
||||||
|
> Companies like Amazon, Apple and Barnes & Noble integrate a reader’s
|
||||||
|
> experience from purchasing to downloading and finally to reading. These
|
||||||
|
> companies do a fantastic job in this area, and eBooks published through Lulu
|
||||||
|
> and distributed through these retail sites will continue to have the same
|
||||||
|
> rights management applied as they do today.
|
||||||
|
|
||||||
|
They do not do it well; no DRM is good DRM.
|
||||||
|
|
|
@ -0,0 +1,171 @@
|
||||||
|
# Re: FSF Wastes Away Another "High Priority" Project
|
||||||
|
|
||||||
|
A couple days ago, my attention was drawn to an article on Phoronix that
|
||||||
|
[criticized the FSF for its decision to stick with GPLv3 over GPLv2 on
|
||||||
|
LibreDWG][0] due to the number of projects that make use of it---licensed under
|
||||||
|
the GPLv2---under [a now incompatible][1] license. This article is very negative
|
||||||
|
and essentially boils down to this point (the last paragraph):
|
||||||
|
|
||||||
|
> Unless the Free Software Foundation becomes more accomodating [sic] of these
|
||||||
|
> open-source developers -- who should all share a common goal of wanting to
|
||||||
|
> expand free/open-source software -- LibreDWG is likely another project that
|
||||||
|
> will ultimately waste away and go without seeing any major adoption due to
|
||||||
|
> not working with the GPLv2.
|
||||||
|
|
||||||
|
It it worth mentioning why this view is misguided (though understandable for
|
||||||
|
those who adopt the ["open source" philosophy over that of software
|
||||||
|
freedom][2]).
|
||||||
|
|
||||||
|
[0]: http://www.phoronix.com/scan.php?page=news_item&px=MTI4Mjc
|
||||||
|
[1]: http://www.gnu.org/licenses/gpl-faq.html#WhatDoesCompatMean
|
||||||
|
[2]: http://www.gnu.org/philosophy/open-source-misses-the-point.html
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
Let me start with [this paragraph from the Phoronix article][0]:
|
||||||
|
|
||||||
|
> The Free Software Foundation was contacted about making LibreDWG GPLv2+
|
||||||
|
> instead (since the FSF is the copyright holder), but the FSF/Richard Stallman
|
||||||
|
> doesn't the DWG library on the earlier version of their own open-source
|
||||||
|
> license.
|
||||||
|
|
||||||
|
The FSF's founding principle is that of [software freedom][3] (beginning with the
|
||||||
|
GNU project). Now, consider the reason for the creation of the GPLv3---the GPLv2
|
||||||
|
[could not sufficiently protect against][4] software patents and newer threats such
|
||||||
|
as "tivoization". These goals further the FSF's mission of ensuring---in
|
||||||
|
this case---that free software *remains* free ([a concept that RMS coined
|
||||||
|
"copyleft"][5]). It would make sense, then, that the FSF (and RMS') position is
|
||||||
|
that [it is important that we adopt the GPLv3 for our software][6].
|
||||||
|
|
||||||
|
From this perspective, it does not make sense to "downgrade" LibreDWG's
|
||||||
|
license to the GPLv2, which contains various bugs that have since been patched
|
||||||
|
in GPLv3---it is not pursuant to the FSF's goals. (Of course, not all agree with
|
||||||
|
the GPLv3; one such notable disagreement (as well as issues
|
||||||
|
stemming from copyright assignment) leaves the kernel Linux [perpetually licensed
|
||||||
|
under the GPLv2][7] since it does not contain the ["or later" clause][8]).
|
||||||
|
|
||||||
|
That is not to say that the author's concern is not legitimate---a number of
|
||||||
|
projects are licensed under the GPLv2 and therefore cannot use the newer (and
|
||||||
|
improved) versions of LibreDWG that are licensed under the GPLv3 (unless they
|
||||||
|
were to upgrade to the GPLv3, of course). Whether or not upgrading is feasible
|
||||||
|
(e.g., in the case of the kernel Linux, it is not) is irrelevant---let us
|
||||||
|
instead focus on the issue of adoption under the assumption that the project is
|
||||||
|
either unwilling or unable to make use of a library licensed under the GPLv3.
|
||||||
|
|
||||||
|
As aforementioned, [the author focuses on the issue of adoption][0]:
|
||||||
|
|
||||||
|
> LibreDWG is likely [...to] go without seeing any major adoption due to not
|
||||||
|
> working with the GPLv2
|
||||||
|
|
||||||
|
A focus on adoption is a [focus of "open source", not free software][2], the
|
||||||
|
latter of which the FSF represents. With a focus on software freedom, the goal
|
||||||
|
is to create software that respects the [users' four essential freedoms][9]; if
|
||||||
|
the software is adopted and used, great! However, freedom should never be
|
||||||
|
sacrificed in order to encourage adoption. One may argue that "downgrading" to
|
||||||
|
the GPLv2 is not sacrificing freedom because the software is still free (it is
|
||||||
|
even the GPL)---but it is important to again realize that the GPLv3 is "more
|
||||||
|
free" than the GPLv2 in the sense that it [*protects* additional freedoms][6];
|
||||||
|
so, while the GPLv2 isn't necessarily sacrificing users' freedoms directly, it
|
||||||
|
does have such an indirect effect through means of enforcement.
|
||||||
|
|
||||||
|
A reader familiar with GNU may then point out the LGPL---the Lesser General
|
||||||
|
Public License---under which popular (and very important) [libraries such as
|
||||||
|
glibc are licensed][10]. In fact, one could extend this argument to any
|
||||||
|
library---why not have LibreDWG licensed under the LGPL to avoid this problem in
|
||||||
|
its entirety, while still preserving the users' freedoms for that library in
|
||||||
|
itself? This understanding requires a brief lesson in history---the rationale
|
||||||
|
under which the LGPL was born. [To quote the GNU project][11]:
|
||||||
|
|
||||||
|
> Using the ordinary GPL is not advantageous for every library. There are
|
||||||
|
> reasons that can make it better to use the Lesser GPL in certain cases. The
|
||||||
|
> most common case is when a free library's features are readily available for
|
||||||
|
> proprietary software through other alternative libraries. In that case, the
|
||||||
|
> library cannot give free software any particular advantage, so it is better to
|
||||||
|
> use the Lesser GPL for that library.
|
||||||
|
|
||||||
|
It was for this reason that glibc was released under the LGPL---because it was
|
||||||
|
better to have the users adopt some sort of free software than none at all;
|
||||||
|
there were other alternatives that existed that users may flock to if they were
|
||||||
|
forced to liberate their own proprietary software (after all, the C API is also
|
||||||
|
standardized, so such a feat would be trivial). Now that glibc has since matured
|
||||||
|
greatly, it could be argued today that it has proved its usefulness and the LGPL
|
||||||
|
may no longer be necessary, but such a discussion is not necessarily relevant
|
||||||
|
for this conversation.
|
||||||
|
|
||||||
|
What is important is that [the FSF does not recommend the LGPL for most
|
||||||
|
libraries][11] because that would encourage proprietary software developers to
|
||||||
|
take advantage of both the hard work of the free software community and the
|
||||||
|
users of the software. Now, I cannot speak toward the alternatives to
|
||||||
|
LibreDWG---do there exist proprietary alternatives that are reasonable
|
||||||
|
alternatives to non-commercial projects? I do not have experience with the
|
||||||
|
library. However, I hope by this point the FSF's position has been rationalize
|
||||||
|
(even if you---the reader---do not agree with it).
|
||||||
|
|
||||||
|
Of course, this rationalization will still leave a sour taste in the mouth of
|
||||||
|
those "open source" developers (or perhaps even some free software developers)
|
||||||
|
that think in terms of what is "lost": these projects---which are themselves
|
||||||
|
free software and therefore beneficial to our community---cannot take advantage
|
||||||
|
of *other free software* due to this licensing issue. Since these projects had
|
||||||
|
already existed when LibreDWG was licensed under the GPLv2, the relicensing to
|
||||||
|
GPLv3 may seem unfair and, therefore, a "loss". It is difficult to counter
|
||||||
|
such an argument if the above rationale has not been sufficient; nor will I
|
||||||
|
argue that the situation is not unfortunate, should the projects be unable to
|
||||||
|
relicense. However, it must be understood that, to ensure the future of free
|
||||||
|
software, the FSF must adopt to combat today's threats and so too must other
|
||||||
|
free software projects.
|
||||||
|
|
||||||
|
The Phoronix article mentioned two projects in particular that suffer from
|
||||||
|
LibreDWG's relicensing: [LibreCAD and FreeCAD][0]. LibreCAD omits the "or later"
|
||||||
|
clause that was mentioned above, preventing them from easily migrating to the
|
||||||
|
GPLv2 (which is [against the FSF's recommendation][12]). Unless the project
|
||||||
|
requires that contributors assign copyright to the project owner, then they
|
||||||
|
would have to get permission from each contributor (or rewrite the code) in
|
||||||
|
order to change the license (which is not unheard of; [VLC had done so recently
|
||||||
|
to migrate from the GPL to the LGPL][13]); this is a significant barrier for any
|
||||||
|
project with multiple contributors, especially when your project is a derivative
|
||||||
|
work (of QCad).
|
||||||
|
|
||||||
|
The other project mention was FreeCAD, and the author of the article mentions
|
||||||
|
that the project depends on Coin3D and Open CASCADE, "both of which are
|
||||||
|
GPLv2", so [the project cannot migrate to GPLv3][0]. A quick look at Coin3D's
|
||||||
|
website shows that the software is actually licensed under the modified
|
||||||
|
(3-clause) BSD license, and so [migrating to the GPLv3 is not an issue][15]. Open
|
||||||
|
CASCADE has its own "public license" that I do not have the time to evaluate
|
||||||
|
(nor am I lawyer, so I do not wish to give such advice), so I cannot speak to
|
||||||
|
its compatibility with the GPLv3. That said, I'm unsure if it would be a barrier
|
||||||
|
toward FreeCAD's adoption of the GPLv3.
|
||||||
|
|
||||||
|
Ultimately, the moral of the story is to plan for the *future*---if you use a
|
||||||
|
project licensed under the GPL, ensure that it has the "or later" clause that
|
||||||
|
allows it to be licensed under later version of the GPL, since you can be sure
|
||||||
|
that the FSF and many other free software developers will be quick to adopt the
|
||||||
|
license. Of course, many may not be comfortable with such a licensing decision:
|
||||||
|
you effectively are giving the FSF permission to relicense you work by simply
|
||||||
|
releasing a new version of the GPL. It is your decision whether you are willing
|
||||||
|
to place this kind of trust in the organization responsible for starting the
|
||||||
|
free software movement in the first place.
|
||||||
|
|
||||||
|
Readers may now assume that I am placing the entire blame and onus on the
|
||||||
|
implementors of LibreDWG. The onus, perhaps, but not the blame---this truly is
|
||||||
|
an unfortunate circumstance that takes away from hacking a free software
|
||||||
|
project. Unfortunately, the projects are stuck in a bad place, but the FSF is
|
||||||
|
not to blame for standing firm in their ideals. Instead, this can be thought of
|
||||||
|
as a maintenance issue---rather than a source code refactoring resulting from a
|
||||||
|
library API change, we instead require a "legal code" refactoring resulting
|
||||||
|
from a "legal API" change.
|
||||||
|
|
||||||
|
[3]: http://www.fsf.org/about/
|
||||||
|
[4]: http://www.gnu.org/licenses/quick-guide-gplv3.html
|
||||||
|
[5]: http://www.gnu.org/copyleft/
|
||||||
|
[6]: http://www.gnu.org/licenses/rms-why-gplv3.html
|
||||||
|
[7]: http://lwn.net/Articles/200422/
|
||||||
|
[8]: http://www.gnu.org/licenses/gpl-faq.html#v2v3Compatibility
|
||||||
|
[9]: http://www.gnu.org/philosophy/free-sw.html
|
||||||
|
[10]: http://www.gnu.org/licenses/lgpl.html
|
||||||
|
[11]: http://www.gnu.org/licenses/why-not-lgpl.html
|
||||||
|
[12]: http://www.gnu.org/licenses/gpl-howto.html
|
||||||
|
[13]: http://mikegerwitz.com/thoughts/2012/11/VLC-s-Move-to-LGPL.html
|
||||||
|
[14]: https://bitbucket.org/Coin3D/coin/wiki/Home
|
||||||
|
[15]: http://www.gnu.org/licenses/license-list.html#ModifiedBSD
|
||||||
|
[16]: http://www.opencascade.org/getocc/license/
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
# Phone "Unlocking" Once Again Illegal
|
||||||
|
|
||||||
|
[Ridiculous.][0] We should own the hardware that we purchase.
|
||||||
|
|
||||||
|
[0]: https://www.eff.org/is-it-illegal-to-unlock-a-phone
|
||||||
|
|
||||||
|
<!-- more -->
|
|
@ -0,0 +1,102 @@
|
||||||
|
# Re: Who Does Skype Let Spy?
|
||||||
|
|
||||||
|
Today, [Bruce Schneier brought attention to privacy concerns surrounding
|
||||||
|
Skype][0], a very popular ([over 600 million users][1]) VoIP service that has
|
||||||
|
since been acquired by Microsoft. In particular, [users are concerned over what
|
||||||
|
entities may be able to gain access to their "private" conversations][1]
|
||||||
|
through the service---Microsoft has refused to answer those kinds of questions.
|
||||||
|
While the specific example of Skype is indeed concerning, it raises a more
|
||||||
|
general issue that I wish to discuss: The role of free software and SaaS
|
||||||
|
(software as a service).
|
||||||
|
|
||||||
|
[0]: http://www.schneier.com/blog/archives/2013/01/who_does_skype.html
|
||||||
|
[1]: http://www.skypeopenletter.com/
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
To [quote Schneier][0]:
|
||||||
|
|
||||||
|
> We have no choice but to trust Microsoft. Microsoft has reasons to be
|
||||||
|
> trustworthy, but they also have reasons to betray our trust in favor of other
|
||||||
|
> interests. And all we can do is ask them nicely to tell us first.
|
||||||
|
|
||||||
|
Schneier continues to admit, in similar words, that [we are but "vassals" to
|
||||||
|
these entities and that they are our serfs][2]. His essays regarding the [power of
|
||||||
|
corporations and governments over their users][3] echo the words of Lawrence
|
||||||
|
Lessig in his [predictions of a "perfectly regulated" future made possible by
|
||||||
|
the Internet][4]. While Lessig (despite what his critics have stated in the
|
||||||
|
past) seems to have been correct in many regards, we need not jump into the
|
||||||
|
perspective of an Orwellian dystopia where we are but "vassals" to the
|
||||||
|
Party.[^5] Indeed, this is only the case---at least at present---if you choose to
|
||||||
|
participate in the use of services such as Skype, as ubiquitous as they may be.
|
||||||
|
|
||||||
|
Skype is a useful demonstration of the unfortunate situation that many users
|
||||||
|
place themselves in by trusting their private data to Microsoft. Skype itself is
|
||||||
|
proprietary---we cannot inspect its source code (easily) in order to ensure that
|
||||||
|
it is respecting our privacy. (Indeed, as a user on [the HackerNews
|
||||||
|
discussion][6] pointed out, [Skype has installed undesirable software in the
|
||||||
|
past][7].) If Skype were [free software][8], we would be able to inspect its
|
||||||
|
source code and modify it to suit our needs, ensuring that the software did only
|
||||||
|
what we wanted it to do---ensuring that Microsoft was not in control of us.
|
||||||
|
|
||||||
|
However, even if Skype were free software, there is another issue at work that
|
||||||
|
is often overlooked by users: Software as a Service (SaaS). When you make use of
|
||||||
|
services that are hosted on remote servers (often called "cloud"
|
||||||
|
services)---such as with Skype, Facebook, Twitter, Flickr, Instagram, iTunes,
|
||||||
|
iCloud and many other popular services---you are blindly entrusting your data to
|
||||||
|
them. Even if the Skype software were free (as in freedom), for example, [we
|
||||||
|
still cannot know what their servers are doing with the data we provide to
|
||||||
|
them][9]. Even if Skype's source code was plainly visible, the servers act as a
|
||||||
|
black box. Do they monitor your calls? [Does Facebook abuse your data?][10] How is
|
||||||
|
that data stored---[what happens][1] in the event of a data breach, or in the event
|
||||||
|
of a warrant/subpoena?
|
||||||
|
|
||||||
|
The only way to be safe from these providers is to [reject these services
|
||||||
|
entirely and use your own software on your own PC][9], or use software that will
|
||||||
|
connect directly to your intended recipient without going through a 3rd
|
||||||
|
party. (Never mind your ISP; that is a separate issue entirely.) If you must
|
||||||
|
use a 3rd party service, ensure that you can adequately encrypt your
|
||||||
|
communications (e.g. using GPG to encrypt e-mail communications)---something
|
||||||
|
that may not necessarily be easy/possible to do, especially if the software is
|
||||||
|
proprietary and works against you.
|
||||||
|
|
||||||
|
The EFF has published [useful information on protecting yourself against
|
||||||
|
surveillance][11], covering topics such as encryption and anonymization.
|
||||||
|
|
||||||
|
If we are to resist the worlds that [Lessig][4] and [Schneier][3] describe, then we
|
||||||
|
must [stand up for our right to privacy and demand action][12]. [Who will have
|
||||||
|
your back][13] when we're on the brink of ["perfect regulation"][4]; who will
|
||||||
|
stand up for your rights and work *with* you---not against you---to preserve
|
||||||
|
your liberties? Without this push, services like Skype empower governments and
|
||||||
|
other entities to work toward perfect regulation---to continuously spy on
|
||||||
|
everything that we do. With everyone putting their every thought and movement on
|
||||||
|
services like Facebook, [Twitter][14] and Skype, the Orwellian Thought Police have
|
||||||
|
the ability to manifest in a form that not even Orwell could have
|
||||||
|
imagined---unless it is stopped.
|
||||||
|
|
||||||
|
To help [preserve your ever-dwindling rights online][15], consider becoming a
|
||||||
|
member of or participating in the campaigns of the [Free Software
|
||||||
|
Foundation][16], [Electronic Frontier Foundation][17], the [American Civil
|
||||||
|
Liberties Union][18] or any other organizations dedicated toward free society.
|
||||||
|
|
||||||
|
(Disclaimer: I am a member of the Free Software Foundation.)
|
||||||
|
|
||||||
|
[2]: http://www.schneier.com/essay-406.html
|
||||||
|
[3]: http://www.schneier.com/essay-409.html
|
||||||
|
[4]: http://codev2.cc/
|
||||||
|
[6]: http://news.ycombinator.com/item?id=5139801
|
||||||
|
[7]: http://blogs.skype.com/garage/2011/05/easybits_update_disabled_for_s.html
|
||||||
|
[8]: http://www.gnu.org/philosophy/free-sw.html
|
||||||
|
[9]: http://www.gnu.org/philosophy/who-does-that-server-really-serve.html
|
||||||
|
[10]: https://www.eff.org/deeplinks/2013/01/facebook-graph-search-privacy-control-you-still-dont-have
|
||||||
|
[11]: https://ssd.eff.org
|
||||||
|
[12]: https://www.eff.org/deeplinks/2013/01/its-time-transparency-reports-become-new-normal
|
||||||
|
[13]: https://www.eff.org/pages/when-government-comes-knocking-who-has-your-back
|
||||||
|
[14]: https://www.eff.org/deeplinks/2013/01/google-twitters-new-transparency-report-shows-increase-government-demands-sheds
|
||||||
|
[15]: https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=8750
|
||||||
|
[16]: http://www.fsf.org/register_form?referrer=5804
|
||||||
|
[17]: https://supporters.eff.org/donate
|
||||||
|
[18]: https://www.aclu.org/donate/join-renew-give
|
||||||
|
|
||||||
|
[^5]: Orwell, George. Nineteen Eighty-Four. ISBN 978-0-452-28423-4.
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
# What is CISPA and Why is it Dangerous?
|
||||||
|
|
||||||
|
The EFF has put together an excellent [FAQ on CISPA][0], the "cybersecurity"
|
||||||
|
bill that was reintroduced to congress earlier this month.
|
||||||
|
|
||||||
|
[0]: https://www.eff.org/deeplinks/2013/02/cispas-back-faq-what-it-and-why-its-still-dangerous
|
||||||
|
|
||||||
|
<!-- more -->
|
|
@ -0,0 +1,15 @@
|
||||||
|
# DMR: "Very early C compilers and language"
|
||||||
|
|
||||||
|
An interesting article by Dennis Ritchie discussing [early C compilers][0]
|
||||||
|
recovered from old DECtapes. The source code and history are fascinating reads.
|
||||||
|
The quality of the code (the "kludgery"[1], as he puts it) to me just brings
|
||||||
|
smiles---I appreciate seeing the code in its original glory.
|
||||||
|
|
||||||
|
It is also saddening reading the words of such a great man who is no longer with
|
||||||
|
us; perhaps it helps to better appreciate his legacy.
|
||||||
|
|
||||||
|
[0]: http://cm.bell-labs.com/cm/cs/who/dmr/primevalC.html
|
||||||
|
[1]: http://www.catb.org/~esr/jargon/html/K/kludge.html
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
# Libreated Pixel Cup Winners Announced
|
||||||
|
|
||||||
|
[Congratulations][0] to the [winners of the Liberated Pixel Cup][1].
|
||||||
|
|
||||||
|
[0]: http://www.fsf.org/news/winners-announced-for-free-software-gamings-highest-honor-the-liberated-pixel-cup
|
||||||
|
[1]: http://lpc.opengameart.org/content/code-judging-is-in
|
||||||
|
|
||||||
|
<!-- more -->
|
|
@ -0,0 +1,35 @@
|
||||||
|
# Google Says the FBI Is Secretly Spying on Some of Its Customers
|
||||||
|
|
||||||
|
A Wired article mentions [figures released from Google][0] regarding National
|
||||||
|
Security Letters issued by the NSA under the Patriot Act. It is too early to
|
||||||
|
comment in much detail on this matter (I would like to wait for commentary from
|
||||||
|
the EFF), but, as the article mentions:
|
||||||
|
|
||||||
|
[0]: http://www.wired.com/threatlevel/2013/03/google-nsl-range/?cid=co6199824
|
||||||
|
|
||||||
|
> Google said the number of accounts connected to National Security letters
|
||||||
|
> ranged between “1000-1999″ for each of the reported years other than 2010. In
|
||||||
|
> that year, the range was “2000-2999.”
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
The [EFF provides additional information, including recommendations on what to
|
||||||
|
do about such requests][1] via their Surveillance Self-Defense website. As
|
||||||
|
quoted from that website:
|
||||||
|
|
||||||
|
> And it's even worse for FISA subpoenas, which can be used to force anyone to
|
||||||
|
> hand over anything in complete secrecy, and which were greatly strengthened
|
||||||
|
> by Section 215 of the USA PATRIOT Act. The government doesn't have to show
|
||||||
|
> probable cause that the target is a foreign power or agent — only that they
|
||||||
|
> are seeking the requested records "for" an intelligence or terrorism
|
||||||
|
> investigation. Once the government makes this assertion, the court must
|
||||||
|
> issue the subpoena.
|
||||||
|
|
||||||
|
To add insult to injury:
|
||||||
|
|
||||||
|
> FISA orders and National Security Letters will also come with a gag order that
|
||||||
|
> forbids you from discussing them. Do NOT violate the gag order. Only speak to
|
||||||
|
> members of your organization whose participation is necessary to comply with
|
||||||
|
> the order, and your lawyer.
|
||||||
|
|
||||||
|
[1]: https://ssd.eff.org/foreign/fisa
|
|
@ -0,0 +1,41 @@
|
||||||
|
# Adding 1 and 1 in PHP
|
||||||
|
|
||||||
|
An amusing demonstration; it is my hope that [readers will not take this PHP
|
||||||
|
library seriously][0]. This is likely a parody of the over-engineering that
|
||||||
|
often takes foot in Object-Oriented development (a game of "how many GoF[^4]
|
||||||
|
design patterns can we use in this project" anyone?).
|
||||||
|
|
||||||
|
[0]: https://github.com/Herzult/SimplePHPEasyPlus
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
That is not to say that "OOP is bad" (just as object-oriented developers often
|
||||||
|
consider procedural code bad, when they may just be terrible at writing
|
||||||
|
procedural code). Indeed, I wrote [an ECMAScript framework for Classical OOP
|
||||||
|
(ease.js)][1]. The problem is that, with the excitement and misunderstandings
|
||||||
|
that surround "good" object-oriented design, designers are eager to
|
||||||
|
over-abstract their implementations (I have been guilty of the same thing).
|
||||||
|
Object oriented programming is often taught to novice CS students (often with
|
||||||
|
the reign of Java in schools)---teaching practices that can be good principles
|
||||||
|
when properly applied and in moderation---which [I have also seen contribute to
|
||||||
|
such madness][2].
|
||||||
|
|
||||||
|
Abstractions are highly important, but only when necessary and when they lead to
|
||||||
|
more concise representations of the problem than would otherwise occur (note
|
||||||
|
that some problems are inherently complicated and, as such, a concise
|
||||||
|
representation may not seen concise). I'm a strong advocate of DSLs when
|
||||||
|
abstractions begin to get in the way and increase the verbosity of the code
|
||||||
|
(languages with strong macro systems like lisp help eliminate the need for
|
||||||
|
DSLs written from scratch)---design patterns exist because of deficiencies in
|
||||||
|
the language: They are "patterns" of code commonly used to achieve a certain
|
||||||
|
effect.
|
||||||
|
|
||||||
|
[Criticisms against OOP are abundant][3], just as every other paradigm.
|
||||||
|
|
||||||
|
[1]: http://easejs.org
|
||||||
|
[2]: http://c2.com/cgi/wiki?TextbookOo
|
||||||
|
[3]: http://c2.com/cgi/wiki?ArgumentsAgainstOop
|
||||||
|
|
||||||
|
[^4]: Design Patterns: Elements of Reusable Object-Oriented Software. ISBN
|
||||||
|
0-201-63361-2. Gamma, Helm, Johnson and Vlissides (the "Gang of Four").
|
||||||
|
|
|
@ -0,0 +1,50 @@
|
||||||
|
# Oxford University Blocks Google Docs
|
||||||
|
|
||||||
|
Oxford University decided to [block Google Docs][0] last month due to phishing
|
||||||
|
attacks against its users. To quote the blog post:
|
||||||
|
|
||||||
|
[0]: http://blogs.oucs.ox.ac.uk/oxcert/2013/02/18/google-blocks/
|
||||||
|
|
||||||
|
> Almost all the recent attacks have used Google Docs URLs, and in some cases
|
||||||
|
> the phishing emails have been sent from an already-compromised University
|
||||||
|
> account to large numbers of other Oxford users. Seeing multiple such incidents
|
||||||
|
> the other afternoon tipped things over the edge. We considered these to be
|
||||||
|
> exceptional circumstances and felt that the impact on legitimate University
|
||||||
|
> business by temporarily suspending access to Google Docs was outweighed by the
|
||||||
|
> risks to University business by not taking such action.
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
This incident was brought to my attention by [a blog post by Schneier][1], in
|
||||||
|
which he referenced his [essay on "feudal security"][2] (I commented in more
|
||||||
|
detail on this essay in [my response to a previous blog post of
|
||||||
|
his][3].[^blog]) In this case, Oxford is trusting that it knows better than its
|
||||||
|
users and has the right to exercise this power over them in light of their
|
||||||
|
inexperience with handling these situations (or even recognizing them).
|
||||||
|
|
||||||
|
This may very well be the case---the Oxford IT department probably does have a
|
||||||
|
better understanding of security than many of their users. However, by blocking
|
||||||
|
access to Google Docs, they are also blocking access to millions of legitimate
|
||||||
|
articles hosted there, which is far from acceptable. Oxford is more than just a
|
||||||
|
workplace---for which many would argue these actions are acceptable; it is a
|
||||||
|
university that should encourage freedom of expression. They simply must find a
|
||||||
|
better way of dealing with these problems. If a user falls victim to a phishing
|
||||||
|
attack within Oxford, they will likely fall victim outside of it.
|
||||||
|
|
||||||
|
Would Oxford consider blocking e-mail access too (where phishing attacks are
|
||||||
|
very cheap and common)?
|
||||||
|
|
||||||
|
> We appreciate and apologise for the disruption this caused for our users.
|
||||||
|
> Nevertheless, we must always think in terms of the overall risk to the
|
||||||
|
> University as a whole, and we certainly cannot rule out taking such action
|
||||||
|
> again in future [...]
|
||||||
|
|
||||||
|
N.B.: Google Docs is proprietary and I cannot recommend its use any more than I
|
||||||
|
can recommend use of Microsoft Office.
|
||||||
|
|
||||||
|
[1]: https://www.schneier.com/blog/archives/2013/03/oxford_universi.html
|
||||||
|
[2]: https://www.schneier.com/essay-406.html
|
||||||
|
[3]: /2013/01/re-who-does-skype-let-spy
|
||||||
|
|
||||||
|
[^blog]: (I posted a link to my response on his blog, but he did not approve the comment.)
|
||||||
|
|
|
@ -0,0 +1,40 @@
|
||||||
|
# White House Supports Cell Phone Unlocking
|
||||||
|
|
||||||
|
Earlier this week, the starter of the [White House petition to "Make Unlocking
|
||||||
|
Cell Phones Legal"][0] posted a [thread on Hacker News][1] stating that the
|
||||||
|
White House had officially responded, stating:
|
||||||
|
|
||||||
|
> The White House agrees with the 114,000+ of you who believe that consumers
|
||||||
|
> should be able to unlock their cell phones without risking criminal or other
|
||||||
|
> penalties. In fact, we believe the same principle should also apply to
|
||||||
|
> tablets, which are increasingly similar to smart phones. And if you have paid
|
||||||
|
> for your mobile device, and aren't bound by a service agreement or other
|
||||||
|
> obligation, you should be able to use it on another network. It's common
|
||||||
|
> sense, crucial for protecting consumer choice, and important for ensuring we
|
||||||
|
> continue to have the vibrant, competitive wireless market that delivers
|
||||||
|
> innovative products and solid service to meet consumers' needs.
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
The petition---as stated in the above response---garnered over 114,000
|
||||||
|
signatures. The response is exciting news because the Library of Congress had
|
||||||
|
[removed the phone unlocking exemption][2] at the beginning of this year. (As
|
||||||
|
the EFF points out, [this may not necessarily mean that unlocking your phone is
|
||||||
|
"illegal"][3]).
|
||||||
|
|
||||||
|
However, although this response is getting a lot of attention (I was surprised
|
||||||
|
to see my local news station report on it), this is not yet cause for
|
||||||
|
celebration; it is my hope that the White House will now follow through with
|
||||||
|
this statement and act upon it appropriately.
|
||||||
|
|
||||||
|
(The [EFF has also posted their own comments on the White House's response][4].)
|
||||||
|
|
||||||
|
This is just one issue in [a string of problems that is the DMCA][5].
|
||||||
|
|
||||||
|
[0]: https://petitions.whitehouse.gov/petition/make-unlocking-cell-phones-legal/1g9KhZG7
|
||||||
|
[1]: https://news.ycombinator.com/item?id=5319577
|
||||||
|
[2]: /2013/01/phone-unlocking-once-again-illegal
|
||||||
|
[3]: https://www.eff.org/is-it-illegal-to-unlock-a-phone
|
||||||
|
[4]: https://www.eff.org/deeplinks/2013/03/white-house-supports-unlocking-phones-real-problem-runs-deeper
|
||||||
|
[5]: https://www.eff.org/wp/unintended-consequences-under-dmca
|
||||||
|
|
|
@ -0,0 +1,109 @@
|
||||||
|
# HTML5 DRM
|
||||||
|
|
||||||
|
Two acronyms that, until very recently, would seem entirely incompatible---HTML,
|
||||||
|
which is associated with an unencumbered, free (as in freedom) representation of
|
||||||
|
a document, and [DRM][0], which [exists for the sole purpose of restricting
|
||||||
|
freedom][1].[^bias] Unfortunately, Tim Berners-Lee---the man attributed to
|
||||||
|
["inventing" the Internet][18]---mentioned in a [keynote talk at SXSW][15] that [he is
|
||||||
|
not opposed to introducing DRM into the HTML5 standard][4]:
|
||||||
|
|
||||||
|
[^bias]: (Disclaimer: I am an associate member of the [Free Software
|
||||||
|
Foundation][2] and, as such, this reference is intentionally bias; feel free
|
||||||
|
to see the [Wikipedia article on DRM][3] for more general information.)
|
||||||
|
|
||||||
|
> [Tim Berners-Lee] did not, however, present himself as an opponent of digital
|
||||||
|
> locks. During a post-talk Q&A, he defended proposals to add support for
|
||||||
|
> "digital rights management" usage restrictions to HTML5 as necessary to get
|
||||||
|
> more content on the open Web: "If we don't put the hooks for the use of DRM
|
||||||
|
> in, people will just go back to using Flash," he claimed.
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
Many who oppose DRM refer to it as ["digital restrictions management"][0]---a
|
||||||
|
phrase that better describes how it affects the user. The "rights" that
|
||||||
|
"digital rights management" describes are the "rights" (in terms of
|
||||||
|
copyright) of publishers and copyright holders: They wish to lock down their
|
||||||
|
content so that [you, the user, can only access it as *they* please][5]. Has
|
||||||
|
["your" device][25] ever told you that [you cannot share a book with your
|
||||||
|
friends][6][17][24]? Has your device ever [deleted your content without your
|
||||||
|
permission][7][8]? Does your device grant you [less privileges if you decide to
|
||||||
|
liberate yourself from it][9] through "jailbreaking"?[^jb] Does the software you
|
||||||
|
run [potentially spy on you without telling you][11], without giving you the
|
||||||
|
option to correct it? Or perhaps the games you play [require you to be online,
|
||||||
|
even in single-player mode][12].
|
||||||
|
|
||||||
|
[^jb]: I go into more detail on jailbreaking and its current legality as of
|
||||||
|
the time of writing [in a previous article of mine][10].
|
||||||
|
|
||||||
|
These are but a small handful of [examples of the many mistakes and injustices
|
||||||
|
of Digital Restrictions Management][5]. These restrictions take additional
|
||||||
|
effort---that is, development time, which also means more money---to build into
|
||||||
|
software; computers, by their very nature, do exactly as they are told, meaning
|
||||||
|
that they can only work against you if someone else tells it to (unless you tell
|
||||||
|
your computer to make your life miserable...if you're into that sort of thing).
|
||||||
|
As such, we refer to these restrictions as ["anti-features"][23].
|
||||||
|
|
||||||
|
> Corporations claim that DRM is necessary to fight copyright infringement
|
||||||
|
> online and keep consumers safe from viruses. But there's no evidence that DRM
|
||||||
|
> helps fight either of those. Instead DRM helps big business stifle innovation
|
||||||
|
> and competition by making it easy to quash "unauthorized" uses of media and
|
||||||
|
> technology.
|
||||||
|
|
||||||
|
It is this logic that [corporations][13] (and even some individuals, such as
|
||||||
|
[authors][14]) use to influence entities such as the W3C---and Tim
|
||||||
|
Berners-Lee---into [thinking that DRM is necessary][15]. The [W3C describes a
|
||||||
|
"trust infastructure"][16] that could be standardized for bringing DRM to the
|
||||||
|
web:
|
||||||
|
|
||||||
|
> It is clear that user domains (eg eBook trading, sub-rights trading, streaming
|
||||||
|
> music, etc.) each require sets of Rights Primitives that those domains wish do
|
||||||
|
> useful things with.
|
||||||
|
|
||||||
|
This is an unfortunate perspective, especially since those "useful things" are
|
||||||
|
exactly the opposite for users. The Internet strongly promotes the free,
|
||||||
|
(generally) unencumbered flow of information. To [quote W3C][19]:
|
||||||
|
|
||||||
|
> The social value of the Web is that it enables human communication, commerce,
|
||||||
|
> and opportunities to share knowledge. One of W3C's primary goals is to make
|
||||||
|
> these benefits available to all people, whatever their hardware, software,
|
||||||
|
> network infrastructure, native language, culture, geographical location, or
|
||||||
|
> physical or mental ability.
|
||||||
|
|
||||||
|
A DRM implementation flies in the face of those goals, as it is, by definition,
|
||||||
|
restrictive---how can we be encouraged to share by using systems that aim to
|
||||||
|
[prevent that very thing][0]?
|
||||||
|
|
||||||
|
Richard Stallman has already announced that the [FSF will "campaign against W3C
|
||||||
|
support for DRM"][20]; let's hope that many others will join in on this
|
||||||
|
campaign, hope that organizations like the EFF will continue to fight for our
|
||||||
|
rights, and further hope that users will [reject DRM-laden products][22]
|
||||||
|
outright. [DRM cannot exist in free software][25] and it cannot exist on a
|
||||||
|
network that facilitates free information.
|
||||||
|
|
||||||
|
[0]: http://www.defectivebydesign.org/what_is_drm
|
||||||
|
[1]: http://www.defectivebydesign.org/
|
||||||
|
[2]: http://fsf.org
|
||||||
|
[3]: https://en.wikipedia.org/wiki/Digital_rights_management
|
||||||
|
[4]: http://boingboing.net/2013/03/10/tim-berners-lee-the-web-needs.html
|
||||||
|
[5]: https://www.eff.org/issues/drm
|
||||||
|
[6]: http://www.amazon.com/gp/help/customer/display.html?nodeId=200549320
|
||||||
|
[7]: http://www.defectivebydesign.org/blog/1248
|
||||||
|
[8]: http://boingboing.net/2012/10/22/kindle-user-claims-amazon-dele.html
|
||||||
|
[9]: http://arstechnica.com/apple/2011/02/ibooks-to-jailbreakers-no-yuo/
|
||||||
|
[10]: /2013/03/white-house-supports-cell-phone-unlocking
|
||||||
|
[11]: /2013/01/re-who-does-skype-let-spy
|
||||||
|
[12]: https://www.eff.org/deeplinks/2013/03/tale-simcity-users-struggle-against-onerous-drm
|
||||||
|
[13]: http://venturebeat.com/2012/10/12/together-html5-and-drm-can-take-out-native-apps/
|
||||||
|
[14]: /2013/01/lulu-says-goodbye-to-drm
|
||||||
|
[15]: http://www.guardian.co.uk/technology/blog/2013/mar/12/tim-berners-lee-drm-cory-doctorow
|
||||||
|
[16]: http://www.w3.org/2000/12/drm-ws/
|
||||||
|
[17]: https://www.fsf.org/bulletin/e-books-must-increase-our-freedom-not-decrease-it
|
||||||
|
[18]: http://www.w3.org/People/Berners-Lee/
|
||||||
|
[19]: http://www.w3.org/Consortium/mission#principles
|
||||||
|
[20]: http://lists.libreplanet.org/archive/html/libreplanet-discuss/2013-03/msg00007.html
|
||||||
|
[21]: https://www.eff.org/deeplinks/2012/11/2012-dmca-rulemaking-what-we-got-what-we-didnt-and-how-to-improve
|
||||||
|
[22]: http://www.defectivebydesign.org/guide
|
||||||
|
[23]: https://www.fsf.org/bulletin/2007/fall/antifeatures/
|
||||||
|
[24]: https://www.gnu.org/philosophy/right-to-read.html
|
||||||
|
[25]: https://www.gnu.org/philosophy/can-you-trust.html
|
||||||
|
|
|
@ -0,0 +1,33 @@
|
||||||
|
# Federal Judge Rules NSLs (National Security Letters) Unconstitutional
|
||||||
|
|
||||||
|
This news is huge and an incredible win for both the EFF and all U.S. citizens.
|
||||||
|
Today, [United States District Judge Susan Illston found the National Security
|
||||||
|
Letters' gag provisions unconstitutional][0] and---since the review procedures
|
||||||
|
violate the separation of powers and cannot be separated from the rest of the
|
||||||
|
statute---has consequently [ruled the NSLs themselves to be
|
||||||
|
unconstitutional][1]:
|
||||||
|
|
||||||
|
[0]: http://www.wired.com/threatlevel/2013/03/nsl-found-unconstitutional/
|
||||||
|
[1]: https://www.eff.org/press/releases/national-security-letters-are-unconstitutional-federal-judge-rules
|
||||||
|
|
||||||
|
> In today's ruling, the court held that the gag order provisions of the statute
|
||||||
|
> violate the First Amendment and that the review procedures violate separation
|
||||||
|
> of powers. Because those provisions were not separable from the rest of the
|
||||||
|
> statute, the court declared the entire statute unconstitutional
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
This is an exciting decision; let's see where it takes us.
|
||||||
|
|
||||||
|
> U.S. District Judge Susan Illston ordered the government to stop issuing
|
||||||
|
> so-called NSLs across the board, in a stunning defeat for the Obama
|
||||||
|
> administration’s surveillance practices. She also ordered the government to
|
||||||
|
> cease enforcing the gag provision in any other cases. However, she stayed her
|
||||||
|
> order for 90 days to give the government a chance to appeal to the Ninth
|
||||||
|
> Circuit Court of Appeals.[[0]]
|
||||||
|
|
||||||
|
[The issues surrounding NSLs][2] were highlighted just last week when [Google
|
||||||
|
released numbers relating to the orders that it received][3].
|
||||||
|
|
||||||
|
[2]: https://www.eff.org/issues/national-security-letters
|
||||||
|
[3]: /2013/03/google-says-the-fbi-is-secretly-spying-on-some-of-its-customers
|
|
@ -0,0 +1,46 @@
|
||||||
|
# Defective By Design Campaign Against W3C DRM Standard
|
||||||
|
|
||||||
|
[As I had mentioned late last week][0], RMS had mentioned that Defective By
|
||||||
|
Design (DBD) would be campaigning against the [introduction of DRM into the W3C
|
||||||
|
HTML5 standards][1]. (Please see [my previous mention of this topic][0] for a
|
||||||
|
detailed explanation of the problem and a slew of references for additional
|
||||||
|
information.) Well, [this campaign is now live and looking for
|
||||||
|
signatures][2]---50,000 by May 3rd, which is the [International Day Against
|
||||||
|
DRM][3]:
|
||||||
|
|
||||||
|
> Hollywood is at it again. Its latest ploy to take over the Web? Use its
|
||||||
|
> influence at the World Wide Web Consortium (W3C) to weave [Digital
|
||||||
|
> Restrictions Management (DRM)][4] into HTML5 -- in other words, into the very
|
||||||
|
> fabric of the Web.
|
||||||
|
>
|
||||||
|
> [...]
|
||||||
|
>
|
||||||
|
> Help us reach 50,000 signers by May 3rd, 2013, the [International Day Against
|
||||||
|
> DRM][3]. We will deliver the signatures to the W3C (they are right down the
|
||||||
|
> street from us!) and [make your voice heard[[1].
|
||||||
|
|
||||||
|
[0]: /2013/03/html5-drm
|
||||||
|
[1]: https://www.eff.org/deeplinks/2013/03/defend-open-web-keep-drm-out-w3c-standards
|
||||||
|
[2]: http://www.defectivebydesign.org/no-drm-in-html5
|
||||||
|
[3]: http://www.defectivebydesign.org/dayagainstdrm
|
||||||
|
[4]: http://www.defectivebydesign.org/what_is_drm
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
To summarize the issue as [stated by the EFF][5]:
|
||||||
|
|
||||||
|
> W3C is there to create comprehensible, publicly-implementable standards that
|
||||||
|
> will guarantee interoperability, not to facilitate an explosion of new
|
||||||
|
> mutually-incompatible software and of sites and services that can only be
|
||||||
|
> accessed by particular devices or applications. But EME is a proposal to bring
|
||||||
|
> exactly that dysfunctional dynamic into HTML5, even risking a return to the
|
||||||
|
> ["bad old days, before the Web"][5] of deliberately limited
|
||||||
|
> interoperability.
|
||||||
|
>
|
||||||
|
> it would be a terrible mistake for the Web community to leave the door open
|
||||||
|
> for Hollywood's gangrenous anti-technology culture to infect W3C standards.
|
||||||
|
|
||||||
|
So please---[sign the petition now][2]!
|
||||||
|
|
||||||
|
[5]: http://www.anybrowser.org/campaign/index.html
|
||||||
|
|
|
@ -0,0 +1,22 @@
|
||||||
|
# Congratulations to the 2012 Free Software Award Winners
|
||||||
|
|
||||||
|
Each year, the [Free Software Foundation][0] presents awards to individuals who
|
||||||
|
have made a [strong contribution to free software][1]:
|
||||||
|
|
||||||
|
[0]: http://fsf.org
|
||||||
|
|
||||||
|
> The Award for the Advancement of Free Software is given annually to an
|
||||||
|
> individual who has made a great contribution to the progress and development
|
||||||
|
> of free software, through activities that accord with the spirit of free
|
||||||
|
> software.
|
||||||
|
|
||||||
|
[1]: https://www.fsf.org/news/2012-free-software-award-winners-announced-2
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
This year, announced at the LibrePlanet 2013 conference, [the winner was Dr.
|
||||||
|
Fernando Perez][1]---creator of IPython. The winner of the Award for Projects of
|
||||||
|
Social Benefit was [OpenMRS][2], which is a free (as in freedom) medical records
|
||||||
|
system for developing countries.
|
||||||
|
|
||||||
|
[2]: http://openmrs.org/
|
|
@ -0,0 +1,20 @@
|
||||||
|
# U.S. House Passes CISPA
|
||||||
|
|
||||||
|
Two days ago---on the 18th--[the U.S. House of Representatives decided to pass
|
||||||
|
CISPA 288-127][0].
|
||||||
|
|
||||||
|
> The legislation passed 288-127, despite a veto threat from Pres. Barack Obama,
|
||||||
|
> who expressed serious concerns about the danger CISPA poses to civil
|
||||||
|
> liberties.
|
||||||
|
|
||||||
|
[0]: https://www.eff.org/deeplinks/2013/04/us-house-representatives-shamefully-passes-cispa-internet-freedom-advocates
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
As the bill moves into the senate, [civil liberties groups will continue to
|
||||||
|
oppose it][1]; I personally hope that you will do the same.
|
||||||
|
|
||||||
|
Move [information on CISPA][2] is available on the EFF's website.
|
||||||
|
|
||||||
|
[1]: https://www.eff.org/deeplinks/2012/04/voices-against-cispa
|
||||||
|
[2]: https://www.eff.org/cybersecurity-bill-faq
|
|
@ -0,0 +1,14 @@
|
||||||
|
# Improved Website
|
||||||
|
|
||||||
|
The old WordPress website has been replaced entirely by the "thoughts" site
|
||||||
|
(which was previously located at /thoughts). This website is generated from its
|
||||||
|
git repository---available on the Projects page---which is freely licensed.
|
||||||
|
There is some content that existed on the old site that is still useful; should
|
||||||
|
that content be transferred to this site, a redirect will be set up (assuming
|
||||||
|
that it hadn't already been lost to the search engines).
|
||||||
|
|
||||||
|
Since all this content is static, there is no discussion system. I am still
|
||||||
|
debating whether or not I will add this in the future. Until that time, feel
|
||||||
|
free to contact me via e-mail.
|
||||||
|
|
||||||
|
<!-- more -->
|
|
@ -0,0 +1,631 @@
|
||||||
|
# National Uproar: A Comprehensive Overview of the NSA Leaks and Revelations
|
||||||
|
|
||||||
|
I am finding it difficult to keep up with the flood of reports in my little free
|
||||||
|
time, while still finding the time to brush up on relevant history. My hope is
|
||||||
|
to provide a summary of recent events and additional background---along with a
|
||||||
|
plethora of references---that will allow the reader to perform further research
|
||||||
|
and to formulate educated, personal opinions on the topics. If you do not care
|
||||||
|
for my commentary, simply scroll to the list of references at the bottom of this
|
||||||
|
article.
|
||||||
|
|
||||||
|
Many [individuals and organizations][0] have long warned of [digital privacy
|
||||||
|
issues][1], but there has been one agency in particular that has been the
|
||||||
|
subject of much scrutiny---the [National Security Agency (NSA)][2], which is a
|
||||||
|
[United States government agency][3] that has a [long history of controversial
|
||||||
|
spying tactics][4] on its country's own citizens. It is a chilling topic---one
|
||||||
|
that can easily make any person sound like they've latched onto an Orwellian
|
||||||
|
conspiracy.
|
||||||
|
|
||||||
|
[0]: /2013/01/re-who-does-skype-let-spy
|
||||||
|
[1]: https://www.schneier.com/essay-418.html "The Internet Is a Surveillance State"
|
||||||
|
[2]: https://www.eff.org/nsa-spying "The EFF on NSA Spying"
|
||||||
|
[3]: https://www.eff.org/agency/national-security-agency "The National Security Agency"
|
||||||
|
[4]: https://www.eff.org/nsa-spying/timeline "Timeline of NSA Spying"
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
**Wednesday, June 5th, 2013**---[the Guardian newspaper publishes a leaked
|
||||||
|
document][5][6][7] ordering Verizon to
|
||||||
|
|
||||||
|
> [...] produce to the National Security Agency (NSA) upon service of this
|
||||||
|
> Order, and continue production on an ongoing daily basis thereafter for the
|
||||||
|
> duration of this Order, [...] an *electronic copy of* the following tangible
|
||||||
|
> things: *all call detail records or "telephony metadata"* created by Verizon
|
||||||
|
> for communications (i) between the United States and abroad; or (ii) wholly
|
||||||
|
> within the United States, *including local telephone calls*.[[6]] [emphasis
|
||||||
|
> added]
|
||||||
|
|
||||||
|
The order goes on to describe "telephony metadata" to include routing
|
||||||
|
information, source and destination telephone numbers, IMSI and IMEI numbers,
|
||||||
|
and time and duration of the call; it "does not include the substantive content
|
||||||
|
of any communication"---the communication content itself.[[6]] This order was
|
||||||
|
[issued by the Foreign Intelligence Surveillance Court (FISC)][8] under [section 215
|
||||||
|
of the Patriot Act][9]. (This news comes [less than three months after United
|
||||||
|
States District Judge Susal Illston ruled NSA Letters' gag provisions
|
||||||
|
unconstitutional][10].)
|
||||||
|
|
||||||
|
This report caused a massive uproar, but [came as no surprise][11] to many
|
||||||
|
security researchers and privacy advocates. Early last year, Wired released an
|
||||||
|
article stating that [the NSA "Is Building the Country's Biggest Spy
|
||||||
|
Center"][14]. Privacy concerns were raised in November of last year by [the
|
||||||
|
Petraeus scandal][14]. In March of this year, Google released figures showing
|
||||||
|
that [the NSA is secretly spying on some of its customers][15]. Two months later,
|
||||||
|
[outrage][17] after the Associated Press discovers that [the Justice Department
|
||||||
|
collected the calling records of many of its reporters and editors][18].
|
||||||
|
Additionally, [the EFF already had cases against the NSA's actions][2]---[Jewel
|
||||||
|
v. NSA][12] and [Hepting v. AT&T][13] both focus on unconstitutional dragnet
|
||||||
|
surveillance of innocent citizens' data and communications. These cases will be
|
||||||
|
explored in further detail throughout this article.
|
||||||
|
|
||||||
|
But the chaos didn't end there.
|
||||||
|
|
||||||
|
**Thursday, June 6th, 2013**---just one day after the Guardian reported on the
|
||||||
|
leaked Verizon order, the newspaper reports on [a leaked slideshow describing
|
||||||
|
PRISM][19], a top-secret program that "claims direct access to servers of firms
|
||||||
|
including Google, Apple and Facebook. According to the leaked document, the NSA
|
||||||
|
supposedly has the ability to collect material including e-mail, chat, video and
|
||||||
|
voice communications, photos, stored data and more.[[19]]. Responses from most
|
||||||
|
companies was immediate. In a [blog post entitled "What that...?"][20], Larry
|
||||||
|
Page---Google's CEO---put very plainly that Google does not participate in such
|
||||||
|
a program and denied any knowledge of PRISM:
|
||||||
|
|
||||||
|
> First, we have not joined any program that would give the U.S. government—or
|
||||||
|
> any other government—direct access to our servers. Indeed, the U.S. government
|
||||||
|
> does not have direct access or a "back door" to the information stored in
|
||||||
|
> our data centers. We had not heard of a program called PRISM until yesterday.
|
||||||
|
> Second, we provide user data to governments only in accordance with the
|
||||||
|
> law.[[20]] --Larry Page, Google CEO
|
||||||
|
|
||||||
|
[Mark Zuckerberg of Facebook also denied involvement][21], calling such claims
|
||||||
|
"outrageous" and encouraging governments to be "much more transparent about
|
||||||
|
all programs aimed at keep the public safe":
|
||||||
|
|
||||||
|
> I want to respond personally to the outrageous press reports about PRISM:
|
||||||
|
> Facebook is not and has never been part of any program to give the US or any
|
||||||
|
> other government direct access to our servers. We have never received a
|
||||||
|
> blanket request or court order from any government agency asking for
|
||||||
|
> information or metadata in bulk, like the one Verizon reportedly received. And
|
||||||
|
> if we did, we would fight it aggressively. We hadn't even heard of PRISM
|
||||||
|
> before yesterday. [...] We strongly encourage all governments to be much more
|
||||||
|
> transparent about all programs aimed at keeping the public safe. It's the only
|
||||||
|
> way to protect everyone's civil liberties and create the safe and free society
|
||||||
|
> we all want over the long term.[[21]] --Mark Zuckerberg, Facebook CEO
|
||||||
|
|
||||||
|
Indeed, [all companies eventually denied involvement with PRISM][22].
|
||||||
|
|
||||||
|
**Friday, June 7th, 2013**---Two days after the [initial Verizon report][5] and one day
|
||||||
|
after the publishing of [portions of the PRISM documents][19], the White House
|
||||||
|
responded to the Guardian reports with President Obama [defending his
|
||||||
|
administration][16]. Unfortunately, given the [history of the NSA surveillance
|
||||||
|
programs][4]---especially since the Bush administration after the 9/11
|
||||||
|
attacks---it may be difficult to believe that his words are the whole truth. As
|
||||||
|
such, we will use [portions of his transcript][16] to guide the remainder of this
|
||||||
|
discussion.
|
||||||
|
|
||||||
|
> **Jackie Calmes:** Mr. President, could you please react to the reports of
|
||||||
|
> secret government surveillance of phones and Internet? And can you also assure
|
||||||
|
> Americans that the government — your government doesn’t have some massive
|
||||||
|
> secret database of all their personal online information and activity?
|
||||||
|
>
|
||||||
|
> **Obama:** [...] Now, the programs that have been discussed over the last
|
||||||
|
> couple days in the press are secret in the sense that they’re classified, but
|
||||||
|
> they’re not secret in the sense that when it comes to telephone calls, every
|
||||||
|
> member of Congress has been briefed on this program.
|
||||||
|
>
|
||||||
|
> With respect to all these programs, the relevant intelligence committees are
|
||||||
|
> fully briefed on these programs. These are programs that have been authorized
|
||||||
|
> by broad, bipartisan majorities repeatedly since 2006. And so I think at the
|
||||||
|
> outset, it's important to understand that your duly elected representatives
|
||||||
|
> have been consistently informed on exactly what we’re doing.[[16]]
|
||||||
|
|
||||||
|
There are some important notes regarding the phrasing of the President's
|
||||||
|
statement. Firstly, it is important to note that the President is *confirming the
|
||||||
|
existence of* the programs that "have been discussed over the last couple days
|
||||||
|
in the press"---that is, the [Verizon FISA Court order][5] and the [PRISM][19]
|
||||||
|
leak. However, it is also important to take a step back and note that the
|
||||||
|
President did *not* state outright that the reports tell the whole---or even the
|
||||||
|
correct---story. So what do we know?
|
||||||
|
|
||||||
|
On June 6th---a day before the White House responded to the leaks---the Director
|
||||||
|
of National Intelligence James Clapper [declassified certain information pertaining
|
||||||
|
to the "business records" provision of FISA][23], stating, "I believe it is
|
||||||
|
important for the American people to understand the limits of this targeted
|
||||||
|
counterterrorism program and the principles that govern its use". This statement
|
||||||
|
mentions that:
|
||||||
|
|
||||||
|
> Although this program has been properly classified, the leak of one order,
|
||||||
|
> without any context, has created a misleading impression of how it operates.
|
||||||
|
> [...] The program does not allow the Government to listen in on anyone's phone
|
||||||
|
> calls. The information acquired does not include the content of any
|
||||||
|
> communications or the identity of any subscriber. The only type of information
|
||||||
|
> acquired under the Court's order is telephony metadata, such as telephone
|
||||||
|
> numbers dialed and length of calls.[[23]]
|
||||||
|
|
||||||
|
The term "telephony metadata" could mean anything; the "numbers dialed" and
|
||||||
|
"length of calls" are part of it, but what does [the Court order][6]
|
||||||
|
specifically request?
|
||||||
|
|
||||||
|
> IT IS HEREBY ORDERED that [Verizon] shall produce to the [NSA] [...], and
|
||||||
|
> continue production on an ongoing daily basis [...] for the duration of this
|
||||||
|
> Order, [...] all call detail records or "telephony metadata" [...].
|
||||||
|
> Telephony metadata includes comprehensive communications routing information,
|
||||||
|
> including but not limited to [...] originating and terminating telephone
|
||||||
|
> number, [...] International Mobile Subscriber Identity (IMSI) number,
|
||||||
|
> International Mobile station Equipment Identity (IMEI) number, [...] trunk
|
||||||
|
> identifier, telephone calling card numbers, and time and duration of call.
|
||||||
|
> Telephony metadata does not include the substantive content of any
|
||||||
|
> communication [...], or the name, address, or financial information of a
|
||||||
|
> subscriber or customer.[[6]] --FISA Court order
|
||||||
|
|
||||||
|
The President made this point very clear:
|
||||||
|
|
||||||
|
> **Obama:** When it comes to telephone calls, nobody is listening to your
|
||||||
|
> telephone calls. That’s not what this program’s about. As was indicated, what
|
||||||
|
> the intelligence community is doing is looking at phone numbers and durations
|
||||||
|
> of calls. They are not looking at people’s names, and they’re not looking at
|
||||||
|
> content. But by sifting through this so-called metadata, they may identify
|
||||||
|
> potential leads with respect to folks who might engage in terrorism. If these
|
||||||
|
> folks — if the intelligence community then actually wants to listen to a phone
|
||||||
|
> call, they’ve got to go back to a federal judge, just like they would in a
|
||||||
|
> criminal investigation. So I want to be very clear. Some of the hype that
|
||||||
|
> we’ve been hearing over the last day or so — nobody’s listening to the content
|
||||||
|
> of people’s phone calls.[[16]]
|
||||||
|
|
||||||
|
The EFF provides compelling arguments as to why [metadata is important to our
|
||||||
|
privacy][24]. One such example: "They know you spoke with an HIV testing
|
||||||
|
service, then your doctor, then your health insurance company in the same hour.
|
||||||
|
But they don't know what was discussed." The EFF further states, "the
|
||||||
|
government has given no assurances that this data will never be correlated with
|
||||||
|
other easily obtained data". So, while the President may try reassuring us by
|
||||||
|
stating that "they've got to go back to a federal judge", he certainly does
|
||||||
|
not make it clear that they may already have enough information *without* having
|
||||||
|
to do so---from this supposedly non-content metadata. They do not need to
|
||||||
|
subpoena the phone company for the name or address of the individual in most
|
||||||
|
cases, as reverse telephone directories are readily available. With that, they
|
||||||
|
then have the names of yourself, everyone you have called and GPS data.
|
||||||
|
|
||||||
|
Another argument worthy of strong consideration is posed by Daniel J.
|
||||||
|
Solove---[what if the government is wrong about your intentions][25]? How can
|
||||||
|
you go about correcting incorrect data if its very existence is hidden from the
|
||||||
|
public?
|
||||||
|
|
||||||
|
> What if the government leaks the information to the public? What if the
|
||||||
|
> government mistakenly determines that based on your pattern of activities,
|
||||||
|
> you're likely to engage in a criminal act? What if it denies you the right to
|
||||||
|
> fly? What if the government thinks your financial transactions look odd—even
|
||||||
|
> if you've done nothing wrong—and freezes your accounts? What if the government
|
||||||
|
> doesn't protect your information with adequate security, and an identity thief
|
||||||
|
> obtains it and uses it to defraud you?[[25]]
|
||||||
|
|
||||||
|
These are serious questions. Even if you---the reader---are of the type that sates
|
||||||
|
"I don't care; I have nothing to hide", then consider that, despite the government's
|
||||||
|
best efforts to secure and protect the data, [it could possibly fall prey to
|
||||||
|
enemies of the United States][25]. Consider that the [Chinese cracked into
|
||||||
|
Pentagon systems][26], taking "designs for more than two dozen major weapon systems
|
||||||
|
used by the United States military".
|
||||||
|
|
||||||
|
Of course, we are now assuming that that the NSA is (a) operating in accordance with the
|
||||||
|
Court order with respect to the privacy of communications content and (b) that
|
||||||
|
the President's statement is not intentionally omitting projects that *do*
|
||||||
|
warrantlessly wiretap innocent Americans' communications. Historically, the NSA has not
|
||||||
|
given us reason to entertain either of these thoughts.
|
||||||
|
|
||||||
|
**January 31, 2006**---[Hepting v. AT&T][13]; the EFF files a case suing AT&T on
|
||||||
|
behalf of its customers for "violating privacy law by collaborating with the
|
||||||
|
NSA in the massive, illegal program to wiretap and data-min Americans'
|
||||||
|
communications". This case included "undisputed evidence" from former AT&T technician
|
||||||
|
Mark Klein showing that [AT&T routed a copy of all Internet traffic to an NSA-controlled
|
||||||
|
room in San Francisco][27]:
|
||||||
|
|
||||||
|
> Through the "splitter cabinet," the content of all of the electronic voice
|
||||||
|
> and data communications going across the Peering Links [...] was transferred
|
||||||
|
> from the WorldNet Internet room's fiber optical circuits into the
|
||||||
|
> [NSA-controlled] SG3 Secure Room [...] including such equipment as Sun servers
|
||||||
|
> and Juniper (M40e and M160) "backbone" routers. The list also included a
|
||||||
|
> Narus STA 6400, which is a "Semantic Traffic Analyzer."[[27]]
|
||||||
|
|
||||||
|
That is---allegedly, AT&T indiscriminately passed *all* of the traffic passing
|
||||||
|
through its San Francisco facility into the NSA-controlled "SG3 Secure Room"
|
||||||
|
where the NSA performed their *own* filtering, storage and analysis however they
|
||||||
|
pleased. This is an astounding accusation. Additionally, Klein further states
|
||||||
|
that "other such `splitter cabinets' were being installed in other cities,
|
||||||
|
including Seattle, San Jose, Los Angeles and San Diego".[[27]]
|
||||||
|
|
||||||
|
Unfortunately, Hepting was dealt a fatal blow in July 2008 when both the
|
||||||
|
government and AT&T were [awarded retroactive immunity][28] by the [FISA
|
||||||
|
Amendments Act (FAA)][29]. This startling turn was signed by President Bush in
|
||||||
|
response to the EFF's court victories in the case and "allows the Attourney
|
||||||
|
General to require the dismissal of the lawsuits over the telecoms'
|
||||||
|
participation in the warrantless surveillance program".[[13]] The case was
|
||||||
|
dismissed in June 2009 and dozens of other lawsuits.
|
||||||
|
|
||||||
|
Fortunately, the battle is not over. The EFF then filed [Jewel v. NSA][12] which
|
||||||
|
directly targets the "NSA and other government agencies on behalf of AT&T
|
||||||
|
customers to stop the illegal unconstitutional and ongoing dragnet surveillance
|
||||||
|
of their communications and communications records". This case was too based
|
||||||
|
on [the testimony of Klein][27]. Additionally, the EFF had declarations of William
|
||||||
|
Binney, Thomas Drake and Kirk Wiebe---[three NSA whistleblowers][30]. Most
|
||||||
|
interesting (and damning) for the purposes of our discussion is the [Summary of
|
||||||
|
Voluminous Evidence][31].
|
||||||
|
|
||||||
|
> I have served on the Intelligence Committee for over a decade and I wish to
|
||||||
|
> deliver a warning this afternoon. When the American people find out how their
|
||||||
|
> government has secretly interpreted [the business records provision of
|
||||||
|
> FISA], they are going to be stunned and they are going to be angry.[^32]
|
||||||
|
> --Senator Ron Wyden
|
||||||
|
|
||||||
|
Note that the Senator is referring to precisely the same provision---business
|
||||||
|
records---that was partly declassified by James Clapper on Thursday.[[23]] Of
|
||||||
|
course, we are assuming that the NSA decides to go to the FISA Court for
|
||||||
|
permission; this apparently has not always been the case.
|
||||||
|
|
||||||
|
According to [the summary of evidence][31], the NSA stated:
|
||||||
|
|
||||||
|
> To perform both its offensive and defensive mission, NSA must "live on the
|
||||||
|
> network." [The program would be] a powerful and permanent presence on a
|
||||||
|
> global telecommunications infrastructure where protected American
|
||||||
|
> communications and targeted adversary communications will coexist.
|
||||||
|
|
||||||
|
This certainly shares some similarities with the Verizon case. But FISA stood
|
||||||
|
in the way of this goal; John Yoo explains why FISA was insufficient for such
|
||||||
|
a dragnet operation:
|
||||||
|
|
||||||
|
> [U]nder existing laws like FISA, you have to have the name of somebody, have
|
||||||
|
> to already suspect that someone's a terrorist before you can get a warrant.
|
||||||
|
> [...] it doesn't allow you as a government to use judgment based on
|
||||||
|
> probability to say: "[...] there's a high probability that some of those
|
||||||
|
> calls are terrorist communications. But we don't know the names of the people
|
||||||
|
> making those calls." You want to get at those phone calls, those e-mails, but
|
||||||
|
> under FISA you can't do that.[^33] --Jon Yoo
|
||||||
|
|
||||||
|
After the September 11th attacks, "FISA ceased to be an operative
|
||||||
|
concern".[[31]] If that statement sounds unsettling, that is because it is;
|
||||||
|
President Bush subsequently authorized the NSA to "conduct electronic
|
||||||
|
surveillance within the United States" without an order from the FISA Court
|
||||||
|
(FISC). General Hayden phrased it as such: the program "is a more [...]
|
||||||
|
`aggressive' program than would be traditionally available under FISA".[^34]
|
||||||
|
What---if anything---does this mean about any current NSA operations (including
|
||||||
|
the Verizon order)? If Bush is able to authorize such actions, what is to say
|
||||||
|
that Obama will not (and has not)?
|
||||||
|
|
||||||
|
Let us return to the statements from both Clapper[[23]] and Obama stating that
|
||||||
|
"nobody is listening to the content of your phone calls".[[16]] We can certainly
|
||||||
|
hope that this is the case, but we shall continue to draw from evidence in the
|
||||||
|
[Jewel v. NSA case][12] to see what the NSA has done in the past.
|
||||||
|
|
||||||
|
> It was the biggest legal mess I've ever encountered.[^35] --Jack Goldsmith, Justice
|
||||||
|
> Department's Office of Legal Consel
|
||||||
|
|
||||||
|
The program operated "in lieu of" court orders.[^36] Even more alarming (if such a
|
||||||
|
thing is possible), "neither the President nor Attorney General approved the specific
|
||||||
|
interceptions; rather, the decision to listen or read particular communications was
|
||||||
|
made by intelligence analysts"; the only authorization needed was by an NSA
|
||||||
|
"shift supervisor".[^37] So, let's reiterate:
|
||||||
|
|
||||||
|
> **Obama:** If these folks — if the intelligence community then actually wants to listen
|
||||||
|
> to a phone call, they've got to go back to a federal judge, just like they
|
||||||
|
> would in a criminal investigation.[[16]]
|
||||||
|
|
||||||
|
It may very well be that Obama is being truthful within context of the Verizon
|
||||||
|
order; perhaps they have learned from their mistakes with the AT&T dragnet.
|
||||||
|
Unfortunately, their secrecy is making it very difficult for the public to make
|
||||||
|
an informed analysis of the matter.
|
||||||
|
|
||||||
|
Ultimately, it is believed that Attorney General Comey's initial certifications of
|
||||||
|
the program were "based on a misimpression of those activities" due to a botched
|
||||||
|
legal analysis by Jon Yoo that was described as "at a minimum [...] factually
|
||||||
|
flawed". Yoo was the only OLC official to read into the program since its
|
||||||
|
inception in October 2001 until his leaving in May 2003.[[31]] When Comey refused
|
||||||
|
to reauthorize the program, Bush did so himself, resulting in threats of resignation
|
||||||
|
from Comey and "about two dozen Bush appointees". However, "[d]espite the illegality
|
||||||
|
of the Program, no officials resigned."[[31]].
|
||||||
|
|
||||||
|
In 2009, the New York Times published a series of articles regarding the
|
||||||
|
program, exposing a ["serious issue involving the NSA" concerning
|
||||||
|
"significant misconduct"][38]. This included a "`flagrant' overcollection
|
||||||
|
of domestic email".[[31]]
|
||||||
|
|
||||||
|
> Because each court order could single out hundreds or even thousands of phone
|
||||||
|
> numbers or e-mail addresses, the number of individual communications that
|
||||||
|
> were improperly collected could number in the millions, officials said.[[31]]
|
||||||
|
|
||||||
|
That was then; this is now, right? How can we be sure of any connection between
|
||||||
|
the NSA of a decade ago vs. the NSA of today? Well, as an average citizen with
|
||||||
|
no security clearance, I can't. However, there are some important connections that
|
||||||
|
can be made. Firstly, recall Ron Wyden's quote above stating that the public
|
||||||
|
will be "stunned" and "angry".[^32] On Thursday, June 6th, he [released this
|
||||||
|
statement on his Senate website][39]:
|
||||||
|
|
||||||
|
> The program Senators Feinstein and Chambliss publicly referred to today is one
|
||||||
|
> that I have been concerned about for years. I am barred by Senate rules from
|
||||||
|
> commenting on some of the details at this time. However, I believe that when
|
||||||
|
> law-abiding Americans call their friends, who they call, when they call, and
|
||||||
|
> where they call from is private information. Collecting this data about every
|
||||||
|
> single phone call that every American makes every day would be a massive
|
||||||
|
> invasion of Americans’ privacy.[[39]] --Senator Ron Wyden
|
||||||
|
|
||||||
|
Perhaps the most obvious and direct connection is that the [government asked for
|
||||||
|
more time in Jewel v. NSA (and Shubert v. Obama) in light of the NSA
|
||||||
|
revelations][40].
|
||||||
|
|
||||||
|
> The revelations not only confirmed what EFF has long alleged, they went even
|
||||||
|
> further and honestly, we’re still reeling. EFF will, of course, be continuing
|
||||||
|
> its efforts to get this egregious situation addressed by the courts.
|
||||||
|
>
|
||||||
|
> [...] EFF and others had long alleged that, despite the rhetoric surrounding
|
||||||
|
> the Patriot Act and the FISA Amendments Act, the government was still
|
||||||
|
> vacuuming up the records of the purely domestic communications of millions of
|
||||||
|
> Americans. And yesterday, of course, with the Verizon order, we got solid
|
||||||
|
> proof.. And it appears that the reach of this vacuum goes much further, into
|
||||||
|
> the records of our Internet service providers as well.[[41]] --Electronic
|
||||||
|
> Frontier Foundation
|
||||||
|
|
||||||
|
This brings us back to [PRISM][19]. Numerous sources reported that [the White
|
||||||
|
House confirmed][42] its existence. Indeed, if you consider the President's
|
||||||
|
original words--- "the programs that have been discussed over the last couple
|
||||||
|
days in the press are secret in the sense that they’re classified"[[16]]---this
|
||||||
|
does seem to be a verification of the project's existence. However, confusion ensued
|
||||||
|
when [companies like Google and Facebook denied involvement][43], despite what
|
||||||
|
the [leaked information seems to state][19]. Yonatan Zunger---chief architect at
|
||||||
|
Google---[reiterated the words of Larry Page][44]:
|
||||||
|
|
||||||
|
> I can also tell you that the suggestion that PRISM involved anything happening
|
||||||
|
> directly inside our datacenters surprised me a great deal; owing to the nature
|
||||||
|
> of my work at Google over the past decade, it would have been challenging --
|
||||||
|
> not impossible, but definitely a major surprise -- if something like this
|
||||||
|
> could have been done without my ever hearing of it. And I can categorically
|
||||||
|
> state that *nothing* resembling the mass surveillance of individuals by
|
||||||
|
> governments within our systems has ever crossed my plate.[[44]] --Yonatan
|
||||||
|
> Zunger, Chief Architect, Google
|
||||||
|
|
||||||
|
Questions then arose as to what exactly "PRISM" is. Marc Ambinder with The Week
|
||||||
|
reported that [PRISM is nothing more than one of many different "data collection
|
||||||
|
tools"][45] that may be used by the NSA. One day later, Marc posted another article
|
||||||
|
entitled ["Solving the mystery of PRISM"][46]
|
||||||
|
|
||||||
|
> Each data processing tool, collection platform, mission and source for raw
|
||||||
|
> intelligence is given a specific numeric signals activity/address designator,
|
||||||
|
> or a SIGAD. [...] PRISM is US-984XN. Each SIGAD is basically a collection
|
||||||
|
> site, physical or virtual; [...] PRISM is a kick-ass GUI that allows an
|
||||||
|
> analyst to look at, collate, monitor, and cross-check different data types
|
||||||
|
> provided to the NSA from internet companies located inside the United States.[[46]]
|
||||||
|
|
||||||
|
Others hypothesized that, due to the denial of involvement from various
|
||||||
|
companies[[44]], PRISM may operate by intercepting communications. The Guardian
|
||||||
|
[countered by releasing another slide from the leaked presentation][47], stating
|
||||||
|
outright that "[b]oth of these theories appear to be contradicted by internal
|
||||||
|
NSA documents".
|
||||||
|
|
||||||
|
> It clearly distinguishes Prism, which involves data collection from servers,
|
||||||
|
> as distinct from four different programs involving data collection from "fiber
|
||||||
|
> cables and infrastructure as data flows past".[[47]]
|
||||||
|
|
||||||
|
This sounds a great deal like Klein's description of the SG3 Secure Room at
|
||||||
|
AT&T[[27]] (though I do not intend to imply that they are the same thing---that is
|
||||||
|
not clear, nor does Klien state that he ever noted the word "PRISM" on any
|
||||||
|
documents). The Guardian goes on to state that "[a] far fuller picture of the exact
|
||||||
|
operation of Prism [...] is expected to emerge in the coming weeks and months".
|
||||||
|
(Is that foreshadowing or an educated guess?)
|
||||||
|
|
||||||
|
There is, of course, the other obvious hypothesis---that organizations including
|
||||||
|
Google, Facebook and Microsoft are being [deceptive or not telling the whole
|
||||||
|
truth][48]. Alternatively, maybe such operations were being done under the noses
|
||||||
|
of executives. On Friday, the New York Times published an article stating that
|
||||||
|
the technology companies ["cooperated at least a bit"][49].
|
||||||
|
|
||||||
|
> [Google, Micorsoft, Yahoo, Facebook, AOL, Apple and Paltalk] were legally
|
||||||
|
> required to share the data under the Foreign Intelligence Surveillance Act.
|
||||||
|
> [...] But instead of adding a back door to their servers, the companies were
|
||||||
|
> essentially asked to erect a locked mailbox and give the government the key,
|
||||||
|
> people briefed on the negotiations said. Facebook, for instance, built such a
|
||||||
|
> system for requesting and sharing the information, they said.[[49]]
|
||||||
|
|
||||||
|
This does not necessarily mean that these companies had any knowledge,
|
||||||
|
specifically, of "PRISM". As the Guardian said, I will be curious to see what
|
||||||
|
information surfaces in the coming months; the gag provisions of the orders make
|
||||||
|
for an unfortunate situation for everyone involved.
|
||||||
|
|
||||||
|
Let us return to the President's statements.
|
||||||
|
|
||||||
|
> **Obama:** And I welcome this debate. And I think it's healthy for our
|
||||||
|
> democracy. I think it's a sign of maturity, because probably five years ago,
|
||||||
|
> six years ago, we might not have been having this debate.[[16]]
|
||||||
|
|
||||||
|
This is a difficult debate to have, Mr. President, when the public does not know
|
||||||
|
of the existence of these programs; we only have knowledge of these programs due
|
||||||
|
to the aforementioned leaks---courageous individuals who feel that their
|
||||||
|
government is not representative of the democracy and freedom that it supposedly
|
||||||
|
represents. This segues into another statement from the President:
|
||||||
|
|
||||||
|
> **Jackie Calmes:** Do you welcome the leak, sir? Do you welcome the leak if
|
||||||
|
> you welcome the debate?
|
||||||
|
>
|
||||||
|
> **Obama:** I don't---I don't welcome leaks, because there's a reason why these
|
||||||
|
> programs are classified. [...] But that's also why we've set up congressional
|
||||||
|
> oversight. These are the folks you all vote for as your representative in
|
||||||
|
> Congress, and they’re being fully briefed on these programs.
|
||||||
|
|
||||||
|
Unfortunately, Obama seems to have missed another critical fact. We---the
|
||||||
|
people---vote for representatives that, well, "represent" *the issues that we
|
||||||
|
care about*. Those who are strongly opposed to gun legislation will vote for
|
||||||
|
those representatives that share those feelings and will fight to oppose such
|
||||||
|
legislation. Similarly, a pro-life supporter will probably not vote for a
|
||||||
|
candidate in favor of abortion. But what if there is a candidate that shares one
|
||||||
|
opinion but not another---say, opposes gun regulation but supports abortion,
|
||||||
|
when you as a voter are a pro-life gun-owner against gun legislation? Then you
|
||||||
|
will likely vote for the issues that you feel most strongly about (or what you
|
||||||
|
feel is a fair balance between all the other issues you follow). The problem
|
||||||
|
here, Mr. President, is that we---the people---are not made aware of these
|
||||||
|
issues because they are *classified*. How many people may not have voted for
|
||||||
|
you, Mr. President, had they known that you would support dragnet surveillance
|
||||||
|
of innocent Americans?
|
||||||
|
|
||||||
|
**Sunday, June 9th, 2013**---The Guardian continues to surprise the world by
|
||||||
|
[releasing the name of the NSA whistleblower at his request][50]. Edward
|
||||||
|
Snowden, a 29-year-old former CIA technical assistant and current defense
|
||||||
|
contractor employee is responsible for what The Guardian is calling "the
|
||||||
|
biggest intelligence leak in the NSA's history". Reporting from Hong
|
||||||
|
Kong---where Snowden fled to on May 20th in the hope of resisting the
|
||||||
|
U.S. government---Glenn Greenwald, Ewen MacAskill and Laura Poitras report
|
||||||
|
on his motives.
|
||||||
|
|
||||||
|
> Three weeks ago, Snowden made final preparations [...] [a]t the NSA office in
|
||||||
|
> Hawaii where he was working, [copying] the last set of documents he intended
|
||||||
|
> to disclose.[[50]]
|
||||||
|
|
||||||
|
Snowden describes situations where he began to begin questioning his government,
|
||||||
|
such as a case where a CIA operative purposely encouraged a Swiss banker to get
|
||||||
|
intoxicated and drive drunk so that he would be arrested. "Much of what I saw
|
||||||
|
in Geneva really disillusioned me about how my government functions and what its
|
||||||
|
impact is in the world." He mentioned that the election of Obama in 2008 gave
|
||||||
|
him hope for reform, but watched in 2009 as "Obama advanced the very policies
|
||||||
|
that I thought would be reined in. [...] I got hardened."[[50]]
|
||||||
|
|
||||||
|
It is this statement from Snowden that, if accurate, suggests that Obama not
|
||||||
|
only supports Bush's initial dragnet operation[[31]], but has further expanded it.
|
||||||
|
|
||||||
|
At this point, since the news is still quite young at the time that this article
|
||||||
|
was written, the world must wait to see what action the government will attempt
|
||||||
|
to take against Snowden. Reuters had already reported the previous day that
|
||||||
|
[the government is likely to open a criminal probe into the NSA leaks][51].
|
||||||
|
|
||||||
|
> James Clapper, the director of U.S. national intelligence, condemned the leaks
|
||||||
|
> and asserted that the news articles about PRISM contained "numerous
|
||||||
|
> inaccuracies."[[51]]
|
||||||
|
|
||||||
|
Snowden is not the first to come forward as a whistleblower from the NSA---as we
|
||||||
|
discussed previously, three NSA whistleblowers came fourth previously to back the
|
||||||
|
EFF in Jewel v. NSA;[[30]] they each had the charges either cleared or dropped. That
|
||||||
|
said, [Obama has been aggressively pursuing whistleblowers][59]. Snowden
|
||||||
|
mentioned that he views his best hope of freedom as the possibility of asylum
|
||||||
|
with Iceland.[[50]] It appears that such may already be working in his favor, with
|
||||||
|
[Iclandic Legislator Birgitta Jonsdottir already starting the process to apply
|
||||||
|
for asylum][52], although it is not clear if Snowden has already applied.
|
||||||
|
|
||||||
|
There is a great deal to think about. Even though the [evidence against the NSA
|
||||||
|
dates far back][4], the recent revelations invoke emotions that are difficult to
|
||||||
|
describe. With countless individuals working to sift through the information,
|
||||||
|
the Obama administration under attack and nobody knowing if the Guardian is
|
||||||
|
sitting on even more information, the entire world will continue to watch
|
||||||
|
impatiently...and act.
|
||||||
|
|
||||||
|
While all this is going on, it would be useful to reiterate certain privacy and
|
||||||
|
security topics that have already been covered at large. Firstly, consider
|
||||||
|
checking out the EFF's [Surveillance Self-Defense][53] website, which contains
|
||||||
|
information on a number of topics including anonymity and how to respond to
|
||||||
|
court orders. Consider using [Tor for anonymity][54] online (but recognize that
|
||||||
|
it is not a full solution in itself). Consider [keeping your data to
|
||||||
|
yourself][55] rather than storing it on "cloud" services---[Richard Stallman
|
||||||
|
explains how Software as a Service (SaaS) differs in dangers from proprietary
|
||||||
|
software][56]. Consider using only [free software][57] to limit further
|
||||||
|
sacrifices in personal freedom and to limit the information that corporations
|
||||||
|
and third parties collect from you while using your computer and other devices.
|
||||||
|
Finally, if you have information that you want to leak to the press (whether or
|
||||||
|
not you are an [NSA employee][58]), you may be able to consider tools such as
|
||||||
|
[The New Yorker's Strongbox][60]; it uses [software created by Aaron Swartz][61]
|
||||||
|
shortly before his untimely death early this year.
|
||||||
|
|
||||||
|
Finally, aid senators like Rand Paul in developing [legislation to curb the powers
|
||||||
|
of the government][62]. We must also do our best to fight for the rights of
|
||||||
|
brave whistleblowers like Snowden. To end with the words of the EFF, ["we need
|
||||||
|
a new church committee and we need it now"][41].
|
||||||
|
|
||||||
|
[5]: http://www.guardian.co.uk/world/2013/jun/06/nsa-phone-records-verizon-court-order
|
||||||
|
"NSA collecting phone records of millions of Verizon customers daily"
|
||||||
|
[6]: http://s3.documentcloud.org/documents/709012/verizon.pdf "PDF of the FISA Court order to Verizon."
|
||||||
|
[7]: http://s3.documentcloud.org/documents/709012/verizon.txt "Ibid; plain text version."
|
||||||
|
[8]: https://www.eff.org/deeplinks/2013/06/confirmed-nsa-spying-millions-americans
|
||||||
|
"Confirmed: NSA Spying on Millions of Americans"
|
||||||
|
[9]: https://www.eff.org/deeplinks/2011/10/ten-years-later-look-three-scariest-provisions-usa-patriot-act
|
||||||
|
"Three Scariest Provisions of thet USA Patriot Act"
|
||||||
|
[10]: /2013/03/federal-judge-rules-nsls-national-security-letters-unconstitutional
|
||||||
|
"Federal Judge Declares National Security Letters Unconstitutional"
|
||||||
|
[11]: http://www.theatlantic.com/politics/archive/2013/06/what-we-dont-know-about-spying-on-citizens-scarier-than-what-we-know/276607/
|
||||||
|
"Bruce Schneier comments on NSA leak"
|
||||||
|
[12]: https://www.eff.org/cases/jewel "Jewel v. NSA"
|
||||||
|
[13]: https://www.eff.org/cases/hepting "Hepting v. AT&T"
|
||||||
|
[14]: /2012/11/privacy-in-light-of-the-petraeus-scandal
|
||||||
|
"Privacy In Light of the Petraeus Scandal"
|
||||||
|
[15]: /2013/03/google-says-the-fbi-is-secretly-spying-on-some-of-its-customers
|
||||||
|
"Google Says the FBI Is Secretly Spying on Some of Its Customers"
|
||||||
|
[16]: http://blogs.wsj.com/washwire/2013/06/07/transcript-what-obama-said-on-nsa-controversy/
|
||||||
|
"Obama on the NSA controversy"
|
||||||
|
[17]: https://www.eff.org/deeplinks/2013/05/congressional-outrage-over-ap-phone-records
|
||||||
|
"Congressional outrate of AP phone records"
|
||||||
|
[18]: https://www.eff.org/deeplinks/2013/05/doj-subpoena-ap-journalists-shows-need-protect-calling-records
|
||||||
|
[19]: http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-data
|
||||||
|
[20]: http://googleblog.blogspot.com/2013/06/what.html "Larry Page denies PRISM involvement"
|
||||||
|
[21]: https://www.facebook.com/zuck/posts/10100828955847631 "Mark Zuckerberg denies PRISM involvement"
|
||||||
|
[22]: http://www.guardian.co.uk/world/2013/jun/07/google-facebook-prism-surveillance-program
|
||||||
|
[23]: http://www.dni.gov/index.php/newsroom/press-releases/191-press-releases-2013/868-dni-statement-on-recent-unauthorized-disclosures-of-classified-information
|
||||||
|
"James Clapper---Directory of National Intelligence---declassifies
|
||||||
|
information pertaining to the "business records" provision of FISA"
|
||||||
|
[24]: https://www.eff.org/deeplinks/2013/06/why-metadata-matters
|
||||||
|
"The EFF describes why telephony metadata can have a significant impact on our privacy."
|
||||||
|
[25]: http://mashable.com/2013/06/08/china-hack-nsa/ "What if crackers get a hold of the NSA's databases?"
|
||||||
|
[26]: http://rt.com/usa/us-chinese-report-defense-888/ "The Chinese crack into Pentagon systems."
|
||||||
|
[27]: https://www.eff.org/file/28823 "Public unredacted Mark Klein declaration"
|
||||||
|
[28]: https://www.eff.org/pages/case-against-retroactive-amnesty-telecoms "The Case Against Retroactive Amnesty for Telecoms."
|
||||||
|
[29]: http://www.govtrack.us/congress/bills/110/hr6304/text "FISA Amendments Act (FAA)."
|
||||||
|
[30]: https://www.eff.org/press/releases/three-nsa-whistleblowers-back-effs-lawsuit-over-governments-massive-spying-program
|
||||||
|
"Three NSA whistleblowers back the EFF in Jewel v. NSA"
|
||||||
|
[31]: https://www.eff.org/node/72021 "Summary of Voluminous Evidence, Jewel v. NSA"
|
||||||
|
[38]: http://www.nytimes.com/2009/04/16/us/16nsa.html?pagewanted=all "Officials Say U.S. Wiretaps Exceeded Law"
|
||||||
|
[39]: http://www.wyden.senate.gov/news/press-releases/wyden-statement-on-alleged-large-scale-collection-of-phone-records
|
||||||
|
"Ron Wyden comments on the collection of Verizon phone records"
|
||||||
|
[40]: https://www.eff.org/deeplinks/2013/06/government-asks-more-time-eff-surveillance-cases
|
||||||
|
"In Light of NSA Revelations, Government Asks for More Time in EFF Surveillance Cases"
|
||||||
|
[41]: https://www.eff.org/deeplinks/2013/06/response-nsa-we-need-new-church-commission-and-we-need-it-now
|
||||||
|
"In Response to the NSA, We Need A New Church Committee and We Need It Now"
|
||||||
|
[42]: http://www.theweek.co.uk/us/53475/white-house-admits-it-has-access-facebook-google
|
||||||
|
"White House admits it has "access" to Facebook, Google"
|
||||||
|
[43]: http://www.guardian.co.uk/world/2013/jun/07/google-facebook-prism-surveillance-program
|
||||||
|
"Facebook and Google insist they did not know of Prism surveillance program"
|
||||||
|
[44]: https://plus.google.com/+YonatanZunger/posts/huwQsphBron
|
||||||
|
"Yonatan Zunger---Chief Architect at Google---expresses his distaste of PRISM"
|
||||||
|
[45]: http://theweek.com/article/index/245311/sources-nsa-sucks-in-data-from-50-companies
|
||||||
|
"Sources: NSA sucks in data from 50 companies"
|
||||||
|
[46]: http://theweek.com/article/index/245360/solving-the-mystery-of-prism
|
||||||
|
"Solving the mystery of PRISM"
|
||||||
|
[47]: http://www.guardian.co.uk/world/2013/jun/08/nsa-prism-server-collection-facebook-google
|
||||||
|
"NSA's Prism surveillance program: how it works and what it can do."
|
||||||
|
[48]: http://www.guardian.co.uk/world/2013/jun/08/obama-response-nsa-surveillance-democrats
|
||||||
|
"Obama deflects criticism over NSA surveillance as Democrats sound alarm."
|
||||||
|
[49]: http://www.nytimes.com/2013/06/08/technology/tech-companies-bristling-concede-to-government-surveillance-efforts.html?ref=global-home&_r=2&pagewanted=all&
|
||||||
|
"Tech Companies Concede to Surveillance Program"
|
||||||
|
[50]: http://www.guardian.co.uk/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance
|
||||||
|
"Edward Snowden: the whistleblower behind the NSA surveillance revelations."
|
||||||
|
[51]: http://www.reuters.com/article/2013/06/08/us-usa-security-leaks-idUSBRE95700C20130608
|
||||||
|
"Government likely to open criminal probe into NSA leaks: officials."
|
||||||
|
[52]: http://www.forbes.com/sites/andygreenberg/2013/06/09/icelandic-legislator-im-ready-to-help-nsa-whistleblower-seek-asylum/
|
||||||
|
"Icelandic Legislator: I'm Ready To Help NSA Whistleblower Edward Snowden Seek Asylum"
|
||||||
|
[53]: https://ssd.eff.org/ "EFF Surveillance Self-Defense."
|
||||||
|
[54]: https://www.torproject.org/ "The Tor project offers anonymity online."
|
||||||
|
[55]: http://www.guardian.co.uk/technology/2008/sep/29/cloud.computing.richard.stallman
|
||||||
|
"Cloud computing is a trap, warns GNU founder Richard Stallman"
|
||||||
|
[56]: http://www.gnu.org/philosophy/who-does-that-server-really-serve.html
|
||||||
|
"Who does that server really serve?"
|
||||||
|
[57]: http://www.gnu.org/philosophy/free-sw.html "What is free software?"
|
||||||
|
[58]: http://www.whistleblowers.org/index.php?option=com_content&task=view&id=984&Itemid=173
|
||||||
|
"National Security Employees Know Your Rights"
|
||||||
|
[59]: http://www.theatlanticwire.com/politics/2011/05/obamas-war-whistle-blowers/38106/
|
||||||
|
"Obama's War on Whistle-Blowers"
|
||||||
|
[60]: http://www.newyorker.com/strongbox/ "The New Yorker Strongbox"
|
||||||
|
[61]: http://www.newyorker.com/online/blogs/newsdesk/2013/05/strongbox-and-aaron-swartz.html
|
||||||
|
"Strongbox and Aaron Swartz"
|
||||||
|
[62]: http://abcnews.go.com/blogs/politics/2013/06/rand-paul-bill-would-curb-nsa-on-phone-records/
|
||||||
|
"Rand Paul Bill Would Curb NSA on Phone Records"
|
||||||
|
|
||||||
|
[^32]: Ibid.[[31]] 157 Cong. Rec. S3372--3402, S3386 (May 26, 2011) [Vol. VI, Ex. 111, p. 4286]
|
||||||
|
(Statement of Sen. Ron Wyden, On Patriot Act Reauthorization)
|
||||||
|
[^33]: Ibid.[[31]] PBS Frontline, Spying on the Homefront, Interview with John C. Yoo at 4
|
||||||
|
(Jan. 10, 2007) [Vol. I, Ex. 10, p. 394]
|
||||||
|
[^34]: Ibid.[[31]] Press Briefing by Att’y Gen. Alberto Gonzalez and Gen. Michael Hayden,
|
||||||
|
Principal Dep. Dir. for Nat’l Intelligence (Dec. 19, 2005)
|
||||||
|
[^35]: Ibid.[[31]] Preserving the Rule of Law in the Fight Against Terror:
|
||||||
|
Hearing before the S. Comm. on the Judiciary, 110th Cong. 7 (Oct. 2, 2007)
|
||||||
|
[Vol. III, Ex. 42, p. 1307] (testimony of Jack Goldsmith)
|
||||||
|
[^36]: Ibid.[[31]] Press Briefing by Att’y Gen. Alberto Gonzalez and Gen. Michael Hayden, Principal Dep. Dir.
|
||||||
|
for Nat’l Intelligence (Dec. 19, 2005)
|
||||||
|
[^37]: Ibid.[[31]] Remarks by Gen. Michael Hayden, Address to the National Press Club, Washington, D.C. (Jan. 23, 2006)
|
||||||
|
[Vol. IV, Ex. 73, p. 1809]
|
|
@ -0,0 +1,159 @@
|
||||||
|
# All "Thoughts" and Site Text Now Licensed Under CC BY-SA
|
||||||
|
|
||||||
|
All "thoughts"---that is, my blog-like entries that are generated by the
|
||||||
|
repository commit messages---and site text are hereby retroactively relicensed
|
||||||
|
under the [Creative Commons Attribution-ShareAlike 3.0 Unported License][0].
|
||||||
|
This license shall not supersede any license that is explicitly put forth within
|
||||||
|
a work; see the COPYING file within the thoughts repository---available on the
|
||||||
|
"Projects" page---for more information.
|
||||||
|
|
||||||
|
[0]: http://creativecommons.org/licenses/by-sa/3.0/
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
This is not a decision I take lightly; it has received much thought over the
|
||||||
|
course of recent years. For some time, I accepted [the view of Richard Stallman
|
||||||
|
and the Free Software Foundation][1] on opinion pieces in that, since they
|
||||||
|
express personal opinions, it is not unreasonable to require that they be
|
||||||
|
distributed verbatim. Indeed, it would seem wise not to allow someone to change
|
||||||
|
your words, especially on something that you are passionate about.
|
||||||
|
|
||||||
|
However, I have come to adopt another perspective. What is the motivation behind
|
||||||
|
releasing content under a license that permits modification (that is, the
|
||||||
|
creation of derivative works)? Often, the primary reason is to allow others to
|
||||||
|
improve upon the content or to modify it to suit their particular needs. To
|
||||||
|
prevent others from locking down those changes---preventing others from having
|
||||||
|
the same rights as they did---many will often release their works under licenses
|
||||||
|
that require that all derivatives be released under the same terms. In the case
|
||||||
|
of Creative Commons, this is called ["ShareAlike"][2], which is motivated by
|
||||||
|
GNU's copyright hack called [copyleft][3] (popularized by the [GNU General
|
||||||
|
Public License][4]).
|
||||||
|
|
||||||
|
For [free software][5] advocates, the question of whether or not to permit
|
||||||
|
modification is generally not even raised---it is a necessity. Software serves a
|
||||||
|
functional purpose: Prohibiting modification could prevent users from altering
|
||||||
|
the software in ways that they may find useful and could be used to exert
|
||||||
|
control over the users. Software does stuff. Software can control what the user
|
||||||
|
can and cannot do.
|
||||||
|
|
||||||
|
Creative works are often considered in a different light. Like software, they
|
||||||
|
are indeed useful---they can be tools to learn, to entertain, etc. However, does
|
||||||
|
prohibiting modification do any harm? In the case of [documentation for free
|
||||||
|
software][6], yes---documentation is very important and can make the difference
|
||||||
|
between highly useful software and impenetrable software. Free documentation
|
||||||
|
ensures that, as the software grows, the documentation can grow with it. Since
|
||||||
|
the documentation for many projects is often scarce or poorly written (great
|
||||||
|
computer hackers are not necessarily great language hackers), the freedom to
|
||||||
|
modify the documentation is a necessity.
|
||||||
|
|
||||||
|
Then what of texts that have nothing to do with a free software project? Texts
|
||||||
|
that serve as an educational resource of any kind would benefit from being free
|
||||||
|
just as a free software project would---experts could contribute, teachers could
|
||||||
|
alter it to suit their particular teaching style or their classroom setting,
|
||||||
|
etc. But what of texts that exist purely as opinion pieces?
|
||||||
|
|
||||||
|
I'm not sure there's such a thing as a "pure" opinion piece, unless it is
|
||||||
|
utter garbage.
|
||||||
|
|
||||||
|
An author would do well to substantiate their opinion with appropriate
|
||||||
|
references (though often times, this is not the case). With those
|
||||||
|
references (or lack thereof) comes the need to connect them to the content---the
|
||||||
|
author must explain his or her opinion. This explanation is educational, even if
|
||||||
|
the reader does not agree with the opinion. Perhaps the reader wishes to use the
|
||||||
|
opinion piece as a resource, but notices that it is lacking in some respect.
|
||||||
|
Should they not be able to improve it, perhaps to even further the author's
|
||||||
|
point? Or, perhaps the opinion piece could be extended to the contrary---to
|
||||||
|
prove additional references to either make it neutral or even work against the
|
||||||
|
author's original opinion. Even though this may not be what the author wants,
|
||||||
|
this is still a useful derivation of the original work.
|
||||||
|
|
||||||
|
As an example, consider this very post. This is clearly an opinion piece---I
|
||||||
|
have made the choice to release my content under a Creative Commons license and
|
||||||
|
I am substantiating my opinion in the hope that others may gain insight and
|
||||||
|
possibly even choose the same path for their own creative works. What if someone
|
||||||
|
wished to present this article to a group of individuals---maybe in the
|
||||||
|
workplace---but found my "garbage" comment to be unnecessarily harsh? What
|
||||||
|
personal harm would I incur if they were to remove that statement? However, what
|
||||||
|
if they wished to go further by replacing all references to "free software"
|
||||||
|
with references to "open source"---a term which I [reject][7]? Well, this
|
||||||
|
could potentially affect my image, depending on the group's philosophy. What
|
||||||
|
now?
|
||||||
|
|
||||||
|
There are a few important points to note from this. Firstly, the license
|
||||||
|
mandates that:
|
||||||
|
|
||||||
|
> If You Distribute, or Publicly Perform the Work or any Adaptations or
|
||||||
|
> Collections, You must, unless a request has been made pursuant to Section
|
||||||
|
> 4(a), keep intact all copyright notices for the Work and provide, reasonable
|
||||||
|
> to the medium or means You are utilizing: (i) the name of the Original Author
|
||||||
|
> (or pseudonym, if applicable) if supplied, and/or if the Original Author
|
||||||
|
> and/or Licensor designate another party or parties (e.g., a sponsor institute,
|
||||||
|
> publishing entity, journal) for attribution ("Attribution Parties") in
|
||||||
|
> Licensor's copyright notice, terms of service or by other reasonable means,
|
||||||
|
> the name of such party or parties; (ii) the title of the Work if supplied;
|
||||||
|
> (iii) to the extent reasonably practicable, the URI, if any, that Licensor
|
||||||
|
> specifies to be associated with the Work, unless such URI does not refer to
|
||||||
|
> the copyright notice or licensing information for the Work; and (iv) ,
|
||||||
|
> consistent with Ssection [sic] 3(b), in the case of an Adaptation, a credit
|
||||||
|
> identifying the use of the Work in the Adaptation (e.g., "French translation
|
||||||
|
> of the Work by Original Author," or "Screenplay based on original Work by
|
||||||
|
> Original Author").[8]
|
||||||
|
|
||||||
|
In plain English---you must provide attribution to the original author and
|
||||||
|
indicate that the work has been modified from the original. Furthermore:
|
||||||
|
|
||||||
|
> The credit required by this Section 4(c) may be implemented in any reasonable
|
||||||
|
> manner; provided, however, that in the case of a Adaptation or Collection, at
|
||||||
|
> a minimum such credit will appear, if a credit for all contributing authors of
|
||||||
|
> the Adaptation or Collection appears, then as part of these credits and in a
|
||||||
|
> manner at least as prominent as the credits for the other contributing
|
||||||
|
> authors.[8]
|
||||||
|
|
||||||
|
It would therefore be appropriate to assume that an author of a derivate work
|
||||||
|
will, in good faith, make clear attribution. Should this not be the case, then
|
||||||
|
what is to say that the author would not have simply modified a work which is
|
||||||
|
not licensed to permit modifications?
|
||||||
|
|
||||||
|
The next point is another simple one: Under United States copyright law, the
|
||||||
|
[fair use doctrine][9] permits limited use of a copyrighted work without prior
|
||||||
|
consent from the author; it is this doctrine that allows, for example, authors
|
||||||
|
and journalists to quote portions of other works to report on or back up their
|
||||||
|
arguments. This means that, even if the license did not permit, an author could
|
||||||
|
still incorporate *portions* of my work to support their own arguments or agenda,
|
||||||
|
regardless of whether or not I may agree with it. This segues into the final
|
||||||
|
point.
|
||||||
|
|
||||||
|
Who am I to [dictate others opinions][10]? It would not be right of me to limit
|
||||||
|
one's freedom simply because they violate my own personal opinions or beliefs.
|
||||||
|
Therefore, if this is one condition under which I would decide to restrict my
|
||||||
|
creative works, then that reason should be immediately dismissed. This means
|
||||||
|
that---within the context of my previous example---if someone wanted to alter
|
||||||
|
all the references to "free software" in my work to adapt it to their own
|
||||||
|
personal style, then they should be permitted to do so. Such a work is no longer
|
||||||
|
my own: They must clearly state that it has been altered from the original.
|
||||||
|
Hopefully readers take notice of that. My works are always published on my own
|
||||||
|
personal website where the originals can be found; with today's search engines,
|
||||||
|
such a task is trivial. If someone neglects to do so---and I do understand that
|
||||||
|
many will neglect to do so---then they have not made an informed opinion on the
|
||||||
|
material.
|
||||||
|
|
||||||
|
Another minor point would be that, for the majority of my works, it is unlikely
|
||||||
|
that anyone will be making any sort of alteration.
|
||||||
|
|
||||||
|
As such, I find that I have little ground to stand on should I attempt to
|
||||||
|
rationalize a more restrictive license. Any remaining arguments, such as "what
|
||||||
|
if they sell your content or modify it only slightly and are given more credit
|
||||||
|
for the work than they deserve?" are already covered by the free software
|
||||||
|
philosophy can may be easily adopted here.
|
||||||
|
|
||||||
|
[1]: http://www.gnu.org/licenses/license-list.html#OpinionLicenses
|
||||||
|
[2]: http://creativecommons.org/licenses/
|
||||||
|
[3]: https://www.gnu.org/copyleft/copyleft.html
|
||||||
|
[4]: https://www.gnu.org/copyleft/gpl.html
|
||||||
|
[5]: https://www.gnu.org/philosophy/free-sw.html
|
||||||
|
[6]: https://www.gnu.org/philosophy/free-doc.html
|
||||||
|
[7]: http://www.gnu.org/philosophy/open-source-misses-the-point.html
|
||||||
|
[8]: http://creativecommons.org/licenses/by-sa/3.0/legalcode
|
||||||
|
[9]: http://en.wikipedia.org/wiki/Fair_use
|
||||||
|
[10]: http://www.gnu.org/philosophy/programs-must-not-limit-freedom.html
|
||||||
|
|
|
@ -0,0 +1,64 @@
|
||||||
|
# Snowden Statement at Moscow Airport; Accepts Asylum Offers
|
||||||
|
|
||||||
|
**See Also:** [National Uproar: A Comprehensive Overview of the NSA Leaks and
|
||||||
|
Revelations][0]; I have not yet had the time to devote to writing a thorough
|
||||||
|
follow-up of recent events and will likely wait until further information and
|
||||||
|
leaks are presented.
|
||||||
|
|
||||||
|
[Edward Snowden][1]---the whistleblower responsible for [exposing various NSA
|
||||||
|
dragnet spying programs][0], among other documents---has been [stuck in the
|
||||||
|
Moscow airport][2] for quite some time while trying to figure out how he will
|
||||||
|
travel to countries offering him asylum, which may involve traveling through
|
||||||
|
territories that may cooperate with the United States' extradition requests.
|
||||||
|
|
||||||
|
[0]: /2013/06/national-uproar-a-comprehensive-overview-of-the-nsa-leaks-and-revelations
|
||||||
|
[1]: https://en.wikipedia.org/wiki/Edward_Snowden (Now with his own Wikipedia page)
|
||||||
|
[2]: http://www.guardian.co.uk/world/2013/jul/01/edward-snowden-escape-moscow-airport
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
Snowden [issued a statement today to Human Rights groups at Moscow's
|
||||||
|
Sheremetyevo airport][3], within which he mentioned:
|
||||||
|
|
||||||
|
> I announce today my formal acceptance of all offers of support or asylum I
|
||||||
|
> have been extended and all others that may be offered in the future. With, for
|
||||||
|
> example, the grant of asylum provided by Venezuela’s President Maduro, my
|
||||||
|
> asylee status is now formal, and no state has a basis by which to limit or
|
||||||
|
> interfere with my right to enjoy that asylum. [...] I ask for your assistance
|
||||||
|
> in requesting guarantees of safe passage from the relevant nations in securing
|
||||||
|
> my travel to Latin America, as well as requesting asylum in Russia until such
|
||||||
|
> time as these states accede to law and my legal travel is permitted. I will be
|
||||||
|
> submitting my request to Russia today, and hope it will be accepted
|
||||||
|
> favorably.[3]
|
||||||
|
|
||||||
|
Snowden had previously [withdrawn his request for political asylum in Russia][4]
|
||||||
|
after [Vladmir Putin stated that he could stay][5] only if he stopped "bringing
|
||||||
|
harm to our American partners"---something which [Snowden does not believe that
|
||||||
|
he is doing][6]. Although Venezuela has offered Snowden asylum, as [explained by
|
||||||
|
the Guardian][6], "he remains unable to travel there without travel
|
||||||
|
documents". Even if he does obtain travel documents, there are still
|
||||||
|
worries---earlier this month, the [Bolivian president's plane was diverted with
|
||||||
|
suspicion that Snowden was on board][7], showing that certain countries may be
|
||||||
|
willing to aid the U.S. in his extradition or otherwise prevent him from
|
||||||
|
traveling.
|
||||||
|
|
||||||
|
My focus on these issues will seldom be on Snowden himself---I would prefer to
|
||||||
|
focus primarily on what he sacrificed his life to bring to light. But it is
|
||||||
|
precisely this sacrifice that makes it important to ensure that Snowden does not
|
||||||
|
fall out of the picture (though it does not appear that he will any time soon).
|
||||||
|
The Guardian also seems to have adopted the strategy of slowly providing more
|
||||||
|
information on the leaks over time---such as the recent revelation that
|
||||||
|
[Microsoft cooperated with the NSA's Prisim program to provide access to
|
||||||
|
unencrypted contents of Outlook.com, Hotmail, Skype and SkyDrive services][8]; I
|
||||||
|
will have more on that later.
|
||||||
|
|
||||||
|
I end this with a photograph taken yesterday of [Richard Stallman with Julian
|
||||||
|
Assange holding up a picture of Snowden][9] that brings a smile to my face.
|
||||||
|
|
||||||
|
[3]: http://wikileaks.org/Statement-by-Edward-Snowden-to.html
|
||||||
|
[4]: http://www.guardian.co.uk/world/2013/jul/02/edward-snowden-nsa-withdraws-asylum-russia-putin
|
||||||
|
[5]: http://www.guardian.co.uk/world/2013/jul/01/putin-snowden-remain-russia-offer
|
||||||
|
[6]: http://m.guardiannews.com/world/2013/jul/12/edward-snowden-accuses-us-illegal-campaign
|
||||||
|
[7]: http://www.guardian.co.uk/world/2013/jul/05/european-states-snowden-morales-plane-nsa
|
||||||
|
[8]: http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data
|
||||||
|
[9]: http://twitpic.com/d279tx
|
|
@ -0,0 +1,99 @@
|
||||||
|
# London Trashcan Spies
|
||||||
|
|
||||||
|
We're not talking about kids hiding out in trashcans talking on
|
||||||
|
walkie-talkies and giggling to each other.
|
||||||
|
|
||||||
|
[Ars has reported on London trashcans][0] rigged to collect the [MAC
|
||||||
|
addresses][1] of mobile devices that pass by. Since we do not often see
|
||||||
|
mobile devices carrying themselves around, we may as well rephrase this as
|
||||||
|
"collect the MAC addresses of people that pass by":
|
||||||
|
|
||||||
|
> During a one-week period in June, just 12 cans, or about 10 percent of the
|
||||||
|
> company's fleet, tracked more than 4 million devices and allowed company
|
||||||
|
> marketers to map the "footfall" of their owners within a 4-minute
|
||||||
|
> walking distance to various stores.
|
||||||
|
|
||||||
|
[0]: http://arstechnica.com/security/2013/08/no-this-isnt-a-scene-from-minority-report-this-trash-can-is-stalking-you/
|
||||||
|
[1]: http://en.wikipedia.org/wiki/MAC_address
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
Your device's---er, *your*---MAC address is a unique identifier that, in
|
||||||
|
the case of wireless networks, is used by the networks to state that a
|
||||||
|
message is intended specifically for you---something that is necessary since
|
||||||
|
wireless devices communicate through open air and, therefore, your device is
|
||||||
|
[also able to pick up the communications of other devices][2]:
|
||||||
|
|
||||||
|
> In IEEE 802 networks such as Ethernet, token ring, and IEEE 802.11, and in
|
||||||
|
> FDDI, each frame includes a destination Media Access Control address (MAC
|
||||||
|
> address). In non-promiscuous mode, when a NIC receives a frame, it
|
||||||
|
> normally drops it unless the frame is addressed to that NIC's MAC address
|
||||||
|
> or is a broadcast or multicast frame.
|
||||||
|
|
||||||
|
Therefore, in such networks, a MAC address is required for communication. So
|
||||||
|
why does your device freely give away such a unique identifier that can be
|
||||||
|
used to track you? Consider that, when wireless is enabled (and, as [the Ars
|
||||||
|
article][0] mentions, sometimes [even when it's not][3]), your device
|
||||||
|
generally scans your surroundings in order to provide you with a list of
|
||||||
|
networks to connect to. This list is generally populated when various access
|
||||||
|
points broadcast their own information to advertise themselves so that you
|
||||||
|
can select them to connect. However, some access points are hidden---they do
|
||||||
|
not broadcast their information, which helps to deter unwanted or malicious
|
||||||
|
users. To connect to these access points, you generally provide the name
|
||||||
|
that the access point administrator has given to it (e.g. "mysecretap").
|
||||||
|
|
||||||
|
Let's say you disconnect from mysecretap. Since the access point (AP) is not
|
||||||
|
broadcasting itself, how does your device know when it is available again?
|
||||||
|
It must attempt to ping it and see if it gets a response. With this ping is
|
||||||
|
your MAC address. Since many devices conveniently like to connect
|
||||||
|
automatically to known access points when they become available, it is
|
||||||
|
likely that your device is pinging rather frequently.
|
||||||
|
|
||||||
|
But what if you do not use hidden access points? Well, it is likely that the
|
||||||
|
same issue still stands---what if the access point that you connected to was
|
||||||
|
once listed but then becomes hidden? (Maybe the administrator of the access
|
||||||
|
point allowed broadcasts for a period of time to allow people to connect
|
||||||
|
easily, but then hid it at a later time.) Your device would need to account
|
||||||
|
for that, and therefore, to be helpful, likely broadcasts pings for any
|
||||||
|
access point you have connected to recently (where "recently" would depend
|
||||||
|
on your device).
|
||||||
|
|
||||||
|
Now, back to the [NSA][5]-wannabe-trashcans: At this point, all an observer
|
||||||
|
must do is lay in wait for those broadcasts and record the MAC addresses. By
|
||||||
|
placing these devices at various locations, you could easily track the
|
||||||
|
movements of individuals, including their speed, destinations, durations of
|
||||||
|
their visits, visit frequencies, favorite areas, dwellings, travel patterns,
|
||||||
|
etc. Since devices may broadcast a whole slew of recent access points that
|
||||||
|
it connected to, you could also see areas that the owner may have been to
|
||||||
|
(oh, I see that you connected to the free wifi in that strip joint). You
|
||||||
|
[could be evil][6].
|
||||||
|
|
||||||
|
Turn off wireless on your device when you are not using it---especially when
|
||||||
|
you are traveling. Ensure that your device [does not continue pinging access
|
||||||
|
points when wireless is disabled][3].
|
||||||
|
|
||||||
|
Better yet, fight back. Consider exploring how to spoof your MAC address,
|
||||||
|
perhaps randomly generating one every so often. Consider the possibilities
|
||||||
|
of activist groups that may pollute these spy databases by gathering a list
|
||||||
|
of unique MAC addresses of passerbys for the purpose of rebroadcasting them
|
||||||
|
at random intervals---which you could even do using long-range antennas
|
||||||
|
targeted at these devices.[^7] If done properly to mimic models of common
|
||||||
|
travel patterns, the data that these spy devices gather would become
|
||||||
|
unreliable.[^8]
|
||||||
|
|
||||||
|
Surveillance by any entity---be it [governments][5], corporations,
|
||||||
|
individuals or otherwise---is not acceptable.
|
||||||
|
|
||||||
|
[2]: http://en.wikipedia.org/wiki/Promiscuous_mode
|
||||||
|
[3]: http://arstechnica.com/gadgets/2013/08/review-android-4-3-future-proofs-the-platform-with-multitude-of-minor-changes/3/#p15
|
||||||
|
[4]: http://arstechnica.com/security/2013/08/diy-stalker-boxes-spy-on-wi-fi-users-cheaply-and-with-maximum-creep-value/
|
||||||
|
[5]: /2013/06/national-uproar-a-comprehensive-overview-of-the-nsa-leaks-and-revelations
|
||||||
|
[6]: http://renewlondon.com
|
||||||
|
|
||||||
|
[^7]: Disclaimer: Please research your local laws.
|
||||||
|
|
||||||
|
[^8]: Of course, it is important that such an activity in itself does not
|
||||||
|
violate a person's privacy, and so such collection must be done in a manner
|
||||||
|
that cannot in itself identify the person's travel patterns (e.g. by
|
||||||
|
not storing information on what access point the data was collected from).
|
||||||
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
# Facebook knows about you even if you are not a member
|
||||||
|
|
||||||
|
An article about [the scope of Facebook's data collection][0] speaks for
|
||||||
|
itself; this really does not come as a surprise, but is nonetheless
|
||||||
|
unsettling.
|
||||||
|
|
||||||
|
[0]: http://www.groovypost.com/news/facebook-shadow-accounts-non-users/
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
Encourage your friends, colleagues and acquaintances to use services like
|
||||||
|
[Diaspora][1] that are respectful of your data instead. Better yet: explain
|
||||||
|
to those individuals the problems of social media services and ask that they
|
||||||
|
respectfully leave you out of it.
|
||||||
|
|
||||||
|
[1]: https://joindiaspora.com/
|
||||||
|
|
|
@ -0,0 +1,40 @@
|
||||||
|
# Windows 8.1 to display targeted advertisements on local system searches
|
||||||
|
|
||||||
|
It is very disturbing that [Microsoft decided that it would be a good idea
|
||||||
|
to display targeted ads on local searches][0]---that is, if you search for a
|
||||||
|
file on your PC named "finances", you may get ads for finance software,
|
||||||
|
taxes, etc. If you search for "porn", well, you get the idea.
|
||||||
|
|
||||||
|
> Bing Ads will be an integral part of this new Windows 8.1 Smart Search
|
||||||
|
> experience. Now, with a single campaign setup, advertisers can connect
|
||||||
|
> with consumers across Bing, Yahoo! and the new Windows Search with highly
|
||||||
|
> relevant ads for their search queries. In addition, Bing Ads will include
|
||||||
|
> Web previews of websites and the latest features like site links, location
|
||||||
|
> and call extensions, making it easier for consumers to complete tasks and
|
||||||
|
> for advertisers to drive qualified leads.[[1]]
|
||||||
|
|
||||||
|
[0]: http://www.computerworld.com/s/article/9241524/Steven_J._Vaughan_Nichols_Microsoft_Bing_bang_bungles_local_search
|
||||||
|
[1]: http://community.bingads.microsoft.com/ads/en/bingads/b/blog/archive/2013/07/02/new-search-ad-experiences-within-windows-8-1.aspx
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
While that is certainly obnoxious, consider the larger issue of privacy
|
||||||
|
(which seems to be in the news a lot lately[[2]][[3]]): Late last year, there
|
||||||
|
was an uproar in the Free Software community when [Ubuntu decided to query
|
||||||
|
Amazon---enabled by default---on local searches][4] using their new Unity
|
||||||
|
interface. The problem is that your personal queries are being sent to a
|
||||||
|
third party---queries that you generally would expect to be private. If I
|
||||||
|
run a `find' or `grep' command on my system, I certainly do not expect it to
|
||||||
|
report to Amazon or Microsoft what I am searching for.
|
||||||
|
|
||||||
|
And to make matters even worse, Microsoft is exploiting this information to
|
||||||
|
allow advertisers to target you. [Ironic.][5]
|
||||||
|
|
||||||
|
[Do not use Windows 8][6] (or any other proprietary software, for that
|
||||||
|
matter).
|
||||||
|
|
||||||
|
[2]: /2013/08/facebook-knows-about-you-even-if-you-are-not-a-member
|
||||||
|
[3]: /2013/06/national-uproar-a-comprehensive-overview-of-the-nsa-leaks-and-revelations
|
||||||
|
[4]: http://www.fsf.org/blogs/rms/ubuntu-spyware-what-to-do
|
||||||
|
[5]: http://www.scroogled.com/email/
|
||||||
|
[6]: https://www.fsf.org/windows8
|
|
@ -0,0 +1,64 @@
|
||||||
|
# Measuring Air Temperature With Phone Batteries
|
||||||
|
|
||||||
|
OpenSignal---a company responsible for mapping wireless signal
|
||||||
|
strength by gathering data using mobile device software---noticed [an
|
||||||
|
interest correlation between battery temperature on devices and air
|
||||||
|
temperature][0].
|
||||||
|
|
||||||
|
> Aggregating daily battery temperature readings to city level revealed a
|
||||||
|
> strong correlation with historic outdoor air temperature. With a
|
||||||
|
> mathematical transformation, the average battery temperature across a
|
||||||
|
> group of phones gives the outdoor air temperature.
|
||||||
|
|
||||||
|
[0]: http://opensignal.com/reports/battery-temperature-weather/
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
**Note:** Graph renderings on their website require proprietary JavaScript, but
|
||||||
|
the article does describe it in detail, so it is not necessary. In
|
||||||
|
particular, note that, from [their provided equation][0], their scaling factor
|
||||||
|
`m' implies that there is a smaller variance in battery temperature in the
|
||||||
|
graph than there is in the actual air temperature, but that there is still a
|
||||||
|
correlation.
|
||||||
|
|
||||||
|
This is an interesting find. The article further states that "[...] we have
|
||||||
|
one data point where the Android data is actually more reliable than the
|
||||||
|
traditional source."
|
||||||
|
|
||||||
|
Such data can be very useful in providing decentralized data, so long as
|
||||||
|
[issues of privacy][1] are addressed. Doing so is not terribly difficult,
|
||||||
|
but would have a number of factors. In particular, the user would need the
|
||||||
|
means to submit data anonymously, which could be done via software/networks
|
||||||
|
such as [Tor][2]. GPS location data is certainly a privacy issue when it is
|
||||||
|
tied to your mobile device, but fortunately, it's unneeded: you can trust
|
||||||
|
your users to let you know where they reside by either (a) opting into using
|
||||||
|
location services or (b) allowing them to specify a location or approximate
|
||||||
|
location of their choosing (approximations would be important since a user
|
||||||
|
may not wish to change their location manually while they travel, say, to
|
||||||
|
and from work). If enough devices submit data, then legitimate data would
|
||||||
|
drown out those who are trying to purposefully pollute the database. Such an
|
||||||
|
example can be seen with Bitcoin, in which networks will [reach a consensus
|
||||||
|
on correct blockchains][3] so long as "a majority of computing power is
|
||||||
|
controlled by nodes that are not cooperating to attack the network". Of
|
||||||
|
course, users would be able to pollute the network by sending false data as
|
||||||
|
it is, and the [data is already tarnished from various factors such as body
|
||||||
|
heat][0].
|
||||||
|
|
||||||
|
Of course, I do assume that mobile devices will contain temperature sensors
|
||||||
|
in the future; [some already do][4] (but I cannot encourage their use, as
|
||||||
|
they use [proprietary software][5]). However, this is still a clever hack (I
|
||||||
|
suppose that term is redundant). In my searching while writing this article,
|
||||||
|
I did notice [prior examples of ambient temperature readings using Android
|
||||||
|
software][6] ([proprietary][5]), but the software does not aggregate data
|
||||||
|
for purposes of determining weather patterns.
|
||||||
|
|
||||||
|
Finally, please do not download OpenSignal's app; it too is
|
||||||
|
[proprietary][5]; this discussion was purely from a conceptual standpoint
|
||||||
|
and does not endorse any software.
|
||||||
|
|
||||||
|
[1]: /2013/08/london-trashcan-spies
|
||||||
|
[2]: https://www.torproject.org/
|
||||||
|
[3]: http://en.wikipedia.org/wiki/Protocol_of_Bitcoin
|
||||||
|
[4]: http://stackoverflow.com/a/11628921
|
||||||
|
[5]: http://www.gnu.org/philosophy/free-sw.html
|
||||||
|
[6]: https://play.google.com/store/apps/details?id=androidesko.android.electronicthermometer&hl=en
|
|
@ -0,0 +1,209 @@
|
||||||
|
# FreeBSD, Clang and GCC: Copyleft vs. Community
|
||||||
|
|
||||||
|
A useful perspective explaining why [FreeBSD is moving away from GCC in
|
||||||
|
favor of Clang][0]; indeed, they are moving away from GPL-licensed software
|
||||||
|
in general. While this is [not a perspective that I personally agree
|
||||||
|
with][1], it is one that I will respect for the project. It is worth
|
||||||
|
understanding the opinions of those who disagree with you to better
|
||||||
|
understand and formulate your own perspective.
|
||||||
|
|
||||||
|
[0]: http://unix.stackexchange.com/a/49970
|
||||||
|
[1]: /2012/11/vlcs-move-to-lgpl
|
||||||
|
|
||||||
|
But I am still a free software activist.
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
According to the [FreeBSD FAQ][2]:
|
||||||
|
|
||||||
|
> The goal of the FreeBSD Project is to provide a stable and fast general
|
||||||
|
> purpose operating system that may be used for any purpose without strings
|
||||||
|
> attached.
|
||||||
|
|
||||||
|
As is mentioned in [the aforementioned article][0], the BSD community does not
|
||||||
|
hold the same opinions on what constitutes "without strings
|
||||||
|
attached"---the BSD community [considers the restriction on the user's
|
||||||
|
right to make proprietary use of the software to be a "string"][2],
|
||||||
|
whereas the free software community under [RMS][3] believes that [the
|
||||||
|
ability to make a free program proprietary is unjust][4]:
|
||||||
|
|
||||||
|
> Making a program proprietary is an exercise of power. Copyright law today
|
||||||
|
> grants software developers that power, so they and only they choose the
|
||||||
|
> rules to impose on everyone else—a relatively small number of people make
|
||||||
|
> the basic software decisions for all users, typically by denying their
|
||||||
|
> freedom. When users lack the freedoms that define free software, they
|
||||||
|
> can't tell what the software is doing, can't check for back doors, can't
|
||||||
|
> monitor possible viruses and worms, can't find out what personal
|
||||||
|
> information is being reported (or stop the reports, even if they do find
|
||||||
|
> out). If it breaks, they can't fix it; they have to wait for the developer
|
||||||
|
> to exercise its power to do so. If it simply isn't quite what they need,
|
||||||
|
> they are stuck with it. They can't help each other improve it.
|
||||||
|
|
||||||
|
The [Modified BSD License][5] is a GPL-compatible Free Software
|
||||||
|
license---that is, software licensed under the Modified BSD license meets
|
||||||
|
the requirements of the [Free Software Definition][6]. The additional
|
||||||
|
"string" that the BSD community is referring to is the concept of
|
||||||
|
[copyleft][7]---Richard Stallman's copyright hack and one of his most
|
||||||
|
substantial contributions to free software and free society. To put it into
|
||||||
|
the [words of the FSF][7]:
|
||||||
|
|
||||||
|
> Copyleft is a general method for making a program (or other work) free,
|
||||||
|
> and requiring all modified and extended versions of the program to be free
|
||||||
|
> as well.
|
||||||
|
|
||||||
|
Critics often adopt the term ["viral" in place of "copyleft"][8] because
|
||||||
|
of the requirement that all derivatives must contain the same copyleft
|
||||||
|
terms---the derivative must itself be Free Software, perpetually (until, of
|
||||||
|
course, the copyright term expires and it becomes part of the public domain,
|
||||||
|
[if such a thing will ever happen at this rate][9]). In the case of the
|
||||||
|
Modified BSD license---being a more permissive license that is non-copyleft
|
||||||
|
and thus allows proprietary derivatives---derivative works that include both
|
||||||
|
BSD- and GPL-licensed code essentially consume the [Modified BSD license's
|
||||||
|
terms][10], which are a subset of the [GPL's][11]. Of course, this is not
|
||||||
|
pursuant to [FreeBSD's goals][2] and so they consider this to be a bad
|
||||||
|
thing: There are "strings attached".
|
||||||
|
|
||||||
|
This is more demonstrative of the ["open source" philosophy than that of
|
||||||
|
"Free Software"][12] (yes, notice the bias in my capitalization of these
|
||||||
|
terms).
|
||||||
|
|
||||||
|
[Copyleft is important][7] because it ensures that all users will forever
|
||||||
|
have the [four fundamental freedoms associated with Free Software][6]. The
|
||||||
|
GPL incorporates copyleft; BSD licenses do not. Consider why this is a
|
||||||
|
problem: Imagine some software Foo licensed under [the Modified BSD
|
||||||
|
license][10]. Foo is free software; it is licensed under a [free software
|
||||||
|
license (Modified BSD)][5]. Now consider that someone makes a fork---a
|
||||||
|
derivative---of Foo, which we will call "Foobar". Since [the Modified BSD
|
||||||
|
license is not copyleft][10], the author of Foobar decides that he or she
|
||||||
|
does not wish to release its source code; this is perfectly compliant with
|
||||||
|
the Modified BSD license, as it does not require that source code be
|
||||||
|
distributed with a binary (it only requires---via its [second
|
||||||
|
clause][10]---that the copyright notice, list of conditions and disclaimer be
|
||||||
|
provided).
|
||||||
|
|
||||||
|
The author has just taken Foo and made it proprietary.
|
||||||
|
|
||||||
|
The FreeBSD community is okay with this; [the free software community is
|
||||||
|
not][4]. There is a distinction between these two parties: When critics of
|
||||||
|
copyleft state that they believe the GPL is "less free" than more
|
||||||
|
permissive licenses such as the BSD licenses, they are taking into
|
||||||
|
consideration the freedoms of developers and distributors; the GPL, on the
|
||||||
|
other hand, explicirly *restricts* these parties' rights in order to protect
|
||||||
|
the *users* because those parties are precisely those that seek to *restrict
|
||||||
|
the users' freedoms*; we cannot provide such freedoms to developers and
|
||||||
|
distributors without sacrificing the rights of the vulnerable users who
|
||||||
|
generally do not have the skills to protect themselves from being taken
|
||||||
|
advantage of.[^13] Free software advocates have exclusive, unwaivering
|
||||||
|
loyalty to users.
|
||||||
|
|
||||||
|
As an example of the friction between the two communities, consider a
|
||||||
|
concept that has been termed ["tivoization"][14]:
|
||||||
|
|
||||||
|
> Tivoization means certain “appliances” (which have computers inside)
|
||||||
|
> contain GPL-covered software that you can't effectively change, because
|
||||||
|
> the appliance shuts down if it detects modified software. The usual
|
||||||
|
> motive for tivoization is that the software has features the manufacturer
|
||||||
|
> knows people will want to change, and aims to stop people from changing
|
||||||
|
> them. The manufacturers of these computers take advantage of the freedom
|
||||||
|
> that free software provides, but they don't let you do likewise.
|
||||||
|
|
||||||
|
This [anti-feature][15] is a type of [Digital Restrictions Management
|
||||||
|
(DRM)][16] that exposes a [loophole in the GPL that was closed in
|
||||||
|
Section 3 of the GPLv3][14], which [requires that][11]:
|
||||||
|
|
||||||
|
> When you convey a covered work, you waive any legal power to forbid
|
||||||
|
> circumvention of technological measures to the extent such circumvention
|
||||||
|
> is effected by exercising rights under this License with respect to the
|
||||||
|
> covered work, and you disclaim any intention to limit operation or
|
||||||
|
> modification of the work as a means of enforcing, against the work's
|
||||||
|
> users, your or third parties' legal rights to forbid circumvention of
|
||||||
|
> technological measures.
|
||||||
|
|
||||||
|
Unfortunately, not everyone has agreed with this move. A number of
|
||||||
|
[developers of the kernel Linux expressed their opposition of GPLv3][17]. In
|
||||||
|
response to the aforementioned GPLv3 provision, they stated:
|
||||||
|
|
||||||
|
> While we find the use of DRM by media companies in their attempts to reach
|
||||||
|
> into user owned devices to control content deeply disturbing, our belief
|
||||||
|
> in the essential freedoms of section 3 forbids us from ever accepting any
|
||||||
|
> licence which contains end use restrictions. The existence of DRM abuse is
|
||||||
|
> no excuse for curtailing freedoms.
|
||||||
|
|
||||||
|
Linus Torvalds---the original author of the kernel Linux---also [expressed
|
||||||
|
his distaste toward the GPLv3][18]; the kernel is today still licensed under
|
||||||
|
the GPLv2.
|
||||||
|
|
||||||
|
[The BSD camp has similar objections][19]:
|
||||||
|
|
||||||
|
> Appliance vendors in particular have the most to lose if the large body of
|
||||||
|
> software currently licensed under GPLv2 today migrates to the new license.
|
||||||
|
> They will no longer have the freedom to use GPLv3 software and restrict
|
||||||
|
> modification of the software installed on their hardware. High support
|
||||||
|
> costs ("I modified the web server on my Widget 2000 and it stopped
|
||||||
|
> running...") and being unable to guarantee adherence to specifications in
|
||||||
|
> order to gain licensing (e.g. FCC spectrum use, Cable TV and media DRM
|
||||||
|
> requirements) are only two of a growing list of issues for these
|
||||||
|
> users. --Justin Gibbs, VP of The FreeBSD Foundation
|
||||||
|
|
||||||
|
My thoughts while reading the above where echoed by Gibbs further on in his
|
||||||
|
statement: "[T]he stark difference between the BSD licensing philosophy and
|
||||||
|
that of the Free Software Foundation are only too clear." For the FreeBSD
|
||||||
|
community, this is a very serious issue and their argument is certainly a
|
||||||
|
legitimate concern on the surface. However, it is an argument that the Free
|
||||||
|
Software community would do well to reject: Why would we wish to sacrifice
|
||||||
|
users' freedoms for any reason, let alone these fairly absurd ones. In
|
||||||
|
particular, a support contract could dictate that only unmodified software
|
||||||
|
will be provided assistance and even mandate that the hardware indicate
|
||||||
|
changes in software: like breaking the "void" sticker when opening a
|
||||||
|
hardware component. Moreover, how frequently would such a situation
|
||||||
|
actually happen relative to their entire customer base? My guess is: fairly
|
||||||
|
infrequently. The second issue is a more complicated one, as I am not as
|
||||||
|
familiar on such topics, but a manufacturer can still assert that the
|
||||||
|
software that it provides with its devices is compliant. If the compliance
|
||||||
|
process forbids any possibility of brining the software into
|
||||||
|
non-compliance---that is, allowing the user to modify the software---then
|
||||||
|
the hardware manufacturer can choose to not use free software (and free
|
||||||
|
software advocates will subsequently reject it until standards bodies grow
|
||||||
|
up).
|
||||||
|
|
||||||
|
As I mentioned at the beginning of this article: this is a view that I will
|
||||||
|
respect for the project. I disagree with it, but FreeBSD is still free
|
||||||
|
software and we would do well not to discriminate against it simply because
|
||||||
|
someone else may decide to bastardize it and betray their users by making it
|
||||||
|
proprietary or providing [shackles][16]. However, provided the licensing;
|
||||||
|
option for your own software, you should choose the GPL.
|
||||||
|
|
||||||
|
**Colophon:** The title of this article is a play on [RMS' "Copyright vs.
|
||||||
|
Communty"][20], which is a title to a speech he frequently provides
|
||||||
|
worldwide. His speech covers how copyright works against the interests of
|
||||||
|
the community; here, BSD advocates aruge that [copyleft][7] works against
|
||||||
|
the interests of *their* community and their users; I figured that I would
|
||||||
|
snag this title as a free software advocate before someone else opposing
|
||||||
|
copyleft did.
|
||||||
|
|
||||||
|
[2]: http://www.freebsd.org/doc/faq/introduction.html#FreeBSD-goals
|
||||||
|
[3]: http://en.wikipedia.org/wiki/Richard_Stallman
|
||||||
|
[4]: http://www.gnu.org/philosophy/freedom-or-power.html
|
||||||
|
[5]: http://www.gnu.org/licenses/license-list.html#ModifiedBSD
|
||||||
|
[6]: http://www.gnu.org/philosophy/free-sw.html
|
||||||
|
[7]: http://www.gnu.org/copyleft/
|
||||||
|
[8]: http://en.wikipedia.org/wiki/Copyleft#Viral_licensing
|
||||||
|
[9]: http://www.gnu.org/philosophy/misinterpreting-copyright.html
|
||||||
|
[10]: http://en.wikipedia.org/wiki/BSD_licenses
|
||||||
|
[11]: http://www.gnu.org/licenses/gpl.html
|
||||||
|
[12]: http://www.gnu.org/philosophy/open-source-misses-the-point.html
|
||||||
|
|
||||||
|
[^13]: Technically, the GPL exercises restrictions only on distributors; a
|
||||||
|
developer can integrate GPL'd code into their proprietary software so
|
||||||
|
long as they do not distribute it [(as defined in the GPL)][11]. However,
|
||||||
|
developers often have to cater to distributors, since software will
|
||||||
|
generally be distributed; if it is not, then it is not relevant to this
|
||||||
|
discussion.
|
||||||
|
|
||||||
|
[14]: http://www.gnu.org/licenses/rms-why-gplv3.html
|
||||||
|
[15]: http://www.fsf.org/blogs/community/antifeatures
|
||||||
|
[16]: http://www.defectivebydesign.org/what_is_drm_digital_restrictions_management
|
||||||
|
[17]: http://lwn.net/Articles/200422/
|
||||||
|
[18]: http://en.wikipedia.org/wiki/Linux_kernel
|
||||||
|
[19]: http://www.freebsdfoundation.org/press/2007Aug-newsletter.shtml
|
||||||
|
[20]: http://www.gnu.org/philosophy/copyright-versus-community.html
|
|
@ -0,0 +1,60 @@
|
||||||
|
# Re: FreeBSD, Clang and GCC: Copyleft vs. Community
|
||||||
|
|
||||||
|
I recently received a comment via e-mail from a fellow GNU hacker Antonio
|
||||||
|
Diaz, who is the author and maintainer of [GNU Ocrad][0], a [free (as in
|
||||||
|
freedom)][1] optical character recognition (OCR) program. His comment was in
|
||||||
|
response to my article entitled [FreeBSD, Clang and GCC: Copyleft vs.
|
||||||
|
Community][2], which details the fundamental difference in philosophy
|
||||||
|
between free software and "open source".
|
||||||
|
|
||||||
|
[0]: https://www.gnu.org/software/ocrad/ocrad.html
|
||||||
|
[1]: https://www.gnu.org/philosophy/free-sw.html
|
||||||
|
[2]: /2013/08/freebsd-clang-and-gcc-copyleft-vs.community
|
||||||
|
|
||||||
|
I found Antonio's perspective to be enlightening, so I asked for his
|
||||||
|
permission to share it here.
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
> I imagine a world where all the Free Software is GPLed. The amount and
|
||||||
|
> usefulness of Free Software grows incesantly because free projects can
|
||||||
|
> reuse the code of previous free projects. Proprietary software is
|
||||||
|
> expensive because every company has to write most of its "products" from
|
||||||
|
> scratch. Most people use Free Software, and proprietary software is mainly
|
||||||
|
> used for specialized tasks for which no free replacement exists yet.
|
||||||
|
>
|
||||||
|
> Now I imagine a world where all the Free Software is really "open source"
|
||||||
|
> (BSD license). Free Software is restricted to the operating system and
|
||||||
|
> basic aplications because the license does not guarantee reciprocity.
|
||||||
|
> Proprietary software is cheap to produce because it is built using the
|
||||||
|
> code of free projects, but it is expensive for the user (in money and
|
||||||
|
> freedom) because there is no real competition from Free Software. Most
|
||||||
|
> people use proprietary software, as Free Software is too basic for most
|
||||||
|
> tasks.
|
||||||
|
>
|
||||||
|
> I think "open source" organizations (specially BSD) are wilfully
|
||||||
|
> destroying the long-term benefits for society of the GPL, and they are
|
||||||
|
> doing it for short-term benefits like popularity and greed:
|
||||||
|
>
|
||||||
|
> "As these companies devise strategies for dealing with GPLv3, so must the
|
||||||
|
> FreeBSD community - strategies that capitalize on this opportunity to
|
||||||
|
> increase adoption of FreeBSD." "Fundraising Update [...] This has
|
||||||
|
> increased the number of people actively approaching companies to make
|
||||||
|
> large contributions."
|
||||||
|
>
|
||||||
|
> https://www.freebsdfoundation.org/press/2007Aug-newsletter.shtml
|
||||||
|
>
|
||||||
|
> Human beings have an innate sense of justice. In absence of reciprocity
|
||||||
|
> one wants to be paid, but I think that reciprocity is much better for
|
||||||
|
> society in the long term.[^3]
|
||||||
|
|
||||||
|
Antonio compels us to think toward the future: while developers releasing
|
||||||
|
their code under permissive licenses like the [Modified BSD License][4] are
|
||||||
|
still making a generous contribution to the free software community today,
|
||||||
|
it may eventually lead to negative consequences by empowering non-free
|
||||||
|
software tomorrow.
|
||||||
|
|
||||||
|
[^3]: Comment by Antonio Diaz; the only modifications made were for
|
||||||
|
formatting.
|
||||||
|
|
||||||
|
[4]: https://www.gnu.org/licenses/license-list.html#ModifiedBSD
|
|
@ -0,0 +1,128 @@
|
||||||
|
# FSF Condemns Partnership Between Mozilla and Adobe to Support DRM
|
||||||
|
|
||||||
|
Two days ago, the Free Software Foundation published [an announcement
|
||||||
|
strongly condemning Mozilla's partnership with Adobe][0] to implement the
|
||||||
|
[controversial W3C Encrypted Media Extensions (EME) API][1]. EME has been
|
||||||
|
strongly criticized by a number of organizations, including the [EFF][2] and
|
||||||
|
the [FSF's DefectiveByDesign campaign team][3] ("Hollyweb").
|
||||||
|
|
||||||
|
[Digital Restrictions Management][4] imposes artificial restrictions on
|
||||||
|
users, telling them what they can and cannot do; it is a system [that does
|
||||||
|
not make sense][5] and is harmful to society. Now, just about [a week after
|
||||||
|
the International Day Against DRM][6], Mozilla decides to [cave into the
|
||||||
|
pressure in an attempt to stay relevant][7] to modern web users, instead of
|
||||||
|
sticking to their [core philosophy about "openness, innovation, and
|
||||||
|
opportunity"][8].
|
||||||
|
|
||||||
|
[0]: http://www.fsf.org/news/fsf-condemns-partnership-between-mozilla-and-adobe-to-support-digital-restrictions-management
|
||||||
|
[1]: https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-media/encrypted-media.html
|
||||||
|
[2]: https://www.eff.org/deeplinks/2013/03/defend-open-web-keep-drm-out-w3c-standards
|
||||||
|
[3]: /2013/03/defective-by-design-campaign-against-w3c-drm-standard
|
||||||
|
[4]: http://www.defectivebydesign.org/what_is_drm_digital_restrictions_management
|
||||||
|
[5]: https://plus.google.com/+IanHickson/posts/iPmatxBYuj2
|
||||||
|
[6]: http://www.defectivebydesign.org/dayagainstdrm
|
||||||
|
[7]: https://blog.mozilla.org/blog/2014/05/14/drm-and-the-challenge-of-serving-users/
|
||||||
|
[8]: http://www.mozilla.org/en-US/about/manifesto/
|
||||||
|
|
||||||
|
John Sullivan requested in the [FSF's announcement] that the community
|
||||||
|
contact Mozilla CTO Andreas Gal in opposition of the decision. This is my
|
||||||
|
message to him:
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
```
|
||||||
|
Date: Wed, 14 May 2014 22:57:02 -0400
|
||||||
|
From: Mike Gerwitz <mikegerwitz@gnu.org>
|
||||||
|
To: agal@mozilla.com
|
||||||
|
Subject: Firefox EME
|
||||||
|
|
||||||
|
Andreas,
|
||||||
|
|
||||||
|
I am writing to you as a free software hacker, activist, and user; notably,
|
||||||
|
I have been using Firefox for over ten years. It has been pivotal, as I do
|
||||||
|
not need to tell you, in creating a free (as in freedom), standard, and
|
||||||
|
accessible internet for millions of users. Imagine my bewildered
|
||||||
|
disappointment, then, to learn that Firefox has chosen to cave into the
|
||||||
|
pressure to [support Digital Restrictions Management through the
|
||||||
|
implementation of EME][0].
|
||||||
|
|
||||||
|
Mitchell Baker made a feeble attempt at [rationalizing this decision][0] as
|
||||||
|
follows:
|
||||||
|
|
||||||
|
[...] Mozilla alone cannot change the industry on DRM at this point. In
|
||||||
|
the past Firefox has changed the industry, and we intend to do so again.
|
||||||
|
Today, however, we cannot cause the change we want regarding DRM. The
|
||||||
|
other major browser vendors =E2=80=94 Google, Microsoft and Apple have already
|
||||||
|
implemented the new system. In addition, the old system will be retired
|
||||||
|
shortly. As a result, the new implementation of DRM will soon become the
|
||||||
|
only way browsers can provide access to DRM-controlled content.
|
||||||
|
|
||||||
|
She goes on to explain how "video is an important aspect of online life"
|
||||||
|
and that Firefox would be "deeply flawed as a consumer product" if it did
|
||||||
|
not implement Digital Restrictions Management. This is precisely the FUD
|
||||||
|
that the "content owners" she describes, and corporations like Adobe, have
|
||||||
|
been pushing: Mozilla understands that the solution is not to implement DRM,
|
||||||
|
but to fight to encourage content to be published *without* being
|
||||||
|
DRM-encumbered. Unfortunately, they will now have little motivation to do
|
||||||
|
so, with every major browser endorsing EME.
|
||||||
|
|
||||||
|
She defers to a post by Andreas Gal [for more implementation details][1], in
|
||||||
|
which he mentions that the proprietary CDM virus (which will be happily
|
||||||
|
provided by Adobe) will be protected by a sandbox to prevent certain spying
|
||||||
|
activities like fingerprinting. While this is better than nothing, it's a
|
||||||
|
clear attempt by Mozilla to help make a terrible situation a little bit
|
||||||
|
better.
|
||||||
|
|
||||||
|
He goes on to say:
|
||||||
|
|
||||||
|
There is also a silver lining to the W3C EME specification becoming
|
||||||
|
ubiquitous. With direct support for DRM we are eliminating a major use
|
||||||
|
case of plugins on the Web, and in the near future this should allow us to
|
||||||
|
retire plugins altogether.=20
|
||||||
|
|
||||||
|
Let us not try to veil the problem and make things look more rosy than they
|
||||||
|
actually are: this is not a silver lining; it is not appropriate to have a
|
||||||
|
standardized way of manipulating and taking advantage of users.
|
||||||
|
|
||||||
|
It is true that Firefox was in an unfortunate position: many users would
|
||||||
|
indeed grow frustrated that they cannot watch their favorite TV shows and
|
||||||
|
movies using Firefox. But Firefox could have served, when the EME API was
|
||||||
|
used, static content that provided a brief explanation and a link for more
|
||||||
|
information on the problem. They could have educated users and encourage an
|
||||||
|
even stronger outcry.
|
||||||
|
|
||||||
|
Instead, we are working with the corrupt W3C to implement a seamlessly
|
||||||
|
shackled web. Mozilla wants to propose alternative solutions to DRM/EME, but
|
||||||
|
by implementing it, their position is weakened.
|
||||||
|
|
||||||
|
This is a difficult and uncomfortable step for us given our vision of a
|
||||||
|
completely open Web, but it also gives us the opportunity to actually
|
||||||
|
shape the DRM space and be an advocate for our users and their rights in
|
||||||
|
this debate. [1]
|
||||||
|
|
||||||
|
Such advocacy has been done and can continue to be done by Mozilla without
|
||||||
|
the implementation of EME; once implemented, the standard will be virtually
|
||||||
|
solidified---what is the incentive for W3C et. al. to find alternatives to a
|
||||||
|
system that is already "better than" the existing Flash and Silverlight
|
||||||
|
situation?
|
||||||
|
|
||||||
|
On behalf of the free software community, I strongly encourage your
|
||||||
|
reconsideration on the matter. Mozilla is valued by the free software
|
||||||
|
community for its attention to freedoms. Stand with us and fight. You're in
|
||||||
|
a powerful position to do so.
|
||||||
|
|
||||||
|
[0]: https://blog.mozilla.org/blog/2014/05/14/drm-and-the-challenge-of-serving-users/
|
||||||
|
[1]: https://hacks.mozilla.org/2014/05/reconciling-mozillas-mission-and-w3c-eme/
|
||||||
|
```
|
||||||
|
|
||||||
|
The following day, I [submitted the FSF announcement to HackerNews][9]
|
||||||
|
(surprised that it was not there already) in an attempt to bring further
|
||||||
|
coverage to the matter and hopefully spur on some discussion. And discuss
|
||||||
|
they did: it was on the front page for the entire day and, at the time of
|
||||||
|
writing, boasts 261 comments, many of them confused and angry. I sent the HN
|
||||||
|
link to Andreas in a follow-up as well.
|
||||||
|
|
||||||
|
Mozilla has a vast userbase and is in the position to fight for a DRM-free
|
||||||
|
web. Please voice your opinion and hope that they reverse their decision.
|
||||||
|
|
||||||
|
[9]: https://news.ycombinator.com/item?id=7749108
|
|
@ -0,0 +1,65 @@
|
||||||
|
# Please stop using SlideShare
|
||||||
|
|
||||||
|
There are many great presentations out there---many that I enjoy
|
||||||
|
reading, or that I would enjoy to read. Unfortunately, many of them
|
||||||
|
are hosted on SlideShare, which requires me to download proprietary
|
||||||
|
JavaScript.
|
||||||
|
|
||||||
|
[JavaScript programs require the same freedoms as any other
|
||||||
|
software][0]. While SlideShare does (sometimes/always?) provide a
|
||||||
|
transcript in plain text---which is viewable without JavaScript---this
|
||||||
|
is void of the important and sometimes semantic formatting/images that
|
||||||
|
presenters put much time into; you know: the actual presentation bits.
|
||||||
|
(I'm a fan of plain-text presentations, but they each have their own
|
||||||
|
design elements).
|
||||||
|
|
||||||
|
[0]: https://www.gnu.org/software/easejs/whyfreejs.html
|
||||||
|
|
||||||
|
There are ways around this. SlideShare's interactive UI appears to
|
||||||
|
simply be an image viewer, so it is possible to display all sides
|
||||||
|
using a fairly simple hack:
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
```javascript
|
||||||
|
Array.prototype.slice.call(
|
||||||
|
document.getElementsByClassName( 'slide' ) )
|
||||||
|
.forEach( function( slide ) {
|
||||||
|
slide.classList.add( 'show' );
|
||||||
|
|
||||||
|
var img = slide.getElementsByClassName( 'slide_image' )[0];
|
||||||
|
img.src = img.dataset.full;
|
||||||
|
} );
|
||||||
|
```
|
||||||
|
|
||||||
|
This will display all slides inline. But there's a clear problem with
|
||||||
|
this: how is the non-JS-programmer supposed to know that? Even
|
||||||
|
JavaScript programmers have to research the issue in order to come up
|
||||||
|
with a solution.
|
||||||
|
|
||||||
|
But ideally, I'd like to download the presentation PDF. SlideShare
|
||||||
|
does offer a download link, but not only does it not work with
|
||||||
|
JavaScript disabled, but it requires that the user create an account.
|
||||||
|
This is no good, as it can be used to track users or discover
|
||||||
|
identities by analyzing viewing habits. This would allow
|
||||||
|
de-anonymizing users, even if they have [taken measures to remain
|
||||||
|
anonymous][1].
|
||||||
|
|
||||||
|
(By the way: at the time that I wrote this post, the [EFF's
|
||||||
|
Surveillance Self-Defense Guide][1] is [LibreJS compatible][2] and the
|
||||||
|
JavaScript code that it runs is mostly free.)
|
||||||
|
|
||||||
|
I encourage presenters (and authors in general) to release the slides
|
||||||
|
in an [unencumbered document format][3], like PDF, HTML, OpenDocument,
|
||||||
|
or plain text. Those formats should be hosted on their own website,
|
||||||
|
or websites that allow downloading those files without having to
|
||||||
|
execute proprietary JavaScript, and without having to log in. If
|
||||||
|
those authors *must* use SlideShare for whatever reason, then they
|
||||||
|
should clearly provide a link to that free document format somewhere
|
||||||
|
that users can access without having to execute SlideShare's
|
||||||
|
proprietary JavaScript, such as on the first slide. (The description
|
||||||
|
is iffy, since it is truncated and requires JavaScript to expand.)
|
||||||
|
|
||||||
|
[1]: https://ssd.eff.org/
|
||||||
|
[2]: https://www.gnu.org/software/librejs/
|
||||||
|
[3]: http://www.fsf.org/campaigns/opendocument/reject
|
|
@ -0,0 +1,257 @@
|
||||||
|
# Gitlab, Gitorious, and Free Software
|
||||||
|
|
||||||
|
*This article originally appeared as a guest post on the [GitLab
|
||||||
|
blog][orig-post].*
|
||||||
|
|
||||||
|
In early March of this year, it was announced that
|
||||||
|
[GitLab would acquire Gitorious][0] and shut down `gitorious.org` by 1
|
||||||
|
June, 2015. [Reactions from the community][1] were mixed, and
|
||||||
|
understandably so: while GitLab itself is a formidable alternative to wholly
|
||||||
|
proprietary services, its acquisition of Gitorious strikes a chord with the
|
||||||
|
free software community that gathered around Gitorious in the name of
|
||||||
|
[software freedom][2].
|
||||||
|
|
||||||
|
[0]: https://about.gitlab.com/2015/03/03/gitlab-acquires-gitorious/
|
||||||
|
[1]: https://news.ycombinator.com/item?id=9138419
|
||||||
|
[2]: https://www.gnu.org/philosophy/free-sw.html
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
After hearing that announcement,
|
||||||
|
[as a free software hacker and activist myself][11], I was naturally
|
||||||
|
uneasy. Discussions of alternatives to Gitorious and GitLab ensued on the
|
||||||
|
[`libreplanet-discuss`][12] mailing list. Sytse Sijbrandij (GitLab
|
||||||
|
B.V. CEO) happened to be present on that list;
|
||||||
|
[I approached him very sternly][13] with a number of concerns, just as I
|
||||||
|
would with anyone that I feel does not understand certain aspects of the
|
||||||
|
[free software philosophy][2]. To my surprise, this was not the case at
|
||||||
|
all.
|
||||||
|
|
||||||
|
Sytse has spent a lot of time accepting and considering community input for
|
||||||
|
both the Gitorious acquisition and GitLab itself. He has also worked with
|
||||||
|
me to address some of the issues that I had raised. And while these issues
|
||||||
|
won't address everyone's concerns, they do strengthen GitLab's commitment to
|
||||||
|
[software freedom][2], and are commendable.
|
||||||
|
|
||||||
|
I wish to share some of these details here; but to do so, I first have to
|
||||||
|
provide some background to explain what the issues are, and why they are
|
||||||
|
important.
|
||||||
|
|
||||||
|
|
||||||
|
## Free Software Ideology
|
||||||
|
[Gitorious][3] was (and still is) one of the most popular Git repository
|
||||||
|
hosts, and largely dominated until the introduction of GitHub. But even as
|
||||||
|
users flocked to [GitHub's proprietary services][28], users who value freedom
|
||||||
|
continued to support Gitorious, both on `gitorious.org` and by installing
|
||||||
|
their own instances on their own servers. Since Gitorious is
|
||||||
|
[free software][2], users are free to study, modify, and share it with
|
||||||
|
others. But [software freedom does not apply to Services as a
|
||||||
|
Software Substitute (SaaSS)][4] or remote services---you cannot apply the
|
||||||
|
[four freedoms][2] to something that you do not yourself possess---so why do
|
||||||
|
users still insist on using `gitorious.org` despite this?
|
||||||
|
|
||||||
|
The matter boils down to supporting a philosophy: The
|
||||||
|
[GNU General Public License (GPL)][6] is a license that turns copyright on
|
||||||
|
its head: rather than using copyright to restrict what users can do with a
|
||||||
|
program, the GPL instead [ensures users' freedoms][8] to study, modify, and
|
||||||
|
share it. But that isn't itself enough: to ensure that the software always
|
||||||
|
remains free (as in freedom), the GPL ensures that all *derivatives* are
|
||||||
|
*also* licensed under similar terms. This is known as [copyleft][9], and it
|
||||||
|
is vital to the free software movement.
|
||||||
|
|
||||||
|
Gitorious is licensed under the
|
||||||
|
[GNU Affero General Public License Version 3 (AGPLv3)][5]---this takes the
|
||||||
|
[GPL][6] and adds an additional requirement: if a modified version of the
|
||||||
|
program is run on a sever, users communicating with the program on that
|
||||||
|
server must have access to the modified program's source code. This ensures
|
||||||
|
that [modifications to the program are available to all users][7]; they
|
||||||
|
would otherwise be hidden in private behind the server, with others unable
|
||||||
|
to incorporate, study, or share them. The AGPLv3 is an ideal license for
|
||||||
|
Gitorious, since most of its users will only ever interact with it over a
|
||||||
|
network.
|
||||||
|
|
||||||
|
GitLab is also free software: its [Expat license][10] (commonly referred to
|
||||||
|
ambiguously as the "MIT license") permits all of the same freedoms that
|
||||||
|
are granted under the the GNU GPL. But it does so in a way that is highly
|
||||||
|
permissive: it permits relicensing under *any* terms, free or not. In other
|
||||||
|
words, one can fork GitLab and derive a proprietary version from it, making
|
||||||
|
changes that deny users [their freedoms][2] and cannot be incorporated back
|
||||||
|
into the original work.
|
||||||
|
|
||||||
|
This is the issue that the free software community surrounding Gitorious has
|
||||||
|
a problem with: any changes contributed to GitLab could in turn benefit a
|
||||||
|
proprietary derivative. This situation isn't unique to GitLab: it applies
|
||||||
|
to all non-copyleft ("permissive") [free software licenses][26]. And this
|
||||||
|
issue is realized by GitLab itself in the form of its GitLab Enterprise
|
||||||
|
Edition (GitLab EE): a proprietary derivative that adds additional
|
||||||
|
features atop of GitLab's free Community Edition (CE). For this reason,
|
||||||
|
many free software advocates are uncomfortable contributing to GitLab, and
|
||||||
|
feel that they should instead support other projects; this, in turn, means
|
||||||
|
not supporting GitLab by using and drawing attention to their hosting
|
||||||
|
services.
|
||||||
|
|
||||||
|
The copyleft vs. permissive licensing debate is one of the free software
|
||||||
|
movement's most heated. I do not wish to get into such a debate here. One
|
||||||
|
thing is clear: GitLab Community Edition (GitLab CE) is free
|
||||||
|
software. Richard Stallman (RMS) [responded directly to the thread on
|
||||||
|
`libreplanet-discuss`][20], stating plainly:
|
||||||
|
|
||||||
|
> We have a simple way of looking at these two versions. The free
|
||||||
|
> version is free software, so it is ethical. The nonfree version is
|
||||||
|
> nonfree software, so it is not ethical.
|
||||||
|
|
||||||
|
Does GitLab CE deserve attention from the free software community? I
|
||||||
|
believe so. Importantly, there is another strong consideration: displacing
|
||||||
|
proprietary services like GitHub and Bitbucket, which host a large number of
|
||||||
|
projects and users. GitLab has a strong foothold, which is an excellent
|
||||||
|
place for a free software project to be in.
|
||||||
|
|
||||||
|
If we are to work together as a community, we need to respect GitLab's
|
||||||
|
free licensing choices just as we expect GitLab to respect ours. Providing
|
||||||
|
respect does not mean that you are conceding: I will never personally use a
|
||||||
|
non-copyleft license for my software; I'm firmly rooted in my dedication to
|
||||||
|
the [free software philosophy][2], and I'm sure that many other readers are
|
||||||
|
too. But using a non-copyleft license, although many of us consider it to
|
||||||
|
be a weaker alternative, [is not wrong][23].
|
||||||
|
|
||||||
|
|
||||||
|
## Free JavaScript
|
||||||
|
As I mentioned above,
|
||||||
|
[software freedom and network services are separate issues][4]---the four
|
||||||
|
freedoms do not apply to interacting with `gitlab.com` purely over a network
|
||||||
|
connection, for example, because you are not running its software on your
|
||||||
|
computer. However, there is an overlap: JavaScript code downloaded to be
|
||||||
|
executed in your web browser.
|
||||||
|
|
||||||
|
[Non-free JavaScript][15] is a particularly nasty concern: it is software
|
||||||
|
that is downloaded automatically from a server---often without prompting
|
||||||
|
you---and then immediately executed. Software is now being executed on your
|
||||||
|
machine, and [your four freedoms][2] are once again at risk. This, then,
|
||||||
|
[is the primary concern][16] for any users visiting `gitlab.com`: not only
|
||||||
|
would this affect users that use `gitlab.com` as a host, but it would also
|
||||||
|
affect *any user that visits* the website. That would be a problem, since
|
||||||
|
hosting your project there would be inviting users to run proprietary
|
||||||
|
JavaScript.
|
||||||
|
|
||||||
|
As I was considering migrating my projects to GitLab, this was the
|
||||||
|
[first concern I brought up to Sytse][14]. This problem arises because
|
||||||
|
`gitlab.com` uses a GitLab EE instance: if it had used only its Community
|
||||||
|
Edition (GitLab CE)---which is free software---then all served JavaScript
|
||||||
|
would have been free. But any scripts served by GitLab EE that are not
|
||||||
|
identical to those served by GitLab CE are proprietary, and therefore
|
||||||
|
unethical. This same concern applies to GitHub, Bitbucket, and other
|
||||||
|
proprietary hosts that serve JavaScript.
|
||||||
|
|
||||||
|
Sytse surprised me by stating that he would be willing to
|
||||||
|
[freely license all JavaScript in GitLab EE][17], and by offering to give
|
||||||
|
anyone access to the GitLab EE source code who wants to help out. I took
|
||||||
|
him up on that offer. Initially, I had submitted a patch to merge all
|
||||||
|
GitLab EE JavaScript into GitLab CE, but Sytse came up with another,
|
||||||
|
superior suggestion, that ultimately provided even greater reach.
|
||||||
|
|
||||||
|
**I'm pleased to announce that Sytse and I were able to agree on a license
|
||||||
|
change (with absolutely no friction or hesitation on his part) that
|
||||||
|
liberates all JavaScript served to the client from GitLab EE instances.**
|
||||||
|
There are two concerns that I had wanted to address: JavaScript code
|
||||||
|
directly written for the client, and any code that produced JavaScript as
|
||||||
|
output. In the former case, this includes JavaScript derived from other
|
||||||
|
sources: for example, GitLab uses CoffeeScript, which compiles *into*
|
||||||
|
JavaScript. The latter case is important: if there is any code that
|
||||||
|
generates fragments of JavaScript---e.g. dynamically at runtime---then that
|
||||||
|
code must also be free, or users would not be able to modify and share the
|
||||||
|
resulting JavaScript that is actually being run on the client. Sytse
|
||||||
|
accepted my change verbatim, while adding his own sentence after mine to
|
||||||
|
disambiguate. At the time of writing this post, GitLab EE's source code
|
||||||
|
isn't yet publicly visible, so here is the relevant snippet from its
|
||||||
|
`LICENSE` file:
|
||||||
|
|
||||||
|
> The above copyright notices applies only to the part of this Software that
|
||||||
|
> is not distributed as part of GitLab Community Edition (CE), and that is
|
||||||
|
> not a file that produces client-side JavaScript, in whole or in part. Any
|
||||||
|
> part of this Software distributed as part of GitLab CE or that is a file
|
||||||
|
> that produces client-side JavaScript, in whole or in part, is copyrighted
|
||||||
|
> under the MIT Expat license.
|
||||||
|
|
||||||
|
|
||||||
|
## Further Discussion
|
||||||
|
My discussions with Sytse did not end there: there are other topics that
|
||||||
|
have not been able to be addressed before my writing of this post that would
|
||||||
|
do well to demonstrate commitment toward [software freedom][2].
|
||||||
|
|
||||||
|
The license change liberating client-side JavaScript was an excellent
|
||||||
|
move. To expand upon it, I wish to submit a patch that would make GitLab
|
||||||
|
[LibreJS compliant][21]; this provides even greater guarantees, since it
|
||||||
|
would allow for users to continue to block other non-free JavaScript that
|
||||||
|
may be served by the GitLab instance, but not produced by it. For example:
|
||||||
|
a website/host that uses GitLab may embed proprietary JavaScript, or modify
|
||||||
|
it without releasing the source code. Another common issue is the user of
|
||||||
|
analytics software; `gitlab.com` uses Google Analytics.
|
||||||
|
|
||||||
|
If you would like to help with LibreJS compliance, please [contact me][11].
|
||||||
|
|
||||||
|
I was brought into another discussion between Sytse and RMS that is
|
||||||
|
unrelated to the GitLab software itself, but still a positive demonstration
|
||||||
|
of a commitment to [software freedom][2]---the replacement of Disqus on the
|
||||||
|
`gitlab.com` blog with a free alternative. Sytse ended up making a
|
||||||
|
suggestion, saying he'd be "happy to switch to" [Juvia][22] if I'd help with
|
||||||
|
the migration. I'm looking forward to this, as it is an important
|
||||||
|
discussion area (that I honestly didn't know existed until Sytse told me
|
||||||
|
about it, because I don't permit proprietary JavaScript!). He was even kind
|
||||||
|
enough to compile a PDF of comments for one of our discussions, since he was
|
||||||
|
cognizant ahead of time that I would not want to use Disqus. (Indeed, I
|
||||||
|
will be unable to read and participate in the comments to this guest post
|
||||||
|
unless I take the time to freely read and reply without running Disqus'
|
||||||
|
proprietary JavaScript.)
|
||||||
|
|
||||||
|
Considering the genuine interest and concern expressed by Sytse in working
|
||||||
|
with myself and the free software community, I can only expect that GitLab
|
||||||
|
will continue to accept and apply community input.
|
||||||
|
|
||||||
|
It is not possible to address the copyleft issue without a change in
|
||||||
|
license, which GitLab is not interested in doing. So the best way to
|
||||||
|
re-assure the community is through action. [To quote Sytse][18]:
|
||||||
|
|
||||||
|
> I think the only way to prove we're serious about open source is in our
|
||||||
|
> actions, licenses or statements don't help.
|
||||||
|
|
||||||
|
There are fundamental disagreements that will not be able to be
|
||||||
|
resolved between GitLab and the free software community---like their
|
||||||
|
["open core" business model][19]. But after working with Sytse and seeing
|
||||||
|
his interactions with myself, RMS, and many others in the free software
|
||||||
|
community, I find his actions to be very encouraging.
|
||||||
|
|
||||||
|
*Are you interested in helping other websites liberate their JavaScript?
|
||||||
|
Consider [joining the FSF's campaign][27], and
|
||||||
|
[please liberate your own][16]!*
|
||||||
|
|
||||||
|
*This post is licensed under the
|
||||||
|
[Creative Commons Attribution-ShareAlike 3.0 Unported License][25].*
|
||||||
|
|
||||||
|
[3]: https://gitorious.org/
|
||||||
|
[4]: https://www.gnu.org/philosophy/who-does-that-server-really-serve.html
|
||||||
|
[5]: https://www.gnu.org/licenses/agpl.html
|
||||||
|
[6]: https://www.gnu.org/licenses/gpl.html
|
||||||
|
[7]: https://www.gnu.org/licenses/why-affero-gpl.html
|
||||||
|
[8]: https://www.gnu.org/licenses/quick-guide-gplv3.html
|
||||||
|
[9]: https://www.gnu.org/philosophy/pragmatic.html
|
||||||
|
[10]: https://www.gnu.org/licenses/license-list.html#Expat
|
||||||
|
[11]: http://mikegerwitz.com/
|
||||||
|
[12]: https://lists.gnu.org/mailman/listinfo/libreplanet-discuss
|
||||||
|
[13]: https://lists.gnu.org/archive/html/libreplanet-discuss/2015-03/msg00075.html
|
||||||
|
[14]: https://lists.gnu.org/archive/html/libreplanet-discuss/2015-04/msg00019.html
|
||||||
|
[15]: https://www.gnu.org/philosophy/javascript-trap.html
|
||||||
|
[16]: https://www.gnu.org/software/easejs/whyfreejs.html
|
||||||
|
[17]: https://lists.gnu.org/archive/html/libreplanet-discuss/2015-04/msg00020.html
|
||||||
|
[18]: https://news.ycombinator.com/item?id=9141801
|
||||||
|
[19]: https://lists.gnu.org/archive/html/libreplanet-discuss/2015-03/msg00076.html
|
||||||
|
[20]: https://lists.gnu.org/archive/html/libreplanet-discuss/2015-03/msg00095.html
|
||||||
|
[21]: https://www.gnu.org/software/librejs/free-your-javascript.html
|
||||||
|
[22]: https://github.com/phusion/juvia
|
||||||
|
[23]: https://www.fsf.org/blogs/rms/selling-exceptions
|
||||||
|
[24]: https://gnu.org/software/easejs
|
||||||
|
[25]: http://creativecommons.org/licenses/by-sa/3.0/
|
||||||
|
[26]: https://www.gnu.org/licenses/license-list.html
|
||||||
|
[27]: https://fsf.org/campaigns/freejs
|
||||||
|
[28]: http://mikegerwitz.com/about/githubbub
|
||||||
|
[orig-post]: https://about.gitlab.com/2015/05/20/gitlab-gitorious-free-software/
|
||||||
|
|
|
@ -0,0 +1,60 @@
|
||||||
|
# Comcast injects JavaScript into web pages
|
||||||
|
|
||||||
|
It seems that Comcast has decided that it is a good idea to [inject
|
||||||
|
JavaScript into web pages][js] visited by its customers in order to inform
|
||||||
|
them of Copyright violations.
|
||||||
|
|
||||||
|
[js]: https://gist.github.com/Jarred-Sumner/90362639f96807b8315b
|
||||||
|
|
||||||
|
This is a huge violation of user privacy and trust. Further, it shows that
|
||||||
|
an ISP (and probably others) feel that they have the authority to dictate
|
||||||
|
what is served to the user on a free (as in speech) Internet. Why should we
|
||||||
|
believe that they won't start injecting other types of scripts that spy on
|
||||||
|
the user or introduce advertising? What if a malicious actor compromises
|
||||||
|
Comcast's servers and serves exploits to users?
|
||||||
|
|
||||||
|
It is no surprise that Comcast is capable of doing this---they know the IP
|
||||||
|
address of the customer, so they are able to intercept traffic and alter it
|
||||||
|
in transit. But the fact that they _can_ do this demonstrates something far
|
||||||
|
more important: _that they have spent the money on the infrastructure to do
|
||||||
|
so_!
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
Comcast isn't the only ISP to have betrayed users by injecting data. One
|
||||||
|
year ago, it was discovered that [Verizon was injecting "perma-cookies" into
|
||||||
|
requests to track users][verizon]. This is only one example of the
|
||||||
|
insidious abuses that unchecked ISPs can take.
|
||||||
|
|
||||||
|
So what can you do to protect yourself?
|
||||||
|
|
||||||
|
What Comcast is doing is called a [man-in-the-middle (MITM) attack][mitm]:
|
||||||
|
Comcast sits in the middle of you and your connection to the website that
|
||||||
|
you are visiting, proxying your request. Before relaying the website's
|
||||||
|
response to you, it modifies it.
|
||||||
|
|
||||||
|
In order to do this, Comcast needs to be able to read your communications,
|
||||||
|
and must be able to modify them: the request must be read in order to
|
||||||
|
determine how the JavaScript should be injected and what request it should
|
||||||
|
be injected into; and it must be modified to perform the injection. It
|
||||||
|
cannot (given a properly configured web server) do so if your connection is
|
||||||
|
encrypted. In the case of web traffic, `https` URLs with the little lock
|
||||||
|
icon in your web browser generally indicates that your communications are
|
||||||
|
encrypted, making MITM attacks
|
||||||
|
unlikely.
|
||||||
|
|
||||||
|
(We're assuming that Comcast won't ask you to install a root CA so that they
|
||||||
|
can decrypt your traffic! But that would certainly be noticed, if they did
|
||||||
|
so on a large enough scale.)
|
||||||
|
|
||||||
|
Not all websites use SSL. Another method is to use encrypted proxies, VPNs,
|
||||||
|
or services like like [Tor][tor]. This way, Comcast will not be able to
|
||||||
|
read or modify the communications.
|
||||||
|
|
||||||
|
See also: [HackerNews discussion][hn]; [original Reddit discussion][reddit].
|
||||||
|
|
||||||
|
[verizon]: https://www.eff.org/deeplinks/2014/11/verizon-x-uidh
|
||||||
|
[mitm]: https://en.wikipedia.org/wiki/Man-in-the-middle_attack
|
||||||
|
[hn]: https://news.ycombinator.com/item?id=10592775
|
||||||
|
[reddit]: https://www.reddit.com/r/HuntsvilleAlabama/comments/35v4sn/comcast_is_injecting_bad_javascript_to_your/
|
||||||
|
[tor]: https://tor.org/
|
|
@ -0,0 +1,14 @@
|
||||||
|
# Now Hosting Personal GNU Social Instance
|
||||||
|
|
||||||
|
When I started writing this blog, my intent was to post notices more
|
||||||
|
frequently and treat it more like a microblogging platform; but that's not
|
||||||
|
how it ended up. Instead, I use this site to write more detailed posts with
|
||||||
|
solid references to back up my statements.
|
||||||
|
|
||||||
|
[GNU Social](https://gnu.org/software/social/) is a federated social
|
||||||
|
network---you can host your own instances and they all communicate with
|
||||||
|
one-another. You can find mine at the top of this page under "Notices", or
|
||||||
|
at [https://social.mikegerwitz.com/](https://social.mikegerwitz.com/). I
|
||||||
|
will be using this site to post much more frequent miscellaneous notices.
|
||||||
|
|
||||||
|
<!-- more -->
|
|
@ -0,0 +1,92 @@
|
||||||
|
# Google Analytics Removed from GitLab.com Instance
|
||||||
|
|
||||||
|
*This was originally written as a guest post for GitLab in November of 2015,
|
||||||
|
but they [decided not to publish it][gitlab-merge].*
|
||||||
|
|
||||||
|
[gitlab-merge]: https://gitlab.com/gitlab-com/www-gitlab-com/merge_requests/1094
|
||||||
|
|
||||||
|
Back in May of of 2015, I [announced GitLab's liberation of their Enterprise
|
||||||
|
Edition JavaScript][ggfs] and made some comments about GitLab's course and
|
||||||
|
approach to software freedom. In liberating GitLab EE's JavaScript, all
|
||||||
|
code served to the browser by GitLab.com's GitLab instance was [Free (as in
|
||||||
|
freedom)][free-sw], except for one major offender: Google Analytics.
|
||||||
|
|
||||||
|
[ggfs]: https://about.gitlab.com/2015/05/20/gitlab-gitorious-free-software/
|
||||||
|
[free-sw]: https://www.gnu.org/philosophy/free-sw.html
|
||||||
|
|
||||||
|
Since Google Analytics was not necessary for the site to function, users
|
||||||
|
could simply block the script and continue to use GitLab.com
|
||||||
|
[ethically][free-sw]. However, encouraging users to visit a project on
|
||||||
|
GitLab.com while knowing that it loads Google Analytics is a problem both
|
||||||
|
for users' freedoms, and for their privacy.
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
GitLab is more than service and front-end to host Git repositories; it has a
|
||||||
|
number of other useful features as well. Using those features, however,
|
||||||
|
would mean that GitLab.com is no longer just a mirror for a project---it
|
||||||
|
would be endorsed by the project's author, requiring that users visit the
|
||||||
|
project on GitLab.com in order to collaborate. For example, if an author
|
||||||
|
were to use the GitLab issue tracker on GitLab.com, then she would be
|
||||||
|
actively inviting users to the website by telling them to report issues and
|
||||||
|
feature requests there.
|
||||||
|
|
||||||
|
We cannot realistically expect that anything more than a minority of
|
||||||
|
visitors will know how to block Google Analytics (or even understand that it
|
||||||
|
is a problem). Therefore, if concerned authors wanted to use those features
|
||||||
|
of GitLab, they had to use another hosted instance of GitLab, or host their
|
||||||
|
own. But the better option was to encourage GitLab.com to remove Google
|
||||||
|
Analytics entirely, so that _all_ JavaScript code served to the users is
|
||||||
|
[Free][free-sw].
|
||||||
|
|
||||||
|
GitLab has chosen to actively
|
||||||
|
[work with the Free Software movement][ggfs]---enough so that they are now
|
||||||
|
considered an [acceptable host for GNU projects][gitlab-gnu-criteria]
|
||||||
|
according to [GNU's ethical repository criteria][gnu-repo-criteria]. And
|
||||||
|
they have chosen to do so again---headed by Sytse Sijbrandij (GitLab
|
||||||
|
Inc. CEO), Google Analytics has been removed from the GitLab.com instance
|
||||||
|
and replaced with [Piwik][piwik].
|
||||||
|
|
||||||
|
## More Than Just Freedom
|
||||||
|
This change is more than a commitment to users' freedoms---it's also a
|
||||||
|
commitment to users' privacy that cannot be understated. By downloading and
|
||||||
|
running Google Analytics, users are being infected with some of the most
|
||||||
|
[sophisticated examples of modern spyware][ga-wikipedia]: vast amounts of
|
||||||
|
[personal and behavioral data][ga-google] are sent to Google for them to use
|
||||||
|
and share as they wish. Google Analytics also tracks users across [many
|
||||||
|
different websites][ga-popularity], allowing them to discover your interests
|
||||||
|
and behaviors in ways that users themselves may not even know.
|
||||||
|
|
||||||
|
GitLab.com has committed to using [Piwik][piwik] on their GitLab instance,
|
||||||
|
which [protects users' privacy][piwik-privacy] in a number of very important
|
||||||
|
ways: it allows users to opt out of tracking, anonymizes IP addresses,
|
||||||
|
retains logs for limited time periods, respects [DoNotTrack][eff-dnt], and
|
||||||
|
more. Further, all logs _will be kept on GitLab.com's own servers_, and is
|
||||||
|
therefore governed solely by
|
||||||
|
[GitLab.com's Privacy Policy][gitlab-privacy]; this means that other
|
||||||
|
services will not be able to use these data to analyze users' behavior on
|
||||||
|
other websites, and advertisers and others will know less about them.
|
||||||
|
|
||||||
|
Users should not have to try to [anonymize themselves][eff-ssd] in
|
||||||
|
order to maintain their privacy---privacy should be a default, and a
|
||||||
|
respected one at that. GitLab has taken a strong step in the right
|
||||||
|
direction; I hope that others will take notice and do the same.
|
||||||
|
|
||||||
|
*Are you interested in helping other websites liberate their JavaScript?
|
||||||
|
Consider [joining the FSF's campaign][freejs], and
|
||||||
|
[please liberate your own][whyfreejs]!*
|
||||||
|
|
||||||
|
[eff-dnt]: https://www.eff.org/dnt-policy
|
||||||
|
[eff-ssd]: http://ssd.eff.org/
|
||||||
|
[freejs]: https://fsf.org/campaigns/freejs
|
||||||
|
[ga-google]: https://www.google.com/analytics/standard/features/
|
||||||
|
[ga-popularity]: http://w3techs.com/technologies/overview/traffic_analysis/all
|
||||||
|
[ga-wikipedia]: https://en.wikipedia.org/wiki/Google_Analytics
|
||||||
|
[gitlab-featurse]: https://about.gitlab.com/features/
|
||||||
|
[gitlab-gnu-criteria]: https://lists.gnu.org/archive/html/repo-criteria-discuss/2015-11/msg00012.html
|
||||||
|
[gitlab-privacy]: https://about.gitlab.com/privacy/
|
||||||
|
[gnu-repo-criteria]: https://www.gnu.org/software/repo-criteria.html
|
||||||
|
[mtg]: http://mikegerwitz.com/
|
||||||
|
[piwik]: https://piwik.org/
|
||||||
|
[piwik-privacy]: https://piwik.org/privacy/
|
||||||
|
[whyfreejs]: https://www.gnu.org/software/easejs/whyfreejs.html
|
|
@ -0,0 +1,45 @@
|
||||||
|
# Join me at LibrePlanet 2016 for my talk "Restore Online Freedom!"
|
||||||
|
|
||||||
|
I will be [speaking at LibrePlanet this year][lp2016] (2016) about freedom
|
||||||
|
on the Web. Here's the session description:
|
||||||
|
|
||||||
|
[lp2016]: https://www.libreplanet.org/2016/program/
|
||||||
|
|
||||||
|
> Imagine a world where surveillance is the default and users must opt-in to
|
||||||
|
> privacy. Imagine that your every action is logged and analyzed to learn
|
||||||
|
> how you behave, what your interests are, and what you might do next.
|
||||||
|
> Imagine that, even on your fully free operating system, proprietary
|
||||||
|
> software is automatically downloaded and run not only without your
|
||||||
|
> consent, but often without your knowledge. In this world, even free
|
||||||
|
> software cannot be easily modified, shared, or replaced. In many cases,
|
||||||
|
> you might not even be in control of your own computing -- your actions and
|
||||||
|
> your data might be in control by a remote entity, and only they decide
|
||||||
|
> what you are and are not allowed to do.
|
||||||
|
>
|
||||||
|
> This may sound dystopian, but this is the world you're living in right
|
||||||
|
> now. The Web today is an increasingly hostile, freedom-denying place that
|
||||||
|
> propagates to nearly every aspect of the average users' lives -- from
|
||||||
|
> their PCs to their phones, to their TVs and beyond. But before we can
|
||||||
|
> stand up and demand back our freedoms, we must understand what we're being
|
||||||
|
> robbed of, how it's being done, and what can (or can't) be done to stop
|
||||||
|
> it.
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
There are a number of other [great sessions][lp2016] this year from a
|
||||||
|
[number of speakers][lp2016s], many well-known. We also have an opening
|
||||||
|
keynote from Edward Snowden!
|
||||||
|
|
||||||
|
All [FSF associate members get free entry][fsfmember]. If you can't join
|
||||||
|
us, the conference will be streamed live. You can also see [videos of past
|
||||||
|
talks][lpvideos] on the FSF's self-hosted [GNU MediaGoblin][goblin]
|
||||||
|
instance.
|
||||||
|
|
||||||
|
Special thanks to the FSF for covering a large portion of my travel
|
||||||
|
expenses; I otherwise might not have been able to attend. Thank you to all
|
||||||
|
who donated to the conference scholarship fund.
|
||||||
|
|
||||||
|
[lp2016s]: https://www.libreplanet.org/2016/program/speakers.html
|
||||||
|
[fsfmember]: https://crm.fsf.org/join
|
||||||
|
[lpvideos]: https://media.libreplanet.org/
|
||||||
|
[goblin]: http://mediagoblin.org/
|
|
@ -0,0 +1,37 @@
|
||||||
|
# Reddit suspected to have been served with an NSL
|
||||||
|
|
||||||
|
It is suspected that Reddit has been [served with an NSL][schneier].
|
||||||
|
[National Security Letters (NSLs)][nsl] are subpoena served by the United
|
||||||
|
States federal government and often come with a gag order that prevents the
|
||||||
|
recipient from even stating that they received the letter.
|
||||||
|
|
||||||
|
[schneier]: https://www.schneier.com/blog/archives/2016/04/reddits_warrant.html
|
||||||
|
[nsl]: https://en.wikipedia.org/wiki/National_Security_Letter
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
[Warrant canaries][canary] are used to circumvent gag orders by stating
|
||||||
|
that requests have *not* been received, under the [legal theory][court]
|
||||||
|
that, while courts can compel persons not to speak, they can't compel them
|
||||||
|
to lie. [Reddit's canary has died][reddit-report]---the canary is absent
|
||||||
|
from their most recent 2015 transparency report, where it was [present in
|
||||||
|
the 2014 report][reddit-report-2014].
|
||||||
|
|
||||||
|
Does this mean that you should stop using Reddit? No; canaries are an
|
||||||
|
important transparency method. If you are worried about your privacy, you
|
||||||
|
shouldn't disclose the information to a third party to begin with. Note
|
||||||
|
that this includes metadata that are gathered about you when you, for
|
||||||
|
example, browse subreddits while logged in. You can help mitigate that by
|
||||||
|
[browsing anonymously using Tor][donot], being sure never to log in during
|
||||||
|
the same session.
|
||||||
|
|
||||||
|
The website [Canary Watch][cw] is a website that tracks warrant canaries.
|
||||||
|
|
||||||
|
I'm awaiting further analysis after the weekend.
|
||||||
|
|
||||||
|
[canary]: https://en.wikipedia.org/wiki/Warrant_canary
|
||||||
|
[cw]: https://www.canarywatch.org/
|
||||||
|
[court]: https://gigaom.com/2014/10/10/are-warrant-canaries-legal-twitter-wants-to-save-techs-warning-signal-of-government-spying/
|
||||||
|
[reddit-report]: https://web.archive.org/web/20160331210850/https://www.reddit.com/wiki/transparency/2015
|
||||||
|
[reddit-report-2014]: https://web.archive.org/web/20160331204815/https://www.reddit.com/wiki/transparency/2014
|
||||||
|
[donot]: https://www.whonix.org/wiki/DoNot
|
|
@ -0,0 +1,27 @@
|
||||||
|
# Facebook will use software for the VR headset Occulus Rift to spy on you
|
||||||
|
|
||||||
|
Anything coming out of Facebook should be [cause for concern][rms-fb]. So,
|
||||||
|
naturally, one might be concerned when they decide to get into the virtual
|
||||||
|
reality (VR) scene by [purchasing the startup Occulus VR][fb-vr], makers of
|
||||||
|
the Occulus Rift VR headset. One can only imagine all the fun ways Facebook
|
||||||
|
will be able to track, manipulate, spy on, and otherwise screw over users
|
||||||
|
while they are immersed in a virtual reality.
|
||||||
|
|
||||||
|
[rms-fb]: https://stallman.org/facebook.html#privacy
|
||||||
|
[fb-vr]: http://www.theguardian.com/technology/2014/jul/22/facebook-oculus-rift-acquisition-virtual-reality
|
||||||
|
|
||||||
|
Sure enough, we have our first peak: [the software that Facebook has you
|
||||||
|
install for the Occulus Rift is spyware][fb-spy], reporting on what
|
||||||
|
*unrelated* software you use on your system, your location (including GPS
|
||||||
|
data and nearby Wifi networks), the type of device you're using, unique
|
||||||
|
device identifiers, your movements while using the VR headset, and more.
|
||||||
|
|
||||||
|
[fb-spy]: http://uploadvr.com/facebook-oculus-privacy/
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
This is absurd. Do not play into Facebook's games through temptation of
|
||||||
|
cool new technology; reject their terms and see if there's other ways you
|
||||||
|
can use the headset without their proprietary spyware. If not, perhaps you
|
||||||
|
should ask for a refund, and tell them why.
|
||||||
|
|
|
@ -0,0 +1,183 @@
|
||||||
|
# GNU/kWindows
|
||||||
|
|
||||||
|
There has been a lot of talk lately about a most unique combination:
|
||||||
|
[GNU][gnu]---the [fully free/libre][free-sw] operating system---and
|
||||||
|
Microsoft Windows---the [freedom-denying, user-controlling,
|
||||||
|
surveillance system][woe].
|
||||||
|
There has also been a great deal of misinformation.
|
||||||
|
I'd like to share my thoughts.
|
||||||
|
|
||||||
|
[gnu]: https://gnu.org/gnu/gnu.html
|
||||||
|
[free-sw]: https://gnu.org/philosophy/free-sw.html
|
||||||
|
[woe]: https://www.gnu.org/proprietary/malware-microsoft.en.html
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
Before we can discuss this subject,
|
||||||
|
we need to clarify some terminology:
|
||||||
|
We have a [free/libre][free-sw] operating system called [GNU][gnu].
|
||||||
|
Usually, it's used with the kernel Linux, and is together called the
|
||||||
|
[GNU/Linux (or GNU+Linux) operating system][gnulinux].
|
||||||
|
But that's not always the case.
|
||||||
|
For example, GNU can be run with its own kernel, [The GNU Hurd][hurd]
|
||||||
|
(GNU/Hurd).
|
||||||
|
It might be run on a system with a BSD kernel (e.g. GNU/kFreeBSD).
|
||||||
|
But now, we have a situation where we're taking GNU/Linux, removing Linux,
|
||||||
|
and adding in its place a Windows kernel.
|
||||||
|
This combination is referred to as GNU/kWindows (GNU with the Windows kernel
|
||||||
|
added).[^kwindows]
|
||||||
|
|
||||||
|
GNU values users' freedoms.
|
||||||
|
Windows [does exactly the opposite][woe].
|
||||||
|
|
||||||
|
When users talk about the operating system "Linux", what they are referring
|
||||||
|
to is the [GNU operating system][gnu] with the kernel Linux added.
|
||||||
|
If you are using the GNU operating system in some form, then many of the
|
||||||
|
programs you are familiar with on the command line are GNU programs:
|
||||||
|
`bash`, `(g)awk`, `grep`, `ls`, `cat`, `bc`, `tr`, `gcc`, `emacs`, and
|
||||||
|
so on.
|
||||||
|
But GNU is a fully free/libre Unix replacement, [not just a collection of GNU
|
||||||
|
programs][gnu].
|
||||||
|
Linux is the kernel that supports what the operating system is trying to do;
|
||||||
|
it provides what are called system calls to direct the kernel to perform
|
||||||
|
certain actions, like fork new processes or allocate memory.
|
||||||
|
This is an important distinction---not only is calling all of this software
|
||||||
|
"Linux" incorrect, but it discredits the project that created a fully
|
||||||
|
free/libre Unix replacement---[GNU][gnu].
|
||||||
|
|
||||||
|
This naming issue is so widespread that
|
||||||
|
[most users would not recognize what GNU is][gnu-noheard], even if they
|
||||||
|
are _using_ a [GNU/Linux][gnulinux] operating system.
|
||||||
|
I recently read an article that referred to GNU Bash as "Linux's Bash";
|
||||||
|
this is simply a slap in the face to all the hackers that have for the
|
||||||
|
past 26 years been writing what is one of today's most widely used
|
||||||
|
shells on Unix-like systems (including on [Apple's][apple] proprietary
|
||||||
|
Mac OSX), and all the other GNU hackers.
|
||||||
|
|
||||||
|
Microsoft and Canonical have apparently been working together to write a
|
||||||
|
subsystem that translates Linux system calls into something Windows will
|
||||||
|
understand---a compatibility layer.
|
||||||
|
So, software compiled to run on a system with the kernel Linux will work on
|
||||||
|
Windows through system call translation.
|
||||||
|
Many articles are calling this "Linux on Windows".
|
||||||
|
This is a fallacy: the kernel Linux is not at all involved!
|
||||||
|
What we are witnessing is the [_GNU_ operating system][gnu] running with
|
||||||
|
a Windows kernel _instead_ of Linux.
|
||||||
|
|
||||||
|
This is undoubtedly a technical advantage for Microsoft---Windows users want
|
||||||
|
to do their computing in a superior environment that they might be
|
||||||
|
familiar with on [GNU/Linux][gnulinux] or other Unix-like operating
|
||||||
|
systems, like [Apple's][apple] freedom-denying Mac OSX.
|
||||||
|
But thinking about it like this is missing an essential concept:
|
||||||
|
|
||||||
|
When users talk about "Linux" as the name of the operating system, they
|
||||||
|
avoid talking about [GNU][gnu].
|
||||||
|
And by avoiding mention of GNU,
|
||||||
|
they are also avoiding discussion of the core principles upon which GNU is
|
||||||
|
founded---the belief that all users deserve
|
||||||
|
[software granting _four essential freedoms_][free-sw]:
|
||||||
|
the freedom to use the program for any purpose;
|
||||||
|
the freedom to study the program and modify it to suit your needs (or
|
||||||
|
have someone do it on your behalf);
|
||||||
|
the freedom to share the program with others;
|
||||||
|
and the freedom to share your changes with others.
|
||||||
|
We call software that respects these four freedoms
|
||||||
|
[_free/libre software_][free-sw].
|
||||||
|
|
||||||
|
Free software is absolutely essential:
|
||||||
|
it ensures that _users_,
|
||||||
|
who are the most vulnerable,
|
||||||
|
are in control of their computing---not software developers or
|
||||||
|
corporations.
|
||||||
|
Any program that denies users any one of their [four freedoms][free-sw] is
|
||||||
|
_non-free_ (or _proprietary_)---that is, freedom-denying software.
|
||||||
|
This means that any non-free software, no matter its features or
|
||||||
|
performance, will [_always_ be inferior to free software][oss] that
|
||||||
|
performs a similar task.
|
||||||
|
|
||||||
|
Not everyone likes talking about freedom or the
|
||||||
|
[free software philosophy][free-sw].
|
||||||
|
This disagreement resulted in the
|
||||||
|
["open source" development methodology][oss],
|
||||||
|
which exists to sell the benefits of free software to businesses *without*
|
||||||
|
discussing the essential ideological considerations.
|
||||||
|
Under the "open source" philosophy,
|
||||||
|
if a non-free program provides better features or performance,
|
||||||
|
then surely it must be "better",
|
||||||
|
because they have outperformed the "open source" development methodology;
|
||||||
|
non-free software isn't always considered to be a bad thing.
|
||||||
|
|
||||||
|
So why would users want to use GNU/kWindows?
|
||||||
|
Well, probably for the same reason that they want GNU tools on Mac OSX:
|
||||||
|
they want to use software they want to use, but they also want the
|
||||||
|
technical benefits of GNU that they like.
|
||||||
|
What we have here is the ["open source" philosophy][oss]---because if the
|
||||||
|
user truly valued her freedom, she would use a
|
||||||
|
[fully free operating system like GNU/Linux][gnulinux-distros].
|
||||||
|
If a user is _already_ using Windows (that is, before considering
|
||||||
|
GNU/kWindows), then she does gain some freedom by installing GNU:
|
||||||
|
she has more software on her system that respects her freedoms,
|
||||||
|
and she is better off because of that.
|
||||||
|
|
||||||
|
But what if you're using GNU/Linux today?
|
||||||
|
In that case,
|
||||||
|
it is a major downgrade to switch to a GNU/kWindows system;
|
||||||
|
by doing so, you are [surrendering your freedom to Microsoft][woe].
|
||||||
|
It does not matter how many shiny features Microsoft might introduce into
|
||||||
|
its [freedom-denying surveillance system][woe];
|
||||||
|
an [operating system that respects your freedoms][gnulinux-distros] will
|
||||||
|
_always_ be a superior choice.
|
||||||
|
We would do our best to dissuade users from switching to a GNU/kWindows
|
||||||
|
system for the technical benefits that GNU provides.
|
||||||
|
|
||||||
|
So we have a couple different issues---some factual, some philosophical:
|
||||||
|
|
||||||
|
Firstly,
|
||||||
|
please don't refer to GNU/kWindows as "Linux on Windows", or any variant
|
||||||
|
thereof;
|
||||||
|
doing so simply propagates misinformation that not only confounds the
|
||||||
|
situation, but discredits the thousands of hackers working on the
|
||||||
|
[GNU operating system][gnu].
|
||||||
|
It would also be best if you avoid calling it "Ubuntu on Windows";
|
||||||
|
it isn't a factually incorrect statement---you are running Ubuntu's
|
||||||
|
distribution of GNU---but it still avoids mentioning the
|
||||||
|
[GNU Project][gnu]. If you want to give Ubuntu credit for working with
|
||||||
|
Microsoft, please call it "Ubuntu GNU/kWindows" instead of "Ubuntu".
|
||||||
|
By mentioning GNU,
|
||||||
|
users will ask questions about the project,
|
||||||
|
and might look it up on their own.
|
||||||
|
They will read about [the free software philosophy][free-sw],
|
||||||
|
and will hopefully begin to understand these issues---issues that they
|
||||||
|
might not have even been aware of to begin with.
|
||||||
|
|
||||||
|
Secondly,
|
||||||
|
when you see someone using a GNU/kWindows system,
|
||||||
|
politely ask them why.
|
||||||
|
Tell them that there is a _better_ operating system out there---the
|
||||||
|
[GNU/Linux operating system][gnu]---that not only provides those technical
|
||||||
|
features,
|
||||||
|
but also provides the feature of _freedom_!
|
||||||
|
Tell them what [free software][free-sw] is,
|
||||||
|
and try to relate it to them so that they understand why it is important,
|
||||||
|
and even practical.
|
||||||
|
|
||||||
|
It's good to see more people benefiting from GNU;
|
||||||
|
but we can't be happy when it is being sold as a means to draw users into
|
||||||
|
an otherwise [proprietary surveillance system][woe],
|
||||||
|
without so much as a mention of our name,
|
||||||
|
or [what it is that we stand for][gnu].
|
||||||
|
|
||||||
|
[^kwindows]: This name comes from [Richard Stallman][rms], founder of the
|
||||||
|
[GNU Project][gnu].
|
||||||
|
|
||||||
|
[hurd]: https://gnu.org/software/hurd/
|
||||||
|
[oss]: http://www.gnu.org/philosophy/open-source-misses-the-point.html
|
||||||
|
[gnulinux]: https://www.gnu.org/gnu/linux-and-gnu.html
|
||||||
|
[gnulinux-distros]: https://www.gnu.org/distros/free-distros.html
|
||||||
|
[apple]: https://stallman.org/apple.html
|
||||||
|
[rms]: https://www.fsf.org/about/staff-and-board
|
||||||
|
[gnu-noheard]: https://gnu.org/gnu/gnu-users-never-heard-of-gnu.html
|
||||||
|
|
||||||
|
---
|
||||||
|
featured: true
|
||||||
|
---
|
|
@ -0,0 +1,88 @@
|
||||||
|
# International Day Against DRM 2016
|
||||||
|
|
||||||
|
Today is the [10th annual International Day Against DRM][day-drm]---a day
|
||||||
|
where activists from around the world organize events in protest against
|
||||||
|
[Digital Restrictions Management][drm].
|
||||||
|
|
||||||
|
[day-drm]: https://www.defectivebydesign.org/dayagainstdrm
|
||||||
|
[drm]: https://www.defectivebydesign.org/what_is_drm_digital_restrictions_management
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
DRM is a scheme by which tyrants use [antifeatures][] to lock down what
|
||||||
|
users are able to do with their systems, often cryptographically.
|
||||||
|
For example,
|
||||||
|
your media player might tell you how many times you can listen to a song,
|
||||||
|
or watch a video, or read a book;
|
||||||
|
it might [delete books][1984] that you thought you owned;
|
||||||
|
it might require that you are [always online][always-on] when playing a
|
||||||
|
game, and then stop working when you disconnect, or when they decide to
|
||||||
|
stop supporting the game.
|
||||||
|
If you try to circumvent these locks,
|
||||||
|
then you might be [called a pirate][pirate] and be thrown in prision under
|
||||||
|
the ["anti-circumvention" privisons of the Digital Millenium Copyright Act
|
||||||
|
(DMCA)][dmca].
|
||||||
|
These are all things [that have been long predicated][right-to-read], and
|
||||||
|
are only expected to get worse with time.
|
||||||
|
|
||||||
|
That is, unless we take a stand and fight back.
|
||||||
|
|
||||||
|
I had the pleasure of participating in
|
||||||
|
the [largest ever protest against the W3C][w3c-protest] and their attempts
|
||||||
|
to introduce DRM as a _web standard_ via the [Encrypted Media Extensions
|
||||||
|
(EME)][eme] proposal.[^photos]
|
||||||
|
This event was organized beautifully by Zak Rogoff of the [Free Software
|
||||||
|
Foundation][fsf] and began just outside the Strata Center doors where the
|
||||||
|
W3C was _actively meeting_,
|
||||||
|
and then continued to stop outside the Google and Microsoft offices,
|
||||||
|
both just blocks away.
|
||||||
|
We were [joined outside Microsoft][eff-protest] by Danny O'Brien,
|
||||||
|
the EFF's International Director,
|
||||||
|
who stepped out of the W3C meeting to address the protesters.
|
||||||
|
|
||||||
|
Afterward, most of us [traveled to the MIT Media Lab][media-lab] where
|
||||||
|
Richard Stallman---who joined us in the protest---sat on a panel along
|
||||||
|
with Danny O'Brien, Joi Ito of the MIT Media Lab, and Harry Halpin of the
|
||||||
|
W3C.
|
||||||
|
The W3C was invited to participate in a discussion on EME, but they never
|
||||||
|
showed.
|
||||||
|
As a demonstration of the severity of these issues,
|
||||||
|
[Harry Halpin vowed to resign from the W3C][hh-resign] if the EME proposal
|
||||||
|
ever became a W3C Recommendation.
|
||||||
|
|
||||||
|
I can say without hesitation that the protest and following discussion were
|
||||||
|
some of the most powerful and memorable events of my life---there is no
|
||||||
|
feeling like being a part of a group that shares such a fundamental
|
||||||
|
passion (and distaste!) for something important.
|
||||||
|
|
||||||
|
And it _is_ very important.
|
||||||
|
|
||||||
|
[DRM is pervasive][dbd]---the Web is just one corner where it rears its ugly
|
||||||
|
head.
|
||||||
|
The [International Day Against DRM][day-drm] gives you and others an
|
||||||
|
excellent opportunity to hold your own protests, demonstrations, and events
|
||||||
|
to raise these issues to others---and to do so as part of an
|
||||||
|
_international group_;
|
||||||
|
to send a strong, world-wide message:
|
||||||
|
a message that it is _not_ acceptable to act as tyrants and treat users as
|
||||||
|
slaves and puppets through use of digital handcuffs and [draconian
|
||||||
|
punishments for circumventing them][dmca].
|
||||||
|
|
||||||
|
[^photos]: The EFF has some [great photots][eff-protest]; I'm the one in the
|
||||||
|
hoodie between the giant GNU head and Zak Rogoff.
|
||||||
|
|
||||||
|
[antifeatures]: https://www.fsf.org/bulletin/2007/fall/antifeatures/
|
||||||
|
[lp2016]: https://libreplanet.org/2016/
|
||||||
|
[w3c-protest]: https://www.defectivebydesign.org/from-the-web-to-the-streets-protesting-drm
|
||||||
|
[eme]: https://w3c.github.io/encrypted-media/
|
||||||
|
[eff-protest]: https://w3c.github.io/encrypted-media/
|
||||||
|
[w3c]: https://www.w3.org/
|
||||||
|
[fsf]: https://fsf.org/
|
||||||
|
[media-lab]: https://motherboard.vice.com/read/we-marched-with-richard-stallman-at-a-drm-protest-last-night-w3-consortium-MIT-joi-ito
|
||||||
|
[hh-resign]: https://www.defectivebydesign.org/blog/w3c_staff_member_pledges_resignation_if_drm_added_web_standards
|
||||||
|
[dmca]: https://www.eff.org/issues/dmca
|
||||||
|
[dbd]: https://www.defectivebydesign.org/
|
||||||
|
[1984]: https://www.defectivebydesign.org/amazon-kindle-swindle
|
||||||
|
[always-on]: https://en.wikipedia.org/wiki/Always-on_DRM
|
||||||
|
[right-to-read]: https://www.gnu.org/philosophy/right-to-read.en.html
|
||||||
|
[pirate]: https://www.eff.org/deeplinks/2015/02/go-prison-sharing-files-thats-what-hollywood-wants-secret-tpp-deal
|
|
@ -0,0 +1,55 @@
|
||||||
|
# CFAA, "Authorized" Access, and Common Sense
|
||||||
|
|
||||||
|
There is little common sense to be had with the [Computer Fraud and Abuse
|
||||||
|
Act][cfaa] (CFAA) to begin with.
|
||||||
|
To add to the confusion,
|
||||||
|
the Ninth Circuit Court of Appeals last week held 2-1 in [United States
|
||||||
|
v. Nosal][uvn] that accessing a service using someone else's
|
||||||
|
password---even if that person gave you permission to do so---[violates
|
||||||
|
the CFAA][cfaa-passwd],
|
||||||
|
stating that only the _owner_ of a computer can give such authorization.
|
||||||
|
This is absurd even with complete lack of understanding of what the law is:
|
||||||
|
should your spouse be held criminally liable for paying your bills online
|
||||||
|
using your account?
|
||||||
|
|
||||||
|
[cfaa]: https://www.eff.org/issues/cfaa
|
||||||
|
[uvn]: https://www.eff.org/cases/u-s-v-nosal
|
||||||
|
[cfaa-passwd]: https://www.eff.org/deeplinks/2016/07/ever-use-someone-elses-password-go-jail-says-ninth-circuit
|
||||||
|
|
||||||
|
Common sense says no.
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
In another case this week---[Facebook v. Power Ventures][fvp]---the same
|
||||||
|
court (though a different panel of judges) stepped back from the original
|
||||||
|
decision and stated that computer _users_ can indeed provide
|
||||||
|
authorization.
|
||||||
|
This authorization holds even if the service's Terms of Service say
|
||||||
|
otherwise.
|
||||||
|
Yet: the computer owner (in this case, Facebook) can revoke authorization,
|
||||||
|
which takes precedence over any authorization provided by a user of that
|
||||||
|
system.
|
||||||
|
So with a seemingly magical incantation,
|
||||||
|
a benign situation can be made into a federal crime,
|
||||||
|
just like that.
|
||||||
|
|
||||||
|
These situations highlight dangerous confusion over the interpretation of an
|
||||||
|
already dangerously vague law.
|
||||||
|
The CFAA is the law that was used to prosecute Aaron Swartz for federal
|
||||||
|
"crimes"---with a punishment of up to thirty-five years in prison---for
|
||||||
|
liberating documents hosted on JSTOR.
|
||||||
|
Because of this [draconian threat][eff-punish],
|
||||||
|
[Aaron committed suicide][aaron] on January 11th, 2013.
|
||||||
|
|
||||||
|
The CFAA already has blood on its hands;
|
||||||
|
it needs to be reined _in_,
|
||||||
|
not be given further broad powers.
|
||||||
|
So don't take news of the decisions in US v. Nosal and Facebook v. Power
|
||||||
|
Ventures as canceling one-another out;
|
||||||
|
things may appear the same for now,
|
||||||
|
but serious problems still need to be resolved.
|
||||||
|
|
||||||
|
[cfaa-back]: https://www.eff.org/deeplinks/2016/07/ninth-circuit-panel-backs-away-dangerous-password-sharing-decision-creates-even
|
||||||
|
[fvp]: https://www.eff.org/cases/facebook-v-power-ventures
|
||||||
|
[eff-punish]: https://www.eff.org/deeplinks/2013/02/rebooting-computer-crime-part-3-punishment-should-fit-crime
|
||||||
|
[aaron]: https://www.eff.org/deeplinks/2013/01/farewell-aaron-swartz
|
|
@ -0,0 +1,41 @@
|
||||||
|
# "Election"
|
||||||
|
|
||||||
|
The past few days of the DNC have demanded pause. I am an Independent. I
|
||||||
|
do not like Hillary Clinton. I am a Bernie supporter, and I was upset by his
|
||||||
|
endorsement of Hillary. I had vowed not to vote for Hillary; I would
|
||||||
|
instead vote for Jill Stein. The DNC, while very well done with a deeply
|
||||||
|
compelling facade, has not changed my perspective on Clinton.
|
||||||
|
|
||||||
|
It is perhaps said best by Bernie himself: "It's easy to boo, but it's
|
||||||
|
harder to look your kids in the face who would be living under a Donald
|
||||||
|
Trump presidency". The conflict here is between my deep ideologies and
|
||||||
|
reality. It's often said that a vote for Hillary is a vote against Trump;
|
||||||
|
such a perspective would shallow and purposeless. But this isn't an
|
||||||
|
election for president---this is the most threatening assault on everything
|
||||||
|
I stand for that I hope I will ever witness in my lifetime. To stand for
|
||||||
|
ideological purity would be to stand atop a mountain while the world around
|
||||||
|
me burns. This is why Bernie chose to unite.
|
||||||
|
|
||||||
|
Should Trump win, my ideals that seem within reach could be blown back
|
||||||
|
decades. As a matter of strategy, I cannot justify _not_ swallowing every
|
||||||
|
ounce of my pride. Hillary's presidency is an unfortunate but necessary
|
||||||
|
consequence of the only permissible outcome. I am not electing a president
|
||||||
|
of the United States. I am electing _a United States_.
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
So I am doing what I never thought I would do: proposing that others too
|
||||||
|
factor this obscene equation and recognize how the very few remaining
|
||||||
|
variables affect the result. My ideals continue to exist in part and in
|
||||||
|
spirit with Hillary as president. With Trump, they are all but
|
||||||
|
vanquished. Donald Trump must not be elected president of the United
|
||||||
|
States. When (and if) you vote, think of it as a shot fired, not as a vote
|
||||||
|
cast.
|
||||||
|
|
||||||
|
"Election".
|
||||||
|
|
||||||
|
More information about my opinions on this topic can be found
|
||||||
|
[here][social-1] and [here][social-2].
|
||||||
|
|
||||||
|
[social-1]: https://social.mikegerwitz.com/conversation/21864
|
||||||
|
[social-2]: https://social.mikegerwitz.com/conversation/22026
|
|
@ -0,0 +1,103 @@
|
||||||
|
# NSO Group, Pegasus, Trident---iOS Exploits Targeting Human Rights Activist
|
||||||
|
|
||||||
|
[Citizen Lab released a report][cl] describing the attempted use of iOS
|
||||||
|
0-days on human rights activist [Ahmed Mansoor][] by the United Arab
|
||||||
|
Emirates.
|
||||||
|
They named this chain of exploits _Trident_,
|
||||||
|
and with the help of [Lookout Security][paper],
|
||||||
|
were able to analyze them.
|
||||||
|
|
||||||
|
It begins with [arbitrary code execution (CVE-2016-4655)][4655] by
|
||||||
|
exploiting a memory corruption vulnerability in WebKit,
|
||||||
|
which downloads a payload unknown to the user.
|
||||||
|
That payload is able to bypass KASLR and [determine the kernel memory
|
||||||
|
location (CVE-2016-4656)][4656],
|
||||||
|
then allowing it to exploit a [memory corruption vulnerability in the
|
||||||
|
kernel itself (CVE-2016-4657)][4657];
|
||||||
|
this "jailbreaks" the device and is a complete compromise of the system.
|
||||||
|
|
||||||
|
[cl]: https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/
|
||||||
|
[Ahmed Mansoor]: https://en.wikipedia.org/wiki/Ahmed_Mansoor
|
||||||
|
[paper]: https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf
|
||||||
|
[4655]: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4655
|
||||||
|
[4656]: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4656
|
||||||
|
[4657]: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4657
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
This payload is [Pegasus][paper],
|
||||||
|
a complex surveillance tool sold to governments,
|
||||||
|
often used for espionage.
|
||||||
|
In this case,
|
||||||
|
Monsoor received a suspicious text message and wisely [tipped off Citizen
|
||||||
|
Lab][cl] rather than opening the presented link.
|
||||||
|
Had he done so,
|
||||||
|
he would have unknowingly downloaded this spyware that could very well
|
||||||
|
have put his life in extreme danger:
|
||||||
|
it has the capability to track his location;
|
||||||
|
record his calls and texts;
|
||||||
|
record communications through software like WhatsApp and Skype;
|
||||||
|
download his contact information;
|
||||||
|
grab passwords and encryption keys from his keyring;
|
||||||
|
and much more.
|
||||||
|
|
||||||
|
This malware was written by [NSO Group][],
|
||||||
|
which is so poorly known that their [Wikipedia page didn't even exist
|
||||||
|
until today][nso-wikipedia].
|
||||||
|
The software company is based in Israel,
|
||||||
|
founded in 2010 by Niv Carmi, Omri Lavie, and Shalev Hulio.
|
||||||
|
They were purchased in 2014 by [Francisco Partners][],
|
||||||
|
a private equity firm in the United States,
|
||||||
|
for $110 million.
|
||||||
|
They exist to sell exploits to governments.
|
||||||
|
|
||||||
|
Anyone familiar with security research is aware of [responsible
|
||||||
|
disclosure][]:
|
||||||
|
it is a model whereby researchers who discover a vulnerability
|
||||||
|
release their research publicly only _after_ they notify the authors
|
||||||
|
of the software,
|
||||||
|
and a patch mitigating the vulnerability has been released.
|
||||||
|
This is what Citizen Lab did---Apple [fixed the vulnerability][apple] in
|
||||||
|
iOS 9.3.5.[^rms-apple]
|
||||||
|
This is not what NSO Group does:
|
||||||
|
Instead, they horde their exploits[^0day] and sell them to governments as
|
||||||
|
weapons for surveillance or espionage.
|
||||||
|
In this case,
|
||||||
|
the United Arab Emirates (or so it seems).
|
||||||
|
This is not only unethical,
|
||||||
|
but to sell to a government that is known for this type of abuse is
|
||||||
|
inexcusable and negligent---the people behind NSO Group are absolute
|
||||||
|
scum.[^scum]
|
||||||
|
They are empowering a foreign government known for their civil and human
|
||||||
|
rights abuses.
|
||||||
|
I have trouble finding words.
|
||||||
|
|
||||||
|
There is much more that can be said on this topic with respect to security,
|
||||||
|
civil and human rights,
|
||||||
|
and various other topics.
|
||||||
|
But I don't want to distract from the topic at hand.
|
||||||
|
Let this sink in.
|
||||||
|
Read the [Citizen Lab][cl] report and the [paper by Lookout Security][paper].
|
||||||
|
Today I leave my soapbox be.
|
||||||
|
|
||||||
|
[NSO Group]: https://en.wikipedia.org/wiki/NSO_Group
|
||||||
|
[nso-wikipedia]: https://en.wikipedia.org/w/index.php?title=NSO_Group&action=history
|
||||||
|
[Francisco Partners]: https://en.wikipedia.org/wiki/Francisco_Partners
|
||||||
|
[responsible disclosure]: https://en.wikipedia.org/wiki/Responsible_disclosure
|
||||||
|
[apple]: https://support.apple.com/en-us/HT207107
|
||||||
|
|
||||||
|
[^rms-apple]: I [can't recommend that you use Apple
|
||||||
|
devices](https://stallman.org/apple.html), but if you do, you
|
||||||
|
should upgrade immediately;
|
||||||
|
you are vulnerable to exploitation by simply visiting a
|
||||||
|
malicious webpage.
|
||||||
|
|
||||||
|
[^0day]: Called 0-days,
|
||||||
|
because they haven't been disclosed and there has been no time to
|
||||||
|
prepare or release a fix.
|
||||||
|
|
||||||
|
[^scum]: For other scum, see the organization behind [FinFisher][]; and the
|
||||||
|
group [Hacking Team][].
|
||||||
|
|
||||||
|
[FinFisher]: https://en.wikipedia.org/wiki/FinFisher
|
||||||
|
[Hacking Team]: https://en.wikipedia.org/wiki/Hacking_Team
|
|
@ -0,0 +1,79 @@
|
||||||
|
# Self-Discovery Before the Internet
|
||||||
|
|
||||||
|
This is an autobiographical opinion piece prompted by [a HackerNews
|
||||||
|
post][hn] discussing what it was like to learn programming before Stack
|
||||||
|
Overflow (and other parts of the Internet).
|
||||||
|
|
||||||
|
[hn]: https://news.ycombinator.com/item?id=14339293
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
I'm not old. I was born in 1989. I started programming around 1999. The
|
||||||
|
Internet sure did exist back then, but I was 10, and my parents weren't keen
|
||||||
|
on having me just go exploring. Besides, it was dial-up---you couldn't go
|
||||||
|
search real quick; especially if someone was on the phone. Using the
|
||||||
|
Internet was an _event_, and an exciting one at that, listening to those
|
||||||
|
dial tones, logging in using that old Prodigy dialog. Back then you had
|
||||||
|
Dogpile and Ask Jeeves. Most sites I'd visit by name; usually that was
|
||||||
|
GameFAQs or CNET download.com, because those are the sites my friend told me
|
||||||
|
about when he introduced me to the Internet.
|
||||||
|
|
||||||
|
I'm entirely self-taught. I didn't know any programmers. I didn't have
|
||||||
|
contact with any. I told my parents that I wanted to learn how to program
|
||||||
|
and they skeptically brought me to Barnes and Noble where we picked out
|
||||||
|
Learn to Program with Visual Basic 6 by John Smiley (*gasp* yes I started as
|
||||||
|
a Windows programmer). It came with a VB6 CD that for a while I was
|
||||||
|
convinced could only run the book examples, because I had no idea what I was
|
||||||
|
doing. I struggled. I tinkered. Hacker culture was on the complete
|
||||||
|
opposite end of where I was, but by the time I discovered it years later, I
|
||||||
|
felt like I finally found myself---I finally discovered who I was. The
|
||||||
|
struggle made me a hacker.
|
||||||
|
|
||||||
|
It's easy to half-ass it today. It's easy to simply say "eh I can Google
|
||||||
|
it" and forego committing knowledge. But it also makes it easy to gain
|
||||||
|
knowledge, for those who do care to do so. It makes trivia easy. It makes
|
||||||
|
discovery easy. It also exposes people to subcultures quickly and
|
||||||
|
demands conformance to stereotypes and norms before one can discover
|
||||||
|
_themselves_. Who would I be today without having to struggle for myself
|
||||||
|
rather than someone else _telling_ me who I am, and what I do?
|
||||||
|
|
||||||
|
This is more than just technical knowledge. This is the difference between
|
||||||
|
dropping a child off in the wild or dropping them off at the local
|
||||||
|
scouts. And at least scouts will discover themselves together. With the
|
||||||
|
Internet, you absorb a body of existing knowledge; you _rediscover others_,
|
||||||
|
not yourself. You often read blogs containing opinions of others, not books
|
||||||
|
or manuals.
|
||||||
|
|
||||||
|
That's not to say that you can't learn on your own. Many still do. Many
|
||||||
|
focus on manuals and books and source code rather than social media. It's
|
||||||
|
sure hard, though, when everything is integrated as such. Social media
|
||||||
|
can be beneficial---you do want communication and collaboration. I sure as
|
||||||
|
hell want to communicate with others. Opinions of others are deeply
|
||||||
|
important too. Some of the best things I've read are on blogs, not in
|
||||||
|
books. But I've already found my niche. I've found myself. I wasn't
|
||||||
|
tainted or manipulated---I learned in a world of proprietary software where
|
||||||
|
developing license systems was fun and emerged a free software
|
||||||
|
activist. Because I was forced to look inward, not post on Stack Overflow
|
||||||
|
or HN or Reddit expecting a hand-guided tour or `dd` of thoughts (okay,
|
||||||
|
you're not getting that on HN).
|
||||||
|
|
||||||
|
Not everyone needs to be a passionate hacker or developer. Really, the
|
||||||
|
world needs both. And based on what I've seen being pumped out of schools
|
||||||
|
and universities, the self-taught are generally better off either way. The
|
||||||
|
vast resources available to modern programmers make many tasks easier and
|
||||||
|
cheaper, though it also increases maintenance costs if all the programmer is
|
||||||
|
doing is using code snippets or concepts without actually grokking
|
||||||
|
them. But this is what most of the world runs off of.
|
||||||
|
|
||||||
|
Let yourself struggle. Go offline. Sit down with a print book and get out
|
||||||
|
a pen and take notes in the margin, write out your ideas. Getting syntax
|
||||||
|
errors in your editor or REPL? Figure it out! Or maybe consult the manual,
|
||||||
|
or the book you're reading. Don't search for the solution. When I learned
|
||||||
|
Algebra in middle school, I had little interest, and forgot all of
|
||||||
|
it. Years later, I needed it as a foundation for other things. I
|
||||||
|
discovered the rules for myself on pen and paper. Not only do I remember it
|
||||||
|
now (or can rediscover on a whim), but I understand _why_ it works the way
|
||||||
|
it does. I've had those epiphanies. It's easy to miss the forest for the
|
||||||
|
trees when you don't gain that essential intuition to help yourself
|
||||||
|
out. And the forest is vast and beautiful.
|
||||||
|
|
|
@ -0,0 +1,35 @@
|
||||||
|
# GNU is more than a collection of software
|
||||||
|
|
||||||
|
GNU is more than just a collection of software; it is an operating system:
|
||||||
|
|
||||||
|
[https://www.gnu.org/gnu/thegnuproject.html]()
|
||||||
|
|
||||||
|
Many hackers and activists within the free software community don't
|
||||||
|
understand this well, and it's a shame to see attacks on GNU's relevance (as
|
||||||
|
measured by programs written by GNU on a given system) going
|
||||||
|
unchallenged. Software for GNU was written by the GNU Project when a
|
||||||
|
suitable free program was not available. It wouldn't have made sense to
|
||||||
|
write everything from scratch if free programs already solved the problem.
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
When we say GNU/Linux, we really are referring to the GNU operating system
|
||||||
|
that just happens to be using Linux. It could be using the FreeBSD kernel
|
||||||
|
([GNU/kFreeBSD][]). It could be using a Windows kernel with a Linux API
|
||||||
|
([GNU/kWindows][]). It could be using the [Hurd][] ([GNU/Hurd][]). The
|
||||||
|
disambiguation is important, but the end result is pretty much the same.
|
||||||
|
|
||||||
|
There are many systems that use Linux that are not GNU. Android is not GNU,
|
||||||
|
for example. We shouldn't attempt to call those systems "GNU/Linux"
|
||||||
|
blindly. (Also note how it's called "Android", not "Android/Linux", or just
|
||||||
|
"Linux". Somehow GNU is controversial, though.)
|
||||||
|
|
||||||
|
So if you see someone challenging GNU's relevance because GNU/Linux contains
|
||||||
|
so much software that isn't part of a GNU package, then please provide the
|
||||||
|
above link, and kindly explain to them that their observation is correct,
|
||||||
|
because GNU is an operating system, not a collection of programs.
|
||||||
|
|
||||||
|
[GNU/kFreeBSD]: https://en.wikipedia.org/wiki/Debian_GNU/kFreeBSD
|
||||||
|
[GNU/kWindows]: https://mikegerwitz.com/2016/04/GNU-kWindows
|
||||||
|
[Hurd]: https://www.gnu.org/software/hurd/
|
||||||
|
[GNU/Hurd]: https://www.debian.org/ports/hurd/
|
|
@ -0,0 +1,79 @@
|
||||||
|
# Russia wants to review source code of Western security software
|
||||||
|
|
||||||
|
Reuters [released an article][0] entitled "Under pressure, Western tech
|
||||||
|
firms bow to Russian demands to share cyber secrets".
|
||||||
|
Should Russia be permitted to do so?
|
||||||
|
Should companies "bow" to these demands?
|
||||||
|
|
||||||
|
I want to draw a parallel to another highly controversial case regarding
|
||||||
|
access to source code:
|
||||||
|
the [Apple v. FBI][2] case early last year.
|
||||||
|
For those who don't recall,
|
||||||
|
one of the concerns was the government trying to compel Apple to make
|
||||||
|
changes to iOS to permit brute forcing the San Bernardino attacker's
|
||||||
|
PIN;
|
||||||
|
this is a [violation of First Amendment rights][3] (compelled speech),
|
||||||
|
and this afforded Apple strong support from even communities that
|
||||||
|
otherwise oppose them on nearly all other issues.
|
||||||
|
The alternative was to have the FBI make changes to the software instead of
|
||||||
|
compelling Apple to do so,
|
||||||
|
which would require access to the source code of iOS.
|
||||||
|
|
||||||
|
[0]: http://www.reuters.com/article/us-usa-russia-tech-insight-idUSKBN19E0XB
|
||||||
|
[2]: https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_dispute
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
Becuase of the hostility toward the FBI in this case,
|
||||||
|
even many in the [free software community][4] took the stance that the FBI
|
||||||
|
being able to modify the software would set terrible precedent.
|
||||||
|
But that's missing the point a bit.
|
||||||
|
Being able to modify software doesn't give you the right to install it on
|
||||||
|
others' devices;
|
||||||
|
the FBI would have had to compell Apple to release their signing keys
|
||||||
|
as well---_that_ is a dangerous precedent.
|
||||||
|
If the government compelled Apple to made changes themselves,
|
||||||
|
_that_ is dangerous precedent.
|
||||||
|
|
||||||
|
"Cyber secrets" in the above title refers to source code to software written
|
||||||
|
by companies like Cisco, IBM, SAP, and others;
|
||||||
|
secrets that can only exist in proprietary software that
|
||||||
|
[denies users the right to inspect, modify, and share][1] the software
|
||||||
|
that they are running.
|
||||||
|
|
||||||
|
For those who agree with the free software philosophy,
|
||||||
|
it's important to remove consideration of _who_ is trying to exercise their
|
||||||
|
[four freedoms][1].
|
||||||
|
In the case of the FBI,
|
||||||
|
from a free software perspective,
|
||||||
|
of course they should be able to modify the software---we
|
||||||
|
believe that _all_ software should be free!
|
||||||
|
(But that doesn't mean they should be able to install it on _someone
|
||||||
|
else's_ device.)
|
||||||
|
In the context of this article by Reuters:
|
||||||
|
Russia doesn't have to ask to examine software that is free/libre.
|
||||||
|
And if they did, it shouldn't be a concern;
|
||||||
|
restricting who can use and examine software is [a slippery slope][5].
|
||||||
|
|
||||||
|
Unfortunately, not all software is free/libre.
|
||||||
|
But if we extend the free software philsophy---there
|
||||||
|
should be no _ethical_ concerns with a foreign power wanting to inspect
|
||||||
|
proprietary source code.
|
||||||
|
But proprietary software might have something of concern to hide:
|
||||||
|
it might be something malicious like a backdoor,
|
||||||
|
or it might be something like a lack of security or poor development
|
||||||
|
practices;
|
||||||
|
[proprietary software exists only to keep secrets][6], after all.
|
||||||
|
|
||||||
|
If Russia has to ask to inspect source code for security software,
|
||||||
|
you probably do too.
|
||||||
|
And if that's the case,
|
||||||
|
the security being provided to you is merely a facade.
|
||||||
|
It's not Russia to be suspicious of for asking---it's
|
||||||
|
the companies that keep secrets to begin with.
|
||||||
|
|
||||||
|
[1]: https://www.gnu.org/philosophy/free-software-even-more-important.html
|
||||||
|
[3]: https://www.eff.org/deeplinks/2016/03/deep-dive-why-forcing-apple-write-and-sign-code-violates-first-amendment
|
||||||
|
[4]: https://www.gnu.org/philosophy/free-sw.en.html
|
||||||
|
[5]: https://www.gnu.org/philosophy/programs-must-not-limit-freedom.html
|
||||||
|
[6]: https://www.gnu.org/proprietary/proprietary.html
|
|
@ -0,0 +1,85 @@
|
||||||
|
# Don't force me to use your tools [on the Web]
|
||||||
|
|
||||||
|
There was an interesting discussion on [libreplanet-discuss][] recently
|
||||||
|
regarding web interfaces.
|
||||||
|
Below is a rather informal off-the-cuff statement regarding the use of Web
|
||||||
|
interfaces (specificlaly Discourse) over my own tools.
|
||||||
|
|
||||||
|
[libreplanet-discuss]: https://lists.gnu.org/archive/html/libreplanet-discuss/2017-06/msg00032.html
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
-----
|
||||||
|
|
||||||
|
I live a huge chunk of my life in my mail client
|
||||||
|
(which happens to be my editor as well).
|
||||||
|
It's scripted,
|
||||||
|
heavily customized,
|
||||||
|
and integrated with other things.
|
||||||
|
I do task management with Org mode,
|
||||||
|
which integrates simply but well enough with Gnus.
|
||||||
|
I can use my editor keybindings and such when composing messages.
|
||||||
|
The same goes with my IRC client.
|
||||||
|
I never have to leave home, if you will.
|
||||||
|
|
||||||
|
Contrast that with websites:
|
||||||
|
if I have to write anything substantial,
|
||||||
|
I often have to write it in my editor first and paste it in.
|
||||||
|
|
||||||
|
Many of us hackers don't care for flashy interfaces;
|
||||||
|
we'd rather use the tools we've invested our lives into and know well.
|
||||||
|
Tools that can compose and work well in pipelines.
|
||||||
|
Trying to use interfaces that reinvent the wheel poorly is painful.
|
||||||
|
And let's not be fooled---these are programs.
|
||||||
|
Especially when they're heavy on JavaScript.
|
||||||
|
There's no difference between this and someone asking me to download Foo and
|
||||||
|
put my Emacs toy away, as cute as it is.
|
||||||
|
|
||||||
|
But I know that many people don't feel that way.
|
||||||
|
I have coworkers that think I'm crazy (respectfully so).
|
||||||
|
And I think they're crazy too. ;)
|
||||||
|
Admittedly, using your own tools is a large barrier to entry---my
|
||||||
|
tools are useful because I've spent a great deal of time learning and
|
||||||
|
researching and customizing.
|
||||||
|
And now I can reuse them for everything.
|
||||||
|
For your average user looking to get into activism,
|
||||||
|
who may not even be a programmer,
|
||||||
|
that's a bit different;
|
||||||
|
it's easier to say "here's your single tool (Web)---go use it".
|
||||||
|
|
||||||
|
There are systems that allow for a level of integration
|
||||||
|
(e.g. mailing lists and forums).
|
||||||
|
But they're often treated as fallbacks---as second-class citizens.
|
||||||
|
They might provide a subset of features;
|
||||||
|
it leaves certain members of the community out---those
|
||||||
|
who want to use their own tools.
|
||||||
|
|
||||||
|
I haven't used Discourse.
|
||||||
|
I do see "mailing list support";
|
||||||
|
maybe that's a good sign.
|
||||||
|
But one of the phrases at the top of the features page is
|
||||||
|
"[w]e're reimagining what a modern discussion platform should
|
||||||
|
be".
|
||||||
|
Many of us don't want to see it reimagined.
|
||||||
|
That's the opposite of what many want.
|
||||||
|
|
||||||
|
Trying to strike a balance isn't a bad thing if that's the audience
|
||||||
|
we're looking to attract.
|
||||||
|
But it's difficult,
|
||||||
|
and something I struggle with a great deal.
|
||||||
|
|
||||||
|
-----
|
||||||
|
|
||||||
|
tl;dr:
|
||||||
|
Asking someone to use an interface on the Web is asking them to use
|
||||||
|
/your/ program instead of their own.
|
||||||
|
Be respectful by using [Web standards for accessibility][accessibility];
|
||||||
|
[progressive enhancement][];
|
||||||
|
and make use of well-established standards with rich histories,
|
||||||
|
especially if your audience makes use of them
|
||||||
|
(e.g. mailing lists, RSS feeds, federation standards, etc).
|
||||||
|
|
||||||
|
Thank you.
|
||||||
|
|
||||||
|
[accessibility]: https://en.wikipedia.org/wiki/Web_accessibility
|
||||||
|
[progressive enhancement]: https://en.wikipedia.org/wiki/Progressive_enhancement
|
|
@ -0,0 +1,40 @@
|
||||||
|
# The Ethics Void: Join Me at LibrePlanet 2018!
|
||||||
|
|
||||||
|
I got word today that I'll be speaking again at this year's [LibrePlanet][]!
|
||||||
|
I was going to attend even if I were not speaking,
|
||||||
|
but I'm very excited to be able to continue to build off of last year's
|
||||||
|
talk and further my activism on these topics.
|
||||||
|
|
||||||
|
[LibrePlanet]: https://libreplanet.org/2018/
|
||||||
|
|
||||||
|
The title of this year's talk is _The Ethics Void_.
|
||||||
|
Here's a rough abstract:
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
> Medicine, legal, finance, journalism, scientific research—each of these
|
||||||
|
> fields and many others have widely adopted codes of ethics governing the
|
||||||
|
> lives of their professionals. Some of these codes may even be enshrined in
|
||||||
|
> law. And this is for good reason: these are fields that have enormous
|
||||||
|
> consequences.
|
||||||
|
|
||||||
|
> Software and technology pervade not only through these fields, but through
|
||||||
|
> virtually every aspect of our lives. Yet, when compared to other fields, our
|
||||||
|
> community leaders and educators have produced an ethics void. Last year, I
|
||||||
|
> introduced numerous topics concerning #privacy, #security, and #freedom that
|
||||||
|
> raise serious ethical concerns. Join me this year as we consider some of
|
||||||
|
> those examples and others in an attempt to derive a code of ethics that
|
||||||
|
> compares to each of these other fields, and to consider how leaders and
|
||||||
|
> educators should approach ethics within education and guidance.
|
||||||
|
|
||||||
|
(My previous talks can be found on my ["Talks" page][talks].)
|
||||||
|
|
||||||
|
For this talk,
|
||||||
|
I want to solicit the community at various points.
|
||||||
|
I know what _I_ want to talk about,
|
||||||
|
but what are some of the most important ethical issues to _you_?
|
||||||
|
Unfortunately there's far too much to fit into a 40-minute talk!
|
||||||
|
Feel free to send me an e-mail or reply to the [thread on GNU Social][thread].
|
||||||
|
|
||||||
|
[talks]: /talks
|
||||||
|
[thread]: https://social.mikegerwitz.com/conversation/99140
|
|
@ -0,0 +1,44 @@
|
||||||
|
# Meltdown/Spectre and the Web
|
||||||
|
|
||||||
|
The recently-released [Meltdown][] and [Spectre][] CPU timing attacks
|
||||||
|
affect virtually every user in some way;
|
||||||
|
the consequences are profound.
|
||||||
|
There are plenty of good write-ups on the topic,
|
||||||
|
so I don't feel the need to re-iterate the technical details here.
|
||||||
|
(See an easily digestible one [from the Raspberry Pi][rpi] project, and an
|
||||||
|
in-depth analysis [from Project Zero][zero].)
|
||||||
|
|
||||||
|
[Meltdown]: https://meltdownattack.com/
|
||||||
|
[Spectre]: https://spectreattack.com/
|
||||||
|
[rpi]: https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/
|
||||||
|
[zero]: https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
|
||||||
|
|
||||||
|
What I do want to draw attention to is that these attacks [are exploitable
|
||||||
|
via web browsers][mozilla].
|
||||||
|
|
||||||
|
[mozilla]: https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
The reason for this is that your web browser,
|
||||||
|
by default,
|
||||||
|
automatically downloads and executes programs without your knowledge or
|
||||||
|
consent.
|
||||||
|
Most commonly,
|
||||||
|
web pages embed software in the form of JavaScript code.
|
||||||
|
Because of the features available in modern JavaScript environments,
|
||||||
|
CPU cache timing attacks are possible.
|
||||||
|
|
||||||
|
[I spoke about the security issues][lp2016] of running these programs in your web
|
||||||
|
browser back in 2016---it
|
||||||
|
was a bad idea then,
|
||||||
|
and it's still a bad idea now.
|
||||||
|
[I spoke further of privacy issues][lp2017] last year at LibrePlanet 2017.
|
||||||
|
I encourage you to use extensions like [NoScript][] to block the execution of
|
||||||
|
JavaScript by default,
|
||||||
|
and stop random people from treating your computer as a puppet to do
|
||||||
|
their own bidding.
|
||||||
|
|
||||||
|
[lp2016]: https://media.libreplanet.org/u/libreplanet/collection/restore-online-freedom/
|
||||||
|
[lp2017]: https://media.libreplanet.org/u/libreplanet/m/the-surreptitious-assault-on-privacy-security-and-freedom/
|
||||||
|
[NoScript]: http://noscript.net/
|
|
@ -0,0 +1,60 @@
|
||||||
|
# When Talking About Mobile Tracking, Don't Veil Bad Actors With Blanket Statements
|
||||||
|
|
||||||
|
It's difficult to have useful conversations about mobile tracking when
|
||||||
|
someone says "your phone / mobile device tracks you";
|
||||||
|
such statements don't often lead to constructive conversation because they
|
||||||
|
are too vague and therefore easily dismissed as sensationalism or
|
||||||
|
paranoia.
|
||||||
|
And they are all too often without substance because,
|
||||||
|
while users do have legitimate concerns,
|
||||||
|
they aren't necessarily aware of the specific problems contributing to
|
||||||
|
those concerns.
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
A mobile device is nothing more than a small computer that you carry around
|
||||||
|
with you.
|
||||||
|
The networks that you connect to can spy on you---your
|
||||||
|
cellular network, bluetooth, wifi, etc.
|
||||||
|
To help mitigate these threats,
|
||||||
|
you can disable those communications until you are in a safe place that
|
||||||
|
you don't mind others knowing about.
|
||||||
|
We can only have confidence that these connections have been disabled by
|
||||||
|
physical means,
|
||||||
|
like a hardware switch or a bag that acts like a Faraday cage.
|
||||||
|
[iOS deceives users][ios-deceive] when they ask to disable those communications
|
||||||
|
for example.
|
||||||
|
|
||||||
|
The software running on your device often spies on you:
|
||||||
|
the operating system itself often spies;
|
||||||
|
the apps you install often spy.
|
||||||
|
This is the fault of the individual _authors_---_they_
|
||||||
|
are the problem.
|
||||||
|
Consider using free/libre software that empowers you and serves _you_ rather
|
||||||
|
than its creators;
|
||||||
|
it's much harder to hide secrets in free software.
|
||||||
|
On Android,
|
||||||
|
consider using only free software available in [F-Droid][].
|
||||||
|
We also need fully free mobile operating systems,
|
||||||
|
like [Replicant][] and hopefully Purism's Librem 5 that is still under
|
||||||
|
development.
|
||||||
|
Don't be fooled into thinking the Android on most phones is free
|
||||||
|
software---only
|
||||||
|
its core (AOSP) is.
|
||||||
|
|
||||||
|
Call out those that do harm---don't
|
||||||
|
veil and protect them using statements like "your phone tracks you".
|
||||||
|
Talk about the specific issues.
|
||||||
|
Demand change and have the courage to reject them entirely.
|
||||||
|
This involves inconvenience and sacrifice.
|
||||||
|
But if we're strong now,
|
||||||
|
then in the near future perhaps we won't have to make any sacrifices,
|
||||||
|
much like the fully free GNU/Linux system desktops we have today.
|
||||||
|
|
||||||
|
Fore more information on tracking,
|
||||||
|
see my [LibrePlanet 2017 and 2018 talks](/talks) "The Surreptitious Assault on Privacy,
|
||||||
|
Security, and Freedom" and "The Ethics Void", respectively.
|
||||||
|
|
||||||
|
[F-Droid]: https://f-droid.org
|
||||||
|
[ios-deceive]: https://web.archive.org/web/20170922011748/https://support.apple.com/en-us/HT208086
|
||||||
|
[Replicant]: https://replicant.us
|
|
@ -0,0 +1,28 @@
|
||||||
|
# LibrePlanet 2019 will be March 23--24 in Boston, MA
|
||||||
|
|
||||||
|
It's already time to start thinking about LibrePlanet 2019, which will be
|
||||||
|
March 23--24 in the Greater Boston Area in MA:
|
||||||
|
|
||||||
|
[https://libreplanet.org/2019/]()
|
||||||
|
|
||||||
|
This is the one event that I must make it to each year, and I encourage
|
||||||
|
everyone to attend and see the faces of many that are at the heart of the
|
||||||
|
free software community.
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
Consider [submitting a session][submit]! Or, if you can't make it but plan
|
||||||
|
on watching online, maybe help someone else attend by [contributing to the
|
||||||
|
travel fund][travel-fund]. The call for sessions ends October 26th.
|
||||||
|
|
||||||
|
I'll be attending again this year, and I plan on submitting a session
|
||||||
|
proposal. I won't have the time to do [my 100+hr research talks like the
|
||||||
|
past couple years][talks], so maybe I'll fall back on something more
|
||||||
|
technical that I won't have to research.
|
||||||
|
|
||||||
|
It's still a ways off, but if you do plan on attending, do let me know so I
|
||||||
|
can say hello!
|
||||||
|
|
||||||
|
[submit]: https://my.fsf.org/lp-call-for-sessions
|
||||||
|
[travel-fund]: https://my.fsf.org/civicrm/contribute/transact?reset=1&id=60
|
||||||
|
[talks]: /talks/
|
|
@ -0,0 +1,66 @@
|
||||||
|
# Webmasters: Please, Don't Block Tor
|
||||||
|
|
||||||
|
[Tor][] is a privacy and anonymity tool that [helps users to defend
|
||||||
|
themselves][tor-about] against traffic analysis online.
|
||||||
|
Some people, like me, use it as an important tool to help defend against
|
||||||
|
[various online threats to privacy][sapsf].
|
||||||
|
[Others use it][tor-users] to avoid censorship,
|
||||||
|
perhaps by the country in which they live.
|
||||||
|
Others use it because their lives depend on it---they
|
||||||
|
may live under an oppressive regime that forbids access to certain
|
||||||
|
information or means of communication.
|
||||||
|
|
||||||
|
[Tor]: https://www.torproject.org/
|
||||||
|
[tor-about]: https://www.torproject.org/about/overview.html.en#whyweneedtor
|
||||||
|
[tor-users]: https://www.torproject.org/about/torusers.html.en
|
||||||
|
[sapsf]: /talks/sapsf
|
||||||
|
|
||||||
|
Unfortunately, some people also hide behind Tor to do bad things,
|
||||||
|
like attack websites or commit fraud.
|
||||||
|
Because of this,
|
||||||
|
many website owners and network administrators see Tor as a security threat,
|
||||||
|
and choose to block Tor users from accessing their website.
|
||||||
|
|
||||||
|
<!-- more -->
|
||||||
|
|
||||||
|
But in doing so,
|
||||||
|
you aren't just keeping out some of the malicious users:
|
||||||
|
you're also keeping out those who [use Tor for important, legitimate
|
||||||
|
reasons][tor-users].
|
||||||
|
Malicious users have other means to achieve anonymity and often have the
|
||||||
|
skill and understanding to do so.
|
||||||
|
But average Tor users aren't necessarily technology experts,
|
||||||
|
and certainly don't have the extra (often maliciously-acquired) resources
|
||||||
|
that bad actors do,
|
||||||
|
so they are disprortionally affected by blocks.
|
||||||
|
|
||||||
|
A particularly unsettling problem I often encounter is that a website will
|
||||||
|
outright prohibit access by Tor users _even on read-only resources like
|
||||||
|
articles or information_.
|
||||||
|
I've even seen this on informational resources on United States Government
|
||||||
|
domains!
|
||||||
|
Blocking access to interactive website features---like
|
||||||
|
posting comments or making purchases---can
|
||||||
|
be understandable,
|
||||||
|
or maybe even necessary sometimes.
|
||||||
|
For example,
|
||||||
|
Wikipedia prohibits page edits over Tor.
|
||||||
|
But Wikipedia _does not block reading_ over Tor.
|
||||||
|
|
||||||
|
If you are considering threats that may mask themselves behind Tor and you
|
||||||
|
are running a blog, news site, or other informational resource,
|
||||||
|
please, consider how your actions [may affect innocent
|
||||||
|
users][tor-users].
|
||||||
|
Allow users to read over Tor,
|
||||||
|
even if you decide to prohibit them from interacting.
|
||||||
|
|
||||||
|
For users of Tor who do find themselves stuck from time to time:
|
||||||
|
I will often prepend `https://web.achive.org/` to the URL of a page that
|
||||||
|
is blocked,
|
||||||
|
which allows me to view the page in the Internet Archive's [Wayback
|
||||||
|
Machine][].
|
||||||
|
For example,
|
||||||
|
to view my website in the Wayback Machine,
|
||||||
|
you'd visit `https://web.archive.org/https://mikegerwitz.com/`.
|
||||||
|
|
||||||
|
[Wayback Machine]: https://web.archive.org/
|
Loading…
Reference in New Issue