I will be speaking again at this year’s LibrePlanet on March 20th, which will be online. This year, I’ll be talking about challenges with adopting free software ideals and the impact that it can have not only on individuals, but also on our community as a whole. This talk will be personal, drawing upon my evolution over the past fifteen or so years.
Posted on 2021-02-24. Read more »
To anyone who’s looked at the number of posts I’ve made in the past few years on this blog, it may surprise you to learn that I do a lot of writing. It’s just that the majority if it is never read by anyone other than myself. When I write—as I am now—I certainly intend for others to read it. But that’s not usually what happens.
Writing articles is a means to an end. But the end isn’t always the written word. Writing is a journey, and sometimes it leads far from where one may expect.
Posted on 2020-06-30. Read more »
Most of my posts here relate somehow to software freedom, user privacy, or some other issue driven by technology. As an activist for user freedom, my goal is usually to figure out ways in which to empower people using technology—to put them on equal footing with those that are in a position to exhert control. To make the vulnerable less vulnerable.
But all of that is a focused fight as part of broader goal for social freedom and equality. If we take a moment to look up from out focus on technology to see the bigger picture, we can see that our activism and advocacy follow a moral framework that necessitates certain responsibility during this outbreak of COVID-19 caused by the novel coronavirus.
Posted on 2020-03-15. Read more »
Late last November, Ian Levy and Crispin Robinson of the GHCQ (the British intelligence agency) published a proposal for intercepting end-to-end encrypted communications, entitled “Principles for a More Informed Exceptional Access Debate”. Since then, there have been a series of notable rebuttals to this proposal arguing why this system would fail in practice and why it should be rejected. Completely absent from these responses, however, is any mention of existing practices that would prohibit this attack outright—the combination of free/libre software, reproducible builds, and decentralized or distributed services.
Posted on 2019-02-18. Read more »
Please join me this year at LibrePlanet for my talk, titled “Computational Symbiosis: Methods that Meld Mind and Machine”.
Posted on 2019-02-15. Read more »
Tor is a privacy and anonymity tool that helps users to defend themselves against traffic analysis online. Some people, like me, use it as an important tool to help defend against various online threats to privacy. Others use it to avoid censorship, perhaps by the country in which they live. Others use it because their lives depend on it—they may live under an oppressive regime that forbids access to certain information or means of communication.
Unfortunately, some people also hide behind Tor to do bad things, like attack websites or commit fraud. Because of this, many website owners and network administrators see Tor as a security threat, and choose to block Tor users from accessing their website.
Posted on 2018-10-05. Read more »
It’s already time to start thinking about LibrePlanet 2019, which will be March 23–24 in the Greater Boston Area in MA:
This is the one event that I must make it to each year, and I encourage everyone to attend and see the faces of many that are at the heart of the free software community.
Posted on 2018-09-06. Read more »
It’s difficult to have useful conversations about mobile tracking when someone says “your phone / mobile device tracks you”; such statements don’t often lead to constructive conversation because they are too vague and therefore easily dismissed as sensationalism or paranoia. And they are all too often without substance because, while users do have legitimate concerns, they aren’t necessarily aware of the specific problems contributing to those concerns.
Posted on 2018-04-15. Read more »
The recently-released Meltdown and Spectre CPU timing attacks affect virtually every user in some way; the consequences are profound. There are plenty of good write-ups on the topic, so I don’t feel the need to re-iterate the technical details here. (See an easily digestible one from the Raspberry Pi project, and an in-depth analysis from Project Zero.)
What I do want to draw attention to is that these attacks are exploitable via web browsers.
Posted on 2018-01-08. Read more »
I got word today that I’ll be speaking again at this year’s LibrePlanet! I was going to attend even if I were not speaking, but I’m very excited to be able to continue to build off of last year’s talk and further my activism on these topics.
The title of this year’s talk is The Ethics Void. Here’s a rough abstract:
Posted on 2018-01-05. Read more »
There was an interesting discussion on libreplanet-discuss recently regarding web interfaces. Below is a rather informal off-the-cuff statement regarding the use of Web interfaces (specificlaly Discourse) over my own tools.
Posted on 2017-06-27. Read more »
Reuters released an article entitled “Under pressure, Western tech firms bow to Russian demands to share cyber secrets”. Should Russia be permitted to do so? Should companies “bow” to these demands?
I want to draw a parallel to another highly controversial case regarding access to source code: the Apple v. FBI case early last year. For those who don’t recall, one of the concerns was the government trying to compel Apple to make changes to iOS to permit brute forcing the San Bernardino attacker’s PIN; this is a violation of First Amendment rights (compelled speech), and this afforded Apple strong support from even communities that otherwise oppose them on nearly all other issues. The alternative was to have the FBI make changes to the software instead of compelling Apple to do so, which would require access to the source code of iOS.
Posted on 2017-06-24. Read more »
GNU is more than just a collection of software; it is an operating system:
https://www.gnu.org/gnu/thegnuproject.html
Many hackers and activists within the free software community don’t understand this well, and it’s a shame to see attacks on GNU’s relevance (as measured by programs written by GNU on a given system) going unchallenged. Software for GNU was written by the GNU Project when a suitable free program was not available. It wouldn’t have made sense to write everything from scratch if free programs already solved the problem.
Posted on 2017-06-03. Read more »
This is an autobiographical opinion piece prompted by a HackerNews post discussing what it was like to learn programming before Stack Overflow (and other parts of the Internet).
Posted on 2017-05-16. Read more »
Citizen Lab released a report describing the attempted use of iOS 0-days on human rights activist Ahmed Mansoor by the United Arab Emirates. They named this chain of exploits Trident, and with the help of Lookout Security, were able to analyze them.
It begins with arbitrary code execution (CVE-2016-4655) by exploiting a memory corruption vulnerability in WebKit, which downloads a payload unknown to the user. That payload is able to bypass KASLR and determine the kernel memory location (CVE-2016-4656), then allowing it to exploit a memory corruption vulnerability in the kernel itself (CVE-2016-4657); this “jailbreaks” the device and is a complete compromise of the system.
Posted on 2016-08-25. Read more »
The past few days of the DNC have demanded pause. I am an Independent. I do not like Hillary Clinton. I am a Bernie supporter, and I was upset by his endorsement of Hillary. I had vowed not to vote for Hillary; I would instead vote for Jill Stein. The DNC, while very well done with a deeply compelling facade, has not changed my perspective on Clinton.
It is perhaps said best by Bernie himself: “It’s easy to boo, but it’s harder to look your kids in the face who would be living under a Donald Trump presidency”. The conflict here is between my deep ideologies and reality. It’s often said that a vote for Hillary is a vote against Trump; such a perspective would shallow and purposeless. But this isn’t an election for president—this is the most threatening assault on everything I stand for that I hope I will ever witness in my lifetime. To stand for ideological purity would be to stand atop a mountain while the world around me burns. This is why Bernie chose to unite.
Should Trump win, my ideals that seem within reach could be blown back decades. As a matter of strategy, I cannot justify not swallowing every ounce of my pride. Hillary’s presidency is an unfortunate but necessary consequence of the only permissible outcome. I am not electing a president of the United States. I am electing a United States.
Posted on 2016-07-29. Read more »
There is little common sense to be had with the Computer Fraud and Abuse Act (CFAA) to begin with. To add to the confusion, the Ninth Circuit Court of Appeals last week held 2-1 in United States v. Nosal that accessing a service using someone else’s password—even if that person gave you permission to do so—violates the CFAA, stating that only the owner of a computer can give such authorization. This is absurd even with complete lack of understanding of what the law is: should your spouse be held criminally liable for paying your bills online using your account?
Common sense says no.
Posted on 2016-07-16. Read more »
Today is the 10th annual International Day Against DRM—a day where activists from around the world organize events in protest against Digital Restrictions Management.
Posted on 2016-05-03. Read more »
There has been a lot of talk lately about a most unique combination: GNU—the fully free/libre operating system—and Microsoft Windows—the freedom-denying, user-controlling, surveillance system. There has also been a great deal of misinformation. I’d like to share my thoughts.
Posted on 2016-04-06. Read more »
Anything coming out of Facebook should be cause for concern. So, naturally, one might be concerned when they decide to get into the virtual reality (VR) scene by purchasing the startup Occulus VR, makers of the Occulus Rift VR headset. One can only imagine all the fun ways Facebook will be able to track, manipulate, spy on, and otherwise screw over users while they are immersed in a virtual reality.
Sure enough, we have our first peak: the software that Facebook has you install for the Occulus Rift is spyware, reporting on what unrelated software you use on your system, your location (including GPS data and nearby Wifi networks), the type of device you’re using, unique device identifiers, your movements while using the VR headset, and more.
Posted on 2016-04-03. Read more »
It is suspected that Reddit has been served with an NSL. National Security Letters (NSLs) are subpoena served by the United States federal government and often come with a gag order that prevents the recipient from even stating that they received the letter.
Posted on 2016-04-02. Read more »
I will be speaking at LibrePlanet this year (2016) about freedom on the Web. Here’s the session description:
Imagine a world where surveillance is the default and users must opt-in to privacy. Imagine that your every action is logged and analyzed to learn how you behave, what your interests are, and what you might do next. Imagine that, even on your fully free operating system, proprietary software is automatically downloaded and run not only without your consent, but often without your knowledge. In this world, even free software cannot be easily modified, shared, or replaced. In many cases, you might not even be in control of your own computing – your actions and your data might be in control by a remote entity, and only they decide what you are and are not allowed to do.
This may sound dystopian, but this is the world you’re living in right now. The Web today is an increasingly hostile, freedom-denying place that propagates to nearly every aspect of the average users’ lives – from their PCs to their phones, to their TVs and beyond. But before we can stand up and demand back our freedoms, we must understand what we’re being robbed of, how it’s being done, and what can (or can’t) be done to stop it.
Posted on 2016-02-28. Read more »
This was originally written as a guest post for GitLab in November of 2015, but they decided not to publish it.
Back in May of of 2015, I announced GitLab’s liberation of their Enterprise Edition JavaScript and made some comments about GitLab’s course and approach to software freedom. In liberating GitLab EE’s JavaScript, all code served to the browser by GitLab.com’s GitLab instance was Free (as in freedom), except for one major offender: Google Analytics.
Since Google Analytics was not necessary for the site to function, users could simply block the script and continue to use GitLab.com ethically. However, encouraging users to visit a project on GitLab.com while knowing that it loads Google Analytics is a problem both for users’ freedoms, and for their privacy.
Posted on 2016-01-24. Read more »
When I started writing this blog, my intent was to post notices more frequently and treat it more like a microblogging platform; but that’s not how it ended up. Instead, I use this site to write more detailed posts with solid references to back up my statements.
GNU Social is a federated social network—you can host your own instances and they all communicate with one-another. You can find mine at the top of this page under “Notices”, or at https://social.mikegerwitz.com/. I will be using this site to post much more frequent miscellaneous notices.
Posted on 2015-12-09. Read more »
It seems that Comcast has decided that it is a good idea to inject JavaScript into web pages visited by its customers in order to inform them of Copyright violations.
This is a huge violation of user privacy and trust. Further, it shows that an ISP (and probably others) feel that they have the authority to dictate what is served to the user on a free (as in speech) Internet. Why should we believe that they won’t start injecting other types of scripts that spy on the user or introduce advertising? What if a malicious actor compromises Comcast’s servers and serves exploits to users?
It is no surprise that Comcast is capable of doing this—they know the IP address of the customer, so they are able to intercept traffic and alter it in transit. But the fact that they can do this demonstrates something far more important: that they have spent the money on the infrastructure to do so!
Posted on 2015-11-20. Read more »
This article originally appeared as a guest post on the GitLab blog.
In early March of this year, it was announced that GitLab would acquire Gitorious and shut down gitorious.org by 1 June, 2015. Reactions from the community were mixed, and understandably so: while GitLab itself is a formidable alternative to wholly proprietary services, its acquisition of Gitorious strikes a chord with the free software community that gathered around Gitorious in the name of software freedom.
Posted on 2015-05-20. Read more »
There are many great presentations out there—many that I enjoy reading, or that I would enjoy to read. Unfortunately, many of them are hosted on SlideShare, which requires me to download proprietary JavaScript.
JavaScript programs require the same freedoms as any other software. While SlideShare does (sometimes/always?) provide a transcript in plain text—which is viewable without JavaScript—this is void of the important and sometimes semantic formatting/images that presenters put much time into; you know: the actual presentation bits. (I’m a fan of plain-text presentations, but they each have their own design elements).
There are ways around this. SlideShare’s interactive UI appears to simply be an image viewer, so it is possible to display all sides using a fairly simple hack:
Posted on 2014-11-30. Read more »
Two days ago, the Free Software Foundation published an announcement strongly condemning Mozilla’s partnership with Adobe to implement the controversial W3C Encrypted Media Extensions (EME) API. EME has been strongly criticized by a number of organizations, including the EFF and the FSF’s DefectiveByDesign campaign team (“Hollyweb”).
Digital Restrictions Management imposes artificial restrictions on users, telling them what they can and cannot do; it is a system that does not make sense and is harmful to society. Now, just about a week after the International Day Against DRM, Mozilla decides to cave into the pressure in an attempt to stay relevant to modern web users, instead of sticking to their core philosophy about “openness, innovation, and opportunity”.
John Sullivan requested in the [FSF’s announcement] that the community contact Mozilla CTO Andreas Gal in opposition of the decision. This is my message to him:
Posted on 2014-05-16. Read more »
I recently received a comment via e-mail from a fellow GNU hacker Antonio Diaz, who is the author and maintainer of GNU Ocrad, a free (as in freedom) optical character recognition (OCR) program. His comment was in response to my article entitled FreeBSD, Clang and GCC: Copyleft vs. Community, which details the fundamental difference in philosophy between free software and “open source”.
I found Antonio’s perspective to be enlightening, so I asked for his permission to share it here.
Posted on 2014-03-20. Read more »
OpenSignal—a company responsible for mapping wireless signal strength by gathering data using mobile device software—noticed an interest correlation between battery temperature on devices and air temperature.
Aggregating daily battery temperature readings to city level revealed a strong correlation with historic outdoor air temperature. With a mathematical transformation, the average battery temperature across a group of phones gives the outdoor air temperature.
Posted on 2013-08-13. Read more »
A useful perspective explaining why FreeBSD is moving away from GCC in favor of Clang; indeed, they are moving away from GPL-licensed software in general. While this is not a perspective that I personally agree with, it is one that I will respect for the project. It is worth understanding the opinions of those who disagree with you to better understand and formulate your own perspective.
But I am still a free software activist.
Posted on 2013-08-13. Read more »
It is very disturbing that Microsoft decided that it would be a good idea to display targeted ads on local searches—that is, if you search for a file on your PC named “finances”, you may get ads for finance software, taxes, etc. If you search for “porn”, well, you get the idea.
Bing Ads will be an integral part of this new Windows 8.1 Smart Search experience. Now, with a single campaign setup, advertisers can connect with consumers across Bing, Yahoo! and the new Windows Search with highly relevant ads for their search queries. In addition, Bing Ads will include Web previews of websites and the latest features like site links, location and call extensions, making it easier for consumers to complete tasks and for advertisers to drive qualified leads.[1]
Posted on 2013-08-12. Read more »
An article about the scope of Facebook’s data collection speaks for itself; this really does not come as a surprise, but is nonetheless unsettling.
Posted on 2013-08-12. Read more »
We’re not talking about kids hiding out in trashcans talking on walkie-talkies and giggling to each other.
Ars has reported on London trashcans rigged to collect the MAC addresses of mobile devices that pass by. Since we do not often see mobile devices carrying themselves around, we may as well rephrase this as “collect the MAC addresses of people that pass by”:
During a one-week period in June, just 12 cans, or about 10 percent of the company’s fleet, tracked more than 4 million devices and allowed company marketers to map the “footfall” of their owners within a 4-minute walking distance to various stores.
Posted on 2013-08-11. Read more »
See Also: National Uproar: A Comprehensive Overview of the NSA Leaks and Revelations; I have not yet had the time to devote to writing a thorough follow-up of recent events and will likely wait until further information and leaks are presented.
Edward Snowden—the whistleblower responsible for exposing various NSA dragnet spying programs, among other documents—has been stuck in the Moscow airport for quite some time while trying to figure out how he will travel to countries offering him asylum, which may involve traveling through territories that may cooperate with the United States’ extradition requests.
Posted on 2013-07-12. Read more »
All “thoughts”—that is, my blog-like entries that are generated by the repository commit messages—and site text are hereby retroactively relicensed under the Creative Commons Attribution-ShareAlike 3.0 Unported License. This license shall not supersede any license that is explicitly put forth within a work; see the COPYING file within the thoughts repository—available on the “Projects” page—for more information.
Posted on 2013-06-16. Read more »
I am finding it difficult to keep up with the flood of reports in my little free time, while still finding the time to brush up on relevant history. My hope is to provide a summary of recent events and additional background—along with a plethora of references—that will allow the reader to perform further research and to formulate educated, personal opinions on the topics. If you do not care for my commentary, simply scroll to the list of references at the bottom of this article.
Many individuals and organizations have long warned of digital privacy issues, but there has been one agency in particular that has been the subject of much scrutiny—the National Security Agency (NSA), which is a United States government agency that has a long history of controversial spying tactics on its country’s own citizens. It is a chilling topic—one that can easily make any person sound like they’ve latched onto an Orwellian conspiracy.
Posted on 2013-06-10. Read more »
The old WordPress website has been replaced entirely by the “thoughts” site (which was previously located at /thoughts). This website is generated from its git repository—available on the Projects page—which is freely licensed. There is some content that existed on the old site that is still useful; should that content be transferred to this site, a redirect will be set up (assuming that it hadn’t already been lost to the search engines).
Since all this content is static, there is no discussion system. I am still debating whether or not I will add this in the future. Until that time, feel free to contact me via e-mail.
Posted on 2013-06-06. Read more »
Two days ago—on the 18th–the U.S. House of Representatives decided to pass CISPA 288-127.
The legislation passed 288-127, despite a veto threat from Pres. Barack Obama, who expressed serious concerns about the danger CISPA poses to civil liberties.
Posted on 2013-04-20. Read more »
As I had mentioned late last week, RMS had mentioned that Defective By Design (DBD) would be campaigning against the introduction of DRM into the W3C HTML5 standards. (Please see my previous mention of this topic for a detailed explanation of the problem and a slew of references for additional information.) Well, this campaign is now live and looking for signatures—50,000 by May 3rd, which is the International Day Against DRM:
Hollywood is at it again. Its latest ploy to take over the Web? Use its influence at the World Wide Web Consortium (W3C) to weave Digital Restrictions Management (DRM) into HTML5 – in other words, into the very fabric of the Web.
[…]
Help us reach 50,000 signers by May 3rd, 2013, the International Day Against DRM. We will deliver the signatures to the W3C (they are right down the street from us!) and [make your voice heard[1.
Posted on 2013-03-23. Read more »
Each year, the Free Software Foundation presents awards to individuals who have made a strong contribution to free software:
The Award for the Advancement of Free Software is given annually to an individual who has made a great contribution to the progress and development of free software, through activities that accord with the spirit of free software.
Posted on 2013-03-23. Read more »
Two acronyms that, until very recently, would seem entirely incompatible—HTML, which is associated with an unencumbered, free (as in freedom) representation of a document, and DRM, which exists for the sole purpose of restricting freedom.1 Unfortunately, Tim Berners-Lee—the man attributed to “inventing” the Internet—mentioned in a keynote talk at SXSW that he is not opposed to introducing DRM into the HTML5 standard:
[Tim Berners-Lee] did not, however, present himself as an opponent of digital locks. During a post-talk Q&A, he defended proposals to add support for “digital rights management” usage restrictions to HTML5 as necessary to get more content on the open Web: “If we don’t put the hooks for the use of DRM in, people will just go back to using Flash,” he claimed.
Posted on 2013-03-15. Read more »
This news is huge and an incredible win for both the EFF and all U.S. citizens. Today, United States District Judge Susan Illston found the National Security Letters’ gag provisions unconstitutional and—since the review procedures violate the separation of powers and cannot be separated from the rest of the statute—has consequently ruled the NSLs themselves to be unconstitutional:
In today’s ruling, the court held that the gag order provisions of the statute violate the First Amendment and that the review procedures violate separation of powers. Because those provisions were not separable from the rest of the statute, the court declared the entire statute unconstitutional
Posted on 2013-03-15. Read more »
Earlier this week, the starter of the White House petition to “Make Unlocking Cell Phones Legal” posted a thread on Hacker News stating that the White House had officially responded, stating:
The White House agrees with the 114,000+ of you who believe that consumers should be able to unlock their cell phones without risking criminal or other penalties. In fact, we believe the same principle should also apply to tablets, which are increasingly similar to smart phones. And if you have paid for your mobile device, and aren’t bound by a service agreement or other obligation, you should be able to use it on another network. It’s common sense, crucial for protecting consumer choice, and important for ensuring we continue to have the vibrant, competitive wireless market that delivers innovative products and solid service to meet consumers’ needs.
Posted on 2013-03-09. Read more »
Oxford University decided to block Google Docs last month due to phishing attacks against its users. To quote the blog post:
Almost all the recent attacks have used Google Docs URLs, and in some cases the phishing emails have been sent from an already-compromised University account to large numbers of other Oxford users. Seeing multiple such incidents the other afternoon tipped things over the edge. We considered these to be exceptional circumstances and felt that the impact on legitimate University business by temporarily suspending access to Google Docs was outweighed by the risks to University business by not taking such action.
Posted on 2013-03-09. Read more »
An amusing demonstration; it is my hope that readers will not take this PHP library seriously. This is likely a parody of the over-engineering that often takes foot in Object-Oriented development (a game of “how many GoF1 design patterns can we use in this project” anyone?).
Posted on 2013-03-09. Read more »
A Wired article mentions figures released from Google regarding National Security Letters issued by the NSA under the Patriot Act. It is too early to comment in much detail on this matter (I would like to wait for commentary from the EFF), but, as the article mentions:
Google said the number of accounts connected to National Security letters ranged between “1000-1999″ for each of the reported years other than 2010. In that year, the range was “2000-2999.”
Posted on 2013-03-06. Read more »
Congratulations to the winners of the Liberated Pixel Cup.
Posted on 2013-03-01. Read more »
An interesting article by Dennis Ritchie discussing early C compilers recovered from old DECtapes. The source code and history are fascinating reads. The quality of the code (the “kludgery”[1], as he puts it) to me just brings smiles—I appreciate seeing the code in its original glory.
It is also saddening reading the words of such a great man who is no longer with us; perhaps it helps to better appreciate his legacy.
[1]: http://www.catb.org/ esr/jargon/html/K/kludge.html
Posted on 2013-03-01. Read more »
The EFF has put together an excellent FAQ on CISPA, the “cybersecurity” bill that was reintroduced to congress earlier this month.
Posted on 2013-02-26. Read more »
Today, Bruce Schneier brought attention to privacy concerns surrounding Skype, a very popular (over 600 million users) VoIP service that has since been acquired by Microsoft. In particular, users are concerned over what entities may be able to gain access to their “private” conversations through the service—Microsoft has refused to answer those kinds of questions. While the specific example of Skype is indeed concerning, it raises a more general issue that I wish to discuss: The role of free software and SaaS (software as a service).
Posted on 2013-01-30. Read more »
Ridiculous. We should own the hardware that we purchase.
Posted on 2013-01-30. Read more »
A couple days ago, my attention was drawn to an article on Phoronix that criticized the FSF for its decision to stick with GPLv3 over GPLv2 on LibreDWG due to the number of projects that make use of it—licensed under the GPLv2—under a now incompatible license. This article is very negative and essentially boils down to this point (the last paragraph):
Unless the Free Software Foundation becomes more accomodating [sic] of these open-source developers – who should all share a common goal of wanting to expand free/open-source software – LibreDWG is likely another project that will ultimately waste away and go without seeing any major adoption due to not working with the GPLv2.
It worth mentioning why this view is misguided (though understandable for those who adopt the “open source” philosophy over that of software freedom).
Posted on 2013-01-26. Read more »
On January 8th, LuLu announced that they would be dropping DRM for users who “[download] eBooks directly from Lulu.com to the device of their choice”. This is a wise move (for those of us who oppose DRM), but unfortunately, as John Sullivan of the Free Software Foundation noted on the fsf-community-team mailing list, the comments on LuLu’s website are not all positive:
This is a positive development, but unfortunately there has been a lot of negative reaction in the comments on their announcement.
It’d be great if people could chime in and support them their move away from DRM.
Posted on 2013-01-14. Read more »
The USPTO wants to hear from the software community. Interesting, but the problem is that the “software community” includes more than just those who find software patents to be an abomination.
I have mentioned issues with software patents in a previous post, but one resource that may be worth looking at direclty is “The Case Against Patents” [pdf].
Posted on 2013-01-07. Read more »
Consider a recent article from the EFF regarding “Rapid DNA Analyzers”. The article poses the potetial issues involved, but also consider that any DNA collected (if not destroyed) would violate not just your privacy, but your entire blood line. What if DNA from immigrants were collected? Much of that information is inherited, so generations down the line, your privacy is still violated.
Posted on 2013-01-07. Read more »
The greatest excitement in moving into a new year is the prospect of quantified growth.
Of course, it also means another year to look forward to the health of those you care for.
Posted on 2013-01-01. Read more »
At a vote of 73-23, Congress has voted to [extend FISA warentless spying bill by five more years1, even shooting down proposed amendments to the bill.3
Posted on 2012-12-28. Read more »
An e-mail today from Paolo Bonzini, a maintainer of GNU sed, has prompted additional discussion regarding copyright assignment to corporate entities; in particular, the discussion focuses on copyright assignment to the FSF under the GNU project.
Posted on 2012-12-22. Read more »
The Senate Judiciary Committee passed an amendment that requires that they receive a warrant before spying on our e-mails.
This is excellent; let us hope that it becomes law.
Posted on 2012-12-06. Read more »
These things mustn’t be allowed to happen; they are an affront to privacy. Tor exit node operators should not have to fear conviction for activities they themselves did not perform.
Posted on 2012-12-01. Read more »
I’m not usually one for scandals (in fact, I couldn’t care less who government employees are sleeping with). However, it did bring up deep privacy concerns—how exactly did the government get a hold of the e-mails?
The EFF had released an article answering some questions about the scandal, which is worth a read. In particular, you should take a look at the EFF’s Surveillance Self-Defense website for an in-depth summary of the laws surrounding government surveillance and tips on how to protect against it.
I’d like to touch upon a couple things. In particular, the article mentions:
Posted on 2012-11-19. Read more »
Amazingly, the Republican Study Committee (RSC) had released a report suggesting copyright reform. Of course, that’s a silly thing to do when you’re in bed with organizations like the MPAA and RIAA; the report was quickly retracted.
It would have been a surprising step forward; maybe there’s hope yet, assuming the GOP can get a handle on itself.
(Disclaimer: I have no party affiliation.)
Posted on 2012-11-19. Read more »
Jean-Baptiste Kempf of the VLC project explains that “most of the code of VLC” has been relicensed under the LGPL, moving away from the GPL. Some of the reasons for the move include “competition, necessity to have more professional developers around VLC and AppStores”.1 (With the “AppStore” comment, Jean-Baptiste is likely referring to issues regarding free software in Apple’s App Store, which the FSF has discussed on their website.)
This is unfortunate; using the LGPL in place of the GPL is not encouraged for free software projects because, while it ensures the freedom of the project itself, it does not encourage the development of free software that uses the project—the LGPL allows linking with proprietary software. Let’s explore the aforementioned reasons in a bit more detail.
Posted on 2012-11-17. Read more »
The EFF warns of the “Copyright Alert System”—a government endorsed spy system—that will launched shortly to monitor peer-to-peer networks for so-called “infringing” activity.
Posted on 2012-11-17. Read more »
A story mentions how Ethiopian kids quickly learned to read and use tablet PCs provided by the One Laptop Per Child project. This is not only a noble feat (as we would expect from OLPC), but also an impressive one, considering that (as the article mentions) the children did not know how to read, even in their own language.
Posted on 2012-11-14. Read more »
A Reddit user posted video of a 2012 voting machine preventing him from selecting Barak Obama. Malfunction or not, this is the type of thing that could have possibly been caught if the software were free. Furthermore, from reading the source code, one would be able to clearly tell whether or not it was a bug or an intentional “feature”.
Posted on 2012-11-06. Read more »
Congratulations to MediaGoblin for not only meeting the $10k matching grant from a generous anonymous donor, but also for raising $36k to date.
MediaGoblin is a “free software media publishing platform that anyone can run”; it is a distributed, free (as in freedom) alternative to services such as YouTube, Flickr and others, and is part of the GNU project.
Posted on 2012-11-05. Read more »
The EFF points out problems with California’s Proposition 35, which would, among other things, require registered sex offenders to “disclose Internet activities and identities”:
Posted on 2012-11-05. Read more »
A police officer recalls a time he went through airport security and received a patdown from one of the security agents, which he found to be absolutely useless.
Posted on 2012-11-05. Read more »
In addition to my aforementioned links, the EFF has provided a more detailed analysis of the decision.
Posted on 2012-11-03. Read more »
The government of Bahrain found that the best solution to preventing violent protests was to ban all public rallying and demonstrations.
Posted on 2012-11-03. Read more »
The EFF cautions that Ubuntu 12.10 leaks user information to Amazon by default rather than requiring the user to opt into the system.
Of course, I cannot recommend that you use Ubuntu, as it encourages the installation of non-free device drivers, readily enables non-free software repositories and contains non-free components in its kernel.1 Instead, consider a fully free GNU/Linux distribution like Trisquel.
Posted on 2012-10-30. Read more »
There’s two problems with this post from the EFF describing The Village Voice suing Yelp for “Best of” trademark infringement: firstly, there’s the obvious observation that such a trademark should not have been permitted by the USPTO to begin with. Secondly—why do entities insist on gaming the system in such a terribly unethical manner? It takes a special breed of people to do such a thing.
Posted on 2012-10-30. Read more »
The EFF announces the launch of openwireless.org, which encourages users to share their network connections to create a global network of freely available wireless internet access.
This is a noble movement. This reminds me of a point in history when MIT began password protecting their accounts, which were previously open to anyone. Stallman, disagreeing with such a practice, encouraged users to create empty passwords. Stallman would even give out his account information so that remote users may log into MIT’s systems, all with good intent.
Posted on 2012-10-30. Read more »
While the EFF is pleased to announce that the Copyright Office has renewed DMCA exceptions upholding jailbreaking rights for cellphones, the FSF cautions that this right has not been extended to tablets, game consoles or even PCs with restricted boot.
Posted on 2012-10-30. Read more »
My issue with patents exceeds the obvious case against software patents; indeed, I have long pondered the problems with patents in other fields. When I hear the phrase “patent pending” or “patented technology” touted in ads, I have never thought positive thoughts; instead, I have thought “you are damning this otherwise excellent work to stagnation”. What if someone has an excellent idea to improve upon that particular product? Well, they’d better be prepared to jump through some hoops or shell out some hefty licensing fees. Or maybe it’s just easier to abandon the idea entirely and forget that it had never happened.
Posted on 2012-10-30. Read more »
The FSF decided to crash the Windows 8 launch even in New York City, complete with Trisquel DVDs, FSF stickers and information about their pledge to upgrade to GNU/Linux instead of Windows 8.
I find this to be a fun, excellent alternative to blatant protesting that is likely to be better received by those who would otherwise be turned off to negativity. At the very least, the walking gnu would surely turn heads and demand curiosity.
Posted on 2012-10-27. Read more »
How would you feel if law enforcement showed up in your living room, demanded your cell phone, and started writing down your call history and text messages? How would you feel if you didn’t even know that they were in your home to begin with, let alone stealing private data? This is precisely what is happening when law enforcement uses “Stingrays” to locate individuals, collecting data of every other individual within range of the device in the process. Even if you are the subject of surveillance, this is still an astonishing violation of privacy. (Of course, law enforcement could always demand such records from your service provider, but such an act at the very least has a paper trail.)
Posted on 2012-10-24. Read more »
The EFF has released an article with a plethora of links describing warrantless wiretapping under the Obama administration, spurred by Obama’s response to Jon Stewart’s questioning on The Daily Show last Thursday. (Readers should also be aware of the NSA spy center discussed earlier in the year, as is mentioned in the EFF article.)
Posted on 2012-10-24. Read more »
A New York court ruled that “digitizing” books for researched and disabled individuals is lawful.[0]
Posted on 2012-10-19. Read more »
A step in the right direction.
It should also be noted that New York State had also legalized same sex marriage back in July of 2011—a move I was particularily proud of as a resident of NY state.
Posted on 2012-10-18. Read more »
My previous post mentioned the dangers of running non-free software on implanted medical devices. While reading over RMS’ policital notes0, I came across an article mentioning how viruses are rampant on medical equipment.
“It’s not unusual for those devices, for reasons we don’t fully understand, to become compromised to the point where they can’t record and track the data,” Olson said during the meeting, referring to high-risk pregnancy monitors.
The devices often run old, unpatches versions of Microsoft’s Windoze operating system. The article also mentions how the maleware often attempts to include its host as part of a botnet.
Posted on 2012-10-18. Read more »
This article demonstrates why medical devices must contain free software: crackers are able to, with this particular type of pacemaker, exploit the device to trigger a fatal electric shock to its host from as far as 30 feet away (the article also mentions rewriting the firmware, which could of course be used to schedule a deadly shock at a predetermined time). These issues would not exist with free software, as the user and the community would be able to study the source code and fix any defects (or hire someone who can) before placing it in their bodies.
Posted on 2012-10-17. Read more »
A very disturbing article makes mention of a Verizon TOS update for its Internet service customers:
Section 10.4 was updated to clarify that Verizon may in limited instances modify administrative passwords for home routers in order to safeguard Internet security and our network, the security and privacy of subscriber information, to comply with the law, and/or to provide, upgrade and maintain service.
Posted on 2012-10-16. Read more »
Bruce Schneier summarizes in a blog post a disturbing topic regarding a New York City locksmith selling “master keys” on eBay, providing access to various services such as elevators and subway entrances.
A discussion about this blog post on Hacker News yielded some interesting conversation, including an even more disturbing article describing how simple it may be to create master keys for a set of locks given only the lock, its key and a number of attempts.
Posted on 2012-10-16. Read more »
An interesting opinion piece on free speech in the western world.
Posted on 2012-10-16. Read more »
An enlightening discussion on branch prediction.0
Posted on 2012-10-16. Read more »
Whatever “S” may be (in this case, “13 Oct 2012”), there is always a sense of peace and gratification that comes with witnessing that line appear in any type of log; it shows a dedication to an art, should your days contain daylight.
Posted on 2012-10-13. Read more »
An article describes how a school district in Texas is attempting to force its students to wear RFID tags at all times in order to track their location to “stem the rampant truancy devastating the school’s funding”.
What?
Posted on 2012-10-10. Read more »
I saw this post appear on HackerNews, talking about how building a game for iOS is “fun” and “cool”. The poster lures the reader in with talk of making money and talks of a “unique sense of fulfillment” that comes with development of these games, and then goes on to invite kids to learn how to develop games for the iPhone (and presumably other iOS devices).
This is a terrible idea.
Posted on 2012-10-09. Read more »
Many people use SSH keys for the sole purpose of avoiding password entry when logging into remote boxes. That is legtimate, especially if you frequently run remote commands or wish to take advantage of remote tab complation, but creating a key with an empty password is certainly the wrong approach—if an attacker gets a hold of the key, then they have access to all of your boxes before you have the chance to notice and revoke the key.
Posted on 2012-10-09. Read more »
There have been a lot of elections going on lately—local, state and national. The majority of those ads are attack ads: immature and disrespectful; if you want my vote, give me something positive to vote for instead of spending all of your time and money attacking your candidate. If my vote is to go to the “least horrible” candidate, then there is no point in voting at all.
Posted on 2012-10-09. Read more »
The use of trademarks in free software has always been a curious and unclear concept to me, primarily due to my ignorance on the topic.
Trademarks, unless abused, are intended to protect consumers’ interests—are they getting the brand that they think they’re getting? If you download Firefox, are you getting Firefox, or a derivative?
Posted on 2012-10-06. Read more »
I don’t. This is just some place safe to store random thoughts that people probably don’t care about (like most comments on most social networking services), with the added benefit of distributed backup, a simple system and no character limit.
Posted on 2012-10-05. Read more »
This has been normal since becoming a father. I can’t complain—I love being a father. Of course, I also love hacking. I also love sleep. Knowing that my son is going to wake me up a 6:00 in the morning has a slight influence in a situation like this.
Posted on 2012-10-05. Read more »
(Note: This article was written at the end of 2012 and is out of date. I will update it at some point, but until then, please keep that in perspective.)
It’s 2:00 AM. The house is quiet, the kid is in bed and your significant other has long since fallen asleep on the couch waiting for you, the light of the TV flashing out of the corner of your eye. Your mind and body are exhausted. Satisfied with your progress for the night, you commit the code you’ve been hacking for hours: "[master 2e4fd96] Fixed security vulnerability CVE-123". You push your changes to your host so that others can view and comment on your progress before tomorrow’s critical release, suspend your PC and struggle to wake your significant other to get him/her in bed. You turn off the lights, trip over a toy on your way to the bedroom and sigh as you realize you’re going to have to make a bottle for the child who just heard his/her favorite toy jingle.
Fast forward four sleep-deprived hours. You are woken to the sound of your phone vibrating incessantly. You smack it a few times, thinking it’s your alarm clock, then fumble half-blind as you try to to dig it out from under the bed after you knock it off the nightstand. (Oops, you just woke the kid up again.) You pick up the phone and are greeted by a frantic colleague. “I merged in our changes. We need to tag and get this fix out there.” Ah, damnit. You wake up your significant other, asking him/her to deal with the crying child (yeah, that went well) and stumble off to your PC, failing your first attempt to enter your password. You rub your eyes and pull the changes.
Still squinting, you glance at the flood of changes presented to you. Your child is screaming in the background, not amused by your partner’s feeble attempts to console him/her. git log --pretty=short…everything looks good—just a bunch of commits from you and your colleague that were merged in. You run the test suite—everything passes. Looks like you’re ready to go. git tag -s 1.2.3 -m 'Various bugfixes, including critical CVE-123' && git push --tags. After struggling to enter the password to your private key, slowly standing up from your chair as you type, you run off to help with the baby (damnit, where do they keep the source code for these things). Your CI system will handle the rest.
Fast forward two months.
CVE-123 has long been fixed and successfully deployed. However, you receive an angry call from your colleague. It seems that one of your most prominent users has had a massive security breach. After researching the problem, your colleague found that, according to the history, the breach exploited a back door that you created! What? You would never do such a thing. To make matters worse, 1.2.3 was signed off by you, using your GPG key—you affirmed that this tag was good and ready to go. “3-b-c-4-2-b, asshole”, scorns your colleague. “Thanks a lot.”
No—that doesn’t make sense. You quickly check the history. git log --patch 3bc42b. “Added missing docblocks for X, Y and Z.” You form a puzzled expression, raising your hands from the keyboard slightly before tapping the space bar a few times with few expectations. Sure enough, in with a few minor docblock changes, there was one very inconspicuous line change that added the back door to the authentication system. The commit message is fairly clear and does not raise any red flags—why would you check it? Furthermore, the author of the commit was indeed you!
Thoughts race through your mind. How could this have happened? That commit has your name, but you do not recall ever having made those changes. Furthermore, you would have never made that line change; it simply does not make sense. Did your colleague frame you by committing as you? Was your colleague’s system compromised? Was your host compromised? It couldn’t have been your local repository; that commit was clearly part of the merge and did not exist in your local repository until your pull on that morning two months ago.
Regardless of what happened, one thing is horrifically clear: right now, you are the one being blamed.
Posted on 2012-05-22. Read more »