Mike Gerwitz

Activist for User Freedom

aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* post: GHCQ's Exceptional AccessMike Gerwitz2019-02-182-0/+977
| | | | | | | | | | | | | | Wow. I had wanted to spend less than an hour on a response, and instead I wound up writing my largest article since the NSA revelations and GHS. Hopefully others find this useful. I've been sitting on this for weeks because I didn't have the time to finish final proofreading and changes. I need to release this before I sit on it for another couple; I have to start working on my LP2019 talk soon. * post/2019-02-18-ghcq-exceptional-access-e2ee-decentralization-reproducible.md: New post. * src/papers.rec: Add post to top.
* rss: Clarify that RSS content is the abstractMike Gerwitz2019-02-161-1/+4
| | | | | | | | | I'm still debating whether to include the full text of the post within the RSS feed, since some of them may be substantial (like the one I'll be posting soon that I've been sitting on for a couple weeks because I'm too busy/lazy to do final editing). * src/rss.sh: Add "(Read full post)" link.
* footer: Add RSS linkMike Gerwitz2019-02-161-0/+1
| | | | | | Oops. * src/footer.tpl.htm: Add `RSS Feed' link.
* css: Prevent preload inline from overriding stylesheetMike Gerwitz2019-02-161-1/+1
| | | | | | | | | | | | The inlined CSS intended to make the stylesheet applicaton less jarring on slow connections was placed _after_ `style.css', which was causing it to take precedence over the mobile layout. Silly mistake, and not good. And it went unnoticed for too long; I didn't visit my own website on mobile for a bit. Sorry, mobile people! * src/header.tpl.htm (head): Move style.css link below inline style.
* post: I Will Be Speaking At LibrePlanet 2019Mike Gerwitz2019-02-151-0/+33
|
* style.css: Better delimit sections and mute footnotesMike Gerwitz2019-02-071-2/+10
| | | | | | | | This increases the headings, gives them slightly larger margins, decreases the font size for footnotes, decreases the line-height, and lightens the weight of the font. I think this makes it easier to eyeball the different sections (especially in the article I will be publishing shortly), and further helps to emphasize that the footnotes are subservient to the text.
* Generate inline CSS for page headerMike Gerwitz2019-01-195-22/+48
| | | | | | | | | | | | | | The idea here is to provide as little CSS as is sensible for the initial page load to be styled in a layout similar to the final layout. This initial styling may be briefly visible on a slow conection. Slow connections can happen for a variety of reasons. For example, I'm a Tor user, and connection speeds vary. Mobile connection speeds can also vary wildly. This adds a few hundred bytes, but I was able to cut it down quite a bit, and I don't find this to be unreasonable relative to the other data on each page.
* style.css: Maximum header widthMike Gerwitz2019-01-181-1/+2
| | | | | This is the maximum width of the posts page. It does not look good to have the header span the whole page on a 4K monitor.
* style.css: cgit font override for consistencyMike Gerwitz2019-01-181-1/+3
|
* style.css: Minor fixes and warning for IE11 usersMike Gerwitz2019-01-181-0/+19
| | | | | | | I only noticed this issue because my work computer has IE11 installed. I will not be supporting it. Edge works just fine and IE is just about extinct, finally. Of couse, I recomend using a free/libre browser.
* src/index.sh: Set sapsf talk linkMike Gerwitz2019-01-181-1/+1
| | | | Wow, the most prominant link on the page and I forgot to set it.
* post/2013-01-26-re-fsf-wastes-away-another-high-priority-project.md: Remove ↵Mike Gerwitz2019-01-171-1/+1
| | | | duplicate word typo
* style.css: Consistent colors for header bordersMike Gerwitz2019-01-171-2/+2
|
* style.css (blockquote): Add left border and remove right marginMike Gerwitz2019-01-171-0/+6
| | | | | This also is better for lower resolutions / higher font sizes, since the right margin is spared.
* Remove old filesMike Gerwitz2019-01-1724-1929/+0
|
* conf/lighttpd.conf: New fileMike Gerwitz2019-01-171-0/+59
| | | | | At various points in commit messages I have referenced server configuration. This elucidates that.
* style.css: Correct responsive post header marginsMike Gerwitz2019-01-171-2/+15
| | | | This was missed in an earlier commit.
* style.css: cgit Projects heading size fixMike Gerwitz2019-01-171-1/+1
| | | | Now matches headings on other pages.
* post/2018-09-06-libreplanet-2019-will-be-march-23-24-in-boston-ma: Fix URLMike Gerwitz2019-01-171-1/+1
|
* Initial release of new websiteMike Gerwitz2019-01-17143-785/+8827
|\ | | | | | | | | I had meant to write a blog post right away, but it's late and I haven't yet decided if I should wait for further enhancements.
| * cgit-root generationMike Gerwitz2019-01-176-86/+65
| | | | | | | | | | | | | | | | This automates creation of the header and footer. Previously I modified them manually and they got out-of-sync. This is deployed to a different location on my webserver, even though the public route is `/projects'.
| * src/cgit: Add existing configurationMike Gerwitz2019-01-177-0/+327
| | | | | | | | | | This contains the old header and footer. Committing this first will allow us to easily see the diff.
| * Link to source code of postMike Gerwitz2019-01-172-2/+17
| | | | | | | | | | | | Rather than displaying the hash separately, this just makes the date a link to the source code. Until I display a modification date, this will also make it easy to see the history of the file.
| * Responsive desginMike Gerwitz2019-01-174-100/+225
| | | | | | | | | | | | This website honors the user's default font settings (both to be kind and for accessibility reasons). Consequently, the responsive layout is based on character units (ch) rather than pixels.
| * Update footer links and Copyright yearMike Gerwitz2019-01-171-13/+15
| |
| * Index page sapsf highlight cleanupMike Gerwitz2019-01-162-2/+11
| | | | | | | | | | This corrects the padding and provides better placement for the talk link.
| * Source Sans Pro => Open SansMike Gerwitz2019-01-168-116/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This goes back to Open Sans, which is what I was using previously. I really like Source Sans Pro. Unfortunately, the font rendered far too small relative to other sans-serif fonts, which caused an unpleasent experience for both slow page loads (e.g. over Tor or slower connections) and for users with web fonts disabled (e.g. via NoScript). Further, the font is huge: the WOFF is over 100KiB per font, and I was using regular and light versions. Open Sans, in contrast, is <20KiB per font, allowing me to use Regular, Light, and SemiBold and still be about half the size of the single Source Sans Pro Regular. As a bonus, users may also already have Open Sans installed on their system. I settled with WOFF instead of WOFF2 for browser support. The site now looks pretty close on fallback, which is good. For example, I use DejaVu Sans as my default font, and it even has a Light version that renders correctly. As with all resources on my site, I host this from my own domain rather than via Google's servers. That means that the font won't be cached for users when they first visit the site, but that's okay---privacy is more important. I should note that, since I use NoScript, I almost never load web fonts for other sites. But I still wanted to try to provide a consistent look across systems for those who do wish to load fonts.
| * src/404.htm: Update pageMike Gerwitz2019-01-161-13/+21
| | | | | | | | | | This is a bit less abrasive and a tad bit more helpful. As I've mentioned in previous commits, the goal of this site has since changed.
| * Redirect old postsMike Gerwitz2019-01-162-1/+70
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have two sitautions to account for: 1. Old posts had both uppercase and lowercase letters in slugs; and 2. Some ids changed. Lighttpd can't convert to lowercase and having a bunch of separate redirects in my webserver configuration for the id changes is messy. So, this script is intended to be called only when a post contains an uppercase character in the path. I had wanted to avoid _any_ sort of dynamic scripts. Oh well. All other redirects are handled in the websevrer configuration (which isn't part of this repo atm).
| * Generate slug from post filenamesMike Gerwitz2019-01-1684-11/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rather than having Pandoc generate the id, which has the potential to change over time and cause 404s, let's just generate the slug from the filename so that the ids will never change. This also solves the awkward question of what the filename should be, since it was previously something arbitrary. This mass rename was accomplished via this simple shell script: for p in *.meta; do slug=$( recsel -P slug "$p" | xargs basename ) mv -v "${p/.meta/.md}" "${p:0:10}-$slug.md" done with minor manual tweaks where I saw fit. Of course, now I have some pretty long filenames, which is undesirable. The next step is to compare it with the slugs currently on mikegerwitz.com and make them match. That's the next commit, and should be pretty simple.
| * Majority of work on generation of new static siteMike Gerwitz2019-01-1143-853/+2248
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I didn't originally intend for all of this to be in a single commit. But here we are. I don't have the time to split these up more cleanly; this project is taking more time than I originally hoped that it would. This is a new static site generator. More information to follow in the near future (hopefully in the form of an article), but repo2html is now removed. See code comments for additional information; I tried to make it suitable as a learning resource for others. It is essentially a set of shell scripts with a fairly robust build for incremental generation. The site has changed drastically, reflecting that its purpose has changed over the years: it is now intended for publishing quality works (or at least I hope), not just a braindump. This retains most of the text of the original pages verbatim, with the exception of the About page. Other pages may have their text modified in commits that follow. Enhancements to follow in future commits.
| * Translate Git Horror Story from AsciiDoc to MarkdownMike Gerwitz2018-12-221-0/+1316
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This was a wholly manual effort since Pandoc does not have an AsciiDoc reader (only writer). Fortunately, Pandoc's Markdown features enabled me to keep the style essentially the same. I made no changes to the original text other than changes to markup, so this remains faithful to the original. Any changes to the text will be made in future commits so that the diff can be clearly observed. This could use more work (e.g. getting rid of inline links to make the Markdown file more readable), but otherwise this is in a good enough state for now.
| * Convert posts to markdown filesMike Gerwitz2018-12-2291-0/+4875
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This was considerable effort, and took a bit more time than I had hoped. While newer posts were written with Markdown, previous ones were writen with my own Markdown-like formatting, but they had enough differences that it was quite an effort to get things updated. I also checked the HTML output of each, though I didn't read every article in detail. Some of these were more substantial than others; National Uproar, for example. These conversions were markup translations: the actual text remains unchanged, except in one minor instance to add text for the sake of providing some text to hold a link to a quote. Any changes to post text will happen in future commits so that the diffs are clearly visible.
| * :{eff,fsf}-42.png: White->AlphaMike Gerwitz2018-12-152-0/+0
|/
* Webmasters: Please, Don't Block TorMike Gerwitz2018-10-050-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [Tor][] is a privacy and anonymity tool that [helps users to defend themselves][tor-about] against traffic analysis online. Some people, like me, use it as an important tool to help defend against [various online threats to privacy][sapsf]. [Others use it][tor-users] to avoid censorship, perhaps by the country in which they live. Others use it because their lives depend on it---they may live under an oppressive regime that forbids access to certain information or means of communication. Unfortunately, some people also hide behind Tor to do bad things, like attack websites or commit fraud. Because of this, many website owners and network administrators see Tor as a security threat, and choose to block Tor users from accessing their website. But in doing so, you aren't just keeping out some of the malicious users: you're also keeping out those who [use Tor for important, legitimate reasons][tor-users]. Malicious users have other means to achieve anonymity and often have the skill and understanding to do so. But average Tor users aren't necessarily technology experts, and certainly don't have the extra (often maliciously-acquired) resources that bad actors do, so they are disprortionally affected by blocks. A particularly unsettling problem I often encounter is that a website will outright prohibit access by Tor users _even on read-only resources like articles or information_. I've even seen this on informational resources on United States Government domains! Blocking access to interactive website features---like posting comments or making purchases---can be understandable, or maybe even necessary sometimes. For example, Wikipedia prohibits page edits over Tor. But Wikipedia _does not block reading_ over Tor. If you are considering threats that may mask themselves behind Tor and you are running a blog, news site, or other informational resource, please, consider how your actions [may affect innocent users][tor-users]. Allow users to read over Tor, even if you decide to prohibit them from interacting. For users of Tor who do find themselves stuck from time to time: I will often prepend `https://web.achive.org/` to the URL of a page that is blocked, which allows me to view the page in the Internet Archive's [Wayback Machine][]. For example, to view my website in the Wayback Machine, you'd visit `https://web.archive.org/https://mikegerwitz.com/`. [Tor]: https://www.torproject.org/ [tor-about]: https://www.torproject.org/about/overview.html.en#whyweneedtor [tor-users]: https://www.torproject.org/about/torusers.html.en [sapsf]: /talks/sapsf [Wayback Machine]: https://web.archive.org/
* :70ch for GHS articleMike Gerwitz2018-09-301-0/+5
| | | | Width was too little for all the nesting and snippets it had.
* LibrePlanet 2019 will be March 23--24 in Boston, MAMike Gerwitz2018-09-060-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | It's already time to start thinking about LibrePlanet 2019, which will be March 23--24 in the Greater Boston Area in MA: [https://libreplanet.org/2019/]() This is the one event that I must make it to each year, and I encourage everyone to attend and see the faces of many that are at the heart of the free software community. Consider [submitting a session][submit]! Or, if you can't make it but plan on watching online, maybe help someone else attend by [contributing to the travel fund][travel-fund]. The call for sessions ends October 26th. I'll be attending again this year, and I plan on submitting a session proposal. I won't have the time to do [my 100+hr research talks like the past couple years][talks], so maybe I'll fall back on something more technical that I won't have to research. It's still a ways off, but if you do plan on attending, do let me know so I can say hello! [submit]: https://my.fsf.org/lp-call-for-sessions [travel-fund]: https://my.fsf.org/civicrm/contribute/transact?reset=1&id=60 [talks]: /talks/
* :cptt: Add archiveMike Gerwitz2018-06-034-2/+7
|
* :Ignore previous version of mobile post; update THANKSMike Gerwitz2018-05-052-0/+4
|
* When Talking About Mobile Tracking, Don't Veil Bad Actors With Blanket ↵Mike Gerwitz2018-05-050-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Statements It's difficult to have useful conversations about mobile tracking when someone says "your phone / mobile device tracks you"; such statements don't often lead to constructive conversation because they are too vague and therefore easily dismissed as sensationalism or paranoia. And they are all too often without substance because, while users do have legitimate concerns, they aren't necessarily aware of the specific problems contributing to those concerns. A mobile device is nothing more than a small computer that you carry around with you. The networks that you connect to can spy on you---your cellular network, bluetooth, wifi, etc. To help mitigate these threats, you can disable those communications until you are in a safe place that you don't mind others knowing about. We can only have confidence that these connections have been disabled by physical means, like a hardware switch or a bag that acts like a Faraday cage. [iOS deceives users][ios-deceive] when they ask to disable those communications for example. The software running on your device often spies on you: the operating system itself often spies; the apps you install often spy. This is the fault of the individual _authors_---_they_ are the problem. Consider using free/libre software that empowers you and serves _you_ rather than its creators; it's much harder to hide secrets in free software. On Android, consider using only free software available in [F-Droid][]. We also need fully free mobile operating systems, like [Replicant][] and hopefully Purism's Librem 5 that is still under development. Don't be fooled into thinking the Android on most phones is free software---only its core (AOSP) is. Call out those that do harm---don't veil and protect them using statements like "your phone tracks you". Talk about the specific issues. Demand change and have the courage to reject them entirely. This involves inconvenience and sacrifice. But if we're strong now, then in the near future perhaps we won't have to make any sacrifices, much like the fully free GNU/Linux system desktops we have today. Fore more information on tracking, see my [LibrePlanet 2017 and 2018 talks](/talks) "The Surreptitious Assault on Privacy, Security, and Freedom" and "The Ethics Void", respectively. [F-Droid]: https://f-droid.org [ios-deceive]: https://web.archive.org/web/20170922011748/https://support.apple.com/en-us/HT208086 [Replicant]: https://replicant.us
* :resume: Update language yearsMike Gerwitz2018-05-011-20/+17
| | | | | | | This also adds Lua. This is merely annual housekeeping; it is not in preparation for job hunting. ;)
* :resume: Add GuixMike Gerwitz2018-05-011-0/+14
|
* :resume: Update wordingMike Gerwitz2018-05-011-34/+63
| | | | | This is merely annual housekeeping; it is not in preparation for job hunting. ;)
* When Talking About Mobile Tracking, Don't Veil Bad Actors With Blanket ↵Mike Gerwitz2018-04-240-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Statements It's difficult to have useful conversations about mobile tracking when someone says "your phone / mobile device tracks you"; such statements don't often lead to constructive conversation because they are too vague and therefore easily dismissed as sensationalism or paranoia. And they are all too often without substance because, while users do have legitimate concerns, they aren't necessarily aware of the specific problems contributing to those concerns. A mobile device is nothing more than a small computer that you carry around with you. The networks that you connect to can spy on you---your cellular network, bluetooth, wifi, etc. To help mitigate these threats, you can disable those communications until you are in a safe place that you don't mind others knowing about. We can only have confidence that these connections have been disabled by physical means, like a hardware switch or a bag that acts like a Faraday cage. [iOS deceives users][ios-deceive] when they ask to disable those communications for example. The software running on your device often spies on you: the operating system itself often spies; the apps you install often spy. This is the fault of the individual _authors_---_they_ are the problem. Consider using free/libre software that empowers you and serves _you_ rather than its creators; it's much harder to hide secrets in free software. On Android, consider using only free software available in [F-Droid][]. We also need fully free mobile operating systems, like [Replicant][] and hopefully Purism's Librem 5 that is still under development. Don't be fooled into thinking the Android on most phones is free software---only its core (AOSP) is. Call out those that do harm---don't veil and protect them using statements like "your phone tracks you". Talk about the specific issues. Demand change and have the courage to reject them entirely. This involves inconvenience and sacrifice. But if we're strong now, then in the near future perhaps we won't have to make any sacrifices, much like the fully free GNU/Linux system desktops we have today. Fore more information on tracking, see my [LibrePlanet 2018 and 2019 talks](/talks) "The Surreptitious Assault on Privacy, Security, and Freedom" and "The Ethics Void", respectively. [F-Droid]: https://f-droid.org [ios-deceive]: https://web.archive.org/web/20170922011748/https://support.apple.com/en-us/HT208086 [Replicant]: https://replicant.us
* :style.css: Reduced line width, increased heightMike Gerwitz2018-04-241-4/+12
| | | | Improve readability.
* :Resume: The Ethics VoidMike Gerwitz2018-04-141-0/+10
|
* :Add ethics void linksMike Gerwitz2018-04-141-1/+6
|
* :doc/40-talks.md: Update LP2018 talk abstractMike Gerwitz2018-03-171-14/+13
|
* Meltdown/Spectre and the WebMike Gerwitz2018-01-080-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The recently-released [Meltdown][] and [Spectre][] CPU timing attacks affect virtually every user in some way; the consequences are profound. There are plenty of good write-ups on the topic, so I don't feel the need to re-iterate the technical details here. (See an easily digestible one [from the Raspberry Pi][rpi] project, and an in-depth analysis [from Project Zero][zero].) What I do want to draw attention to is that these attacks [are exploitable via web browsers][mozilla]. The reason for this is that your web browser, by default, automatically downloads and executes programs without your knowledge or consent. Most commonly, web pages embed software in the form of JavaScript code. Because of the features available in modern JavaScript environments, CPU cache timing attacks are possible. [I spoke about the security issues][lp2016] of running these programs in your web browser back in 2016---it was a bad idea then, and it's still a bad idea now. [I spoke further of privacy issues][lp2017] last year at LibrePlanet 2017. I encourage you to use extensions like [NoScript][] to block the execution of JavaScript by default, and stop random people from treating your computer as a puppet to do their own bidding. [Meltdown]: https://meltdownattack.com/ [Spectre]: https://spectreattack.com/ [rpi]: https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/ [zero]: https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html [mozilla]: https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/ [lp2016]: https://media.libreplanet.org/u/libreplanet/collection/restore-online-freedom/ [lp2017]: https://media.libreplanet.org/u/libreplanet/m/the-surreptitious-assault-on-privacy-security-and-freedom/ [NoScript]: http://noscript.net/
* :Update repo URLs for footer commit linksMike Gerwitz2018-01-061-3/+3
| | | | * Makefile (url_root, repo_url): Update URLs.