It's already time to start thinking about LibrePlanet 2019, which will be
March 23--24 in the Greater Boston Area in MA:
[https://libreplanet.org/2019/]()
This is the one event that I must make it to each year, and I encourage
everyone to attend and see the faces of many that are at the heart of the
free software community.
Consider [submitting a session][submit]! Or, if you can't make it but plan
on watching online, maybe help someone else attend by [contributing to the
travel fund][travel-fund]. The call for sessions ends October 26th.
I'll be attending again this year, and I plan on submitting a session
proposal. I won't have the time to do [my 100+hr research talks like the
past couple years][talks], so maybe I'll fall back on something more
technical that I won't have to research.
It's still a ways off, but if you do plan on attending, do let me know so I
can say hello!
[submit]: https://my.fsf.org/lp-call-for-sessions
[travel-fund]: https://my.fsf.org/civicrm/contribute/transact?reset=1&id=60
[talks]: /talks/
It's difficult to have useful conversations about mobile tracking when
someone says "your phone / mobile device tracks you";
such statements don't often lead to constructive conversation because they
are too vague and therefore easily dismissed as sensationalism or
paranoia.
And they are all too often without substance because,
while users do have legitimate concerns,
they aren't necessarily aware of the specific problems contributing to
those concerns.
A mobile device is nothing more than a small computer that you carry around
with you.
The networks that you connect to can spy on you---your
cellular network, bluetooth, wifi, etc.
To help mitigate these threats,
you can disable those communications until you are in a safe place that
you don't mind others knowing about.
We can only have confidence that these connections have been disabled by
physical means,
like a hardware switch or a bag that acts like a Faraday cage.
[iOS deceives users][ios-deceive] when they ask to disable those communications
for example.
The software running on your device often spies on you:
the operating system itself often spies;
the apps you install often spy.
This is the fault of the individual _authors_---_they_
are the problem.
Consider using free/libre software that empowers you and serves _you_ rather
than its creators;
it's much harder to hide secrets in free software.
On Android,
consider using only free software available in [F-Droid][].
We also need fully free mobile operating systems,
like [Replicant][] and hopefully Purism's Librem 5 that is still under
development.
Don't be fooled into thinking the Android on most phones is free
software---only
its core (AOSP) is.
Call out those that do harm---don't
veil and protect them using statements like "your phone tracks you".
Talk about the specific issues.
Demand change and have the courage to reject them entirely.
This involves inconvenience and sacrifice.
But if we're strong now,
then in the near future perhaps we won't have to make any sacrifices,
much like the fully free GNU/Linux system desktops we have today.
Fore more information on tracking,
see my [LibrePlanet 2017 and 2018 talks](/talks) "The Surreptitious Assault on Privacy,
Security, and Freedom" and "The Ethics Void", respectively.
[F-Droid]: https://f-droid.org
[ios-deceive]: https://web.archive.org/web/20170922011748/https://support.apple.com/en-us/HT208086
[Replicant]: https://replicant.us
It's difficult to have useful conversations about mobile tracking when
someone says "your phone / mobile device tracks you";
such statements don't often lead to constructive conversation because they
are too vague and therefore easily dismissed as sensationalism or
paranoia.
And they are all too often without substance because,
while users do have legitimate concerns,
they aren't necessarily aware of the specific problems contributing to
those concerns.
A mobile device is nothing more than a small computer that you carry around
with you.
The networks that you connect to can spy on you---your
cellular network, bluetooth, wifi, etc.
To help mitigate these threats,
you can disable those communications until you are in a safe place that
you don't mind others knowing about.
We can only have confidence that these connections have been disabled by
physical means,
like a hardware switch or a bag that acts like a Faraday cage.
[iOS deceives users][ios-deceive] when they ask to disable those communications
for example.
The software running on your device often spies on you:
the operating system itself often spies;
the apps you install often spy.
This is the fault of the individual _authors_---_they_
are the problem.
Consider using free/libre software that empowers you and serves _you_ rather
than its creators;
it's much harder to hide secrets in free software.
On Android,
consider using only free software available in [F-Droid][].
We also need fully free mobile operating systems,
like [Replicant][] and hopefully Purism's Librem 5 that is still under
development.
Don't be fooled into thinking the Android on most phones is free
software---only
its core (AOSP) is.
Call out those that do harm---don't
veil and protect them using statements like "your phone tracks you".
Talk about the specific issues.
Demand change and have the courage to reject them entirely.
This involves inconvenience and sacrifice.
But if we're strong now,
then in the near future perhaps we won't have to make any sacrifices,
much like the fully free GNU/Linux system desktops we have today.
Fore more information on tracking,
see my [LibrePlanet 2018 and 2019 talks](/talks) "The Surreptitious Assault on Privacy,
Security, and Freedom" and "The Ethics Void", respectively.
[F-Droid]: https://f-droid.org
[ios-deceive]: https://web.archive.org/web/20170922011748/https://support.apple.com/en-us/HT208086
[Replicant]: https://replicant.us
I got word today that I'll be speaking again at this year's [LibrePlanet][]!
I was going to attend even if I were not speaking,
but I'm very excited to be able to continue to build off of last year's
talk and further my activism on these topics.
The title of this year's talk is _The Ethics Void_.
Here's a rough abstract:
> Medicine, legal, finance, journalism, scientific research—each of these
> fields and many others have widely adopted codes of ethics governing the
> lives of their professionals. Some of these codes may even be enshrined in
> law. And this is for good reason: these are fields that have enormous
> consequences.
> Software and technology pervade not only through these fields, but through
> virtually every aspect of our lives. Yet, when compared to other fields, our
> community leaders and educators have produced an ethics void. Last year, I
> introduced numerous topics concerning #privacy, #security, and #freedom that
> raise serious ethical concerns. Join me this year as we consider some of
> those examples and others in an attempt to derive a code of ethics that
> compares to each of these other fields, and to consider how leaders and
> educators should approach ethics within education and guidance.
(My previous talks can be found on my ["Talks" page][talks].)
For this talk,
I want to solicit the community at various points.
I know what _I_ want to talk about,
but what are some of the most important ethical issues to _you_?
Unfortunately there's far too much to fit into a 40-minute talk!
Feel free to send me an e-mail or reply to the [thread on GNU Social][thread].
[LibrePlanet]: https://libreplanet.org/2018/
[talks]: /talks
[thread]: https://social.mikegerwitz.com/conversation/99140
This removes some whitespace, extra sentences that aren't needed, and
entirely removes the education section that wasn't adding any value or
useful information; I'm self-educated.
This adapts the same methodology I used for my SAPSF LP2017 talk to keep
third-party resources out of the repository. This is not only good from a
licensing perspective, but also good for the repo and programatically
defines how I derive the image displayed on my site from a source image (and
proves that it does not constitute a derivative work, as it is not
transformative).
There was an interesting discussion on [libreplanet-discuss][] recently
regarding web interfaces.
Below is a rather informal off-the-cuff statement regarding the use of Web
interfaces (specificlaly Discourse) over my own tools.
-----
I live a huge chunk of my life in my mail client
(which happens to be my editor as well).
It's scripted,
heavily customized,
and integrated with other things.
I do task management with Org mode,
which integrates simply but well enough with Gnus.
I can use my editor keybindings and such when composing messages.
The same goes with my IRC client.
I never have to leave home, if you will.
Contrast that with websites:
if I have to write anything substantial,
I often have to write it in my editor first and paste it in.
Many of us hackers don't care for flashy interfaces;
we'd rather use the tools we've invested our lives into and know well.
Tools that can compose and work well in pipelines.
Trying to use interfaces that reinvent the wheel poorly is painful.
And let's not be fooled---these are programs.
Especially when they're heavy on JavaScript.
There's no difference between this and someone asking me to download Foo and
put my Emacs toy away, as cute as it is.
But I know that many people don't feel that way.
I have coworkers that think I'm crazy (respectfully so).
And I think they're crazy too. ;)
Admittedly, using your own tools is a large barrier to entry---my
tools are useful because I've spent a great deal of time learning and
researching and customizing.
And now I can reuse them for everything.
For your average user looking to get into activism,
who may not even be a programmer,
that's a bit different;
it's easier to say "here's your single tool (Web)---go use it".
There are systems that allow for a level of integration
(e.g. mailing lists and forums).
But they're often treated as fallbacks---as second-class citizens.
They might provide a subset of features;
it leaves certain members of the community out---those
who want to use their own tools.
I haven't used Discourse.
I do see "mailing list support";
maybe that's a good sign.
But one of the phrases at the top of the features page is
"[w]e're reimagining what a modern discussion platform should
be".
Many of us don't want to see it reimagined.
That's the opposite of what many want.
Trying to strike a balance isn't a bad thing if that's the audience
we're looking to attract.
But it's difficult,
and something I struggle with a great deal.
-----
tl;dr:
Asking someone to use an interface on the Web is asking them to use
/your/ program instead of their own.
Be respectful by using [Web standards for accessibility][accessibility];
[progressive enhancement][];
and make use of well-established standards with rich histories,
especially if your audience makes use of them
(e.g. mailing lists, RSS feeds, federation standards, etc).
Thank you.
[libreplanet-discuss]: https://lists.gnu.org/archive/html/libreplanet-discuss/2017-06/msg00032.html
[accessibility]: https://en.wikipedia.org/wiki/Web_accessibility
[progressive enhancement]: https://en.wikipedia.org/wiki/Progressive_enhancement
Reuters [released an article][0] entitled "Under pressure, Western tech
firms bow to Russian demands to share cyber secrets".
Should Russia be permitted to do so?
Should companies "bow" to these demands?
I want to draw a parallel to another highly controversial case regarding
access to source code:
the [Apple v. FBI][2] case early last year.
For those who don't recall,
one of the concerns was the government trying to compel Apple to make
changes to iOS to permit brute forcing the San Bernardino attacker's
PIN;
this is a [violation of First Amendment rights][3] (compelled speech),
and this afforded Apple strong support from even communities that
otherwise oppose them on nearly all other issues.
The alternative was to have the FBI make changes to the software instead of
compelling Apple to do so,
which would require access to the source code of iOS.
Becuase of the hostility toward the FBI in this case,
even many in the [free software community][4] took the stance that the FBI
being able to modify the software would set terrible precedent.
But that's missing the point a bit.
Being able to modify software doesn't give you the right to install it on
others' devices;
the FBI would have had to compell Apple to release their signing keys
as well---_that_ is a dangerous precedent.
If the government compelled Apple to made changes themselves,
_that_ is dangerous precedent.
"Cyber secrets" in the above title refers to source code to software written
by companies like Cisco, IBM, SAP, and others;
secrets that can only exist in proprietary software that
[denies users the right to inspect, modify, and share][1] the software
that they are running.
For those who agree with the free software philosophy,
it's important to remove consideration of _who_ is trying to exercise their
[four freedoms][1].
In the case of the FBI,
from a free software perspective,
of course they should be able to modify the software---we
believe that _all_ software should be free!
(But that doesn't mean they should be able to install it on _someone
else's_ device.)
In the context of this article by Reuters:
Russia doesn't have to ask to examine software that is free/libre.
And if they did, it shouldn't be a concern;
restricting who can use and examine software is [a slippery slope][5].
Unfortunately, not all software is free/libre.
But if we extend the free software philsophy---there
should be no _ethical_ concerns with a foreign power wanting to inspect
proprietary source code.
But proprietary software might have something of concern to hide:
it might be something malicious like a backdoor,
or it might be something like a lack of security or poor development
practices;
[proprietary software exists only to keep secrets][6], after all.
If Russia has to ask to inspect source code for security software,
you probably do too.
And if that's the case,
the security being provided to you is merely a facade.
It's not Russia to be suspicious of for asking---it's
the companies that keep secrets to begin with.
[0]: http://www.reuters.com/article/us-usa-russia-tech-insight-idUSKBN19E0XB
[1]: https://www.gnu.org/philosophy/free-software-even-more-important.html
[2]: https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_dispute
[3]: https://www.eff.org/deeplinks/2016/03/deep-dive-why-forcing-apple-write-and-sign-code-violates-first-amendment
[4]: https://www.gnu.org/philosophy/free-sw.en.html
[5]: https://www.gnu.org/philosophy/programs-must-not-limit-freedom.html
[6]: https://www.gnu.org/proprietary/proprietary.html
GNU is more than just a collection of software; it is an operating system:
[https://www.gnu.org/gnu/thegnuproject.html]()
Many hackers and activists within the free software community don't
understand this well, and it's a shame to see attacks on GNU's relevance (as
measured by programs written by GNU on a given system) going
unchallenged. Software for GNU was written by the GNU Project when a
suitable free program was not available. It wouldn't have made sense to
write everything from scratch if free programs already solved the problem.
When we say GNU/Linux, we really are referring to the GNU operating system
that just happens to be using Linux. It could be using the FreeBSD kernel
([GNU/kFreeBSD][]). It could be using a Windows kernel with a Linux API
([GNU/kWindows][]). It could be using the [Hurd][] ([GNU/Hurd][]). The
disambiguation is important, but the end result is pretty much the same.
There are many systems that use Linux that are not GNU. Android is not GNU,
for example. We shouldn't attempt to call those systems "GNU/Linux"
blindly. (Also note how it's called "Android", not "Android/Linux", or just
"Linux". Somehow GNU is controversial, though.)
So if you see someone challenging GNU's relevance because GNU/Linux contains
so much software that isn't part of a GNU package, then please provide the
above link, and kindly explain to them that their observation is correct,
because GNU is an operating system, not a collection of programs.
[GNU/kFreeBSD]: https://en.wikipedia.org/wiki/Debian_GNU/kFreeBSD
[GNU/kWindows]: https://mikegerwitz.com/2016/04/GNU-kWindows
[Hurd]: https://www.gnu.org/software/hurd/
[GNU/Hurd]: https://www.debian.org/ports/hurd/
It's already covered by the freelancing section. This was long enough ago
and my portfolio is large enough that this is really unnecessary.
* doc/about/resume.html (Earth's Magic): Remove experience.
Mike Gerwitz