Mike Gerwitz

Free Software Hacker+Activist

aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMike Gerwitz <mtg@gnu.org>2019-01-17 01:30:52 -0500
committerMike Gerwitz <mtg@gnu.org>2019-01-17 01:30:52 -0500
commit4c55540034754a8da52809968f68673d57e3c3da (patch)
tree34ac7c31bac92230220d82643f93f5152fda9724
parent8dbde47b650c185bbd24b5d0fed8233199f7140c (diff)
parentf24dc3e227e91e128a200f92c7c170dc45412950 (diff)
downloadthoughts-4c55540034754a8da52809968f68673d57e3c3da.tar.gz
thoughts-4c55540034754a8da52809968f68673d57e3c3da.tar.bz2
thoughts-4c55540034754a8da52809968f68673d57e3c3da.zip
Initial release of new website
I had meant to write a blog post right away, but it's late and I haven't yet decided if I should wait for further enhancements.
-rw-r--r--.gitignore18
-rw-r--r--.gitmodules6
-rw-r--r--Makefile206
-rw-r--r--README3
-rwxr-xr-xbootstrap78
-rwxr-xr-xbuild-aux/lsfonts22
-rwxr-xr-xbuild-aux/mkmk48
m---------docs/papers/coope0
-rw-r--r--fonts/.gitignore2
-rw-r--r--fonts/LICENSE.apache2201
-rw-r--r--fonts/OpenSans-Regular.ttfbin0 -> 26488 bytes
-rw-r--r--fonts/OpenSans-Regular.woffbin22660 -> 17704 bytes
-rw-r--r--fonts/README3
-rw-r--r--fonts/SHA512SUM3
-rw-r--r--images/eff-42.pngbin0 -> 1211 bytes
-rw-r--r--images/fsf-42.pngbin1638 -> 1703 bytes
-rw-r--r--images/tp/SHA256SUM1
-rw-r--r--images/tp/SHA512SUM3
-rwxr-xr-ximages/tp/gen-makefile6
-rw-r--r--images/tp/remote-list4
m---------papers/coope0
m---------papers/cptt0
-rw-r--r--post/2012-05-22-a-git-horror-story-repository-integrity-with-signed-commits.md1316
-rw-r--r--post/2012-10-05-getting-too-tired-to-hack-at-2300.md12
-rw-r--r--post/2012-10-05-who-needs-microblogging.md29
-rw-r--r--post/2012-10-06-trademarks-in-free-software.md35
-rw-r--r--post/2012-10-09-all-these-election-attack-ads-are-utterly-useless.md17
-rw-r--r--post/2012-10-09-always-use-t-with-ssh-add-and-always-set-passwords-on-your-ssh-keys.md27
-rw-r--r--post/2012-10-09-why-no-kid-or-kid-at-heart-should-write-an-iphone-game.md42
-rw-r--r--post/2012-10-10-texas-middle-and-high-schools-tracking-student-locations-with-rfid-tags.md21
-rw-r--r--post/2012-10-13-day-changed-to-s.md8
-rw-r--r--post/2012-10-16-branch-prediction.md8
-rw-r--r--post/2012-10-16-free-speech-in-the-western-world.md7
-rw-r--r--post/2012-10-16-nyc-master-keys.md24
-rw-r--r--post/2012-10-16-verizon-router-backdoors.md27
-rw-r--r--post/2012-10-17-crackers-capable-of-causing-pacemaker-deaths.md34
-rw-r--r--post/2012-10-18-another-crack-at-medical-device-cracking.md34
-rw-r--r--post/2012-10-18-federal-appeals-court-declares-defense-of-marriage-act-unconstitutional.md12
-rw-r--r--post/2012-10-19-digitizing-books-is-fair-use-authors-guild-v-hathitrust.md8
-rw-r--r--post/2012-10-24-obama-and-warrantless-wiretapping.md28
-rw-r--r--post/2012-10-24-stingrays-cell-phone-privacy-and-warrantless-surveillance.md15
-rw-r--r--post/2012-10-27-gnu-trick-or-treat-fsf-crashes-windows-8-launch.md63
-rw-r--r--post/2012-10-30-abolishing-patents.md30
-rw-r--r--post/2012-10-30-jailbreaking-and-dcmaeff-touts-victory-fsf-warns-of-failure.md18
-rw-r--r--post/2012-10-30-openwirelessorg.md30
-rw-r--r--post/2012-10-30-trademark-bullying.md12
-rw-r--r--post/2012-10-30-ubuntu-1210-privacy-amazon-ads-and-data-leaks.md15
-rw-r--r--post/2012-11-03-ban-on-public-rallying-and-demonstrations-in-bahrain.md8
-rw-r--r--post/2012-11-03-eff-elaborates-on-dcma-ruling.md8
-rw-r--r--post/2012-11-05-another-useless-false-sense-of-security-nsa-security-tactic.md9
-rw-r--r--post/2012-11-05-california-proposition-35-concerns.md22
-rw-r--r--post/2012-11-05-mediagoblin-10k-matching-grant.md14
-rw-r--r--post/2012-11-06-video-of-2012-voting-machine-altering-votes.md11
-rw-r--r--post/2012-11-14-olpc-tablet-in-ethiopia.md19
-rw-r--r--post/2012-11-17-us-copyright-alert-system.md10
-rw-r--r--post/2012-11-17-vlcs-move-to-lgpl.md160
-rw-r--r--post/2012-11-19-copyright-reform-youre-silly.md16
-rw-r--r--post/2012-11-19-privacy-in-light-of-the-petraeus-scandal.md58
-rw-r--r--post/2012-12-01-tor-exit-node-operator-raided-in-austria.md9
-rw-r--r--post/2012-12-06-warrants-for-e-mails-in-the-united-states.md10
-rw-r--r--post/2012-12-22-copyright-assignment-of-free-software-projects.md53
-rw-r--r--post/2012-12-28-congress-approves-fisa-for-another-5-years.md46
-rw-r--r--post/2013-01-01-happy-new-year.md9
-rw-r--r--post/2013-01-07-dna-collection.md29
-rw-r--r--post/2013-01-07-uspto-wants-to-hear-from-software-community.md15
-rw-r--r--post/2013-01-14-lulu-says-goodbye-to-drm.md41
-rw-r--r--post/2013-01-26-re-fsf-wastes-away-another-high-priority-project.md171
-rw-r--r--post/2013-01-30-phone-unlocking-once-again-illegal.md7
-rw-r--r--post/2013-01-30-re-who-does-skype-let-spy.md102
-rw-r--r--post/2013-02-26-what-is-cispa-and-why-is-it-dangerous.md8
-rw-r--r--post/2013-03-01-dmr-very-early-c-compilers-and-language.md15
-rw-r--r--post/2013-03-01-libreated-pixel-cup-winners-announced.md8
-rw-r--r--post/2013-03-06-google-says-the-fbi-is-secretly-spying-on-some-of-its-customers.md35
-rw-r--r--post/2013-03-09-adding-1-and-1-in-php.md41
-rw-r--r--post/2013-03-09-oxford-university-blocks-google-docs.md50
-rw-r--r--post/2013-03-09-white-house-supports-cell-phone-unlocking.md40
-rw-r--r--post/2013-03-15-federal-judge-rules-nsls-national-security-letters-unconstitutional.md33
-rw-r--r--post/2013-03-15-html5-drm.md109
-rw-r--r--post/2013-03-23-congratulations-to-the-2012-free-software-award-winners.md22
-rw-r--r--post/2013-03-23-defective-by-design-campaign-against-w3c-drm-standard.md46
-rw-r--r--post/2013-04-20-us-house-passes-cispa.md20
-rw-r--r--post/2013-06-06-improved-website.md14
-rw-r--r--post/2013-06-10-national-uproar-a-comprehensive-overview-of-the-nsa-leaks-and-revelations.md631
-rw-r--r--post/2013-06-16-all-thoughts-and-site-text-now-licensed-under-cc-by-sa.md159
-rw-r--r--post/2013-07-12-snowden-statement-at-moscow-airport-accepts-asylum-offers.md64
-rw-r--r--post/2013-08-11-london-trashcan-spies.md99
-rw-r--r--post/2013-08-12-facebook-knows-about-you-even-if-you-are-not-a-member.md17
-rw-r--r--post/2013-08-12-windows-81-to-display-targeted-advertisements-on-local-system-searches.md40
-rw-r--r--post/2013-08-13-freebsd-clang-and-gcc-copyleft-vs-community.md209
-rw-r--r--post/2013-08-13-measuring-air-temperature-with-phone-batteries.md64
-rw-r--r--post/2014-03-20-re-freebsd-clang-and-gcc-copyleft-vs-community.md60
-rw-r--r--post/2014-05-16-fsf-condemns-partnership-between-mozilla-and-adobe-to-support-drm.md128
-rw-r--r--post/2014-11-30-please-stop-using-slideshare.md65
-rw-r--r--post/2015-05-20-gitlab-gitorious-and-free-software.md257
-rw-r--r--post/2015-11-20-comcast-injects-javascript-into-web-pages.md60
-rw-r--r--post/2015-12-09-now-hosting-personal-gnu-social-instance.md14
-rw-r--r--post/2016-01-24-google-analytics-removed-from-gitlabcom-instance.md92
-rw-r--r--post/2016-02-28-join-me-at-libreplanet-2016-for-my-talk-restore-online-freedom.md45
-rw-r--r--post/2016-04-02-reddit-suspected-to-have-been-served-with-an-nsl.md37
-rw-r--r--post/2016-04-03-facebook-will-use-software-for-the-vr-headset-occulus-rift-to-spy-on-you.md27
-rw-r--r--post/2016-04-06-gnu-kwindows.md183
-rw-r--r--post/2016-05-03-international-day-against-drm-2016.md88
-rw-r--r--post/2016-07-16-cfaa-authorized-access-and-common-sense.md55
-rw-r--r--post/2016-07-29-election.md41
-rw-r--r--post/2016-08-25-nso-group-pegasus-tridentios-exploits-targeting-human-rights-activist.md103
-rw-r--r--post/2017-05-16-self-discovery-before-the-internet.md79
-rw-r--r--post/2017-06-03-gnu-is-more-than-a-collection-of-software.md35
-rw-r--r--post/2017-06-24-russia-wants-to-review-source-code-of-western-security-software.md79
-rw-r--r--post/2017-06-27-dont-force-me-to-use-your-tools-on-the-web.md85
-rw-r--r--post/2018-01-05-the-ethics-void-join-me-at-libreplanet-2018.md40
-rw-r--r--post/2018-01-08-meltdown-spectre-and-the-web.md44
-rw-r--r--post/2018-04-15-when-talking-about-mobile-tracking-dont-veil-bad-actors-with-blanket-statements.md60
-rw-r--r--post/2018-09-06-libreplanet-2019-will-be-march-23-24-in-boston-ma.md28
-rw-r--r--post/2018-10-05-webmasters-please-dont-block-tor.md66
-rw-r--r--src/404.htm28
-rw-r--r--src/about.htm91
-rw-r--r--src/about/githubbub.md126
-rw-r--r--src/about/inside.htm47
-rw-r--r--src/about/resume.html (renamed from docs/about/resume.html)0
-rw-r--r--src/about/resume/.gitignore (renamed from docs/about/resume/.gitignore)0
-rw-r--r--src/about/resume/style-print.css (renamed from docs/about/resume/style-print.css)0
-rw-r--r--src/about/resume/style.css (renamed from docs/about/resume/style.css)0
-rw-r--r--src/cgit/README4
-rw-r--r--src/cgit/cgitrc171
-rwxr-xr-xsrc/cgit/footer.sh27
-rw-r--r--src/cgit/head.html2
-rwxr-xr-xsrc/cgit/header.sh27
-rw-r--r--src/footer.tpl.htm109
-rwxr-xr-xsrc/h12title44
-rw-r--r--src/header.tpl.htm30
-rwxr-xr-xsrc/index.sh133
-rwxr-xr-xsrc/mkheader53
-rw-r--r--src/pandoc.tpl28
-rw-r--r--src/papers.rec41
-rwxr-xr-xsrc/papers.sh183
-rwxr-xr-xsrc/post2html106
-rwxr-xr-xsrc/post2meta82
-rwxr-xr-xsrc/posts.sh103
-rw-r--r--src/redirect-map.php69
-rwxr-xr-xsrc/rss.sh115
-rw-r--r--src/talks.rec81
-rwxr-xr-xsrc/talks.sh101
-rw-r--r--style.css1013
143 files changed, 8827 insertions, 785 deletions
diff --git a/.gitignore b/.gitignore
index 4d13571..6aaf4b4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,11 +1,13 @@
*.html
-!docs/about/resume.html
+!/src/about/resume.html
+!src/cgit/head.html
+*.meta
+*.mk
+/post/list
+!/docs/about/resume.html
rss.xml
-www-root
-docs/papers/.list
+/www-root
+/cgit-root
+/papers/*.pdf
+/papers/*.dvi
-# repo2html
-.clist
-.cref-bad
-.cref-errlog
-.hashcache
diff --git a/.gitmodules b/.gitmodules
index 50c2e22..04707be 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -4,3 +4,9 @@
[submodule "docs/papers/cptt"]
path = docs/papers/cptt
url = https://mikegerwitz.com/projects/cptt
+[submodule "papers/cptt"]
+ path = papers/cptt
+ url = https://mikegerwitz.com/projects/cptt
+[submodule "papers/coope"]
+ path = papers/coope
+ url = https://mikegerwitz.com/projects/coope
diff --git a/Makefile b/Makefile
index 9a8dad4..698ae8a 100644
--- a/Makefile
+++ b/Makefile
@@ -1,107 +1,143 @@
# Builds thoughts (well, not quite like that)
#
-# Copyright (C) 2013 Mike Gerwitz
+# Copyright (C) 2013, 2018, 2019 Mike Gerwitz
#
-# This program is free software: you can redistribute it and/or modify
+# This program is free software: you can rewww-ribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
-# This program is distributed in the hope that it will be useful,
+# This program is www-ributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-# #
-
-pages := $(patsubst %.pg, %.html, \
- $(shell find docs/ -name '*.pg'))
-pages_md := $(patsubst %.md, %.html, \
- $(shell find docs/ -name '*.md'))
-articles := $(patsubst %.txt, %.html, \
- $(shell find docs/ -maxdepth 2 -name '*.txt' | grep -Fv /gh/))
-# articles in TeX with an inappropriate var name
-texticles=$(patsubst %/, %.html, $(dir $(shell find docs/ -name 'Makefile')))
-www_root := www-root/
-url_root := https://mikegerwitz.com
-repo_url := https://mikegerwitz.com/projects/thoughts
-repo_commit_url := '$(repo_url)/commit/?id=%s'
-
-# configured repo2html command
-repo2html := repo2html \
- -t 'Mike Gerwitz' \
- -d 'Free Software Hacker+Activist' \
- -c 'Mike Gerwitz' \
- -l 'This content is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License.' \
- -C '/style.css' \
- -f 'tools/thoughts-fmt' \
- -F .listfilter \
- -T '$(PWD)/tpl' \
- -u '$(repo_url)' \
- -U '$(repo_commit_url)' \
- -E ''
-
-.PHONY: default clean pages articles thoughts docs
+#
+# This project is a static site generator. This Makefile was written to
+# have deep knowledge of every aspect of the site so that it can be
+# incrementally built, and so that all relevant portions will be properly
+# rebuilt any time something changes.
+#
+# Source files are automatically identified through either wildcards or
+# Makefile generation with one important exception: things in src/. The
+# reason is that src/ contains a number of things we don't want published,
+# and the distinction is too messy to codify. Of course, another option is
+# to clean that up, but I don't mind being explicit for now.
+##
+
+.DELETE_ON_ERROR:
+
+postsrc := $(wildcard post/*.md)
+pmeta := $(postsrc:.md=.meta)
+phtml := $(postsrc:.md=.html)
+pmk := $(pmeta:.meta=.mk)
+
+www-root = www-root
+cgit-root = cgit-root
+
+# articles in TeX
+texticles = $(wildcard papers/*/)
+www-paper = $(patsubst papers/%/, $(www-root)/papers/%.pdf, $(texticles)) \
+ $(patsubst papers/%/, $(www-root)/papers/%.dvi, $(texticles))
+
+images = $(wildcard images/*.*) $(wildcard images/tp/*.*)
+www-images = $(patsubst images/%, $(www-root)/images/%, $(images))
+
+cssfonts := $(shell build-aux/lsfonts)
+www-fonts := $(patsubst fonts/%, $(www-root)/fonts/%, $(cssfonts))
+
+# Manually maintain both for simplicity and to ensure something does not get
+# unintentionally published.
+srcpages = src/index.html src/about.html src/papers.html src/posts.html \
+ src/talks.html src/404.html src/about/inside.html \
+ src/about/githubbub.html \
+ src/about/resume.html $(wildcard src/about/resume/*)
+www-pages = $(patsubst src/%, $(www-root)/%, $(srcpages))
+
+www-files = $(www-pages) $(www-root)/style.css $(www-root)/rss.xml $(www-paper) \
+ $(www-images) $(www-fonts) $(www-root)/redirect-map.php
+
+RSS_N=10
+export WWW_URL
+
+
+.PHONY: default clean webroot cgitroot
default: www-root
-thoughts:
- mkdir -p "$(www_root)"
- $(repo2html) \
- -R 40 \
- -o "$(www_root)" \
- '$(url_root)' \
- > "$(www_root)/index.html"
-
-# all .txt articles will be compiled with asciidoc, then post-processed with the
-# mgify script
-%.html: %.txt
- asciidoc -fasciidoc.conf -v \
- -a stylesdir= \
- -a themedir=$(PWD)/ \
- $<
- ./tools/mgify "$@"
-
-# "pages"
-%.html: %.pg docs/papers/.list tpl/.config
- $(repo2html) -icontent -ftools/extfmt <$< >$@
-%.html: %.md tpl/.config
- $(repo2html) -icontent -ftools/mdfmt <$< >$@
-
-# TeX papers are expected to have their own makefiles as well as an abstract.tex
-%.html: %/abstract.tex
- $(MAKE) -C '$(dir $<)' pdf dvi
- url_root='$(url_root)' ./tools/texdoc '$(dir $<)' | $(repo2html) -icontent -ftools/extfmt >$@
+%.meta: %.html src/post2meta src/post2html
+ src/post2meta $< > $@
+src/talks.html: src/talks.rec
+src/papers.html: src/papers.rec
+%.html %.xml: %.sh post/list src/mkheader src/header.tpl.htm src/footer.tpl.htm $(phtml)
+ $< > $@
+%.html: %.md src/post2html src/mkheader src/h12title src/header.tpl.htm src/footer.tpl.htm src/pandoc.tpl
+ src/post2html $< > $@
+%.html: %.htm src/mkheader src/h12title src/header.tpl.htm src/footer.tpl.htm
+ src/mkheader about @__PAGE_TITLE__@ \
+ | cat - $< src/footer.tpl.htm \
+ | src/h12title @__PAGE_TITLE__@ \
+ > $@
+
+# special outputs
+src/rss.xml: src/rss.sh post/list $(phtml)
+ head -n$(RSS_N) post/list | xargs $< > $@
+
+posts: $(pmeta) $(phtml)
+post/list: $(pmeta)
+ ls post/*.meta | sort -rn > $@
+
+# Rules for generating the final webroot from the posts are themselves
+# generated. This also appends dependencies to www-posts.
+.PHONY: www-posts
+post/%.mk: post/%.meta build-aux/mkmk
+ build-aux/mkmk $(www-root) $< > $@
+
+# Note the conditional include only for webroot. This is needed for two
+# reasons:
+# 1. To avoid including them on `clean' (see GNU Make manual, which is
+# where this snippet originated from); and
+# 2. Because otherwise including the makefiles causes every pmete to be
+# built, which is unnecessary for all but `webroot'.
+#
+# The alternative (and perhaps more proper means) to #2 would be to run mkmk
+# as part of the meta target. This was originally done until a solution to
+# `clean' was needed; this handles both situations well.
+ifeq ($(MAKECMDGOALS),webroot)
+include $(pmk)
+endif
+
+webroot: www-posts $(www-files)
+$(www-root)/style.css: style.css
+ install -Dma+r $< $@
+$(www-root)/%: src/%
+ install -Dma+r $< $@
+$(www-root)/fonts/%: fonts/%
+ install -Dma+r $< $@
+$(www-root)/papers/%: papers/%
+ install -Dma+r $< $@
+$(www-root)/images/%: images/%
+ install -Dma+r $< $@
+
+
+# TeX papers are expected to have their own Makefiles as well as an abstract.tex
+papers/%.pdf: papers/%/abstract.tex
+ $(MAKE) -C $(dir $<) pdf
+ cp $(dir $<)/$*.pdf $@
+papers/%.dvi: papers/%/abstract.tex
+ $(MAKE) -C $(dir $<) dvi
+ cp $(dir $<)/$*.dvi $@
docs/papers/.list: thoughts articles
echo "$(articles) $(texticles)" | tr ' ' '\n' | tools/doclist >$@
-images: images/tp/Makefile
- $(MAKE) -C '$(dir $<)' all check
-images/tp/Makefile: images/tp/gen-makefile
- ( cd images/tp/ && ./gen-makefile ) >$@
-
-pages: $(pages) $(pages_md)
-articles: $(articles) $(texticles)
-docs: pages articles
-www-root: docs thoughts images
- mkdir -p www-root/papers
- ( cd docs/ \
- && find . -maxdepth 2 -name '*.html' -exec ../tools/doc-cp {} ../www-root/{} \; \
- && find . -maxdepth 3 \( -name '*.pdf' -o -name '*.dvi' \) -exec cp {} ../www-root/{} \; \
- )
- mkdir -p www-root/images/
- cp -v images/*.* images/tp/*.png www-root/images/
- cp -rv fonts/ www-root/
- cp -rv _raw/* www-root/
- cp -v style.css www-root/
- mkdir -p www-root/docs
- cp -rv docs/gh/ www-root/docs/
- cp -rv docs/about/resume www-root/about/
- cp -rv docs/hoxsl www-root/hoxsl
+
+cgitroot: $(cgit-root)/head.html $(cgit-root)/header.html $(cgit-root)/footer.html \
+ $(cgit-root)/cgitrc
+$(cgit-root)/%: src/cgit/%
+ install -Dma+r $< $@
clean:
- rm -rf www-root/
- rm -f $(pages) $(pages_md) $(articles) $(texticles)
+ rm -rf $(www-root) $(pmeta) $(phtml) $(pmk) $(cgit-root)
diff --git a/README b/README
index e8d6356..52de14f 100644
--- a/README
+++ b/README
@@ -1,5 +1,4 @@
The miscellaneous thoughts and ramblings of a free software hacker.
-This website is processed with repo2html.
+https://mikegerwitz.com/
-http://mikegerwitz.com/
diff --git a/bootstrap b/bootstrap
new file mode 100755
index 0000000..3217021
--- /dev/null
+++ b/bootstrap
@@ -0,0 +1,78 @@
+#!/bin/bash
+# Prepares build environment
+#
+# Copyright (C) 2019 Mike Gerwitz
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# This will also download any necessary third-party files. Note that all
+# downloads are proxied over Tor (using `torify').
+##
+
+set -euo pipefail
+
+# Source fonts (Apache 2.0)
+declare -rA fonts=(
+ [OpenSans-Regular.woff]=https://fonts.gstatic.com/s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0d.woff
+ [OpenSans-Light.woff]=https://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN_r8OUuhv.woff
+ [OpenSans-SemiBold.woff]=https://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UNirkOUuhv.woff
+)
+
+declare -r tpimagesdir=images/tp
+declare -r fontdir=fonts
+
+
+# Download third-party images. This not only keeps them out of the
+# repository, but explicitly states in a reproducible manner how the images
+# were manipulated (if at all).
+get-images()
+{
+ echo 'retrieving third-party images...'
+
+ ( cd "$tpimagesdir" && ./gen-makefile > Makefile )
+ make -C "$tpimagesdir" all check
+}
+
+
+# Download and verify fonts and license.
+get-fonts()
+{
+ local font src dest
+
+ echo 'retrieving font files...'
+ for font in "${!fonts[@]}"; do
+ src=${fonts[$font]}
+ dest="$fontdir/$font"
+
+ test ! -f "$dest" || continue
+ torify wget "$src" -O "$dest"
+ done
+
+ # Verify that we haven't been served bad files. This should only happen
+ # in the case of network failure or a malicious host, since the above URLs
+ # reference the commit hash.
+ echo 'verifying font files...'
+ ( cd "$fontdir" && sha512sum -c SHA512SUM )
+}
+
+
+# Bootstrap.
+main()
+{
+ get-images
+ get-fonts
+}
+
+
+main "$@"
diff --git a/build-aux/lsfonts b/build-aux/lsfonts
new file mode 100755
index 0000000..78df9d6
--- /dev/null
+++ b/build-aux/lsfonts
@@ -0,0 +1,22 @@
+#!/bin/sh
+# List fonts used by CSS
+#
+# Copyright (C) 2019 Mike Gerwitz
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+##
+
+grep -A4 @font-face style.css \
+ | grep -o "fonts/[^']\+"
+
diff --git a/build-aux/mkmk b/build-aux/mkmk
new file mode 100755
index 0000000..4f6a983
--- /dev/null
+++ b/build-aux/mkmk
@@ -0,0 +1,48 @@
+#!/bin/bash
+# Generate dependency Makefile for post
+#
+# Copyright (C) 2019 Mike Gerwitz
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# The dependency Makefile is responsible for webroot generation. This is
+# necessary since the directory structure of the webroot varies so wildly
+# from that of the source.
+##
+
+set -euo pipefail
+
+
+# Generate Makefile. Produces webroot target and adds that target to the
+# `www-posts' phony target.
+main()
+{
+ local -r distdir=${1?Missing distdir}
+ local -r meta=${2?Missing post path}
+
+ local slug
+ slug=$( recsel -P slug "$meta" )
+
+ local -r dest="$distdir/$slug.html"
+ local -r src="${meta%%.meta}.html"
+
+ cat <<EOF
+www-posts: $dest
+$dest: $src
+ install -Dma+r $src $dest
+EOF
+}
+
+
+main "$@"
diff --git a/docs/papers/coope b/docs/papers/coope
deleted file mode 160000
-Subproject 98583d0e9f72a6e0af4117f013679fca1978f1d
diff --git a/fonts/.gitignore b/fonts/.gitignore
new file mode 100644
index 0000000..8ba498c
--- /dev/null
+++ b/fonts/.gitignore
@@ -0,0 +1,2 @@
+*.woff
+
diff --git a/fonts/LICENSE.apache2 b/fonts/LICENSE.apache2
deleted file mode 100644
index 989e2c5..0000000
--- a/fonts/LICENSE.apache2
+++ /dev/null
@@ -1,201 +0,0 @@
-Apache License
- Version 2.0, January 2004
- http://www.apache.org/licenses/
-
- TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
- 1. Definitions.
-
- "License" shall mean the terms and conditions for use, reproduction,
- and distribution as defined by Sections 1 through 9 of this document.
-
- "Licensor" shall mean the copyright owner or entity authorized by
- the copyright owner that is granting the License.
-
- "Legal Entity" shall mean the union of the acting entity and all
- other entities that control, are controlled by, or are under common
- control with that entity. For the purposes of this definition,
- "control" means (i) the power, direct or indirect, to cause the
- direction or management of such entity, whether by contract or
- otherwise, or (ii) ownership of fifty percent (50%) or more of the
- outstanding shares, or (iii) beneficial ownership of such entity.
-
- "You" (or "Your") shall mean an individual or Legal Entity
- exercising permissions granted by this License.
-
- "Source" form shall mean the preferred form for making modifications,
- including but not limited to software source code, documentation
- source, and configuration files.
-
- "Object" form shall mean any form resulting from mechanical
- transformation or translation of a Source form, including but
- not limited to compiled object code, generated documentation,
- and conversions to other media types.
-
- "Work" shall mean the work of authorship, whether in Source or
- Object form, made available under the License, as indicated by a
- copyright notice that is included in or attached to the work
- (an example is provided in the Appendix below).
-
- "Derivative Works" shall mean any work, whether in Source or Object
- form, that is based on (or derived from) the Work and for which the
- editorial revisions, annotations, elaborations, or other modifications
- represent, as a whole, an original work of authorship. For the purposes
- of this License, Derivative Works shall not include works that remain
- separable from, or merely link (or bind by name) to the interfaces of,
- the Work and Derivative Works thereof.
-
- "Contribution" shall mean any work of authorship, including
- the original version of the Work and any modifications or additions
- to that Work or Derivative Works thereof, that is intentionally
- submitted to Licensor for inclusion in the Work by the copyright owner
- or by an individual or Legal Entity authorized to submit on behalf of
- the copyright owner. For the purposes of this definition, "submitted"
- means any form of electronic, verbal, or written communication sent
- to the Licensor or its representatives, including but not limited to
- communication on electronic mailing lists, source code control systems,
- and issue tracking systems that are managed by, or on behalf of, the
- Licensor for the purpose of discussing and improving the Work, but
- excluding communication that is conspicuously marked or otherwise
- designated in writing by the copyright owner as "Not a Contribution."
-
- "Contributor" shall mean Licensor and any individual or Legal Entity
- on behalf of whom a Contribution has been received by Licensor and
- subsequently incorporated within the Work.
-
- 2. Grant of Copyright License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- copyright license to reproduce, prepare Derivative Works of,
- publicly display, publicly perform, sublicense, and distribute the
- Work and such Derivative Works in Source or Object form.
-
- 3. Grant of Patent License. Subject to the terms and conditions of
- this License, each Contributor hereby grants to You a perpetual,
- worldwide, non-exclusive, no-charge, royalty-free, irrevocable
- (except as stated in this section) patent license to make, have made,
- use, offer to sell, sell, import, and otherwise transfer the Work,
- where such license applies only to those patent claims licensable
- by such Contributor that are necessarily infringed by their
- Contribution(s) alone or by combination of their Contribution(s)
- with the Work to which such Contribution(s) was submitted. If You
- institute patent litigation against any entity (including a
- cross-claim or counterclaim in a lawsuit) alleging that the Work
- or a Contribution incorporated within the Work constitutes direct
- or contributory patent infringement, then any patent licenses
- granted to You under this License for that Work shall terminate
- as of the date such litigation is filed.
-
- 4. Redistribution. You may reproduce and distribute copies of the
- Work or Derivative Works thereof in any medium, with or without
- modifications, and in Source or Object form, provided that You
- meet the following conditions:
-
- (a) You must give any other recipients of the Work or
- Derivative Works a copy of this License; and
-
- (b) You must cause any modified files to carry prominent notices
- stating that You changed the files; and
-
- (c) You must retain, in the Source form of any Derivative Works
- that You distribute, all copyright, patent, trademark, and
- attribution notices from the Source form of the Work,
- excluding those notices that do not pertain to any part of
- the Derivative Works; and
-
- (d) If the Work includes a "NOTICE" text file as part of its
- distribution, then any Derivative Works that You distribute must
- include a readable copy of the attribution notices contained
- within such NOTICE file, excluding those notices that do not
- pertain to any part of the Derivative Works, in at least one
- of the following places: within a NOTICE text file distributed
- as part of the Derivative Works; within the Source form or
- documentation, if provided along with the Derivative Works; or,
- within a display generated by the Derivative Works, if and
- wherever such third-party notices normally appear. The contents
- of the NOTICE file are for informational purposes only and
- do not modify the License. You may add Your own attribution
- notices within Derivative Works that You distribute, alongside
- or as an addendum to the NOTICE text from the Work, provided
- that such additional attribution notices cannot be construed
- as modifying the License.
-
- You may add Your own copyright statement to Your modifications and
- may provide additional or different license terms and conditions
- for use, reproduction, or distribution of Your modifications, or
- for any such Derivative Works as a whole, provided Your use,
- reproduction, and distribution of the Work otherwise complies with
- the conditions stated in this License.
-
- 5. Submission of Contributions. Unless You explicitly state otherwise,
- any Contribution intentionally submitted for inclusion in the Work
- by You to the Licensor shall be under the terms and conditions of
- this License, without any additional terms or conditions.
- Notwithstanding the above, nothing herein shall supersede or modify
- the terms of any separate license agreement you may have executed
- with Licensor regarding such Contributions.
-
- 6. Trademarks. This License does not grant permission to use the trade
- names, trademarks, service marks, or product names of the Licensor,
- except as required for reasonable and customary use in describing the
- origin of the Work and reproducing the content of the NOTICE file.
-
- 7. Disclaimer of Warranty. Unless required by applicable law or
- agreed to in writing, Licensor provides the Work (and each
- Contributor provides its Contributions) on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
- implied, including, without limitation, any warranties or conditions
- of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
- PARTICULAR PURPOSE. You are solely responsible for determining the
- appropriateness of using or redistributing the Work and assume any
- risks associated with Your exercise of permissions under this License.
-
- 8. Limitation of Liability. In no event and under no legal theory,
- whether in tort (including negligence), contract, or otherwise,
- unless required by applicable law (such as deliberate and grossly
- negligent acts) or agreed to in writing, shall any Contributor be
- liable to You for damages, including any direct, indirect, special,
- incidental, or consequential damages of any character arising as a
- result of this License or out of the use or inability to use the
- Work (including but not limited to damages for loss of goodwill,
- work stoppage, computer failure or malfunction, or any and all
- other commercial damages or losses), even if such Contributor
- has been advised of the possibility of such damages.
-
- 9. Accepting Warranty or Additional Liability. While redistributing
- the Work or Derivative Works thereof, You may choose to offer,
- and charge a fee for, acceptance of support, warranty, indemnity,
- or other liability obligations and/or rights consistent with this
- License. However, in accepting such obligations, You may act only
- on Your own behalf and on Your sole responsibility, not on behalf
- of any other Contributor, and only if You agree to indemnify,
- defend, and hold each Contributor harmless for any liability
- incurred by, or claims asserted against, such Contributor by reason
- of your accepting any such warranty or additional liability.
-
- END OF TERMS AND CONDITIONS
-
- APPENDIX: How to apply the Apache License to your work.
-
- To apply the Apache License to your work, attach the following
- boilerplate notice, with the fields enclosed by brackets "[]"
- replaced with your own identifying information. (Don't include
- the brackets!) The text should be enclosed in the appropriate
- comment syntax for the file format. We also recommend that a
- file or class name and description of purpose be included on the
- same "printed page" as the copyright notice for easier
- identification within third-party archives.
-
- Copyright [yyyy] [name of copyright owner]
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License. \ No newline at end of file
diff --git a/fonts/OpenSans-Regular.ttf b/fonts/OpenSans-Regular.ttf
new file mode 100644
index 0000000..9d4e8e5
--- /dev/null
+++ b/fonts/OpenSans-Regular.ttf
Binary files differ
diff --git a/fonts/OpenSans-Regular.woff b/fonts/OpenSans-Regular.woff
index e231183..e495e6f 100644
--- a/fonts/OpenSans-Regular.woff
+++ b/fonts/OpenSans-Regular.woff
Binary files differ
diff --git a/fonts/README b/fonts/README
index 30061b6..cd8b589 100644
--- a/fonts/README
+++ b/fonts/README
@@ -1,2 +1 @@
-Open Sans by Steve Matteson
-Apache 2.0 License
+Run bootstrap to retrieve fonts
diff --git a/fonts/SHA512SUM b/fonts/SHA512SUM
new file mode 100644
index 0000000..80b09cd
--- /dev/null
+++ b/fonts/SHA512SUM
@@ -0,0 +1,3 @@
+6b04f0f3e632637dd82b11064502b1036ea20e8824eb973b1b369cb3fbe823e35094764a72eb7fd5e76431131b88287e622055ffa71131d7dc609a2b0371311e OpenSans-Light.woff
+5029c9d19e1cb91481cd8f23a90fdd3bdc0058dc36e9a29e1d5c808482806f359365b588b1ec0b9d22ae975eff9475ee662e93a0e3421961bd0620cb307d44d9 OpenSans-Regular.woff
+9dbd69e362fe4144c686adc1c53e0d55efe9aa173c2402667559e14a4ed505a00fc6d5ac95b1e0259d26efb9b846c34034359e1d88148610ea5ce89d300d9008 OpenSans-SemiBold.woff
diff --git a/images/eff-42.png b/images/eff-42.png
new file mode 100644
index 0000000..2afb94d
--- /dev/null
+++ b/images/eff-42.png
Binary files differ
diff --git a/images/fsf-42.png b/images/fsf-42.png
index 379d464..ef20b5a 100644
--- a/images/fsf-42.png
+++ b/images/fsf-42.png
Binary files differ
diff --git a/images/tp/SHA256SUM b/images/tp/SHA256SUM
deleted file mode 100644
index a77793c..0000000
--- a/images/tp/SHA256SUM
+++ /dev/null
@@ -1 +0,0 @@
-3a2fb99c4cbb929ee7a5c404f7b356fa9c5133145feaf834220cad4362d651d0 eff-42.png
diff --git a/images/tp/SHA512SUM b/images/tp/SHA512SUM
new file mode 100644
index 0000000..9dbaa90
--- /dev/null
+++ b/images/tp/SHA512SUM
@@ -0,0 +1,3 @@
+3a91c74bec2dc9b65df8a0208b2f640b1971131c2791c8f3f8431219405702e600bdc476f0f792856f7c31f8b8144d125c934105287913a822d14c0aef058993 eff-42.png
+81db76e73f274194c82695eb314cae4b371f3a1cb246a18ff702b26440dbe73bb110a8695230c4d75e628f652a245e3675541144003975a650aa5edecb5f72f3 eff-privacy.png
+794b6aca4d20e60f876b38127a5d3f5975e4c99b0520dfd8a1895df00b9168f07cf650fb2d2a4d7d818a74d3a9e5a252b94ef70cf50fb17484f4272408420ba9 fsfs-icons-beige.png
diff --git a/images/tp/gen-makefile b/images/tp/gen-makefile
index 85764e2..0b99526 100755
--- a/images/tp/gen-makefile
+++ b/images/tp/gen-makefile
@@ -29,11 +29,11 @@ images := $( cut -d' ' -f1 "$remote_file" | tr '\n' ' ' )
.PHONY: all check clean
all: \$(images)
-SHA256SUM: \$(images)
- sha256sum \$(images) > \$@
+SHA512SUM: \$(images)
+ sha512sum \$(images) > \$@
check:
- sha256sum -c SHA256SUM
+ sha512sum -c SHA512SUM
clean:
\$(RM) \$(images)
diff --git a/images/tp/remote-list b/images/tp/remote-list
index 84119f5..f92aaf1 100644
--- a/images/tp/remote-list
+++ b/images/tp/remote-list
@@ -1 +1,5 @@
eff-42.png https://web.archive.org/web/20170922020250/https://www.eff.org/files/2014/01/24/eff-logo-plain-rgb.png -trim -resize 42 -gravity center -extent 42x42
+eff-privacy.png https://web.archive.org/web/20190102234255/https://www.eff.org/files/issues/icon-privacy-1_0.png -scale x250 -crop 250x250+125+0
+fsfs-icons-beige.png https://web.archive.org/web/20190105011705/http://static.fsf.org/nosvn/images/badges/fsfs_icons_beige-bg.png
+lp-2017-crop.png https://web.archive.org/web/20181208025632/https://libreplanet.org/2017/assets/img/site_logo_alternate.png -crop 75x75+29+0
+
diff --git a/papers/coope b/papers/coope
new file mode 160000
+Subproject 93fa274206c70606fca0b42d9329e3f8565816f
diff --git a/papers/cptt b/papers/cptt
new file mode 160000
+Subproject 41a35f3c37fd41772ff7ae8aca62d77c4cafcf6
diff --git a/post/2012-05-22-a-git-horror-story-repository-integrity-with-signed-commits.md b/post/2012-05-22-a-git-horror-story-repository-integrity-with-signed-commits.md
new file mode 100644
index 0000000..871dd14
--- /dev/null
+++ b/post/2012-05-22-a-git-horror-story-repository-integrity-with-signed-commits.md
@@ -0,0 +1,1316 @@
+# A Git Horror Story: Repository Integrity With Signed Commits
+
+_(Note: This article was written at the end of 2012 and is out of date. I
+will update it at some point, but until then, please keep that in
+perspective.)_
+
+It's 2:00 AM. The house is quiet, the kid is in bed and your significant other
+has long since fallen asleep on the couch waiting for you, the light of the TV
+flashing out of the corner of your eye. Your mind and body are exhausted.
+Satisfied with your progress for the night, you commit the code you've been
+hacking for hours: `"[master 2e4fd96] Fixed security vulnerability CVE-123"`.
+You push your changes to your host so that others can view and comment on your
+progress before tomorrow's critical release, suspend your PC and struggle to
+wake your significant other to get him/her in bed. You turn off the lights, trip
+over a toy on your way to the bedroom and sigh as you realize you're going to
+have to make a bottle for the child who just heard his/her favorite toy jingle.
+
+Fast forward four sleep-deprived hours. You are woken to the sound of your phone
+vibrating incessantly. You smack it a few times, thinking it's your alarm clock,
+then fumble half-blind as you try to to dig it out from under the bed after you
+knock it off the nightstand. (Oops, you just woke the kid up again.) You pick up
+the phone and are greeted by a frantic colleague. "I merged in our changes. We
+need to tag and get this fix out there." Ah, damnit. You wake up your
+significant other, asking him/her to deal with the crying child (yeah, that went
+well) and stumble off to your PC, failing your first attempt to enter your
+password. You rub your eyes and pull the changes.
+
+Still squinting, you glance at the flood of changes presented to you. Your
+child is screaming in the background, not amused by your partner's feeble
+attempts to console him/her. `git log --pretty=short`...everything looks
+good---just a bunch of commits from you and your colleague that were merged in.
+You run the test suite---everything passes. Looks like you're ready to go. `git
+tag -s 1.2.3 -m 'Various bugfixes, including critical CVE-123' && git push
+--tags`. After struggling to enter the password to your private key, slowly
+standing up from your chair as you type, you run off to help with the baby
+(damnit, where do they keep the source code for these things). Your CI system
+will handle the rest.
+
+Fast forward two months.
+
+CVE-123 has long been fixed and successfully deployed. However, you receive an
+angry call from your colleague. It seems that one of your most prominent users
+has had a massive security breach. After researching the problem, your colleague
+found that, according to the history, _the breach exploited a back door that you
+created!_ What? You would never do such a thing. To make matters worse, `1.2.3`
+was signed off by you, using your GPG key---you affirmed that this tag was
+good and ready to go. "3-b-c-4-2-b, asshole", scorns your colleague. "Thanks
+a lot."
+
+No---that doesn't make sense. You quickly check the history. `git log --patch
+3bc42b`. "Added missing docblocks for X, Y and Z." You form a puzzled
+expression, raising your hands from the keyboard slightly before tapping the
+space bar a few times with few expectations. Sure enough, in with a few minor
+docblock changes, there was one very inconspicuous line change that added the
+back door to the authentication system. The commit message is fairly clear and
+does not raise any red flags---why would you check it? Furthermore, the
+author of the commit _was indeed you!_
+
+Thoughts race through your mind. How could this have happened? That commit has
+your name, but you do not recall ever having made those changes. Furthermore,
+you would have never made that line change; it simply does not make sense. Did
+your colleague frame you by committing as you? Was your colleague's system
+compromised? Was your _host_ compromised? It couldn't have been your local
+repository; that commit was clearly part of the merge and did not exist in your
+local repository until your pull on that morning two months ago.
+
+Regardless of what happened, one thing is horrifically clear: right now, you are
+the one being blamed.
+
+<!-- more -->
+
+## Who Do You Trust? {#trust}
+
+Theorize all you want---it's possible that you may never fully understand what
+resulted in the compromise of your repository. The above story is purely
+hypothetical, but entirely within the realm of possibility. How can you rest
+assured that your repository is safe for not only those who would reference or
+clone it, but also those who may download, for example, tarballs that are
+created from it?
+
+Git is a [distributed revision control
+system](https://en.wikipedia.org/wiki/Distributed_revision_control). In
+short, this means that anyone can have a copy of your repository to work on
+offline, in private. They may commit to their own repository and users may
+push/pull from each other. A central repository is unnecessary for
+distributed revision control systems, but [may be used to provide an
+"official" hub that others can work on and clone
+from](http://lwn.net/Articles/246381/). Consequently, this also means that a
+repository floating around for project X may contain malicious code; just
+because someone else hands you a repository for your project doesn't mean
+that you should actually use it.
+
+The question is not "Who _can_ you trust?"; the question is "Who _do_ you
+trust?", or rather---who _are_ you trusting with your repository, right now,
+even if you do not realize it? For most projects, including the story above,
+there are a number of individuals or organizations that you may have
+inadvertently placed your trust in without fully considering the ramifications
+of such a decision:
+
+<a id="trust-host"></a>Git Host
+: Git hosting providers are probably the most easily overlooked
+ trustees---providers like Gitorious, GitHub, Bitbucket, SourceForge, Google
+ Code, etc. Each provides hosting for your repository and "secures" it by
+ allowing only you, or other authorized users, to push to it, often with the
+ use of SSH keys tied to an account. By using a host as the primary holder of
+ your repository---the repository from which most clone and push to---you are
+ entrusting them with the entirety of your project; you are stating, "Yes, I
+ trust that my source code is safe with you and will not be tampered with".
+ This is a dangerous assumption. Do you trust that your host properly secures
+ your account information? Furthermore, bugs exist in all but the most
+ trivial pieces of software, so what is to say that there is not a
+ vulnerability just waiting to be exploited in your host's system, completely
+ compromising your repository?
+
+ It was not too long ago (March 4th, 2012) that [a public key security
+ vulnerability at
+ GitHub](https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation)
+ was [exploited](https://gist.github.com/1978249) by a Russian man named
+ [Egor
+ Homakov](http://homakov.blogspot.com/2012/03/im-disappoint-github.html),
+ allowing him to successfully [commit to the master branch of the Ruby on
+ Rails
+ framework](https://github.com/rails/rails/commit/b83965785db1eec019edf1fc272b1aa393e6dc57)
+ repository hosted on GitHub. Oops.
+
+Friends and Coworkers/Colleagues
+: There may be certain groups or individuals that you trust enough to (a) pull
+ or accept patches from or (b) allow them to push to you or a
+ central/"official" repository. Operating under the assumption that each
+ individual is truly trustworthy (and let us hope that is the case), that
+ does not immediately imply that their _repository_ can be trusted. What are
+ their security policies? Do they leave their PC unlocked and unattended? Do
+ they make a habit of downloading virus-laden pornography on an unsecured,
+ non-free operating system? Or perhaps, through no fault of their own, they
+ are running a piece of software that is vulnerable to a 0-day exploit. Given
+ that, _how can you be sure that their commits are actually their own_?
+ Furthermore, how can you be sure that any commits they approve (or sign off
+ on using `git commit -s`) were actually approved by them?
+
+ That is, of course, assuming that they have no ill intent. For example, what
+ of the pissed off employee looking to get the arrogant, obnoxious co-worker
+ fired by committing under the coworker's name/email? What if you were the
+ manager or project lead? Whose word would you take? How would you even know
+ whom to suspect?
+
+Your Own Repository
+: Linus Torvalds (original author of Git and the kernel Linux) [keeps a
+ secured repository on his personal computer, inaccessible by any
+ external means](http://www.youtube.com/watch?v=4XpnKHJAok8) to ensure
+ that he has a repository he can fully trust. Most developers simply keep
+ a local copy on whatever PC they happen to be hacking on and pay no mind
+ to security---their repository is likely hosted elsewhere as well, after
+ all; Git is distributed. This is, however, a very serious matter.
+
+ You likely use your PC for more than just hacking. Most notably, you likely
+ use your PC to browse the Internet and download software. Software is buggy.
+ Buggy software has exploits and exploits tend to get, well, exploited. Not
+ every developer has a strong understanding of the best security practices
+ for their operating system (if you do, great!). And no---simply using
+ GNU/Linux or any other *NIX variant does not make you immune from every
+ potential threat.
+
+To dive into each of these a bit more deeply, let us consider one of the
+world's largest free software projects---the kernel Linux---and how its
+original creator Linus Torvalds handles issues of trust. During [a talk he
+presented at Google in 2007](http://www.youtube.com/watch?v=4XpnKHJAok8), he
+describes a network of trust he created between himself and a number of
+others (which he refers to as his "lieutenants"). Linus himself cannot
+possibly manage the mass amount of code that is sent to him, so he has
+others handle portions of the kernel. Those "lieutenants" handle most of the
+requests, then submit them to Linus, who handles merging into his own
+branch. In doing so, he has trusted that these lieutenants know what they
+are doing, are carefully looking over each patch and that the patches Linus
+receives from them are actually from them.
+
+I am not aware of how patches are communicated from the lieutenants to Linus.
+Certainly, one way to state with a fairly high level of certainty that the patch
+is coming from one of his "lieutenants" is to e-mail the patches, signed with
+their respective GPG/PGP keys. At that point, the web of trust is enforced by
+the signature. Linus is then sure that his private repository (which he does his
+best to secure, as aforementioned) contains only data that _he personally
+trusts_. His repository is safe, so far as he knows, and he can use it
+confidently.
+
+At this point, assuming Linus' web of trust is properly verified, how can he
+confidently convey these trusted changes to others? He certainly knows his own
+commits, but how should others know that this "Linus Torvalds" guy who has
+been committing and signing off of on commits is _actually_ Linus Torvalds? As
+demonstrated in the hypothetical scenario at the beginning of this article,
+anyone could claim to be Linus. If an attacker were to gain access to any clone
+of the repository and commit as Linus, nobody would know the difference.
+Fortunately, one can get around this by signing a tag with his/her private key
+using GPG (`git tag -s`). A tag points to a particular commit and that commit
+[depends on the entire history leading up to that commit](#commit-history).
+This means that signing the SHA1 hash of that commit, assuming no security
+vulnerabilities within SHA1, will forever state that the entire history of the
+given commit, as pointed to by the given tag, is trusted.
+
+Well, that is helpful, but that doesn't help to verify any commits made _after_
+the tag (until the next tag comes around that includes that commit as an
+ancestor of the new tag). Nor does it necessarily guarantee the integrity of all
+past commits---it only states that, _to the best of Linus' knowledge_, this
+tree is trusted. Notice how the hypothetical you in our hypothetical story also
+signed the tag with his/her private key. Unfortunately, he/she fell prey to
+something that is all too common---human error. He/she trusted that his/her
+"trusted" colleague could actually be fully trusted. Wouldn't it be nice if we
+could remove some of that human error from the equation?
+
+
+## Ensuring Trust {#trust-ensure}
+
+What if we had a way to ensure that a commit by someone named "Mike Gerwitz"
+with my e-mail address is _actually_ a commit from myself, much like we
+can assert that a tag signed with my private key was actually tagged by myself?
+Well, who are we trying to prove this to? If you are only proving your identity
+to a project author/maintainer, then you can identify yourself in any reasonable
+manner. For example, if you work within the same internal network, perhaps you
+can trust that pushes from the internal IP are secure. If sending via e-mail,
+you can sign the patch using your GPG key. Unfortunately, _these only extend
+this level of trust to the author/maintainer, not other users!_ If I were to
+clone your repository and look at the history, how do I know that a commit from
+"Foo Bar" is truly a commit from Foo Bar, especially if the repository
+frequently accepts patches and merge requests from many users?
+
+Previously, only tags could be signed using GPG. Fortunately, [Git v1.7.9
+introduced the ability to GPG-sign individual
+commits](http://git.kernel.org/?p=git/git.git;a=blob_plain;f=Documentation/RelNotes/1.7.9.txt;hb=HEAD)---a
+feature I have been long awaiting. Consider what may have happened to the
+story at the beginning of this article if you signed each of your commits
+like so:
+
+```sh
+$ git commit -S -m 'Fixed security vulnerability CVE-123'
+# ^ GPG-sign commit
+```
+
+Notice the `-S` flag above, instructing Git to sign the commit using your
+GPG key (please note the difference between `-s` and `-S`). If you followed this
+practice for each of your commits---with no exceptions---then you (or anyone
+else, for that matter) could say with relative certainty that the commit was
+indeed authored by yourself. In the case of our story, you could then defend
+yourself, stating that if the backdoor commit truly were yours, it would have
+been signed. (Of course, one could argue that you simply did not sign that
+commit in order to use that excuse. We'll get into addressing such an issue in a
+bit.)
+
+In order to set up your signing key, you first need to get your key id using
+`gpg --list-secret-keys`:
+
+```sh
+$ gpg --list-secret-keys | grep ^sec
+sec 4096R/8EE30EAB 2011-06-16 [expires: 2014-04-18]
+# ^^^^^^^^
+```
+
+You are interested in the hexadecimal value immediately following the forward
+slash in the above output (your output may vary drastically; do not worry if
+your key does not contain `4096R` as above). If you have multiple secret
+keys, select the one you wish to use for signing your commits. This value will
+be assigned to the Git configuration value `user.signingkey`:
+
+```sh
+# remove --global to use this key only on the current repository
+$ git config --global user.signingkey 8EE30EAB
+# ^ replace with your key id
+```
+
+Given the above, let's give commit signing a shot. To do so, we will create a
+test repository and work through that for the remainder of this article.
+
+```sh
+$ mkdir tmp && cd tmp
+$ git init .
+$ echo foo > foo
+$ git add foo
+$ git commit -S -m 'Test commit of foo'
+
+You need a passphrase to unlock the secret key for
+user: "Mike Gerwitz (Free Software Developer) <mike@mikegerwitz.com>"
+4096-bit RSA key, ID 8EE30EAB, created 2011-06-16
+
+[master (root-commit) cf43808] Test commit of foo
+ 1 file changed, 1 insertion(+)
+ create mode 100644 foo
+```
+
+The only thing that has been done differently between this commit and an
+unsigned commit is the addition of the `-S` flag, indicating that we want
+to GPG-sign the commit. If everything has been set up properly, you should be
+prompted for the password to your secret key (unless you have `gpg-agent`
+running), after which the commit will continue as you would expect, resulting in
+something similar to the above output (your GPG details and SHA-1 hash will
+differ).
+
+By default (at least in Git v1.7.9), `git log` will not list or validate
+signatures. In order to display the signature for our commit, we may use the
+`--show-signature` option, as shown below:
+
+```sh
+$ git log --show-signature
+commit cf43808e85399467885c444d2a37e609b7d9e99d
+gpg: Signature made Fri 20 Apr 2012 11:59:01 PM EDT using RSA key ID 8EE30EAB
+gpg: Good signature from "Mike Gerwitz (Free Software Developer) <mike@mikegerwitz.com>"
+Author: Mike Gerwitz <mike@mikegerwitz.com>
+Date: Fri Apr 20 23:59:01 2012 -0400
+
+ Test commit of foo
+```
+
+There is an important distinction to be made here---the commit author and the
+signature attached to the commit _may represent two different people_. In other
+words: the commit signature is similar in concept to the `-s` option, which adds
+a `Signed-off` line to the commit---it verifies that you have signed off on
+the commit, but does not necessarily imply that you authored it. To demonstrate
+this, consider that we have received a patch from "John Doe" that we wish to
+apply. The policy for our repository is that every commit must be signed by a
+trusted individual; all other commits will be rejected by the project
+maintainers. To demonstrate without going through the hassle of applying an
+actual patch, we will simply do the following:
+
+```sh
+$ echo patch from John Doe >> foo
+$ git commit -S --author="John Doe <john@doe.name>" -am 'Added feature X'
+
+You need a passphrase to unlock the secret key for
+user: "Mike Gerwitz (Free Software Developer) <mike@mikegerwitz.com>"
+4096-bit RSA key, ID 8EE30EAB, created 2011-06-16
+
+[master 16ddd46] Added feature X
+ Author: John Doe <john@doe.name>
+ 1 file changed, 1 insertion(+)
+$ git log --show-signature
+commit 16ddd46b0c191b0e130d0d7d34c7fc7af03f2d3e
+gpg: Signature made Sat 21 Apr 2012 12:14:38 AM EDT using RSA key ID 8EE30EAB
+gpg: Good signature from "Mike Gerwitz (Free Software Developer) <mike@mikegerwitz.com>"
+Author: John Doe <john@doe.name>
+Date: Sat Apr 21 00:14:38 2012 -0400
+
+ Added feature X
+# [...]
+```
+
+This then raises the question---what is to be done about those who decide to
+sign their commit with their own GPG key? There are a couple options here.
+First, consider the issue from a maintainer's perspective---do we necessary
+care about the identity of a 3rd party contributor, so long as the provided code
+is acceptable? That depends. From a legal standpoint, we may, but not every user
+has a GPG key. Given that, someone creating a key for the sole purpose of
+signing a few commits without some means of identity verification, only to
+discard the key later (or forget that it exists) does little to verify one's
+identity. (Indeed, the whole concept behind PGP is to create a web of trust by
+being able to verify that the person who signed using their key is actually who
+they say they are, so such a scenario defeats the purpose.) Therefore, adopting
+a strict signing policy for everyone who contributes a patch is likely to be
+unsuccessful. Linux and Git satisfy this legal requirement with a
+`"Signed-off-by"` line in the commit, signifying that the author agrees to the
+[Developer's Certificate of
+Origin](http://git.kernel.org/?p=git/git.git;a=blob;f=Documentation/SubmittingPatches;h=0dbf2c9843dd3eed014d788892c8719036287308;hb=HEAD);
+this essentially states that the author has the legal rights to the code
+contained within the commit. When accepting patches from 3rd parties who are
+outside of your web of trust to begin with, this is the next best thing.
+
+To adopt this policy for patches, require that authors do the following and
+request that they do not GPG-sign their commits:
+
+```sh
+$ git commit -asm 'Signed off'
+# ^ -s flag adds Signed-off-by line
+$ git log
+commit ca05f0c2e79c5cd712050df6a343a5b707e764a9
+Author: Mike Gerwitz <mike@mikegerwitz.com>
+Date: Sat Apr 21 15:46:05 2012 -0400
+
+ Signed off
+
+ Signed-off-by: Mike Gerwitz <mike@mikegerwitz.com>
+# [...]
+```
+
+Then, when you receive the patch, you can apply it with the `-S` (capital, not
+lowercase) to GPG-sign the commit; this will preserve the Signed-off-by line as
+well. In the case of a pull request, you can sign the commit by amending it
+(`git commit -S --amend`). Note, however, that the SHA-1 hash of the commit will
+change when you do so.
+
+What if you want to preserve the signature of whomever sent the pull request?
+You cannot amend the commit, as that would alter the commit and invalidate their
+signature, so dual-signing it is not an option (if Git were to even support that
+option). Instead, you may consider signing the merge commit, which will be
+discussed in the following section.
+
+
+## Managing Large Merges
+
+Up to this point, our discussion consisted of apply patches or merging single
+commits. What shall we do, then, if we receive a pull request for a certain
+feature or bugfix with, say, 300 commits (which I assure you is not unusual)? In
+such a case, we have a few options:
+
+1. <a id="merge-1"></a> **Request that the user squash all the commits into
+ a single commit**, thereby avoiding the problem entirely by applying the
+ previously discussed methods. I personally dislike this option for a few
+ reasons:
+
+ * We can no longer follow the history of that feature/bugfix in order to
+ learn how it was developed or see alternative solutions that were
+ attempted but later replaced.
+
+ * It renders `git bisect` useless. If we find a bug in the software that
+ was introduced by a single patch consisting of 300 squashed commits,
+ we are left to dig through the code and debug ourselves, rather than
+ having Git possibly figure out the problem for us.
+
+2. <a id="merge-2"></a> **Adopt a security policy that requires signing only
+ the merge commit** (forcing a merge commit to be created with `--no-ff`
+ if needed).
+
+ * This is certainly the quickest solution, allowing a reviewer to sign
+ the merge after having reviewed the diff in its entirety.
+
+ * However, it leaves individual commits open to exploitation. For
+ example, one commit may introduce a payload that a future commit
+ removes, thereby hiding it from the overall diff, but introducing
+ terrible effect should the commit be checked out individually (e.g. by
+ `git bisect`). Squashing all commits ([option #1](#merge-1)), signing
+ each commit individually ([option #3](#merge-3)), or simply reviewing
+ each commit individually before performing the merge (without signing
+ each individual commit) would prevent this problem.
+
+ * This also does not fully prevent the situation mentioned in the
+ hypothetical story at the beginning of this article---others can still
+ commit with you as the author, but the commit would not have been
+ signed.
+
+ * Preserves the SHA-1 hashes of each individual commit.
+
+3. <a id="merge-3"></a> **Sign each commit to be introduced by the merge.**
+
+ * The tedium of this chore can be greatly reduced by using
+ http://www.gnupg.org/documentation/manuals/gnupg/Invoking-GPG_002dAGENT.html[
+ `gpg-agent`].
+
+ * Be sure to carefully review _each commit_ rather than the entire diff to
+ ensure that no malicious commits sneak into the history (see bullets
+ for [option #2](#merge-2)). If you instead decide to script the sign
+ of each commit without reviewing each individual diff, you may as well
+ go with [option #2](#merge-2).
+
+ * Also useful if one needs to cherry-pick individual commits, since that would
+ result in all commits having been signed.
+
+ * One may argue that this option is unnecessarily redundant, considering that
+ one can simply review the individual commits without signing them, then
+ simply sign the merge commit to signify that all commits have been
+ reviewed ([option #2](#merge-2)). The important point to note here is
+ that this option offers _proof_ that each commit was reviewed (unless
+ it is automated).
+
+ * This will create a new for each (the SHA-1 hash is not preserved).
+
+Which of the three options you choose depends on what factors are important and
+feasible for your particular project. Specifically:
+
+* If history is not important to you, then you can avoid a lot of trouble by
+ simply requiring the the commits be squashed ([option #1](#merge-1)).
+
+* If history _is_ important to you, but you do not have the time to review
+ individual commits:
+
+ * Use [option #2](#merge-2) if you understand its risks.
+
+ * Otherwise, use [option #3](#merge-3), but _do not_ automate the signing
+ process to avoid having to look at individual commits. If you wish to keep
+ the history, do so responsibly.
+
+Option #1 in the list above can easily be applied to the discussion in the
+previous section.
+
+
+### (Option #2)
+
+[Option #2](#merge-2) is as simple as passing the `-S` argument to `git
+merge`. If the merge is a fast-forward (that is, all commits can simply be
+applied atop of `HEAD` without any need for merging), then you would need to use
+the `--no-ff` option to force a merge commit.
+
+```sh
+# set up another branch to merge
+$ git checkout -b bar
+$ echo bar > bar
+$ git add bar
+$ git commit -m 'Added bar'
+$ echo bar2 >> bar
+$ git commit -am 'Modified bar'
+$ git checkout master
+
+# perform the actual merge (will be a fast-forward, so --no-ff is needed)
+$ git merge -S --no-ff bar
+# ^ GPG-sign merge commit
+
+You need a passphrase to unlock the secret key for
+user: "Mike Gerwitz (Free Software Developer) <mike@mikegerwitz.com>"
+4096-bit RSA key, ID 8EE30EAB, created 2011-06-16
+
+Merge made by the 'recursive' strategy.
+ bar | 2 ++
+ 1 file changed, 2 insertions(+)
+ create mode 100644 bar
+```
+
+Inspecting the log, we will see the following:
+
+```sh
+$ git log --show-signature
+commit ebadba134bde7ae3d39b173bf8947a69be089cf6
+gpg: Signature made Sun 22 Apr 2012 11:36:17 AM EDT using RSA key ID 8EE30EAB
+gpg: Good signature from "Mike Gerwitz (Free Software Developer) <mike@mikegerwitz.com>"
+Merge: 652f9ae 031f6ee
+Author: Mike Gerwitz <mike@mikegerwitz.com>
+Date: Sun Apr 22 11:36:15 2012 -0400
+
+ Merge branch 'bar'
+
+commit 031f6ee20c1fe601d2e808bfb265787d56732974
+Author: Mike Gerwitz <mike@mikegerwitz.com>
+Date: Sat Apr 21 17:35:27 2012 -0400
+
+ Modified bar
+
+commit ce77088d85dee3d687f1b87d21c7dce29ec2cff1
+Author: Mike Gerwitz <mike@mikegerwitz.com>
+Date: Sat Apr 21 17:35:20 2012 -0400
+
+ Added bar
+# [...]
+```
+
+Notice how the merge commit contains the signature, but the two commits involved
+in the merge (`031f6ee` and `ce77088`) do not. Herein lies the problem---what
+if commit `031f6ee` contained the backdoor mentioned in the story at the
+beginning of the article? This commit is supposedly authored by you, but because
+it lacks a signature, it could actually be authored by anyone. Furthermore, if
+`ce77088` contained malicious code that was removed in `031f6ee`, then it would
+not show up in the diff between the two branches. That, however, is an issue
+that needs to be addressed by your security policy. Should you be reviewing
+individual commits? If so, a review would catch any potential problems with the
+commits and wouldn't require signing each commit individually. The merge itself
+could be representative of "Yes, I have reviewed each commit individually and I
+see no problems with these changes."
+
+If the commitment to reviewing each individual commit is too large, consider
+[Option #1](#merge-1).
+
+### (Option #3)
+
+[Option #3](#merge-3) in the above list makes the review of each commit
+explicit and obvious; with [option #2](#merge-2), one could simply lazily
+glance through the commits or not glance through them at all. That said, one
+could do the same with [option #3](#merge-3) by automating the signing of each
+commit, so it could be argued that this option is completely unnecessary. Use
+your best judgment.
+
+The only way to make this option remotely feasible, especially for a large
+number of commits, is to perform the audit in such a way that we do not have
+to re-enter our secret key passphrases for each and every commit. For this,
+we can use
+[`gpg-agent`](http://www.gnupg.org/documentation/manuals/gnupg/Invoking-GPG_002dAGENT.html),
+which will safely store the passphrase in memory for the next time that it
+is requested. Using `gpg-agent`, [we will only be prompted for the password
+a single
+time](http://stackoverflow.com/questions/9713781/how-to-use-gpg-agent-to-bulk-sign-git-tags/10263139). Depending
+on how you start `gpg-agent`, _be sure to kill it after you are done!_
+
+The process of signing each commit can be done in a variety of ways. Ultimately,
+since signing the commit will result in an entirely new commit, the method you
+choose is of little importance. For example, if you so desired, you could
+cherry-pick individual commits and then `-S --amend` them, but that would
+not be recognized as a merge and would be terribly confusing when looking
+through the history for a given branch (unless the merge would have been a
+fast-forward). Therefore, we will settle on a method that will still produce a
+merge commit (again, unless it is a fast-forward). One such way to do this is to
+interactively rebase each commit, allowing you to easily view the diff, sign it,
+and continue onto the next commit.
+
+```sh
+# create a new audit branch off of bar
+$ git checkout -b bar-audit bar
+$ git rebase -i master
+# | ^ the branch that we will be merging into
+# ^ interactive rebase (alternatively: long option --interactive)
+```
+
+First, we create a new branch off of `bar`---`bar-audit`---to perform the
+rebase on (see `bar` branch created in demonstration of [option
+#2](#merge-2)). Then, in order to step through each commit that would be
+merged into `master`, we perform a rebase using `master` as the upstream
+branch. This will present every commit that is in `bar-audit` (and
+consequently `bar`) that is not in `master`, opening them in your preferred
+editor:
+
+```
+e ce77088 Added bar
+e 031f6ee Modified bar
+
+# Rebase 652f9ae..031f6ee onto 652f9ae
+#
+# Commands:
+# p, pick = use commit
+# r, reword = use commit, but edit the commit message
+# e, edit = use commit, but stop for amending
+# s, squash = use commit, but meld into previous commit
+# f, fixup = like "squash", but discard this commit's log message
+# x, exec = run command (the rest of the line) using shell
+#
+# If you remove a line here THAT COMMIT WILL BE LOST.
+# However, if you remove everything, the rebase will be aborted.
+#
+```
+
+To modify the commits, replace each `pick` with `e` (or `edit`), as shown above.
+(In vim you can also do the following `ex` command: `:%s/^pick/e/`;
+adjust regex flavor for other editors). Save and close. You will then be
+presented with the first (oldest) commit:
+
+```sh
+Stopped at ce77088... Added bar
+You can amend the commit now, with
+
+ git commit --amend
+
+Once you are satisfied with your changes, run
+
+ git rebase --continue
+
+# first, review the diff (alternatively, use tig/gitk)
+$ git diff HEAD^
+# if everything looks good, sign it
+$ git commit -S --amend
+# GPG-sign ^ ^ amend commit, preserving author, etc
+
+You need a passphrase to unlock the secret key for
+user: "Mike Gerwitz (Free Software Developer) <mike@mikegerwitz.com>"
+4096-bit RSA key, ID 8EE30EAB, created 2011-06-16
+
+[detached HEAD 5cd2d91] Added bar
+ 1 file changed, 1 insertion(+)
+ create mode 100644 bar
+
+# continue with next commit
+$ git rebase --continue
+
+# repeat.
+$ ...
+Successfully rebased and updated refs/heads/bar-audit.
+```
+
+Looking through the log, we can see that the commits have been rewritten to
+include the signatures (consequently, the SHA-1 hashes do not match):
+
+```sh
+$ git log --show-signature HEAD~2..
+commit afb1e7373ae5e7dae3caab2c64cbb18db3d96fba
+gpg: Signature made Sun 22 Apr 2012 01:37:26 PM EDT using RSA key ID 8EE30EAB
+gpg: Good signature from "Mike Gerwitz (Free Software Developer) <mike@mikegerwitz.com>"
+Author: Mike Gerwitz <mike@mikegerwitz.com>
+Date: Sat Apr 21 17:35:27 2012 -0400
+
+ Modified bar
+
+commit f227c90b116cc1d6770988a6ca359a8c92a83ce2
+gpg: Signature made Sun 22 Apr 2012 01:36:44 PM EDT using RSA key ID 8EE30EAB
+gpg: Good signature from "Mike Gerwitz (Free Software Developer) <mike@mikegerwitz.com>"
+Author: Mike Gerwitz <mike@mikegerwitz.com>
+Date: Sat Apr 21 17:35:20 2012 -0400
+
+ Added bar
+```
+
+We can then continue to merge into `master` as we normally would. The next
+consideration is whether or not to sign the merge commit as we would with
+[option #2](#merge-2). In the case of our example, the merge is a
+fast-forward, so the merge commit is unnecessary (since the commits being merged
+are already signed, we have no need to create a merge commit using `--no-ff`
+purely for the purpose of signing it). However, consider that you may perform
+the audit yourself and leave the actual merge process to someone else; perhaps
+the project has a system in place where project maintainers must review the code
+and sign off on it, and then other developers are responsible for merging and
+managing conflicts. In that case, you may want a clear record of who merged the
+changes in.
+
+
+## Enforcing Trust
+
+Now that you have determined a security policy appropriate for your particular
+project/repository (well, hypothetically at least), some way is needed to
+enforce your signing policies. While manual enforcement is possible, it is
+subject to human error, peer scrutiny ("just let it through!") and is
+unnecessarily time-consuming. Fortunately, this is one of those things that you
+can script, sit back and enjoy.
+
+Let us first focus on the simpler of automation tasks---checking to ensure
+that _every_ commit is both signed and trusted (within our web of trust). Such
+an implementation would also satisfy [option #3](#merge-3) in regards to
+merging. Well, perhaps not every commit will be considered. Chances are, you
+have an existing repository with a decent number of commits. If you were to go
+back and sign all those commits, you would completely alter the history of the
+entire repository, potentially creating headaches for other users. Instead, you
+may consider beginning your checks _after_ a certain commit.
+
+### Commit History In a Nutshell {#commit-history}
+
+The SHA-1 hashes of each commit in Git are created using the delta _and_ header
+information for each commit. This header information includes the commit's
+_parent_, whose header contains its parent---so on and so forth. In addition,
+Git depends on the entire history of the repository leading up to a given commit
+to construct the requested revision. Consequently, this means that the history
+cannot be altered without someone noticing (well, this is not entirely true;
+we'll discuss that in a moment). For example, consider the following branch:
+
+```
+Pre-attack:
+
+---o---o---A---B---o---o---H
+ a1b2c3d^
+```
+
+Above, `H` represents the current `HEAD` and commit identified by `A` is the
+parent of commit `B`. For the sake of discussion, let's say that commit `A` is
+identified by the SHA-1 fragment `a1b2c3d`. Let us say that an attacker decides
+to replace commit `A` with another commit. In doing so, the SHA-1 hash of the
+commit must change to match the new delta and contents of the header. This new
+commit is identified as `X`:
+
+```
+Post-attack:
+
+---o---o---X---B---o---o---H
+ d4e5f6a^ ^!expects parent a1b2c3d
+```
+
+We now have a problem; when Git encounters commit `B` (remember, Git must build
+`H` using the entire history leading up to it), it will check its SHA-1 hash and
+notice that it no longer matches the hash of its parent. The attacker is unable
+to change the expected hash in commit `B`, because the header is used to
+generate the SHA-1 hash for the commit, meaning `B` would then have a different
+SHA-1 hash (technically speaking, it would not longer be `B`---it would be an
+entirely different commit; we retain the identifier here only for demonstration
+purposes). That would then invalidate any children of `B`, so on and so forth.
+Therefore, in order to rewrite the history for a single commit, _the entire
+history after that commit must also be rewritten_ (as is done by `git rebase`).
+Should that be done, the SHA-1 hash of `H` would also need to change. Otherwise,
+`H`'s history would be invalid and Git would immediately throw an error upon
+attempting a checkout.
+
+This has a very important consequence---given any commit, we can rest
+assured that, if it exists in the repository, Git will _always_ reconstruct
+that commit exactly as it was created (including all the history leading up
+to that commit _when_ it was created), or it will not do so at all. Indeed,
+as Linus mentions in a presentation at Google, [he need only remember the
+SHA-1 hash of a single commit](http://www.youtube.com/watch?v=4XpnKHJAok8)
+to rest assured that, given any other repository, in the event of a loss of
+his own, that commit will represent exactly the same commit that it did in
+his own repository. What does that mean for us? Importantly, it means that
+*we do not have to rewrite history to sign each commit*, because the history
+of our _next_ signed commit is guaranteed. The only downside is, of course,
+that the history itself could have already been exploited in a manner
+similar to our initial story, but an automated mass-signing of all past
+commits for a given author wouldn't catch such a thing anyway.
+
+That said, it is important to understand that the integrity of your
+repository guaranteed only if a [hash
+collision](https://en.wikipedia.org/wiki/Hash_collision) cannot be
+created---that is, if an attacker were able to create the same SHA-1 hash
+with _different_ data, then the child commit(s) would still be valid and the
+repository would have been successfully compromised. [Vulnerabilities have
+been known in
+SHA-1](http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html)
+since 2005 that allow hashes to be computed [faster than brute
+force](http://www.schneier.com/blog/archives/2005/02/sha1_broken.html),
+although they are not cheap to exploit. Given that, while your repository
+may be safe for now, there will come some point in the future where SHA-1
+will be considered as crippled as MD5 is today. At that point in time,
+however, maybe Git will offer a secure migration solution to [an algorithm
+like SHA-256](http://kerneltrap.org/mailarchive/git/2006/8/27/211001) or
+better. Indeed, [SHA-1 hashes were never intended to make Git
+cryptographically
+secure](http://kerneltrap.org/mailarchive/git/2006/8/27/211020).
+
+Given that, the average person is likely to be fine with leaving his/her history
+the way it is. We will operate under that assumption for our implementation,
+offering the ability to ignore all commits prior to a certain commit. If one
+wishes to validate all commits, the reference commit can simply be omitted.
+
+### Automating Signature Checks {#automate}
+
+The idea behind verifying that certain commits are trusted is fairly simple:
+
+> Given reference commit $r$ (optionally empty), let
+> $C$ be the set of all commits such that $C$ = `r..HEAD`
+> ([range spec](http://book.git-scm.com/4_git_treeishes.html)) and let
+> $K$ be the set of all public keys in a given GPG keyring. We must assert
+> that, for each commit $c$ in $C$, there must exist a key $k$ in
+> keyring $K$ such that $k$ is
+> [trusted](https://en.wikipedia.org/wiki/Web_of_trust) and can be used to
+> verify the signature of $c$. This assertion is denoted by the function
+> $g$ (GPG) in the following expression: $∀c∈C g(c)$.
+
+Fortunately, as we have already seen in previous sections with the
+`--show-signature` option to `git log`, Git handles the signature verification
+for us; this reduces our implementation to a simple shell script. However, the
+output we've been dealing with is not the most convenient to parse. It would be
+nice if we could get commit and signature information on a single line per
+commit. This can be accomplished with `--pretty`, but we have an additional
+problem---at the time of writing (in Git v1.7.10), the GPG `--pretty` options
+are undocumented.
+
+A quick look at [`format_commit_one()` in
+`pretty.c`](https://github.com/gitster/git/blob/f9d995d5dd39c942c06829e45f195eeaa99936e1/pretty.c#L1038)
+yields a `'G'` placeholder that has three different formats:
+
+- *`%GG`*---GPG output (what we see in `git log --show-signature`)
+- *`%G?`*---Outputs "G" for a good
+ signature and "B" for a bad signature; otherwise, an empty string ([see
+ mapping in `signature_check`
+ struct](https://github.com/gitster/git/blob/f9d995d5dd39c942c06829e45f195eeaa99936e1/pretty.c#L808))
+- *`%GS`*---The name of the signer
+
+We are interested in using the most concise and minimal representation ---
+`%G?`. Because this placeholder simply matches text on the GPG output, and the
+string `"gpg: Can't check signature: public key not found"` is not mapped in
+`signature_check`, unknown signatures will output an empty string, not "B".
+This is not explicit behavior, so I'm unsure if this will change in future
+releases. Fortunately, we are only interested in "G", so this detail will not
+matter for our implementation.
+
+With this in mind, we can come up with some useful one-line output per commit.
+The below is based on the output resulting from the demonstration of
+[merge option #3](#merge-3) above:
+
+```sh
+$ git log --pretty="format:%H %aN %s %G?"
+afb1e7373ae5e7dae3caab2c64cbb18db3d96fba Mike Gerwitz Modified bar G
+f227c90b116cc1d6770988a6ca359a8c92a83ce2 Mike Gerwitz Added bar G
+652f9aed906a646650c1e24914c94043ae99a407 John Doe Signed off G
+16ddd46b0c191b0e130d0d7d34c7fc7af03f2d3e John Doe Added feature X G
+cf43808e85399467885c444d2a37e609b7d9e99d Mike Gerwitz Test commit of foo G
+```
+
+Notice the "G" suffix for each of these lines, indicating that the signature
+is valid (which makes sense, since the signature is our own). Adding an
+additional commit, we can see what happens when a commit is unsigned:
+
+```sh
+$ echo foo >> foo
+$ git commit -am 'Yet another foo'
+$ git log --pretty="format:%H %aN %s %G?" HEAD^..
+f72924356896ab95a542c495b796555d016cbddd Mike Gerwitz Yet another foo
+```
+
+Note that, as aforementioned, the string replacement of `%G?` is empty when the
+commit is unsigned. However, what about commits that are signed but untrusted
+(not within our web of trust)?
+
+```
+$ gpg --edit-key 8EE30EAB
+[...]
+gpg> trust
+[...]
+Please decide how far you trust this user to correctly verify other users' keys
+(by looking at passports, checking fingerprints from different sources, etc.)
+
+ 1 = I don't know or won't say
+ 2 = I do NOT trust
+ 3 = I trust marginally
+ 4 = I trust fully
+ 5 = I trust ultimately
+ m = back to the main menu
+
+Your decision? 2
+[...]
+
+gpg> save
+Key not changed so no update needed.
+$ git log --pretty="format:%H %aN %s %G?" HEAD~2..
+f72924356896ab95a542c495b796555d016cbddd Mike Gerwitz Yet another foo
+afb1e7373ae5e7dae3caab2c64cbb18db3d96fba Mike Gerwitz Modified bar G
+```
+
+Uh oh. It seems that Git does not seem to check whether or not a signature is
+trusted. Let's take a look at the full GPG output:
+
+<a id="gpg-sig-untrusted"></a>
+```sh
+$ git log --show-signature HEAD~2..HEAD^
+commit afb1e7373ae5e7dae3caab2c64cbb18db3d96fba
+gpg: Signature made Sun 22 Apr 2012 01:37:26 PM EDT using RSA key ID 8EE30EAB
+gpg: Good signature from "Mike Gerwitz (Free Software Developer) <mike@mikegerwitz.com>"
+gpg: WARNING: This key is not certified with a trusted signature!
+gpg: There is no indication that the signature belongs to the owner.
+Primary key fingerprint: 2217 5B02 E626 BC98 D7C0 C2E5 F22B B815 8EE3 0EAB
+Author: Mike Gerwitz <mike@mikegerwitz.com>
+Date: Sat Apr 21 17:35:27 2012 -0400
+
+ Modified bar
+```
+
+As you can see, GPG provides a clear warning. Unfortunately,
+[`parse_signature_lines()` in
+`pretty.c`](https://github.com/gitster/git/blob/f9d995d5dd39c942c06829e45f195eeaa99936e1/pretty.c#L808),
+which references a simple mapping in `struct signature_check`, will
+blissfully ignore the warning and match only `"Good signature from"`,
+yielding "G". A patch to provide a separate token for untrusted keys is
+simple, but for the time being, we will explore two separate
+implementations---one that will parse the simple one-line output that is
+ignorant of trust and a mention of a less elegant implementation that parses
+the GPG output. ^[Should the patch be accepted, this article will be
+updated to use the new token.]
+
+
+#### Signature Check Script, Disregarding Trust {#script-notrust}
+
+As mentioned above, due to limitations of the current `%G?` implementation, we
+cannot determine from the single-line output whether or not the given signature
+is actually trusted. This isn't necessarily a problem. Consider what will
+likely be a common use case for this script---to be run by a continuous
+integration (CI) system. In order to let the CI system know what signatures
+should be trusted, you will likely provide it with a set of keys for known
+committers, which eliminates the need for a web of trust (the act of placing the
+public key on the server indicates that you trust the key). Therefore, if the
+signature is recognized and is good, the commit can be trusted.
+
+One additional consideration is the need to ignore all ancestors of a given
+commit, which is necessary on older repositories where older commits will not be
+signed (see [Commit History In a Nutshell](#commit-history) for information on
+why it is unnecessary, and probably a bad idea, to sign old commits). As such,
+our script will accept a ref and will only consider its children in the check.
+
+This script *assumes that each commit will be signed* and will output the SHA-1
+hash of each unsigned/bad commit, in addition to some additional, useful
+information, delimited by tabs.
+
+```sh
+#!/bin/sh
+#
+# Licensed under the CC0 1.0 Universal license (public domain).
+#
+# Validate signatures on each and every commit within the given range
+##
+
+# if a ref is provided, append range spec to include all children
+chkafter="${1+$1..}"
+
+# note: bash users may instead use $'\t'; the echo statement below is a more
+# portable option
+t=$( echo '\t' )
+
+# Check every commit after chkafter (or all commits if chkafter was not
+# provided) for a trusted signature, listing invalid commits. %G? will output
+# "G" if the signature is trusted.
+git log --pretty="format:%H$t%aN$t%s$t%G?" "${chkafter:-HEAD}" \
+ | grep -v "${t}G$"
+
+# grep will exit with a non-zero status if no matches are found, which we
+# consider a success, so invert it
+[ $? -gt 0 ]
+```
+
+That's it; Git does most of the work for us! If a ref is provided, it will be
+converted into a [range spec](http://book.git-scm.com/4_git_treeishes.html) by
+appending `".."` (e.g. `a1b2c` becomes `a1b2c..`), which will cause `git log`
+to return all of its children (_not_ including the ref itself). If no ref is
+provided, we end up using `HEAD` without a range spec, which will simply list
+every commit (using an empty string will cause Git to throw an error, and we
+must quote the string in case the user decides to do something like `"master@{5
+days ago}"`). Using the `--pretty` option to `git log`, we output the GPG
+signature result with `%G?`, in addition to some useful information we will want
+to see about any commits that do not pass the test. We can then filter out all
+commits that have been signed with a known key by removing all lines that end in
+"G"---the output from `%G?` indicating a good signature.
+
+Let's see it in action (assuming the script has been saved as `signchk`):
+
+```sh
+$ chmod +x signchk
+$ ./signchk
+f72924356896ab95a542c495b796555d016cbddd Mike Gerwitz Yet another foo
+$ echo $?
+1
+```
+
+With no arguments, the script checks every commit in our repository, finding a
+single commit that has not been signed. At this point, we can either check the
+output itself or check the exit status of the script, which indicates a failure.
+If this script were run by a CI system, the best option would be to abort the
+build and immediately notify the maintainers of a potential security breach (or,
+more likely, someone simply forgot to sign their commit).
+
+If we check commits after that failure, assuming that each of the children have
+been signed, we will see the following:
+
+```sh
+$ ./signchk f7292
+$ echo $?
+0
+```
+
+Be careful when running this script directly from the repository, especially
+with CI systems---you must either place a copy of the script outside of the
+repository or run the script from a trusted point in history. For example, if
+your CI system were to simply pull from the repository and then run the script,
+an attacker need only modify the script to circumvent this check entirely.
+
+
+#### Signature Check Script With Web Of Trust {#script-trust}
+
+The web of trust would come in handy for large groups of contributors; in such a
+case, your CI system could attempt to download the public key from a
+preconfigured keyserver when the key is encountered (updating the key if
+necessary to get trust signatures). Based on the web of trust established from
+the public keys directly trusted by the CI system, you could then automatically
+determine whether or not a commit can be trusted even if the key was not
+explicitly placed on the server.
+
+To accomplish this task, we will split the script up into two distinct
+portions---retrieving/updating all keys within the given range, followed by the
+actual signature verification. Let's start with the key gathering portion,
+which is actually a trivial task:
+
+```sh
+$ git log --show-signature \
+ | grep 'key ID' \
+ | grep -o '[A-Z0-9]\+$' \
+ | sort \
+ | uniq \
+ | xargs gpg --keyserver key.server.org --recv-keys $keys
+```
+
+The above string of commands simply uses `grep` to pull the key ids out of `git
+log` output (using `--show-signature` to produce GPG output), and then requests
+only the unique keys from the given keyserver. In the case of the repository
+we've been using throughout this article, there is only a single signature---my
+own. In a larger repository, all unique keys will be listed. Note that the
+above example does not specify any range of commits; you are free to integrate
+it into the `signchk` script to use the same range, but it isn't strictly
+necessary (it may provide a slight performance benefit, depending on the number
+of commits that would have been ignored).
+
+Armed with our updated keys, we can now verify the commits based on our web
+of trust. Whether or not a specific key will be trusted is [dependent on
+your personal
+settings](http://www.gnupg.org/gph/en/manual.html#AEN533). The idea here is
+that you can trust a set of users (e.g. Linus' "lieutenants") that in turn
+will trust other users which, depending on your configuration, may
+automatically be within your web of trust even if you do not personally
+trust them. This same concept can be applied to your CI server by placing
+its keyring in place of you own (or perhaps you will omit the CI server and
+run the script yourself).
+
+Unfortunately, with Git's current `%G?` implementation, [we are unable to
+check basic one-line output](#automate). Instead, we must parse the output
+of `--show-signature` ([as shown above](#gpg-sig-untrusted)) for each
+relevant commit. Combining our output with [the original script that
+disregards trust](#script-notrust), we can arrive at the following, which is
+the output that we must parse:
+
+```sh
+$ git log --pretty="format:%H$t%aN$t%s$t%G?" --show-signature
+f72924356896ab95a542c495b796555d016cbddd Mike Gerwitz Yet another foo
+gpg: Signature made Sun 22 Apr 2012 01:37:26 PM EDT using RSA key ID 8EE30EAB
+gpg: Good signature from "Mike Gerwitz (Free Software Developer) <mike@mikegerwitz.com>"
+gpg: WARNING: This key is not certified with a trusted signature!
+gpg: There is no indication that the signature belongs to the owner.
+Primary key fingerprint: 2217 5B02 E626 BC98 D7C0 C2E5 F22B B815 8EE3 0EAB
+afb1e7373ae5e7dae3caab2c64cbb18db3d96fba Mike Gerwitz Modified bar G
+[...]
+```
+
+In the above snippet, it should be noted that the first commit (`f7292`) is
+_not_ signed, whereas the second (`afb1e`) is. Therefore, the GPG output
+_preceeds_ the commit line itself. Let's consider our objective:
+
+. List all unsigned commits, or commits with unknown or invalid signatures.
+. List all signed commits that are signed with known signatures, but are
+ otherwise untrusted.
+
+Our [previous script](#script-notrust) performs #1 just fine, so we need only
+augment it to support #2. In essence---we wish to convert lines ending in
+"G" to something else if the GPG output _preceeding_ that line indicates that
+the signature is untrusted.
+
+There are many ways to go about doing this, but we will settle for a fairly
+clear set of commands that can be used to augment the previous script. To
+prevent the lines ending with "G" from being filtered from the output (should
+they be untrusted), we will suffix untrusted lines with "U". Consider the
+output of the following:
+
+```sh
+$ git log --pretty="format:^%H$t%aN$t%s$t%G?" --show-signature \
+> | grep '^\^\|gpg: .*not certified' \
+> | awk '
+> /^gpg:/ {
+> getline;
+> printf "%s U\n", $0;
+> next;
+> }
+> { print; }
+> ' \
+> | sed 's/^\^//'
+f72924356896ab95a542c495b796555d016cbddd Mike Gerwitz Yet another foo
+afb1e7373ae5e7dae3caab2c64cbb18db3d96fba Mike Gerwitz Modified bar G U
+f227c90b116cc1d6770988a6ca359a8c92a83ce2 Mike Gerwitz Added bar G U
+652f9aed906a646650c1e24914c94043ae99a407 John Doe Signed off G U
+16ddd46b0c191b0e130d0d7d34c7fc7af03f2d3e John Doe Added feature X G U
+cf43808e85399467885c444d2a37e609b7d9e99d Mike Gerwitz Test commit of foo G U
+```
+
+Here, we find that if we filter out those lines ending in "G" as we did
+before, we would be left with the untrusted commits in addition to the commits
+that are bad ("B") or unsigned (blank), as indicated by `%G?`. To accomplish
+this, we first add the GPG output to the log with the `--show-signature` option
+and, to make filtering easier, prefix all commit lines with a caret (^) which
+we will later strip. We then filter all lines but those beginning with a caret,
+or lines that contain the string "not certified", which is part of the GPG
+output. This results in lines of commits with a single `"gpg:"` line before
+them if they are untrusted. We can then pipe this to awk, which will remove all
+`"gpg:"`-prefixed lines and append `"U"` to the next line (the commit line).
+Finally, we strip off the leading caret that was added during the beginning of
+this process to produce the final output.
+
+Please keep in mind that there is a huge difference between the conventional use
+of trust with PGP/GPG ("I assert that I know this person is who they claim they
+are") vs trusting someone to commit to your repository. As such, it may be in
+your best interest to maintain an entirely separate web of trust for your CI
+server or whatever user is being used to perform the signature checks.
+
+
+### Automating Merge Signature Checks {#script-merge}
+
+The aforementioned scripts are excellent if you wish to check the validity of
+each individual commit, but not everyone will wish to put forth that amount of
+effort. Instead, maintainers may opt for a workflow that requires the signing
+of only the merge commit ([option #2 above](#merge-2)), rather than each
+commit that is introduced by the merge. Let us consider the appropach we would
+have to take for such an implementation:
+
+> Given reference commit $r$ (optionally empty), let
+> $C'$ be the set of all _first-parent_ commits such that $C'$ = `r..HEAD`
+> ([range spec](http://book.git-scm.com/4_git_treeishes.html)) and let
+> $K$ be the set of all public keys in a given GPG keyring. We must assert
+> that, for each commit $c$ in $C$, there must exist a key $k$ in
+> keyring $K$ such that $k$ is
+> [trusted](https://en.wikipedia.org/wiki/Web_of_trust) and can be used to
+> verify the signature of\ $c$. This assertion is denoted by the function
+> $g$ (GPG) in the following expression: $∀c∈C′ g(c)$.
+
+The only difference between this script and the script that checks for a
+signature on each individual commit is that *this script will only check for
+commits on a particular branch* (e.g. `master`). This is important---if we
+commit directly onto master, we want to ensure that the commit is signed (since
+there will be no merge). If we merge _into_ master, a merge commit will be
+created, which we may sign and ignore all commits introduced by the merge. If
+the merge is a fast-forward, a merge commit can be forcefully created with the
+`--no-ff` option to avoid the need to amend each commit with a signature.
+
+To demonstrate a script that can valdiate commits for this type of workflow,
+let's first create some changes that would result in a merge:
+
+```sh
+$ git checkout -b diverge
+$ echo foo > diverged
+$ git add diverged
+$ git commit -m 'Added content to diverged'
+[diverge cfe7389] Added content to diverged
+ 1 file changed, 1 insertion(+)
+ create mode 100644 diverged
+$ echo foo2 >> diverged
+$ git commit -am 'Added additional content to diverged'
+[diverge 996cf32] Added additional content to diverged
+ 1 file changed, 1 insertion(+)
+$ git checkout master
+Switched to branch 'master'
+$ echo foo >> foo
+$ git commit -S -am 'Added data to master'
+
+You need a passphrase to unlock the secret key for
+user: "Mike Gerwitz (Free Software Developer) <mike@mikegerwitz.com>"
+4096-bit RSA key, ID 8EE30EAB, created 2011-06-16
+
+[master 3cbc6d2] Added data to master
+ 1 file changed, 1 insertion(+)
+$ git merge -S diverge
+
+You need a passphrase to unlock the secret key for
+user: "Mike Gerwitz (Free Software Developer) <mike@mikegerwitz.com>"
+4096-bit RSA key, ID 8EE30EAB, created 2011-06-16
+
+Merge made by the 'recursive' strategy.
+ diverged | 2 ++
+ 1 file changed, 2 insertions(+)
+ create mode 100644 diverged
+```
+
+Above, committed in both `master` and a new `diverge` branch in order to ensure
+that the merge would not be a fast-forward (alternatively, we could have used
+the `--no-ff` option of `git merge`). This results in the following (your hashes
+will vary):
+
+```
+$ git log --oneline --graph
+* 9307dc5 Merge branch 'diverge'
+|\
+| * 996cf32 Added additional content to diverged
+| * cfe7389 Added content to diverged
+* | 3cbc6d2 Added data to master
+|/
+* f729243 Yet another foo
+* afb1e73 Modified bar
+* f227c90 Added bar
+* 652f9ae Signed off
+* 16ddd46 Added feature X
+* cf43808 Test commit of foo
+```
+
+From the above graph, we can see that we are interested in signatures on only
+two of the commits: `3cbc6d2`, which was created directly on `master`, and
+`9307dc5`---the merge commit. The other two commits (`996cf32` and `cfe7389`)
+need not be signed because the signing of the merge commit asserts their
+validity (assuming that the author of the merge was vigilant). But how do we
+ignore those commits?
+
+```
+$ git log --oneline --graph --first-parent
+* 9307dc5 Merge branch 'diverge'
+* 3cbc6d2 Added data to master
+* f729243 Yet another foo
+* afb1e73 Modified bar
+* f227c90 Added bar
+* 652f9ae Signed off
+* 16ddd46 Added feature X
+* cf43808 Test commit of foo
+```
+
+The above example simply added the `--first-parent` option to `git log`, which
+will display only the first parent commit when encountering a merge commit.
+Importantly, this means that we are left with _only the commits on_ `master` (or
+whatever branch you decide to reference). These are the commits we wish to
+validate.
+
+Performing the validation is therefore only a slight modification to the
+original script:
+
+```sh
+#!/bin/sh
+#
+# Validate signatures on only direct commits and merge commits for a particular
+# branch (current branch)
+##
+
+# if a ref is provided, append range spec to include all children
+chkafter="${1+$1..}"
+
+# note: bash users may instead use $'\t'; the echo statement below is a more
+# portable option (-e is unsupported with /bin/sh)
+t=$( echo '\t' )
+
+# Check every commit after chkafter (or all commits if chkafter was not
+# provided) for a trusted signature, listing invalid commits. %G? will output
+# "G" if the signature is trusted.
+git log --pretty="format:%H$t%aN$t%s$t%G?" "${chkafter:-HEAD}" --first-parent \
+ | grep -v "${t}G$"
+
+# grep will exit with a non-zero status if no matches are found, which we
+# consider a success, so invert it
+[ $? -gt 0 ]
+```
+
+If you run the above script using the branch setup provided above, then you will
+find that neither of the commits made in the `diverge` branch are listed in the
+output. Since the merge commit itself is signed, it is also omitted from the
+output (leaving us with only the unsigned commit mentioned in the previous
+sections). To demonstrate what will happen if the merge commit is _not_ signed,
+we can amend it as follows (omitting the `-S` option):
+
+```sh
+$ git commit --amend
+[master 9ee66e9] Merge branch 'diverge'
+$ ./signchk
+9ee66e900265d82f5389e403a894e8d06830e463 Mike Gerwitz Merge branch 'diverge'
+f72924356896ab95a542c495b796555d016cbddd Mike Gerwitz Yet another foo
+$ echo $?
+1
+```
+
+The merge commit is then listed, requiring a valid signature. ^[If you wish to
+ensure that this signature is trusted as well, see [the section on verifying
+commits within a web of trust](#script-trust).]
+
+
+## Summary
+
+* [Be careful of who you trust.](#trust) Is your repository safe from
+ harm/exploitation on your PC? What about the PCs of those whom you trust?
+** [Your host is not necessarily secure.](#trust-host) Be wary of using
+ remotely hosted repositories as your primary hub.
+* [Using GPG to sign your commits](#trust-ensure) can help to assert your
+ identity, helping to protect your reputation from impostors.
+* For large merges, you must develop a security practice that works best for
+ your particular project. Specifically, you may choose to [sign each
+ individual commit](#merge-3) introduced by the merge, [sign only the merge
+ commit](#merge-2), or [squash all commits](#merge-1) and sign the
+ resulting commit.
+* If you have an existing repository, there is [little need to go rewriting
+ history to mass-sign commits](#commit-history).
+* Once you have determined the security policy best for your project, you may
+ [automate signature verification](#automate) to ensure that no unauthorized
+ commits sneak into your repository.
diff --git a/post/2012-10-05-getting-too-tired-to-hack-at-2300.md b/post/2012-10-05-getting-too-tired-to-hack-at-2300.md
new file mode 100644
index 0000000..08dbbd3
--- /dev/null
+++ b/post/2012-10-05-getting-too-tired-to-hack-at-2300.md
@@ -0,0 +1,12 @@
+# Getting too tired to hack? At 23:00?
+
+This has been normal since becoming a father. I can't complain---I love being a
+father. Of course, I also love hacking. I also love sleep. Knowing that my son
+is going to wake me up a 6:00 in the morning has a slight influence in a
+situation like this.
+
+<!-- more -->
+
+I'd like to just suffer through it, but being a fiancé also has another
+obligation: going to bed when your significant other decides that it's bed time
+(and by "bed time" I mean sleep). I still manage to fit it in somehow.
diff --git a/post/2012-10-05-who-needs-microblogging.md b/post/2012-10-05-who-needs-microblogging.md
new file mode 100644
index 0000000..0cc5f58
--- /dev/null
+++ b/post/2012-10-05-who-needs-microblogging.md
@@ -0,0 +1,29 @@
+# Who needs "microblogging"?
+
+I don't. This is just some place safe to store random thoughts that people
+probably don't care about (like most comments on most social networking
+services), with the added benefit of distributed backup, a simple system and no
+character limit.
+
+<!-- more -->
+
+All the thoughts are commit messages; in particular, this means no versioning.
+That's okay, because I'm not going to go back and modify them, but I do want
+dates and I do want GPG signatures (to show that it's actually me thinking this
+crap).
+
+This isn't a journal.
+
+This will mostly be a hacker's thought cesspool.
+
+This isn't a blog.
+
+Though, considering how much I ramble (look at this message), certain thoughts
+could certainly seem like blog entries. Don't get the two confused---one
+requires only thought defecation and the other endures the disturbing task of
+arranging the thought matter into something coherent and useful to present to
+others.
+
+Yeah. Enjoy. Or don't. You probably shouldn't, even if you do. If you don't,
+you probably should just to see that you shouldn't.
+
diff --git a/post/2012-10-06-trademarks-in-free-software.md b/post/2012-10-06-trademarks-in-free-software.md
new file mode 100644
index 0000000..30ff96c
--- /dev/null
+++ b/post/2012-10-06-trademarks-in-free-software.md
@@ -0,0 +1,35 @@
+# Trademarks in Free Software
+
+The use of trademarks in free software has always been a curious and unclear
+concept to me, primarily due to my ignorance on the topic.
+
+Trademarks, unless abused, are intended to protect consumers' interests---are
+they getting the brand that they think they're getting? If you download Firefox,
+are you getting Firefox, or a derivative?
+
+<!-- more -->
+
+Firefox is precicely one of those things that has brought this issue to light
+for me personally: the name is trademarked and derivatives must use their own
+names, leading to IceCat, IceWeasel, Abrowser, etc. Even though FF is free
+software, the trademark imposes additional restrictions that seem contrary to
+the free software philosophy. As such, it was my opinion that trademarks should
+be avoided or, if they exist, should not be exercised. (GNU, for example, is
+trademarked[^0], but the FSF certainly [does not exercise it][1]; consider GNUplot,
+a highly popular graphing program, which is not even part of the GNU project.)
+
+[This article][2] provides some perspective on the topic and arrives at much the
+same conclusions: trademark enforcement stifles adoption and hurts the project
+overall.
+
+I recommend that trademarks not be used for free software projects, though I am
+not necessarily opposed to registering a trademark "just in case" (for example,
+to prevent others from maliciously attempting to register a trademark for your
+project).
+
+[1]: http://www.gnu.org/prep/standards/html_node/Trademarks.html
+[2]: http://mako.cc/copyrighteous/20120902-00
+
+[^0]: uspto.gov; serial number 85380218; reg. number 4125065.
+ From what I could find from the USPTO website, it was submitted by
+ Aaron Williamson of the SFLC (http://www.softwarefreedom.org/about/team/)
diff --git a/post/2012-10-09-all-these-election-attack-ads-are-utterly-useless.md b/post/2012-10-09-all-these-election-attack-ads-are-utterly-useless.md
new file mode 100644
index 0000000..d61a73f
--- /dev/null
+++ b/post/2012-10-09-all-these-election-attack-ads-are-utterly-useless.md
@@ -0,0 +1,17 @@
+# All these election attack ads are utterly useless
+
+There have been a lot of elections going on lately---local, state and national.
+The majority of those ads are attack ads: immature and disrespectful; if you
+want my vote, give me something positive to vote for instead of spending all of
+your time and money attacking your candidate. If my vote is to go to the "least
+horrible" candidate, then there is no point in voting at all.
+
+<!-- more -->
+
+Even more frustrating is the deceptiveness of the ads---intentional
+deceptiveness, nonetheless. And these are the ads that many in the United States
+will be basing the majority of, if not all, of their vote on come election time
+(how many will realistically research instead of sitting in front of the TV
+absorbing all of the useless bullshit that they are spoonfed?).
+
+Frightening.
diff --git a/post/2012-10-09-always-use-t-with-ssh-add-and-always-set-passwords-on-your-ssh-keys.md b/post/2012-10-09-always-use-t-with-ssh-add-and-always-set-passwords-on-your-ssh-keys.md
new file mode 100644
index 0000000..416c1e6
--- /dev/null
+++ b/post/2012-10-09-always-use-t-with-ssh-add-and-always-set-passwords-on-your-ssh-keys.md
@@ -0,0 +1,27 @@
+# Always use -t with ssh-add (and always set passwords on your ssh keys)
+
+Many people use SSH keys for the sole purpose of avoiding password entry when
+logging into remote boxes. That is legtimate, especially if you frequently run
+remote commands or wish to take advantage of remote tab complation, but creating
+a key with an empty password is certainly the wrong approach---if an attacker
+gets a hold of the key, then they have access to all of your boxes before you
+have the chance to notice and revoke the key.
+
+<!-- more -->
+
+ssh-agent exists for this purpose. The problem is---creating an agent only to
+place the key in memory indefinately is also a terrible idea. If your system
+does become compromised and the attacker is either root access or access as your
+user, then they can simply connect to the ssh-agent (unless it's password
+protected) and start using your key. Also consider that, should you leave your
+box unattended for even a moment without locking it (for whatever reason---shit
+happens), an attacker could gain physical access to your PC (and an attacker may
+just be a coworker looking to play a prank).
+
+Every morning at work, I begin the day by typing ssh-add followed by an
+appropriate lifetime (be it the duration of the work day, or the duration that I
+think I will need the key). This way, your key is in memory when you are likely
+to be physically present at the box and it is automatically removed from memory
+after a given lifetime. Additionally, I like to add `ssh-add -D` to the script
+that locks my PC when I walk away from my desk: that will immediately clear all
+keys from memory, just in case.
diff --git a/post/2012-10-09-why-no-kid-or-kid-at-heart-should-write-an-iphone-game.md b/post/2012-10-09-why-no-kid-or-kid-at-heart-should-write-an-iphone-game.md
new file mode 100644
index 0000000..cd5d27b
--- /dev/null
+++ b/post/2012-10-09-why-no-kid-or-kid-at-heart-should-write-an-iphone-game.md
@@ -0,0 +1,42 @@
+# Why no kid (or kid at heart) should write an iPhone game
+
+I saw [this post][0] appear on HackerNews, talking about how building a game for
+iOS is "fun" and "cool". The poster lures the reader in with talk of making
+money and talks of a "unique sense of fulfillment" that comes with development
+of these games, and then goes on to invite kids to learn how to develop games
+for the iPhone (and presumably other iOS devices).
+
+[0]: http://blog.makegameswith.us/post/33263097029/call-to-arms
+
+This is a terrible idea.
+
+<!-- more -->
+
+Getting children involved with hacking is an excellent idea, but introducing
+them to the evils of Apple and associating that with a feeling of pleasure does
+a great disservice; all software developed for iOS must be "purchased" (even
+if it's of zero cost) through a walled garden called the "App Store". The
+problem with this is that [the App Store is hostile toward free
+software][1]---its overly restrictive terms are incompatible with free software
+licenses like the GPL. Teaching children to develop software for this crippled,
+DRM-laden system is teaching them that it is good to prevent sharing, stifle
+innovation and deny aid to your neighbor.
+
+A better solution would be to suggest developing software for a completely free
+mobile operating system instead of iOS, such as [Replicant][2] (a fully free
+Android distribution). Even if Replicant itself were not used, Android itself,
+so long as proprietary implementations and "stores" are avoided[[3]], is much
+more [compatible with education][4] than iOS, since the children are then able
+to freely write and distribute the software without being controlled by
+malicious entities like Apple. Furthermore, they would then be able to use a
+fully free operating system such as GNU/Linux to *write* the software.
+
+Do not let fun and wealth disguise this ugly issue. Even more importantly---do
+not pass this practice and woeful acceptance down to our children. I receive a
+"unique sense of fulfillment" each and every day hacking free software far
+away from Apple's grasp.
+
+[1]: http://www.fsf.org/news/blogs/licensing/more-about-the-app-store-gpl-enforcement
+[2]: http://replicant.us/
+[3]: http://www.gnu.org/philosophy/android-and-users-freedom.html
+[4]: http://www.gnu.org/education/edu-schools.html
diff --git a/post/2012-10-10-texas-middle-and-high-schools-tracking-student-locations-with-rfid-tags.md b/post/2012-10-10-texas-middle-and-high-schools-tracking-student-locations-with-rfid-tags.md
new file mode 100644
index 0000000..0440dcb
--- /dev/null
+++ b/post/2012-10-10-texas-middle-and-high-schools-tracking-student-locations-with-rfid-tags.md
@@ -0,0 +1,21 @@
+# Texas middle and high schools tracking student locations with RFID tags
+
+[An article][0] describes how a school district in Texas is attempting to force
+its students to wear RFID tags at all times in order to track their location to
+"stem the rampant truancy devastating the school's funding".
+
+[0]: http://rt.com/usa/news/texas-school-id-hernandez-033/
+
+What?
+
+<!-- more -->
+
+This is deeply concerning. Not only does this raise serious security and privacy
+concerns (as mentioned near the end of the article), but it also costed the
+schools over a half a million dollars to implement. In order words: Texas
+taxpayer money has been wasted in an effort to track our children.
+
+Good thing they don't have anything [better to spend that money on.][1]
+
+[1]: http://fedupwithlunch.com/
+
diff --git a/post/2012-10-13-day-changed-to-s.md b/post/2012-10-13-day-changed-to-s.md
new file mode 100644
index 0000000..f85d6df
--- /dev/null
+++ b/post/2012-10-13-day-changed-to-s.md
@@ -0,0 +1,8 @@
+# "Day changed to S"
+
+Whatever "S" may be (in this case, "13 Oct 2012"), there is always a sense
+of peace and gratification that comes with witnessing that line appear in any
+type of log; it shows a dedication to an art, should your days contain daylight.
+
+<!-- more -->
+
diff --git a/post/2012-10-16-branch-prediction.md b/post/2012-10-16-branch-prediction.md
new file mode 100644
index 0000000..cab6b61
--- /dev/null
+++ b/post/2012-10-16-branch-prediction.md
@@ -0,0 +1,8 @@
+# Branch Prediction
+
+An enlightening discussion on branch prediction.[0]
+
+[0]: http://stackoverflow.com/questions/11227809/why-is-processing-a-sorted-array-faster-than-an-unsorted-array
+
+<!-- more -->
+
diff --git a/post/2012-10-16-free-speech-in-the-western-world.md b/post/2012-10-16-free-speech-in-the-western-world.md
new file mode 100644
index 0000000..27a738b
--- /dev/null
+++ b/post/2012-10-16-free-speech-in-the-western-world.md
@@ -0,0 +1,7 @@
+# Free Speech in the Western World
+
+An interesting opinion piece on [free speech in the western world.][0]
+
+[0]: http://www.washingtonpost.com/opinions/the-four-arguments-the-western-world-uses-to-limit-free-speech/2012/10/12/e0573bd4-116d-11e2-a16b-2c110031514a_print.html
+
+<!-- more -->
diff --git a/post/2012-10-16-nyc-master-keys.md b/post/2012-10-16-nyc-master-keys.md
new file mode 100644
index 0000000..9420b9b
--- /dev/null
+++ b/post/2012-10-16-nyc-master-keys.md
@@ -0,0 +1,24 @@
+# NYC Master Keys
+
+[Bruce Schneier summarizes in a blog post][0] a disturbing topic regarding a New
+York City locksmith selling "master keys" on eBay, providing access to various
+services such as elevators and subway entrances.
+
+[A discussion about this blog post on Hacker News][1] yielded some interesting
+conversation, including an [even more disturbing article describing how simple
+it may be to create master keys][2] for a set of locks given only the lock, its
+key and a number of attempts.
+
+[0]: http://www.schneier.com/blog/archives/2012/10/master_keys.html
+[1]: http://news.ycombinator.com/item?id=4654777
+[2]: http://www.crypto.com/masterkey.html
+
+<!-- more -->
+
+I'll let you ponder the implications of both of these topics. Here's something
+to get you started: organized crime could use these keys to effectively evade
+law enforcement or break into millions of "locked" homes. Crackers could gain
+intimate access to various city systems whereby they may be able to further
+obstruct or infect systems. A security system is only as strong as its weakest
+link. Keeping citizens in the dark about these issues gives them a dangerous and
+false sense of security.
diff --git a/post/2012-10-16-verizon-router-backdoors.md b/post/2012-10-16-verizon-router-backdoors.md
new file mode 100644
index 0000000..f4119d4
--- /dev/null
+++ b/post/2012-10-16-verizon-router-backdoors.md
@@ -0,0 +1,27 @@
+# Verizon router backdoors
+
+A [very disturbing article][0] makes mention of a Verizon TOS update for its
+Internet service customers:
+
+[0]: http://www.linuxbsdos.com/2012/10/04/is-that-a-backdoor-or-an-administrative-password-on-your-verizon-internet-router/
+
+> Section 10.4 was updated to clarify that Verizon may in limited instances
+> modify administrative passwords for home routers in order to safeguard
+> Internet security and our network, the security and privacy of subscriber
+> information, to comply with the law, and/or to provide, upgrade and maintain
+> service.
+
+<!-- more -->
+
+...what? This is deeply disturbing, deeply perverted idea of security. Not only
+is this a severe privacy concern (all internet traffic passes through your
+router), but it's a deep *security* concern---what if a cracker is able to
+figure out Verizon's password scheme, intercept the communication with your
+router or otherwise?
+
+I recommend that you (a) use your own router, (b) change its default password if
+you have not yet done so and (c) disallow remote access. Furthermore, I
+recommend using a free (as in freedom) firmware such as [DD-WRT][1] if supported
+by your hardware.
+
+[1]: http://dd-wrt.com/
diff --git a/post/2012-10-17-crackers-capable-of-causing-pacemaker-deaths.md b/post/2012-10-17-crackers-capable-of-causing-pacemaker-deaths.md
new file mode 100644
index 0000000..8891f5a
--- /dev/null
+++ b/post/2012-10-17-crackers-capable-of-causing-pacemaker-deaths.md
@@ -0,0 +1,34 @@
+# Crackers capable of causing pacemaker deaths
+
+[This article][0] demonstrates why medical devices must contain free software:
+crackers are able to, with this particular type of pacemaker, exploit the device
+to trigger a fatal electric shock to its host from as far as 30 feet away (the
+article also mentions rewriting the firmware, which could of course be used to
+schedule a deadly shock at a predetermined time). These issues would not exist
+with free software, as the user and the community would be able to study the
+source code and fix any defects (or hire someone who can) before placing it in
+their bodies.
+
+[0]: http://www.scmagazine.com.au/News/319508,hacked-terminals-capable-of-causing-pacemaker-mass-murder.aspx
+
+<!-- more -->
+
+(Note that this article mistakenly uses the term "hacker" when they really
+mean "cracker".)
+
+The aforementioned article is an excellent supplement to [a discussion on free
+software in pacemakers][1]. In particular, I had pointed out within this
+discussion [a talk by Karen Sandler of the GNOME Foundation regarding this
+issue][2] at OSCON 2011, in which she mentions potential issues of proprietary
+software in pacemakers and the difficulty she faced in attempting to get the
+source code for one that she was considering for herself.
+
+The discussion on HackerNews also yielded [an article by the SFLC][3] detailing
+this issue.
+
+(Please do not use YouTube's proprietary video player to view the mentioned
+YouTube video.)
+
+[1]: http://news.ycombinator.com/item?id=3959547
+[2]: https://www.youtube.com/watch?v=nFZGpES-St8
+[3]: https://www.softwarefreedom.org/news/2010/jul/21/software-defects-cardiac-medical-devices-are-life-/
diff --git a/post/2012-10-18-another-crack-at-medical-device-cracking.md b/post/2012-10-18-another-crack-at-medical-device-cracking.md
new file mode 100644
index 0000000..06a4e75
--- /dev/null
+++ b/post/2012-10-18-another-crack-at-medical-device-cracking.md
@@ -0,0 +1,34 @@
+# Another crack at medical device cracking
+
+My previous post mentioned the dangers of running non-free software on implanted
+medical devices. While reading over RMS' policital notes[0], I came across [an
+article mentioning how viruses are rampant on medical equipment][1].
+
+> "It's not unusual for those devices, for reasons we don't fully understand, to
+> become compromised to the point where they can't record and track the data,"
+> Olson said during the meeting, referring to high-risk pregnancy monitors.
+
+The devices often run old, unpatches versions of Microsoft's Windoze operating
+system. The article also mentions how the maleware often attempts to include its
+host as part of a botnet.
+
+[0]: http://stallman.org/archives/2012-jul-oct.html#18_October_2012_%28Computerized_medical_devices_vulnerable_to_viruses%29
+[1]: http://www.technologyreview.com/news/429616/computer-viruses-are-rampant-on-medical-devices/
+
+<!-- more -->
+
+This is deeply concerning and incredibly dangerous. As non-free software is used
+more and more in equipement that is responsible for our health and safety, we
+are at increased risk for not only obvious software flaws, but also for crackers
+with malicious intent; harming someone will become as easy as instructing your
+botnet to locate and assassinate an individual while you go enjoy a warm (or
+cold) beverage.
+
+These problems are *less likely* (not impossible) to occur in free software
+beacuse the users and community are able to inspect the source code and fix
+problems that arise (or hire someone that can)[2]. In particular, in the case of
+the hospitals mentioned in [the article][1], they would be free to hire someone
+to fix the problems themselves rather than falling at the mercy of the
+corporations who supplied the proprietary software.
+
+[2]: http://www.gnu.org/philosophy/free-sw.html
diff --git a/post/2012-10-18-federal-appeals-court-declares-defense-of-marriage-act-unconstitutional.md b/post/2012-10-18-federal-appeals-court-declares-defense-of-marriage-act-unconstitutional.md
new file mode 100644
index 0000000..76f7062
--- /dev/null
+++ b/post/2012-10-18-federal-appeals-court-declares-defense-of-marriage-act-unconstitutional.md
@@ -0,0 +1,12 @@
+# Federal Appeals Court Declares "Defense of Marriage Act" Unconstitutional
+
+A step in the [right direction.][0]
+
+It should also be noted that New York State had also [legalized same sex
+marriage back in July of 2011][1]---a move I was particularily proud of as a
+resident of NY state.
+
+[0]: http://www.aclu.org/lgbt-rights/federal-appeals-court-declares-defense-marriage-act-unconstitutional
+[1]: http://en.wikipedia.org/wiki/Same-sex_marriage_in_New_York
+
+<!-- more -->
diff --git a/post/2012-10-19-digitizing-books-is-fair-use-authors-guild-v-hathitrust.md b/post/2012-10-19-digitizing-books-is-fair-use-authors-guild-v-hathitrust.md
new file mode 100644
index 0000000..e9be502
--- /dev/null
+++ b/post/2012-10-19-digitizing-books-is-fair-use-authors-guild-v-hathitrust.md
@@ -0,0 +1,8 @@
+# Digitizing Books Is Fair Use: Author's Guild v. HathiTrust
+
+A New York court ruled that "digitizing" books for researched and disabled
+individuals is lawful.[[0]]
+
+[0]: https://www.eff.org/deeplinks/2012/10/authors-guild-vhathitrustdecision
+
+<!-- more -->
diff --git a/post/2012-10-24-obama-and-warrantless-wiretapping.md b/post/2012-10-24-obama-and-warrantless-wiretapping.md
new file mode 100644
index 0000000..0ad5970
--- /dev/null
+++ b/post/2012-10-24-obama-and-warrantless-wiretapping.md
@@ -0,0 +1,28 @@
+# Obama and Warrantless Wiretapping
+
+The EFF has released an article with a [plethora of links describing warrantless
+wiretapping under the Obama administration][0], spurred by Obama's response to
+Jon Stewart's questioning on The Daily Show last Thursday. (Readers should also
+be aware of the [NSA spy center][1] discussed earlier in the year, as is
+mentioned in the EFF article.)
+
+[0]: https://www.eff.org/deeplinks/2012/10/fact-check-obamas-misleading-answer-about-warrantless-wiretapping-daily-show
+[1]: http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/
+
+<!-- more -->
+
+It is clear that the United States government has no intent on protecting the
+freedoms of individuals and instead is actively resisting attempts to correct
+the problems. While we can hope that this will change, and we can be confident
+that organizations like the EFF will continue to fight for our liberties, one
+immediate option is to limit as much as possible what the NSA and other agencies
+can discover about you. Consider using [Tor][2] for all of your network traffic
+(at the very least, use HTTPS connections to prevent agencies and ISPs from viewing
+specific web pages on a particular domain; HTTPS is unnecessary if using Tor.)
+PGP/GPG can be used to encrypt e-mail messages to the intended recipients. Etc.
+
+It's unfortunate that such precautions are necessary. Privacy is important even
+if you have nothing to hide; any suggestion to the contrary is absolutely
+absurd.
+
+[2]: http://torproject.org
diff --git a/post/2012-10-24-stingrays-cell-phone-privacy-and-warrantless-surveillance.md b/post/2012-10-24-stingrays-cell-phone-privacy-and-warrantless-surveillance.md
new file mode 100644
index 0000000..0b76f0f
--- /dev/null
+++ b/post/2012-10-24-stingrays-cell-phone-privacy-and-warrantless-surveillance.md
@@ -0,0 +1,15 @@
+# Stingrays: Cell Phone Privacy and Warrantless Surveillance
+
+How would you feel if law enforcement showed up in your living room, demanded
+your cell phone, and started writing down your call history and text messages?
+How would you feel if you didn't even know that they were in your home to begin
+with, let alone stealing private data? [This is precisely what is happening when
+law enforcement uses "Stingrays" to locate individuals][0], collecting data of
+every other individual within range of the device in the process. Even *if* you
+are the subject of surveillance, this is still an astonishing violation of
+privacy. (Of course, law enforcement could always demand such records from your
+service provider, but such an act at the very least has a paper trail.)
+
+[0]: https://www.eff.org/deeplinks/2012/10/stingrays-biggest-unknown-technological-threat-cell-phone-privacy
+
+<!-- more -->
diff --git a/post/2012-10-27-gnu-trick-or-treat-fsf-crashes-windows-8-launch.md b/post/2012-10-27-gnu-trick-or-treat-fsf-crashes-windows-8-launch.md
new file mode 100644
index 0000000..b4dd3fc
--- /dev/null
+++ b/post/2012-10-27-gnu-trick-or-treat-fsf-crashes-windows-8-launch.md
@@ -0,0 +1,63 @@
+# GNU Trick-Or-Treat---FSF Crashes Windows 8 Launch
+
+The FSF decided to [crash the Windows 8 launch even in New York City][0],
+complete with [Trisquel][1] DVDs, FSF stickers and information about their
+[pledge to upgrade to GNU/Linux instead of Windows 8][2].
+
+I find this to be a fun, excellent alternative to blatant protesting that is
+likely to be better received by those who would otherwise be turned off to
+negativity. At the very least, the [walking gnu][3] would surely turn heads and
+demand curiosity.
+
+[0]: http://www.fsf.org/news/activists-trick-or-treat-for-free-software-at-windows-8-launch-event-1
+[1]: http://trisquel.info/
+[2]: http://www.defectivebydesign.org/windows8
+[3]: http://www.fsf.org/blogs/community/gnus-trick-or-treat-at-windows-8-launch
+
+<!-- more -->
+
+Here is the e-mail that was sent to the info at fsf.org mailing list:
+
+> Happy (almost) Halloween, everybody,
+>
+> You've probably been noticing Microsoft's ads for their new operating
+> system -- after all, they've spent more money on them than any other
+> software launch campaign in history. In fact, everything about the
+> campaign has been meticulously planned and optimized, so you can
+> imagine journalists' surprise when an unexpected guest showed up at an
+> invite-only launch event on Thursday.
+>
+> Our volunteer, Tristan Chambers, was there and caught the whole thing
+> on camera! Pictures here:
+> <http://www.fsf.org/blogs/community/gnus-trick-or-treat-at-windows-8-launch>.
+>
+> Reporters and security guards at the event weren't sure how to react
+> when they were greeted by a real, live gnu. The gnu -- which, on
+> closer inspection, was an activist in a gnu suit -- had come for some
+> early trick-or-treating. But instead of candy, she had free software
+> for the eager journalists. The gnu and the FSF campaigns team handed
+> out dozens of copies of Trisquel, a fully free GNU/Linux distribution,
+> along with press releases and stickers. Once they got over their
+> confusion, the reporters were happy to see us and hear our message --
+> that Windows 8 is a downgrade, not an upgrade, because it steals
+> users' freedom, security and privacy.
+>
+> Free software operating systems are the real upgrade, and they don't
+> need a zillion-dollar launch event to prove it. To show Microsoft that
+> their ads won't change our minds, we're starting an upgrade pledge:
+> switch to a free OS, or if you're already using one, help a friend
+> switch. We can pay Microsoft a chunk of change for their new,
+> proprietary OS, or we can stand up for our freedom. The choice isn't
+> as hard as Microsoft wants you to think.
+>
+> Sign the pledge now! -- <http://www.fsf.org/windows8/pledge>.
+>
+> Thanks for making a commitment to free software.
+>
+> PS - If you'd like more details about the action, you can check out
+> our press release here:
+> <http://www.fsf.org/news/activists-trick-or-treat-for-free-software-at-windows-8-launch-event-1>.
+>
+> -Zak Rogoff
+> Campaigns Manager
+
diff --git a/post/2012-10-30-abolishing-patents.md b/post/2012-10-30-abolishing-patents.md
new file mode 100644
index 0000000..6b2c2e1
--- /dev/null
+++ b/post/2012-10-30-abolishing-patents.md
@@ -0,0 +1,30 @@
+# Abolishing Patents
+
+My issue with patents exceeds the [obvious case against software patents][0];
+indeed, I have long pondered the problems with patents in other fields. When I
+hear the phrase "patent pending" or "patented technology" touted in ads, I
+have never thought positive thoughts; instead, I have thought "you are damning
+this otherwise excellent work to stagnation". What if someone has an excellent
+idea to improve upon that particular product? Well, they'd better be prepared to
+jump through some hoops or shell out some hefty licensing fees. Or maybe it's
+just easier to abandon the idea entirely and forget that it had never happened.
+
+[0]: http://patentabsurdity.com/
+
+<!-- more -->
+
+However, I thought, it's not a simple case of ridding the world of patents.
+How would that affect the incentive to innovate? How would people recoup
+expensive R&D costs, especially in industries like pharmacy (both my parents are
+pharmacists)? What about the incentive to describe your invention to the world?
+Then again, nobody *has* to get a patent for their invention. It may be worth
+keeping it secret if nobody can figure it out.
+
+The answers to all of these questions appeared in one place: [The Case Against
+Patents][1], which I found referenced in an article regarding the [Swedish Pirate
+Party's opinions on patents, trademarks and copyright][2]. While it is still a
+draft at the time of this writing, I encourage you to give it a read, as it is
+very enlightening.
+
+[1]: http://research.stlouisfed.org/wp/2012/2012-035.pdf
+[2]: http://falkvinge.net/2012/10/13/what-the-swedish-pirate-party-wants-with-patents-trademarks-and-copyright/
diff --git a/post/2012-10-30-jailbreaking-and-dcmaeff-touts-victory-fsf-warns-of-failure.md b/post/2012-10-30-jailbreaking-and-dcmaeff-touts-victory-fsf-warns-of-failure.md
new file mode 100644
index 0000000..05595c3
--- /dev/null
+++ b/post/2012-10-30-jailbreaking-and-dcmaeff-touts-victory-fsf-warns-of-failure.md
@@ -0,0 +1,18 @@
+# Jailbreaking and DCMA---EFF Touts Victory, FSF Warns Of Failure
+
+While the [EFF is pleased to announce][0] that the Copyright Office has [renewed
+DMCA exceptions upholding jailbreaking rights for cellphones][1], the FSF
+cautions that [this right has not been extended to tablets, game consoles or
+even PCs with restricted boot][2].
+
+[0]: https://www.eff.org/press/releases/eff-wins-renewal-smartphone-jailbreaking-rights-plus-new-legal-protections-video
+[1]: http://www.copyright.gov/fedreg/2012/77fr65260.pdf
+[2]: http://www.fsf.org/blogs/licensing/copyright-office-fails-to-protect-users-from-dmca
+
+<!-- more -->
+
+It should be noted that the EFF also successfully gained protection for the use
+of short copyrighted clips in remixing,[0] and while this is a positive step
+forward in its own, the implications of the first paragraph should not be
+ignored.
+
diff --git a/post/2012-10-30-openwirelessorg.md b/post/2012-10-30-openwirelessorg.md
new file mode 100644
index 0000000..7dda51e
--- /dev/null
+++ b/post/2012-10-30-openwirelessorg.md
@@ -0,0 +1,30 @@
+# OpenWireless.org
+
+The EFF [announces the launch of openwireless.org][0], which encourages users to
+[share their network connections][1] to create a global network of freely
+available wireless internet access.
+
+This is a noble movement. This reminds me of a point in history when MIT began
+password protecting their accounts, which were previously open to anyone.
+Stallman, disagreeing with such a practice, [encouraged users to create empty
+passwords][2]. Stallman would even give out his account information so that
+remote users may log into MIT's systems, all with good intent.
+
+[0]: https://www.eff.org/deeplinks/2012/10/why-we-have-open-wireless-movement
+[1]: https://www.openwireless.org/
+[2]: http://shop.fsf.org/product/free-as-in-freedom-2/
+
+<!-- more -->
+
+Of course, with malice rampant in today's very different world, Stallman's
+actions, although noble, would be both naive and a huge security risk.
+Fortunately, [opening your wireless network isn't necessarily one of these
+risks][3] and, if done properly, does not equate to opening your private network
+to attack.
+
+Consider using [DD-WRT][4] as your router's firmware, if supported by your
+device, as it is itself [free software][5].
+
+[3]: https://openwireless.org/myths
+[4]: http://dd-wrt.com
+[5]: http://www.gnu.org/philosophy/free-sw.html
diff --git a/post/2012-10-30-trademark-bullying.md b/post/2012-10-30-trademark-bullying.md
new file mode 100644
index 0000000..78cb284
--- /dev/null
+++ b/post/2012-10-30-trademark-bullying.md
@@ -0,0 +1,12 @@
+# "Trademark" Bullying
+
+There's two problems with this post from the EFF describing [The Village Voice
+suing Yelp for "Best of" trademark infringement][0]: firstly, there's the
+obvious observation that such a trademark should not have been permitted by the
+USPTO to begin with. Secondly---why do entities insist on gaming the system in
+such a terribly unethical manner? It takes a special breed of people to do such
+a thing.
+
+[0]: https://www.eff.org/deeplinks/2012/10/stupid-lawyer-tricks-and-government-officials-who-are-helping-them
+
+<!-- more -->
diff --git a/post/2012-10-30-ubuntu-1210-privacy-amazon-ads-and-data-leaks.md b/post/2012-10-30-ubuntu-1210-privacy-amazon-ads-and-data-leaks.md
new file mode 100644
index 0000000..57f2eae
--- /dev/null
+++ b/post/2012-10-30-ubuntu-1210-privacy-amazon-ads-and-data-leaks.md
@@ -0,0 +1,15 @@
+# Ubuntu 12.10 Privacy: Amazon Ads and Data Leaks
+
+The EFF [cautions that Ubuntu 12.10 leaks user information to Amazon by
+default][0] rather than requiring the user to opt *into* the system.
+
+Of course, I cannot recommend that you use Ubuntu, as it encourages the
+installation of non-free device drivers, readily enables non-free software
+repositories and contains non-free components in its kernel.[1] Instead,
+consider a [fully free GNU/Linux distribution like Trisquel][2].
+
+[0]: https://www.eff.org/deeplinks/2012/10/privacy-ubuntu-1210-amazon-ads-and-data-leaks
+[1]: http://www.fsfla.org/svnwiki/selibre/linux-libre/
+[2]: https://trisquel.info
+
+<!-- more -->
diff --git a/post/2012-11-03-ban-on-public-rallying-and-demonstrations-in-bahrain.md b/post/2012-11-03-ban-on-public-rallying-and-demonstrations-in-bahrain.md
new file mode 100644
index 0000000..02c377e
--- /dev/null
+++ b/post/2012-11-03-ban-on-public-rallying-and-demonstrations-in-bahrain.md
@@ -0,0 +1,8 @@
+# Ban On Public Rallying and Demonstrations in Bahrain
+
+The government of Bahrain found that the best solution to preventing violent
+protests was to [ban all public rallying and demonstrations][0].
+
+[0]: https://www.eff.org/deeplinks/2012/11/bahrain-goes-bad-worse
+
+<!-- more -->
diff --git a/post/2012-11-03-eff-elaborates-on-dcma-ruling.md b/post/2012-11-03-eff-elaborates-on-dcma-ruling.md
new file mode 100644
index 0000000..6d28d89
--- /dev/null
+++ b/post/2012-11-03-eff-elaborates-on-dcma-ruling.md
@@ -0,0 +1,8 @@
+# EFF Elaborates On DCMA Ruling
+
+In addition to my aforementioned links, the EFF has provided [a more detailed
+analysis][0] of the decision.
+
+[0]: https://www.eff.org/deeplinks/2012/11/2012-dmca-rulemaking-what-we-got-what-we-didnt-and-how-to-improve
+
+<!-- more -->
diff --git a/post/2012-11-05-another-useless-false-sense-of-security-nsa-security-tactic.md b/post/2012-11-05-another-useless-false-sense-of-security-nsa-security-tactic.md
new file mode 100644
index 0000000..5848581
--- /dev/null
+++ b/post/2012-11-05-another-useless-false-sense-of-security-nsa-security-tactic.md
@@ -0,0 +1,9 @@
+# Another Useless, False-Sense-Of-Security NSA Security Tactic
+
+A police officer [recalls a time he went through airport security][0] and
+received a patdown from one of the security agents, which he found to be
+absolutely useless.
+
+[0]: http://www.gizmodo.co.uk/2012/10/search-me/
+
+<!-- more -->
diff --git a/post/2012-11-05-california-proposition-35-concerns.md b/post/2012-11-05-california-proposition-35-concerns.md
new file mode 100644
index 0000000..22f5a9f
--- /dev/null
+++ b/post/2012-11-05-california-proposition-35-concerns.md
@@ -0,0 +1,22 @@
+# California Proposition 35 Concerns
+
+The EFF [points out problems with California's Proposition 35][0], which would,
+among other things, [require registered sex offenders to "disclose Internet
+activities and identities"][1]:
+
+[0]: https://www.eff.org/deeplinks/2012/11/eff-urges-no-vote-california-proposition-35
+[1]: http://voterguide.sos.ca.gov/propositions/35/
+
+<!-- more -->
+
+> [...] Proposition 35 would force individuals to provide law enforcement with
+> information about online accounts that are wholly unrelated to criminal
+> activity – such as political discussion groups, book review sites, or blogs.
+> In today’s online world, users may set up accounts on websites to communicate
+> with family members, discuss medical conditions, participate in political
+> advocacy, or even listen to Internet radio. An individual on the registered
+> sex offender list would be forced to report each of these accounts to law
+> enforcement within 24 hours of setting it up – or find themselves in jail.
+> This will have a powerful chilling effect on free speech rights of tens of
+> thousands of Californians.
+
diff --git a/post/2012-11-05-mediagoblin-10k-matching-grant.md b/post/2012-11-05-mediagoblin-10k-matching-grant.md
new file mode 100644
index 0000000..72e8320
--- /dev/null
+++ b/post/2012-11-05-mediagoblin-10k-matching-grant.md
@@ -0,0 +1,14 @@
+# MediaGoblin $10k Matching Grant
+
+Congratulations to MediaGoblin for not only [meeting the $10k matching grant
+from a generous anonymous donor][0], but also for raising $36k to date.
+
+[MediaGoblin][1] is a "free software media publishing platform that anyone can
+run"; it is a distributed, free (as in freedom) alternative to services such as
+YouTube, Flickr and others, and is part of the [GNU project][2].
+
+[0]: http://mediagoblin.org/news/we-made-10k-matching.html
+[1]: http://mediagoblin.org/
+[2]: http://gnu.org/
+
+<!-- more -->
diff --git a/post/2012-11-06-video-of-2012-voting-machine-altering-votes.md b/post/2012-11-06-video-of-2012-voting-machine-altering-votes.md
new file mode 100644
index 0000000..0e9e914
--- /dev/null
+++ b/post/2012-11-06-video-of-2012-voting-machine-altering-votes.md
@@ -0,0 +1,11 @@
+# Video of 2012 Voting Machine Altering Votes
+
+A Reddit user [posted video of a 2012 voting machine preventing him from
+selecting Barak Obama][0]. Malfunction or not, this is the type of thing that
+could have possibly been caught if the software were free. Furthermore, from
+reading the source code, one would be able to clearly tell whether or not it was
+a bug or an intentional "feature".
+
+[0]: http://thenextweb.com/shareables/2012/11/06/reddit-user-captures-video-of-2012-voting-machines-altering-votes/
+
+<!-- more -->
diff --git a/post/2012-11-14-olpc-tablet-in-ethiopia.md b/post/2012-11-14-olpc-tablet-in-ethiopia.md
new file mode 100644
index 0000000..e56599f
--- /dev/null
+++ b/post/2012-11-14-olpc-tablet-in-ethiopia.md
@@ -0,0 +1,19 @@
+# OLPC Tablet in Ethiopia
+
+A story mentions how [Ethiopian kids quickly learned to read and use tablet
+PCs][0] provided by the [One Laptop Per Child][1] project. This is not only a
+noble feat (as we would expect from OLPC), but also an impressive one,
+considering that (as the article mentions) the children did not know how to
+read, even in their own language.
+
+[0]: http://dvice.com/archives/2012/10/ethiopian-kids.php
+[1]: http://one.laptop.org/
+
+<!-- more -->
+
+Now, while the OLPC does have [its own tablet][2], the article mentions that the
+[children were given Motorola Zoom tablets][0]; I would hope that they run free
+software to encourage freedom in these developing countries and to encourage the
+children to hack and explore their devices in even greater detail.
+
+[2]: http://one.laptop.org/about/xo-3
diff --git a/post/2012-11-17-us-copyright-alert-system.md b/post/2012-11-17-us-copyright-alert-system.md
new file mode 100644
index 0000000..d745dc9
--- /dev/null
+++ b/post/2012-11-17-us-copyright-alert-system.md
@@ -0,0 +1,10 @@
+# U.S. "Copyright Alert System"
+
+[The EFF warns][0] of [the "Copyright Alert System"][1]---a government
+endorsed spy system---that will launched shortly to monitor peer-to-peer
+networks for so-called "infringing" activity.
+
+[0]: https://www.eff.org/deeplinks/2012/11/us-copyright-surveillance-machine-about-be-switched-on
+[1]: http://www.copyrightinformation.org/alerts
+
+<!-- more -->
diff --git a/post/2012-11-17-vlcs-move-to-lgpl.md b/post/2012-11-17-vlcs-move-to-lgpl.md
new file mode 100644
index 0000000..0c125dc
--- /dev/null
+++ b/post/2012-11-17-vlcs-move-to-lgpl.md
@@ -0,0 +1,160 @@
+# VLC's Move to LGPL
+
+Jean-Baptiste Kempf of the VLC project explains that "most of the code of VLC"
+has been [relicensed under the LGPL][0], moving *away from* the GPL. Some of the
+reasons for the move include "competition, necessity to have more professional
+developers around VLC and AppStores".[1] (With the "AppStore" comment,
+Jean-Baptiste is likely referring to issues regarding free software in Apple's
+App Store, which [the FSF has discussed on their website][2].)
+
+This is unfortunate; using the LGPL in place of the GPL is [not encouraged for
+free software projects][3] because, while it ensures the freedom of the project
+itself, it does not encourage the development of free software that *uses* the
+project---the LGPL allows linking with proprietary software. Let's explore the
+aforementioned reasons in a bit more detail.
+
+[0]: http://www.jbkempf.com/blog/post/2012/I-did-it
+[1]: http://www.jbkempf.com/blog/post/2012/How-to-properly-relicense-a-large-open-source-project
+[2]: http://www.fsf.org/news/blogs/licensing/more-about-the-app-store-gpl-enforcement
+[3]: http://www.gnu.org/licenses/why-not-lgpl.html
+
+<!-- more -->
+
+Firstly, let us consider the issue of competition. In one of the [discussions on
+Hacker News][4], I pointed out the distinction between "open source" and Free
+Software:
+
+ [...]
+ It is important to understand the distinction between "open source" and "free
+ software". Open source focuses on the benefits of "open" code and development
+ and how it can create superior software. Free Software focuses on the ethical
+ issues---while free software developers certainly want contributors, the
+ emphasis is on the fact that the software respects your freedom and, for that,
+ it's far superior to any other proprietary alternative; free software users
+ constantly make sacrifices in functionality and usability, and we're okay with
+ that.
+
+ [http://www.gnu.org/philosophy/open-source-misses-the-point.html][5]
+ [...]
+
+In this sense, why should competition be considered for software freedom, unless
+it is between two free software projects, encouraging innovation in conjunction
+*with* freedom? In such a case, one wouldn't change the software license from
+the GPL to the LGPL, because the LGPL is less pursuant toward those freedoms.
+Therefore, VLC instead adopts the ["open source"][5] development model, as it
+cares more for competition.
+
+The next concern was to "have more professional developers around VLC".[1] Is
+this to imply that free software hackers cannot be professional developers? I
+certainly am. Consider projects like the kernel Linux---many companies have
+contributed back to that project, which is licensed under the GPLv2. If the goal
+is to have more people contributing to your project, then a license like the GPL
+is certainly best, as it puts a legal obligation on the distributor to release
+the source code, which the parent project may then incorporate. Now, the LGPL
+also forces this (except for linked software); since the only [differences
+between the GPL and the LGPL][6] deal with the linking exception, this means
+that the author is either (a) mistaken in the concern or (b) wishes for more
+*proprietary* development around VLC. Alternatively, the author may be
+concerned that the GPL introduces compatibility issues between whatever other
+"open source" license developers wish to use when linking VLC code, but
+again---that means that VLC is devaluing freedom. Risky business, but this is
+the model that BSD follows (permitting proprietary derivatives of the entire
+software---not just linking---and receiving contributions back from proprietary
+software makers.)
+
+Finally, let us consider the issue of Apple's App Store. This is issue is
+certainly of strong concern---Apple's products are very popular and yet they do
+not even make an attempt to respect the users' freedoms either with their
+software or with any of the software they allow on their "App Store".[2]
+However, Jean-Baptiste has made a fatal mistake---we should not be changing our
+licenses to suit Apple! In effect, that is giving Apple even more power over
+free software by allowing them to exert control not only over their users, but
+also over the developers of the users' favorite software! We should instead
+express our condolences with those users and suggest instead that they adopt a
+device or operating system that respects their freedom, or that they jailbreak
+their devices (which is [still legal][7]).
+
+I'll end this commentary with an additional response of mine from the
+[aforementioned Hacker News thread][4]:
+
+> The freedoms represent an ethical issue---that software developers have
+> unprecedented control over their users. Why should I, as a hacker, be able
+> to tell you what you can and cannot do with your device? Furthermore, it
+> raises deep privacy issues---what kind of data am I collecting and why
+> should I have that data?
+>
+> I entered the free software movement slowly (I began software development on
+> Windows as a young boy and was trained to think that bossing the user around
+> was a good thing; I thought it was fun to write DRM system and
+> anti-features). I began using GNU/Linux while still rationalizing my use of
+> proprietary software through Wine or by dual-booting into Windows. I then
+> saw the benefits of the "open source" development model. It wasn't until I
+> spent the time researching the reasons behind the free software movement
+> that things began to click. I was able to look back on everything I learned
+> as a developer for Windows and see that I enjoyed the thought of controlling
+> my users. I enjoyed the power I got from programming---programming was
+> empowerment, and the only way to squeeze the money out of those unsuspecting
+> users was to do it forcefully.
+>
+> People have fundamentally different philosophies when it comes to
+> programming. Do all proprietary software developers do so out of greed? On
+> some level, sure---they're not contributing that code so that others may
+> benefit from it. But are they doing it for the purpose of controlling their
+> users? Not necessarily, but they still are, even if they have the best of
+> intentions. Is someone who creates proprietary educational software for
+> children in third world companies "evil"? Certainly not. The problem is that
+> they're denying them an additional right---the right to modify that
+> software, learn from it and use their devices as they please.
+>
+> Of course, we often see proprietary software used unethically, often times
+> for vendor lock-in or greed; corporations are worried that if they lighten
+> their grip on their users, that the users may run, or worse, do something
+> [il]legal. I don't believe that is the place of software developers. I
+> remember, back when I used Windows, I was obsessed with magic/illusion. I
+> purchased a ton of videos online teaching me various magic tricks, but the
+> videos were laced with DRM (which, at the time, as a Windows developer, I
+> applauded). The problem was, that I then upgraded my hardware. My videos no
+> longer worked. I contacted them for a new key, and could view them again.
+> Then I got a new PC. And now I use GNU/Linux. I can no longer watch those
+> videos that I purchased because of this unnecessary, artificial restriction.
+> Was I going to distribute those videos? No. Did that prevent others from
+> stripping the restrictions and distributing it anyway? Certainly not. I was
+> being punished for others' actions and the others weren't any worse off from
+> the restrictions, because they understood how to defeat them.
+>
+> Of course, DRM's only one of the many issues (and DRM cannot exist in free
+> software, because the community would simply remove the anti-feature). What
+> if I were using some software---let's say Photoshop---and it crashed on me
+> in the middle of my work. Crap. Well, if I were using GIMP, I would run gdb
+> on the core dump (assuming a segfault) and inspect the problem. I would try
+> to repeat it. I could, if I wanted to, get my hands on the source code, fix
+> the problem and distribute that fix to others. If I didn't have the time or
+> ability, others could fix the problem for me, and we have the right to share
+> those changes. We have the right to benefit from those changes. With
+> Photoshop, we'd better start waiting. What if I was able to magically come
+> up with a fix, perhaps by modifying the machine code? Hold on---I'm not
+> allowed to do that! And I'm certainly not allowed to distribute that fix to
+> others. And I'm certainly not allowed to give my son a copy for his PC if he
+> wanted to do an art project for school.
+>
+> The FSF provides a great deal of information on their philosophy:
+> <http://www.gnu.org/philosophy/>. You could also gain a great deal of
+> insight by reading up on the history:
+> <http://shop.fsf.org/product/free-as-in-freedom-2/> or by reading RMS'
+> essays: <http://shop.fsf.org/product/signed-fsfs/>.
+>
+> And ultimately, you may find that you do not agree with our
+> philosophy---many don't. That's certainly your right, and I respect that.
+> What I cannot respect, and will not respect, is when that philosophy is used
+> to exert control over others.
+>
+> (As a final note: many say we control developers through our "viral"
+> licenses. But keep in mind that we're trying to protect the users *from*
+> developers. This means taking power away from developers. This is
+> intentional.)
+
+[4]: http://news.ycombinator.com/item?id=4787965
+[5]: http://www.gnu.org/philosophy/open-source-misses-the-point.html
+[6]: http://www.gnu.org/licenses/lgpl.html
+[7]: https://www.eff.org/press/releases/eff-wins-renewal-smartphone-jailbreaking-rights-plus-new-legal-protections-video
+
diff --git a/post/2012-11-19-copyright-reform-youre-silly.md b/post/2012-11-19-copyright-reform-youre-silly.md
new file mode 100644
index 0000000..c67c814
--- /dev/null
+++ b/post/2012-11-19-copyright-reform-youre-silly.md
@@ -0,0 +1,16 @@
+# Copyright Reform? You're silly.
+
+Amazingly, the Republican Study Committee (RSC) had [released a report
+suggesting copyright reform][0]. Of course, that's a silly thing to do when
+you're in bed with organizations like the MPAA and RIAA; [the report was quickly
+retracted][1].
+
+It would have been a surprising step forward; maybe there's hope yet, assuming
+the GOP can get a handle on itself.
+
+(Disclaimer: I have no party affiliation.)
+
+[0]: http://www.techdirt.com/articles/20121116/16481921080/house-republicans-copyright-law-destroys-markets-its-time-real-reform.shtml
+[1]: http://www.techdirt.com/articles/20121117/16492521084/hollywood-lobbyists-have-busy-saturday-convince-gop-to-retract-copyright-reform-brief.shtml
+
+<!-- more -->
diff --git a/post/2012-11-19-privacy-in-light-of-the-petraeus-scandal.md b/post/2012-11-19-privacy-in-light-of-the-petraeus-scandal.md
new file mode 100644
index 0000000..8f82b5c
--- /dev/null
+++ b/post/2012-11-19-privacy-in-light-of-the-petraeus-scandal.md
@@ -0,0 +1,58 @@
+# Privacy In Light of the Petraeus Scandal
+
+I'm not usually one for scandals (in fact, I couldn't care less who government
+employees are sleeping with). However, it did bring up deep privacy
+concerns---how exactly did the government get a hold of the e-mails?
+
+The [EFF had released an article answering some questions][0] about the scandal,
+which is worth a read. In particular, you should take a look at the [EFF's
+Surveillance Self-Defense website][1] for an in-depth summary of the laws
+surrounding government surveillance and tips on how to protect against it.
+
+[0]: https://www.eff.org/deeplinks/2012/11/when-will-our-email-betray-us-email-privacy-primer-light-petraeus-saga
+[1]: https://ssd.eff.org
+
+I'd like to touch upon a couple things. In particular, [the article mentions][0]:
+
+<!-- more -->
+
+> Broadwell apparently accessed the emails from hotels and other locations, not
+> her home. So the FBI cross-referenced the IP addresses of these Wi-Fi
+> hotspots "against guest lists from other cities and hotels, looking for common
+> names."
+
+To stay anonymous in this situation, one should [consider using Tor][2] to mask
+his/her IP address. Additionally, remove all cookies (or use your browser's
+privacy mode if it will disable storing and sending of cookies for you) and
+consider that your User Agent may be used to identify you, especially if
+maleware has inserted its own unique identifiers.
+
+Also according to [the EFF article][0]:
+
+> According to reports, Patraeus and Broadwell adopted a technique of drafting
+> emails, and reading them in the draft folder rather than sending them.
+
+That didn't work out so well. Consider [encrypting important communications][3]
+using GPG/PGP so that (a) the e-mail cannot be deciphered in transit and (b) the
+e-mail can only be read by the intended recipient. Of course, you are then at
+risk of being asked to divulge your password, so to avoid the situation
+entirely, it would be best to delete the e-mails after reading them.
+Additionally, if you host your own services, it may be wise to host your own
+e-mail (guides for doing this vary between operating system, but consider
+looking at software like [Postfix][4] for mail delivery and maybe [Dovecot][5]
+for retrieval).
+
+Privacy isn't only for those individuals who are trying to be sneaky or cheat on
+their spouses. Feel free joining the EFF in trying to reform the ECPA to respect
+our privacy in this modern era; storing a document digitally shouldn't change
+its fundamental properties under the law.
+
+I'd also encourage you to read [Schneier's post on this topic][6], which
+summarizes points from many articles that I did not cover here.
+
+[2]: https://ssd.eff.org/tech/tor
+[3]: https://ssd.eff.org/tech/encryption
+[4]: http://www.postfix.org
+[5]: http://www.dovecot.org/
+[6]: http://www.schneier.com/blog/archives/2012/11/e-mail_security.html
+
diff --git a/post/2012-12-01-tor-exit-node-operator-raided-in-austria.md b/post/2012-12-01-tor-exit-node-operator-raided-in-austria.md
new file mode 100644
index 0000000..d6868b1
--- /dev/null
+++ b/post/2012-12-01-tor-exit-node-operator-raided-in-austria.md
@@ -0,0 +1,9 @@
+# Tor exit node operator raided in Austria
+
+[These things][0] mustn't be allowed to happen; they are an affront to privacy.
+Tor exit node operators should not have to fear conviction for activities they
+themselves did not perform.
+
+[0]: http://www.lowendtalk.com/discussion/6283/raided-for-running-a-tor-exit-accepting-donations-for-legal-expenses
+
+<!-- more -->
diff --git a/post/2012-12-06-warrants-for-e-mails-in-the-united-states.md b/post/2012-12-06-warrants-for-e-mails-in-the-united-states.md
new file mode 100644
index 0000000..e924afc
--- /dev/null
+++ b/post/2012-12-06-warrants-for-e-mails-in-the-united-states.md
@@ -0,0 +1,10 @@
+# Warrants For E-mails in the United States
+
+The [Senate Judiciary Committee passed an amendment][0] that requires that they
+receive a warrant before spying on our e-mails.
+
+This is excellent; let us hope that it becomes law.
+
+[0]: https://www.eff.org/deeplinks/2012/12/deep-dive-updating-electronic-communications-privacy-act
+
+<!-- more -->
diff --git a/post/2012-12-22-copyright-assignment-of-free-software-projects.md b/post/2012-12-22-copyright-assignment-of-free-software-projects.md
new file mode 100644
index 0000000..7b6ea75
--- /dev/null
+++ b/post/2012-12-22-copyright-assignment-of-free-software-projects.md
@@ -0,0 +1,53 @@
+# Copyright Assignment Of Free Software Projects
+
+An [e-mail today from Paolo Bonzini][0], a maintainer of GNU sed, has prompted
+additional discussion regarding copyright assignment to corporate entities; in
+particular, the discussion focuses on copyright assignment to the FSF under the
+GNU project.
+
+[0]: http://article.gmane.org/gmane.comp.lang.smalltalk.gnu.general/7873
+
+<!-- more -->
+
+An [article by Michael Kerrisk on LWN.net][1], posted a couple days earlier,
+touches on the [same issue brought up by GnuTLS earlier in the month][2]. The
+disagreements from the two aforementioned individuals of the GNU-maintained
+projects prompt a thoughtful analysis of whether copyright assignment is
+appropriate for your own free software project[1]. In contrast, consider the
+[developer certificate of origin][3] policy adopted by the Linux project, under
+which contributors maintain copyright for their contributions.
+
+There are benefits and downsides to both models---if a project requires
+copyright assignment (such as the GNU projects), then enforcement and license
+modifications are simplified. As an example, if the Linux project wanted to move
+to the GPLv3, they would have to contact each contributor (a similar move was
+done recently [by the VLC project][4], except that they moved from the GPL to
+the LGPL). However, the Linux project has a much smaller barrier to entry---they
+need not [assign copyright of their contributions to the project (such as is the
+case with GNU)][5], meaning that individuals may be more likely to contribute.
+
+One of the major benefits touted by the FSF for copyright assignments from
+contributors is [copyright enforcement][6]---another complication that would
+arise from enforcing the GPL in a project such as Linux. That said, as the LWN
+article mentions[2], what if [the FSF cannot find the time to enforce the
+copyright on a project violation][7]? Then again, what of the flipside---do you
+have the time or money to enforce violations on your own projects were they not
+assigned to a corporation like the FSF?
+
+These are interesting discussions and certainly things that should be considered
+when determining how to handle both contributions and the copyright for your
+entire project. Ultimately, that decision falls on you, the author/maintainer,
+and your needs.
+
+(Disclaimer: I am an associate member of the Free Software Foundation. This
+article does not reflect any of my personal opinions; whether or not I would
+assign copyright to the FSF for any of my projects would be determined based on
+the goals and plan of that particular project.)
+
+[1]: http://lwn.net/SubscriberLink/529522/854aed3fb6398b79/
+[2]: http://lwn.net/Articles/529558/
+[3]: http://elinux.org/Developer_Certificate_Of_Origin
+[4]: http://mikegerwitz.com/thoughts/2012/11/VLC-s-Move-to-LGPL.html
+[5]: http://git.savannah.gnu.org/cgit/gnulib.git/tree/doc/Copyright/assign.changes.manual#n64
+[6]: http://www.gnu.org/licenses/why-assign.html
+[7]: http://lwn.net/Articles/529777/
diff --git a/post/2012-12-28-congress-approves-fisa-for-another-5-years.md b/post/2012-12-28-congress-approves-fisa-for-another-5-years.md
new file mode 100644
index 0000000..0c7b9ff
--- /dev/null
+++ b/post/2012-12-28-congress-approves-fisa-for-another-5-years.md
@@ -0,0 +1,46 @@
+# Congress Approves FISA For Another 5 Years
+
+At a [vote of 73-23][0], Congress has voted to [extend FISA warentless spying
+bill by five more years[1], even shooting down [proposed amendments][2] to the
+bill.[3]
+
+[0]: https://www.senate.gov/legislative/LIS/roll_call_lists/roll_call_vote_cfm.cfm?congress=112&session=2&vote=00236
+[1]: https://www.eff.org/deeplinks/2012/12/congress-disgracefully-approves-fisa-warrantless-eavesdropping-bill-five-more
+[2]: https://www.eff.org/deeplinks/2012/12/why-we-should-all-care-about-senates-vote-fisa-amendments-act-warrantless-domestic
+[3]: http://arstechnica.com/tech-policy/2012/12/as-senate-votes-on-warrantless-wiretapping-opponents-offer-fixes/
+
+<!-- more -->
+
+Thank you to those senators that [opposed the bill][0]:
+
+> Akaka (D-HI);
+> Baucus (D-MT);
+> Begich (D-AK);
+> Bingaman (D-NM);
+> Brown (D-OH);
+> Cantwell (D-WA);
+> Coons (D-DE);
+> Durbin (D-IL);
+> Franken (D-MN);
+> Harkin (D-IA);
+> Leahy (D-VT);
+> Lee (R-UT);
+> Menendez (D-NJ);
+> Merkley (D-OR);
+> Murkowski (R-AK);
+> Murray (D-WA);
+> Paul (R-KY);
+> Sanders (I-VT);
+> Schatz (D-HI);
+> Tester (D-MT);
+> Udall (D-CO);
+> Udall (D-NM);
+> Wyden (D-OR).
+
+Unfortunately, the two senators from my own state cannot join that list.
+
+The [EFF has sumarized the surveillance issues of 2012][4] recently on their
+website.
+
+[4]: https://www.eff.org/deeplinks/2012/12/2012-review-effs-fight-against-secret-surveillance-law
+
diff --git a/post/2013-01-01-happy-new-year.md b/post/2013-01-01-happy-new-year.md
new file mode 100644
index 0000000..2716378
--- /dev/null
+++ b/post/2013-01-01-happy-new-year.md
@@ -0,0 +1,9 @@
+# Happy New Year
+
+The greatest excitement in moving into a new year is the prospect of quantified
+growth.
+
+Of course, it also means another year to look forward to the health of those you
+care for.
+
+<!-- more -->
diff --git a/post/2013-01-07-dna-collection.md b/post/2013-01-07-dna-collection.md
new file mode 100644
index 0000000..e0fea7d
--- /dev/null
+++ b/post/2013-01-07-dna-collection.md
@@ -0,0 +1,29 @@
+# DNA Collection
+
+Consider a recent article from the EFF [regarding "Rapid DNA Analyzers"][0].
+The article poses the potetial issues involved, but also consider that any DNA
+collected (if not destroyed) would violate not just your privacy, but your
+entire blood line. What if DNA from immigrants were collected? Much of that
+information is inherited, so generations down the line, your privacy is still
+violated.
+
+[0]: https://www.eff.org/deeplinks/2012/12/rapid-dna-analysis
+
+<!-- more -->
+
+I cannot comment intelligently on the matter since I haven't read deeply enough
+into the proposed storage/hashing/etc policies, but those polices can be abused
+and such data can be leaked. I highly oppose any sort of DNA collection outside
+of personal at-home use (when the technology is available with free software)
+and use by medical professionals for personal medical reasons so long as the
+institution performing the test can provide stringent evidence of its
+destruction. But even then, if law enforcement somehow got a hold of the DNA
+before it were destroyed, then the problem still exists, so it would be best if
+you had your own personal tools to analyze your own DNA and distribute only the
+portions that were required (and encryption tools like [GPG][1] could be used
+for distribution).
+
+One day, but not now. Let's make those scanners affordable and run free
+software.
+
+[1]: http://www.gnupg.org/
diff --git a/post/2013-01-07-uspto-wants-to-hear-from-software-community.md b/post/2013-01-07-uspto-wants-to-hear-from-software-community.md
new file mode 100644
index 0000000..1d36e3f
--- /dev/null
+++ b/post/2013-01-07-uspto-wants-to-hear-from-software-community.md
@@ -0,0 +1,15 @@
+# USPTO Wants To Hear From Software Community
+
+The [USPTO wants to hear from the software community][0]. Interesting, but the
+problem is that the "software community" includes more than just those who
+find software patents to be an abomination.
+
+I have [mentioned issues with software patents in a previous post][1], but one
+resource that may be worth looking at direclty is ["The Case Against
+Patents"][2] [pdf].
+
+[0]: http://www.groklaw.net/article.php?story=20130104012214868
+[1]: http://mikegerwitz.com/thoughts/2012/10/Abolishing-Patents.html
+[2]: http://research.stlouisfed.org/wp/2012/2012-035.pdf
+
+<!-- more -->
diff --git a/post/2013-01-14-lulu-says-goodbye-to-drm.md b/post/2013-01-14-lulu-says-goodbye-to-drm.md
new file mode 100644
index 0000000..53f4d38
--- /dev/null
+++ b/post/2013-01-14-lulu-says-goodbye-to-drm.md
@@ -0,0 +1,41 @@
+# LuLu Says Goodbye to DRM
+
+On January 8th, [LuLu announced that they would be dropping DRM][0] for users
+who "[download] eBooks directly from Lulu.com to the device of their choice".
+This is a wise move (for [those of us who oppose DRM][1]), but unfortunately, as
+John Sullivan of the Free Software Foundation noted on the fsf-community-team
+mailing list, the [comments on LuLu's website][0] are not all positive:
+
+[0]: http://www.lulu.com/blog/2013/01/drm-update/
+[1]: http://defectivebydesign.org/
+
+> This is a positive development, but unfortunately there has been a lot
+> of negative reaction in the comments on their announcement.
+>
+> It'd be great if people could chime in and support them their move away
+> from DRM.
+
+<!-- more -->
+
+At first glance, certain authors seem to be concerned that the absense of DRM
+will lead to ["more illegal file sharing"][0]:
+
+> [...] I’ve got copies of my non-DRM ebooks all over the torrent sites and
+> thousands of downloads registered, for which I haven’t received a cent. As
+> soon as you push for them to be taken down, they’re posted up again.
+
+While it is unfortunate that those authors are not receiving compensation for
+their hard work, it should be noted that this problem exists even *with*
+DRM, so it is not a valid argument toward keeping it.
+
+I applaud this move by LuLu, though I'm disappointed to see [this comment in the
+original post][0]:
+
+> Companies like Amazon, Apple and Barnes & Noble integrate a reader’s
+> experience from purchasing to downloading and finally to reading. These
+> companies do a fantastic job in this area, and eBooks published through Lulu
+> and distributed through these retail sites will continue to have the same
+> rights management applied as they do today.
+
+They do not do it well; no DRM is good DRM.
+
diff --git a/post/2013-01-26-re-fsf-wastes-away-another-high-priority-project.md b/post/2013-01-26-re-fsf-wastes-away-another-high-priority-project.md
new file mode 100644
index 0000000..8725de1
--- /dev/null
+++ b/post/2013-01-26-re-fsf-wastes-away-another-high-priority-project.md
@@ -0,0 +1,171 @@
+# Re: FSF Wastes Away Another "High Priority" Project
+
+A couple days ago, my attention was drawn to an article on Phoronix that
+[criticized the FSF for its decision to stick with GPLv3 over GPLv2 on
+LibreDWG][0] due to the number of projects that make use of it---licensed under
+the GPLv2---under [a now incompatible][1] license. This article is very negative
+and essentially boils down to this point (the last paragraph):
+
+> Unless the Free Software Foundation becomes more accomodating [sic] of these
+> open-source developers -- who should all share a common goal of wanting to
+> expand free/open-source software -- LibreDWG is likely another project that
+> will ultimately waste away and go without seeing any major adoption due to
+> not working with the GPLv2.
+
+It it worth mentioning why this view is misguided (though understandable for
+those who adopt the ["open source" philosophy over that of software
+freedom][2]).
+
+[0]: http://www.phoronix.com/scan.php?page=news_item&px=MTI4Mjc
+[1]: http://www.gnu.org/licenses/gpl-faq.html#WhatDoesCompatMean
+[2]: http://www.gnu.org/philosophy/open-source-misses-the-point.html
+
+<!-- more -->
+
+Let me start with [this paragraph from the Phoronix article][0]:
+
+> The Free Software Foundation was contacted about making LibreDWG GPLv2+
+> instead (since the FSF is the copyright holder), but the FSF/Richard Stallman
+> doesn't the DWG library on the earlier version of their own open-source
+> license.
+
+The FSF's founding principle is that of [software freedom][3] (beginning with the
+GNU project). Now, consider the reason for the creation of the GPLv3---the GPLv2
+[could not sufficiently protect against][4] software patents and newer threats such
+as "tivoization". These goals further the FSF's mission of ensuring---in
+this case---that free software *remains* free ([a concept that RMS coined
+"copyleft"][5]). It would make sense, then, that the FSF (and RMS') position is
+that [it is important that we adopt the GPLv3 for our software][6].
+
+From this perspective, it does not make sense to "downgrade" LibreDWG's
+license to the GPLv2, which contains various bugs that have since been patched
+in GPLv3---it is not pursuant to the FSF's goals. (Of course, not all agree with
+the GPLv3; one such notable disagreement (as well as issues
+stemming from copyright assignment) leaves the kernel Linux [perpetually licensed
+under the GPLv2][7] since it does not contain the ["or later" clause][8]).
+
+That is not to say that the author's concern is not legitimate---a number of
+projects are licensed under the GPLv2 and therefore cannot use the newer (and
+improved) versions of LibreDWG that are licensed under the GPLv3 (unless they
+were to upgrade to the GPLv3, of course). Whether or not upgrading is feasible
+(e.g., in the case of the kernel Linux, it is not) is irrelevant---let us
+instead focus on the issue of adoption under the assumption that the project is
+either unwilling or unable to make use of a library licensed under the GPLv3.
+
+As aforementioned, [the author focuses on the issue of adoption][0]:
+
+> LibreDWG is likely [...to] go without seeing any major adoption due to not
+> working with the GPLv2
+
+A focus on adoption is a [focus of "open source", not free software][2], the
+latter of which the FSF represents. With a focus on software freedom, the goal
+is to create software that respects the [users' four essential freedoms][9]; if
+the software is adopted and used, great! However, freedom should never be
+sacrificed in order to encourage adoption. One may argue that "downgrading" to
+the GPLv2 is not sacrificing freedom because the software is still free (it is
+even the GPL)---but it is important to again realize that the GPLv3 is "more
+free" than the GPLv2 in the sense that it [*protects* additional freedoms][6];
+so, while the GPLv2 isn't necessarily sacrificing users' freedoms directly, it
+does have such an indirect effect through means of enforcement.
+
+A reader familiar with GNU may then point out the LGPL---the Lesser General
+Public License---under which popular (and very important) [libraries such as
+glibc are licensed][10]. In fact, one could extend this argument to any
+library---why not have LibreDWG licensed under the LGPL to avoid this problem in
+its entirety, while still preserving the users' freedoms for that library in
+itself? This understanding requires a brief lesson in history---the rationale
+under which the LGPL was born. [To quote the GNU project][11]:
+
+> Using the ordinary GPL is not advantageous for every library. There are
+> reasons that can make it better to use the Lesser GPL in certain cases. The
+> most common case is when a free library's features are readily available for
+> proprietary software through other alternative libraries. In that case, the
+> library cannot give free software any particular advantage, so it is better to
+> use the Lesser GPL for that library.
+
+It was for this reason that glibc was released under the LGPL---because it was
+better to have the users adopt some sort of free software than none at all;
+there were other alternatives that existed that users may flock to if they were
+forced to liberate their own proprietary software (after all, the C API is also
+standardized, so such a feat would be trivial). Now that glibc has since matured
+greatly, it could be argued today that it has proved its usefulness and the LGPL
+may no longer be necessary, but such a discussion is not necessarily relevant
+for this conversation.
+
+What is important is that [the FSF does not recommend the LGPL for most
+libraries][11] because that would encourage proprietary software developers to
+take advantage of both the hard work of the free software community and the
+users of the software. Now, I cannot speak toward the alternatives to
+LibreDWG---do there exist proprietary alternatives that are reasonable
+alternatives to non-commercial projects? I do not have experience with the
+library. However, I hope by this point the FSF's position has been rationalize
+(even if you---the reader---do not agree with it).
+
+Of course, this rationalization will still leave a sour taste in the mouth of
+those "open source" developers (or perhaps even some free software developers)
+that think in terms of what is "lost": these projects---which are themselves
+free software and therefore beneficial to our community---cannot take advantage
+of *other free software* due to this licensing issue. Since these projects had
+already existed when LibreDWG was licensed under the GPLv2, the relicensing to
+GPLv3 may seem unfair and, therefore, a "loss". It is difficult to counter
+such an argument if the above rationale has not been sufficient; nor will I
+argue that the situation is not unfortunate, should the projects be unable to
+relicense. However, it must be understood that, to ensure the future of free
+software, the FSF must adopt to combat today's threats and so too must other
+free software projects.
+
+The Phoronix article mentioned two projects in particular that suffer from
+LibreDWG's relicensing: [LibreCAD and FreeCAD][0]. LibreCAD omits the "or later"
+clause that was mentioned above, preventing them from easily migrating to the
+GPLv2 (which is [against the FSF's recommendation][12]). Unless the project
+requires that contributors assign copyright to the project owner, then they
+would have to get permission from each contributor (or rewrite the code) in
+order to change the license (which is not unheard of; [VLC had done so recently
+to migrate from the GPL to the LGPL][13]); this is a significant barrier for any
+project with multiple contributors, especially when your project is a derivative
+work (of QCad).
+
+The other project mention was FreeCAD, and the author of the article mentions
+that the project depends on Coin3D and Open CASCADE, "both of which are
+GPLv2", so [the project cannot migrate to GPLv3][0]. A quick look at Coin3D's
+website shows that the software is actually licensed under the modified
+(3-clause) BSD license, and so [migrating to the GPLv3 is not an issue][15]. Open
+CASCADE has its own "public license" that I do not have the time to evaluate
+(nor am I lawyer, so I do not wish to give such advice), so I cannot speak to
+its compatibility with the GPLv3. That said, I'm unsure if it would be a barrier
+toward FreeCAD's adoption of the GPLv3.
+
+Ultimately, the moral of the story is to plan for the *future*---if you use a
+project licensed under the GPL, ensure that it has the "or later" clause that
+allows it to be licensed under later version of the GPL, since you can be sure
+that the FSF and many other free software developers will be quick to adopt the
+license. Of course, many may not be comfortable with such a licensing decision:
+you effectively are giving the FSF permission to relicense you work by simply
+releasing a new version of the GPL. It is your decision whether you are willing
+to place this kind of trust in the organization responsible for starting the
+free software movement in the first place.
+
+Readers may now assume that I am placing the entire blame and onus on the
+implementors of LibreDWG. The onus, perhaps, but not the blame---this truly is
+an unfortunate circumstance that takes away from hacking a free software
+project. Unfortunately, the projects are stuck in a bad place, but the FSF is
+not to blame for standing firm in their ideals. Instead, this can be thought of
+as a maintenance issue---rather than a source code refactoring resulting from a
+library API change, we instead require a "legal code" refactoring resulting
+from a "legal API" change.
+
+[3]: http://www.fsf.org/about/
+[4]: http://www.gnu.org/licenses/quick-guide-gplv3.html
+[5]: http://www.gnu.org/copyleft/
+[6]: http://www.gnu.org/licenses/rms-why-gplv3.html
+[7]: http://lwn.net/Articles/200422/
+[8]: http://www.gnu.org/licenses/gpl-faq.html#v2v3Compatibility
+[9]: http://www.gnu.org/philosophy/free-sw.html
+[10]: http://www.gnu.org/licenses/lgpl.html
+[11]: http://www.gnu.org/licenses/why-not-lgpl.html
+[12]: http://www.gnu.org/licenses/gpl-howto.html
+[13]: http://mikegerwitz.com/thoughts/2012/11/VLC-s-Move-to-LGPL.html
+[14]: https://bitbucket.org/Coin3D/coin/wiki/Home
+[15]: http://www.gnu.org/licenses/license-list.html#ModifiedBSD
+[16]: http://www.opencascade.org/getocc/license/
+
diff --git a/post/2013-01-30-phone-unlocking-once-again-illegal.md b/post/2013-01-30-phone-unlocking-once-again-illegal.md
new file mode 100644
index 0000000..5e775d6
--- /dev/null
+++ b/post/2013-01-30-phone-unlocking-once-again-illegal.md
@@ -0,0 +1,7 @@
+# Phone "Unlocking" Once Again Illegal
+
+[Ridiculous.][0] We should own the hardware that we purchase.
+
+[0]: https://www.eff.org/is-it-illegal-to-unlock-a-phone
+
+<!-- more -->
diff --git a/post/2013-01-30-re-who-does-skype-let-spy.md b/post/2013-01-30-re-who-does-skype-let-spy.md
new file mode 100644
index 0000000..c75d056
--- /dev/null
+++ b/post/2013-01-30-re-who-does-skype-let-spy.md
@@ -0,0 +1,102 @@
+# Re: Who Does Skype Let Spy?
+
+Today, [Bruce Schneier brought attention to privacy concerns surrounding
+Skype][0], a very popular ([over 600 million users][1]) VoIP service that has
+since been acquired by Microsoft. In particular, [users are concerned over what
+entities may be able to gain access to their "private" conversations][1]
+through the service---Microsoft has refused to answer those kinds of questions.
+While the specific example of Skype is indeed concerning, it raises a more
+general issue that I wish to discuss: The role of free software and SaaS
+(software as a service).
+
+[0]: http://www.schneier.com/blog/archives/2013/01/who_does_skype.html
+[1]: http://www.skypeopenletter.com/
+
+<!-- more -->
+
+To [quote Schneier][0]:
+
+> We have no choice but to trust Microsoft. Microsoft has reasons to be
+> trustworthy, but they also have reasons to betray our trust in favor of other
+> interests. And all we can do is ask them nicely to tell us first.
+
+Schneier continues to admit, in similar words, that [we are but "vassals" to
+these entities and that they are our serfs][2]. His essays regarding the [power of
+corporations and governments over their users][3] echo the words of Lawrence
+Lessig in his [predictions of a "perfectly regulated" future made possible by
+the Internet][4]. While Lessig (despite what his critics have stated in the
+past) seems to have been correct in many regards, we need not jump into the
+perspective of an Orwellian dystopia where we are but "vassals" to the
+Party.[^5] Indeed, this is only the case---at least at present---if you choose to
+participate in the use of services such as Skype, as ubiquitous as they may be.
+
+Skype is a useful demonstration of the unfortunate situation that many users
+place themselves in by trusting their private data to Microsoft. Skype itself is
+proprietary---we cannot inspect its source code (easily) in order to ensure that
+it is respecting our privacy. (Indeed, as a user on [the HackerNews
+discussion][6] pointed out, [Skype has installed undesirable software in the
+past][7].) If Skype were [free software][8], we would be able to inspect its
+source code and modify it to suit our needs, ensuring that the software did only
+what we wanted it to do---ensuring that Microsoft was not in control of us.
+
+However, even if Skype were free software, there is another issue at work that
+is often overlooked by users: Software as a Service (SaaS). When you make use of
+services that are hosted on remote servers (often called "cloud"
+services)---such as with Skype, Facebook, Twitter, Flickr, Instagram, iTunes,
+iCloud and many other popular services---you are blindly entrusting your data to
+them. Even if the Skype software were free (as in freedom), for example, [we
+still cannot know what their servers are doing with the data we provide to
+them][9]. Even if Skype's source code was plainly visible, the servers act as a
+black box. Do they monitor your calls? [Does Facebook abuse your data?][10] How is
+that data stored---[what happens][1] in the event of a data breach, or in the event
+of a warrant/subpoena?
+
+The only way to be safe from these providers is to [reject these services
+entirely and use your own software on your own PC][9], or use software that will
+connect directly to your intended recipient without going through a 3rd
+party. (Never mind your ISP; that is a separate issue entirely.) If you must
+use a 3rd party service, ensure that you can adequately encrypt your
+communications (e.g. using GPG to encrypt e-mail communications)---something
+that may not necessarily be easy/possible to do, especially if the software is
+proprietary and works against you.
+
+The EFF has published [useful information on protecting yourself against
+surveillance][11], covering topics such as encryption and anonymization.
+
+If we are to resist the worlds that [Lessig][4] and [Schneier][3] describe, then we
+must [stand up for our right to privacy and demand action][12]. [Who will have
+your back][13] when we're on the brink of ["perfect regulation"][4]; who will
+stand up for your rights and work *with* you---not against you---to preserve
+your liberties? Without this push, services like Skype empower governments and
+other entities to work toward perfect regulation---to continuously spy on
+everything that we do. With everyone putting their every thought and movement on
+services like Facebook, [Twitter][14] and Skype, the Orwellian Thought Police have
+the ability to manifest in a form that not even Orwell could have
+imagined---unless it is stopped.
+
+To help [preserve your ever-dwindling rights online][15], consider becoming a
+member of or participating in the campaigns of the [Free Software
+Foundation][16], [Electronic Frontier Foundation][17], the [American Civil
+Liberties Union][18] or any other organizations dedicated toward free society.
+
+(Disclaimer: I am a member of the Free Software Foundation.)
+
+[2]: http://www.schneier.com/essay-406.html
+[3]: http://www.schneier.com/essay-409.html
+[4]: http://codev2.cc/
+[6]: http://news.ycombinator.com/item?id=5139801
+[7]: http://blogs.skype.com/garage/2011/05/easybits_update_disabled_for_s.html
+[8]: http://www.gnu.org/philosophy/free-sw.html
+[9]: http://www.gnu.org/philosophy/who-does-that-server-really-serve.html
+[10]: https://www.eff.org/deeplinks/2013/01/facebook-graph-search-privacy-control-you-still-dont-have
+[11]: https://ssd.eff.org
+[12]: https://www.eff.org/deeplinks/2013/01/its-time-transparency-reports-become-new-normal
+[13]: https://www.eff.org/pages/when-government-comes-knocking-who-has-your-back
+[14]: https://www.eff.org/deeplinks/2013/01/google-twitters-new-transparency-report-shows-increase-government-demands-sheds
+[15]: https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=8750
+[16]: http://www.fsf.org/register_form?referrer=5804
+[17]: https://supporters.eff.org/donate
+[18]: https://www.aclu.org/donate/join-renew-give
+
+[^5]: Orwell, George. Nineteen Eighty-Four. ISBN 978-0-452-28423-4.
+
diff --git a/post/2013-02-26-what-is-cispa-and-why-is-it-dangerous.md b/post/2013-02-26-what-is-cispa-and-why-is-it-dangerous.md
new file mode 100644
index 0000000..94e3dd6
--- /dev/null
+++ b/post/2013-02-26-what-is-cispa-and-why-is-it-dangerous.md
@@ -0,0 +1,8 @@
+# What is CISPA and Why is it Dangerous?
+
+The EFF has put together an excellent [FAQ on CISPA][0], the "cybersecurity"
+bill that was reintroduced to congress earlier this month.
+
+[0]: https://www.eff.org/deeplinks/2013/02/cispas-back-faq-what-it-and-why-its-still-dangerous
+
+<!-- more -->
diff --git a/post/2013-03-01-dmr-very-early-c-compilers-and-language.md b/post/2013-03-01-dmr-very-early-c-compilers-and-language.md
new file mode 100644
index 0000000..9dfe0bd
--- /dev/null
+++ b/post/2013-03-01-dmr-very-early-c-compilers-and-language.md
@@ -0,0 +1,15 @@
+# DMR: "Very early C compilers and language"
+
+An interesting article by Dennis Ritchie discussing [early C compilers][0]
+recovered from old DECtapes. The source code and history are fascinating reads.
+The quality of the code (the "kludgery"[1], as he puts it) to me just brings
+smiles---I appreciate seeing the code in its original glory.
+
+It is also saddening reading the words of such a great man who is no longer with
+us; perhaps it helps to better appreciate his legacy.
+
+[0]: http://cm.bell-labs.com/cm/cs/who/dmr/primevalC.html
+[1]: http://www.catb.org/~esr/jargon/html/K/kludge.html
+
+<!-- more -->
+
diff --git a/post/2013-03-01-libreated-pixel-cup-winners-announced.md b/post/2013-03-01-libreated-pixel-cup-winners-announced.md
new file mode 100644
index 0000000..c5f6723
--- /dev/null
+++ b/post/2013-03-01-libreated-pixel-cup-winners-announced.md
@@ -0,0 +1,8 @@
+# Libreated Pixel Cup Winners Announced
+
+[Congratulations][0] to the [winners of the Liberated Pixel Cup][1].
+
+[0]: http://www.fsf.org/news/winners-announced-for-free-software-gamings-highest-honor-the-liberated-pixel-cup
+[1]: http://lpc.opengameart.org/content/code-judging-is-in
+
+<!-- more -->
diff --git a/post/2013-03-06-google-says-the-fbi-is-secretly-spying-on-some-of-its-customers.md b/post/2013-03-06-google-says-the-fbi-is-secretly-spying-on-some-of-its-customers.md
new file mode 100644
index 0000000..32a06f6
--- /dev/null
+++ b/post/2013-03-06-google-says-the-fbi-is-secretly-spying-on-some-of-its-customers.md
@@ -0,0 +1,35 @@
+# Google Says the FBI Is Secretly Spying on Some of Its Customers
+
+A Wired article mentions [figures released from Google][0] regarding National
+Security Letters issued by the NSA under the Patriot Act. It is too early to
+comment in much detail on this matter (I would like to wait for commentary from
+the EFF), but, as the article mentions:
+
+[0]: http://www.wired.com/threatlevel/2013/03/google-nsl-range/?cid=co6199824
+
+> Google said the number of accounts connected to National Security letters
+> ranged between “1000-1999″ for each of the reported years other than 2010. In
+> that year, the range was “2000-2999.”
+
+<!-- more -->
+
+The [EFF provides additional information, including recommendations on what to
+do about such requests][1] via their Surveillance Self-Defense website. As
+quoted from that website:
+
+> And it's even worse for FISA subpoenas, which can be used to force anyone to
+> hand over anything in complete secrecy, and which were greatly strengthened
+> by Section 215 of the USA PATRIOT Act. The government doesn't have to show
+> probable cause that the target is a foreign power or agent — only that they
+> are seeking the requested records "for" an intelligence or terrorism
+> investigation. Once the government makes this assertion, the court must
+> issue the subpoena.
+
+To add insult to injury:
+
+> FISA orders and National Security Letters will also come with a gag order that
+> forbids you from discussing them. Do NOT violate the gag order. Only speak to
+> members of your organization whose participation is necessary to comply with
+> the order, and your lawyer.
+
+[1]: https://ssd.eff.org/foreign/fisa
diff --git a/post/2013-03-09-adding-1-and-1-in-php.md b/post/2013-03-09-adding-1-and-1-in-php.md
new file mode 100644
index 0000000..237cbf7
--- /dev/null
+++ b/post/2013-03-09-adding-1-and-1-in-php.md
@@ -0,0 +1,41 @@
+# Adding 1 and 1 in PHP
+
+An amusing demonstration; it is my hope that [readers will not take this PHP
+library seriously][0]. This is likely a parody of the over-engineering that
+often takes foot in Object-Oriented development (a game of "how many GoF[^4]
+design patterns can we use in this project" anyone?).
+
+[0]: https://github.com/Herzult/SimplePHPEasyPlus
+
+<!-- more -->
+
+That is not to say that "OOP is bad" (just as object-oriented developers often
+consider procedural code bad, when they may just be terrible at writing
+procedural code). Indeed, I wrote [an ECMAScript framework for Classical OOP
+(ease.js)][1]. The problem is that, with the excitement and misunderstandings
+that surround "good" object-oriented design, designers are eager to
+over-abstract their implementations (I have been guilty of the same thing).
+Object oriented programming is often taught to novice CS students (often with
+the reign of Java in schools)---teaching practices that can be good principles
+when properly applied and in moderation---which [I have also seen contribute to
+such madness][2].
+
+Abstractions are highly important, but only when necessary and when they lead to
+more concise representations of the problem than would otherwise occur (note
+that some problems are inherently complicated and, as such, a concise
+representation may not seen concise). I'm a strong advocate of DSLs when
+abstractions begin to get in the way and increase the verbosity of the code
+(languages with strong macro systems like lisp help eliminate the need for
+DSLs written from scratch)---design patterns exist because of deficiencies in
+the language: They are "patterns" of code commonly used to achieve a certain
+effect.
+
+[Criticisms against OOP are abundant][3], just as every other paradigm.
+
+[1]: http://easejs.org
+[2]: http://c2.com/cgi/wiki?TextbookOo
+[3]: http://c2.com/cgi/wiki?ArgumentsAgainstOop
+
+[^4]: Design Patterns: Elements of Reusable Object-Oriented Software. ISBN
+ 0-201-63361-2. Gamma, Helm, Johnson and Vlissides (the "Gang of Four").
+
diff --git a/post/2013-03-09-oxford-university-blocks-google-docs.md b/post/2013-03-09-oxford-university-blocks-google-docs.md
new file mode 100644
index 0000000..2954ad7
--- /dev/null
+++ b/post/2013-03-09-oxford-university-blocks-google-docs.md
@@ -0,0 +1,50 @@
+# Oxford University Blocks Google Docs
+
+Oxford University decided to [block Google Docs][0] last month due to phishing
+attacks against its users. To quote the blog post:
+
+[0]: http://blogs.oucs.ox.ac.uk/oxcert/2013/02/18/google-blocks/
+
+> Almost all the recent attacks have used Google Docs URLs, and in some cases
+> the phishing emails have been sent from an already-compromised University
+> account to large numbers of other Oxford users. Seeing multiple such incidents
+> the other afternoon tipped things over the edge. We considered these to be
+> exceptional circumstances and felt that the impact on legitimate University
+> business by temporarily suspending access to Google Docs was outweighed by the
+> risks to University business by not taking such action.
+
+<!-- more -->
+
+This incident was brought to my attention by [a blog post by Schneier][1], in
+which he referenced his [essay on "feudal security"][2] (I commented in more
+detail on this essay in [my response to a previous blog post of
+his][3].[^blog]) In this case, Oxford is trusting that it knows better than its
+users and has the right to exercise this power over them in light of their
+inexperience with handling these situations (or even recognizing them).
+
+This may very well be the case---the Oxford IT department probably does have a
+better understanding of security than many of their users. However, by blocking
+access to Google Docs, they are also blocking access to millions of legitimate
+articles hosted there, which is far from acceptable. Oxford is more than just a
+workplace---for which many would argue these actions are acceptable; it is a
+university that should encourage freedom of expression. They simply must find a
+better way of dealing with these problems. If a user falls victim to a phishing
+attack within Oxford, they will likely fall victim outside of it.
+
+Would Oxford consider blocking e-mail access too (where phishing attacks are
+very cheap and common)?
+
+> We appreciate and apologise for the disruption this caused for our users.
+> Nevertheless, we must always think in terms of the overall risk to the
+> University as a whole, and we certainly cannot rule out taking such action
+> again in future [...]
+
+N.B.: Google Docs is proprietary and I cannot recommend its use any more than I
+can recommend use of Microsoft Office.
+
+[1]: https://www.schneier.com/blog/archives/2013/03/oxford_universi.html
+[2]: https://www.schneier.com/essay-406.html
+[3]: /2013/01/re-who-does-skype-let-spy
+
+[^blog]: (I posted a link to my response on his blog, but he did not approve the comment.)
+
diff --git a/post/2013-03-09-white-house-supports-cell-phone-unlocking.md b/post/2013-03-09-white-house-supports-cell-phone-unlocking.md
new file mode 100644
index 0000000..827a660
--- /dev/null
+++ b/post/2013-03-09-white-house-supports-cell-phone-unlocking.md
@@ -0,0 +1,40 @@
+# White House Supports Cell Phone Unlocking
+
+Earlier this week, the starter of the [White House petition to "Make Unlocking
+Cell Phones Legal"][0] posted a [thread on Hacker News][1] stating that the
+White House had officially responded, stating:
+
+> The White House agrees with the 114,000+ of you who believe that consumers
+> should be able to unlock their cell phones without risking criminal or other
+> penalties. In fact, we believe the same principle should also apply to
+> tablets, which are increasingly similar to smart phones. And if you have paid
+> for your mobile device, and aren't bound by a service agreement or other
+> obligation, you should be able to use it on another network. It's common
+> sense, crucial for protecting consumer choice, and important for ensuring we
+> continue to have the vibrant, competitive wireless market that delivers
+> innovative products and solid service to meet consumers' needs.
+
+<!-- more -->
+
+The petition---as stated in the above response---garnered over 114,000
+signatures. The response is exciting news because the Library of Congress had
+[removed the phone unlocking exemption][2] at the beginning of this year. (As
+the EFF points out, [this may not necessarily mean that unlocking your phone is
+"illegal"][3]).
+
+However, although this response is getting a lot of attention (I was surprised
+to see my local news station report on it), this is not yet cause for
+celebration; it is my hope that the White House will now follow through with
+this statement and act upon it appropriately.
+
+(The [EFF has also posted their own comments on the White House's response][4].)
+
+This is just one issue in [a string of problems that is the DMCA][5].
+
+[0]: https://petitions.whitehouse.gov/petition/make-unlocking-cell-phones-legal/1g9KhZG7
+[1]: https://news.ycombinator.com/item?id=5319577
+[2]: /2013/01/phone-unlocking-once-again-illegal
+[3]: https://www.eff.org/is-it-illegal-to-unlock-a-phone
+[4]: https://www.eff.org/deeplinks/2013/03/white-house-supports-unlocking-phones-real-problem-runs-deeper
+[5]: https://www.eff.org/wp/unintended-consequences-under-dmca
+
diff --git a/post/2013-03-15-federal-judge-rules-nsls-national-security-letters-unconstitutional.md b/post/2013-03-15-federal-judge-rules-nsls-national-security-letters-unconstitutional.md
new file mode 100644
index 0000000..5d62ab7
--- /dev/null
+++ b/post/2013-03-15-federal-judge-rules-nsls-national-security-letters-unconstitutional.md
@@ -0,0 +1,33 @@
+# Federal Judge Rules NSLs (National Security Letters) Unconstitutional
+
+This news is huge and an incredible win for both the EFF and all U.S. citizens.
+Today, [United States District Judge Susan Illston found the National Security
+Letters' gag provisions unconstitutional][0] and---since the review procedures
+violate the separation of powers and cannot be separated from the rest of the
+statute---has consequently [ruled the NSLs themselves to be
+unconstitutional][1]:
+
+[0]: http://www.wired.com/threatlevel/2013/03/nsl-found-unconstitutional/
+[1]: https://www.eff.org/press/releases/national-security-letters-are-unconstitutional-federal-judge-rules
+
+> In today's ruling, the court held that the gag order provisions of the statute
+> violate the First Amendment and that the review procedures violate separation
+> of powers. Because those provisions were not separable from the rest of the
+> statute, the court declared the entire statute unconstitutional
+
+<!-- more -->
+
+This is an exciting decision; let's see where it takes us.
+
+> U.S. District Judge Susan Illston ordered the government to stop issuing
+> so-called NSLs across the board, in a stunning defeat for the Obama
+> administration’s surveillance practices. She also ordered the government to
+> cease enforcing the gag provision in any other cases. However, she stayed her
+> order for 90 days to give the government a chance to appeal to the Ninth
+> Circuit Court of Appeals.[[0]]
+
+[The issues surrounding NSLs][2] were highlighted just last week when [Google
+released numbers relating to the orders that it received][3].
+
+[2]: https://www.eff.org/issues/national-security-letters
+[3]: /2013/03/google-says-the-fbi-is-secretly-spying-on-some-of-its-customers
diff --git a/post/2013-03-15-html5-drm.md b/post/2013-03-15-html5-drm.md
new file mode 100644
index 0000000..1725614
--- /dev/null
+++ b/post/2013-03-15-html5-drm.md
@@ -0,0 +1,109 @@
+# HTML5 DRM
+
+Two acronyms that, until very recently, would seem entirely incompatible---HTML,
+which is associated with an unencumbered, free (as in freedom) representation of
+a document, and [DRM][0], which [exists for the sole purpose of restricting
+freedom][1].[^bias] Unfortunately, Tim Berners-Lee---the man attributed to
+["inventing" the Internet][18]---mentioned in a [keynote talk at SXSW][15] that [he is
+not opposed to introducing DRM into the HTML5 standard][4]:
+
+[^bias]: (Disclaimer: I am an associate member of the [Free Software
+Foundation][2] and, as such, this reference is intentionally bias; feel free
+to see the [Wikipedia article on DRM][3] for more general information.)
+
+> [Tim Berners-Lee] did not, however, present himself as an opponent of digital
+> locks. During a post-talk Q&A, he defended proposals to add support for
+> "digital rights management" usage restrictions to HTML5 as necessary to get
+> more content on the open Web: "If we don't put the hooks for the use of DRM
+> in, people will just go back to using Flash," he claimed.
+
+<!-- more -->
+
+Many who oppose DRM refer to it as ["digital restrictions management"][0]---a
+phrase that better describes how it affects the user. The "rights" that
+"digital rights management" describes are the "rights" (in terms of
+copyright) of publishers and copyright holders: They wish to lock down their
+content so that [you, the user, can only access it as *they* please][5]. Has
+["your" device][25] ever told you that [you cannot share a book with your
+friends][6][17][24]? Has your device ever [deleted your content without your
+permission][7][8]? Does your device grant you [less privileges if you decide to
+liberate yourself from it][9] through "jailbreaking"?[^jb] Does the software you
+run [potentially spy on you without telling you][11], without giving you the
+option to correct it? Or perhaps the games you play [require you to be online,
+even in single-player mode][12].
+
+[^jb]: I go into more detail on jailbreaking and its current legality as of
+the time of writing [in a previous article of mine][10].
+
+These are but a small handful of [examples of the many mistakes and injustices
+of Digital Restrictions Management][5]. These restrictions take additional
+effort---that is, development time, which also means more money---to build into
+software; computers, by their very nature, do exactly as they are told, meaning
+that they can only work against you if someone else tells it to (unless you tell
+your computer to make your life miserable...if you're into that sort of thing).
+As such, we refer to these restrictions as ["anti-features"][23].
+
+> Corporations claim that DRM is necessary to fight copyright infringement
+> online and keep consumers safe from viruses. But there's no evidence that DRM
+> helps fight either of those. Instead DRM helps big business stifle innovation
+> and competition by making it easy to quash "unauthorized" uses of media and
+> technology.
+
+It is this logic that [corporations][13] (and even some individuals, such as
+[authors][14]) use to influence entities such as the W3C---and Tim
+Berners-Lee---into [thinking that DRM is necessary][15]. The [W3C describes a
+"trust infastructure"][16] that could be standardized for bringing DRM to the
+web:
+
+> It is clear that user domains (eg eBook trading, sub-rights trading, streaming
+> music, etc.) each require sets of Rights Primitives that those domains wish do
+> useful things with.
+
+This is an unfortunate perspective, especially since those "useful things" are
+exactly the opposite for users. The Internet strongly promotes the free,
+(generally) unencumbered flow of information. To [quote W3C][19]:
+
+> The social value of the Web is that it enables human communication, commerce,
+> and opportunities to share knowledge. One of W3C's primary goals is to make
+> these benefits available to all people, whatever their hardware, software,
+> network infrastructure, native language, culture, geographical location, or
+> physical or mental ability.
+
+A DRM implementation flies in the face of those goals, as it is, by definition,
+restrictive---how can we be encouraged to share by using systems that aim to
+[prevent that very thing][0]?
+
+Richard Stallman has already announced that the [FSF will "campaign against W3C
+support for DRM"][20]; let's hope that many others will join in on this
+campaign, hope that organizations like the EFF will continue to fight for our
+rights, and further hope that users will [reject DRM-laden products][22]
+outright. [DRM cannot exist in free software][25] and it cannot exist on a
+network that facilitates free information.
+
+[0]: http://www.defectivebydesign.org/what_is_drm
+[1]: http://www.defectivebydesign.org/
+[2]: http://fsf.org
+[3]: https://en.wikipedia.org/wiki/Digital_rights_management
+[4]: http://boingboing.net/2013/03/10/tim-berners-lee-the-web-needs.html
+[5]: https://www.eff.org/issues/drm
+[6]: http://www.amazon.com/gp/help/customer/display.html?nodeId=200549320
+[7]: http://www.defectivebydesign.org/blog/1248
+[8]: http://boingboing.net/2012/10/22/kindle-user-claims-amazon-dele.html
+[9]: http://arstechnica.com/apple/2011/02/ibooks-to-jailbreakers-no-yuo/
+[10]: /2013/03/white-house-supports-cell-phone-unlocking
+[11]: /2013/01/re-who-does-skype-let-spy
+[12]: https://www.eff.org/deeplinks/2013/03/tale-simcity-users-struggle-against-onerous-drm
+[13]: http://venturebeat.com/2012/10/12/together-html5-and-drm-can-take-out-native-apps/
+[14]: /2013/01/lulu-says-goodbye-to-drm
+[15]: http://www.guardian.co.uk/technology/blog/2013/mar/12/tim-berners-lee-drm-cory-doctorow
+[16]: http://www.w3.org/2000/12/drm-ws/
+[17]: https://www.fsf.org/bulletin/e-books-must-increase-our-freedom-not-decrease-it
+[18]: http://www.w3.org/People/Berners-Lee/
+[19]: http://www.w3.org/Consortium/mission#principles
+[20]: http://lists.libreplanet.org/archive/html/libreplanet-discuss/2013-03/msg00007.html
+[21]: https://www.eff.org/deeplinks/2012/11/2012-dmca-rulemaking-what-we-got-what-we-didnt-and-how-to-improve
+[22]: http://www.defectivebydesign.org/guide
+[23]: https://www.fsf.org/bulletin/2007/fall/antifeatures/
+[24]: https://www.gnu.org/philosophy/right-to-read.html
+[25]: https://www.gnu.org/philosophy/can-you-trust.html
+
diff --git a/post/2013-03-23-congratulations-to-the-2012-free-software-award-winners.md b/post/2013-03-23-congratulations-to-the-2012-free-software-award-winners.md
new file mode 100644
index 0000000..74c309d
--- /dev/null
+++ b/post/2013-03-23-congratulations-to-the-2012-free-software-award-winners.md
@@ -0,0 +1,22 @@
+# Congratulations to the 2012 Free Software Award Winners
+
+Each year, the [Free Software Foundation][0] presents awards to individuals who
+have made a [strong contribution to free software][1]:
+
+[0]: http://fsf.org
+
+> The Award for the Advancement of Free Software is given annually to an
+> individual who has made a great contribution to the progress and development
+> of free software, through activities that accord with the spirit of free
+> software.
+
+[1]: https://www.fsf.org/news/2012-free-software-award-winners-announced-2
+
+<!-- more -->
+
+This year, announced at the LibrePlanet 2013 conference, [the winner was Dr.
+Fernando Perez][1]---creator of IPython. The winner of the Award for Projects of
+Social Benefit was [OpenMRS][2], which is a free (as in freedom) medical records
+system for developing countries.
+
+[2]: http://openmrs.org/
diff --git a/post/2013-03-23-defective-by-design-campaign-against-w3c-drm-standard.md b/post/2013-03-23-defective-by-design-campaign-against-w3c-drm-standard.md
new file mode 100644
index 0000000..738fa56
--- /dev/null
+++ b/post/2013-03-23-defective-by-design-campaign-against-w3c-drm-standard.md
@@ -0,0 +1,46 @@
+# Defective By Design Campaign Against W3C DRM Standard
+
+[As I had mentioned late last week][0], RMS had mentioned that Defective By
+Design (DBD) would be campaigning against the [introduction of DRM into the W3C
+HTML5 standards][1]. (Please see [my previous mention of this topic][0] for a
+detailed explanation of the problem and a slew of references for additional
+information.) Well, [this campaign is now live and looking for
+signatures][2]---50,000 by May 3rd, which is the [International Day Against
+DRM][3]:
+
+> Hollywood is at it again. Its latest ploy to take over the Web? Use its
+> influence at the World Wide Web Consortium (W3C) to weave [Digital
+> Restrictions Management (DRM)][4] into HTML5 -- in other words, into the very
+> fabric of the Web.
+>
+> [...]
+>
+> Help us reach 50,000 signers by May 3rd, 2013, the [International Day Against
+> DRM][3]. We will deliver the signatures to the W3C (they are right down the
+> street from us!) and [make your voice heard[[1].
+
+[0]: /2013/03/html5-drm
+[1]: https://www.eff.org/deeplinks/2013/03/defend-open-web-keep-drm-out-w3c-standards
+[2]: http://www.defectivebydesign.org/no-drm-in-html5
+[3]: http://www.defectivebydesign.org/dayagainstdrm
+[4]: http://www.defectivebydesign.org/what_is_drm
+
+<!-- more -->
+
+To summarize the issue as [stated by the EFF][5]:
+
+> W3C is there to create comprehensible, publicly-implementable standards that
+> will guarantee interoperability, not to facilitate an explosion of new
+> mutually-incompatible software and of sites and services that can only be
+> accessed by particular devices or applications. But EME is a proposal to bring
+> exactly that dysfunctional dynamic into HTML5, even risking a return to the
+> ["bad old days, before the Web"][5] of deliberately limited
+> interoperability.
+>
+> it would be a terrible mistake for the Web community to leave the door open
+> for Hollywood's gangrenous anti-technology culture to infect W3C standards.
+
+So please---[sign the petition now][2]!
+
+[5]: http://www.anybrowser.org/campaign/index.html
+
diff --git a/post/2013-04-20-us-house-passes-cispa.md b/post/2013-04-20-us-house-passes-cispa.md
new file mode 100644
index 0000000..1bf8b46
--- /dev/null
+++ b/post/2013-04-20-us-house-passes-cispa.md
@@ -0,0 +1,20 @@
+# U.S. House Passes CISPA
+
+Two days ago---on the 18th--[the U.S. House of Representatives decided to pass
+CISPA 288-127][0].
+
+> The legislation passed 288-127, despite a veto threat from Pres. Barack Obama,
+> who expressed serious concerns about the danger CISPA poses to civil
+> liberties.
+
+[0]: https://www.eff.org/deeplinks/2013/04/us-house-representatives-shamefully-passes-cispa-internet-freedom-advocates
+
+<!-- more -->
+
+As the bill moves into the senate, [civil liberties groups will continue to
+oppose it][1]; I personally hope that you will do the same.
+
+Move [information on CISPA][2] is available on the EFF's website.
+
+[1]: https://www.eff.org/deeplinks/2012/04/voices-against-cispa
+[2]: https://www.eff.org/cybersecurity-bill-faq
diff --git a/post/2013-06-06-improved-website.md b/post/2013-06-06-improved-website.md
new file mode 100644
index 0000000..614f0a0
--- /dev/null
+++ b/post/2013-06-06-improved-website.md
@@ -0,0 +1,14 @@
+# Improved Website
+
+The old WordPress website has been replaced entirely by the "thoughts" site
+(which was previously located at /thoughts). This website is generated from its
+git repository---available on the Projects page---which is freely licensed.
+There is some content that existed on the old site that is still useful; should
+that content be transferred to this site, a redirect will be set up (assuming
+that it hadn't already been lost to the search engines).
+
+Since all this content is static, there is no discussion system. I am still
+debating whether or not I will add this in the future. Until that time, feel
+free to contact me via e-mail.
+
+<!-- more -->
diff --git a/post/2013-06-10-national-uproar-a-comprehensive-overview-of-the-nsa-leaks-and-revelations.md b/post/2013-06-10-national-uproar-a-comprehensive-overview-of-the-nsa-leaks-and-revelations.md
new file mode 100644
index 0000000..cba4005
--- /dev/null
+++ b/post/2013-06-10-national-uproar-a-comprehensive-overview-of-the-nsa-leaks-and-revelations.md
@@ -0,0 +1,631 @@
+# National Uproar: A Comprehensive Overview of the NSA Leaks and Revelations
+
+I am finding it difficult to keep up with the flood of reports in my little free
+time, while still finding the time to brush up on relevant history. My hope is
+to provide a summary of recent events and additional background---along with a
+plethora of references---that will allow the reader to perform further research
+and to formulate educated, personal opinions on the topics. If you do not care
+for my commentary, simply scroll to the list of references at the bottom of this
+article.
+
+Many [individuals and organizations][0] have long warned of [digital privacy
+issues][1], but there has been one agency in particular that has been the
+subject of much scrutiny---the [National Security Agency (NSA)][2], which is a
+[United States government agency][3] that has a [long history of controversial
+spying tactics][4] on its country's own citizens. It is a chilling topic---one
+that can easily make any person sound like they've latched onto an Orwellian
+conspiracy.
+
+[0]: /2013/01/re-who-does-skype-let-spy
+[1]: https://www.schneier.com/essay-418.html "The Internet Is a Surveillance State"
+[2]: https://www.eff.org/nsa-spying "The EFF on NSA Spying"
+[3]: https://www.eff.org/agency/national-security-agency "The National Security Agency"
+[4]: https://www.eff.org/nsa-spying/timeline "Timeline of NSA Spying"
+
+<!-- more -->
+
+**Wednesday, June 5th, 2013**---[the Guardian newspaper publishes a leaked
+document][5][6][7] ordering Verizon to
+
+> [...] produce to the National Security Agency (NSA) upon service of this
+> Order, and continue production on an ongoing daily basis thereafter for the
+> duration of this Order, [...] an *electronic copy of* the following tangible
+> things: *all call detail records or "telephony metadata"* created by Verizon
+> for communications (i) between the United States and abroad; or (ii) wholly
+> within the United States, *including local telephone calls*.[[6]] [emphasis
+> added]
+
+The order goes on to describe "telephony metadata" to include routing
+information, source and destination telephone numbers, IMSI and IMEI numbers,
+and time and duration of the call; it "does not include the substantive content
+of any communication"---the communication content itself.[[6]] This order was
+[issued by the Foreign Intelligence Surveillance Court (FISC)][8] under [section 215
+of the Patriot Act][9]. (This news comes [less than three months after United
+States District Judge Susal Illston ruled NSA Letters' gag provisions
+unconstitutional][10].)
+
+This report caused a massive uproar, but [came as no surprise][11] to many
+security researchers and privacy advocates. Early last year, Wired released an
+article stating that [the NSA "Is Building the Country's Biggest Spy
+Center"][14]. Privacy concerns were raised in November of last year by [the
+Petraeus scandal][14]. In March of this year, Google released figures showing
+that [the NSA is secretly spying on some of its customers][15]. Two months later,
+[outrage][17] after the Associated Press discovers that [the Justice Department
+collected the calling records of many of its reporters and editors][18].
+Additionally, [the EFF already had cases against the NSA's actions][2]---[Jewel
+v. NSA][12] and [Hepting v. AT&T][13] both focus on unconstitutional dragnet
+surveillance of innocent citizens' data and communications. These cases will be
+explored in further detail throughout this article.
+
+But the chaos didn't end there.
+
+**Thursday, June 6th, 2013**---just one day after the Guardian reported on the
+leaked Verizon order, the newspaper reports on [a leaked slideshow describing
+PRISM][19], a top-secret program that "claims direct access to servers of firms
+including Google, Apple and Facebook. According to the leaked document, the NSA
+supposedly has the ability to collect material including e-mail, chat, video and
+voice communications, photos, stored data and more.[[19]]. Responses from most
+companies was immediate. In a [blog post entitled "What that...?"][20], Larry
+Page---Google's CEO---put very plainly that Google does not participate in such
+a program and denied any knowledge of PRISM:
+
+> First, we have not joined any program that would give the U.S. government—or
+> any other government—direct access to our servers. Indeed, the U.S. government
+> does not have direct access or a "back door" to the information stored in
+> our data centers. We had not heard of a program called PRISM until yesterday.
+> Second, we provide user data to governments only in accordance with the
+> law.[[20]] --Larry Page, Google CEO
+
+[Mark Zuckerberg of Facebook also denied involvement][21], calling such claims
+"outrageous" and encouraging governments to be "much more transparent about
+all programs aimed at keep the public safe":
+
+> I want to respond personally to the outrageous press reports about PRISM:
+> Facebook is not and has never been part of any program to give the US or any
+> other government direct access to our servers. We have never received a
+> blanket request or court order from any government agency asking for
+> information or metadata in bulk, like the one Verizon reportedly received. And
+> if we did, we would fight it aggressively. We hadn't even heard of PRISM
+> before yesterday. [...] We strongly encourage all governments to be much more
+> transparent about all programs aimed at keeping the public safe. It's the only
+> way to protect everyone's civil liberties and create the safe and free society
+> we all want over the long term.[[21]] --Mark Zuckerberg, Facebook CEO
+
+Indeed, [all companies eventually denied involvement with PRISM][22].
+
+**Friday, June 7th, 2013**---Two days after the [initial Verizon report][5] and one day
+after the publishing of [portions of the PRISM documents][19], the White House
+responded to the Guardian reports with President Obama [defending his
+administration][16]. Unfortunately, given the [history of the NSA surveillance
+programs][4]---especially since the Bush administration after the 9/11
+attacks---it may be difficult to believe that his words are the whole truth. As
+such, we will use [portions of his transcript][16] to guide the remainder of this
+discussion.
+
+> **Jackie Calmes:** Mr. President, could you please react to the reports of
+> secret government surveillance of phones and Internet? And can you also assure
+> Americans that the government — your government doesn’t have some massive
+> secret database of all their personal online information and activity?
+>
+> **Obama:** [...] Now, the programs that have been discussed over the last
+> couple days in the press are secret in the sense that they’re classified, but
+> they’re not secret in the sense that when it comes to telephone calls, every
+> member of Congress has been briefed on this program.
+>
+> With respect to all these programs, the relevant intelligence committees are
+> fully briefed on these programs. These are programs that have been authorized
+> by broad, bipartisan majorities repeatedly since 2006. And so I think at the
+> outset, it's important to understand that your duly elected representatives
+> have been consistently informed on exactly what we’re doing.[[16]]
+
+There are some important notes regarding the phrasing of the President's
+statement. Firstly, it is important to note that the President is *confirming the
+existence of* the programs that "have been discussed over the last couple days
+in the press"---that is, the [Verizon FISA Court order][5] and the [PRISM][19]
+leak. However, it is also important to take a step back and note that the
+President did *not* state outright that the reports tell the whole---or even the
+correct---story. So what do we know?
+
+On June 6th---a day before the White House responded to the leaks---the Director
+of National Intelligence James Clapper [declassified certain information pertaining
+to the "business records" provision of FISA][23], stating, "I believe it is
+important for the American people to understand the limits of this targeted
+counterterrorism program and the principles that govern its use". This statement
+mentions that:
+
+> Although this program has been properly classified, the leak of one order,
+> without any context, has created a misleading impression of how it operates.
+> [...] The program does not allow the Government to listen in on anyone's phone
+> calls. The information acquired does not include the content of any
+> communications or the identity of any subscriber. The only type of information
+> acquired under the Court's order is telephony metadata, such as telephone
+> numbers dialed and length of calls.[[23]]
+
+The term "telephony metadata" could mean anything; the "numbers dialed" and
+"length of calls" are part of it, but what does [the Court order][6]
+specifically request?
+
+> IT IS HEREBY ORDERED that [Verizon] shall produce to the [NSA] [...], and
+> continue production on an ongoing daily basis [...] for the duration of this
+> Order, [...] all call detail records or "telephony metadata" [...].
+> Telephony metadata includes comprehensive communications routing information,
+> including but not limited to [...] originating and terminating telephone
+> number, [...] International Mobile Subscriber Identity (IMSI) number,
+> International Mobile station Equipment Identity (IMEI) number, [...] trunk
+> identifier, telephone calling card numbers, and time and duration of call.
+> Telephony metadata does not include the substantive content of any
+> communication [...], or the name, address, or financial information of a
+> subscriber or customer.[[6]] --FISA Court order
+
+The President made this point very clear:
+
+> **Obama:** When it comes to telephone calls, nobody is listening to your
+> telephone calls. That’s not what this program’s about. As was indicated, what
+> the intelligence community is doing is looking at phone numbers and durations
+> of calls. They are not looking at people’s names, and they’re not looking at
+> content. But by sifting through this so-called metadata, they may identify
+> potential leads with respect to folks who might engage in terrorism. If these
+> folks — if the intelligence community then actually wants to listen to a phone
+> call, they’ve got to go back to a federal judge, just like they would in a
+> criminal investigation. So I want to be very clear. Some of the hype that
+> we’ve been hearing over the last day or so — nobody’s listening to the content
+> of people’s phone calls.[[16]]
+
+The EFF provides compelling arguments as to why [metadata is important to our
+privacy][24]. One such example: "They know you spoke with an HIV testing
+service, then your doctor, then your health insurance company in the same hour.
+But they don't know what was discussed." The EFF further states, "the
+government has given no assurances that this data will never be correlated with
+other easily obtained data". So, while the President may try reassuring us by
+stating that "they've got to go back to a federal judge", he certainly does
+not make it clear that they may already have enough information *without* having
+to do so---from this supposedly non-content metadata. They do not need to
+subpoena the phone company for the name or address of the individual in most
+cases, as reverse telephone directories are readily available. With that, they
+then have the names of yourself, everyone you have called and GPS data.
+
+Another argument worthy of strong consideration is posed by Daniel J.
+Solove---[what if the government is wrong about your intentions][25]? How can
+you go about correcting incorrect data if its very existence is hidden from the
+public?
+
+> What if the government leaks the information to the public? What if the
+> government mistakenly determines that based on your pattern of activities,
+> you're likely to engage in a criminal act? What if it denies you the right to
+> fly? What if the government thinks your financial transactions look odd—even
+> if you've done nothing wrong—and freezes your accounts? What if the government
+> doesn't protect your information with adequate security, and an identity thief
+> obtains it and uses it to defraud you?[[25]]
+
+These are serious questions. Even if you---the reader---are of the type that sates
+"I don't care; I have nothing to hide", then consider that, despite the government's
+best efforts to secure and protect the data, [it could possibly fall prey to
+enemies of the United States][25]. Consider that the [Chinese cracked into
+Pentagon systems][26], taking "designs for more than two dozen major weapon systems
+used by the United States military".
+
+Of course, we are now assuming that that the NSA is (a) operating in accordance with the
+Court order with respect to the privacy of communications content and (b) that
+the President's statement is not intentionally omitting projects that *do*
+warrantlessly wiretap innocent Americans' communications. Historically, the NSA has not
+given us reason to entertain either of these thoughts.
+
+**January 31, 2006**---[Hepting v. AT&T][13]; the EFF files a case suing AT&T on
+behalf of its customers for "violating privacy law by collaborating with the
+NSA in the massive, illegal program to wiretap and data-min Americans'
+communications". This case included "undisputed evidence" from former AT&T technician
+Mark Klein showing that [AT&T routed a copy of all Internet traffic to an NSA-controlled
+room in San Francisco][27]:
+
+> Through the "splitter cabinet," the content of all of the electronic voice
+> and data communications going across the Peering Links [...] was transferred
+> from the WorldNet Internet room's fiber optical circuits into the
+> [NSA-controlled] SG3 Secure Room [...] including such equipment as Sun servers
+> and Juniper (M40e and M160) "backbone" routers. The list also included a
+> Narus STA 6400, which is a "Semantic Traffic Analyzer."[[27]]
+
+That is---allegedly, AT&T indiscriminately passed *all* of the traffic passing
+through its San Francisco facility into the NSA-controlled "SG3 Secure Room"
+where the NSA performed their *own* filtering, storage and analysis however they
+pleased. This is an astounding accusation. Additionally, Klein further states
+that "other such `splitter cabinets' were being installed in other cities,
+including Seattle, San Jose, Los Angeles and San Diego".[[27]]
+
+Unfortunately, Hepting was dealt a fatal blow in July 2008 when both the
+government and AT&T were [awarded retroactive immunity][28] by the [FISA
+Amendments Act (FAA)][29]. This startling turn was signed by President Bush in
+response to the EFF's court victories in the case and "allows the Attourney
+General to require the dismissal of the lawsuits over the telecoms'
+participation in the warrantless surveillance program".[[13]] The case was
+dismissed in June 2009 and dozens of other lawsuits.
+
+Fortunately, the battle is not over. The EFF then filed [Jewel v. NSA][12] which
+directly targets the "NSA and other government agencies on behalf of AT&T
+customers to stop the illegal unconstitutional and ongoing dragnet surveillance
+of their communications and communications records". This case was too based
+on [the testimony of Klein][27]. Additionally, the EFF had declarations of William
+Binney, Thomas Drake and Kirk Wiebe---[three NSA whistleblowers][30]. Most
+interesting (and damning) for the purposes of our discussion is the [Summary of
+Voluminous Evidence][31].
+
+> I have served on the Intelligence Committee for over a decade and I wish to
+> deliver a warning this afternoon. When the American people find out how their
+> government has secretly interpreted [the business records provision of
+> FISA], they are going to be stunned and they are going to be angry.[^32]
+> --Senator Ron Wyden
+
+Note that the Senator is referring to precisely the same provision---business
+records---that was partly declassified by James Clapper on Thursday.[[23]] Of
+course, we are assuming that the NSA decides to go to the FISA Court for
+permission; this apparently has not always been the case.
+
+According to [the summary of evidence][31], the NSA stated:
+
+> To perform both its offensive and defensive mission, NSA must "live on the
+> network." [The program would be] a powerful and permanent presence on a
+> global telecommunications infrastructure where protected American
+> communications and targeted adversary communications will coexist.
+
+This certainly shares some similarities with the Verizon case. But FISA stood
+in the way of this goal; John Yoo explains why FISA was insufficient for such
+a dragnet operation:
+
+> [U]nder existing laws like FISA, you have to have the name of somebody, have
+> to already suspect that someone's a terrorist before you can get a warrant.
+> [...] it doesn't allow you as a government to use judgment based on
+> probability to say: "[...] there's a high probability that some of those
+> calls are terrorist communications. But we don't know the names of the people
+> making those calls." You want to get at those phone calls, those e-mails, but
+> under FISA you can't do that.[^33] --Jon Yoo
+
+After the September 11th attacks, "FISA ceased to be an operative
+concern".[[31]] If that statement sounds unsettling, that is because it is;
+President Bush subsequently authorized the NSA to "conduct electronic
+surveillance within the United States" without an order from the FISA Court
+(FISC). General Hayden phrased it as such: the program "is a more [...]
+`aggressive' program than would be traditionally available under FISA".[^34]
+What---if anything---does this mean about any current NSA operations (including
+the Verizon order)? If Bush is able to authorize such actions, what is to say
+that Obama will not (and has not)?
+
+Let us return to the statements from both Clapper[[23]] and Obama stating that
+"nobody is listening to the content of your phone calls".[[16]] We can certainly
+hope that this is the case, but we shall continue to draw from evidence in the
+[Jewel v. NSA case][12] to see what the NSA has done in the past.
+
+> It was the biggest legal mess I've ever encountered.[^35] --Jack Goldsmith, Justice
+> Department's Office of Legal Consel
+
+The program operated "in lieu of" court orders.[^36] Even more alarming (if such a
+thing is possible), "neither the President nor Attorney General approved the specific
+interceptions; rather, the decision to listen or read particular communications was
+made by intelligence analysts"; the only authorization needed was by an NSA
+"shift supervisor".[^37] So, let's reiterate:
+
+> **Obama:** If these folks — if the intelligence community then actually wants to listen
+> to a phone call, they've got to go back to a federal judge, just like they
+> would in a criminal investigation.[[16]]
+
+It may very well be that Obama is being truthful within context of the Verizon
+order; perhaps they have learned from their mistakes with the AT&T dragnet.
+Unfortunately, their secrecy is making it very difficult for the public to make
+an informed analysis of the matter.
+
+Ultimately, it is believed that Attorney General Comey's initial certifications of
+the program were "based on a misimpression of those activities" due to a botched
+legal analysis by Jon Yoo that was described as "at a minimum [...] factually
+flawed". Yoo was the only OLC official to read into the program since its
+inception in October 2001 until his leaving in May 2003.[[31]] When Comey refused
+to reauthorize the program, Bush did so himself, resulting in threats of resignation
+from Comey and "about two dozen Bush appointees". However, "[d]espite the illegality
+of the Program, no officials resigned."[[31]].
+
+In 2009, the New York Times published a series of articles regarding the
+program, exposing a ["serious issue involving the NSA" concerning
+"significant misconduct"][38]. This included a "`flagrant' overcollection
+of domestic email".[[31]]
+
+> Because each court order could single out hundreds or even thousands of phone
+> numbers or e-mail addresses, the number of individual communications that
+> were improperly collected could number in the millions, officials said.[[31]]
+
+That was then; this is now, right? How can we be sure of any connection between
+the NSA of a decade ago vs. the NSA of today? Well, as an average citizen with
+no security clearance, I can't. However, there are some important connections that
+can be made. Firstly, recall Ron Wyden's quote above stating that the public
+will be "stunned" and "angry".[^32] On Thursday, June 6th, he [released this
+statement on his Senate website][39]:
+
+> The program Senators Feinstein and Chambliss publicly referred to today is one
+> that I have been concerned about for years. I am barred by Senate rules from
+> commenting on some of the details at this time. However, I believe that when
+> law-abiding Americans call their friends, who they call, when they call, and
+> where they call from is private information. Collecting this data about every
+> single phone call that every American makes every day would be a massive
+> invasion of Americans’ privacy.[[39]] --Senator Ron Wyden
+
+Perhaps the most obvious and direct connection is that the [government asked for
+more time in Jewel v. NSA (and Shubert v. Obama) in light of the NSA
+revelations][40].
+
+> The revelations not only confirmed what EFF has long alleged, they went even
+> further and honestly, we’re still reeling. EFF will, of course, be continuing
+> its efforts to get this egregious situation addressed by the courts.
+>
+> [...] EFF and others had long alleged that, despite the rhetoric surrounding
+> the Patriot Act and the FISA Amendments Act, the government was still
+> vacuuming up the records of the purely domestic communications of millions of
+> Americans. And yesterday, of course, with the Verizon order, we got solid
+> proof.. And it appears that the reach of this vacuum goes much further, into
+> the records of our Internet service providers as well.[[41]] --Electronic
+> Frontier Foundation
+
+This brings us back to [PRISM][19]. Numerous sources reported that [the White
+House confirmed][42] its existence. Indeed, if you consider the President's
+original words--- "the programs that have been discussed over the last couple
+days in the press are secret in the sense that they’re classified"[[16]]---this
+does seem to be a verification of the project's existence. However, confusion ensued
+when [companies like Google and Facebook denied involvement][43], despite what
+the [leaked information seems to state][19]. Yonatan Zunger---chief architect at
+Google---[reiterated the words of Larry Page][44]:
+
+> I can also tell you that the suggestion that PRISM involved anything happening
+> directly inside our datacenters surprised me a great deal; owing to the nature
+> of my work at Google over the past decade, it would have been challenging --
+> not impossible, but definitely a major surprise -- if something like this
+> could have been done without my ever hearing of it. And I can categorically
+> state that *nothing* resembling the mass surveillance of individuals by
+> governments within our systems has ever crossed my plate.[[44]] --Yonatan
+> Zunger, Chief Architect, Google
+
+Questions then arose as to what exactly "PRISM" is. Marc Ambinder with The Week
+reported that [PRISM is nothing more than one of many different "data collection
+tools"][45] that may be used by the NSA. One day later, Marc posted another article
+entitled ["Solving the mystery of PRISM"][46]
+
+> Each data processing tool, collection platform, mission and source for raw
+> intelligence is given a specific numeric signals activity/address designator,
+> or a SIGAD. [...] PRISM is US-984XN. Each SIGAD is basically a collection
+> site, physical or virtual; [...] PRISM is a kick-ass GUI that allows an
+> analyst to look at, collate, monitor, and cross-check different data types
+> provided to the NSA from internet companies located inside the United States.[[46]]
+
+Others hypothesized that, due to the denial of involvement from various
+companies[[44]], PRISM may operate by intercepting communications. The Guardian
+[countered by releasing another slide from the leaked presentation][47], stating
+outright that "[b]oth of these theories appear to be contradicted by internal
+NSA documents".
+
+> It clearly distinguishes Prism, which involves data collection from servers,
+> as distinct from four different programs involving data collection from "fiber
+> cables and infrastructure as data flows past".[[47]]
+
+This sounds a great deal like Klein's description of the SG3 Secure Room at
+AT&T[[27]] (though I do not intend to imply that they are the same thing---that is
+not clear, nor does Klien state that he ever noted the word "PRISM" on any
+documents). The Guardian goes on to state that "[a] far fuller picture of the exact
+operation of Prism [...] is expected to emerge in the coming weeks and months".
+(Is that foreshadowing or an educated guess?)
+
+There is, of course, the other obvious hypothesis---that organizations including
+Google, Facebook and Microsoft are being [deceptive or not telling the whole
+truth][48]. Alternatively, maybe such operations were being done under the noses
+of executives. On Friday, the New York Times published an article stating that
+the technology companies ["cooperated at least a bit"][49].
+
+> [Google, Micorsoft, Yahoo, Facebook, AOL, Apple and Paltalk] were legally
+> required to share the data under the Foreign Intelligence Surveillance Act.
+> [...] But instead of adding a back door to their servers, the companies were
+> essentially asked to erect a locked mailbox and give the government the key,
+> people briefed on the negotiations said. Facebook, for instance, built such a
+> system for requesting and sharing the information, they said.[[49]]
+
+This does not necessarily mean that these companies had any knowledge,
+specifically, of "PRISM". As the Guardian said, I will be curious to see what
+information surfaces in the coming months; the gag provisions of the orders make
+for an unfortunate situation for everyone involved.
+
+Let us return to the President's statements.
+
+> **Obama:** And I welcome this debate. And I think it's healthy for our
+> democracy. I think it's a sign of maturity, because probably five years ago,
+> six years ago, we might not have been having this debate.[[16]]
+
+This is a difficult debate to have, Mr. President, when the public does not know
+of the existence of these programs; we only have knowledge of these programs due
+to the aforementioned leaks---courageous individuals who feel that their
+government is not representative of the democracy and freedom that it supposedly
+represents. This segues into another statement from the President:
+
+> **Jackie Calmes:** Do you welcome the leak, sir? Do you welcome the leak if
+> you welcome the debate?
+>
+> **Obama:** I don't---I don't welcome leaks, because there's a reason why these
+> programs are classified. [...] But that's also why we've set up congressional
+> oversight. These are the folks you all vote for as your representative in
+> Congress, and they’re being fully briefed on these programs.
+
+Unfortunately, Obama seems to have missed another critical fact. We---the
+people---vote for representatives that, well, "represent" *the issues that we
+care about*. Those who are strongly opposed to gun legislation will vote for
+those representatives that share those feelings and will fight to oppose such
+legislation. Similarly, a pro-life supporter will probably not vote for a
+candidate in favor of abortion. But what if there is a candidate that shares one
+opinion but not another---say, opposes gun regulation but supports abortion,
+when you as a voter are a pro-life gun-owner against gun legislation? Then you
+will likely vote for the issues that you feel most strongly about (or what you
+feel is a fair balance between all the other issues you follow). The problem
+here, Mr. President, is that we---the people---are not made aware of these
+issues because they are *classified*. How many people may not have voted for
+you, Mr. President, had they known that you would support dragnet surveillance
+of innocent Americans?
+
+**Sunday, June 9th, 2013**---The Guardian continues to surprise the world by
+[releasing the name of the NSA whistleblower at his request][50]. Edward
+Snowden, a 29-year-old former CIA technical assistant and current defense
+contractor employee is responsible for what The Guardian is calling "the
+biggest intelligence leak in the NSA's history". Reporting from Hong
+Kong---where Snowden fled to on May 20th in the hope of resisting the
+U.S. government---Glenn Greenwald, Ewen MacAskill and Laura Poitras report
+on his motives.
+
+> Three weeks ago, Snowden made final preparations [...] [a]t the NSA office in
+> Hawaii where he was working, [copying] the last set of documents he intended
+> to disclose.[[50]]
+
+Snowden describes situations where he began to begin questioning his government,
+such as a case where a CIA operative purposely encouraged a Swiss banker to get
+intoxicated and drive drunk so that he would be arrested. "Much of what I saw
+in Geneva really disillusioned me about how my government functions and what its
+impact is in the world." He mentioned that the election of Obama in 2008 gave
+him hope for reform, but watched in 2009 as "Obama advanced the very policies
+that I thought would be reined in. [...] I got hardened."[[50]]
+
+It is this statement from Snowden that, if accurate, suggests that Obama not
+only supports Bush's initial dragnet operation[[31]], but has further expanded it.
+
+At this point, since the news is still quite young at the time that this article
+was written, the world must wait to see what action the government will attempt
+to take against Snowden. Reuters had already reported the previous day that
+[the government is likely to open a criminal probe into the NSA leaks][51].
+
+> James Clapper, the director of U.S. national intelligence, condemned the leaks
+> and asserted that the news articles about PRISM contained "numerous
+> inaccuracies."[[51]]
+
+Snowden is not the first to come forward as a whistleblower from the NSA---as we
+discussed previously, three NSA whistleblowers came fourth previously to back the
+EFF in Jewel v. NSA;[[30]] they each had the charges either cleared or dropped. That
+said, [Obama has been aggressively pursuing whistleblowers][59]. Snowden
+mentioned that he views his best hope of freedom as the possibility of asylum
+with Iceland.[[50]] It appears that such may already be working in his favor, with
+[Iclandic Legislator Birgitta Jonsdottir already starting the process to apply
+for asylum][52], although it is not clear if Snowden has already applied.
+
+There is a great deal to think about. Even though the [evidence against the NSA
+dates far back][4], the recent revelations invoke emotions that are difficult to
+describe. With countless individuals working to sift through the information,
+the Obama administration under attack and nobody knowing if the Guardian is
+sitting on even more information, the entire world will continue to watch
+impatiently...and act.
+
+While all this is going on, it would be useful to reiterate certain privacy and
+security topics that have already been covered at large. Firstly, consider
+checking out the EFF's [Surveillance Self-Defense][53] website, which contains
+information on a number of topics including anonymity and how to respond to
+court orders. Consider using [Tor for anonymity][54] online (but recognize that
+it is not a full solution in itself). Consider [keeping your data to
+yourself][55] rather than storing it on "cloud" services---[Richard Stallman
+explains how Software as a Service (SaaS) differs in dangers from proprietary
+software][56]. Consider using only [free software][57] to limit further
+sacrifices in personal freedom and to limit the information that corporations
+and third parties collect from you while using your computer and other devices.
+Finally, if you have information that you want to leak to the press (whether or
+not you are an [NSA employee][58]), you may be able to consider tools such as
+[The New Yorker's Strongbox][60]; it uses [software created by Aaron Swartz][61]
+shortly before his untimely death early this year.
+
+Finally, aid senators like Rand Paul in developing [legislation to curb the powers
+of the government][62]. We must also do our best to fight for the rights of
+brave whistleblowers like Snowden. To end with the words of the EFF, ["we need
+a new church committee and we need it now"][41].
+
+[5]: http://www.guardian.co.uk/world/2013/jun/06/nsa-phone-records-verizon-court-order
+ "NSA collecting phone records of millions of Verizon customers daily"
+[6]: http://s3.documentcloud.org/documents/709012/verizon.pdf "PDF of the FISA Court order to Verizon."
+[7]: http://s3.documentcloud.org/documents/709012/verizon.txt "Ibid; plain text version."
+[8]: https://www.eff.org/deeplinks/2013/06/confirmed-nsa-spying-millions-americans
+ "Confirmed: NSA Spying on Millions of Americans"
+[9]: https://www.eff.org/deeplinks/2011/10/ten-years-later-look-three-scariest-provisions-usa-patriot-act
+ "Three Scariest Provisions of thet USA Patriot Act"
+[10]: /2013/03/federal-judge-rules-nsls-national-security-letters-unconstitutional
+ "Federal Judge Declares National Security Letters Unconstitutional"
+[11]: http://www.theatlantic.com/politics/archive/2013/06/what-we-dont-know-about-spying-on-citizens-scarier-than-what-we-know/276607/
+ "Bruce Schneier comments on NSA leak"
+[12]: https://www.eff.org/cases/jewel "Jewel v. NSA"
+[13]: https://www.eff.org/cases/hepting "Hepting v. AT&T"
+[14]: /2012/11/privacy-in-light-of-the-petraeus-scandal
+ "Privacy In Light of the Petraeus Scandal"
+[15]: /2013/03/google-says-the-fbi-is-secretly-spying-on-some-of-its-customers
+ "Google Says the FBI Is Secretly Spying on Some of Its Customers"
+[16]: http://blogs.wsj.com/washwire/2013/06/07/transcript-what-obama-said-on-nsa-controversy/
+ "Obama on the NSA controversy"
+[17]: https://www.eff.org/deeplinks/2013/05/congressional-outrage-over-ap-phone-records
+ "Congressional outrate of AP phone records"
+[18]: https://www.eff.org/deeplinks/2013/05/doj-subpoena-ap-journalists-shows-need-protect-calling-records
+[19]: http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-data
+[20]: http://googleblog.blogspot.com/2013/06/what.html "Larry Page denies PRISM involvement"
+[21]: https://www.facebook.com/zuck/posts/10100828955847631 "Mark Zuckerberg denies PRISM involvement"
+[22]: http://www.guardian.co.uk/world/2013/jun/07/google-facebook-prism-surveillance-program
+[23]: http://www.dni.gov/index.php/newsroom/press-releases/191-press-releases-2013/868-dni-statement-on-recent-unauthorized-disclosures-of-classified-information
+ "James Clapper---Directory of National Intelligence---declassifies
+ information pertaining to the "business records" provision of FISA"
+[24]: https://www.eff.org/deeplinks/2013/06/why-metadata-matters
+ "The EFF describes why telephony metadata can have a significant impact on our privacy."
+[25]: http://mashable.com/2013/06/08/china-hack-nsa/ "What if crackers get a hold of the NSA's databases?"
+[26]: http://rt.com/usa/us-chinese-report-defense-888/ "The Chinese crack into Pentagon systems."
+[27]: https://www.eff.org/file/28823 "Public unredacted Mark Klein declaration"
+[28]: https://www.eff.org/pages/case-against-retroactive-amnesty-telecoms "The Case Against Retroactive Amnesty for Telecoms."
+[29]: http://www.govtrack.us/congress/bills/110/hr6304/text "FISA Amendments Act (FAA)."
+[30]: https://www.eff.org/press/releases/three-nsa-whistleblowers-back-effs-lawsuit-over-governments-massive-spying-program
+ "Three NSA whistleblowers back the EFF in Jewel v. NSA"
+[31]: https://www.eff.org/node/72021 "Summary of Voluminous Evidence, Jewel v. NSA"
+[38]: http://www.nytimes.com/2009/04/16/us/16nsa.html?pagewanted=all "Officials Say U.S. Wiretaps Exceeded Law"
+[39]: http://www.wyden.senate.gov/news/press-releases/wyden-statement-on-alleged-large-scale-collection-of-phone-records
+ "Ron Wyden comments on the collection of Verizon phone records"
+[40]: https://www.eff.org/deeplinks/2013/06/government-asks-more-time-eff-surveillance-cases
+ "In Light of NSA Revelations, Government Asks for More Time in EFF Surveillance Cases"
+[41]: https://www.eff.org/deeplinks/2013/06/response-nsa-we-need-new-church-commission-and-we-need-it-now
+ "In Response to the NSA, We Need A New Church Committee and We Need It Now"
+[42]: http://www.theweek.co.uk/us/53475/white-house-admits-it-has-access-facebook-google
+ "White House admits it has "access" to Facebook, Google"
+[43]: http://www.guardian.co.uk/world/2013/jun/07/google-facebook-prism-surveillance-program
+ "Facebook and Google insist they did not know of Prism surveillance program"
+[44]: https://plus.google.com/+YonatanZunger/posts/huwQsphBron
+ "Yonatan Zunger---Chief Architect at Google---expresses his distaste of PRISM"
+[45]: http://theweek.com/article/index/245311/sources-nsa-sucks-in-data-from-50-companies
+ "Sources: NSA sucks in data from 50 companies"
+[46]: http://theweek.com/article/index/245360/solving-the-mystery-of-prism
+ "Solving the mystery of PRISM"
+[47]: http://www.guardian.co.uk/world/2013/jun/08/nsa-prism-server-collection-facebook-google
+ "NSA's Prism surveillance program: how it works and what it can do."
+[48]: http://www.guardian.co.uk/world/2013/jun/08/obama-response-nsa-surveillance-democrats
+ "Obama deflects criticism over NSA surveillance as Democrats sound alarm."
+[49]: http://www.nytimes.com/2013/06/08/technology/tech-companies-bristling-concede-to-government-surveillance-efforts.html?ref=global-home&_r=2&pagewanted=all&
+ "Tech Companies Concede to Surveillance Program"
+[50]: http://www.guardian.co.uk/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance
+ "Edward Snowden: the whistleblower behind the NSA surveillance revelations."
+[51]: http://www.reuters.com/article/2013/06/08/us-usa-security-leaks-idUSBRE95700C20130608
+ "Government likely to open criminal probe into NSA leaks: officials."
+[52]: http://www.forbes.com/sites/andygreenberg/2013/06/09/icelandic-legislator-im-ready-to-help-nsa-whistleblower-seek-asylum/
+ "Icelandic Legislator: I'm Ready To Help NSA Whistleblower Edward Snowden Seek Asylum"
+[53]: https://ssd.eff.org/ "EFF Surveillance Self-Defense."
+[54]: https://www.torproject.org/ "The Tor project offers anonymity online."
+[55]: http://www.guardian.co.uk/technology/2008/sep/29/cloud.computing.richard.stallman
+ "Cloud computing is a trap, warns GNU founder Richard Stallman"
+[56]: http://www.gnu.org/philosophy/who-does-that-server-really-serve.html
+ "Who does that server really serve?"
+[57]: http://www.gnu.org/philosophy/free-sw.html "What is free software?"
+[58]: http://www.whistleblowers.org/index.php?option=com_content&task=view&id=984&Itemid=173
+ "National Security Employees Know Your Rights"
+[59]: http://www.theatlanticwire.com/politics/2011/05/obamas-war-whistle-blowers/38106/
+ "Obama's War on Whistle-Blowers"
+[60]: http://www.newyorker.com/strongbox/ "The New Yorker Strongbox"
+[61]: http://www.newyorker.com/online/blogs/newsdesk/2013/05/strongbox-and-aaron-swartz.html
+ "Strongbox and Aaron Swartz"
+[62]: http://abcnews.go.com/blogs/politics/2013/06/rand-paul-bill-would-curb-nsa-on-phone-records/
+ "Rand Paul Bill Would Curb NSA on Phone Records"
+
+[^32]: Ibid.[[31]] 157 Cong. Rec. S3372--3402, S3386 (May 26, 2011) [Vol. VI, Ex. 111, p. 4286]
+ (Statement of Sen. Ron Wyden, On Patriot Act Reauthorization)
+[^33]: Ibid.[[31]] PBS Frontline, Spying on the Homefront, Interview with John C. Yoo at 4
+ (Jan. 10, 2007) [Vol. I, Ex. 10, p. 394]
+[^34]: Ibid.[[31]] Press Briefing by Att’y Gen. Alberto Gonzalez and Gen. Michael Hayden,
+ Principal Dep. Dir. for Nat’l Intelligence (Dec. 19, 2005)
+[^35]: Ibid.[[31]] Preserving the Rule of Law in the Fight Against Terror:
+ Hearing before the S. Comm. on the Judiciary, 110th Cong. 7 (Oct. 2, 2007)
+ [Vol. III, Ex. 42, p. 1307] (testimony of Jack Goldsmith)
+[^36]: Ibid.[[31]] Press Briefing by Att’y Gen. Alberto Gonzalez and Gen. Michael Hayden, Principal Dep. Dir.
+ for Nat’l Intelligence (Dec. 19, 2005)
+[^37]: Ibid.[[31]] Remarks by Gen. Michael Hayden, Address to the National Press Club, Washington, D.C. (Jan. 23, 2006)
+ [Vol. IV, Ex. 73, p. 1809]
diff --git a/post/2013-06-16-all-thoughts-and-site-text-now-licensed-under-cc-by-sa.md b/post/2013-06-16-all-thoughts-and-site-text-now-licensed-under-cc-by-sa.md
new file mode 100644
index 0000000..73bb706
--- /dev/null
+++ b/post/2013-06-16-all-thoughts-and-site-text-now-licensed-under-cc-by-sa.md
@@ -0,0 +1,159 @@
+# All "Thoughts" and Site Text Now Licensed Under CC BY-SA
+
+All "thoughts"---that is, my blog-like entries that are generated by the
+repository commit messages---and site text are hereby retroactively relicensed
+under the [Creative Commons Attribution-ShareAlike 3.0 Unported License][0].
+This license shall not supersede any license that is explicitly put forth within
+a work; see the COPYING file within the thoughts repository---available on the
+"Projects" page---for more information.
+
+[0]: http://creativecommons.org/licenses/by-sa/3.0/
+
+<!-- more -->
+
+This is not a decision I take lightly; it has received much thought over the
+course of recent years. For some time, I accepted [the view of Richard Stallman
+and the Free Software Foundation][1] on opinion pieces in that, since they
+express personal opinions, it is not unreasonable to require that they be
+distributed verbatim. Indeed, it would seem wise not to allow someone to change
+your words, especially on something that you are passionate about.
+
+However, I have come to adopt another perspective. What is the motivation behind
+releasing content under a license that permits modification (that is, the
+creation of derivative works)? Often, the primary reason is to allow others to
+improve upon the content or to modify it to suit their particular needs. To
+prevent others from locking down those changes---preventing others from having
+the same rights as they did---many will often release their works under licenses
+that require that all derivatives be released under the same terms. In the case
+of Creative Commons, this is called ["ShareAlike"][2], which is motivated by
+GNU's copyright hack called [copyleft][3] (popularized by the [GNU General
+Public License][4]).
+
+For [free software][5] advocates, the question of whether or not to permit
+modification is generally not even raised---it is a necessity. Software serves a
+functional purpose: Prohibiting modification could prevent users from altering
+the software in ways that they may find useful and could be used to exert
+control over the users. Software does stuff. Software can control what the user
+can and cannot do.
+
+Creative works are often considered in a different light. Like software, they
+are indeed useful---they can be tools to learn, to entertain, etc. However, does
+prohibiting modification do any harm? In the case of [documentation for free
+software][6], yes---documentation is very important and can make the difference
+between highly useful software and impenetrable software. Free documentation
+ensures that, as the software grows, the documentation can grow with it. Since
+the documentation for many projects is often scarce or poorly written (great
+computer hackers are not necessarily great language hackers), the freedom to
+modify the documentation is a necessity.
+
+Then what of texts that have nothing to do with a free software project? Texts
+that serve as an educational resource of any kind would benefit from being free
+just as a free software project would---experts could contribute, teachers could
+alter it to suit their particular teaching style or their classroom setting,
+etc. But what of texts that exist purely as opinion pieces?
+
+I'm not sure there's such a thing as a "pure" opinion piece, unless it is
+utter garbage.
+
+An author would do well to substantiate their opinion with appropriate
+references (though often times, this is not the case). With those
+references (or lack thereof) comes the need to connect them to the content---the
+author must explain his or her opinion. This explanation is educational, even if
+the reader does not agree with the opinion. Perhaps the reader wishes to use the
+opinion piece as a resource, but notices that it is lacking in some respect.
+Should they not be able to improve it, perhaps to even further the author's
+point? Or, perhaps the opinion piece could be extended to the contrary---to
+prove additional references to either make it neutral or even work against the
+author's original opinion. Even though this may not be what the author wants,
+this is still a useful derivation of the original work.
+
+As an example, consider this very post. This is clearly an opinion piece---I
+have made the choice to release my content under a Creative Commons license and
+I am substantiating my opinion in the hope that others may gain insight and
+possibly even choose the same path for their own creative works. What if someone
+wished to present this article to a group of individuals---maybe in the
+workplace---but found my "garbage" comment to be unnecessarily harsh? What
+personal harm would I incur if they were to remove that statement? However, what
+if they wished to go further by replacing all references to "free software"
+with references to "open source"---a term which I [reject][7]? Well, this
+could potentially affect my image, depending on the group's philosophy. What
+now?
+
+There are a few important points to note from this. Firstly, the license
+mandates that:
+
+> If You Distribute, or Publicly Perform the Work or any Adaptations or
+> Collections, You must, unless a request has been made pursuant to Section
+> 4(a), keep intact all copyright notices for the Work and provide, reasonable
+> to the medium or means You are utilizing: (i) the name of the Original Author
+> (or pseudonym, if applicable) if supplied, and/or if the Original Author
+> and/or Licensor designate another party or parties (e.g., a sponsor institute,
+> publishing entity, journal) for attribution ("Attribution Parties") in
+> Licensor's copyright notice, terms of service or by other reasonable means,
+> the name of such party or parties; (ii) the title of the Work if supplied;
+> (iii) to the extent reasonably practicable, the URI, if any, that Licensor
+> specifies to be associated with the Work, unless such URI does not refer to
+> the copyright notice or licensing information for the Work; and (iv) ,
+> consistent with Ssection [sic] 3(b), in the case of an Adaptation, a credit
+> identifying the use of the Work in the Adaptation (e.g., "French translation
+> of the Work by Original Author," or "Screenplay based on original Work by
+> Original Author").[8]
+
+In plain English---you must provide attribution to the original author and
+indicate that the work has been modified from the original. Furthermore:
+
+> The credit required by this Section 4(c) may be implemented in any reasonable
+> manner; provided, however, that in the case of a Adaptation or Collection, at
+> a minimum such credit will appear, if a credit for all contributing authors of
+> the Adaptation or Collection appears, then as part of these credits and in a
+> manner at least as prominent as the credits for the other contributing
+> authors.[8]
+
+It would therefore be appropriate to assume that an author of a derivate work
+will, in good faith, make clear attribution. Should this not be the case, then
+what is to say that the author would not have simply modified a work which is
+not licensed to permit modifications?
+
+The next point is another simple one: Under United States copyright law, the
+[fair use doctrine][9] permits limited use of a copyrighted work without prior
+consent from the author; it is this doctrine that allows, for example, authors
+and journalists to quote portions of other works to report on or back up their
+arguments. This means that, even if the license did not permit, an author could
+still incorporate *portions* of my work to support their own arguments or agenda,
+regardless of whether or not I may agree with it. This segues into the final
+point.
+
+Who am I to [dictate others opinions][10]? It would not be right of me to limit
+one's freedom simply because they violate my own personal opinions or beliefs.
+Therefore, if this is one condition under which I would decide to restrict my
+creative works, then that reason should be immediately dismissed. This means
+that---within the context of my previous example---if someone wanted to alter
+all the references to "free software" in my work to adapt it to their own
+personal style, then they should be permitted to do so. Such a work is no longer
+my own: They must clearly state that it has been altered from the original.
+Hopefully readers take notice of that. My works are always published on my own
+personal website where the originals can be found; with today's search engines,
+such a task is trivial. If someone neglects to do so---and I do understand that
+many will neglect to do so---then they have not made an informed opinion on the
+material.
+
+Another minor point would be that, for the majority of my works, it is unlikely
+that anyone will be making any sort of alteration.
+
+As such, I find that I have little ground to stand on should I attempt to
+rationalize a more restrictive license. Any remaining arguments, such as "what
+if they sell your content or modify it only slightly and are given more credit
+for the work than they deserve?" are already covered by the free software
+philosophy can may be easily adopted here.
+
+[1]: http://www.gnu.org/licenses/license-list.html#OpinionLicenses
+[2]: http://creativecommons.org/licenses/
+[3]: https://www.gnu.org/copyleft/copyleft.html
+[4]: https://www.gnu.org/copyleft/gpl.html
+[5]: https://www.gnu.org/philosophy/free-sw.html
+[6]: https://www.gnu.org/philosophy/free-doc.html
+[7]: http://www.gnu.org/philosophy/open-source-misses-the-point.html
+[8]: http://creativecommons.org/licenses/by-sa/3.0/legalcode
+[9]: http://en.wikipedia.org/wiki/Fair_use
+[10]: http://www.gnu.org/philosophy/programs-must-not-limit-freedom.html
+
diff --git a/post/2013-07-12-snowden-statement-at-moscow-airport-accepts-asylum-offers.md b/post/2013-07-12-snowden-statement-at-moscow-airport-accepts-asylum-offers.md
new file mode 100644
index 0000000..3c0b66d
--- /dev/null
+++ b/post/2013-07-12-snowden-statement-at-moscow-airport-accepts-asylum-offers.md
@@ -0,0 +1,64 @@
+# Snowden Statement at Moscow Airport; Accepts Asylum Offers
+
+**See Also:** [National Uproar: A Comprehensive Overview of the NSA Leaks and
+Revelations][0]; I have not yet had the time to devote to writing a thorough
+follow-up of recent events and will likely wait until further information and
+leaks are presented.
+
+[Edward Snowden][1]---the whistleblower responsible for [exposing various NSA
+dragnet spying programs][0], among other documents---has been [stuck in the
+Moscow airport][2] for quite some time while trying to figure out how he will
+travel to countries offering him asylum, which may involve traveling through
+territories that may cooperate with the United States' extradition requests.
+
+[0]: /2013/06/national-uproar-a-comprehensive-overview-of-the-nsa-leaks-and-revelations
+[1]: https://en.wikipedia.org/wiki/Edward_Snowden (Now with his own Wikipedia page)
+[2]: http://www.guardian.co.uk/world/2013/jul/01/edward-snowden-escape-moscow-airport
+
+<!-- more -->
+
+Snowden [issued a statement today to Human Rights groups at Moscow's
+Sheremetyevo airport][3], within which he mentioned:
+
+> I announce today my formal acceptance of all offers of support or asylum I
+> have been extended and all others that may be offered in the future. With, for
+> example, the grant of asylum provided by Venezuela’s President Maduro, my
+> asylee status is now formal, and no state has a basis by which to limit or
+> interfere with my right to enjoy that asylum. [...] I ask for your assistance
+> in requesting guarantees of safe passage from the relevant nations in securing
+> my travel to Latin America, as well as requesting asylum in Russia until such
+> time as these states accede to law and my legal travel is permitted. I will be
+> submitting my request to Russia today, and hope it will be accepted
+> favorably.[3]
+
+Snowden had previously [withdrawn his request for political asylum in Russia][4]
+after [Vladmir Putin stated that he could stay][5] only if he stopped "bringing
+harm to our American partners"---something which [Snowden does not believe that
+he is doing][6]. Although Venezuela has offered Snowden asylum, as [explained by
+the Guardian][6], "he remains unable to travel there without travel
+documents". Even if he does obtain travel documents, there are still
+worries---earlier this month, the [Bolivian president's plane was diverted with
+suspicion that Snowden was on board][7], showing that certain countries may be
+willing to aid the U.S. in his extradition or otherwise prevent him from
+traveling.
+
+My focus on these issues will seldom be on Snowden himself---I would prefer to
+focus primarily on what he sacrificed his life to bring to light. But it is
+precisely this sacrifice that makes it important to ensure that Snowden does not
+fall out of the picture (though it does not appear that he will any time soon).
+The Guardian also seems to have adopted the strategy of slowly providing more
+information on the leaks over time---such as the recent revelation that
+[Microsoft cooperated with the NSA's Prisim program to provide access to
+unencrypted contents of Outlook.com, Hotmail, Skype and SkyDrive services][8]; I
+will have more on that later.
+
+I end this with a photograph taken yesterday of [Richard Stallman with Julian
+Assange holding up a picture of Snowden][9] that brings a smile to my face.
+
+[3]: http://wikileaks.org/Statement-by-Edward-Snowden-to.html
+[4]: http://www.guardian.co.uk/world/2013/jul/02/edward-snowden-nsa-withdraws-asylum-russia-putin
+[5]: http://www.guardian.co.uk/world/2013/jul/01/putin-snowden-remain-russia-offer
+[6]: http://m.guardiannews.com/world/2013/jul/12/edward-snowden-accuses-us-illegal-campaign
+[7]: http://www.guardian.co.uk/world/2013/jul/05/european-states-snowden-morales-plane-nsa
+[8]: http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data
+[9]: http://twitpic.com/d279tx
diff --git a/post/2013-08-11-london-trashcan-spies.md b/post/2013-08-11-london-trashcan-spies.md
new file mode 100644
index 0000000..b8c520d
--- /dev/null
+++ b/post/2013-08-11-london-trashcan-spies.md
@@ -0,0 +1,99 @@
+# London Trashcan Spies
+
+We're not talking about kids hiding out in trashcans talking on
+walkie-talkies and giggling to each other.
+
+[Ars has reported on London trashcans][0] rigged to collect the [MAC
+addresses][1] of mobile devices that pass by. Since we do not often see
+mobile devices carrying themselves around, we may as well rephrase this as
+"collect the MAC addresses of people that pass by":
+
+> During a one-week period in June, just 12 cans, or about 10 percent of the
+> company's fleet, tracked more than 4 million devices and allowed company
+> marketers to map the "footfall" of their owners within a 4-minute
+> walking distance to various stores.
+
+[0]: http://arstechnica.com/security/2013/08/no-this-isnt-a-scene-from-minority-report-this-trash-can-is-stalking-you/
+[1]: http://en.wikipedia.org/wiki/MAC_address
+
+<!-- more -->
+
+Your device's---er, *your*---MAC address is a unique identifier that, in
+the case of wireless networks, is used by the networks to state that a
+message is intended specifically for you---something that is necessary since
+wireless devices communicate through open air and, therefore, your device is
+[also able to pick up the communications of other devices][2]:
+
+> In IEEE 802 networks such as Ethernet, token ring, and IEEE 802.11, and in
+> FDDI, each frame includes a destination Media Access Control address (MAC
+> address). In non-promiscuous mode, when a NIC receives a frame, it
+> normally drops it unless the frame is addressed to that NIC's MAC address
+> or is a broadcast or multicast frame.
+
+Therefore, in such networks, a MAC address is required for communication. So
+why does your device freely give away such a unique identifier that can be
+used to track you? Consider that, when wireless is enabled (and, as [the Ars
+article][0] mentions, sometimes [even when it's not][3]), your device
+generally scans your surroundings in order to provide you with a list of
+networks to connect to. This list is generally populated when various access
+points broadcast their own information to advertise themselves so that you
+can select them to connect. However, some access points are hidden---they do
+not broadcast their information, which helps to deter unwanted or malicious
+users. To connect to these access points, you generally provide the name
+that the access point administrator has given to it (e.g. "mysecretap").
+
+Let's say you disconnect from mysecretap. Since the access point (AP) is not
+broadcasting itself, how does your device know when it is available again?
+It must attempt to ping it and see if it gets a response. With this ping is
+your MAC address. Since many devices conveniently like to connect
+automatically to known access points when they become available, it is
+likely that your device is pinging rather frequently.
+
+But what if you do not use hidden access points? Well, it is likely that the
+same issue still stands---what if the access point that you connected to was
+once listed but then becomes hidden? (Maybe the administrator of the access
+point allowed broadcasts for a period of time to allow people to connect
+easily, but then hid it at a later time.) Your device would need to account
+for that, and therefore, to be helpful, likely broadcasts pings for any
+access point you have connected to recently (where "recently" would depend
+on your device).
+
+Now, back to the [NSA][5]-wannabe-trashcans: At this point, all an observer
+must do is lay in wait for those broadcasts and record the MAC addresses. By
+placing these devices at various locations, you could easily track the
+movements of individuals, including their speed, destinations, durations of
+their visits, visit frequencies, favorite areas, dwellings, travel patterns,
+etc. Since devices may broadcast a whole slew of recent access points that
+it connected to, you could also see areas that the owner may have been to
+(oh, I see that you connected to the free wifi in that strip joint). You
+[could be evil][6].
+
+Turn off wireless on your device when you are not using it---especially when
+you are traveling. Ensure that your device [does not continue pinging access
+points when wireless is disabled][3].
+
+Better yet, fight back. Consider exploring how to spoof your MAC address,
+perhaps randomly generating one every so often. Consider the possibilities
+of activist groups that may pollute these spy databases by gathering a list
+of unique MAC addresses of passerbys for the purpose of rebroadcasting them
+at random intervals---which you could even do using long-range antennas
+targeted at these devices.[^7] If done properly to mimic models of common
+travel patterns, the data that these spy devices gather would become
+unreliable.[^8]
+
+Surveillance by any entity---be it [governments][5], corporations,
+individuals or otherwise---is not acceptable.
+
+[2]: http://en.wikipedia.org/wiki/Promiscuous_mode
+[3]: http://arstechnica.com/gadgets/2013/08/review-android-4-3-future-proofs-the-platform-with-multitude-of-minor-changes/3/#p15
+[4]: http://arstechnica.com/security/2013/08/diy-stalker-boxes-spy-on-wi-fi-users-cheaply-and-with-maximum-creep-value/
+[5]: /2013/06/national-uproar-a-comprehensive-overview-of-the-nsa-leaks-and-revelations
+[6]: http://renewlondon.com
+
+[^7]: Disclaimer: Please research your local laws.
+
+[^8]: Of course, it is important that such an activity in itself does not
+violate a person's privacy, and so such collection must be done in a manner
+that cannot in itself identify the person's travel patterns (e.g. by
+not storing information on what access point the data was collected from).
+
diff --git a/post/2013-08-12-facebook-knows-about-you-even-if-you-are-not-a-member.md b/post/2013-08-12-facebook-knows-about-you-even-if-you-are-not-a-member.md
new file mode 100644
index 0000000..d07d2a7
--- /dev/null
+++ b/post/2013-08-12-facebook-knows-about-you-even-if-you-are-not-a-member.md
@@ -0,0 +1,17 @@
+# Facebook knows about you even if you are not a member
+
+An article about [the scope of Facebook's data collection][0] speaks for
+itself; this really does not come as a surprise, but is nonetheless
+unsettling.
+
+[0]: http://www.groovypost.com/news/facebook-shadow-accounts-non-users/
+
+<!-- more -->
+
+Encourage your friends, colleagues and acquaintances to use services like
+[Diaspora][1] that are respectful of your data instead. Better yet: explain
+to those individuals the problems of social media services and ask that they
+respectfully leave you out of it.
+
+[1]: https://joindiaspora.com/
+
diff --git a/post/2013-08-12-windows-81-to-display-targeted-advertisements-on-local-system-searches.md b/post/2013-08-12-windows-81-to-display-targeted-advertisements-on-local-system-searches.md
new file mode 100644
index 0000000..82febd1
--- /dev/null
+++ b/post/2013-08-12-windows-81-to-display-targeted-advertisements-on-local-system-searches.md
@@ -0,0 +1,40 @@
+# Windows 8.1 to display targeted advertisements on local system searches
+
+It is very disturbing that [Microsoft decided that it would be a good idea
+to display targeted ads on local searches][0]---that is, if you search for a
+file on your PC named "finances", you may get ads for finance software,
+taxes, etc. If you search for "porn", well, you get the idea.
+
+> Bing Ads will be an integral part of this new Windows 8.1 Smart Search
+> experience. Now, with a single campaign setup, advertisers can connect
+> with consumers across Bing, Yahoo! and the new Windows Search with highly
+> relevant ads for their search queries. In addition, Bing Ads will include
+> Web previews of websites and the latest features like site links, location
+> and call extensions, making it easier for consumers to complete tasks and
+> for advertisers to drive qualified leads.[[1]]
+
+[0]: http://www.computerworld.com/s/article/9241524/Steven_J._Vaughan_Nichols_Microsoft_Bing_bang_bungles_local_search
+[1]: http://community.bingads.microsoft.com/ads/en/bingads/b/blog/archive/2013/07/02/new-search-ad-experiences-within-windows-8-1.aspx
+
+<!-- more -->
+
+While that is certainly obnoxious, consider the larger issue of privacy
+(which seems to be in the news a lot lately[[2]][[3]]): Late last year, there
+was an uproar in the Free Software community when [Ubuntu decided to query
+Amazon---enabled by default---on local searches][4] using their new Unity
+interface. The problem is that your personal queries are being sent to a
+third party---queries that you generally would expect to be private. If I
+run a `find' or `grep' command on my system, I certainly do not expect it to
+report to Amazon or Microsoft what I am searching for.
+
+And to make matters even worse, Microsoft is exploiting this information to
+allow advertisers to target you. [Ironic.][5]
+
+[Do not use Windows 8][6] (or any other proprietary software, for that
+matter).
+
+[2]: /2013/08/facebook-knows-about-you-even-if-you-are-not-a-member
+[3]: /2013/06/national-uproar-a-comprehensive-overview-of-the-nsa-leaks-and-revelations
+[4]: http://www.fsf.org/blogs/rms/ubuntu-spyware-what-to-do
+[5]: http://www.scroogled.com/email/
+[6]: https://www.fsf.org/windows8
diff --git a/post/2013-08-13-freebsd-clang-and-gcc-copyleft-vs-community.md b/post/2013-08-13-freebsd-clang-and-gcc-copyleft-vs-community.md
new file mode 100644
index 0000000..5c7a226
--- /dev/null
+++ b/post/2013-08-13-freebsd-clang-and-gcc-copyleft-vs-community.md
@@ -0,0 +1,209 @@
+# FreeBSD, Clang and GCC: Copyleft vs. Community
+
+A useful perspective explaining why [FreeBSD is moving away from GCC in
+favor of Clang][0]; indeed, they are moving away from GPL-licensed software
+in general. While this is [not a perspective that I personally agree
+with][1], it is one that I will respect for the project. It is worth
+understanding the opinions of those who disagree with you to better
+understand and formulate your own perspective.
+
+[0]: http://unix.stackexchange.com/a/49970
+[1]: /2012/11/vlcs-move-to-lgpl
+
+But I am still a free software activist.
+
+<!-- more -->
+
+According to the [FreeBSD FAQ][2]:
+
+> The goal of the FreeBSD Project is to provide a stable and fast general
+> purpose operating system that may be used for any purpose without strings
+> attached.
+
+As is mentioned in [the aforementioned article][0], the BSD community does not
+hold the same opinions on what constitutes "without strings
+attached"---the BSD community [considers the restriction on the user's
+right to make proprietary use of the software to be a "string"][2],
+whereas the free software community under [RMS][3] believes that [the
+ability to make a free program proprietary is unjust][4]:
+
+> Making a program proprietary is an exercise of power. Copyright law today
+> grants software developers that power, so they and only they choose the
+> rules to impose on everyone else—a relatively small number of people make
+> the basic software decisions for all users, typically by denying their
+> freedom. When users lack the freedoms that define free software, they
+> can't tell what the software is doing, can't check for back doors, can't
+> monitor possible viruses and worms, can't find out what personal
+> information is being reported (or stop the reports, even if they do find
+> out). If it breaks, they can't fix it; they have to wait for the developer
+> to exercise its power to do so. If it simply isn't quite what they need,
+> they are stuck with it. They can't help each other improve it.
+
+The [Modified BSD License][5] is a GPL-compatible Free Software
+license---that is, software licensed under the Modified BSD license meets
+the requirements of the [Free Software Definition][6]. The additional
+"string" that the BSD community is referring to is the concept of
+[copyleft][7]---Richard Stallman's copyright hack and one of his most
+substantial contributions to free software and free society. To put it into
+the [words of the FSF][7]:
+
+> Copyleft is a general method for making a program (or other work) free,
+> and requiring all modified and extended versions of the program to be free
+> as well.
+
+Critics often adopt the term ["viral" in place of "copyleft"][8] because
+of the requirement that all derivatives must contain the same copyleft
+terms---the derivative must itself be Free Software, perpetually (until, of
+course, the copyright term expires and it becomes part of the public domain,
+[if such a thing will ever happen at this rate][9]). In the case of the
+Modified BSD license---being a more permissive license that is non-copyleft
+and thus allows proprietary derivatives---derivative works that include both
+BSD- and GPL-licensed code essentially consume the [Modified BSD license's
+terms][10], which are a subset of the [GPL's][11]. Of course, this is not
+pursuant to [FreeBSD's goals][2] and so they consider this to be a bad
+thing: There are "strings attached".
+
+This is more demonstrative of the ["open source" philosophy than that of
+"Free Software"][12] (yes, notice the bias in my capitalization of these
+terms).
+
+[Copyleft is important][7] because it ensures that all users will forever
+have the [four fundamental freedoms associated with Free Software][6]. The
+GPL incorporates copyleft; BSD licenses do not. Consider why this is a
+problem: Imagine some software Foo licensed under [the Modified BSD
+license][10]. Foo is free software; it is licensed under a [free software
+license (Modified BSD)][5]. Now consider that someone makes a fork---a
+derivative---of Foo, which we will call "Foobar". Since [the Modified BSD
+license is not copyleft][10], the author of Foobar decides that he or she
+does not wish to release its source code; this is perfectly compliant with
+the Modified BSD license, as it does not require that source code be
+distributed with a binary (it only requires---via its [second
+clause][10]---that the copyright notice, list of conditions and disclaimer be
+provided).
+
+The author has just taken Foo and made it proprietary.
+
+The FreeBSD community is okay with this; [the free software community is
+not][4]. There is a distinction between these two parties: When critics of
+copyleft state that they believe the GPL is "less free" than more
+permissive licenses such as the BSD licenses, they are taking into
+consideration the freedoms of developers and distributors; the GPL, on the
+other hand, explicirly *restricts* these parties' rights in order to protect
+the *users* because those parties are precisely those that seek to *restrict
+the users' freedoms*; we cannot provide such freedoms to developers and
+distributors without sacrificing the rights of the vulnerable users who
+generally do not have the skills to protect themselves from being taken
+advantage of.[^13] Free software advocates have exclusive, unwaivering
+loyalty to users.
+
+As an example of the friction between the two communities, consider a
+concept that has been termed ["tivoization"][14]:
+
+> Tivoization means certain “appliances” (which have computers inside)
+> contain GPL-covered software that you can't effectively change, because
+> the appliance shuts down if it detects modified software. The usual
+> motive for tivoization is that the software has features the manufacturer
+> knows people will want to change, and aims to stop people from changing
+> them. The manufacturers of these computers take advantage of the freedom
+> that free software provides, but they don't let you do likewise.
+
+This [anti-feature][15] is a type of [Digital Restrictions Management
+(DRM)][16] that exposes a [loophole in the GPL that was closed in
+Section 3 of the GPLv3][14], which [requires that][11]:
+
+> When you convey a covered work, you waive any legal power to forbid
+> circumvention of technological measures to the extent such circumvention
+> is effected by exercising rights under this License with respect to the
+> covered work, and you disclaim any intention to limit operation or
+> modification of the work as a means of enforcing, against the work's
+> users, your or third parties' legal rights to forbid circumvention of
+> technological measures.
+
+Unfortunately, not everyone has agreed with this move. A number of
+[developers of the kernel Linux expressed their opposition of GPLv3][17]. In
+response to the aforementioned GPLv3 provision, they stated:
+
+> While we find the use of DRM by media companies in their attempts to reach
+> into user owned devices to control content deeply disturbing, our belief
+> in the essential freedoms of section 3 forbids us from ever accepting any
+> licence which contains end use restrictions. The existence of DRM abuse is
+> no excuse for curtailing freedoms.
+
+Linus Torvalds---the original author of the kernel Linux---also [expressed
+his distaste toward the GPLv3][18]; the kernel is today still licensed under
+the GPLv2.
+
+[The BSD camp has similar objections][19]:
+
+> Appliance vendors in particular have the most to lose if the large body of
+> software currently licensed under GPLv2 today migrates to the new license.
+> They will no longer have the freedom to use GPLv3 software and restrict
+> modification of the software installed on their hardware. High support
+> costs ("I modified the web server on my Widget 2000 and it stopped
+> running...") and being unable to guarantee adherence to specifications in
+> order to gain licensing (e.g. FCC spectrum use, Cable TV and media DRM
+> requirements) are only two of a growing list of issues for these
+> users. --Justin Gibbs, VP of The FreeBSD Foundation
+
+My thoughts while reading the above where echoed by Gibbs further on in his
+statement: "[T]he stark difference between the BSD licensing philosophy and
+that of the Free Software Foundation are only too clear." For the FreeBSD
+community, this is a very serious issue and their argument is certainly a
+legitimate concern on the surface. However, it is an argument that the Free
+Software community would do well to reject: Why would we wish to sacrifice
+users' freedoms for any reason, let alone these fairly absurd ones. In
+particular, a support contract could dictate that only unmodified software
+will be provided assistance and even mandate that the hardware indicate
+changes in software: like breaking the "void" sticker when opening a
+hardware component. Moreover, how frequently would such a situation
+actually happen relative to their entire customer base? My guess is: fairly
+infrequently. The second issue is a more complicated one, as I am not as
+familiar on such topics, but a manufacturer can still assert that the
+software that it provides with its devices is compliant. If the compliance
+process forbids any possibility of brining the software into
+non-compliance---that is, allowing the user to modify the software---then
+the hardware manufacturer can choose to not use free software (and free
+software advocates will subsequently reject it until standards bodies grow
+up).
+
+As I mentioned at the beginning of this article: this is a view that I will
+respect for the project. I disagree with it, but FreeBSD is still free
+software and we would do well not to discriminate against it simply because
+someone else may decide to bastardize it and betray their users by making it
+proprietary or providing [shackles][16]. However, provided the licensing;
+option for your own software, you should choose the GPL.
+
+**Colophon:** The title of this article is a play on [RMS' "Copyright vs.
+Communty"][20], which is a title to a speech he frequently provides
+worldwide. His speech covers how copyright works against the interests of
+the community; here, BSD advocates aruge that [copyleft][7] works against
+the interests of *their* community and their users; I figured that I would
+snag this title as a free software advocate before someone else opposing
+copyleft did.
+
+[2]: http://www.freebsd.org/doc/faq/introduction.html#FreeBSD-goals
+[3]: http://en.wikipedia.org/wiki/Richard_Stallman
+[4]: http://www.gnu.org/philosophy/freedom-or-power.html
+[5]: http://www.gnu.org/licenses/license-list.html#ModifiedBSD
+[6]: http://www.gnu.org/philosophy/free-sw.html
+[7]: http://www.gnu.org/copyleft/
+[8]: http://en.wikipedia.org/wiki/Copyleft#Viral_licensing
+[9]: http://www.gnu.org/philosophy/misinterpreting-copyright.html
+[10]: http://en.wikipedia.org/wiki/BSD_licenses
+[11]: http://www.gnu.org/licenses/gpl.html
+[12]: http://www.gnu.org/philosophy/open-source-misses-the-point.html
+
+[^13]: Technically, the GPL exercises restrictions only on distributors; a
+ developer can integrate GPL'd code into their proprietary software so
+ long as they do not distribute it [(as defined in the GPL)][11]. However,
+ developers often have to cater to distributors, since software will
+ generally be distributed; if it is not, then it is not relevant to this
+ discussion.
+
+[14]: http://www.gnu.org/licenses/rms-why-gplv3.html
+[15]: http://www.fsf.org/blogs/community/antifeatures
+[16]: http://www.defectivebydesign.org/what_is_drm_digital_restrictions_management
+[17]: http://lwn.net/Articles/200422/
+[18]: http://en.wikipedia.org/wiki/Linux_kernel
+[19]: http://www.freebsdfoundation.org/press/2007Aug-newsletter.shtml
+[20]: http://www.gnu.org/philosophy/copyright-versus-community.html
diff --git a/post/2013-08-13-measuring-air-temperature-with-phone-batteries.md b/post/2013-08-13-measuring-air-temperature-with-phone-batteries.md
new file mode 100644
index 0000000..c2f419b
--- /dev/null
+++ b/post/2013-08-13-measuring-air-temperature-with-phone-batteries.md
@@ -0,0 +1,64 @@
+# Measuring Air Temperature With Phone Batteries
+
+OpenSignal---a company responsible for mapping wireless signal
+strength by gathering data using mobile device software---noticed [an
+interest correlation between battery temperature on devices and air
+temperature][0].
+
+> Aggregating daily battery temperature readings to city level revealed a
+> strong correlation with historic outdoor air temperature. With a
+> mathematical transformation, the average battery temperature across a
+> group of phones gives the outdoor air temperature.
+
+[0]: http://opensignal.com/reports/battery-temperature-weather/
+
+<!-- more -->
+
+**Note:** Graph renderings on their website require proprietary JavaScript, but
+the article does describe it in detail, so it is not necessary. In
+particular, note that, from [their provided equation][0], their scaling factor
+`m' implies that there is a smaller variance in battery temperature in the
+graph than there is in the actual air temperature, but that there is still a
+correlation.
+
+This is an interesting find. The article further states that "[...] we have
+one data point where the Android data is actually more reliable than the
+traditional source."
+
+Such data can be very useful in providing decentralized data, so long as
+[issues of privacy][1] are addressed. Doing so is not terribly difficult,
+but would have a number of factors. In particular, the user would need the
+means to submit data anonymously, which could be done via software/networks
+such as [Tor][2]. GPS location data is certainly a privacy issue when it is
+tied to your mobile device, but fortunately, it's unneeded: you can trust
+your users to let you know where they reside by either (a) opting into using
+location services or (b) allowing them to specify a location or approximate
+location of their choosing (approximations would be important since a user
+may not wish to change their location manually while they travel, say, to
+and from work). If enough devices submit data, then legitimate data would
+drown out those who are trying to purposefully pollute the database. Such an
+example can be seen with Bitcoin, in which networks will [reach a consensus
+on correct blockchains][3] so long as "a majority of computing power is
+controlled by nodes that are not cooperating to attack the network". Of
+course, users would be able to pollute the network by sending false data as
+it is, and the [data is already tarnished from various factors such as body
+heat][0].
+
+Of course, I do assume that mobile devices will contain temperature sensors
+in the future; [some already do][4] (but I cannot encourage their use, as
+they use [proprietary software][5]). However, this is still a clever hack (I
+suppose that term is redundant). In my searching while writing this article,
+I did notice [prior examples of ambient temperature readings using Android
+software][6] ([proprietary][5]), but the software does not aggregate data
+for purposes of determining weather patterns.
+
+Finally, please do not download OpenSignal's app; it too is
+[proprietary][5]; this discussion was purely from a conceptual standpoint
+and does not endorse any software.
+
+[1]: /2013/08/london-trashcan-spies
+[2]: https://www.torproject.org/
+[3]: http://en.wikipedia.org/wiki/Protocol_of_Bitcoin
+[4]: http://stackoverflow.com/a/11628921
+[5]: http://www.gnu.org/philosophy/free-sw.html
+[6]: https://play.google.com/store/apps/details?id=androidesko.android.electronicthermometer&hl=en
diff --git a/post/2014-03-20-re-freebsd-clang-and-gcc-copyleft-vs-community.md b/post/2014-03-20-re-freebsd-clang-and-gcc-copyleft-vs-community.md
new file mode 100644
index 0000000..30fd0d8
--- /dev/null
+++ b/post/2014-03-20-re-freebsd-clang-and-gcc-copyleft-vs-community.md
@@ -0,0 +1,60 @@
+# Re: FreeBSD, Clang and GCC: Copyleft vs. Community
+
+I recently received a comment via e-mail from a fellow GNU hacker Antonio
+Diaz, who is the author and maintainer of [GNU Ocrad][0], a [free (as in
+freedom)][1] optical character recognition (OCR) program. His comment was in
+response to my article entitled [FreeBSD, Clang and GCC: Copyleft vs.
+Community][2], which details the fundamental difference in philosophy
+between free software and "open source".
+
+[0]: https://www.gnu.org/software/ocrad/ocrad.html
+[1]: https://www.gnu.org/philosophy/free-sw.html
+[2]: /2013/08/freebsd-clang-and-gcc-copyleft-vs.community
+
+I found Antonio's perspective to be enlightening, so I asked for his
+permission to share it here.
+
+<!-- more -->
+
+> I imagine a world where all the Free Software is GPLed. The amount and
+> usefulness of Free Software grows incesantly because free projects can
+> reuse the code of previous free projects. Proprietary software is
+> expensive because every company has to write most of its "products" from
+> scratch. Most people use Free Software, and proprietary software is mainly
+> used for specialized tasks for which no free replacement exists yet.
+>
+> Now I imagine a world where all the Free Software is really "open source"
+> (BSD license). Free Software is restricted to the operating system and
+> basic aplications because the license does not guarantee reciprocity.
+> Proprietary software is cheap to produce because it is built using the
+> code of free projects, but it is expensive for the user (in money and
+> freedom) because there is no real competition from Free Software. Most
+> people use proprietary software, as Free Software is too basic for most
+> tasks.
+>
+> I think "open source" organizations (specially BSD) are wilfully
+> destroying the long-term benefits for society of the GPL, and they are
+> doing it for short-term benefits like popularity and greed:
+>
+> "As these companies devise strategies for dealing with GPLv3, so must the
+> FreeBSD community - strategies that capitalize on this opportunity to
+> increase adoption of FreeBSD." "Fundraising Update [...] This has
+> increased the number of people actively approaching companies to make
+> large contributions."
+>
+> https://www.freebsdfoundation.org/press/2007Aug-newsletter.shtml
+>
+> Human beings have an innate sense of justice. In absence of reciprocity
+> one wants to be paid, but I think that reciprocity is much better for
+> society in the long term.[^3]
+
+Antonio compels us to think toward the future: while developers releasing
+their code under permissive licenses like the [Modified BSD License][4] are
+still making a generous contribution to the free software community today,
+it may eventually lead to negative consequences by empowering non-free
+software tomorrow.
+
+[^3]: Comment by Antonio Diaz; the only modifications made were for
+formatting.
+
+[4]: https://www.gnu.org/licenses/license-list.html#ModifiedBSD
diff --git a/post/2014-05-16-fsf-condemns-partnership-between-mozilla-and-adobe-to-support-drm.md b/post/2014-05-16-fsf-condemns-partnership-between-mozilla-and-adobe-to-support-drm.md
new file mode 100644
index 0000000..3c939f7
--- /dev/null
+++ b/post/2014-05-16-fsf-condemns-partnership-between-mozilla-and-adobe-to-support-drm.md
@@ -0,0 +1,128 @@
+# FSF Condemns Partnership Between Mozilla and Adobe to Support DRM
+
+Two days ago, the Free Software Foundation published [an announcement
+strongly condemning Mozilla's partnership with Adobe][0] to implement the
+[controversial W3C Encrypted Media Extensions (EME) API][1]. EME has been
+strongly criticized by a number of organizations, including the [EFF][2] and
+the [FSF's DefectiveByDesign campaign team][3] ("Hollyweb").
+
+[Digital Restrictions Management][4] imposes artificial restrictions on
+users, telling them what they can and cannot do; it is a system [that does
+not make sense][5] and is harmful to society. Now, just about [a week after
+the International Day Against DRM][6], Mozilla decides to [cave into the
+pressure in an attempt to stay relevant][7] to modern web users, instead of
+sticking to their [core philosophy about "openness, innovation, and
+opportunity"][8].
+
+[0]: http://www.fsf.org/news/fsf-condemns-partnership-between-mozilla-and-adobe-to-support-digital-restrictions-management
+[1]: https://dvcs.w3.org/hg/html-media/raw-file/tip/encrypted-media/encrypted-media.html
+[2]: https://www.eff.org/deeplinks/2013/03/defend-open-web-keep-drm-out-w3c-standards
+[3]: /2013/03/defective-by-design-campaign-against-w3c-drm-standard
+[4]: http://www.defectivebydesign.org/what_is_drm_digital_restrictions_management
+[5]: https://plus.google.com/+IanHickson/posts/iPmatxBYuj2
+[6]: http://www.defectivebydesign.org/dayagainstdrm
+[7]: https://blog.mozilla.org/blog/2014/05/14/drm-and-the-challenge-of-serving-users/
+[8]: http://www.mozilla.org/en-US/about/manifesto/
+
+John Sullivan requested in the [FSF's announcement] that the community
+contact Mozilla CTO Andreas Gal in opposition of the decision. This is my
+message to him:
+
+<!-- more -->
+
+```
+Date: Wed, 14 May 2014 22:57:02 -0400
+From: Mike Gerwitz <mikegerwitz@gnu.org>
+To: agal@mozilla.com
+Subject: Firefox EME
+
+Andreas,
+
+I am writing to you as a free software hacker, activist, and user; notably,
+I have been using Firefox for over ten years. It has been pivotal, as I do
+not need to tell you, in creating a free (as in freedom), standard, and
+accessible internet for millions of users. Imagine my bewildered
+disappointment, then, to learn that Firefox has chosen to cave into the
+pressure to [support Digital Restrictions Management through the
+implementation of EME][0].
+
+Mitchell Baker made a feeble attempt at [rationalizing this decision][0] as
+follows:
+
+ [...] Mozilla alone cannot change the industry on DRM at this point. In
+ the past Firefox has changed the industry, and we intend to do so again.
+ Today, however, we cannot cause the change we want regarding DRM. The
+ other major browser vendors =E2=80=94 Google, Microsoft and Apple have already
+ implemented the new system. In addition, the old system will be retired
+ shortly. As a result, the new implementation of DRM will soon become the
+ only way browsers can provide access to DRM-controlled content.
+
+She goes on to explain how "video is an important aspect of online life"
+and that Firefox would be "deeply flawed as a consumer product" if it did
+not implement Digital Restrictions Management. This is precisely the FUD
+that the "content owners" she describes, and corporations like Adobe, have
+been pushing: Mozilla understands that the solution is not to implement DRM,
+but to fight to encourage content to be published *without* being
+DRM-encumbered. Unfortunately, they will now have little motivation to do
+so, with every major browser endorsing EME.
+
+She defers to a post by Andreas Gal [for more implementation details][1], in
+which he mentions that the proprietary CDM virus (which will be happily
+provided by Adobe) will be protected by a sandbox to prevent certain spying
+activities like fingerprinting. While this is better than nothing, it's a
+clear attempt by Mozilla to help make a terrible situation a little bit
+better.
+
+He goes on to say:
+
+ There is also a silver lining to the W3C EME specification becoming
+ ubiquitous. With direct support for DRM we are eliminating a major use
+ case of plugins on the Web, and in the near future this should allow us to
+ retire plugins altogether.=20
+
+Let us not try to veil the problem and make things look more rosy than they
+actually are: this is not a silver lining; it is not appropriate to have a
+standardized way of manipulating and taking advantage of users.
+
+It is true that Firefox was in an unfortunate position: many users would
+indeed grow frustrated that they cannot watch their favorite TV shows and
+movies using Firefox. But Firefox could have served, when the EME API was
+used, static content that provided a brief explanation and a link for more
+information on the problem. They could have educated users and encourage an
+even stronger outcry.
+
+Instead, we are working with the corrupt W3C to implement a seamlessly
+shackled web. Mozilla wants to propose alternative solutions to DRM/EME, but
+by implementing it, their position is weakened.
+
+ This is a difficult and uncomfortable step for us given our vision of a
+ completely open Web, but it also gives us the opportunity to actually
+ shape the DRM space and be an advocate for our users and their rights in
+ this debate. [1]
+
+Such advocacy has been done and can continue to be done by Mozilla without
+the implementation of EME; once implemented, the standard will be virtually
+solidified---what is the incentive for W3C et. al. to find alternatives to a
+system that is already "better than" the existing Flash and Silverlight
+situation?
+
+On behalf of the free software community, I strongly encourage your
+reconsideration on the matter. Mozilla is valued by the free software
+community for its attention to freedoms. Stand with us and fight. You're in
+a powerful position to do so.
+
+[0]: https://blog.mozilla.org/blog/2014/05/14/drm-and-the-challenge-of-serving-users/
+[1]: https://hacks.mozilla.org/2014/05/reconciling-mozillas-mission-and-w3c-eme/
+```
+
+The following day, I [submitted the FSF announcement to HackerNews][9]
+(surprised that it was not there already) in an attempt to bring further
+coverage to the matter and hopefully spur on some discussion. And discuss
+they did: it was on the front page for the entire day and, at the time of
+writing, boasts 261 comments, many of them confused and angry. I sent the HN
+link to Andreas in a follow-up as well.
+
+Mozilla has a vast userbase and is in the position to fight for a DRM-free
+web. Please voice your opinion and hope that they reverse their decision.
+
+[9]: https://news.ycombinator.com/item?id=7749108
diff --git a/post/2014-11-30-please-stop-using-slideshare.md b/post/2014-11-30-please-stop-using-slideshare.md
new file mode 100644
index 0000000..144839c
--- /dev/null
+++ b/post/2014-11-30-please-stop-using-slideshare.md
@@ -0,0 +1,65 @@
+# Please stop using SlideShare
+
+There are many great presentations out there---many that I enjoy
+reading, or that I would enjoy to read. Unfortunately, many of them
+are hosted on SlideShare, which requires me to download proprietary
+JavaScript.
+
+[JavaScript programs require the same freedoms as any other
+software][0]. While SlideShare does (sometimes/always?) provide a
+transcript in plain text---which is viewable without JavaScript---this
+is void of the important and sometimes semantic formatting/images that
+presenters put much time into; you know: the actual presentation bits.
+(I'm a fan of plain-text presentations, but they each have their own
+design elements).
+
+[0]: https://www.gnu.org/software/easejs/whyfreejs.html
+
+There are ways around this. SlideShare's interactive UI appears to
+simply be an image viewer, so it is possible to display all sides
+using a fairly simple hack:
+
+<!-- more -->
+
+```javascript
+Array.prototype.slice.call(
+ document.getElementsByClassName( 'slide' ) )
+ .forEach( function( slide ) {
+ slide.classList.add( 'show' );
+
+ var img = slide.getElementsByClassName( 'slide_image' )[0];
+ img.src = img.dataset.full;
+ } );
+```
+
+This will display all slides inline. But there's a clear problem with
+this: how is the non-JS-programmer supposed to know that? Even
+JavaScript programmers have to research the issue in order to come up
+with a solution.
+
+But ideally, I'd like to download the presentation PDF. SlideShare
+does offer a download link, but not only does it not work with
+JavaScript disabled, but it requires that the user create an account.
+This is no good, as it can be used to track users or discover
+identities by analyzing viewing habits. This would allow
+de-anonymizing users, even if they have [taken measures to remain
+anonymous][1].
+
+(By the way: at the time that I wrote this post, the [EFF's
+Surveillance Self-Defense Guide][1] is [LibreJS compatible][2] and the
+JavaScript code that it runs is mostly free.)
+
+I encourage presenters (and authors in general) to release the slides
+in an [unencumbered document format][3], like PDF, HTML, OpenDocument,
+or plain text. Those formats should be hosted on their own website,
+or websites that allow downloading those files without having to
+execute proprietary JavaScript, and without having to log in. If
+those authors *must* use SlideShare for whatever reason, then they
+should clearly provide a link to that free document format somewhere
+that users can access without having to execute SlideShare's
+proprietary JavaScript, such as on the first slide. (The description
+is iffy, since it is truncated and requires JavaScript to expand.)
+
+[1]: https://ssd.eff.org/
+[2]: https://www.gnu.org/software/librejs/
+[3]: http://www.fsf.org/campaigns/opendocument/reject
diff --git a/post/2015-05-20-gitlab-gitorious-and-free-software.md b/post/2015-05-20-gitlab-gitorious-and-free-software.md
new file mode 100644
index 0000000..916d4d3
--- /dev/null
+++ b/post/2015-05-20-gitlab-gitorious-and-free-software.md
@@ -0,0 +1,257 @@
+# Gitlab, Gitorious, and Free Software
+
+*This article originally appeared as a guest post on the [GitLab
+blog][orig-post].*
+
+In early March of this year, it was announced that
+[GitLab would acquire Gitorious][0] and shut down `gitorious.org` by 1
+June, 2015. [Reactions from the community][1] were mixed, and
+understandably so: while GitLab itself is a formidable alternative to wholly
+proprietary services, its acquisition of Gitorious strikes a chord with the
+free software community that gathered around Gitorious in the name of
+[software freedom][2].
+
+[0]: https://about.gitlab.com/2015/03/03/gitlab-acquires-gitorious/
+[1]: https://news.ycombinator.com/item?id=9138419
+[2]: https://www.gnu.org/philosophy/free-sw.html
+
+<!-- more -->
+
+After hearing that announcement,
+[as a free software hacker and activist myself][11], I was naturally
+uneasy. Discussions of alternatives to Gitorious and GitLab ensued on the
+[`libreplanet-discuss`][12] mailing list. Sytse Sijbrandij (GitLab
+B.V. CEO) happened to be present on that list;
+[I approached him very sternly][13] with a number of concerns, just as I
+would with anyone that I feel does not understand certain aspects of the
+[free software philosophy][2]. To my surprise, this was not the case at
+all.
+
+Sytse has spent a lot of time accepting and considering community input for
+both the Gitorious acquisition and GitLab itself. He has also worked with
+me to address some of the issues that I had raised. And while these issues
+won't address everyone's concerns, they do strengthen GitLab's commitment to
+[software freedom][2], and are commendable.
+
+I wish to share some of these details here; but to do so, I first have to
+provide some background to explain what the issues are, and why they are
+important.
+
+
+## Free Software Ideology
+[Gitorious][3] was (and still is) one of the most popular Git repository
+hosts, and largely dominated until the introduction of GitHub. But even as
+users flocked to [GitHub's proprietary services][28], users who value freedom
+continued to support Gitorious, both on `gitorious.org` and by installing
+their own instances on their own servers. Since Gitorious is
+[free software][2], users are free to study, modify, and share it with
+others. But [software freedom does not apply to Services as a
+Software Substitute (SaaSS)][4] or remote services---you cannot apply the
+[four freedoms][2] to something that you do not yourself possess---so why do
+users still insist on using `gitorious.org` despite this?
+
+The matter boils down to supporting a philosophy: The
+[GNU General Public License (GPL)][6] is a license that turns copyright on
+its head: rather than using copyright to restrict what users can do with a
+program, the GPL instead [ensures users' freedoms][8] to study, modify, and
+share it. But that isn't itself enough: to ensure that the software always
+remains free (as in freedom), the GPL ensures that all *derivatives* are
+*also* licensed under similar terms. This is known as [copyleft][9], and it
+is vital to the free software movement.
+
+Gitorious is licensed under the
+[GNU Affero General Public License Version 3 (AGPLv3)][5]---this takes the
+[GPL][6] and adds an additional requirement: if a modified version of the
+program is run on a sever, users communicating with the program on that
+server must have access to the modified program's source code. This ensures
+that [modifications to the program are available to all users][7]; they
+would otherwise be hidden in private behind the server, with others unable
+to incorporate, study, or share them. The AGPLv3 is an ideal license for
+Gitorious, since most of its users will only ever interact with it over a
+network.
+
+GitLab is also free software: its [Expat license][10] (commonly referred to
+ambiguously as the "MIT license") permits all of the same freedoms that
+are granted under the the GNU GPL. But it does so in a way that is highly
+permissive: it permits relicensing under *any* terms, free or not. In other
+words, one can fork GitLab and derive a proprietary version from it, making
+changes that deny users [their freedoms][2] and cannot be incorporated back
+into the original work.
+
+This is the issue that the free software community surrounding Gitorious has
+a problem with: any changes contributed to GitLab could in turn benefit a
+proprietary derivative. This situation isn't unique to GitLab: it applies
+to all non-copyleft ("permissive") [free software licenses][26]. And this
+issue is realized by GitLab itself in the form of its GitLab Enterprise
+Edition (GitLab EE): a proprietary derivative that adds additional
+features atop of GitLab's free Community Edition (CE). For this reason,
+many free software advocates are uncomfortable contributing to GitLab, and
+feel that they should instead support other projects; this, in turn, means
+not supporting GitLab by using and drawing attention to their hosting
+services.
+
+The copyleft vs. permissive licensing debate is one of the free software
+movement's most heated. I do not wish to get into such a debate here. One
+thing is clear: GitLab Community Edition (GitLab CE) is free
+software. Richard Stallman (RMS) [responded directly to the thread on
+`libreplanet-discuss`][20], stating plainly:
+
+> We have a simple way of looking at these two versions. The free
+> version is free software, so it is ethical. The nonfree version is
+> nonfree software, so it is not ethical.
+
+Does GitLab CE deserve attention from the free software community? I
+believe so. Importantly, there is another strong consideration: displacing
+proprietary services like GitHub and Bitbucket, which host a large number of
+projects and users. GitLab has a strong foothold, which is an excellent
+place for a free software project to be in.
+
+If we are to work together as a community, we need to respect GitLab's
+free licensing choices just as we expect GitLab to respect ours. Providing
+respect does not mean that you are conceding: I will never personally use a
+non-copyleft license for my software; I'm firmly rooted in my dedication to
+the [free software philosophy][2], and I'm sure that many other readers are
+too. But using a non-copyleft license, although many of us consider it to
+be a weaker alternative, [is not wrong][23].
+
+
+## Free JavaScript
+As I mentioned above,
+[software freedom and network services are separate issues][4]---the four
+freedoms do not apply to interacting with `gitlab.com` purely over a network
+connection, for example, because you are not running its software on your
+computer. However, there is an overlap: JavaScript code downloaded to be
+executed in your web browser.
+
+[Non-free JavaScript][15] is a particularly nasty concern: it is software
+that is downloaded automatically from a server---often without prompting
+you---and then immediately executed. Software is now being executed on your
+machine, and [your four freedoms][2] are once again at risk. This, then,
+[is the primary concern][16] for any users visiting `gitlab.com`: not only
+would this affect users that use `gitlab.com` as a host, but it would also
+affect *any user that visits* the website. That would be a problem, since
+hosting your project there would be inviting users to run proprietary
+JavaScript.
+
+As I was considering migrating my projects to GitLab, this was the
+[first concern I brought up to Sytse][14]. This problem arises because
+`gitlab.com` uses a GitLab EE instance: if it had used only its Community
+Edition (GitLab CE)---which is free software---then all served JavaScript
+would have been free. But any scripts served by GitLab EE that are not
+identical to those served by GitLab CE are proprietary, and therefore
+unethical. This same concern applies to GitHub, Bitbucket, and other
+proprietary hosts that serve JavaScript.
+
+Sytse surprised me by stating that he would be willing to
+[freely license all JavaScript in GitLab EE][17], and by offering to give
+anyone access to the GitLab EE source code who wants to help out. I took
+him up on that offer. Initially, I had submitted a patch to merge all
+GitLab EE JavaScript into GitLab CE, but Sytse came up with another,
+superior suggestion, that ultimately provided even greater reach.
+
+**I'm pleased to announce that Sytse and I were able to agree on a license
+change (with absolutely no friction or hesitation on his part) that
+liberates all JavaScript served to the client from GitLab EE instances.**
+There are two concerns that I had wanted to address: JavaScript code
+directly written for the client, and any code that produced JavaScript as
+output. In the former case, this includes JavaScript derived from other
+sources: for example, GitLab uses CoffeeScript, which compiles *into*
+JavaScript. The latter case is important: if there is any code that
+generates fragments of JavaScript---e.g. dynamically at runtime---then that
+code must also be free, or users would not be able to modify and share the
+resulting JavaScript that is actually being run on the client. Sytse
+accepted my change verbatim, while adding his own sentence after mine to
+disambiguate. At the time of writing this post, GitLab EE's source code
+isn't yet publicly visible, so here is the relevant snippet from its
+`LICENSE` file:
+
+> The above copyright notices applies only to the part of this Software that
+> is not distributed as part of GitLab Community Edition (CE), and that is
+> not a file that produces client-side JavaScript, in whole or in part. Any
+> part of this Software distributed as part of GitLab CE or that is a file
+> that produces client-side JavaScript, in whole or in part, is copyrighted
+> under the MIT Expat license.
+
+
+## Further Discussion
+My discussions with Sytse did not end there: there are other topics that
+have not been able to be addressed before my writing of this post that would
+do well to demonstrate commitment toward [software freedom][2].
+
+The license change liberating client-side JavaScript was an excellent
+move. To expand upon it, I wish to submit a patch that would make GitLab
+[LibreJS compliant][21]; this provides even greater guarantees, since it
+would allow for users to continue to block other non-free JavaScript that
+may be served by the GitLab instance, but not produced by it. For example:
+a website/host that uses GitLab may embed proprietary JavaScript, or modify
+it without releasing the source code. Another common issue is the user of
+analytics software; `gitlab.com` uses Google Analytics.
+
+If you would like to help with LibreJS compliance, please [contact me][11].
+
+I was brought into another discussion between Sytse and RMS that is
+unrelated to the GitLab software itself, but still a positive demonstration
+of a commitment to [software freedom][2]---the replacement of Disqus on the
+`gitlab.com` blog with a free alternative. Sytse ended up making a
+suggestion, saying he'd be "happy to switch to" [Juvia][22] if I'd help with
+the migration. I'm looking forward to this, as it is an important
+discussion area (that I honestly didn't know existed until Sytse told me
+about it, because I don't permit proprietary JavaScript!). He was even kind
+enough to compile a PDF of comments for one of our discussions, since he was
+cognizant ahead of time that I would not want to use Disqus. (Indeed, I
+will be unable to read and participate in the comments to this guest post
+unless I take the time to freely read and reply without running Disqus'
+proprietary JavaScript.)
+
+Considering the genuine interest and concern expressed by Sytse in working
+with myself and the free software community, I can only expect that GitLab
+will continue to accept and apply community input.
+
+It is not possible to address the copyleft issue without a change in
+license, which GitLab is not interested in doing. So the best way to
+re-assure the community is through action. [To quote Sytse][18]:
+
+> I think the only way to prove we're serious about open source is in our
+> actions, licenses or statements don't help.
+
+There are fundamental disagreements that will not be able to be
+resolved between GitLab and the free software community---like their
+["open core" business model][19]. But after working with Sytse and seeing
+his interactions with myself, RMS, and many others in the free software
+community, I find his actions to be very encouraging.
+
+*Are you interested in helping other websites liberate their JavaScript?
+ Consider [joining the FSF's campaign][27], and
+ [please liberate your own][16]!*
+
+*This post is licensed under the
+ [Creative Commons Attribution-ShareAlike 3.0 Unported License][25].*
+
+[3]: https://gitorious.org/
+[4]: https://www.gnu.org/philosophy/who-does-that-server-really-serve.html
+[5]: https://www.gnu.org/licenses/agpl.html
+[6]: https://www.gnu.org/licenses/gpl.html
+[7]: https://www.gnu.org/licenses/why-affero-gpl.html
+[8]: https://www.gnu.org/licenses/quick-guide-gplv3.html
+[9]: https://www.gnu.org/philosophy/pragmatic.html
+[10]: https://www.gnu.org/licenses/license-list.html#Expat
+[11]: http://mikegerwitz.com/
+[12]: https://lists.gnu.org/mailman/listinfo/libreplanet-discuss
+[13]: https://lists.gnu.org/archive/html/libreplanet-discuss/2015-03/msg00075.html
+[14]: https://lists.gnu.org/archive/html/libreplanet-discuss/2015-04/msg00019.html
+[15]: https://www.gnu.org/philosophy/javascript-trap.html
+[16]: https://www.gnu.org/software/easejs/whyfreejs.html
+[17]: https://lists.gnu.org/archive/html/libreplanet-discuss/2015-04/msg00020.html
+[18]: https://news.ycombinator.com/item?id=9141801
+[19]: https://lists.gnu.org/archive/html/libreplanet-discuss/2015-03/msg00076.html
+[20]: https://lists.gnu.org/archive/html/libreplanet-discuss/2015-03/msg00095.html
+[21]: https://www.gnu.org/software/librejs/free-your-javascript.html
+[22]: https://github.com/phusion/juvia
+[23]: https://www.fsf.org/blogs/rms/selling-exceptions
+[24]: https://gnu.org/software/easejs
+[25]: http://creativecommons.org/licenses/by-sa/3.0/
+[26]: https://www.gnu.org/licenses/license-list.html
+[27]: https://fsf.org/campaigns/freejs
+[28]: http://mikegerwitz.com/about/githubbub
+[orig-post]: https://about.gitlab.com/2015/05/20/gitlab-gitorious-free-software/
+
diff --git a/post/2015-11-20-comcast-injects-javascript-into-web-pages.md b/post/2015-11-20-comcast-injects-javascript-into-web-pages.md
new file mode 100644
index 0000000..2677b13
--- /dev/null
+++ b/post/2015-11-20-comcast-injects-javascript-into-web-pages.md
@@ -0,0 +1,60 @@
+# Comcast injects JavaScript into web pages
+
+It seems that Comcast has decided that it is a good idea to [inject
+JavaScript into web pages][js] visited by its customers in order to inform
+them of Copyright violations.
+
+[js]: https://gist.github.com/Jarred-Sumner/90362639f96807b8315b
+
+This is a huge violation of user privacy and trust. Further, it shows that
+an ISP (and probably others) feel that they have the authority to dictate
+what is served to the user on a free (as in speech) Internet. Why should we
+believe that they won't start injecting other types of scripts that spy on
+the user or introduce advertising? What if a malicious actor compromises
+Comcast's servers and serves exploits to users?
+
+It is no surprise that Comcast is capable of doing this---they know the IP
+address of the customer, so they are able to intercept traffic and alter it
+in transit. But the fact that they _can_ do this demonstrates something far
+more important: _that they have spent the money on the infrastructure to do
+so_!
+
+<!-- more -->
+
+Comcast isn't the only ISP to have betrayed users by injecting data. One
+year ago, it was discovered that [Verizon was injecting "perma-cookies" into
+requests to track users][verizon]. This is only one example of the
+insidious abuses that unchecked ISPs can take.
+
+So what can you do to protect yourself?
+
+What Comcast is doing is called a [man-in-the-middle (MITM) attack][mitm]:
+Comcast sits in the middle of you and your connection to the website that
+you are visiting, proxying your request. Before relaying the website's
+response to you, it modifies it.
+
+In order to do this, Comcast needs to be able to read your communications,
+and must be able to modify them: the request must be read in order to
+determine how the JavaScript should be injected and what request it should
+be injected into; and it must be modified to perform the injection. It
+cannot (given a properly configured web server) do so if your connection is
+encrypted. In the case of web traffic, `https` URLs with the little lock
+icon in your web browser generally indicates that your communications are
+encrypted, making MITM attacks
+unlikely.
+
+(We're assuming that Comcast won't ask you to install a root CA so that they
+can decrypt your traffic! But that would certainly be noticed, if they did
+so on a large enough scale.)
+
+Not all websites use SSL. Another method is to use encrypted proxies, VPNs,
+or services like like [Tor][tor]. This way, Comcast will not be able to
+read or modify the communications.
+
+See also: [HackerNews discussion][hn]; [original Reddit discussion][reddit].
+
+[verizon]: https://www.eff.org/deeplinks/2014/11/verizon-x-uidh
+[mitm]: https://en.wikipedia.org/wiki/Man-in-the-middle_attack
+[hn]: https://news.ycombinator.com/item?id=10592775
+[reddit]: https://www.reddit.com/r/HuntsvilleAlabama/comments/35v4sn/comcast_is_injecting_bad_javascript_to_your/
+[tor]: https://tor.org/
diff --git a/post/2015-12-09-now-hosting-personal-gnu-social-instance.md b/post/2015-12-09-now-hosting-personal-gnu-social-instance.md
new file mode 100644
index 0000000..918f95f
--- /dev/null
+++ b/post/2015-12-09-now-hosting-personal-gnu-social-instance.md
@@ -0,0 +1,14 @@
+# Now Hosting Personal GNU Social Instance
+
+When I started writing this blog, my intent was to post notices more
+frequently and treat it more like a microblogging platform; but that's not
+how it ended up. Instead, I use this site to write more detailed posts with
+solid references to back up my statements.
+
+[GNU Social](https://gnu.org/software/social/) is a federated social
+network---you can host your own instances and they all communicate with
+one-another. You can find mine at the top of this page under "Notices", or
+at [https://social.mikegerwitz.com/](https://social.mikegerwitz.com/). I
+will be using this site to post much more frequent miscellaneous notices.
+
+<!-- more -->
diff --git a/post/2016-01-24-google-analytics-removed-from-gitlabcom-instance.md b/post/2016-01-24-google-analytics-removed-from-gitlabcom-instance.md
new file mode 100644
index 0000000..ccc3cd6
--- /dev/null
+++ b/post/2016-01-24-google-analytics-removed-from-gitlabcom-instance.md
@@ -0,0 +1,92 @@
+# Google Analytics Removed from GitLab.com Instance
+
+*This was originally written as a guest post for GitLab in November of 2015,
+but they [decided not to publish it][gitlab-merge].*
+
+[gitlab-merge]: https://gitlab.com/gitlab-com/www-gitlab-com/merge_requests/1094
+
+Back in May of of 2015, I [announced GitLab's liberation of their Enterprise
+Edition JavaScript][ggfs] and made some comments about GitLab's course and
+approach to software freedom. In liberating GitLab EE's JavaScript, all
+code served to the browser by GitLab.com's GitLab instance was [Free (as in
+freedom)][free-sw], except for one major offender: Google Analytics.
+
+[ggfs]: https://about.gitlab.com/2015/05/20/gitlab-gitorious-free-software/
+[free-sw]: https://www.gnu.org/philosophy/free-sw.html
+
+Since Google Analytics was not necessary for the site to function, users
+could simply block the script and continue to use GitLab.com
+[ethically][free-sw]. However, encouraging users to visit a project on
+GitLab.com while knowing that it loads Google Analytics is a problem both
+for users' freedoms, and for their privacy.
+
+<!-- more -->
+
+GitLab is more than service and front-end to host Git repositories; it has a
+number of other useful features as well. Using those features, however,
+would mean that GitLab.com is no longer just a mirror for a project---it
+would be endorsed by the project's author, requiring that users visit the
+project on GitLab.com in order to collaborate. For example, if an author
+were to use the GitLab issue tracker on GitLab.com, then she would be
+actively inviting users to the website by telling them to report issues and
+feature requests there.
+
+We cannot realistically expect that anything more than a minority of
+visitors will know how to block Google Analytics (or even understand that it
+is a problem). Therefore, if concerned authors wanted to use those features
+of GitLab, they had to use another hosted instance of GitLab, or host their
+own. But the better option was to encourage GitLab.com to remove Google
+Analytics entirely, so that _all_ JavaScript code served to the users is
+[Free][free-sw].
+
+GitLab has chosen to actively
+[work with the Free Software movement][ggfs]---enough so that they are now
+considered an [acceptable host for GNU projects][gitlab-gnu-criteria]
+according to [GNU's ethical repository criteria][gnu-repo-criteria]. And
+they have chosen to do so again---headed by Sytse Sijbrandij (GitLab
+Inc. CEO), Google Analytics has been removed from the GitLab.com instance
+and replaced with [Piwik][piwik].
+
+## More Than Just Freedom
+This change is more than a commitment to users' freedoms---it's also a
+commitment to users' privacy that cannot be understated. By downloading and
+running Google Analytics, users are being infected with some of the most
+[sophisticated examples of modern spyware][ga-wikipedia]: vast amounts of
+[personal and behavioral data][ga-google] are sent to Google for them to use
+and share as they wish. Google Analytics also tracks users across [many
+different websites][ga-popularity], allowing them to discover your interests
+and behaviors in ways that users themselves may not even know.
+
+GitLab.com has committed to using [Piwik][piwik] on their GitLab instance,
+which [protects users' privacy][piwik-privacy] in a number of very important
+ways: it allows users to opt out of tracking, anonymizes IP addresses,
+retains logs for limited time periods, respects [DoNotTrack][eff-dnt], and
+more. Further, all logs _will be kept on GitLab.com's own servers_, and is
+therefore governed solely by
+[GitLab.com's Privacy Policy][gitlab-privacy]; this means that other
+services will not be able to use these data to analyze users' behavior on
+other websites, and advertisers and others will know less about them.
+
+Users should not have to try to [anonymize themselves][eff-ssd] in
+order to maintain their privacy---privacy should be a default, and a
+respected one at that. GitLab has taken a strong step in the right
+direction; I hope that others will take notice and do the same.
+
+*Are you interested in helping other websites liberate their JavaScript?
+ Consider [joining the FSF's campaign][freejs], and
+ [please liberate your own][whyfreejs]!*
+
+[eff-dnt]: https://www.eff.org/dnt-policy
+[eff-ssd]: http://ssd.eff.org/
+[freejs]: https://fsf.org/campaigns/freejs
+[ga-google]: https://www.google.com/analytics/standard/features/
+[ga-popularity]: http://w3techs.com/technologies/overview/traffic_analysis/all
+[ga-wikipedia]: https://en.wikipedia.org/wiki/Google_Analytics
+[gitlab-featurse]: https://about.gitlab.com/features/
+[gitlab-gnu-criteria]: https://lists.gnu.org/archive/html/repo-criteria-discuss/2015-11/msg00012.html
+[gitlab-privacy]: https://about.gitlab.com/privacy/
+[gnu-repo-criteria]: https://www.gnu.org/software/repo-criteria.html
+[mtg]: http://mikegerwitz.com/
+[piwik]: https://piwik.org/
+[piwik-privacy]: https://piwik.org/privacy/
+[whyfreejs]: https://www.gnu.org/software/easejs/whyfreejs.html
diff --git a/post/2016-02-28-join-me-at-libreplanet-2016-for-my-talk-restore-online-freedom.md b/post/2016-02-28-join-me-at-libreplanet-2016-for-my-talk-restore-online-freedom.md
new file mode 100644
index 0000000..c39ad6d
--- /dev/null
+++ b/post/2016-02-28-join-me-at-libreplanet-2016-for-my-talk-restore-online-freedom.md
@@ -0,0 +1,45 @@
+# Join me at LibrePlanet 2016 for my talk "Restore Online Freedom!"
+
+I will be [speaking at LibrePlanet this year][lp2016] (2016) about freedom
+on the Web. Here's the session description:
+
+[lp2016]: https://www.libreplanet.org/2016/program/
+
+> Imagine a world where surveillance is the default and users must opt-in to
+> privacy. Imagine that your every action is logged and analyzed to learn
+> how you behave, what your interests are, and what you might do next.
+> Imagine that, even on your fully free operating system, proprietary
+> software is automatically downloaded and run not only without your
+> consent, but often without your knowledge. In this world, even free
+> software cannot be easily modified, shared, or replaced. In many cases,
+> you might not even be in control of your own computing -- your actions and
+> your data might be in control by a remote entity, and only they decide
+> what you are and are not allowed to do.
+>
+> This may sound dystopian, but this is the world you're living in right
+> now. The Web today is an increasingly hostile, freedom-denying place that
+> propagates to nearly every aspect of the average users' lives -- from
+> their PCs to their phones, to their TVs and beyond. But before we can
+> stand up and demand back our freedoms, we must understand what we're being
+> robbed of, how it's being done, and what can (or can't) be done to stop
+> it.
+
+<!-- more -->
+
+There are a number of other [great sessions][lp2016] this year from a
+[number of speakers][lp2016s], many well-known. We also have an opening
+keynote from Edward Snowden!
+
+All [FSF associate members get free entry][fsfmember]. If you can't join
+us, the conference will be streamed live. You can also see [videos of past
+talks][lpvideos] on the FSF's self-hosted [GNU MediaGoblin][goblin]
+instance.
+
+Special thanks to the FSF for covering a large portion of my travel
+expenses; I otherwise might not have been able to attend. Thank you to all
+who donated to the conference scholarship fund.
+
+[lp2016s]: https://www.libreplanet.org/2016/program/speakers.html
+[fsfmember]: https://crm.fsf.org/join
+[lpvideos]: https://media.libreplanet.org/
+[goblin]: http://mediagoblin.org/
diff --git a/post/2016-04-02-reddit-suspected-to-have-been-served-with-an-nsl.md b/post/2016-04-02-reddit-suspected-to-have-been-served-with-an-nsl.md
new file mode 100644
index 0000000..6887312
--- /dev/null
+++ b/post/2016-04-02-reddit-suspected-to-have-been-served-with-an-nsl.md
@@ -0,0 +1,37 @@
+# Reddit suspected to have been served with an NSL
+
+It is suspected that Reddit has been [served with an NSL][schneier].
+[National Security Letters (NSLs)][nsl] are subpoena served by the United
+States federal government and often come with a gag order that prevents the
+recipient from even stating that they received the letter.
+
+[schneier]: https://www.schneier.com/blog/archives/2016/04/reddits_warrant.html
+[nsl]: https://en.wikipedia.org/wiki/National_Security_Letter
+
+<!-- more -->
+
+[Warrant canaries][canary] are used to circumvent gag orders by stating
+that requests have *not* been received, under the [legal theory][court]
+that, while courts can compel persons not to speak, they can't compel them
+to lie. [Reddit's canary has died][reddit-report]---the canary is absent
+from their most recent 2015 transparency report, where it was [present in
+the 2014 report][reddit-report-2014].
+
+Does this mean that you should stop using Reddit? No; canaries are an
+important transparency method. If you are worried about your privacy, you
+shouldn't disclose the information to a third party to begin with. Note
+that this includes metadata that are gathered about you when you, for
+example, browse subreddits while logged in. You can help mitigate that by
+[browsing anonymously using Tor][donot], being sure never to log in during
+the same session.
+
+The website [Canary Watch][cw] is a website that tracks warrant canaries.
+
+I'm awaiting further analysis after the weekend.
+
+[canary]: https://en.wikipedia.org/wiki/Warrant_canary
+[cw]: https://www.canarywatch.org/
+[court]: https://gigaom.com/2014/10/10/are-warrant-canaries-legal-twitter-wants-to-save-techs-warning-signal-of-government-spying/
+[reddit-report]: https://web.archive.org/web/20160331210850/https://www.reddit.com/wiki/transparency/2015
+[reddit-report-2014]: https://web.archive.org/web/20160331204815/https://www.reddit.com/wiki/transparency/2014
+[donot]: https://www.whonix.org/wiki/DoNot
diff --git a/post/2016-04-03-facebook-will-use-software-for-the-vr-headset-occulus-rift-to-spy-on-you.md b/post/2016-04-03-facebook-will-use-software-for-the-vr-headset-occulus-rift-to-spy-on-you.md
new file mode 100644
index 0000000..7f8fe4b
--- /dev/null
+++ b/post/2016-04-03-facebook-will-use-software-for-the-vr-headset-occulus-rift-to-spy-on-you.md
@@ -0,0 +1,27 @@
+# Facebook will use software for the VR headset Occulus Rift to spy on you
+
+Anything coming out of Facebook should be [cause for concern][rms-fb]. So,
+naturally, one might be concerned when they decide to get into the virtual
+reality (VR) scene by [purchasing the startup Occulus VR][fb-vr], makers of
+the Occulus Rift VR headset. One can only imagine all the fun ways Facebook
+will be able to track, manipulate, spy on, and otherwise screw over users
+while they are immersed in a virtual reality.
+
+[rms-fb]: https://stallman.org/facebook.html#privacy
+[fb-vr]: http://www.theguardian.com/technology/2014/jul/22/facebook-oculus-rift-acquisition-virtual-reality
+
+Sure enough, we have our first peak: [the software that Facebook has you
+install for the Occulus Rift is spyware][fb-spy], reporting on what
+*unrelated* software you use on your system, your location (including GPS
+data and nearby Wifi networks), the type of device you're using, unique
+device identifiers, your movements while using the VR headset, and more.
+
+[fb-spy]: http://uploadvr.com/facebook-oculus-privacy/
+
+<!-- more -->
+
+This is absurd. Do not play into Facebook's games through temptation of
+cool new technology; reject their terms and see if there's other ways you
+can use the headset without their proprietary spyware. If not, perhaps you
+should ask for a refund, and tell them why.
+
diff --git a/post/2016-04-06-gnu-kwindows.md b/post/2016-04-06-gnu-kwindows.md
new file mode 100644
index 0000000..bd613f2
--- /dev/null
+++ b/post/2016-04-06-gnu-kwindows.md
@@ -0,0 +1,183 @@
+# GNU/kWindows
+
+There has been a lot of talk lately about a most unique combination:
+ [GNU][gnu]---the [fully free/libre][free-sw] operating system---and
+ Microsoft Windows---the [freedom-denying, user-controlling,
+ surveillance system][woe].
+There has also been a great deal of misinformation.
+I'd like to share my thoughts.
+
+[gnu]: https://gnu.org/gnu/gnu.html
+[free-sw]: https://gnu.org/philosophy/free-sw.html
+[woe]: https://www.gnu.org/proprietary/malware-microsoft.en.html
+
+<!-- more -->
+
+Before we can discuss this subject,
+ we need to clarify some terminology:
+We have a [free/libre][free-sw] operating system called [GNU][gnu].
+Usually, it's used with the kernel Linux, and is together called the
+ [GNU/Linux (or GNU+Linux) operating system][gnulinux].
+But that's not always the case.
+For example, GNU can be run with its own kernel, [The GNU Hurd][hurd]
+ (GNU/Hurd).
+It might be run on a system with a BSD kernel (e.g. GNU/kFreeBSD).
+But now, we have a situation where we're taking GNU/Linux, removing Linux,
+ and adding in its place a Windows kernel.
+This combination is referred to as GNU/kWindows (GNU with the Windows kernel
+ added).[^kwindows]
+
+GNU values users' freedoms.
+Windows [does exactly the opposite][woe].
+
+When users talk about the operating system "Linux", what they are referring
+ to is the [GNU operating system][gnu] with the kernel Linux added.
+If you are using the GNU operating system in some form, then many of the
+ programs you are familiar with on the command line are GNU programs:
+ `bash`, `(g)awk`, `grep`, `ls`, `cat`, `bc`, `tr`, `gcc`, `emacs`, and
+ so on.
+But GNU is a fully free/libre Unix replacement, [not just a collection of GNU
+ programs][gnu].
+Linux is the kernel that supports what the operating system is trying to do;
+ it provides what are called system calls to direct the kernel to perform
+ certain actions, like fork new processes or allocate memory.
+This is an important distinction---not only is calling all of this software
+ "Linux" incorrect, but it discredits the project that created a fully
+ free/libre Unix replacement---[GNU][gnu].
+
+This naming issue is so widespread that
+ [most users would not recognize what GNU is][gnu-noheard], even if they
+ are _using_ a [GNU/Linux][gnulinux] operating system.
+I recently read an article that referred to GNU Bash as "Linux's Bash";
+ this is simply a slap in the face to all the hackers that have for the
+ past 26 years been writing what is one of today's most widely used
+ shells on Unix-like systems (including on [Apple's][apple] proprietary
+ Mac OSX), and all the other GNU hackers.
+
+Microsoft and Canonical have apparently been working together to write a
+ subsystem that translates Linux system calls into something Windows will
+ understand---a compatibility layer.
+So, software compiled to run on a system with the kernel Linux will work on
+ Windows through system call translation.
+Many articles are calling this "Linux on Windows".
+This is a fallacy: the kernel Linux is not at all involved!
+What we are witnessing is the [_GNU_ operating system][gnu] running with
+ a Windows kernel _instead_ of Linux.
+
+This is undoubtedly a technical advantage for Microsoft---Windows users want
+ to do their computing in a superior environment that they might be
+ familiar with on [GNU/Linux][gnulinux] or other Unix-like operating
+ systems, like [Apple's][apple] freedom-denying Mac OSX.
+But thinking about it like this is missing an essential concept:
+
+When users talk about "Linux" as the name of the operating system, they
+ avoid talking about [GNU][gnu].
+And by avoiding mention of GNU,
+ they are also avoiding discussion of the core principles upon which GNU is
+ founded---the belief that all users deserve
+ [software granting _four essential freedoms_][free-sw]:
+ the freedom to use the program for any purpose;
+ the freedom to study the program and modify it to suit your needs (or
+ have someone do it on your behalf);
+ the freedom to share the program with others;
+ and the freedom to share your changes with others.
+We call software that respects these four freedoms
+ [_free/libre software_][free-sw].
+
+Free software is absolutely essential:
+ it ensures that _users_,
+ who are the most vulnerable,
+ are in control of their computing---not software developers or
+ corporations.
+Any program that denies users any one of their [four freedoms][free-sw] is
+ _non-free_ (or _proprietary_)---that is, freedom-denying software.
+This means that any non-free software, no matter its features or
+ performance, will [_always_ be inferior to free software][oss] that
+ performs a similar task.
+
+Not everyone likes talking about freedom or the
+ [free software philosophy][free-sw].
+This disagreement resulted in the
+ ["open source" development methodology][oss],
+ which exists to sell the benefits of free software to businesses *without*
+ discussing the essential ideological considerations.
+Under the "open source" philosophy,
+ if a non-free program provides better features or performance,
+ then surely it must be "better",
+ because they have outperformed the "open source" development methodology;
+ non-free software isn't always considered to be a bad thing.
+
+So why would users want to use GNU/kWindows?
+Well, probably for the same reason that they want GNU tools on Mac OSX:
+ they want to use software they want to use, but they also want the
+ technical benefits of GNU that they like.
+What we have here is the ["open source" philosophy][oss]---because if the
+ user truly valued her freedom, she would use a
+ [fully free operating system like GNU/Linux][gnulinux-distros].
+If a user is _already_ using Windows (that is, before considering
+ GNU/kWindows), then she does gain some freedom by installing GNU:
+ she has more software on her system that respects her freedoms,
+ and she is better off because of that.
+
+But what if you're using GNU/Linux today?
+In that case,
+ it is a major downgrade to switch to a GNU/kWindows system;
+ by doing so, you are [surrendering your freedom to Microsoft][woe].
+It does not matter how many shiny features Microsoft might introduce into
+ its [freedom-denying surveillance system][woe];
+ an [operating system that respects your freedoms][gnulinux-distros] will
+ _always_ be a superior choice.
+We would do our best to dissuade users from switching to a GNU/kWindows
+ system for the technical benefits that GNU provides.
+
+So we have a couple different issues---some factual, some philosophical:
+
+Firstly,
+ please don't refer to GNU/kWindows as "Linux on Windows", or any variant
+ thereof;
+ doing so simply propagates misinformation that not only confounds the
+ situation, but discredits the thousands of hackers working on the
+ [GNU operating system][gnu].
+It would also be best if you avoid calling it "Ubuntu on Windows";
+ it isn't a factually incorrect statement---you are running Ubuntu's
+ distribution of GNU---but it still avoids mentioning the
+ [GNU Project][gnu]. If you want to give Ubuntu credit for working with
+ Microsoft, please call it "Ubuntu GNU/kWindows" instead of "Ubuntu".
+By mentioning GNU,
+ users will ask questions about the project,
+ and might look it up on their own.
+They will read about [the free software philosophy][free-sw],
+ and will hopefully begin to understand these issues---issues that they
+ might not have even been aware of to begin with.
+
+Secondly,
+ when you see someone using a GNU/kWindows system,
+ politely ask them why.
+Tell them that there is a _better_ operating system out there---the
+ [GNU/Linux operating system][gnu]---that not only provides those technical
+ features,
+ but also provides the feature of _freedom_!
+Tell them what [free software][free-sw] is,
+ and try to relate it to them so that they understand why it is important,
+ and even practical.
+
+It's good to see more people benefiting from GNU;
+ but we can't be happy when it is being sold as a means to draw users into
+ an otherwise [proprietary surveillance system][woe],
+ without so much as a mention of our name,
+ or [what it is that we stand for][gnu].
+
+[^kwindows]: This name comes from [Richard Stallman][rms], founder of the
+ [GNU Project][gnu].
+
+[hurd]: https://gnu.org/software/hurd/
+[oss]: http://www.gnu.org/philosophy/open-source-misses-the-point.html
+[gnulinux]: https://www.gnu.org/gnu/linux-and-gnu.html
+[gnulinux-distros]: https://www.gnu.org/distros/free-distros.html
+[apple]: https://stallman.org/apple.html
+[rms]: https://www.fsf.org/about/staff-and-board
+[gnu-noheard]: https://gnu.org/gnu/gnu-users-never-heard-of-gnu.html
+
+---
+featured: true
+---
diff --git a/post/2016-05-03-international-day-against-drm-2016.md b/post/2016-05-03-international-day-against-drm-2016.md
new file mode 100644
index 0000000..22f9518
--- /dev/null
+++ b/post/2016-05-03-international-day-against-drm-2016.md
@@ -0,0 +1,88 @@
+# International Day Against DRM 2016
+
+Today is the [10th annual International Day Against DRM][day-drm]---a day
+ where activists from around the world organize events in protest against
+ [Digital Restrictions Management][drm].
+
+[day-drm]: https://www.defectivebydesign.org/dayagainstdrm
+[drm]: https://www.defectivebydesign.org/what_is_drm_digital_restrictions_management
+
+<!-- more -->
+
+DRM is a scheme by which tyrants use [antifeatures][] to lock down what
+ users are able to do with their systems, often cryptographically.
+For example,
+ your media player might tell you how many times you can listen to a song,
+ or watch a video, or read a book;
+ it might [delete books][1984] that you thought you owned;
+ it might require that you are [always online][always-on] when playing a
+ game, and then stop working when you disconnect, or when they decide to
+ stop supporting the game.
+If you try to circumvent these locks,
+ then you might be [called a pirate][pirate] and be thrown in prision under
+ the ["anti-circumvention" privisons of the Digital Millenium Copyright Act
+ (DMCA)][dmca].
+These are all things [that have been long predicated][right-to-read], and
+ are only expected to get worse with time.
+
+That is, unless we take a stand and fight back.
+
+I had the pleasure of participating in
+ the [largest ever protest against the W3C][w3c-protest] and their attempts
+ to introduce DRM as a _web standard_ via the [Encrypted Media Extensions
+ (EME)][eme] proposal.[^photos]
+This event was organized beautifully by Zak Rogoff of the [Free Software
+ Foundation][fsf] and began just outside the Strata Center doors where the
+ W3C was _actively meeting_,
+ and then continued to stop outside the Google and Microsoft offices,
+ both just blocks away.
+We were [joined outside Microsoft][eff-protest] by Danny O'Brien,
+ the EFF's International Director,
+ who stepped out of the W3C meeting to address the protesters.
+
+Afterward, most of us [traveled to the MIT Media Lab][media-lab] where
+ Richard Stallman---who joined us in the protest---sat on a panel along
+ with Danny O'Brien, Joi Ito of the MIT Media Lab, and Harry Halpin of the
+ W3C.
+The W3C was invited to participate in a discussion on EME, but they never
+ showed.
+As a demonstration of the severity of these issues,
+ [Harry Halpin vowed to resign from the W3C][hh-resign] if the EME proposal
+ ever became a W3C Recommendation.
+
+I can say without hesitation that the protest and following discussion were
+ some of the most powerful and memorable events of my life---there is no
+ feeling like being a part of a group that shares such a fundamental
+ passion (and distaste!) for something important.
+
+And it _is_ very important.
+
+[DRM is pervasive][dbd]---the Web is just one corner where it rears its ugly
+ head.
+The [International Day Against DRM][day-drm] gives you and others an
+ excellent opportunity to hold your own protests, demonstrations, and events
+ to raise these issues to others---and to do so as part of an
+ _international group_;
+ to send a strong, world-wide message:
+ a message that it is _not_ acceptable to act as tyrants and treat users as
+ slaves and puppets through use of digital handcuffs and [draconian
+ punishments for circumventing them][dmca].
+
+[^photos]: The EFF has some [great photots][eff-protest]; I'm the one in the
+ hoodie between the giant GNU head and Zak Rogoff.
+
+[antifeatures]: https://www.fsf.org/bulletin/2007/fall/antifeatures/
+[lp2016]: https://libreplanet.org/2016/
+[w3c-protest]: https://www.defectivebydesign.org/from-the-web-to-the-streets-protesting-drm
+[eme]: https://w3c.github.io/encrypted-media/
+[eff-protest]: https://w3c.github.io/encrypted-media/
+[w3c]: https://www.w3.org/
+[fsf]: https://fsf.org/
+[media-lab]: https://motherboard.vice.com/read/we-marched-with-richard-stallman-at-a-drm-protest-last-night-w3-consortium-MIT-joi-ito
+[hh-resign]: https://www.defectivebydesign.org/blog/w3c_staff_member_pledges_resignation_if_drm_added_web_standards
+[dmca]: https://www.eff.org/issues/dmca
+[dbd]: https://www.defectivebydesign.org/
+[1984]: https://www.defectivebydesign.org/amazon-kindle-swindle
+[always-on]: https://en.wikipedia.org/wiki/Always-on_DRM
+[right-to-read]: https://www.gnu.org/philosophy/right-to-read.en.html
+[pirate]: https://www.eff.org/deeplinks/2015/02/go-prison-sharing-files-thats-what-hollywood-wants-secret-tpp-deal
diff --git a/post/2016-07-16-cfaa-authorized-access-and-common-sense.md b/post/2016-07-16-cfaa-authorized-access-and-common-sense.md
new file mode 100644
index 0000000..ccfab06
--- /dev/null
+++ b/post/2016-07-16-cfaa-authorized-access-and-common-sense.md
@@ -0,0 +1,55 @@
+# CFAA, "Authorized" Access, and Common Sense
+
+There is little common sense to be had with the [Computer Fraud and Abuse
+ Act][cfaa] (CFAA) to begin with.
+To add to the confusion,
+ the Ninth Circuit Court of Appeals last week held 2-1 in [United States
+ v. Nosal][uvn] that accessing a service using someone else's
+ password---even if that person gave you permission to do so---[violates
+ the CFAA][cfaa-passwd],
+ stating that only the _owner_ of a computer can give such authorization.
+This is absurd even with complete lack of understanding of what the law is:
+ should your spouse be held criminally liable for paying your bills online
+ using your account?
+
+[cfaa]: https://www.eff.org/issues/cfaa
+[uvn]: https://www.eff.org/cases/u-s-v-nosal
+[cfaa-passwd]: https://www.eff.org/deeplinks/2016/07/ever-use-someone-elses-password-go-jail-says-ninth-circuit
+
+Common sense says no.
+
+<!-- more -->
+
+In another case this week---[Facebook v. Power Ventures][fvp]---the same
+ court (though a different panel of judges) stepped back from the original
+ decision and stated that computer _users_ can indeed provide
+ authorization.
+This authorization holds even if the service's Terms of Service say
+ otherwise.
+Yet: the computer owner (in this case, Facebook) can revoke authorization,
+ which takes precedence over any authorization provided by a user of that
+ system.
+So with a seemingly magical incantation,
+ a benign situation can be made into a federal crime,
+ just like that.
+
+These situations highlight dangerous confusion over the interpretation of an
+ already dangerously vague law.
+The CFAA is the law that was used to prosecute Aaron Swartz for federal
+ "crimes"---with a punishment of up to thirty-five years in prison---for
+ liberating documents hosted on JSTOR.
+Because of this [draconian threat][eff-punish],
+ [Aaron committed suicide][aaron] on January 11th, 2013.
+
+The CFAA already has blood on its hands;
+ it needs to be reined _in_,
+ not be given further broad powers.
+So don't take news of the decisions in US v. Nosal and Facebook v. Power
+ Ventures as canceling one-another out;
+ things may appear the same for now,
+ but serious problems still need to be resolved.
+
+[cfaa-back]: https://www.eff.org/deeplinks/2016/07/ninth-circuit-panel-backs-away-dangerous-password-sharing-decision-creates-even
+[fvp]: https://www.eff.org/cases/facebook-v-power-ventures
+[eff-punish]: https://www.eff.org/deeplinks/2013/02/rebooting-computer-crime-part-3-punishment-should-fit-crime
+[aaron]: https://www.eff.org/deeplinks/2013/01/farewell-aaron-swartz
diff --git a/post/2016-07-29-election.md b/post/2016-07-29-election.md
new file mode 100644
index 0000000..17a0bde
--- /dev/null
+++ b/post/2016-07-29-election.md
@@ -0,0 +1,41 @@
+# "Election"
+
+The past few days of the DNC have demanded pause. I am an Independent. I
+do not like Hillary Clinton. I am a Bernie supporter, and I was upset by his
+endorsement of Hillary. I had vowed not to vote for Hillary; I would
+instead vote for Jill Stein. The DNC, while very well done with a deeply
+compelling facade, has not changed my perspective on Clinton.
+
+It is perhaps said best by Bernie himself: "It's easy to boo, but it's
+harder to look your kids in the face who would be living under a Donald
+Trump presidency". The conflict here is between my deep ideologies and
+reality. It's often said that a vote for Hillary is a vote against Trump;
+such a perspective would shallow and purposeless. But this isn't an
+election for president---this is the most threatening assault on everything
+I stand for that I hope I will ever witness in my lifetime. To stand for
+ideological purity would be to stand atop a mountain while the world around
+me burns. This is why Bernie chose to unite.
+
+Should Trump win, my ideals that seem within reach could be blown back
+decades. As a matter of strategy, I cannot justify _not_ swallowing every
+ounce of my pride. Hillary's presidency is an unfortunate but necessary
+consequence of the only permissible outcome. I am not electing a president
+of the United States. I am electing _a United States_.
+
+<!-- more -->
+
+So I am doing what I never thought I would do: proposing that others too
+factor this obscene equation and recognize how the very few remaining
+variables affect the result. My ideals continue to exist in part and in
+spirit with Hillary as president. With Trump, they are all but
+vanquished. Donald Trump must not be elected president of the United
+States. When (and if) you vote, think of it as a shot fired, not as a vote
+cast.
+
+"Election".
+
+More information about my opinions on this topic can be found
+[here][social-1] and [here][social-2].
+
+[social-1]: https://social.mikegerwitz.com/conversation/21864
+[social-2]: https://social.mikegerwitz.com/conversation/22026
diff --git a/post/2016-08-25-nso-group-pegasus-tridentios-exploits-targeting-human-rights-activist.md b/post/2016-08-25-nso-group-pegasus-tridentios-exploits-targeting-human-rights-activist.md
new file mode 100644
index 0000000..37125c4
--- /dev/null
+++ b/post/2016-08-25-nso-group-pegasus-tridentios-exploits-targeting-human-rights-activist.md
@@ -0,0 +1,103 @@
+# NSO Group, Pegasus, Trident---iOS Exploits Targeting Human Rights Activist
+
+[Citizen Lab released a report][cl] describing the attempted use of iOS
+ 0-days on human rights activist [Ahmed Mansoor][] by the United Arab
+ Emirates.
+They named this chain of exploits _Trident_,
+ and with the help of [Lookout Security][paper],
+ were able to analyze them.
+
+It begins with [arbitrary code execution (CVE-2016-4655)][4655] by
+ exploiting a memory corruption vulnerability in WebKit,
+ which downloads a payload unknown to the user.
+That payload is able to bypass KASLR and [determine the kernel memory
+ location (CVE-2016-4656)][4656],
+ then allowing it to exploit a [memory corruption vulnerability in the
+ kernel itself (CVE-2016-4657)][4657];
+ this "jailbreaks" the device and is a complete compromise of the system.
+
+[cl]: https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/
+[Ahmed Mansoor]: https://en.wikipedia.org/wiki/Ahmed_Mansoor
+[paper]: https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf
+[4655]: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4655
+[4656]: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4656
+[4657]: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-4657
+
+<!-- more -->
+
+This payload is [Pegasus][paper],
+ a complex surveillance tool sold to governments,
+ often used for espionage.
+In this case,
+ Monsoor received a suspicious text message and wisely [tipped off Citizen
+ Lab][cl] rather than opening the presented link.
+Had he done so,
+ he would have unknowingly downloaded this spyware that could very well
+ have put his life in extreme danger:
+ it has the capability to track his location;
+ record his calls and texts;
+ record communications through software like WhatsApp and Skype;
+ download his contact information;
+ grab passwords and encryption keys from his keyring;
+ and much more.
+
+This malware was written by [NSO Group][],
+ which is so poorly known that their [Wikipedia page didn't even exist
+ until today][nso-wikipedia].
+The software company is based in Israel,
+ founded in 2010 by Niv Carmi, Omri Lavie, and Shalev Hulio.
+They were purchased in 2014 by [Francisco Partners][],
+ a private equity firm in the United States,
+ for $110 million.
+They exist to sell exploits to governments.
+
+Anyone familiar with security research is aware of [responsible
+ disclosure][]:
+ it is a model whereby researchers who discover a vulnerability
+ release their research publicly only _after_ they notify the authors
+ of the software,
+ and a patch mitigating the vulnerability has been released.
+This is what Citizen Lab did---Apple [fixed the vulnerability][apple] in
+ iOS 9.3.5.[^rms-apple]
+This is not what NSO Group does:
+ Instead, they horde their exploits[^0day] and sell them to governments as
+ weapons for surveillance or espionage.
+In this case,
+ the United Arab Emirates (or so it seems).
+This is not only unethical,
+ but to sell to a government that is known for this type of abuse is
+ inexcusable and negligent---the people behind NSO Group are absolute
+ scum.[^scum]
+They are empowering a foreign government known for their civil and human
+ rights abuses.
+I have trouble finding words.
+
+There is much more that can be said on this topic with respect to security,
+ civil and human rights,
+ and various other topics.
+But I don't want to distract from the topic at hand.
+Let this sink in.
+Read the [Citizen Lab][cl] report and the [paper by Lookout Security][paper].
+Today I leave my soapbox be.
+
+[NSO Group]: https://en.wikipedia.org/wiki/NSO_Group
+[nso-wikipedia]: https://en.wikipedia.org/w/index.php?title=NSO_Group&action=history
+[Francisco Partners]: https://en.wikipedia.org/wiki/Francisco_Partners
+[responsible disclosure]: https://en.wikipedia.org/wiki/Responsible_disclosure
+[apple]: https://support.apple.com/en-us/HT207107
+
+[^rms-apple]: I [can't recommend that you use Apple
+ devices](https://stallman.org/apple.html), but if you do, you
+ should upgrade immediately;
+ you are vulnerable to exploitation by simply visiting a
+ malicious webpage.
+
+[^0day]: Called 0-days,
+ because they haven't been disclosed and there has been no time to
+ prepare or release a fix.
+
+[^scum]: For other scum, see the organization behind [FinFisher][]; and the
+ group [Hacking Team][].
+
+[FinFisher]: https://en.wikipedia.org/wiki/FinFisher
+[Hacking Team]: https://en.wikipedia.org/wiki/Hacking_Team
diff --git a/post/2017-05-16-self-discovery-before-the-internet.md b/post/2017-05-16-self-discovery-before-the-internet.md
new file mode 100644
index 0000000..3e66a1f
--- /dev/null
+++ b/post/2017-05-16-self-discovery-before-the-internet.md
@@ -0,0 +1,79 @@
+# Self-Discovery Before the Internet
+
+This is an autobiographical opinion piece prompted by [a HackerNews
+post][hn] discussing what it was like to learn programming before Stack
+Overflow (and other parts of the Internet).
+
+[hn]: https://news.ycombinator.com/item?id=14339293
+
+<!-- more -->
+
+I'm not old. I was born in 1989. I started programming around 1999. The
+Internet sure did exist back then, but I was 10, and my parents weren't keen
+on having me just go exploring. Besides, it was dial-up---you couldn't go
+search real quick; especially if someone was on the phone. Using the
+Internet was an _event_, and an exciting one at that, listening to those
+dial tones, logging in using that old Prodigy dialog. Back then you had
+Dogpile and Ask Jeeves. Most sites I'd visit by name; usually that was
+GameFAQs or CNET download.com, because those are the sites my friend told me
+about when he introduced me to the Internet.
+
+I'm entirely self-taught. I didn't know any programmers. I didn't have
+contact with any. I told my parents that I wanted to learn how to program
+and they skeptically brought me to Barnes and Noble where we picked out
+Learn to Program with Visual Basic 6 by John Smiley (*gasp* yes I started as
+a Windows programmer). It came with a VB6 CD that for a while I was
+convinced could only run the book examples, because I had no idea what I was
+doing. I struggled. I tinkered. Hacker culture was on the complete
+opposite end of where I was, but by the time I discovered it years later, I
+felt like I finally found myself---I finally discovered who I was. The
+struggle made me a hacker.
+
+It's easy to half-ass it today. It's easy to simply say "eh I can Google
+it" and forego committing knowledge. But it also makes it easy to gain
+knowledge, for those who do care to do so. It makes trivia easy. It makes
+discovery easy. It also exposes people to subcultures quickly and
+demands conformance to stereotypes and norms before one can discover
+_themselves_. Who would I be today without having to struggle for myself
+rather than someone else _telling_ me who I am, and what I do?
+
+This is more than just technical knowledge. This is the difference between
+dropping a child off in the wild or dropping them off at the local
+scouts. And at least scouts will discover themselves together. With the
+Internet, you absorb a body of existing knowledge; you _rediscover others_,
+not yourself. You often read blogs containing opinions of others, not books
+or manuals.
+
+That's not to say that you can't learn on your own. Many still do. Many
+focus on manuals and books and source code rather than social media. It's
+sure hard, though, when everything is integrated as such. Social media
+can be beneficial---you do want communication and collaboration. I sure as
+hell want to communicate with others. Opinions of others are deeply
+important too. Some of the best things I've read are on blogs, not in
+books. But I've already found my niche. I've found myself. I wasn't
+tainted or manipulated---I learned in a world of proprietary software where
+developing license systems was fun and emerged a free software
+activist. Because I was forced to look inward, not post on Stack Overflow
+or HN or Reddit expecting a hand-guided tour or `dd` of thoughts (okay,
+you're not getting that on HN).
+
+Not everyone needs to be a passionate hacker or developer. Really, the
+world needs both. And based on what I've seen being pumped out of schools
+and universities, the self-taught are generally better off either way. The
+vast resources available to modern programmers make many tasks easier and
+cheaper, though it also increases maintenance costs if all the programmer is
+doing is using code snippets or concepts without actually grokking
+them. But this is what most of the world runs off of.
+
+Let yourself struggle. Go offline. Sit down with a print book and get out
+a pen and take notes in the margin, write out your ideas. Getting syntax
+errors in your editor or REPL? Figure it out! Or maybe consult the manual,
+or the book you're reading. Don't search for the solution. When I learned
+Algebra in middle school, I had little interest, and forgot all of
+it. Years later, I needed it as a foundation for other things. I
+discovered the rules for myself on pen and paper. Not only do I remember it
+now (or can rediscover on a whim), but I understand _why_ it works the way
+it does. I've had those epiphanies. It's easy to miss the forest for the
+trees when you don't gain that essential intuition to help yourself
+out. And the forest is vast and beautiful.
+
diff --git a/post/2017-06-03-gnu-is-more-than-a-collection-of-software.md b/post/2017-06-03-gnu-is-more-than-a-collection-of-software.md
new file mode 100644
index 0000000..89b76e2
--- /dev/null
+++ b/post/2017-06-03-gnu-is-more-than-a-collection-of-software.md
@@ -0,0 +1,35 @@
+# GNU is more than a collection of software
+
+GNU is more than just a collection of software; it is an operating system:
+
+ [https://www.gnu.org/gnu/thegnuproject.html]()
+
+Many hackers and activists within the free software community don't
+understand this well, and it's a shame to see attacks on GNU's relevance (as
+measured by programs written by GNU on a given system) going
+unchallenged. Software for GNU was written by the GNU Project when a
+suitable free program was not available. It wouldn't have made sense to
+write everything from scratch if free programs already solved the problem.
+
+<!-- more -->
+
+When we say GNU/Linux, we really are referring to the GNU operating system
+that just happens to be using Linux. It could be using the FreeBSD kernel
+([GNU/kFreeBSD][]). It could be using a Windows kernel with a Linux API
+([GNU/kWindows][]). It could be using the [Hurd][] ([GNU/Hurd][]). The
+disambiguation is important, but the end result is pretty much the same.
+
+There are many systems that use Linux that are not GNU. Android is not GNU,
+for example. We shouldn't attempt to call those systems "GNU/Linux"
+blindly. (Also note how it's called "Android", not "Android/Linux", or just
+"Linux". Somehow GNU is controversial, though.)
+
+So if you see someone challenging GNU's relevance because GNU/Linux contains
+so much software that isn't part of a GNU package, then please provide the
+above link, and kindly explain to them that their observation is correct,
+because GNU is an operating system, not a collection of programs.
+
+[GNU/kFreeBSD]: https://en.wikipedia.org/wiki/Debian_GNU/kFreeBSD
+[GNU/kWindows]: https://mikegerwitz.com/2016/04/GNU-kWindows
+[Hurd]: https://www.gnu.org/software/hurd/
+[GNU/Hurd]: https://www.debian.org/ports/hurd/
diff --git a/post/2017-06-24-russia-wants-to-review-source-code-of-western-security-software.md b/post/2017-06-24-russia-wants-to-review-source-code-of-western-security-software.md
new file mode 100644
index 0000000..b54c6e1
--- /dev/null
+++ b/post/2017-06-24-russia-wants-to-review-source-code-of-western-security-software.md
@@ -0,0 +1,79 @@
+# Russia wants to review source code of Western security software
+
+Reuters [released an article][0] entitled "Under pressure, Western tech
+ firms bow to Russian demands to share cyber secrets".
+Should Russia be permitted to do so?
+Should companies "bow" to these demands?
+
+I want to draw a parallel to another highly controversial case regarding
+ access to source code:
+ the [Apple v. FBI][2] case early last year.
+For those who don't recall,
+ one of the concerns was the government trying to compel Apple to make
+ changes to iOS to permit brute forcing the San Bernardino attacker's
+ PIN;
+ this is a [violation of First Amendment rights][3] (compelled speech),
+ and this afforded Apple strong support from even communities that
+ otherwise oppose them on nearly all other issues.
+The alternative was to have the FBI make changes to the software instead of
+ compelling Apple to do so,
+ which would require access to the source code of iOS.
+
+[0]: http://www.reuters.com/article/us-usa-russia-tech-insight-idUSKBN19E0XB
+[2]: https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_dispute
+
+<!-- more -->
+
+Becuase of the hostility toward the FBI in this case,
+ even many in the [free software community][4] took the stance that the FBI
+ being able to modify the software would set terrible precedent.
+But that's missing the point a bit.
+Being able to modify software doesn't give you the right to install it on
+ others' devices;
+ the FBI would have had to compell Apple to release their signing keys
+ as well---_that_ is a dangerous precedent.
+If the government compelled Apple to made changes themselves,
+ _that_ is dangerous precedent.
+
+"Cyber secrets" in the above title refers to source code to software written
+ by companies like Cisco, IBM, SAP, and others;
+ secrets that can only exist in proprietary software that
+ [denies users the right to inspect, modify, and share][1] the software
+ that they are running.
+
+For those who agree with the free software philosophy,
+ it's important to remove consideration of _who_ is trying to exercise their
+ [four freedoms][1].
+In the case of the FBI,
+ from a free software perspective,
+ of course they should be able to modify the software---we
+ believe that _all_ software should be free!
+ (But that doesn't mean they should be able to install it on _someone
+ else's_ device.)
+In the context of this article by Reuters:
+ Russia doesn't have to ask to examine software that is free/libre.
+ And if they did, it shouldn't be a concern;
+ restricting who can use and examine software is [a slippery slope][5].
+
+Unfortunately, not all software is free/libre.
+But if we extend the free software philsophy---there
+ should be no _ethical_ concerns with a foreign power wanting to inspect
+ proprietary source code.
+But proprietary software might have something of concern to hide:
+ it might be something malicious like a backdoor,
+ or it might be something like a lack of security or poor development
+ practices;
+ [proprietary software exists only to keep secrets][6], after all.
+
+If Russia has to ask to inspect source code for security software,
+ you probably do too.
+And if that's the case,
+ the security being provided to you is merely a facade.
+It's not Russia to be suspicious of for asking---it's
+ the companies that keep secrets to begin with.
+
+[1]: https://www.gnu.org/philosophy/free-software-even-more-important.html
+[3]: https://www.eff.org/deeplinks/2016/03/deep-dive-why-forcing-apple-write-and-sign-code-violates-first-amendment
+[4]: https://www.gnu.org/philosophy/free-sw.en.html
+[5]: https://www.gnu.org/philosophy/programs-must-not-limit-freedom.html
+[6]: https://www.gnu.org/proprietary/proprietary.html
diff --git a/post/2017-06-27-dont-force-me-to-use-your-tools-on-the-web.md b/post/2017-06-27-dont-force-me-to-use-your-tools-on-the-web.md
new file mode 100644
index 0000000..5cfdbf7
--- /dev/null
+++ b/post/2017-06-27-dont-force-me-to-use-your-tools-on-the-web.md
@@ -0,0 +1,85 @@
+# Don't force me to use your tools [on the Web]
+
+There was an interesting discussion on [libreplanet-discuss][] recently
+ regarding web interfaces.
+Below is a rather informal off-the-cuff statement regarding the use of Web
+ interfaces (specificlaly Discourse) over my own tools.
+
+[libreplanet-discuss]: https://lists.gnu.org/archive/html/libreplanet-discuss/2017-06/msg00032.html
+
+<!-- more -->
+
+-----
+
+I live a huge chunk of my life in my mail client
+ (which happens to be my editor as well).
+It's scripted,
+ heavily customized,
+ and integrated with other things.
+I do task management with Org mode,
+ which integrates simply but well enough with Gnus.
+I can use my editor keybindings and such when composing messages.
+The same goes with my IRC client.
+I never have to leave home, if you will.
+
+Contrast that with websites:
+ if I have to write anything substantial,
+ I often have to write it in my editor first and paste it in.
+
+Many of us hackers don't care for flashy interfaces;
+ we'd rather use the tools we've invested our lives into and know well.
+ Tools that can compose and work well in pipelines.
+Trying to use interfaces that reinvent the wheel poorly is painful.
+And let's not be fooled---these are programs.
+Especially when they're heavy on JavaScript.
+There's no difference between this and someone asking me to download Foo and
+ put my Emacs toy away, as cute as it is.
+
+But I know that many people don't feel that way.
+I have coworkers that think I'm crazy (respectfully so).
+And I think they're crazy too. ;)
+Admittedly, using your own tools is a large barrier to entry---my
+ tools are useful because I've spent a great deal of time learning and
+ researching and customizing.
+And now I can reuse them for everything.
+For your average user looking to get into activism,
+ who may not even be a programmer,
+ that's a bit different;
+ it's easier to say "here's your single tool (Web)---go use it".
+
+There are systems that allow for a level of integration
+ (e.g. mailing lists and forums).
+But they're often treated as fallbacks---as second-class citizens.
+They might provide a subset of features;
+ it leaves certain members of the community out---those
+ who want to use their own tools.
+
+I haven't used Discourse.
+I do see "mailing list support";
+ maybe that's a good sign.
+But one of the phrases at the top of the features page is
+ "[w]e're reimagining what a modern discussion platform should
+ be".
+Many of us don't want to see it reimagined.
+That's the opposite of what many want.
+
+Trying to strike a balance isn't a bad thing if that's the audience
+ we're looking to attract.
+But it's difficult,
+ and something I struggle with a great deal.
+
+-----
+
+tl;dr:
+ Asking someone to use an interface on the Web is asking them to use
+ /your/ program instead of their own.
+ Be respectful by using [Web standards for accessibility][accessibility];
+ [progressive enhancement][];
+ and make use of well-established standards with rich histories,
+ especially if your audience makes use of them
+ (e.g. mailing lists, RSS feeds, federation standards, etc).
+
+Thank you.
+
+[accessibility]: https://en.wikipedia.org/wiki/Web_accessibility
+[progressive enhancement]: https://en.wikipedia.org/wiki/Progressive_enhancement
diff --git a/post/2018-01-05-the-ethics-void-join-me-at-libreplanet-2018.md b/post/2018-01-05-the-ethics-void-join-me-at-libreplanet-2018.md
new file mode 100644
index 0000000..96fc0bd
--- /dev/null
+++ b/post/2018-01-05-the-ethics-void-join-me-at-libreplanet-2018.md
@@ -0,0 +1,40 @@
+# The Ethics Void: Join Me at LibrePlanet 2018!
+
+I got word today that I'll be speaking again at this year's [LibrePlanet][]!
+I was going to attend even if I were not speaking,
+ but I'm very excited to be able to continue to build off of last year's
+ talk and further my activism on these topics.
+
+[LibrePlanet]: https://libreplanet.org/2018/
+
+The title of this year's talk is _The Ethics Void_.
+Here's a rough abstract:
+
+<!-- more -->
+
+> Medicine, legal, finance, journalism, scientific research—each of these
+> fields and many others have widely adopted codes of ethics governing the
+> lives of their professionals. Some of these codes may even be enshrined in
+> law. And this is for good reason: these are fields that have enormous
+> consequences.
+
+> Software and technology pervade not only through these fields, but through
+> virtually every aspect of our lives. Yet, when compared to other fields, our
+> community leaders and educators have produced an ethics void. Last year, I
+> introduced numerous topics concerning #privacy, #security, and #freedom that
+> raise serious ethical concerns. Join me this year as we consider some of
+> those examples and others in an attempt to derive a code of ethics that
+> compares to each of these other fields, and to consider how leaders and
+> educators should approach ethics within education and guidance.
+
+(My previous talks can be found on my ["Talks" page][talks].)
+
+For this talk,
+ I want to solicit the community at various points.
+I know what _I_ want to talk about,
+ but what are some of the most important ethical issues to _you_?
+Unfortunately there's far too much to fit into a 40-minute talk!
+Feel free to send me an e-mail or reply to the [thread on GNU Social][thread].
+
+[talks]: /talks
+[thread]: https://social.mikegerwitz.com/conversation/99140
diff --git a/post/2018-01-08-meltdown-spectre-and-the-web.md b/post/2018-01-08-meltdown-spectre-and-the-web.md
new file mode 100644
index 0000000..9e4f73f
--- /dev/null
+++ b/post/2018-01-08-meltdown-spectre-and-the-web.md
@@ -0,0 +1,44 @@
+# Meltdown/Spectre and the Web
+
+The recently-released [Meltdown][] and [Spectre][] CPU timing attacks
+ affect virtually every user in some way;
+ the consequences are profound.
+There are plenty of good write-ups on the topic,
+ so I don't feel the need to re-iterate the technical details here.
+(See an easily digestible one [from the Raspberry Pi][rpi] project, and an
+ in-depth analysis [from Project Zero][zero].)
+
+[Meltdown]: https://meltdownattack.com/
+[Spectre]: https://spectreattack.com/
+[rpi]: https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/
+[zero]: https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
+
+What I do want to draw attention to is that these attacks [are exploitable
+ via web browsers][mozilla].
+
+[mozilla]: https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
+
+<!-- more -->
+
+The reason for this is that your web browser,
+ by default,
+ automatically downloads and executes programs without your knowledge or
+ consent.
+Most commonly,
+ web pages embed software in the form of JavaScript code.
+Because of the features available in modern JavaScript environments,
+ CPU cache timing attacks are possible.
+
+[I spoke about the security issues][lp2016] of running these programs in your web
+ browser back in 2016---it
+ was a bad idea then,
+ and it's still a bad idea now.
+[I spoke further of privacy issues][lp2017] last year at LibrePlanet 2017.
+I encourage you to use extensions like [NoScript][] to block the execution of
+ JavaScript by default,
+ and stop random people from treating your computer as a puppet to do
+ their own bidding.
+
+[lp2016]: https://media.libreplanet.org/u/libreplanet/collection/restore-online-freedom/
+[lp2017]: https://media.libreplanet.org/u/libreplanet/m/the-surreptitious-assault-on-privacy-security-and-freedom/
+[NoScript]: http://noscript.net/
diff --git a/post/2018-04-15-when-talking-about-mobile-tracking-dont-veil-bad-actors-with-blanket-statements.md b/post/2018-04-15-when-talking-about-mobile-tracking-dont-veil-bad-actors-with-blanket-statements.md
new file mode 100644
index 0000000..c926bce
--- /dev/null
+++ b/post/2018-04-15-when-talking-about-mobile-tracking-dont-veil-bad-actors-with-blanket-statements.md
@@ -0,0 +1,60 @@
+# When Talking About Mobile Tracking, Don't Veil Bad Actors With Blanket Statements
+
+It's difficult to have useful conversations about mobile tracking when
+ someone says "your phone / mobile device tracks you";
+ such statements don't often lead to constructive conversation because they
+ are too vague and therefore easily dismissed as sensationalism or
+ paranoia.
+ And they are all too often without substance because,
+ while users do have legitimate concerns,
+ they aren't necessarily aware of the specific problems contributing to
+ those concerns.
+
+<!-- more -->
+
+A mobile device is nothing more than a small computer that you carry around
+ with you.
+The networks that you connect to can spy on you---your
+ cellular network, bluetooth, wifi, etc.
+To help mitigate these threats,
+ you can disable those communications until you are in a safe place that
+ you don't mind others knowing about.
+We can only have confidence that these connections have been disabled by
+ physical means,
+ like a hardware switch or a bag that acts like a Faraday cage.
+[iOS deceives users][ios-deceive] when they ask to disable those communications
+ for example.
+
+The software running on your device often spies on you:
+ the operating system itself often spies;
+ the apps you install often spy.
+This is the fault of the individual _authors_---_they_
+ are the problem.
+Consider using free/libre software that empowers you and serves _you_ rather
+ than its creators;
+ it's much harder to hide secrets in free software.
+On Android,
+ consider using only free software available in [F-Droid][].
+We also need fully free mobile operating systems,
+ like [Replicant][] and hopefully Purism's Librem 5 that is still under
+ development.
+Don't be fooled into thinking the Android on most phones is free
+ software---only
+ its core (AOSP) is.
+
+Call out those that do harm---don't
+ veil and protect them using statements like "your phone tracks you".
+Talk about the specific issues.
+Demand change and have the courage to reject them entirely.
+This involves inconvenience and sacrifice.
+But if we're strong now,
+ then in the near future perhaps we won't have to make any sacrifices,
+ much like the fully free GNU/Linux system desktops we have today.
+
+Fore more information on tracking,
+ see my [LibrePlanet 2017 and 2018 talks](/talks) "The Surreptitious Assault on Privacy,
+ Security, and Freedom" and "The Ethics Void", respectively.
+
+[F-Droid]: https://f-droid.org
+[ios-deceive]: https://web.archive.org/web/20170922011748/https://support.apple.com/en-us/HT208086
+[Replicant]: https://replicant.us
diff --git a/post/2018-09-06-libreplanet-2019-will-be-march-23-24-in-boston-ma.md b/post/2018-09-06-libreplanet-2019-will-be-march-23-24-in-boston-ma.md
new file mode 100644
index 0000000..5775e2a
--- /dev/null
+++ b/post/2018-09-06-libreplanet-2019-will-be-march-23-24-in-boston-ma.md
@@ -0,0 +1,28 @@
+# LibrePlanet 2019 will be March 23--24 in Boston, MA
+
+It's already time to start thinking about LibrePlanet 2019, which will be
+March 23--24 in the Greater Boston Area in MA:
+
+[https://libreplanet.org/2019/]()
+
+This is the one event that I must make it to each year, and I encourage
+everyone to attend and see the faces of many that are at the heart of the
+free software community.
+
+<!-- more -->
+
+Consider [submitting a session][submit]! Or, if you can't make it but plan
+on watching online, maybe help someone else attend by [contributing to the
+travel fund][travel-fund]. The call for sessions ends October 26th.
+
+I'll be attending again this year, and I plan on submitting a session
+proposal. I won't have the time to do [my 100+hr research talks like the
+past couple years][talks], so maybe I'll fall back on something more
+technical that I won't have to research.
+
+It's still a ways off, but if you do plan on attending, do let me know so I
+can say hello!
+
+[submit]: https://my.fsf.org/lp-call-for-sessions
+[travel-fund]: https://my.fsf.org/civicrm/contribute/transact?reset=1&id=60
+[talks]: /talks/
diff --git a/post/2018-10-05-webmasters-please-dont-block-tor.md b/post/2018-10-05-webmasters-please-dont-block-tor.md
new file mode 100644
index 0000000..ee78c3a
--- /dev/null
+++ b/post/2018-10-05-webmasters-please-dont-block-tor.md
@@ -0,0 +1,66 @@
+# Webmasters: Please, Don't Block Tor
+
+[Tor][] is a privacy and anonymity tool that [helps users to defend
+ themselves][tor-about] against traffic analysis online.
+Some people, like me, use it as an important tool to help defend against
+ [various online threats to privacy][sapsf].
+[Others use it][tor-users] to avoid censorship,
+ perhaps by the country in which they live.
+Others use it because their lives depend on it---they
+ may live under an oppressive regime that forbids access to certain
+ information or means of communication.
+
+[Tor]: https://www.torproject.org/
+[tor-about]: https://www.torproject.org/about/overview.html.en#whyweneedtor
+[tor-users]: https://www.torproject.org/about/torusers.html.en
+[sapsf]: /talks/sapsf
+
+Unfortunately, some people also hide behind Tor to do bad things,
+ like attack websites or commit fraud.
+Because of this,
+ many website owners and network administrators see Tor as a security threat,
+ and choose to block Tor users from accessing their website.
+
+<!-- more -->
+
+But in doing so,
+ you aren't just keeping out some of the malicious users:
+ you're also keeping out those who [use Tor for important, legitimate
+ reasons][tor-users].
+Malicious users have other means to achieve anonymity and often have the
+ skill and understanding to do so.
+But average Tor users aren't necessarily technology experts,
+ and certainly don't have the extra (often maliciously-acquired) resources
+ that bad actors do,
+ so they are disprortionally affected by blocks.
+
+A particularly unsettling problem I often encounter is that a website will
+ outright prohibit access by Tor users _even on read-only resources like
+ articles or information_.
+I've even seen this on informational resources on United States Government
+ domains!
+Blocking access to interactive website features---like
+ posting comments or making purchases---can
+ be understandable,
+ or maybe even necessary sometimes.
+For example,
+ Wikipedia prohibits page edits over Tor.
+But Wikipedia _does not block reading_ over Tor.
+
+If you are considering threats that may mask themselves behind Tor and you
+ are running a blog, news site, or other informational resource,
+ please, consider how your actions [may affect innocent
+ users][tor-users].
+Allow users to read over Tor,
+ even if you decide to prohibit them from interacting.
+
+For users of Tor who do find themselves stuck from time to time:
+ I will often prepend `https://web.achive.org/` to the URL of a page that
+ is blocked,
+ which allows me to view the page in the Internet Archive's [Wayback
+ Machine][].
+For example,
+ to view my website in the Wayback Machine,
+ you'd visit `https://web.archive.org/https://mikegerwitz.com/`.
+
+[Wayback Machine]: https://web.archive.org/
diff --git a/src/404.htm b/src/404.htm
new file mode 100644
index 0000000..9bc5967
--- /dev/null
+++ b/src/404.htm
@@ -0,0 +1,28 @@
+<article>
+ <h1>Page Not Found (404)</h1>
+
+ <p>
+ The page you requested cannot be found&mdash;it may have been removed
+ or you may have stumbled across a broken link.
+ If you manually entered the URL,
+ please verify that it was entered correctly.
+ If you believe that you have received this message in error,
+ please contact
+ <a href="mailto:404@mkegerwitz.com">404@mikegerwitz.com</a>
+ with the full URL of this page.
+
+ </p>
+ <p>
+ You may also check
+ <a id="ia" href="https://web.archive.org/https://mikegerwitz.com/">The Internet
+ Archive</a> for this page.
+ </p>
+</article>
+
+<!-- try to be helpful, if scripts are enabled -->
+<script>
+ // @license magnet:?xt=urn:btih:1f739d935676111cfff4b4693e3816e664797050&dn=gpl-3.0.txt GPL-v3-or-Later
+ document.getElementById( 'ia' ).href =
+ 'https://web.archive.org/' + document.location.href;
+ // @license-end
+</script>
diff --git a/src/about.htm b/src/about.htm
new file mode 100644
index 0000000..231a3ce
--- /dev/null
+++ b/src/about.htm
@@ -0,0 +1,91 @@
+<h1 id="about">About</h1>
+
+<aside class="sm">
+ <img src="/images/me-libreplanet-2016.png"
+ alt="Photo of Mike Gerwitz holding a microphone in front of a blackboard"
+ title="Mike Gerwitz giving LibrePlanet 2016 Talk 'Restore Online Freedom!'"
+ class="inline-img avatar" />
+
+ <p>
+ GPG Fingerprint:
+ <tt>D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05</tt>&nbsp;<!--
+ --><a href="https://emailselfdefense.fsf.org/">[?]</a>
+ </p>
+</aside>
+
+<article class="abstract" aria-labelledby="about">
+ <p>
+ I am a <a href="http://www.gnu.org/philosophy/">free (as in
+ freedom) software</a> <a href="https://stallman.org/articles/on-hacking.html">hacker</a>
+ and user freedom activist with a focus on user privacy and security.
+ I am a professional software developer dealing primarily with web development;
+ compiler construction; and software architecture, and have been
+ programming for about twenty years.
+ My other personal interests include mathematics, cryptography,
+ philosophy and ethics, pedagogy, writing, law, and various other fields.
+ I also closely follow the work of
+ the <a href="http://www.gnu.org/philosophy/">Free Software
+ Foundation</a>, <a href="http://eff.org/">Electronic Frontier
+ Foundation</a>, and other entities devoted to free information and free
+ society.
+ </p>
+ <p>
+ I am the author of <a href="https://gnu.org/software/easejs">GNU
+ ease.js</a>;
+ a member of the <a href="https://www.gnu.org/help/evaluation.html">GNU evaluation</a>
+ team;
+ hold an administrative role within GNU;
+ and volunteer for various other aspects of
+ the <a href="https://gnu.org/">GNU Project</a> and
+ the <a href="https://fsf.org/">Free Software Foundation</a>.
+ </p>
+ <p>
+ I am a <a href="https://stallman.org/articles/on-hacking.html">hacker</a>,
+ not a <a href="https://stallman.org/articles/on-hacking.html">cracker</a>&mdash;the
+ latter breaks the security of systems, while the former expresses playful
+ creativity in their work.
+ </p>
+ <p>
+ Outside of my field,
+ I enjoy time with my family&mdash;including my wife and two
+ sons&mdash;who
+ keep me very busy and help to keep me sane.
+ I also have a fascination with a wide range of sciences that I wish I had
+ the time to devote to researching.
+ </p>
+ <p>
+ Much of this site is devoted to my thoughts and ramblings on various
+ matters and so will contain material that is subject to strong bias;
+ you are encouraged to construct your own opinions.
+ Formal papers contain no such influence without rationale and references.
+ </p>
+ <p>
+ I may be contacted at mtg at gnu dot org.
+ I do not make use of &ldquo;social media&rdquo; websites,
+ though I may (or may not) respond to queries on websites that I am a
+ member of,
+ and I do host my <a href="https://social.mikegerwitz.com/">own GNU
+ Social instance</a>.
+ </p>
+ <p>
+ (Note: This website itself is free/libre&mdash;the source code is
+ available via the commit hash links in the footer of various pages and
+ the content is licensed for free distribution and, in most cases,
+ modification.)
+ </p>
+ <p>
+ I changed GPG keys in October&nbsp;2016;
+ see my <a href="/about/key-transition.txt">key transition statement</a>,
+ signed with both my <a href="/about/key-transition.txt.new.asc">new</a>
+ and <a href="/about/key-transition.txt.old.asc">old</a> keys.
+ </p>
+ <p>
+ <a href="about/resume">View my résumé/CV.</a>
+ </p>
+ <p>
+ <span class="attribution"><a href="https://media.libreplanet.org/u/libreplanet/m/session-03-c-ms-png-libreplanet-2016-sessions-ec00/">LibrePlanet
+ 2016 Photo</a> Copyright&nbsp;©&nbsp;2016 Kori&nbsp;Feener,
+ <a href="https://creativecommons.org/licenses/by/4.0/">CC&nbsp;BY&nbsp;4.0</a>;
+ used with permission.</span>
+ </p>
+</article>
diff --git a/src/about/githubbub.md b/src/about/githubbub.md
new file mode 100644
index 0000000..9893929
--- /dev/null
+++ b/src/about/githubbub.md
@@ -0,0 +1,126 @@
+# GitHubbub! GitHub Does Not Value Software Freedom.
+
+<div class="inline-img octoflop">
+ ![GitHub](/images/octoright-large.png "GitHub logo rotated 270° to resemble a Copyright symbol")\
+</div>
+
+If you hit this page expecting to have been taken to my GitHub profile,
+ then this is probably not what you were looking for;
+ but let me tell you why you're here.
+
+Before providing a link to something hosted on a service,
+ it is important to consider whether the service or website is antithetical
+ to the message you are trying to convey to your readers/visitors,
+ and whether it deserves clarification;
+ there's a little bit of both here.
+
+If you're looking for a host friendly toward free software,
+ take a look at the [GNU ethical repository criteria][gnu-repo],
+ which sets standards for acceptable hosts to parts of the
+ [GNU operating system][gnu].
+
+
+## Non-Free JavaScript
+[Free software][freesw] guarantees your freedom to study,
+ modify,
+ and share the software that you use.
+We value these freedoms on the desktop,
+ so why should we compromise when websites serve proprietary JavaScript
+ [just because it creates the illusion of remote execution][whyfreejs]?
+When you visit a website that serves JavaScript to the client,
+ your web browser is automatically [downloading and executing][jstrap]
+ (often without your permission) ephemeral, unsigned, untrusted software.
+If that JavaScript is not [freely licensed][librejs],
+ then the software running in your web browser is proprietary.
+
+**When you visit `github.com`,
+ you download over 200kB of obfuscated code,
+ much of which is proprietary.**
+This code provides many website features that are fairly essential,
+ and *do not work with JavaScript disabled*:
+
+- Change repository names or descriptions;
+- Delete repositories;
+- Add an SSH key to your account;
+- Fork repositories;
+- Create pull requests;
+- Enable and disable project features;
+- Use the wiki and issue trackers;
+- View graphs of statistics;
+- And others.
+
+That is---GitHub forces you to run proprietary software in order to use much
+ of their website.
+This is a bit startling for a host that owes its very existence to the
+ success and development of free software.
+
+## Desire To Remain Non-Free
+I contacted GitHub back in April 2014 pointing out these concerns and
+ asking if they would be able to either liberate their JavaScript or make
+ GitHub's essential functionality work without JavaScript enabled.
+The first response I received was from one of their "JavaScript Developers":
+
+> Hi Mike,
+>
+> Thanks for getting in touch with us here. Some of our internal projects are
+> specific to running GitHub, and as such will probably remain closed. We do
+> make an effort to open source projects that we create that we think would be
+> beneficial to the community, some of which is JavaScript.
+>
+> You can see a list of some of the open source projects that power GitHub
+> here:
+>
+> https://github.com/showcases/projects-that-power-github
+
+This response is unfortunately misguided---yes,
+ it is good that GitHub produces free software,
+ but it is a false assumption that their proprietary code would serve no
+ benefit to the community:
+ the very existence of their proprietary software [gives them unjust
+ control over their users][unjust];
+ relinquishing that control is of benefit to the community.
+
+I replied to the above message to clarify my point.
+After receiving no response,
+ I forwarded the e-mail to GitHub's original founders:
+ [Tom Preston-Werner][tom],
+ [Chris Wanstrath][chris],
+ and [PJ Hyett][pj].
+The response I received from Chris was blunt and discouraging:
+
+> Hey Mike,
+>
+> We have no plans to release github.com's JavaScript as free software at
+> this time, nor do we have plans to remove the site's dependence on
+> JavaScript. Thanks for the interest.
+
+The original correspondence is provided here:
+
+1. [Original request][gh-request] to `support@github.com`, Tom, Chris, and
+ PJ.
+2. [Reply to my original request][gh-request-reply] from one of the developers.
+3. [My reply to the developer][gh-request2] providing more information and
+ asking for a commitment.
+4. [Forward of my reply][gh-request3] to Tom, Chris, and PJ, after having
+ received no response from the developer.
+5. [Response from Chris Wanstrath][gh-request3-reply] stating that GitHub
+ has "no plans" to liberate its JavaScript or "remove the site's
+ dependence on JavaScript".
+
+
+[gnu-repo]: https://www.gnu.org/software/repo-criteria.html
+[gnu]: https://www.gnu.org/gnu/gnu.html
+[freesw]: https://www.gnu.org/philosophy/free-sw.html
+[whyfreejs]: https://www.gnu.org/software/easejs/whyfreejs.html
+[jstrap]: https://www.gnu.org/philosophy/javascript-trap.html
+[librejs]: https://www.gnu.org/software/librejs/free-your-javascript.html
+[unjust]: https://www.gnu.org/philosophy/free-software-even-more-important.html
+[tom]: https://github.com/mojombo
+[chris]: https://github.com/defunkt
+[pj]: https://github.com/pjhyett
+
+[gh-request]: /docs/gh/email-request.txt
+[gh-request-reply]: /docs/gh/email-request-reply.txt
+[gh-request2]: /docs/gh/email-request2.txt
+[gh-request3]: /docs/gh/email-request3.txt
+[gh-request3-reply]: /docs/gh/email-request3-reply.txt
diff --git a/src/about/inside.htm b/src/about/inside.htm
new file mode 100644
index 0000000..6a815da
--- /dev/null
+++ b/src/about/inside.htm
@@ -0,0 +1,47 @@
+<article>
+ <h1>GNU/Linux Inside</h1>
+
+ <img src="/images/heckert-gnu.png" alt="A Big GNU Head"
+ title="GNU" />
+
+ <p>
+ This website and the server on which it is hosted is run entirely
+ by <a href="https://www.gnu.org/philosophy/">free software</a>.
+ </p>
+ <p>
+ Do you use GNU/Linux or other free software on your website? Flaunt it!
+ Feel free to place the image below on your own website, blog, or
+ anywhere else you see fit to let others know that you support GNU and
+ free software.
+ </p>
+ <p>
+ This image also helps to bring awareness to
+ the <a href="https://www.gnu.org/">GNU operating system</a> as well as
+ <a href="https://www.gnu.org/philosophy/">GNU’s philosophy</a>. The
+ majority of users today consider the operating system to be called
+ &ldquo;Linux&rdquo;, which is false—this is the name of the kernel;
+ <a href="http://www.gnu.org/gnu/linux-and-gnu.html">GNU is the operating
+ system</a>.
+ </p>
+ <p>
+ <em>The page fold is transparent</em>; it will therefore work well with
+ any background color. Please note that this is a PNG with
+ alphatransparency—older browsers that users shouldn’t be using anymore
+ (such as IE 6) will not render it properly unless you take the necessary
+ precautions.
+ </p>
+ <p>
+ <img src="/images/gnu-inside.png" alt="GNU/Linux Inside Page Fold"
+ title="GNU/Linux Inside!">
+ </p>
+ <p>
+ Feel free
+ to <a href="https://www.gnu.org/graphics/gnu-inside.html">download the
+ source file (GIMP)</a>, released under
+ the <a href="https://creativecommons.org/licenses/by-sa/2.0/">Creative
+ Commons Attribution-ShareAlike 2.0 Unported License</a>. It
+ incorporates <a href="https://www.gnu.org/graphics/heckert_gnu.html">``A
+ Bold GNU Head’’</a> by Aurelio A. Heckert, which appears at the top of
+ this page.
+ </p>
+</article>
diff --git a/docs/about/resume.html b/src/about/resume.html
index 1da2d19..1da2d19 100644
--- a/docs/about/resume.html
+++ b/src/about/resume.html
diff --git a/docs/about/resume/.gitignore b/src/about/resume/.gitignore
index a97fa56..a97fa56 100644
--- a/docs/about/resume/.gitignore
+++ b/src/about/resume/.gitignore
diff --git a/docs/about/resume/style-print.css b/src/about/resume/style-print.css
index 96867ed..96867ed 100644
--- a/docs/about/resume/style-print.css
+++ b/src/about/resume/style-print.css
diff --git a/docs/about/resume/style.css b/src/about/resume/style.css
index b03b078..b03b078 100644
--- a/docs/about/resume/style.css
+++ b/src/about/resume/style.css
diff --git a/src/cgit/README b/src/cgit/README
new file mode 100644
index 0000000..c0a8dec
--- /dev/null
+++ b/src/cgit/README
@@ -0,0 +1,4 @@
+cgit Configuration
+==================
+These files are used by cgit at /projects.
+
diff --git a/src/cgit/cgitrc b/src/cgit/cgitrc
new file mode 100644
index 0000000..bdabae9
--- /dev/null
+++ b/src/cgit/cgitrc
@@ -0,0 +1,171 @@
+#
+# cgit config
+# see cgitrc(5) for details
+
+root-title=Projects
+root-desc=Free Software projects, configurations, and playthings
+#root-readme=/var/gitrepos/README.html
+
+logo-link=https://mikegerwitz.com/
+virtual-root=/projects/
+
+enable-http-clone=1
+clone-url=https://mikegerwitz.com/projects/$CGIT_REPO_URL
+snapshots=tar.gz tar.bz2 zip
+
+enable-index-owner=0
+enable-index-links=1
+enable-commit-graph=1
+enable-log-filecount=1
+enable-log-linecount=1
+
+repository-sort=name
+branch-sort=age
+max-stats=quarter
+
+head-include=/var/gitrepos/head.html
+header=/var/gitrepos/header.html
+footer=/var/gitrepos/footer.html
+css=/projects/static/cgit.css
+logo=
+
+source-filter=/usr/lib/cgit/filters/syntax-highlighting.py
+about-filter=/usr/lib/cgit/filters/about-formatting.sh
+
+readme=:README.md
+readme=:README
+
+section-sort=0
+
+section=libs / frameworks
+
+repo.url=easejs
+repo.name=GNU ease.js
+repo.path=/var/gitrepos/easejs.git
+repo.desc=Classical object-oriented framework for JavaScript
+#repo.logo=/images/heckert-gnu.png
+
+repo.url=liza
+repo.path=/var/gitrepos/liza.git
+repo.desc=Data collection, validation, and processing framework for JavaScript [employer project]
+
+repo.url=hoxsl
+repo.path=/var/gitrepos/hoxsl.git
+repo.desc=Higher-order logic for XSLT 2.0
+
+repo.url=shspec
+repo.path=/var/gitrepos/shspec.git
+repo.desc=BDD framework for shell
+
+
+section=languages / compilers
+
+repo.url=tame
+repo.name=TAME
+repo.path=/var/gitrepos/tame.git
+repo.desc=The Adaptive Metalanguage [employer project]
+
+repo.url=liza-proguic
+repo.path=/var/gitrepos/liza-proguic.git
+repo.desc=Declarative DSL for Liza programs [employer project]
+
+repo.url=literate-xsl
+repo.path=/var/gitrepos/literate-xsl.git
+repo.desc=Literate documentation weaver for XSLT 2.0
+
+
+section=misc
+
+repo.url=night
+repo.path=/var/gitrepos/night.git
+repo.desc=Nighttime hacks: playful creativity as a form of relaxation
+
+repo.url=git-shortmaps
+repo.path=/var/gitrepos/git-shortmaps.git
+repo.desc=Simple one--three-character bash aliases for Git with tab completion
+
+repo.url=dotfiles
+repo.path=/var/gitrepos/dotfiles.git
+repo.desc=Personal system configuration and miscellaneous scripts
+
+
+section=talks
+
+repo.url=sapsf
+repo.name=SAPSF
+repo.path=/var/gitrepos/sapsf.git
+repo.desc=The Surreptitious Assault on Privacy, Security, and Freedom (LibrePlanet 2017)
+
+repo.url=ethics-void
+repo.name=The Ethics Void
+repo.path=/var/gitrepos/ethics-void.git
+repo.desc=The Ethics Void (LibrePlanet 2018)
+
+repo.url=online-freedom
+repo.name=Restore Online Freedom!
+repo.path=/var/gitrepos/online-freedom.git
+repo.desc=Restore Online Freedom! (LibrePlanet 2016)
+
+
+section=papers
+
+repo.url=coope
+repo.name=COOPE
+repo.path=/var/gitrepos/coope.git
+repo.desc=Classical Object-Oriented Programming with ECMAScript (2012)
+
+repo.url=cptt
+repo.name=cptt
+repo.path=/var/gitrepos/cptt.git
+repo.desc=Discussion on Compilers: Principles, Techniques, and Tools (2013)
+
+
+section=websites
+
+repo.url=repo2html
+repo.path=/var/gitrepos/repo2html.git
+repo.desc=Repository-agnostic HTML generator (used to generate mikegerwitz.com)
+
+repo.url=thoughts
+repo.path=/var/gitrepos/thoughts.git
+repo.desc=Thoughts and Ramblings (mikegerwitz.com)
+
+
+
+section=on-hold
+
+repo.url=guile-mime
+repo.path=/var/gitrepos/guile-mime.git
+repo.desc=MIME library and globs2 parser for Guile
+
+repo.url=lasertank-js
+repo.path=/var/gitrepos/lasertank-js.git
+repo.desc=Clone of the classic 1990s game LaserTank
+
+repo.url=pkgsh
+repo.path=/var/gitrepos/pkgsh.git
+repo.desc=Library to aid in the factoring of large programs written in shell
+
+
+section=archive
+
+repo.url=epmanners
+repo.path=/var/gitrepos/epmanners.git
+repo.desc=Teach LaTeX some manners to respect \everypar
+
+repo.url=gsgp
+repo.path=/var/gitrepos/gsgp.git
+repo.desc=GNU Screen Gaming Platform
+
+repo.url=jstonic
+repo.path=/var/gitrepos/jstonic.git
+repo.desc=Miscellaneous library built upon GNU ease.js
+
+repo.url=rectest
+repo.path=/var/gitrepos/rectest.git
+repo.desc=Browser-based recollection test
+
+repo.url=lvspec
+repo.path=/var/gitrepos/lvspec.git
+repo.desc=LaTeX specification library for LoVullo Associates with a focus on Liza/TAME [employer project]
+
diff --git a/src/cgit/footer.sh b/src/cgit/footer.sh
new file mode 100755
index 0000000..c1e6d75
--- /dev/null
+++ b/src/cgit/footer.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+# Extracts relevant portion of footer for cgit
+#
+# Copyright (C) 2019 Mike Gerwitz
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+##
+
+set -euo pipefail
+
+main()
+{
+ awk 'NR==1,/<\/footer>/{ print }' < src/footer.tpl.htm
+}
+
+main "$@"
diff --git a/src/cgit/head.html b/src/cgit/head.html
new file mode 100644
index 0000000..557e103
--- /dev/null
+++ b/src/cgit/head.html
@@ -0,0 +1,2 @@
+<link rel="stylesheet" type="text/css" href="/style.css" />
+<meta name="viewport" content="initial-scale=1.0" />
diff --git a/src/cgit/header.sh b/src/cgit/header.sh
new file mode 100755
index 0000000..62eb30c
--- /dev/null
+++ b/src/cgit/header.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+# Extracts relevant portion of header for cgit
+#
+# Copyright (C) 2019 Mike Gerwitz
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+##
+
+set -euo pipefail
+
+main()
+{
+ awk '/<header>/,/<main>/{ print }' < <( src/mkheader projects )
+}
+
+main "$@"
diff --git a/src/footer.tpl.htm b/src/footer.tpl.htm
new file mode 100644
index 0000000..63a5e58
--- /dev/null
+++ b/src/footer.tpl.htm
@@ -0,0 +1,109 @@
+ </main>
+
+ <footer>
+ <div>
+ <a href="/about/inside" class="page-flip">
+ <img src="/images/gnu-inside.png" alt="GNU/Linux Inside!" />
+ </a>
+ </div>
+ <nav id="selflinks" class="affiliation-list" aria-label="Affiliations">
+ <ul>
+ <li>
+ <a href="https://gitlab.com/u/mikegerwitz">
+ <img src="/images/gitlab.svg"
+ alt="mikegerwitz on GitLab"
+ title="mikegerwitz on GitLab"
+ width="42" height="42" border="0" />
+ </a>
+ </li>
+
+ <li>
+ <a href="/about/githubbub">
+ <img src="/images/octoright-42.png"
+ alt="Don't see me on GitHub"
+ title="Don't see me on GitHub"
+ width="42" height="42" border="0" />
+ </a>
+ </li>
+
+ <li>
+ <a href="https://savannah.gnu.org/users/mikegerwitz">
+ <img src="/images/meditate-42.png"
+ alt="See me on Savannah"
+ title="See me on Savannah"
+ width="42" height="42" border="0" />
+ </a>
+ </li>
+
+ <li>
+ <a href="https://news.ycombinator.com/user?id=mikegerwitz"
+ title="mikegerwitz on Hacker News"
+ class="hn-icon">HN</a>
+ </li>
+
+ <li>
+ <a href="https://www.fsf.org/register_form?referrer=5804">
+ <img src="/images/fsf-42.png"
+ alt="FSF Member #5804"
+ title="FSF Member #5804"
+ width="42" height="42" border="0" />
+ </a>
+ </li>
+
+ <li>
+ <a href="https://www.eff.org/">
+ <img src="/images/eff-42.png"
+ alt="EFF Member"
+ title="EFF Member"
+ width="42" height="42" border="0" />
+ </a>
+ </li>
+ </ul>
+ </nav>
+
+ <section class="site-nav">
+ <nav aria-labelledby="nav-general">
+ <h2 id="nav-general">General</h2>
+ <ul>
+ <li><a href="/about">About</a></li>
+ <li><a href="/about/resume">Résumé</a></li>
+ <li><a href="https://social.mikegerwitz.com/">GNU Social</a></li>
+ <li><a href="/about/inside">GNU/Linux Inside</a></li>
+ </ul>
+ </nav>
+
+ <nav aria-labelledby="nav-works">
+ <h2 id="nav-works">Works</h2>
+ <ul>
+ <li><a href="/posts">Posts</a></li>
+ <li><a href="/talks">Talks</a></li>
+ <li><a href="/projects">Projects</a></li>
+ <li><a href="/papers">Papers</a></li>
+ <li><a href="/projects/thoughts">Website Source Code</a></li>
+ </ul>
+ </nav>
+
+ <nav aria-labelledby="nav-resources">
+ <h2 id="nav-works">Resources</h2>
+ <ul>
+ <li><a href="https://www.gnu.org/philosophy/free-sw.html">Free/Libre
+ Software</a></li>
+ <li><a href="https://www.gnu.org/">The GNU Project</a></li>
+ <li><a href="https://www.gnu.org/licenses/license-list.en.html">Free
+ Software Licenses</a></li>
+ <li><a href="https://stallman.org/articles/on-hacking.html">Richard
+ Stallman On Hacking</a></li>
+ <li><a href="https://www.gnu.org/philosophy/proprietary.html">Proprietary
+ Software Is Often Malware</a></li>
+ </ul>
+ </nav>
+ </section>
+
+ <p id="copyright">
+ Copyright &copy; 2019 Mike Gerwitz.
+ Licensed under the Creative Commons Attribution-ShareAlike&nbsp;4.0
+ International License.
+ </p>
+ </footer>
+ </body>
+</html>
diff --git a/src/h12title b/src/h12title
new file mode 100755
index 0000000..b5f6026
--- /dev/null
+++ b/src/h12title
@@ -0,0 +1,44 @@
+#!/bin/bash
+# Copies first body h1 text into title
+#
+# Copyright (C) 2019 Mike Gerwitz
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# This assumes that an <article> tag exists and assumes that is the main
+# content from which the title ought to be derived.
+##
+
+set -euo pipefail
+
+
+main()
+{
+ local -r placeholder=${1?Missing placeholder}
+
+ local body;
+ body=$( cat )
+
+ local title
+ title=$(
+ <<<"$body" grep -A10 '<main' \
+ | grep '<h1' \
+ | head -n1 \
+ | grep -oP '(?<=>)[^<]+' \
+ )
+
+ sed "s#$placeholder#${title/&/\\&}#" <<< "$body"
+}
+
+main "$@"
diff --git a/src/header.tpl.htm b/src/header.tpl.htm
new file mode 100644
index 0000000..f2aa0e7
--- /dev/null
+++ b/src/header.tpl.htm
@@ -0,0 +1,30 @@
+<!DOCTYPE html>
+<html>
+ <head>
+ <meta charset="utf-8" />
+ <link rel="alternate" title="RSS Feed"
+ href="rss.xml" type="application/rss+xml" />
+ <link rel="stylesheet" type="text/css" href="/style.css" />
+ <title>@PAGE_TITLE@Mike Gerwitz</title>
+ <meta name="viewport" content="initial-scale=1.0" />
+ </head>
+ <body class="@PAGE_TYPE@">
+ <header>
+ <hgroup id="author">
+ <h1 class="title"><a href="/">Mike Gerwitz</a></h1>
+ <h2 class="desc">Free Software Hacker+Activist</h2>
+ </hgroup>
+
+ <nav class="menu" aria-label="Main Navigation">
+ <ul>
+ <li><a href="/about">About</a></li>
+ <li><a href="/posts">Posts</a></li>
+ <li><a href="/talks">Talks</a></li>
+ <li><a href="/projects">Projects</a></li>
+ <li><a href="/papers">Papers</a></li>
+ <li><a href="//social.mikegerwitz.com/" title="My GNU Social Instance">Social</a></li>
+ </ul>
+ </nav>
+ </header>
+
+ <main>
diff --git a/src/index.sh b/src/index.sh
new file mode 100755
index 0000000..83a38f0
--- /dev/null
+++ b/src/index.sh
@@ -0,0 +1,133 @@
+#!/bin/bash
+# Generate index HTML page
+#
+# Copyright (C) 2019 Mike Gerwitz
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# The index page consists of post abstracts, some static text, and the
+# static header and footer. All post metadata files must have been built,
+# along with `post/list'.
+#
+# This script includes the static body (see `main').
+##
+
+set -euo pipefail
+
+
+# Get the file name of the Nth most recent post. This relies on the
+# existence of `post/list'.
+pnfile()
+{
+ local -ri n=${1?Missing relative post number}
+
+ sed "${n}q;d" post/list
+}
+
+
+# Read field FIELD from post metadata recfile FILE.
+pmeta()
+{
+ local -r file=${1?Missing file name}
+ local -r field=${2?Missing field name}
+
+ recsel -P "$field" "$file"
+}
+
+
+# Process each numeric argument using `abstract'. Each argument must be a
+# relative post number (see `pnfile').
+abstracts()
+{
+ while [ $# -gt 0 ]; do
+ abstract "$1"
+ shift
+ done
+}
+
+
+# Generate HTML for relative post number N (see `pnfile').
+abstract()
+{
+ local -ri n=${1?Missing relative post number}
+
+ local file title date slug body
+ file=$( pnfile "$n" )
+ title=$( pmeta "$file" subject )
+ date=$( pmeta "$file" date )
+ slug=$( pmeta "$file" slug )
+ body=$( pmeta "$file" abstract )
+
+ cat <<EOF
+<article class="abstract">
+ <h2 class="title"><a href="/$slug">$title</a></h2>
+ $body
+ <p class="date">Posted on $date.
+ <a href="/$slug">Read more &raquo;</a>
+ </p>
+</article>
+EOF
+}
+
+
+# Generate index HTML page.
+# TODO: Factor out static sections.
+main()
+{
+ src/mkheader index
+
+ cat <<EOF
+<h1 id="latest-posts">Latest Posts</h1>
+<section class="asideable" aria-labelledby="latest-posts">
+ $( abstracts {1..2} )
+</section>
+
+<aside>
+ <ul class="links">
+ <li><a class="box free-sw" href="#">What is Free/Libre Software?</a></li>
+ <li><a class="box eff-privacy" href="#">EFF on Privacy</a></li>
+ </ul>
+</aside>
+
+<section class="highlight">
+ <h1 class="title">The Surreptitious Assault on Privacy, Security,
+ and Freedom</h1>
+
+ <aside>
+ Each of these essential rights are being surreptitiously
+ assaulted; only the most technical among us even know what to look
+ for, let alone how to defend ourselves. Governments, corporations,
+ and groups of ill-minded individuals are spying and preying upon
+ both users and bystanders with unprecedented frequency and
+ breadth.
+ </aside>
+
+ <a href="#" class="lp-watch">Watch LibrePlanet&nbsp;2017 Talk</a>
+ <br clear="both" />
+</section>
+
+<section class="compact sm">
+ <h1 id="older-posts">Older Posts</h1>
+
+ $( abstracts {3..8} )
+
+ <a class="view-all" href="/posts">View all posts</a>
+</section>
+EOF
+
+ cat src/footer.tpl.htm
+}
+
+
+main "$@"
diff --git a/src/mkheader b/src/mkheader
new file mode 100755
index 0000000..292fe4f
--- /dev/null
+++ b/src/mkheader
@@ -0,0 +1,53 @@
+#!/bin/bash
+# Generate HTML header
+#
+# Copyright (C) 2019 Mike Gerwitz
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# The header is mostly static but contains a dynamic page type and title.
+##
+
+set -euo pipefail
+
+declare -ri EX_USAGE=64
+
+
+# Generate header by populating @PAGE_{TITLE,TYPE}@. If no title is given,
+# then the title will be completely omitted. If provided, it will have an
+# em dash delimiter appended, with whitespace on both sides for visual
+# clarity (contrary to my usual typographical conventions).
+main()
+{
+ local -r type=${1?Missing type}
+ local -r title_orig=${2:-}
+
+ local -r title=${title_orig/&/\\&amp;}
+
+ [[ $type =~ ^[a-z]+$ ]] || {
+ echo 'error: type must be an all-lowercase word'
+ exit $EX_USAGE
+ }
+
+ [[ ! $title =~ \# ]] || {
+ echo "error: title must not contain \`#'"
+ exit $EX_USAGE
+ }
+
+ sed "s#@PAGE_TITLE@#$title${title:+ \\&mdash; }#g
+ s#@PAGE_TYPE@#$type#g" \
+ src/header.tpl.htm
+}
+
+main "$@"
diff --git a/src/pandoc.tpl b/src/pandoc.tpl
new file mode 100644
index 0000000..c8deb96
--- /dev/null
+++ b/src/pandoc.tpl
@@ -0,0 +1,28 @@
+$for(include-before)$
+$include-before$
+
+$endfor$
+$if(toc)$
+$toc$
+
+$endif$
+
+<article>
+$body$
+
+$if(tags)$
+<section class="tags" aria-label="Tags">
+ <h2>Tags</h2>
+ <ul class="tags">
+ $for(tags)$
+ <li>$tags$</li>
+ $endfor$
+ </ul>
+</section>
+$endif$
+</article>
+
+$for(include-after)$
+
+$include-after$
+$endfor$
diff --git a/src/papers.rec b/src/papers.rec
new file mode 100644
index 0000000..137a620
--- /dev/null
+++ b/src/papers.rec
@@ -0,0 +1,41 @@
+id: git-horror-story
+type: post
+ref: 2012-05-22-a-git-horror-story-repository-integrity-with-signed-commits
+
+id: coope
+type: latex
+ref: papers/coope
+pubdate: 2012-05-06
+
+id: cptt
+type: latex
+ref: papers/cptt
+pubdate: 2013-05-13
+
+id: national-uproar
+type: post
+ref: 2013-06-10-national-uproar-a-comprehensive-overview-of-the-nsa-leaks-and-revelations
+
+id: gnu-kwindows
+type: post
+ref: 2016-04-06-gnu-kwindows
+
+id: gitlab-gitorious-freesw
+type: post
+ref: 2015-05-20-gitlab-gitorious-and-free-software
+
+id: copyleft-vs-community
+type: post
+ref: 2013-08-13-freebsd-clang-and-gcc-copyleft-vs-community
+
+id: re-fsf-waste-away
+type: post
+ref: 2013-01-26-re-fsf-wastes-away-another-high-priority-project
+
+id: vlc-lgpl
+type: post
+ref: 2012-11-17-vlcs-move-to-lgpl
+
+id: re-skype-let-spy
+type: post
+ref: 2013-01-30-re-who-does-skype-let-spy
diff --git a/src/papers.sh b/src/papers.sh
new file mode 100755
index 0000000..1137b29
--- /dev/null
+++ b/src/papers.sh
@@ -0,0 +1,183 @@
+#!/bin/bash
+# Generate papers HTML page
+#
+# Copyright (C) 2019 Mike Gerwitz
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# Papers are (at least at present) written in LaTeX, whereas articles are
+# simply posts. Both are specified in $PAPERFILE. This page generates
+# abstracts for both formats, along with links to each of their output
+# formats (one or more of PDF, DVI, HTML).
+##
+
+set -euo pipefail
+
+# Refile containing paper references and metadata.
+declare -r PAPERFILE=${PAPERFILE:-src/papers.rec}
+
+
+# List ids of all papers in $PAPERFILE.
+paper-list()
+{
+ recsel -CP id "$PAPERFILE"
+}
+
+
+# Retrieve field FIELD from paper ID in $PAPERFILE.
+paper-field()
+{
+ local -r id=${1?Missing paper id}
+ local -r field=${2?Missing paper field}
+
+ recsel -P "$field" -e "id = '$id'" "$PAPERFILE"
+}
+
+
+# Read field FIELD from post metadata recfile FILE.
+post-field()
+{
+ local -r ref=${1?Missing post name}
+ local -r field=${2?Missing field name}
+
+ recsel -P "$field" "post/$ref.meta"
+}
+
+
+# Generate abstract for article or paper ID. Delegates to one of
+# {post,latex}-abstract based on its type.
+abstract()
+{
+ local -r id=${1?Missing paper id}
+
+ local type ref
+ type=$( paper-field "$id" type )
+ ref=$( paper-field "$id" ref )
+
+ case "$type" in
+ post|latex)
+ "$type-abstract" "$id" "$ref";;
+ *)
+ echo "Unknown paper type for id \`$id" >&2
+ return 1
+ esac
+}
+
+
+
+# Generate abstract for post REF.
+post-abstract()
+{
+ local -r ref=${2?Missing post ref}
+
+ local id title date abstract slug
+ id=$( post-field "$ref" id )
+ title=$( post-field "$ref" subject )
+ date=$( post-field "$ref" date )
+ abstract=$( post-field "$ref" abstract )
+ slug=$( post-field "$ref" slug )
+
+ cat <<EOF
+<article class="abstract paper">
+ <h2 class="title" id="$id"><a href="/$slug">$title</a></h2>
+
+ <ul class="links">
+ <li class="title">Formats:</li>
+ <li><a href="/$slug">View HTML</a></li>
+ </ul>
+
+ $abstract
+
+ <p class="date">Posted on $date.</p>
+</article>
+EOF
+}
+
+
+# Extract title from LaTeX document. Note that this performs no actual
+# processing on that title, so this will need to be e.g. run through Pandoc
+# in the future if titles contain something that should be parsed (like
+# dashes).
+latex-title()
+{
+ head -n1 | sed '1s/^% //;1a\\'
+}
+
+
+# Produce text of LaTeX abstract (from its abstract.tex).
+#
+# Two minor transformations are made: Footnotes are removed by exploiting
+# Pandoc's behavior of ignoring unknown/unsupported commands, since that
+# doesn't look very good in the abstract output. Emdashes have whitespace
+# on either side removed to translate to my modern convention (this can be
+# removed when old papers are updated).
+latex-abstract-text()
+{
+ sed 's/\\footnote/\\void/;
+ s/ \+--- \+/---/g' \
+ | pandoc -flatex -thtml
+}
+
+
+# Generate abstract for LaTeX document (from abstract.tex) ID located at
+# path REF. REF is expected to contain `abstract.tex' and `REF.tex', along
+# with the built `REF.pdf' and `REF.dvi'.
+latex-abstract()
+{
+ local -r id=${1?Missing paper id}
+ local -r ref=${2?Missing paper ref}
+
+ local -r abstract_tex="$ref/abstract.tex"
+ local -r main="$ref/${ref##*/}.tex"
+ local -r sans=${main%/*.tex}
+
+ local title abstract pubdate
+ title=$( latex-title < "$main" )
+ abstract=$( latex-abstract-text < "$abstract_tex" )
+ pubdate=$( paper-field "$id" pubdate )
+
+ cat <<EOF
+<article class="abstract paper">
+ <h2 class="title" id="$id"><a href="/$sans.pdf">$title</a></h2>
+
+ <ul class="links">
+ <li class="title">Formats:</li>
+ <li><a href="/$sans.pdf">View PDF</a></li>
+ <li><a href="/$sans.dvi">View DVI</a></li>
+ </ul>
+
+ $abstract
+
+ <p class="date">Published on $pubdate.</p>
+</article>
+EOF
+}
+
+
+# Generate papers page.
+main()
+{
+ src/mkheader papers Papers
+
+ local papers
+ papers=$( recsel -P id src/papers.rec )
+
+ echo '<h1>Papers / Articles</h1>'
+ paper-list | while read id; do abstract "$id"; done
+
+ cat src/footer.tpl.htm
+}
+
+
+main "$@"
diff --git a/src/post2html b/src/post2html
new file mode 100755
index 0000000..803fef7
--- /dev/null
+++ b/src/post2html
@@ -0,0 +1,106 @@
+#!/bin/bash
+# Generate HTML from post Markdown source
+#
+# Copyright (C) 2019 Mike Gerwitz
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# This script accepts the file name rather than data on stdin because the
+# filename encodes the post date.
+#
+# Note that the `pagetitle' is set to "ignoreme"---it is not used, but is
+# needed to suppress the warning pandoc produces without suppressing all
+# warnings.
+#
+# Pandoc is used to generate the HTML and includes a (mostly) static header
+# and footer. Note that this duplicates the date logic in `post2meta',
+# because that must be run on this output, but the post must also contain
+# the date, and we want to do all HTML processing now.
+##
+
+declare -r srcref=/projects/thoughts/tree
+
+set -euo pipefail
+
+# Pandoc output format and extensions.
+declare -ra ext=(
+ markdown
+ smart
+ footnotes
+ gfm_auto_identifiers
+ fancy_lists
+ startnum
+ tex_math_dollars
+)
+
+
+# Convert extensions to `+'-delimited string.
+pexts()
+{
+ local IFS=+
+ echo "${ext[*]}"
+}
+
+
+# Wrap h1 in an hgroup along with the post date.
+#
+# Sometimes this script is used on things that aren't posts (e.g. normal
+# pages), in which case a date will be unavailable and the output will be
+# unchanged.
+hgroup-wrap()
+{
+ local -r date=${1?Missing date}
+ local -r file=${2?Missing file}
+
+ # Abort if this is not a date prefix
+ [[ $date =~ [0-9]{4}-[0-9]{2}-[0-9]{2} ]] || {
+ cat
+ return
+ }
+
+ local -r repo_href="$srcref/$file"
+
+ local anchor
+ printf -vanchor '<a class="muted" href="%s">%s</a>' \
+ "$repo_href" \
+ "$date"
+
+ sed '/^<h1/{
+ i<hgroup>
+ a<h2 class="date">'"$anchor"'</h2></hgroup>
+ }'
+}
+
+
+# Generate HTML from post. Note that `pagetitle' is set just to suppress
+# Pandoc warnings about it missing; it is unused.
+main()
+{
+ local -r file=${1?Missing file name}
+ local -r base=$( basename "$file" .md )
+ local -r date=${base:0:10}
+
+ pandoc -f"$( pexts )" -thtml5 \
+ --standalone --template src/pandoc.tpl \
+ --metadata pagetitle:ignoreme \
+ --base-header-level=1 \
+ -B <( src/mkheader post @__PAGE_TITLE__@ ) \
+ -A src/footer.tpl.htm \
+ < "$file" \
+ | src/h12title @__PAGE_TITLE__@ \
+ | hgroup-wrap "$date" "$file"
+}
+
+
+main "$@"
diff --git a/src/post2meta b/src/post2meta
new file mode 100755
index 0000000..f00a483
--- /dev/null
+++ b/src/post2meta
@@ -0,0 +1,82 @@
+#!/usr/bin/gawk -f
+# Cache post data in metadata recutils file
+#
+# Copyright (C) 2019 Mike Gerwitz
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# Generates database of metadata for a given post in recutils format for use
+# by other scripts. The post must have already been converted to HTML using
+# `post2html' or some equivalent means.
+#
+# This script is also responsible for determining what constitutes the
+# abstract, which we consider to be everything after the subject line but
+# before the end-of-abstract marker "<!-- more -->". If no such marker
+# exists then the script exits in error.
+##
+
+# Output author and post date derived from the file name.
+BEGINFILE {
+ match( FILENAME, /[^/]+$/, name )
+
+ # TODO: configurable
+ print "author: Mike Gerwitz <mtg@gnu.org>"
+
+ printf "date: %s\n",
+ gensub( /^(.{10}).*$/, "\\1", "", name[0] )
+}
+
+# Wait until after <main>; everything before it is the HTML header.
+/^ *<main>/ { main=1 }
+!main { next }
+
+
+# The first header represents the subject/title and also contains the
+# unique id for this post (as generated by `post2html').
+main && /^<h1 / {
+ # Strip header tags from subject.
+ print "subject: " gensub( /<\/?h[^>]+>/, "", "g" )
+
+ # Grab the generated id from the header and use it to
+ # generate a complete slug.
+ printf "slug: %s\n", \
+ gensub( /^([0-9]+)-([0-9]+)-[0-9]+-(.*)\.[a-z]+$/,
+ "\\1/\\2/\\3",
+ "",
+ name[0] )
+
+ # Skip the date line immediately following the header and grab the first
+ # line of the abstract.
+ getline
+ getline
+
+ printf "abstract: %s\n", $0
+ a = 1
+ next
+}
+
+# The end-of-abstract marker is "<!-- more -->". Until we reach that point,
+# output each line of the abstract prefixed by a `+', which is the recutils
+# line continuation marker.
+/^<!-- more -->/ { exit }
+a { printf "+ %s\n", $0 }
+
+# If we get to this point, that means that there is no end-of-abstract
+# marker, which we will consider to be an error just to make sure that the
+# author didn't forget to add one. If the entire post is to be considered
+# part of the abstract, then the marker can be added at the end of the post.
+ENDFILE {
+ print "error: missing '<!-- more -->'" > "/dev/stderr"
+ exit 1
+}
diff --git a/src/posts.sh b/src/posts.sh
new file mode 100755
index 0000000..a3c6182
--- /dev/null
+++ b/src/posts.sh
@@ -0,0 +1,103 @@
+#!/bin/bash
+# Generate posts HTML page
+#
+# Copyright (C) 2019 Mike Gerwitz
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# The generated page contains the abstracts of _all_ posts; this may get
+# unwieldy over time.
+#
+# TODO: Maybe refactor common abstract logic with `index.sh' and
+# `papers.sh'?
+##
+
+set -euo pipefail
+
+# Last generated yet (see `abstract-from').
+declare -i lastyear=0
+
+
+# Get the file name of the Nth most recent post. This relies on the
+# existence of `post/list'.
+pnfile()
+{
+ local -ri n=${1?Missing relative post number}
+
+ sed "${n}q;d" post/list
+}
+
+
+# Read field FIELD from post metadata recfile FILE.
+pmeta()
+{
+ local -r file=${1?Missing file name}
+ local -r field=${2?Missing field name}
+
+ recsel -P "$field" "$file"
+}
+
+
+# Generate HTML for relative post number N (see `pnfile').
+abstract-from()
+{
+ local -r file=${1?Missing post file name}
+
+ local title date slug body
+ title=$( pmeta "$file" subject )
+ date=$( pmeta "$file" date )
+ slug=$( pmeta "$file" slug )
+ body=$( pmeta "$file" abstract )
+
+ local -ri year=${date:0:4}
+
+ if [ $year -ne $lastyear ]; then
+ test $lastyear -eq 0 || echo '</section>'
+ lastyear=$year
+
+ cat <<EOF
+<section class="compact">
+<h1>$year</h1>
+EOF
+ fi
+
+ cat <<EOF
+<article class="abstract">
+ <h2 class="title"><a href="$slug">$title</a></h2>
+ $body
+ <p class="date">Posted on $date.
+ <a href="$slug">Read more &raquo;</a>
+ </p>
+</article>
+EOF
+}
+
+
+# Generate posts page.
+main()
+{
+ src/mkheader posts Posts
+
+ local file
+ while read file; do
+ abstract-from "$file"
+ done < post/list
+
+ echo '</section><br class="end" />'
+
+ cat src/footer.tpl.htm
+}
+
+
+main "$@"
diff --git a/src/redirect-map.php b/src/redirect-map.php
new file mode 100644
index 0000000..800e952
--- /dev/null
+++ b/src/redirect-map.php
@@ -0,0 +1,69 @@
+<?php
+/**
+ * Redirect old post ("thought") pages
+ *
+ * Copyright (C) 2019 Mike Gerwitz
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * This script should only be invoked for post paths containing an uppercase
+ * character.
+ *
+ * When this site migrated away from repo2html, ids were changed to be all
+ * lowercase. Further, some of the ids changed in other ways. To handle
+ * that latter case, a manual mapping was created.
+ *
+ * This script issues permanent redirects and, for security reasons, works
+ * only for post pages.
+ */
+
+$req_path = strtolower( $_GET[ 'path' ] );
+
+// Abort immediately if this is not a blog post (prevent this script from
+// being used for arbitrary redirects)
+if ( !preg_match( '#^/\d{4}/\d{2}/#', $req_path ) ) {
+ http_response_code( 500 );
+ die( 'Unsupported redirect' );
+}
+
+// Map from old to new location
+$map = [
+ "/2012/10/digitizing-books-is-fair-use-author-s-guild-v.-hathitrust" => "/2012/10/digitizing-books-is-fair-use-authors-guild-v-hathitrust",
+ "/2012/10/getting-too-tired-to-hack-at-23-00" => "/2012/10/getting-too-tired-to-hack-at-2300",
+ "/2012/10/jailbreaking-and-dcma-eff-touts-victory-fsf-warns-of-failure" => "/2012/10/jailbreaking-and-dcmaeff-touts-victory-fsf-warns-of-failure",
+ "/2012/10/openwireless.org" => "/2012/10/openwirelessorg",
+ "/2012/10/the-use-of-trademarks-in-free-software-has-always-been-a-curious-and-unclear" => "/2012/10/trademarks-in-free-software",
+ "/2012/10/ubuntu-12.10-privacy-amazon-ads-and-data-leaks" => "/2012/10/ubuntu-1210-privacy-amazon-ads-and-data-leaks",
+ "/2012/11/copyright-reform-you-re-silly" => "/2012/11/copyright-reform-youre-silly",
+ "/2012/11/u.s.-copyright-alert-system" => "/2012/11/us-copyright-alert-system",
+ "/2012/11/vlc-s-move-to-lgpl" => "/2012/11/vlcs-move-to-lgpl",
+ "/2013/04/u.s.-house-passes-cispa" => "/2013/04/us-house-passes-cispa",
+ "/2013/08/freebsd-clang-and-gcc-copyleft-vs.-community" => "/2013/08/freebsd-clang-and-gcc-copyleft-vs-community",
+ "/2013/08/windows-8.1-to-display-targeted-advertisements-on-local-system-searches" => "/2013/08/windows-81-to-display-targeted-advertisements-on-local-system-searches",
+ "/2014/03/re-freebsd-clang-and-gcc-copyleft-vs.-community" => "/2014/03/re-freebsd-clang-and-gcc-copyleft-vs-community",
+ "/2016/01/google-analytics-removed-from-gitlab.com-instance" => "/2016/01/google-analytics-removed-from-gitlabcom-instance",
+ "/2016/08/nso-group-pegasus-trident-ios-exploits-targeting-human-rights-activist" => "/2016/08/nso-group-pegasus-tridentios-exploits-targeting-human-rights-activist",
+ "/2017/06/don-t-force-me-to-use-your-tools-on-the-web" => "/2017/06/dont-force-me-to-use-your-tools-on-the-web",
+ "/2018/04/when-talking-about-mobile-tracking-don-t-veil-bad-actors-with-blanket-statements" => "/2018/04/when-talking-about-mobile-tracking-dont-veil-bad-actors-with-blanket-statements",
+ "/2018/10/webmasters-please-don-t-block-tor" => "/2018/10/webmasters-please-dont-block-tor",
+];
+
+// Redirect either to the mapped location or to the lowercased location
+$dest_path = ( isset( $map[ $req_path ] ) )
+ ? $map[ $req_path ]
+ : $req_path;
+
+// Permanent redirect
+http_response_code( 301 );
+header( "Location: $dest_path" );
diff --git a/src/rss.sh b/src/rss.sh
new file mode 100755
index 0000000..5fb506f
--- /dev/null
+++ b/src/rss.sh
@@ -0,0 +1,115 @@
+#!/bin/bash
+# Generate RSS feed from given post metadata files
+#
+# Copyright (C) 2019 Mike Gerwitz
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# All posts must be provided on the command line as a path to each
+# individual metadata file, in the order in which they should appear in the
+# feed output.
+##
+
+set -euo pipefail
+
+# Website root URL.
+declare -r www=${WWW_URL:-https://mikegerwitz.com}
+
+
+# Look up metadatum FIELD in metafile FILE.
+pmeta()
+{
+ local -r file=${1?Missing metafile name}
+ local -r field=${2?Missing field name}
+
+ recsel -P "$field" "$file"
+}
+
+
+# Generate RSS item for each post in provided arguments.
+# See `gen-item'.
+gen-items()
+{
+ while [ $# -gt 0 ]; do
+ gen-item "$1"
+ shift
+ done
+}
+
+
+# Generate RSS item for post in metadata file FILE. The abstract will be
+# used for the item description.
+gen-item()
+{
+ local -r file=${1?Missing file name}
+
+ local subject author slug date
+ subject=$( pmeta "$file" subject )
+ author=$( pmeta "$file" author )
+ slug=$( pmeta "$file" slug )
+ date=$( pmeta "$file" date )
+
+ # TODO: entire content?
+ local abstract
+ abstract=$( pmeta "$file" abstract )
+
+ cat <<EOF
+<item>
+ <title><![CDATA[$subject]]></title>
+ <author><![CDATA[$author]]></author>
+ <link>$www/$slug</link>
+ <pubDate>$date</pubDate>
+ <description><![CDATA[$abstract]]></description>
+</item>
+EOF
+}
+
+
+# Output usage information and exit with EX_USAGE.
+usage()
+{
+ cat <<EOF
+Usage: $0 postmeta...
+Generate RSS feed from provide post metadata.
+Example: $0 post/2018-01-01-foo.meta post/2018-02-01-bar.meta
+
+At least one postmeta must be provided.
+EOF
+
+ exit 64 # EX_USAGE
+}
+
+
+# Output RSS feed from all post files provide via arguments.
+main()
+{
+ test $# -gt 0 || usage
+
+ cat <<EOF
+<?xml version="1.0"?>
+<rss version="2.0">
+ <channel>
+ <title>Mike Gerwitz's Thoughts and Ramblings</title>
+ <link>$www</link>
+ <description>
+ Posts and articles from a free software hacker and activst with a focus on user privacy and security
+ </description>
+ $( gen-items "$@" )
+ </channel>
+</rss>
+EOF
+}
+
+
+main "$@"
diff --git a/src/talks.rec b/src/talks.rec
new file mode 100644
index 0000000..3591e88
--- /dev/null
+++ b/src/talks.rec
@@ -0,0 +1,81 @@
+id: sapsf
+title: The Surreptitious Assault on Privacy, Security, and Freedom
+location: LibrePlanet 2017
+date: 2017-03-26
+locimg: lp-2017
+abstract: Privacy, security, and personal freedom: one cannot be had without the
++ others. Each of these essential rights are being surreptitiously
++ assaulted; only the most technical among us even know what to look for,
++ let alone how to defend ourselves. Governments, corporations, and groups
++ of ill-minded individuals are spying and preying upon both users and
++ bystanders with unprecedented frequency and breadth. For those of us who
++ do understand these issues, it would be irresponsible not to fight for
++ the rights of others and continue to bring these assaults to light.
++
++ This talk will survey the most pressing issues of today, including
++ topics of government surveillance and espionage; advertisers and data
++ analytics; the Internet of Things; corporate negligence; public policy
++ and the crypto wars; dangers of a non-free Web and untrusted, ephemeral
++ software; pervasive monitoring; remote servers, services, and “the
++ cloud”; modern vehicles; the fight against decentralization and free
++ software; societal pressures and complacency with the status quo; and
++ more.
++
++ Attendees will walk away with a broad understanding of these topics; an
++ overview of mitigations; and dozens of resources for further research
++ and discussion with others. No prior knowledge of security or
++ cryptography are necessary.
+video-url: https://media.libreplanet.org/u/libreplanet/m/the-surreptitious-assault-on-privacy-security-and-freedom/
+link: /talks/sapsf.pdf Slides
+link: /projects/sapsf/plain/sapsf.bib Bibliography
+link: /projects/sapsf/ Source Code
+
+
+id: ethics-void
+title: The Ethics Void
+location: LibrePlanet 2018
+date: 2018-03-25
+locimg: lp-2018
+abstract: Many communities have widely adopted codes of ethics governing the
++ moral conduct of their members and professionals. Some of these codes may
++ even be enshrined in law, and for good reason—certain conduct can have
++ enormous consequences on the lives of others.
++
++ Software and technology pervade virtually every aspect of our lives. Yet,
++ when compared to other fields, our community leaders and educators have
++ produced an ethics void. Last year, I introduced numerous topics concerning
++ privacy, security, and freedom that raise serious ethical concerns. Join me
++ this year as we consider some of those examples and others in an attempt to
++ derive a code of ethics that compares to the moral obligations of other
++ fields, and to consider how leaders and educators should approach ethics
++ within education and guidance.
+video-url: https://media.libreplanet.org/u/libreplanet/m/the-ethics-void/
+link: /talks/ethics-void.pdf Slides
+link: /projects/ethics-void/ Source Code
+
+
+id: online-freedom
+title: Restore Online Freedom!
+location: LibrePlanet 2016
+date: 2016-03-20
+locimg: lp-2016
+abstract: Imagine a world where surveillance is the default and users must
++ opt-in to privacy. Imagine that your every action is logged and analyzed to
++ learn how you behave, what your interests are, and what you might do
++ next. Imagine that, even on your fully free operating system, proprietary
++ software is automatically downloaded and run not only without your consent,
++ but often without your knowledge. In this world, even free software cannot
++ be easily modified, shared, or replaced. In many cases, you might not even
++ be in control of your own computing—your actions and your data might be in
++ control by a remote entity, and only they decide what you are and are not
++ allowed to do.
++
++ This may sound dystopian, but this is the world you’re living in right
++ now. The Web today is an increasingly hostile, freedom-denying place that
++ propagates to nearly every aspect of the average users’ lives—from their PCs
++ to their phones, to their TVs and beyond. But before we can stand up and
++ demand back our freedoms, we must understand what we’re being robbed of, how
++ it’s being done, and what can (or can’t) be done to stop it.
+video-url: https://media.libreplanet.org/u/libreplanet/m/restore-online-freedom/
+link: https://media.libreplanet.org/u/libreplanet/m/restore-online-freedom-14bf/ Slides
+link: /projects/online-freedom/ Source Code
diff --git a/src/talks.sh b/src/talks.sh
new file mode 100755
index 0000000..15f87dd
--- /dev/null
+++ b/src/talks.sh
@@ -0,0 +1,101 @@
+#!/bin/bash
+# Generate talks HTML page
+#
+# Copyright (C) 2019 Mike Gerwitz
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# Talks are organized along with abstract in $TALKFILE. Abstracts are
+# assumed to be Markdown-formatted and are run through Pandoc. A link to
+# the talk video is provided, along with any supplemental links provided via
+# $TALKFILE (e.g. slides, source code, bibliography).
+##
+
+set -euo pipefail
+
+# Recfile containing talk abstracts and metadata.
+declare -r TALKFILE=${TALKFILE:-src/talks.rec}
+
+
+# List ids of all talks in $TALKFILE.
+talk-list()
+{
+ recsel -CP id "$TALKFILE"
+}
+
+
+# Retrieve field FIELD from talk identified by ID in $TALKFILE.
+talk-field()
+{
+ local -r id=${1?Missing talk id}
+ local -r field=${2?Missing talk field}
+
+ recsel -P "$field" -e "id = '$id'" "$TALKFILE"
+}
+
+
+# Generate abstract for talk.
+abstract()
+{
+ local -r id=${1?Missing talk id}
+
+ local title location locimg date abstract url links
+ title=$( talk-field "$id" title )
+ location=$( talk-field "$id" location )
+ locimg=$( talk-field "$id" locimg )
+ date=$( talk-field "$id" date )
+ abstract=$( talk-field "$id" abstract )
+ url=$( talk-field "$id" video-url )
+ links=$( talk-field "$id" link )
+
+ local abstract_html
+ abstract_html=$( pandoc -fmarkdown -thtml5 <<< "$abstract" )
+
+ cat <<EOF
+<article class="abstract talk">
+ <h2 class="title" id="$id">$title</h2>
+
+ <ul class="links">
+ <li><a class="video $locimg" href="$url">Watch $location Talk</a></li>
+ $(
+ while read lurl ltitle; do
+ printf "<li><a href="%s">%s</a></li>\n" "$lurl" "$ltitle"
+ done <<< "$links"
+ )
+ </ul>
+
+ $abstract_html
+
+ <p class="date">Presented on $date.</p>
+</article>
+EOF
+}
+
+
+# Generate talks page.
+main()
+{
+ src/mkheader talks Talks
+
+ local talks
+ talks=$( recsel -P id src/talks.rec )
+
+ echo '<h1>Talks</h1>'
+ talk-list | while read id; do abstract "$id"; done
+
+ cat src/footer.tpl.htm
+}
+
+
+main "$@"
diff --git a/style.css b/style.css
index d13c4e5..47c19cb 100644
--- a/style.css
+++ b/style.css
@@ -1,676 +1,714 @@
+/**
+ * mikegerwitz.com stylesheet
+ *
+ * Copyright (C) 2019 Mike Gerwitz
+ * This work is released under the Creative Commons Attribution
+ * Share-Alike 4.0 International license.
+ */
+
+@font-face {
+ font-family: 'Open Sans';
+ font-style: normal;
+ font-weight: 400;
+ src: local('Open Sans Regular'), local('OpenSans-Regular'), url('/fonts/OpenSans-Regular.woff') format('woff');
+}
@font-face {
- font-family: Open Sans;
- src: url('/fonts/OpenSans-Regular.woff');
+ font-family: 'Open Sans';
+ font-style: normal;
+ font-weight: 300;
+ src: local('Open Sans Light'), local('OpenSans-Light'), url('/fonts/OpenSans-Light.woff') format('woff');
+}
+@font-face {
+ font-family: 'Open Sans';
+ font-style: normal;
+ font-weight: 600;
+ src: local('Open Sans SemiBold'), local('OpenSans-SemiBold'), url('/fonts/OpenSans-SemiBold.woff') format('woff');
+}
+
+html {
+ /* see footer; just in case the page is too short */
+ background-color: #2e3436;
}
body {
- margin: 1em 5em;
+ background-color: white;
+
+ /* TODO: slightly non-black color */
+
+ margin: 0;
+ padding: 2em 4em 0em 4em;
+
text-align: justify;
- font-family: 'Open Sans', 'Liberation Sans', sans-serif;
+ font-family: 'Open Sans', sans-serif;
}
-body.index,
-.body-index {
- margin: 2em 10em 1em 10em;
- padding-right: 300px;
+footer {
+ font-weight: 300;
}
+footer, #footer {
+ font-size: 0.8em;
+ text-align: center;
-/* override above, since we'll have to compound
- * with the original body (only use this when
- * body.index cannot possibly be used!) */
-.body-index {
- margin: 2em 5em 1em 5em;
-}
+ background-color: #2e3436;
+ color: #eeeeee;
+
+ margin: 4em -4rem 0 -4rem;
+ padding: 1em 2rem;
-body.index.no-sidebar,
-.body-index.no-sidebar {
- padding-right: 0px;
+ clear: both;
}
-a { color: #0066cc; }
-a:visited { color: #6666cc; }
+@media ( max-width: 70ch ) {
+ body {
+ padding: 1em 2em 0em 2em;
+ }
-/* hanging; ids for asciidoc styling */
-header, footer,
-#header, #footer, .article #copyright {
- margin: 0em -3em;
- text-align: left;
+ footer {
+ margin-left: -2rem;
+ margin-right: -2rem;
+ }
}
-body.index footer,
-.body-index footer {
- margin: 0em -10em;
+@media ( max-width: 50ch ) {
+ body {
+ padding: 1em 1em 0em 1em;
+ }
+
+ footer {
+ margin-left: -1rem;
+ margin-right: -1rem;
+ padding: 1rem;
+ }
}
-/* typesetting standards for ~60 chars per line */
-body article .content,
-body.article #content {
- clear: both;
- margin: auto;
- max-width: 38em; /* fallback for older browsers */
- max-width: 60ch;
- line-height: 1.8em;
-}
-/* ~70 for certain articles because of nesting (like GHS) */
-body.article #content {
- max-width: 44em; /* fallback for older browsers */
- max-width: 70ch;
-}
-body article header,
-body.article #header {
- margin: auto;
+a { color: #0066cc; }
+a:visited { color: #6666cc; }
- max-width: 44em; /* fallback for older browsers */
- max-width: 70ch;
+.title > a {
+ color: black;
+ text-decoration: none;
}
-h1, h2, h3, #menu,
-body.index ul.index li .day,
-.author,
-strong {
- font-family: 'URW Gothic L', 'Avant Garde', sans-serif;
- font-weight: normal;
+a.muted {
+ color: inherit;
+ text-decoration: none;
}
-h1 { font-size: 1.8em; }
-h2 { font-size: 1.4em; }
-h2.date {
+a.box {
display: block;
- font-size: 1.1em;
- color: #666f63;
+ width: 200px;
+ padding: 206px 0.1em 0 0.1em;
- margin: -1em 1.5em 1.5em 0em;
- float: left;
-}
+ border-width: 2px;
+ border-style: solid;
+ border-color: #2e3436;
-h2.date ~ .author {
- display: block;
- margin-top: -1em;
-}
+ background-color: #2e3436;
+ color: white;
-.author > .email {
- margin-left: 0.25em;
-}
+ background-repeat: no-repeat;
+ background-size: contain;
+
+ text-align: center;
+ font-weight: bold;
+ font-size: 1.2em;
-h1 a, h1 a:visited {
text-decoration: none;
- color: inherit;
}
-/* latter for asciidoc-generated output */
-h1.title,
-#header h1 {
- font-size: 2em;
- margin-bottom: 0.1em;
- text-align: left;
+a.box:hover,
+a.box:focus {
+ border-top-width: 8px; /* adds 6px */
+ padding-top: 200px; /* removes 6px */
+ background-position: 0px -6px;
}
-h2.desc {
- font-size: 0.8em;
- text-transform: uppercase;
- letter-spacing: 0.1em;
- font-weight: normal;
- color: #666f63;
-
- margin-top: 0px;
- margin-bottom: 2em;
+a.box:visited {
+ color: white;
}
-#menu {
- text-align: center;
- padding: 0;
- margin: 0px -300px 3.5em 0px;
-}
-.no-sidebar #menu {
- /* cancels out #menu padding above */
- margin-right: 0px;
+@media ( max-width: 50ch ) {
+ a.box {
+ width: 150px;
+ padding-top: 156px;
+
+ font-size: 1em;
+ }
+
+ a.box:hover,
+ a.box:focus {
+ padding-top: 150px; /* removes 6px */
+ }
}
-#menu li {
- display: inline-block;
- font-size: 1.3em;
- letter-spacing: 0.05em;
- /* in addition to the 3.5em above; allows
- for decent spacing when line overflows
- at lower resolutions
- (3.5 + [0.5/1.3=0.38] = 4.0)*/
- margin-bottom: 0.38em;
+@media ( max-width: 35ch ) {
+ a.box {
+ width: 100px;
+ padding-top: 106px;
+ }
+
+ a.box:hover,
+ a.box:focus {
+ padding-top: 100px; /* removes 6px */
+ }
}
-#menu li a {
- color: #666f63;
- text-decoration: none;
- border-left: 1px solid #868f83;
- padding: 0.15em 1em;
+
+
+/* Asides should be dimmed so as not to distract from
+ the main content. */
+aside a.box {
+ filter: grayscale(100%);
+ transition: filter 0.25s;
}
-#menu li:first-child a {
- border-left: none;
+aside a.box:hover,
+aside a.box:focus {
+ filter: none;
}
-#headline {
- position: absolute;
+
+/* Link lists are to be styled in context-specific ways. */
+ul.links {
+ display: block;
+ padding: 0;
+ margin: 1em 0;
text-align: center;
- right: 10em;
}
-#headline a {
+ul.links > li {
display: block;
- text-decoration: none;
- margin-top: 2em;
- clear: left;
+ margin-top: 1em;
}
-#headline a:first-child {
+ul.links > li:first-child {
margin-top: 0;
}
-#headline img {
- margin-left: 2em;
-}
-
-body.index .content,
-.body-index .content {
- /* this is not ideal, but works since the sidebar content is (currently) all
- images */
- min-height: 750px;
- padding-right: 1.5em;
- /* don't let text get too wide */
- max-width: 40em;
- margin: auto;
- line-height: 1.8em;
-}
-#cgit .content {
- max-width: none;
-}
-body.index.no-sidebar .content,
-.body-index.no-sidebar .content {
- min-height: inherit;
-}
+/* Talk images */
+.talk .links a.video {
+ display: block;
+ background-position: center top;
+ background-repeat: no-repeat;
-body.index h3.index {
- margin-bottom: 0.5em;
+ line-height: 2em; /* some space below image */
}
-body.index ul.index {
- text-align: left;
- list-style: none;
- margin: 0px;
- padding-left: 1.5em;
+.talk .links a.video.lp-2016 {
+ background-image: url('images/lp-2016.png');
+ padding-top: 75px;
+ min-width: 220px;
}
-body.index ul.index li {
- margin: 1em 0px;
+.talk .links a.video.lp-2017 {
+ background-image: url('images/lp-2017.png');
+ padding-top: 75px;
+ min-width: 220px;
}
-body.index ul.index li .day {
- float: left;
- margin-right: 0.5em;
+.talk .links a.video.lp-2018 {
+ background-image: url('images/lp-2018.png');
+ padding-top: 97px;
+ min-width: 200px;
}
-p#ref-0 {
- margin-top: 2em;
-}
-p.ref {
- font-size: 0.9em;
- margin: 0.25em 0em;
- text-align: left;
+
+a.box.free-sw {
+ background-image: url('images/tp/fsfs-icons-beige.png');
}
-sup {
- font-size: 0.6em;
+a.box.eff-privacy {
+ background-image: url('images/tp/eff-privacy.png');
}
-p.ref:target {
- background-color: #fce94f;
+
+
+main {
+ position: relative;
}
-pre {
- white-space: pre-wrap;
+
+@media ( min-width: 90ch ) {
+ main {
+ margin: auto;
+ max-width: 90ch;
+ }
+
+ main > section.asideable {
+ float: left;
+ }
+ main > aside {
+ float: right;
+ }
+
+ body.posts main {
+ width: auto;
+ max-width: 120ch;
+ }
}
-dt {
- letter-spacing: 0.1em;
+/* Style aside as a row on moderate widths */
+@media not all and ( min-width: 90ch )
+{
+ main > aside {
+ display: table;
+ width: 100%;
+ }
+
+
+ main > aside > ul.links {
+ display: table-row;
+ }
+ main > aside > ul.links li {
+ display: table-cell;
+ }
+ main > aside > ul.links li a {
+ margin: auto;
+ }
}
-tt {
- background-color: #eeeeec;
- color: #000055;
+aside.sm {
+ max-width: 30ch;
+ font-size: 0.9em;
+
+ margin: auto; /* for centering responsively */
}
-.inline-img {
- text-align: center;
+
+h1, h2, h3 {
+ font-weight: normal;
}
-.avatar {
- display: block;
+h1 { font-size: 1.7em; }
+h2 { font-size: 1.4em; }
+h3 { font-size: 1.1em; }
+h4 { font-size: 1.0em; }
- border-radius: 5px;
- box-shadow: 1px 1px 3px #666f63;
- margin: auto;
+h1 a, h1 a:visited {
+ text-decoration: none;
+ color: inherit;
}
-.attribution {
- display: block;
- font-size: 0.75em;
- text-decoration: italic;
- text-align: right;
-
- width: 66%;
- margin-left: auto;
+header {
+ position: relative;
+ margin: 0 0 2em 0;
}
-.listingblock {
- background-color: #eeeeec;
- background-image: url('images/cross_scratches.png');
- padding: 0.5em;
- border: 1px solid #babdb6;
- border-radius: 0.25em
+header h1 {
+ font-size: 2em;
+ margin: 0px 0px 0.1em 0px;
+ text-align: left;
}
-.exampleblock {
- margin-left: 2em;
- padding-left: 1em;
- border-left: 5px solid #eeeeec;
+.title {
+ text-align: left;
}
-#gnuinside {
- position: absolute;
- display: block;
+h2.desc {
+ font-size: 0.8em;
+ text-transform: uppercase;
+ letter-spacing: 0.1em;
+ font-weight: normal;
+ color: #666f63;
- top: 0px;
- right: 0px;
- width: 50px;
- height: 50px;
+ margin: 0px 0px 2em 0px;
}
-footer, #footer, .article #copyright {
- font-size: 0.9em;
- margin-top: 2em;
- clear: both;
+header nav {
+ text-align: center;
}
-footer .commit-id {
- font-family: monospace;
+@media ( min-width: 90ch ) {
+ header nav {
+ position: absolute;
+ top: 0;
+ right: 0;
+ }
}
-/* to account for headline (sidebar) */
-body.index footer .bimgs,
-.body-index footer.bimgs,
-body.index footer hr,
-.body-index footer hr {
- margin-right: -300px;
-}
+.menu ul {
+ display: inline-block;
+ text-align: center;
+ padding: 0;
+ margin: 0;
-.no-sidebar footer .bimgs,
-.no-sidebar footer hr {
- margin-right: 0px;
+ /* height of h1 to the left */
+ line-height: 2em;
}
-
-#selflinks {
- position: absolute;
- top: 60px;
- right: 0px;
- width: 42px;
- padding: 6px;
+.menu li {
+ display: inline-block;
+ font-size: 1.1em;
+ font-weight: bold;
}
-#selflinks a {
+.menu li a {
+ color: #2e3436;
text-decoration: none;
+ padding: 0.15em 1em;
}
-
-#selflinks img {
- transition: transform 0.25s;
-}
-#selflinks img[src*=octoright]:hover {
- transform: rotate(-20deg);
+.menu li a:hover {
+ border-bottom: 0.2ex solid #2e3436;
}
-.octoflop {
- /* make upright again (image is rotated 270deg) */
- transform: rotate(90deg);
- animation-duration: 2s;
- animation-delay: 2s;
- animation-name: octoflop;
- animation-fill-mode: forwards;
-}
+/* Articles are formatted at a modest width that makes reading
+ easier. Reduced with makes it easier for the reader's eyes to scan to
+ the next line. Alternatively, the line spacing can be increased to make
+ it easier for the eyes to not loose their way. So the wider the text,
+ the larger the line spacing. */
-.talk-logo {
- display: block;
- text-align: center;
+article {
+ line-height: 1.8em;
+ max-width: 70ch;
+ margin: auto;
}
-p ~ p .talk-logo {
- margin-top: 5ex;
-}
-@keyframes octoflop {
- 30% {
- transform: rotate(-35deg);
- }
- 50% {
- transform: rotate(25deg);
- }
- 65% {
- transform: rotate(-17deg);
- }
- 75% {
- transform: rotate(10deg);
- }
- 85% {
- transform: rotate(-5deg);
- }
- 90% {
- transform: rotate(3deg);
- }
- 95% {
- transform: rotate(-2deg);
- }
- 100% {
- transform: rotate(0deg);
+@media ( max-width: 60ch ) {
+ article {
+ line-height: 1.5em;
}
}
-.hn-icon {
- display: block;
-
- background-color: #ff6600;
- width: 42px;
- height: 42px;
+@media ( min-width: 90ch ) {
+ article.abstract {
+ max-width: 60ch;
+ line-height: 1.5em;
+ margin: 0;
+ }
- font-size: 16px;
- font-weight: bold;
- text-align: center;
- line-height: 42px;
+ /* Main links appear to the right of the abstract. */
+ article.abstract ul.links {
+ position: absolute;
+ right: 0;
+ min-width: 25ch;
+ }
}
-.hn-icon,
-a.hn-icon:visited,
-a.hn-icon:active,
-a.hn-icon:hover {
- color: white;
- text-decoration: none;
-}
-.bimgs {
- float: right;
- margin-left: 1em;
+article.abstract .title {
+ display: inline-block;
+ margin: 0;
+ font-weight: bold;
+ font-size: 1.1em; /* h3 */
+ text-align: left;
}
-.bimgs img {
- margin-left: 0.1em;
+article:not(.abstract) > hgroup {
+ margin: 0 -2rem;
}
-.bimgs img:first-child {
- margin-left: 0em;
+article:not(.abstract) > h1:not(:first-child),
+article:not(.abstract) > h2 {
+ margin-left: -2rem;
+ border-bottom: 2px solid #babdb6;
+}
+article:not(.abstract) > h3 {
+ border-bottom: 1px solid #babdb6;
}
-body.content .abstract {
+article .date {
font-size: 0.9em;
-}
-body.content .abstract .start {
- font-weight: bold;
+ color: #666f63;
+ margin-top: -1em;
}
-dl > dd {
- margin-bottom: 0.5em;
+article.abstract {
+ margin-top: 1em;
}
-dl > dd > dl {
- margin-top: 1em;
+article.abstract p:first-of-type {
+ margin-top: 0;
}
-dl > dd > p:last-child {
- margin-bottom: 0px;
+/* Images are all centered by default. */
+article img {
+ display: block;
+ margin: 0 auto;
}
-#postamble > p {
- margin: 0em;
+
+/* Two columns on larger displays */
+@media ( min-width: 90ch ) {
+ section.compact {
+ clear: both;
+ }
+
+ section.compact article {
+ width: 48%;
+ float: right;
+ }
+
+ /* the first child is the section heading, so odds should
+ be on the left */
+ section.compact article:nth-child(2n) {
+ float: left;
+ clear: both;
+ }
}
-#index-headline {
- display: block;
- margin: 0em auto 2em auto;
+
+/* posts */
+body.posts section.compact:not(:first-child) {
+ padding-top: 2em;
}
+body.posts section.compact > h1 {
+ text-align: center;
+}
+
-#index-headline img {
- border-radius: 0.25em;
- max-width: 90%;
+section .view-all {
+ display: block;
+ text-align: center;
+ margin: 1em auto;
+ clear: both;
}
-/** exclusively asciidoc-generated content styling **/
-body.article h2 {
+section.highlight {
position: relative;
+ display: block;
- border-bottom: 2px solid #babdb6;
- left: -2em;
-
- margin-right: -2em;
-}
+ background-color: #2e3436;
+ color: #eeeeee; /* just slightly less jarring */
-body.article h3 {
- border-bottom: 1px solid #babdb6;
-}
+ padding: 2em;
+ margin: 2em 0;
-#author {
- font-size: 1.1em;
- letter-spacing: 0.1em;
+ clear: both;
}
-#footer {
- border-top: 2px solid #babdb6;
- padding-top: 0.5em;
+@media ( max-width: 50ch ) {
+ section.highlight {
+ padding: 1em;
+ }
}
-.article #copyright {
+section.highlight > .title {
+ font-size: 1.3em;
+ display: inline-block;
+ font-weight: bold;
margin-top: 0;
}
-@media screen and (max-width: 1024px) {
- body {
- margin: 2em !important;
- }
+section.highlight aside {
+ display: block;
- /* account for upper-right page fold using the full
- image width---this will be guaranteed to work
- regardless of the user's font size; kinda ruins
- the illusion if text is atop of it ;) */
- h1.subject {
- margin-right: 50px;
- }
+ font-weight: 300;
+ font-size: 0.9em;
+}
- #headline {
- right: 2em;
- }
+section.highlight a.lp-watch {
+ display: inline-block;
- header, footer,
- #header, #footer, .article #copyright {
- margin-left: 0px;
- }
+ margin-top: 1em;
- body.index footer,
- .body-index footer {
- margin: 0em;
- }
+ font-size: 1.2em;
+ color: white;
}
-@media screen and (max-width: 640px) {
- body {
- margin: 1em !important;
- padding-right: 0 !important;
- }
- body.index .content,
- .body-index .content {
- min-height: 0px;
- padding-right: 0px;
- }
+@media ( min-width: 50ch ) {
+ section.highlight a.lp-watch {
+ background-image: url('images/tp/lp-2017-crop.png');
+ background-repeat: no-repeat;
+ background-position: middle left;
- header {
- margin-right: 0px;
- }
+ /* accommodate background image */
+ line-height: 75px;
+ padding-left: 85px; /* 75px + 10px margin between */
- #menu {
- margin-right: 0px;
- margin-bottom: 2em;
+ clear: left;
}
+}
- #headline {
- position: initial;
- float: right;
- width: 75px;
+@media ( min-width: 90ch ) {
+ section.highlight > .title {
+ width: 50%;
}
- #headline a {
- display: inline;
- margin: 0.5em;
- }
- #headline img {
- max-height: 75px;
- margin-left: 0;
- }
- #index-headline img {
- max-height: 5em;
+ section.highlight aside {
+ float: right;
+ width: 40%;
}
- #selflinks {
+ section.highlight a.lp-watch {
position: absolute;
- top: 0px;
- right: 50px;
- width: auto;
- height: 42px;
- padding: 6px;
- }
-
- .hn-icon {
- float: right;
- margin-left: 2px;
- }
- header, footer,
- body.index footer .bimgs,
- .body-index footer .bimgs,
- body.index footer hr,
- .body-index footer hr,
- #header, #footer, .article #copyright {
- margin-right: 0px;
+ left: 2em;
+ bottom: 1em;
}
+}
- .bimgs {
- float: none;
- margin-left: 0px;
- }
- /* we're pretty low on real estate at this point */
- blockquote {
- margin: 1em 0px 1em 2em;
- }
- ul, ul.index {
- padding-left: 1em !important;
- }
+.inline-img {
+ text-align: center;
}
-/* selflinks start to overlap with heading */
-@media screen and (max-width: 475px) {
- #selflinks img {
- max-width: 32px;
- max-height: 32px;
- }
+.avatar {
+ display: block;
+ border-radius: 5px;
+ box-shadow: 1px 1px 3px #666f63;
- .hn-icon {
- max-width: 32px;
- max-height: 32px;
+ margin: auto;
+}
- font-size: 12px;
- line-height: 32px;
- }
+.attribution {
+ display: block;
+
+ font-size: 0.75em;
+ text-decoration: italic;
+ text-align: right;
+
+ width: 66%;
+ margin-left: auto;
}
-/* when things start getting odd from 640px */
-@media screen and (max-width: 420px) {
- #menu {
- font-size: 0.8em;
- }
- #selflinks img {
- max-width: 21px;
- max-height: 21px;
- }
+.page-flip {
+ position: absolute;
+ display: block;
- .hn-icon {
- max-width: 21px;
- max-height: 21px;
+ top: 0px;
+ right: 0px;
+ width: 50px;
+ height: 50px;
+}
- font-size: 9px;
- line-height: 21px;
- }
- footer {
- font-size: 0.9em;
- }
+.affiliation-list ul {
+ display: inline-block;
+ text-align: center;
+ padding: 0;
+ margin: 0;
+}
+.affiliation-list ul > li {
+ display: inline-block;
+ margin: 1em;
+}
+.affiliation-list a {
+ text-decoration: none;
+}
- .bimgs img {
- width: 70px;
- height: 25px;
- }
+.affiliation-list img:not(:hover) {
+ transition: filter 3s;
+ filter: grayscale(100%);
+}
+.affiliation-list img[src*=octoright] {
+ transition: transform 0.5s;
+}
+.affiliation-list img[src*=octoright]:hover {
+ transform: rotate(-20deg);
}
+.hn-icon {
+ display: inline-block;
+ position: relative;
-/*** Org mode HTML output ***/
-/* much of the above will overlap, so only some is needed here */
-#postamble {
- margin: 2em -5em 0em -5em;
- text-align: left;
- font-size: 0.9em;
+ background-color: #ff6600;
+
+ width: 42px;
+ height: 42px;
+ top: -1em;
- border-top: 1px solid #babdb6;
- padding-top: 0.5em;
+ font-size: 16px;
+ font-weight: bold;
+ text-align: center;
+ line-height: 42px;
+}
+.hn-icon:not(:hover) {
+ transition: background-color 3s;
+ background-color: #888888;
}
-.todo, .done {
- font-size: 0.1em;
- letter-spacing: -0.1em;
- color: transparent;
+.hn-icon,
+a.hn-icon:visited,
+a.hn-icon:active,
+a.hn-icon:hover {
+ color: white;
+ text-decoration: none;
}
-/* note that we must undo our hiding */
-.todo::before,
-.done::before {
- position: absolute;
- visibility: visible;
+br.end {
+ clear: both;
+}
- letter-spacing: normal;
- font-size: 12em;
- left: -1.5em;
- top: -0.1em;
+#copyright {
+ max-width: 80ch;
+ margin: 1em auto 0em auto;
+}
+footer .site-nav {
+ display: inline-block;
+ margin: 0 auto 1em auto;
+}
+footer .site-nav > nav {
+ text-align: left;
+ float: left;
+ margin-right: 2em;
+}
+footer .site-nav > nav:last-child {
+ margn-right: 0;
+}
+footer .site-nav > nav > h2 {
+ font-size: 1.2em;
+ margin: 0;
font-weight: bold;
}
-
-.todo::before {
- color: black;
- content: '☐';
+footer .site-nav > nav > ul {
+ display: inline-block;
+ padding: 0 0 0 0.5em;
+ margin: 0;
+ text-align: left;
}
-
-.done::before {
- color: #4e9a06;
- content: '☑';
+footer .site-nav > nav > ul > li {
+ display: block;
+}
+footer .site-nav > nav > ul > li a {
+ color: white;
+ text-decoration: none;
}
-/* eases positioning in, e.g., margin */
-.outline-1,
-.outline-2,
-.outline-3 {
- position: relative;
+
+.octoflop {
+ /* make upright again (image is rotated 270deg) */
+ transform: rotate(90deg);
+
+ animation-duration: 2s;
+ animation-delay: 2s;
+ animation-name: octoflop;
+ animation-fill-mode: forwards;
}
-#table-of-contents .todo,
-#table-of-contents .done {
- display: none;
+@keyframes octoflop {
+ 30% {
+ transform: rotate(-35deg);
+ }
+ 50% {
+ transform: rotate(25deg);
+ }
+ 65% {
+ transform: rotate(-17deg);
+ }
+ 75% {
+ transform: rotate(10deg);
+ }
+ 85% {
+ transform: rotate(-5deg);
+ }
+ 90% {
+ transform: rotate(3deg);
+ }
+ 95% {
+ transform: rotate(-2deg);
+ }
+ 100% {
+ transform: rotate(0deg);
+ }
}
-/** cgit customization **/
+/**
+ * cgit customization
+ **/
div#cgit div.content {
padding: 2em 0em; /* remove left/right margin */
@@ -734,14 +772,23 @@ div#cgit h3 { font-size: 1.1em; }
div#cgit h4 { font-size: 1.0em; }
-/*** https://github.com/jgm/highlighting-kate/blob/master/css/hk-tango.css * ***/
+/*** https://github.com/jgm/highlighting-kate/blob/master/css/hk-tango.css ***/
+/* GNU GPLv2 */
/* Loosely based on pygment's tango colors */
+/* Modified where indicated by Mike Gerwitz */
table.sourceCode, tr.sourceCode, td.sourceCode, table.sourceCode pre
{ margin: 0; padding: 0; border: 0; vertical-align: baseline; border: none; background-color: #f8f8f8 }
td.nums { text-align: right; padding-right: 5px; padding-left: 5px; background-color: #f0f0f0; }
td.sourceCode { padding-left: 5px; }
code.sourceCode { background-color: #f8f8f8; }
-pre.sourceCode { background-color: #f8f8f8; line-height: 125% }
+pre.sourceCode {
+ /* modified by Mike Gerwitz */
+ padding: 1em;
+ margin: 0 -1em;
+
+ background-color: #f8f8f8;
+ line-height: 125%
+}
td.nums pre { background-color: #f0f0f0; line-height: 125% }
code.sourceCode span.kw { color: #204a87; font-weight: bold } /* Keyword */
code.sourceCode span.dt { color: #204a87 } /* Keyword.Type */