Brian Gough’s Notes


Archive for the ‘gnu’ Category

FSCONS 2010

Tuesday, November 16th, 2010

Just wanted to say thanks to the organisers of FSCONS, FSFE and Henrik for a great conference in Gothenburg last weekend, where we held a GNU Get-together (some photos on the GNU webpage).

One of the most interesting talks for me was “Web Search By The People, For The People” by Michael Christen on the YaCy distributed search engine. It’s a java application, and is self contained once you have a working java installation. Surprisingly it even runs well on my Eeepc 701.

While the results aren’t (yet) comparable with centralised search engines, they are a lot better than I expected–sometimes it seems like a few additional heuristics would get it really close. I recommend downloading it and trying it out.

Pictures from the GNU Hackers Meeting in the Hague (July 2010)

Wednesday, July 28th, 2010

The European GNU Hackers meeting took place this weekend in the Hague. Two days of talks about GNU projects, nearly 50 hackers, prodigiuous amounts of coffee, and exotic food. All followed by two days of coding for those who stayed on Monday and Tuesday.

Thanks to Andy Wingo of GNU Guile for organising it (and having the supernatural ability to walk into a restaurant and get a table for 40 people) and the Revelation Hackspace of Den Haag for the great venue.

Are you working on GNU software or related projects, like gNewSense, and want to come to future meetings? News about GNU meetings is posted on the GHM rss feed and syndicated on Planet GNU.

Check out Neal Walfield’s blog for the “official” group photo.

Hacking at the GNU hackers meeting

Free distro hacking at the GNU hackers meeting, foreground left to right, Karl Goetz (gNewSense) and Denis Jaromil (dyne:bolic)

Discussion at the GNU hackers meeting

Discussion at the GNU hackers meeting, Christian Grothoff, Neal Walfield, Werner Koch and Marcus Brinkmann

Discussion at the GNU hackers meeting

Discussion at the GNU hackers meeting, Bruno Haible and Simon Josefsson

European GNU Hackers Meeting – The Hague – 24-25 July 2010

Monday, May 24th, 2010

I have posted an entry for the upcoming European GNU Hackers Meeting in the FSFE Fellowship calendar. The meeting is being held on 24-25 July 2010 in the Hague, Netherlands and is open to all GNU contributors and maintainers. The special focus will be “building decentralized GNU applications”. Please register via the GHM webpage if you want to attend.

2048-bit GPG Smartcards and Package Signing

Thursday, April 15th, 2010

I received a new 2048-bit RSA version 2 GPG smartcard today (ordered from Kernel Concepts). Previously I was using the older version 1.0 and 1.1 smartcards, with 1024-bit keys.

I’ve been signing software releases with a GPG smartcard for several years now (before that, with a key stored on disk) and have been migrating my systems over to smartcards for keysigning and SSH. The ultimate goal is to not have any keys stored on disk on any network accessible machine. I also verify the signatures of sources that I download as far as possible, through the web of trust. Initially this was pretty restrictive but after a few years making an effort to keysign at conferences, I’m able to check most packages.

During the keysigning session at the FSF’s LibrePlanet conference last month in Boston, Bradley Kuhn mentioned that he had actually built a basic working GNU/Linux system from scratch for crypto purposes, verifying all of the package signatures through people he had keysigned with — quite an achievement. I am inspired to follow in his footsteps and only use verified source-code.

Unfortunately, as far as I can tell — and I’m ready to be corrected here — neither GNOME nor KDE sign their source releases, which does concern me. Considering that most other projects have been signing releases for years, this appears to be an anomaly that I find hard to understand.

My personal motivation for better security dates back to 2003 when it was discovered that someone (or group) had cracked the ftp.gnu.org server and had root access for over 3 months without being detected. As a result every maintainer had to do a complete audit of all files on the server, which was an extremely timeconsuming process. This incident led to the requirement for all source packages on ftp.gnu.org to be gpg-signed by the developer.

Version 2 GPG Smartcard:

gpgcard2frontsmall

gpgcard2backsmall

“It’s late in the game and we’re behind” – Eben Moglen on Network Services

Wednesday, February 10th, 2010

Eben Moglen gave a talk last week on “Freedom In the Cloud: Software Freedom, Privacy, and Security for Web 2.0 and Cloud Computing”. If you are interested in the problem of network services, you need to watch this!

The Software Freedom Law Centre has the audio and video recordings (including the q&a session afterwards) in Ogg formats.

(Update: SFLC now has a transcript of the talk.)

The great irony about Web 2.0

Friday, September 18th, 2009

A nice explanation by Yea-Hung Chen on the Autonomo.us mailing list:

The remarkable thing about “Web 1.0” (and specifically the personal home page and email) is that you can link to anybody or anything you want and you can send a message to anybody you want. It doesn’t matter who is hosting your website and it doesn’t matter who your email provider is.

The same is not true for many implementations of “Web 2.0.” If you’re on Facebook but not on MySpace, and your friend’s on MySpace but not on Facebook, how do you link to him (i.e., tell people you are friends)? How do you send him a message? (Or, how do I respond to President Obama’s tweets if I’m not on Twitter? How do I join the Facebook group for my favorite political cause if I’m not on Facebook? And what are the implications when membership in a closed and private service is a prerequisite for political engagement?)

The great irony about “Web 2.0” is that it is a step back in many ways; even AOL — who, of course, controlled much of Web 1.0 — let you send email to non-AOL users.

Yea-Hung Chen on the autonomo.us mailing list July 2009

GNU Hackers Meeting 11-15 November 2009, Gothenburg.

Wednesday, September 9th, 2009

There will be an international GNU Hackers Meeting on 11-13 November in Gothenburg, Sweden, as part of the FSCONS conference on 14-15 November. The meeting is intended for active GNU contributors and its theme is the continued advancement of the GNU system. Please see the GHM webpage for details of the event.

LibrePlanet 2009

Thursday, April 9th, 2009

I gave a talk at the FSF’s LibrePlanet event last month — it was a report on the GNU Hackers Meeting (GHM) that I organised last year in the UK.

The LibrePlanet wiki has a summary of the talk including the slides.

The initial part of the talk was a description of the meeting and how it was organised, but the main focus was the role of communication in the GNU Project.

Historically most GNU Project communication has been though email (along with webpages, and IRC) rather than face-to-face. There have been several decades of research on “computer-mediated communication” as it is called in the literature, and there are a number of negative effects which are well established (such as communication being less robust, difficulty establishing common ground, and decreased motivation and commitment).

Given these negative effects, I suggested we should (a) be more explicitly aware of them and how they impact our work, both day-to-day and on the large scale (i.e. in terms of how they “shape” individual programs and the free software ecosystem as a whole) and (b) look for ways to mitigate them.

Having a regular GNU Hackers meeting is one way to do that, and I encouraged people at the LibrePlanet event to hold one in the US.