Mike Gerwitz

Free Software Hacker+Activist

Papers / Articles

GHCQ’s “Exceptional Access”, End-To-End Encryption, Decentralization, and Reproducible Builds

Late last November, Ian Levy and Crispin Robinson of the GHCQ (the British intelligence agency) published a proposal for intercepting end-to-end encrypted communications, entitled “Principles for a More Informed Exceptional Access Debate”. Since then, there have been a series of notable rebuttals to this proposal arguing why this system would fail in practice and why it should be rejected. Completely absent from these responses, however, is any mention of existing practices that would prohibit this attack outright—the combination of free/libre software, reproducible builds, and decentralized or distributed services.

Posted on 2019-02-18.

A Git Horror Story: Repository Integrity With Signed Commits

(Note: This article was written at the end of 2012 and is out of date. I will update it at some point, but until then, please keep that in perspective.)

It’s 2:00 AM. The house is quiet, the kid is in bed and your significant other has long since fallen asleep on the couch waiting for you, the light of the TV flashing out of the corner of your eye. Your mind and body are exhausted. Satisfied with your progress for the night, you commit the code you’ve been hacking for hours: "[master 2e4fd96] Fixed security vulnerability CVE-123". You push your changes to your host so that others can view and comment on your progress before tomorrow’s critical release, suspend your PC and struggle to wake your significant other to get him/her in bed. You turn off the lights, trip over a toy on your way to the bedroom and sigh as you realize you’re going to have to make a bottle for the child who just heard his/her favorite toy jingle.

Fast forward four sleep-deprived hours. You are woken to the sound of your phone vibrating incessantly. You smack it a few times, thinking it’s your alarm clock, then fumble half-blind as you try to to dig it out from under the bed after you knock it off the nightstand. (Oops, you just woke the kid up again.) You pick up the phone and are greeted by a frantic colleague. “I merged in our changes. We need to tag and get this fix out there.” Ah, damnit. You wake up your significant other, asking him/her to deal with the crying child (yeah, that went well) and stumble off to your PC, failing your first attempt to enter your password. You rub your eyes and pull the changes.

Still squinting, you glance at the flood of changes presented to you. Your child is screaming in the background, not amused by your partner’s feeble attempts to console him/her. git log --pretty=short…everything looks good—just a bunch of commits from you and your colleague that were merged in. You run the test suite—everything passes. Looks like you’re ready to go. git tag -s 1.2.3 -m 'Various bugfixes, including critical CVE-123' && git push --tags. After struggling to enter the password to your private key, slowly standing up from your chair as you type, you run off to help with the baby (damnit, where do they keep the source code for these things). Your CI system will handle the rest.

Fast forward two months.

CVE-123 has long been fixed and successfully deployed. However, you receive an angry call from your colleague. It seems that one of your most prominent users has had a massive security breach. After researching the problem, your colleague found that, according to the history, the breach exploited a back door that you created! What? You would never do such a thing. To make matters worse, 1.2.3 was signed off by you, using your GPG key—you affirmed that this tag was good and ready to go. “3-b-c-4-2-b, asshole”, scorns your colleague. “Thanks a lot.”

No—that doesn’t make sense. You quickly check the history. git log --patch 3bc42b. “Added missing docblocks for X, Y and Z.” You form a puzzled expression, raising your hands from the keyboard slightly before tapping the space bar a few times with few expectations. Sure enough, in with a few minor docblock changes, there was one very inconspicuous line change that added the back door to the authentication system. The commit message is fairly clear and does not raise any red flags—why would you check it? Furthermore, the author of the commit was indeed you!

Thoughts race through your mind. How could this have happened? That commit has your name, but you do not recall ever having made those changes. Furthermore, you would have never made that line change; it simply does not make sense. Did your colleague frame you by committing as you? Was your colleague’s system compromised? Was your host compromised? It couldn’t have been your local repository; that commit was clearly part of the merge and did not exist in your local repository until your pull on that morning two months ago.

Regardless of what happened, one thing is horrifically clear: right now, you are the one being blamed.

Posted on 2012-05-22.

Classical Object-Oriented Programming with ECMAScript

ECMAScript (more popularly known by the name “JavaScript”) is the language of the web. In the decades past, it has been used to augment web pages with trivial features and obnoxious gimmicks. Today, the language is used to write full-featured web applications that rival modern desktop software in nearly every regard and has even expanded to create desktop and server software. With increased usage, there is a desire to apply more familiar development paradigms while continuing to take advantage of the language’s incredibly flexible functional and prototypal models. Of all of the modern paradigms, one of the most influential and widely adopted is the Classical Object-Oriented paradigm, as represented in languages such as Java, C++, Python, Perl, PHP and others. ECMAScript, as an object-oriented language, contains many features familiar to Classical OO developers. However, certain features remain elusive. This paper will detail the development of a classical object-oriented framework for ECMAScript—ease.js—which aims to address these issues by augmenting ECMAScript’s prototype model to allow the creation of familiar class-like objects. This implementation enforces encapsulation and provides features that most Classical OO developers take for granted until the time that ECMAScript implements these features itself.

Published on 2012-05-06.

Discussion of Selected Exercises From Compilers: Principles, Techniques, and Tools

This paper contains the author’s answers and proofs for selected exercises from Section 4.2.8 of the “dragon book”—Compiler: Principles, Techniques and Tools (hereinafter “CPTT”). This book, while an excellent resource, can be challenging for self-study as it does not provide a means of verifying one’s answers outside of a classroom setting (unless the reader has confidence in his/her proofs). This paper is intended for two audiences: (a) those reading the book and looking for clarification and discussion on the exercises and (b) those who are curious on the topic of context-free grammars that do not possess the text. The selected exercises are those that the author felt would be most useful for discussion and, as such, are expected to be challenging to the reader. Less challenging portions of exercises may be discussed to segue into the more challenging portions.

Published on 2013-05-13.

National Uproar: A Comprehensive Overview of the NSA Leaks and Revelations

I am finding it difficult to keep up with the flood of reports in my little free time, while still finding the time to brush up on relevant history. My hope is to provide a summary of recent events and additional background—along with a plethora of references—that will allow the reader to perform further research and to formulate educated, personal opinions on the topics. If you do not care for my commentary, simply scroll to the list of references at the bottom of this article.

Many individuals and organizations have long warned of digital privacy issues, but there has been one agency in particular that has been the subject of much scrutiny—the National Security Agency (NSA), which is a United States government agency that has a long history of controversial spying tactics on its country’s own citizens. It is a chilling topic—one that can easily make any person sound like they’ve latched onto an Orwellian conspiracy.

Posted on 2013-06-10.

GNU/kWindows

There has been a lot of talk lately about a most unique combination: GNU—the fully free/libre operating system—and Microsoft Windows—the freedom-denying, user-controlling, surveillance system. There has also been a great deal of misinformation. I’d like to share my thoughts.

Posted on 2016-04-06.

Gitlab, Gitorious, and Free Software

This article originally appeared as a guest post on the GitLab blog.

In early March of this year, it was announced that GitLab would acquire Gitorious and shut down gitorious.org by 1 June, 2015. Reactions from the community were mixed, and understandably so: while GitLab itself is a formidable alternative to wholly proprietary services, its acquisition of Gitorious strikes a chord with the free software community that gathered around Gitorious in the name of software freedom.

Posted on 2015-05-20.

FreeBSD, Clang and GCC: Copyleft vs. Community

A useful perspective explaining why FreeBSD is moving away from GCC in favor of Clang; indeed, they are moving away from GPL-licensed software in general. While this is not a perspective that I personally agree with, it is one that I will respect for the project. It is worth understanding the opinions of those who disagree with you to better understand and formulate your own perspective.

But I am still a free software activist.

Posted on 2013-08-13.

Re: FSF Wastes Away Another “High Priority” Project

A couple days ago, my attention was drawn to an article on Phoronix that criticized the FSF for its decision to stick with GPLv3 over GPLv2 on LibreDWG due to the number of projects that make use of it—licensed under the GPLv2—under a now incompatible license. This article is very negative and essentially boils down to this point (the last paragraph):

Unless the Free Software Foundation becomes more accomodating [sic] of these open-source developers – who should all share a common goal of wanting to expand free/open-source software – LibreDWG is likely another project that will ultimately waste away and go without seeing any major adoption due to not working with the GPLv2.

It worth mentioning why this view is misguided (though understandable for those who adopt the “open source” philosophy over that of software freedom).

Posted on 2013-01-26.

VLC’s Move to LGPL

Jean-Baptiste Kempf of the VLC project explains that “most of the code of VLC” has been relicensed under the LGPL, moving away from the GPL. Some of the reasons for the move include “competition, necessity to have more professional developers around VLC and AppStores”.1 (With the “AppStore” comment, Jean-Baptiste is likely referring to issues regarding free software in Apple’s App Store, which the FSF has discussed on their website.)

This is unfortunate; using the LGPL in place of the GPL is not encouraged for free software projects because, while it ensures the freedom of the project itself, it does not encourage the development of free software that uses the project—the LGPL allows linking with proprietary software. Let’s explore the aforementioned reasons in a bit more detail.

Posted on 2012-11-17.

Re: Who Does Skype Let Spy?

Today, Bruce Schneier brought attention to privacy concerns surrounding Skype, a very popular (over 600 million users) VoIP service that has since been acquired by Microsoft. In particular, users are concerned over what entities may be able to gain access to their “private” conversations through the service—Microsoft has refused to answer those kinds of questions. While the specific example of Skype is indeed concerning, it raises a more general issue that I wish to discuss: The role of free software and SaaS (software as a service).

Posted on 2013-01-30.