Congratulations to MediaGoblin for not only [meeting the $10k matching grant
from a generous anonymous donor][0], but also for raising $36k to date.
[MediaGoblin][1] is a ``free software media publishing platform that anyone can
run''; it is a distributed, free (as in freedom) alternative to services such as
YouTube, Flickr and others, and is part of the [GNU project][2].
[0] http://mediagoblin.org/news/we-made-10k-matching.html
[1] http://mediagoblin.org/
[2] http://gnu.org/
The EFF [points out problems with California's Proposition 35][0], which would,
among other things, [require registered sex offenders to ``disclose Internet
activities and identities''][1]:
[...] Proposition 35 would force individuals to provide law enforcement with
information about online accounts that are wholly unrelated to criminal
activity – such as political discussion groups, book review sites, or blogs.
In today’s online world, users may set up accounts on websites to communicate
with family members, discuss medical conditions, participate in political
advocacy, or even listen to Internet radio. An individual on the registered
sex offender list would be forced to report each of these accounts to law
enforcement within 24 hours of setting it up – or find themselves in jail.
This will have a powerful chilling effect on free speech rights of tens of
thousands of Californians.
[0] https://www.eff.org/deeplinks/2012/11/eff-urges-no-vote-california-proposition-35
[1] http://voterguide.sos.ca.gov/propositions/35/
A police officer [recalls a time he went through airport security][0] and
received a patdown from one of the security agents, which he found to be
absolutely useless.
[0] http://www.gizmodo.co.uk/2012/10/search-me/
The EFF [announces the launch of openwireless.org][0], which encourages users to
[share their network connections][1] to create a global network of freely
available wireless internet access.
This is a noble movement. This reminds me of a point in history when MIT began
password protecting their accounts, which were previously open to anyone.
Stallman, disagreeing with such a practice, encouraged users to create empty
passwords.[2] Stallman would even give out his account information so that
remote users may log into MIT's systems, all with good intent.
Of course, with malice rampant in today's very different world, Stallman's
actions, although noble, would be both naive and a huge security risk.
Fortunately, [opening your wireless network isn't necessarily one of these
risks][3] and, if done properly, does not equate to opening your private network
to attack.
Consider using [DD-WRT][4] as your router's firmware, if supported by your
device, as it is itself [free software][5].
[0] https://www.eff.org/deeplinks/2012/10/why-we-have-open-wireless-movement
[1] https://www.openwireless.org/
[2] http://shop.fsf.org/product/free-as-in-freedom-2/
[3] https://openwireless.org/myths
[4] http://dd-wrt.com
[5] http://www.gnu.org/philosophy/free-sw.html
There's two problems with this post from the EFF describing [The Village Voice
suing Yelp for ``Best of'' trademark infringement][0]: firstly, there's the
obvious observation that such a trademark should not have been permitted by the
USPTO to begin with. Secondly---why do entities insist on gaming the system in
such a terribly unethical manner? It takes a special breed of people to do such
a thing.
[0] https://www.eff.org/deeplinks/2012/10/stupid-lawyer-tricks-and-government-officials-who-are-helping-them
My issue with patents exceeds the [obvious case against software patents][0];
indeed, I have long pondered the problems with patents in other fields. When I
hear the phrase ``patent pending'' or ``patented technology'' touted in ads, I
have never thought positive thoughts; instead, I have thought ``you are damning
this otherwise excellent work to stagnation''. What if someone has an excellent
idea to improve upon that particular product? Well, they'd better be prepared to
jump through some hoops or shell out some hefty licensing fees. Or maybe it's
just easier to abandon the idea entirely and forget that it had never happened.
However, I thought, it's not a simple case of ridding the world of patents.
How would that affect the incentive to innovate? How would people recoup
expensive R&D costs, especially in industries like pharmacy (both my parents are
pharmacists)? What about the incentive to describe your invention to the world?
Then again, nobody *has* to get a patent for their invention. It may be worth
keeping it secret if nobody can figure it out.
The answers to all of these questions appeared in one place: [The Case Against
Patents][1], which I found referenced in an article regarding the [Swedish Pirate
Party's opinions on patents, trademarks and copyright][2]. While it is still a
draft at the time of this writing, I encourage you to give it a read, as it is
very enlightening.
[0] http://patentabsurdity.com/
[1] http://research.stlouisfed.org/wp/2012/2012-035.pdf
[2] http://falkvinge.net/2012/10/13/what-the-swedish-pirate-party-wants-with-patents-trademarks-and-copyright/
The FSF decided to [crash the Windows 8 launch even in New York City][0],
complete with [Trisquel][1] DVDs, FSF stickers and information about their
[pledge to upgrade to GNU/Linux instead of Windows 8][2].
I find this to be a fun, excellent alternative to blatant protesting that is
likely to be better received by those who would otherwise be turned off to
negativity. At the very least, the [walking gnu][3] would surely turn heads and
demand curiosity.
Here is the e-mail that was sent to the info at fsf.org mailing list:
Happy (almost) Halloween, everybody,
You've probably been noticing Microsoft's ads for their new operating
system -- after all, they've spent more money on them than any other
software launch campaign in history. In fact, everything about the
campaign has been meticulously planned and optimized, so you can
imagine journalists' surprise when an unexpected guest showed up at an
invite-only launch event on Thursday.
Our volunteer, Tristan Chambers, was there and caught the whole thing
on camera! Pictures here:
<http://www.fsf.org/blogs/community/gnus-trick-or-treat-at-windows-8-launch>.
Reporters and security guards at the event weren't sure how to react
when they were greeted by a real, live gnu. The gnu -- which, on
closer inspection, was an activist in a gnu suit -- had come for some
early trick-or-treating. But instead of candy, she had free software
for the eager journalists. The gnu and the FSF campaigns team handed
out dozens of copies of Trisquel, a fully free GNU/Linux distribution,
along with press releases and stickers. Once they got over their
confusion, the reporters were happy to see us and hear our message --
that Windows 8 is a downgrade, not an upgrade, because it steals
users' freedom, security and privacy.
Free software operating systems are the real upgrade, and they don't
need a zillion-dollar launch event to prove it. To show Microsoft that
their ads won't change our minds, we're starting an upgrade pledge:
switch to a free OS, or if you're already using one, help a friend
switch. We can pay Microsoft a chunk of change for their new,
proprietary OS, or we can stand up for our freedom. The choice isn't
as hard as Microsoft wants you to think.
Sign the pledge now! -- <http://www.fsf.org/windows8/pledge>.
Thanks for making a commitment to free software.
PS - If you'd like more details about the action, you can check out
our press release here:
<http://www.fsf.org/news/activists-trick-or-treat-for-free-software-at-windows-8-launch-event-1>.
-Zak Rogoff
Campaigns Manager
[0] http://www.fsf.org/news/activists-trick-or-treat-for-free-software-at-windows-8-launch-event-1
[1] http://trisquel.info/
[2] http://www.defectivebydesign.org/windows8
[3] http://www.fsf.org/blogs/community/gnus-trick-or-treat-at-windows-8-launch
How would you feel if law enforcement showed up in your living room, demanded
your cell phone, and started writing down your call history and text messages?
How would you feel if you didn't even know that they were in your home to begin
with, let alone stealing private data? [This is precisely what is happening when
law enforcement uses ``Stingrays'' to locate individuals][0], collecting data of
every other individual within range of the device in the process. Even *if* you
are the subject of surveillance, this is still an astonishing violation of
privacy. (Of course, law enforcement could always demand such records from your
service provider, but such an act at the very least has a paper trail.)
[0] https://www.eff.org/deeplinks/2012/10/stingrays-biggest-unknown-technological-threat-cell-phone-privacy
The EFF has released an article with a [plethora of links describing warrantless
wiretapping under the Obama administration][0], spurred by Obama's response to
Jon Stewart's questioning on The Daily Show last Thursday. (Readers should also
be aware of the [NSA spy center][1] discussed earlier in the year, as is
mentioned in the EFF article.)
It is clear that the United States government has no intent on protecting the
freedoms of individuals and instead is actively resisting attempts to correct
the problems. While we can hope that this will change, and we can be confident
that organizations like the EFF will continue to fight for our liberties, one
immediate option is to limit as much as possible what the NSA and other agencies
can discover about you. Consider using [Tor][2] for all of your network traffic
(at the very least, use HTTPS connections to prevent agencies and ISPs from viewing
specific web pages on a particular domain; HTTPS is unnecessary if using Tor.)
PGP/GPG can be used to encrypt e-mail messages to the intended recipients. Etc.
It's unfortunate that such precautions are necessary. Privacy is important even
if you have nothing to hide; any suggestion to the contrary is absolutely
absurd.
[0] https://www.eff.org/deeplinks/2012/10/fact-check-obamas-misleading-answer-about-warrantless-wiretapping-daily-show
[1] http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/
[2] http://torproject.org
My previous post mentioned the dangers of running non-free software on implanted
medical devices. While reading over RMS' policital notes[0], I came across [an
article mentioning how viruses are rampant on medical equipment][1].
"It's not unusual for those devices, for reasons we don't fully understand, to
become compromised to the point where they can't record and track the data,"
Olson said during the meeting, referring to high-risk pregnancy monitors.
The devices often run old, unpatches versions of Microsoft's Windoze operating
system. The article also mentions how the maleware often attempts to include its
host as part of a botnet.
This is deeply concerning and incredibly dangerous. As non-free software is used
more and more in equipement that is responsible for our health and safety, we
are at increased risk for not only obvious software flaws, but also for crackers
with malicious intent; harming someone will become as easy as instructing your
botnet to locate and assassinate an individual while you go enjoy a warm (or
cold) beverage.
These problems are *less likely* (not impossible) to occur in free software
beacuse the users and community are able to inspect the source code and fix
problems that arise (or hire someone that can)[2]. In particular, in the case of
the hospitals mentioned in [the article][1], they would be free to hire someone
to fix the problems themselves rather than falling at the mercy of the
corporations who supplied the proprietary software.
[0] http://stallman.org/archives/2012-jul-oct.html#18_October_2012_%28Computerized_medical_devices_vulnerable_to_viruses%29
[1] http://www.technologyreview.com/news/429616/computer-viruses-are-rampant-on-medical-devices/
[2] http://www.gnu.org/philosophy/free-sw.html
[This article][0] demonstrates why medical devices must contain free software:
crackers are able to, with this particular type of pacemaker, exploit the device
to trigger a fatal electric shock to its host from as far as 30 feet away (the
article also mentions rewriting the firmware, which could of course be used to
schedule a deadly shock at a predetermined time). These issues would not exist
with free software, as the user and the community would be able to study the
source code and fix any defects (or hire someone who can) before placing it in
their bodies.
(Note that this article mistakenly uses the term ``hacker'' when they really
mean ``cracker''.)
The aforementioned article is an excellent supplement to [a discussion on free
software in pacemakers][1]. In particular, I had pointed out within this
discussion [a talk by Karen Sandler of the GNOME Foundation regarding this
issue][2] at OSCON 2011, in which she mentions potential issues of proprietary
software in pacemakers and the difficulty she faced in attempting to get the
source code for one that she was considering for herself.
The discussion on HackerNews also yielded [an article by the SFLC][3] detailing
this issue.
(Please do not use YouTube's proprietary video player to view the mentioned
YouTube video.)
[0] http://www.scmagazine.com.au/News/319508,hacked-terminals-capable-of-causing-pacemaker-mass-murder.aspx
[1] http://news.ycombinator.com/item?id=3959547
[2] https://www.youtube.com/watch?v=nFZGpES-St8
[3] https://www.softwarefreedom.org/news/2010/jul/21/software-defects-cardiac-medical-devices-are-life-/
A [very disturbing article][0] makes mention of a Verizon TOS update for its
Internet service customers:
Section 10.4 was updated to clarify that Verizon may in limited instances
modify administrative passwords for home routers in order to safeguard
Internet security and our network, the security and privacy of subscriber
information, to comply with the law, and/or to provide, upgrade and maintain
service.
...what? This is deeply disturbing, deeply perverted idea of security. Not only
is this a severe privacy concern (all internet traffic passes through your
router), but it's a deep *security* concern---what if a cracker is able to
figure out Verizon's password scheme, intercept the communication with your
router or otherwise?
I recommend that you (a) use your own router, (b) change its default password if
you have not yet done so and (c) disallow remote access. Furthermore, I
recommend using a free (as in freedom) firmware such as [DD-WRT][1] if supported
by your hardware.
[0] http://www.linuxbsdos.com/2012/10/04/is-that-a-backdoor-or-an-administrative-password-on-your-verizon-internet-router/
[1] http://dd-wrt.com/
[Bruce Schneier summarizes in a blog post][0] a disturbing topic regarding a New
York City locksmith selling ``master keys'' on eBay, providing access to various
services such as elevators and subway entrances.
[A discussion about this blog post on Hacker News][1] yielded some interesting
conversation, including an [even more disturbing article describing how simple
it may be to create master keys][2] for a set of locks given only the lock, its
key and a number of attempts.
I'll let you ponder the implications of both of these topics. Here's something
to get you started: organized crime could use these keys to effectively evade
law enforcement or break into millions of ``locked'' homes. Crackers could gain
intimate access to various city systems whereby they may be able to further
obstruct or infect systems. A security system is only as strong as its weakest
link. Keeping citizens in the dark about these issues gives them a dangerous and
false sense of security.
[0] http://www.schneier.com/blog/archives/2012/10/master_keys.html
[1] http://news.ycombinator.com/item?id=4654777
[2] http://www.crypto.com/masterkey.html
Whatever ``S'' may be (in this case, ``13 Oct 2012''), there is always a sense
of peace and gratification that comes with witnessing that line appear in any
type of log; it shows a dedication to an art, should your days contain daylight.
[An article][0] describes how a school district in Texas is attempting to force
its students to wear RFID tags at all times in order to track their location to
``stem the rampant truancy devastating the school's funding''.
What?
This is deeply concerning. Not only does this raise serious security and privacy
concerns (as mentioned near the end of the article), but it also costed the
schools over a half a million dollars to implement. In order words: Texas
taxpayer money has been wasted in an effort to track our children.
Good thing they don't have anything better to spend that money on.[1]
[0] http://rt.com/usa/news/texas-school-id-hernandez-033/
[1] http://fedupwithlunch.com/
I saw [this post][0] appear on HackerNews, talking about how building a game for
iOS is ``fun'' and ``cool''. The poster lures the reader in with talk of making
money and talks of a ``unique sense of fulfillment'' that comes with development
of these games, and then goes on to invite kids to learn how to develop games
for the iPhone (and presumably other iOS devices).
This is a terrible idea.
Getting children involved with hacking is an excellent idea, but introducing
them to the evils of Apple and associating that with a feeling of pleasure does
a great disservice; all software developed for iOS must be ``purchased'' (even
if it's of zero cost) through a walled garden called the ``App Store''. The
problem with this is that [the App Store is hostile toward free
software][1]---its overly restrictive terms are incompatible with free software
licenses like the GPL. Teaching children to develop software for this crippled,
DRM-laden system is teaching them that it is good to prevent sharing, stifle
innovation and deny aid to your neighbor.
A better solution would be to suggest developing software for a completely free
mobile operating system instead of iOS, such as Replicant[2] (a fully free
Android distribution). Even if Replicant itself were not used, Android itself,
so long as proprietary implementations and ``stores'' are avoided[3], is much
more [compatible with education][4] than iOS, since the children are then able
to freely write and distribute the software without being controlled by
malicious entities like Apple. Furthermore, they would then be able to use a
fully free operating system such as GNU/Linux to *write* the software.
Do not let fun and wealth disguise this ugly issue. Even more importantly---do
not pass this practice and woeful acceptance down to our children. I receive a
``unique sense of fulfillment'' each and every day hacking free software far
away from Apple's grasp.
[0] http://blog.makegameswith.us/post/33263097029/call-to-arms
[1] http://www.fsf.org/news/blogs/licensing/more-about-the-app-store-gpl-enforcement
[2] http://replicant.us/
[3] http://www.gnu.org/philosophy/android-and-users-freedom.html
[4] http://www.gnu.org/education/edu-schools.html
There have been a lot of elections going on lately---local, state and national.
The majority of those ads are attack ads: immature and disrespectful; if you
want my vote, give me something positive to vote for instead of spending all of
your time and money attacking your candidate. If my vote is to go to the "least
horrible" candidate, then there is no point in voting at all.
Even more frustrating is the deceptiveness of the ads---intentional
deceptiveness, nonetheless. And these are the ads that many in the United States
will be basing the majority of, if not all, of their vote on come election time
(how many will realistically research instead of sitting in front of the TV
absorbing all of the useless bullshit that they are spoonfed?).
Frightening.
Many people use SSH keys for the sole purpose of avoiding password entry when
logging into remote boxes. That is legtimate, especially if you frequently run
remote commands or wish to take advantage of remote tab complation, but creating
a key with an empty password is certainly the wrong approach---if an attacker
gets a hold of the key, then they have access to all of your boxes before you
have the chance to notice and revoke the key.
ssh-agent exists for this purpose. The problem is---creating an agent only to
place the key in memory indefinately is also a terrible idea. If your system
does become compromised and the attacker is either root access or access as your
user, then they can simply connect to the ssh-agent (unless it's password
protected) and start using your key. Also consider that, should you leave your
box unattended for even a moment without locking it (for whatever reason---shit
happens), an attacker could gain physical access to your PC (and an attacker may
just be a coworker looking to play a prank).
Every morning at work, I begin the day by typing ssh-add followed by an
appropriate lifetime (be it the duration of the work day, or the duration that I
think I will need the key). This way, your key is in memory when you are likely
to be physically present at the box and it is automatically removed from memory
after a given lifetime. Additionally, I like to add `ssh-add -D` to the script
that locks my PC when I walk away from my desk: that will immediately clear all
keys from memory, just in case.
concept to me, primarily due to my ignorance on the topic.
Trademarks, unless abused, are intended to protect consumers' interests---are
they getting the brand that they think they're getting? If you download Firefox,
are you getting Firefox, or a derivative?
Firefox is precicely one of those things that has brought this issue to light
for me personally: the name is trademarked and derivatives must use their own
names, leading to IceCat, IceWeasel, Abrowser, etc. Even though FF is free
software, the trademark imposes additional restrictions that seem contrary to
the free software philosophy. As such, it was my opinion that trademarks should
be avoided or, if they exist, should not be exercised. (GNU, for example, is
trademarked[0], but the FSF certainly does not exercise it[1]; consider GNUplot,
a highly popular graphing program, which is not even part of the GNU project.)
[This article][2] provides some perspective on the topic and arrives at much the
same conclusions: trademark enforcement stifles adoption and hurts the project
overall.
I recommend that trademarks not be used for free software projects, though I am
not necessarily opposed to registering a trademark "just in case" (for example,
to prevent others from maliciously attempting to register a trademark for your
project).
[0] uspto.gov; serial number 85380218; reg. number 4125065*
[1] http://www.gnu.org/prep/standards/html_node/Trademarks.html
[2] http://mako.cc/copyrighteous/20120902-00
* From what I could find from the USPTO website, it was submitted by
Aaron Williamson of the SFLC (http://www.softwarefreedom.org/about/team/)
This has been normal since becoming a father. I can't complain---I love being a
father. Of course, I also love hacking. I also love sleep. Knowing that my son
is going to wake me up a 6:00 in the morning has a slight influence in a
situation like this.
I'd like to just suffer through it, but being a fiancé also has another
obligation: going to bed when your significant other decides that it's bed time
(and by ``bed time'' I mean sleep). I still manage to fit it in somehow.
I don't. This is just some place safe to store random thoughts that people
probably don't care about (like most comments on most social networking
services), with the added benefit of distributed backup, a simple system and no
character limit.
All the thoughts are commit messages; in particular, this means no versioning.
That's okay, because I'm not going to go back and modify them, but I do want
dates and I do want GPG signatures (to show that it's actually me thinking this
crap).
This isn't a journal.
This will mostly be a hacker's thought cesspool.
This isn't a blog.
Though, considering how much I ramble (look at this message), certain thoughts
could certainly seem like blog entries. Don't get the two confused---one
requires only thought defecation and the other endures the disturbing task of
arranging the thought matter into something coherent and useful to present to
others.
Yeah. Enjoy. Or don't. You probably shouldn't, even if you do. If you don't,
you probably should just to see that you shouldn't.