Commit Graph

414 Commits (master)

Author SHA1 Message Date
Mike Gerwitz 0633a1dd4d
:Move Education to bottom of resume
* docs/about/resume.html (Education): Move section to bottom.
2017-07-24 21:27:02 -04:00
Mike Gerwitz bd59be0d37
Don't force me to use your tools [on the Web]
There was an interesting discussion on [libreplanet-discuss][] recently
  regarding web interfaces.
Below is a rather informal off-the-cuff statement regarding the use of Web
  interfaces (specificlaly Discourse) over my own tools.


I live a huge chunk of my life in my mail client
  (which happens to be my editor as well).
It's scripted,
  heavily customized,
  and integrated with other things.
I do task management with Org mode,
  which integrates simply but well enough with Gnus.
I can use my editor keybindings and such when composing messages.
The same goes with my IRC client.
I never have to leave home, if you will.

Contrast that with websites:
  if I have to write anything substantial,
    I often have to write it in my editor first and paste it in.

Many of us hackers don't care for flashy interfaces;
  we'd rather use the tools we've invested our lives into and know well.
  Tools that can compose and work well in pipelines.
Trying to use interfaces that reinvent the wheel poorly is painful.
And let's not be fooled---these are programs.
Especially when they're heavy on JavaScript.
There's no difference between this and someone asking me to download Foo and
  put my Emacs toy away, as cute as it is.

But I know that many people don't feel that way.
I have coworkers that think I'm crazy (respectfully so).
And I think they're crazy too. ;)
Admittedly, using your own tools is a large barrier to entry---my
  tools are useful because I've spent a great deal of time learning and
    researching and customizing.
And now I can reuse them for everything.
For your average user looking to get into activism,
  who may not even be a programmer,
  that's a bit different;
    it's easier to say "here's your single tool (Web)---go use it".

There are systems that allow for a level of integration
  (e.g. mailing lists and forums).
But they're often treated as fallbacks---as second-class citizens.
They might provide a subset of features;
  it leaves certain members of the community out---those
    who want to use their own tools.

I haven't used Discourse.
I do see "mailing list support";
  maybe that's a good sign.
But one of the phrases at the top of the features page is
  "[w]e're reimagining what a modern discussion platform should
Many of us don't want to see it reimagined.
That's the opposite of what many want.

Trying to strike a balance isn't a bad thing if that's the audience
  we're looking to attract.
But it's difficult,
  and something I struggle with a great deal.


  Asking someone to use an interface on the Web is asking them to use
    /your/ program instead of their own.
  Be respectful by using [Web standards for accessibility][accessibility];
    [progressive enhancement][];
    and make use of well-established standards with rich histories,
      especially if your audience makes use of them
      (e.g. mailing lists, RSS feeds, federation standards, etc).

Thank you.

[progressive enhancement]:
2017-06-27 01:33:03 -04:00
Mike Gerwitz d68fc4d991
Russia wants to review source code of Western security software
Reuters [released an article][0] entitled "Under pressure, Western tech
  firms bow to Russian demands to share cyber secrets".
Should Russia be permitted to do so?
Should companies "bow" to these demands?

I want to draw a parallel to another highly controversial case regarding
  access to source code:
    the [Apple v. FBI][2] case early last year.
For those who don't recall,
  one of the concerns was the government trying to compel Apple to make
  changes to iOS to permit brute forcing the San Bernardino attacker's
    this is a [violation of First Amendment rights][3] (compelled speech),
      and this afforded Apple strong support from even communities that
      otherwise oppose them on nearly all other issues.
The alternative was to have the FBI make changes to the software instead of
  compelling Apple to do so,
    which would require access to the source code of iOS.

Becuase of the hostility toward the FBI in this case,
  even many in the [free software community][4] took the stance that the FBI
  being able to modify the software would set terrible precedent.
But that's missing the point a bit.
Being able to modify software doesn't give you the right to install it on
  others' devices;
    the FBI would have had to compell Apple to release their signing keys
    as well---_that_ is a dangerous precedent.
If the government compelled Apple to made changes themselves,
  _that_ is dangerous precedent.

"Cyber secrets" in the above title refers to source code to software written
  by companies like Cisco, IBM, SAP, and others;
    secrets that can only exist in proprietary software that
      [denies users the right to inspect, modify, and share][1] the software
      that they are running.

For those who agree with the free software philosophy,
  it's important to remove consideration of _who_ is trying to exercise their
  [four freedoms][1].
In the case of the FBI,
  from a free software perspective,
  of course they should be able to modify the software---we
    believe that _all_ software should be free!
      (But that doesn't mean they should be able to install it on _someone
      else's_ device.)
In the context of this article by Reuters:
  Russia doesn't have to ask to examine software that is free/libre.
  And if they did, it shouldn't be a concern;
    restricting who can use and examine software is [a slippery slope][5].

Unfortunately, not all software is free/libre.
But if we extend the free software philsophy---there
  should be no _ethical_ concerns with a foreign power wanting to inspect
  proprietary source code.
But proprietary software might have something of concern to hide:
  it might be something malicious like a backdoor,
  or it might be something like a lack of security or poor development
    [proprietary software exists only to keep secrets][6], after all.

If Russia has to ask to inspect source code for security software,
  you probably do too.
And if that's the case,
  the security being provided to you is merely a facade.
It's not Russia to be suspicious of for asking---it's
  the companies that keep secrets to begin with.

2017-06-24 00:37:15 -04:00
Mike Gerwitz 25061618a2
:Update sapsf{=>.pdf} link on Talks page 2017-06-11 01:26:59 -04:00
Mike Gerwitz 2c015a8844
:GitLab self link title rename to mention username
* tpl/.config: Mention username in GitLab self link.
2017-06-11 01:11:19 -04:00
Mike Gerwitz ee07c2ccfb
:Add HN self link
Uses "HN" instead of the "Y" in the YCombinator icon.

* style.css: Create HN icon out of link.
* tpl/.config: Add HN link.
2017-06-11 01:10:10 -04:00
Mike Gerwitz cea58a8164
:doc/ Source code and bib link for sapsf 2017-06-08 00:34:09 -04:00
Mike Gerwitz 693165d552
GNU is more than a collection of software
GNU is more than just a collection of software; it is an operating system:


Many hackers and activists within the free software community don't
understand this well, and it's a shame to see attacks on GNU's relevance (as
measured by programs written by GNU on a given system) going
unchallenged. Software for GNU was written by the GNU Project when a
suitable free program was not available. It wouldn't have made sense to
write everything from scratch if free programs already solved the problem.

When we say GNU/Linux, we really are referring to the GNU operating system
that just happens to be using Linux. It could be using the FreeBSD kernel
([GNU/kFreeBSD][]). It could be using a Windows kernel with a Linux API
([GNU/kWindows][]). It could be using the [Hurd][] ([GNU/Hurd][]). The
disambiguation is important, but the end result is pretty much the same.

There are many systems that use Linux that are not GNU. Android is not GNU,
for example. We shouldn't attempt to call those systems "GNU/Linux"
blindly. (Also note how it's called "Android", not "Android/Linux", or just
"Linux". Somehow GNU is controversial, though.)

So if you see someone challenging GNU's relevance because GNU/Linux contains
so much software that isn't part of a GNU package, then please provide the
above link, and kindly explain to them that their observation is correct,
because GNU is an operating system, not a collection of programs.

2017-06-03 01:24:57 -04:00
Mike Gerwitz 675ae2a13a
:Remove Earth's Magic from resume
It's already covered by the freelancing section.  This was long enough ago
and my portfolio is large enough that this is really unnecessary.

* doc/about/resume.html (Earth's Magic): Remove experience.
2017-05-26 01:35:20 -04:00
Mike Gerwitz f46aea17af
Self-Discovery Before the Internet
This is an autobiographical opinion piece prompted by [a HackerNews
post][hn] discussing what it was like to learn programming before Stack
Overflow (and other parts of the Internet).

I'm not old.  I was born in 1989.  I started programming around 1999.  The
Internet sure did exist back then, but I was 10, and my parents weren't keen
on having me just go exploring.  Besides, it was dial-up---you couldn't go
search real quick; especially if someone was on the phone.  Using the
Internet was an _event_, and an exciting one at that, listening to those
dial tones, logging in using that old Prodigy dialog.  Back then you had
Dogpile and Ask Jeeves.  Most sites I'd visit by name; usually that was
GameFAQs or CNET, because those are the sites my friend told me
about when he introduced me to the Internet.

I'm entirely self-taught.  I didn't know any programmers.  I didn't have
contact with any.  I told my parents that I wanted to learn how to program
and they skeptically brought me to Barnes and Noble where we picked out
Learn to Program with Visual Basic 6 by John Smiley (*gasp* yes I started as
a Windows programmer).  It came with a VB6 CD that for a while I was
convinced could only run the book examples, because I had no idea what I was
doing.  I struggled.  I tinkered.  Hacker culture was on the complete
opposite end of where I was, but by the time I discovered it years later, I
felt like I finally found myself---I finally discovered who I was.  The
struggle made me a hacker.

It's easy to half-ass it today.  It's easy to simply say "eh I can Google
it" and forego committing knowledge.  But it also makes it easy to gain
knowledge, for those who do care to do so.  It makes trivia easy.  It makes
discovery easy.  It also exposes people to subcultures quickly and
demands conformance to stereotypes and norms before one can discover
_themselves_.  Who would I be today without having to struggle for myself
rather than someone else _telling_ me who I am, and what I do?

This is more than just technical knowledge.  This is the difference between
dropping a child off in the wild or dropping them off at the local
scouts.  And at least scouts will discover themselves together.  With the
Internet, you absorb a body of existing knowledge; you _rediscover others_,
not yourself.  You often read blogs containing opinions of others, not books
or manuals.

That's not to say that you can't learn on your own.  Many still do.  Many
focus on manuals and books and source code rather than social media.  It's
sure hard, though, when everything is integrated as such.  Social media
can be beneficial---you do want communication and collaboration.  I sure as
hell want to communicate with others.  Opinions of others are deeply
important too.  Some of the best things I've read are on blogs, not in
books.  But I've already found my niche.  I've found myself.  I wasn't
tainted or manipulated---I learned in a world of proprietary software where
developing license systems was fun and emerged a free software
activist.  Because I was forced to look inward, not post on Stack Overflow
or HN or Reddit expecting a hand-guided tour or `dd` of thoughts (okay,
you're not getting that on HN).

Not everyone needs to be a passionate hacker or developer.  Really, the
world needs both.  And based on what I've seen being pumped out of schools
and universities, the self-taught are generally better off either way.  The
vast resources available to modern programmers make many tasks easier and
cheaper, though it also increases maintenance costs if all the programmer is
doing is using code snippets or concepts without actually grokking
them.  But this is what most of the world runs off of.

Let yourself struggle.  Go offline.  Sit down with a print book and get out
a pen and take notes in the margin, write out your ideas.  Getting syntax
errors in your editor or REPL?  Figure it out!  Or maybe consult the manual,
or the book you're reading.  Don't search for the solution.  When I learned
Algebra in middle school, I had little interest, and forgot all of
it.  Years later, I needed it as a foundation for other things.  I
discovered the rules for myself on pen and paper.  Not only do I remember it
now (or can rediscover on a whim), but I understand _why_ it works the way
it does.  I've had those epiphanies.  It's easy to miss the forest for the
trees when you don't gain that essential intuition to help yourself
out.  And the forest is vast and beautiful.

2017-05-17 02:51:14 -04:00
Mike Gerwitz e7356fd8ef
:Add txt extension to githubbub files
Will ensure that proper MIME type is served to the client.
2017-04-14 00:50:03 -04:00
Mike Gerwitz f6c2a1e255
:s/&/+ in subtitle
My hacking and activism is inseparable.
2017-04-09 00:51:17 -04:00
Mike Gerwitz 91d6d46702
:Resume update
There are a number of changes here.  It doesn't mean that I'm looking for a
new job.  With that said, my employer surprised everyone with an acquisition
the day it was actually agreed upon, so we'll see how things go.
2017-04-09 00:49:14 -04:00
Mike Gerwitz 4191b282be
:Projects page is now a placeholder
Server now routes to cgit
2017-04-03 23:55:44 -04:00
Mike Gerwitz 58069270b1
:cgit styling (CSS) 2017-04-03 23:52:53 -04:00
Mike Gerwitz 91d135737c
:Remove mention of DMCA from sapsf description
It was not discussed (no time to fit it in).
2017-03-28 22:28:42 -04:00
Mike Gerwitz e699e1b3c6
:sapsf video posted 2017-03-28 22:26:06 -04:00
Mike Gerwitz ffeca52b2b
:Add link to sapsf slides 2017-03-28 00:05:46 -04:00
Mike Gerwitz b7a128f20b
:git-horror-story.txt: s/carrot/caret/g
Five years this typo has existed!

Thanks to Maxim Cournoyer <> for pointing this out
to me.
2017-02-28 22:42:44 -05:00
Mike Gerwitz 034e4e2f5f
:Host LP banner to respect user privacy
Don't make 3rd party request.
2017-01-20 00:16:17 -05:00
Mike Gerwitz 0f7de72da9
:Add LP2017 talk!
Just accepted!
2017-01-20 00:14:07 -05:00
Mike Gerwitz 0507dc76f3
: License Git Horror Story script under CC0
Someone contacted me about the license of this script.  The code itself is
doubtfully enforcable with US copyright anyway, so let's just put this into
the public domain.

It does have comments, but they're minor.
2016-12-19 22:04:19 -05:00
Mike Gerwitz 7956cf0b88
:Re-make pages on tpl/.config modification
This determines headers and other formatting.
2016-12-14 00:58:59 -05:00
Mike Gerwitz 951f7c0555
:Remove Rule 41 headline
The time has passed.  I'll have words on this in the future.  As long as I
have the time to write them.
2016-12-14 00:55:32 -05:00
Mike Gerwitz f4c545893b :Add mention of GNU ethical repo criteria to githubbub
* docs/about/ Add reference to GNU ethical repo criteria.
2016-11-10 23:43:26 -05:00
Mike Gerwitz d934d0740c :Add literate-xsl to project list
* docs/ (literate-xsl): Added project.
2016-11-10 23:35:24 -05:00
Mike Gerwitz 30dc33c97b
:Depoliticize blog
The election is over, so there's no point in keeping the "Election." post. at a loss for words.  I'll surely be posting about this in some
regard at some point, so I'm not going to bother here.
2016-11-08 23:35:37 -05:00
Mike Gerwitz f6fecfa676
:Update FSF member footer graphic
This image displays the date I joined: exactly nine years ago to the
day.  That's just a coincidence, tbh; I happened upon it.

Oh how time flies...

Happy Halloween.
2016-10-31 00:07:37 -04:00
Mike Gerwitz 68ffd6fb4e
:Remove endsoftpatents link in footer
This site is no longer active; the last post was in 2014.
2016-10-31 00:00:44 -04:00
Mike Gerwitz da2b079f9a
: GPG key change and transition statement 2016-10-13 23:10:14 -04:00
Mike Gerwitz 34078c338b
: Add Restore Online Freedom! talk to resume 2016-10-13 23:10:08 -04:00
Mike Gerwitz d7ab852f43
:Prevent heading from overlapping page fold on articles
* style.css (h1.subject): Right margin to prevent overlap of page fold on
  smaller resolutions
2016-08-27 15:06:46 -04:00
Mike Gerwitz ce61b5c057
:Better fit headline images at lower resolutions
* style.css: Float headline images to right on lower resolution, reduce size
  of index headline.
2016-08-27 00:29:51 -04:00
Mike Gerwitz 81b2824128
:Correct self-links overlap of header on small displays
style.css: #self-links will no longer overlap header at any point.
2016-08-27 00:08:45 -04:00
Mike Gerwitz 55cb97ff35
:Wrap menu if needed to accomodate screen resolution
* style.css: Upper menu will now text wrap if needed.
2016-08-27 00:08:25 -04:00
Mike Gerwitz 57121a9c23
NSO Group, Pegasus, Trident---iOS Exploits Targeting Human Rights Activist
[Citizen Lab released a report][cl] describing the attempted use of iOS
  0-days on human rights activist [Ahmed Mansoor][] by the United Arab
They named this chain of exploits _Trident_,
  and with the help of [Lookout Security][paper],
  were able to analyze them.

It begins with [arbitrary code execution (CVE-2016-4655)][4655] by
  exploiting a memory corruption vulnerability in WebKit,
  which downloads a payload unknown to the user.
That payload is able to bypass KASLR and [determine the kernel memory
  location (CVE-2016-4656)][4656],
  then allowing it to exploit a [memory corruption vulnerability in the
  kernel itself (CVE-2016-4657)][4657];
    this "jailbreaks" the device and is a complete compromise of the system.

This payload is [Pegasus][paper],
  a complex surveillance tool sold to governments,
  often used for espionage.
In this case,
  Monsoor received a suspicious text message and wisely [tipped off Citizen
  Lab][cl] rather than opening the presented link.
Had he done so,
  he would have unknowingly downloaded this spyware that could very well
  have put his life in extreme danger:
    it has the capability to track his location;
    record his calls and texts;
    record communications through software like WhatsApp and Skype;
    download his contact information;
    grab passwords and encryption keys from his keyring;
    and much more.

This malware was written by [NSO Group][],
  which is so poorly known that their [Wikipedia page didn't even exist
  until today][nso-wikipedia].
The software company is based in Israel,
  founded in 2010 by Niv Carmi, Omri Lavie, and Shalev Hulio.
They were purchased in 2014 by [Francisco Partners][],
  a private equity firm in the United States,
  for $110 million.
They exist to sell exploits to governments.

Anyone familiar with security research is aware of [responsible
  it is a model whereby researchers who discover a vulnerability
    release their research publicly only _after_ they notify the authors
    of the software,
      and a patch mitigating the vulnerability has been released.
This is what Citizen Lab did---Apple [fixed the vulnerability][apple] in
  iOS 9.3.5.[^rms-apple]
This is not what NSO Group does:
  Instead, they horde their exploits[^0day] and sell them to governments as
    weapons for surveillance or espionage.
In this case,
  the United Arab Emirates (or so it seems).
This is not only unethical,
  but to sell to a government that is known for this type of abuse is
  inexcusable and negligent---the people behind NSO Group are absolute
They are empowering a foreign government known for their civil and human
  rights abuses.
I have trouble finding words.

There is much more that can be said on this topic with respect to security,
  civil and human rights,
  and various other topics.
But I don't want to distract from the topic at hand.
Let this sink in.
Read the [Citizen Lab][cl] report and the [paper by Lookout Security][paper].
Today I leave my soapbox be.

[Ahmed Mansoor]:
[NSO Group]:
[Francisco Partners]:
[responsible disclosure]:

[^rms-apple]: I [can't recommend that you use Apple
              devices](, but if you do, you
              should upgrade immediately;
                you are vulnerable to exploitation by simply visiting a
                malicious webpage.

[^0day]: Called 0-days,
           because they haven't been disclosed and there has been no time to
           prepare or release a fix.

[^scum]: For other scum, see the organization behind [FinFisher][]; and the
           group [Hacking Team][].

[Hacking Team]:
2016-08-26 00:05:24 -04:00
Mike Gerwitz ce0f049a9f
:Add TAME reference to Projects page
Today liberated the entire project as used in production.
2016-08-24 22:53:23 -04:00
Mike Gerwitz 61b8ae9e91
The past few days of the DNC have demanded pause.  I am an Independent.  I
do not like Hillary Clinton. I am a Bernie supporter, and I was upset by his
endorsement of Hillary.  I had vowed not to vote for Hillary; I would
instead vote for Jill Stein.  The DNC, while very well done with a deeply
compelling facade, has not changed my perspective on Clinton.

It is perhaps said best by Bernie himself: "It's easy to boo, but it's
harder to look your kids in the face who would be living under a Donald
Trump presidency".  The conflict here is between my deep ideologies and
reality.  It's often said that a vote for Hillary is a vote against Trump;
such a perspective would shallow and purposeless.  But this isn't an
election for president---this is the most threatening assault on everything
I stand for that I hope I will ever witness in my lifetime.  To stand for
ideological purity would be to stand atop a mountain while the world around
me burns.  This is why Bernie chose to unite.

Should Trump win, my ideals that seem within reach could be blown back
decades.  As a matter of strategy, I cannot justify _not_ swallowing every
ounce of my pride.  Hillary's presidency is an unfortunate but necessary
consequence of the only permissible outcome.  I am not electing a president
of the United States.  I am electing _a United States_.

So I am doing what I never thought I would do: proposing that others too
factor this obscene equation and recognize how the very few remaining
variables affect the result.  My ideals continue to exist in part and in
spirit with Hillary as president.  With Trump, they are all but
vanquished.  Donald Trump must not be elected president of the United
States.  When (and if) you vote, think of it as a shot fired, not as a vote


More information about my opinions on this topic can be found
[here][social-1] and [here][social-2].

2016-08-03 23:03:47 -04:00
Mike Gerwitz aa42e553ce
:Update hoxsl Savannah link to use plain HTTP

* docs/hoxsl/ http{s=>} src link
2016-07-21 23:26:11 -04:00
Mike Gerwitz 254a71d6ac
:Update hoxsl src link to Savannah
* docs/hoxsl/ Update src link
2016-07-21 22:47:53 -04:00
Mike Gerwitz 9df57f8130
:GNU role update in About 2016-07-19 23:26:21 -04:00
Mike Gerwitz bf3c68728d
:Add hoxsl to project page 2016-07-19 23:20:37 -04:00
Mike Gerwitz 22a9489628
:Project page reorganization 2016-07-19 23:20:20 -04:00
Mike Gerwitz a482d2bfca
:Add hoxsl project page 2016-07-19 23:19:29 -04:00
Mike Gerwitz f141de9cce
:Update GNU Screen involvement on Projects page
* docs/ GNU Screen involvement update
2016-07-19 22:57:40 -04:00
Mike Gerwitz 0b6fa52735
CFAA, "Authorized" Access, and Common Sense
There is little common sense to be had with the [Computer Fraud and Abuse
  Act][cfaa] (CFAA) to begin with.
To add to the confusion,
  the Ninth Circuit Court of Appeals last week held 2-1 in [United States
  v. Nosal][uvn] that accessing a service using someone else's
  password---even if that person gave you permission to do so---[violates
  the CFAA][cfaa-passwd],
    stating that only the _owner_ of a computer can give such authorization.
This is absurd even with complete lack of understanding of what the law is:
  should your spouse be held criminally liable for paying your bills online
  using your account?

Common sense says no.
In another case this week---[Facebook v. Power Ventures][fvp]---the same
  court (though a different panel of judges) stepped back from the original
  decision and stated that computer _users_ can indeed provide
This authorization holds even if the service's Terms of Service say
Yet: the computer owner (in this case, Facebook) can revoke authorization,
  which takes precedence over any authorization provided by a user of that
So with a seemingly magical incantation,
  a benign situation can be made into a federal crime,
  just like that.

These situations highlight dangerous confusion over the interpretation of an
  already dangerously vague law.
The CFAA is the law that was used to prosecute Aaron Swartz for federal
  "crimes"---with a punishment of up to thirty-five years in prison---for
  liberating documents hosted on JSTOR.
Because of this [draconian threat][eff-punish],
  [Aaron committed suicide][aaron] on January 11th, 2013.

The CFAA already has blood on its hands;
  it needs to be reined _in_,
    not be given further broad powers.
So don't take news of the decisions in US v. Nosal and Facebook v. Power
  Ventures as canceling one-another out;
    things may appear the same for now,
      but serious problems still need to be resolved.

2016-07-16 22:40:09 -04:00
Mike Gerwitz c6ca369ab8 :About page update to more accurately reflect activities 2016-07-07 23:41:14 -04:00
Mike Gerwitz 1f91f838c7
:Various About page changes
More concise, and some information changes.

Yes, those hacker and cracker links are supposed to be identical.
2016-06-18 13:39:52 -04:00
Mike Gerwitz 3f286d46ef
...this happened a while back.  I clearly don't read my About page.
2016-06-18 13:27:18 -04:00
Mike Gerwitz ad270eaf3c
:Round Rule 41 banner borders slightly 2016-06-18 13:21:15 -04:00