occasional GNU-related news
December 11th, 2010
I’ll be going to FOSDEM in February 2011 (Sat 5 – Sun 6) for the GNU Developers session on Saturday.
This year the GNU project has its own room for up to 100 people and the organisers are looking for GNU developers to give a talk about their package (see the GNU fosdem webpage for details) – the deadline for abstracts is 22 December. It is a good chance to tell others about your work and meet potential contributors, as the FOSDEM event attracts thousands of developers.
Whether you want to give a talk or not, you should email firstname.lastname@example.org with your contact details if you plan to attend so the organisers can keep you updated.
December 6th, 2010
The Software Freedom Law Centre has published Eben Moglen’s testimony to Congress on privacy and social networking.
. . . Facebook and similar centralized social networking services like to talk about their “privacy settings.” This is mere deception, a simple act of deliberate confusion. These “privacy settings” merely determine what one user can see of another user’s private data. The grave, indeed fatal, design error in social networking services like Facebook isn’t that Johnny can see Billy’s data. It’s that the service operator has uncontrolled access to everybody’s data, regardless of the so-called “privacy settings.” . . .
Testimony of Eben Moglen, December 2, 2010, US House of Representatives Subcommittee on Commerce, Trade & Consumer Protection
November 16th, 2010
One of the most interesting talks for me was “Web Search By The People, For The People” by Michael Christen on the YaCy distributed search engine. It’s a java application, and is self contained once you have a working java installation. Surprisingly it even runs well on my Eeepc 701.
While the results aren’t (yet) comparable with centralised search engines, they are a lot better than I expected–sometimes it seems like a few additional heuristics would get it really close. I recommend downloading it and trying it out.
October 13th, 2010
Recently I have been proofreading the Perl 5.12.1 documentation (for a printed edition, Volume 1 (Language Reference) is just published).
I picked up a few new tricks. The one I am using the most is the new “//” operator. ($a // $b is equivalent to defined($a) ? $a : $b.) Now it’s possible to assign a default value to a variable if it’s undefined with just $foo //= $default, keeping the original value if it already exists.
This is handy because in Perl zero evaluates to false and it used to be common to find code like $foo ||= 1, to set foo to a default value of 1. This looks like it does the right thing but overwrites the existing value when $foo has a value of 0.
July 28th, 2010
The European GNU Hackers meeting took place this weekend in the Hague. Two days of talks about GNU projects, nearly 50 hackers, prodigiuous amounts of coffee, and exotic food. All followed by two days of coding for those who stayed on Monday and Tuesday.
Thanks to Andy Wingo of GNU Guile for organising it (and having the supernatural ability to walk into a restaurant and get a table for 40 people) and the Revelation Hackspace of Den Haag for the great venue.
June 7th, 2010
While it concentrates on licensing and patents it is not just a programme for lawyers, it has a lot of information about the pratical legal aspects of free software projects for developers, such dealing with GPL violations or trademark problems, choosing a license, and fundraising or setting up a non-profit organisation for a project.
There is an archive of 40 episodes, going back over 2 years, on their site. In a recent episode they described this as making a good introductory course on free software issues — “Free Software 101″ — for anyone new to the subject. A really useful resource.
The latest oggcast is a talk on software patents in the USA by Dan Ravicher the Legal Director of SFLC. They will cover the outcome of the US Supreme Court’s Bilski Patent Decision in a future episode once it is known.
May 24th, 2010
I have posted an entry for the upcoming European GNU Hackers Meeting in the FSFE Fellowship calendar. The meeting is being held on 24-25 July 2010 in the Hague, Netherlands and is open to all GNU contributors and maintainers. The special focus will be “building decentralized GNU applications”. Please register via the GHM webpage if you want to attend.
April 15th, 2010
I received a new 2048-bit RSA version 2 GPG smartcard today (ordered from Kernel Concepts). Previously I was using the older version 1.0 and 1.1 smartcards, with 1024-bit keys.
I’ve been signing software releases with a GPG smartcard for several years now (before that, with a key stored on disk) and have been migrating my systems over to smartcards for keysigning and SSH. The ultimate goal is to not have any keys stored on disk on any network accessible machine. I also verify the signatures of sources that I download as far as possible, through the web of trust. Initially this was pretty restrictive but after a few years making an effort to keysign at conferences, I’m able to check most packages.
During the keysigning session at the FSF’s LibrePlanet conference last month in Boston, Bradley Kuhn mentioned that he had actually built a basic working GNU/Linux system from scratch for crypto purposes, verifying all of the package signatures through people he had keysigned with — quite an achievement. I am inspired to follow in his footsteps and only use verified source-code.
Unfortunately, as far as I can tell — and I’m ready to be corrected here — neither GNOME nor KDE sign their source releases, which does concern me. Considering that most other projects have been signing releases for years, this appears to be an anomaly that I find hard to understand.
My personal motivation for better security dates back to 2003 when it was discovered that someone (or group) had cracked the ftp.gnu.org server and had root access for over 3 months without being detected. As a result every maintainer had to do a complete audit of all files on the server, which was an extremely timeconsuming process. This incident led to the requirement for all source packages on ftp.gnu.org to be gpg-signed by the developer.
Version 2 GPG Smartcard:
February 26th, 2010
Ted Nelson, inventor of the terms “hypertext” and “hypermedia”, has long had a radical view of computing and freedom for computer users. His 1974 book “Computer Lib” was an early manifesto for personal computing and computer literacy — before personal computers existed (the Apple I, the first assembled computer which displayed on a TV screen, didn’t arrive until 1976).
His latest book is “Geeks Bearing Gifts – How the Computer World Got This Way” (ISBN 978-0-578-00438-9, £12.51), a personal history of computing and the forces that have influenced its development. The book covers a vast terrain from the ancient world through the first digital computers, ARPANET, NLS, Xerox PARC, microcomputers, Apple, Microsoft, free software, GNU and Linux, and the Web up to the present day. The style and content are quirky but it’s full of thought-provoking ideas and well worth reading. As always, Ted Nelson has a unique perspective.
“We are imprisoned in applications that can be customised only in ways the designers allow… We are in a dark age of documents, most locked in imprisoning formats… This is a blighted parody of the computer dreas we had long ago. But let us try to be optimistic. Who knows what yet may be possible? All the ideas have not not yet been tried.” — T.Nelson, “Geeks Bearing Gifts”
February 10th, 2010
Eben Moglen gave a talk last week on “Freedom In the Cloud: Software Freedom, Privacy, and Security for Web 2.0 and Cloud Computing”. If you are interested in the problem of network services, you need to watch this!
The Software Freedom Law Centre has the audio and video recordings (including the q&a session afterwards) in Ogg formats.
(Update: SFLC now has a transcript of the talk.)