Cryptoparty for journalists

Yesterday night a dozen international journalists (Spain, Finland, Japan, Germany, Poland) gathered at IN-Berlin, thanks to Hauke and Malte. After almost two hours of interview, we introduced them to email encryption with Free Software.

The interview part was extremely enjoyable. Unlike during our usual cryptoparties, we didn’t give any formal talk at the beginning but answered all their questions. The discussion went from Snowden leaks to computer security, Free Software, global surveillance, social media to basic ITC technical and political concepts (software, service, open standard, vendor lock-in, network effect..).

There was as many woman than men in the journalist group as well as in the “teachers” group: impressive ratio in the Free Software world. In general, the Berlin cryptoparty team is getting better, more united and grows each time we work together; and that is inspiring.

An eBook with DRM is no book, says French national assembly

To everyone’s surprise, the French national assembly just voted an amendment (FR) defended by the Greens, dealing with the issue of DRM in ebooks. If the law is also voted by the Senat (and once the two assemblies agreed on a common version) French legislation will acknowledge that a book with DRM or in a closed format is no book but a digital service. It will therefore not benefit from a reduced VAT anymore (19.6% instead of 5.5%).

During the debate (FR), French MEPs specified that a book is something that can be borrowed, read as many times as its owners wishes, taken anywhere.. Restricted “books” don’t qualify, obviously.

Hoping that it will become law and that France will inspire other European countries (for once..)! In any case, exposing DRM is already weakening them. We are working on it everyday lately: check!

EDIT: Most people expected the amendment to be removed from the draft law sooner or later. It was done just one day after the first vote. French government made the national assembly vote an other amendment to remove the previous one, and socialist MPs voted it. 

The government argues that making a difference between DRM’d eBooks and free ones would weaken France in it’s negociation with the European Commission about cultural exception (the idea that art and culture are not a commercial good like any other, and that they should therefore not be part of any free trade agreement).

The draft law (Finance Act) is far from being in its final version. The original DRM amendment could be re-introduced by the second assembly, the Senat. Resistance is growing. On their website and social media, both April and Framasoft are calling people to contact their representatives in the Senat and convince them to table and vote the amendment.  Will do.

Skype reverse-engineering court case

On October 22, a court in Caen, France, ruled that a French SME didn’t infringe Skype’s copyright by reverse-engineering the algorithm used by the company for its VoIP services, and attempting to use it commercially.

The SME called Vest Corporation wanted to build a system interoperable with Skype. According to the French online newspaper PCINpact, this case was important because it was questioning the legality of reverse-engineering, and of the products based on reverse-engineered technologies.

The two founders of Vest Corporation have been cleared and Microsoft-Skype was ordered to pay 1000€ in damages.

The prosecution has appealed against this decision.

Accepting a security signature, Fedora 19

Welcome in the head of a user! (check Open Advice page 121 to know where does this post come from)

Last week I upgraded to Fedora 19, at work.

For the first update of this new release, the user needs to say that she trusts the source of a package. The “help” page is quite hard to understand, which is a problem.

  • Repository name: rpmfusion-free-updates

I know rpmfusion but have never heard of this “free updates” thing.

  • Signature URL: /etc/pki/rpm-gpg/RPM-GPG-KEY-rpmfusion-free-fedora-19

Perfect, it gives me a PGP public key. But it’s in /etc, which means that this key already magically arrived on my computer? Why? How? When? How do I verify it?

  • Signature user identifier: RPM Fusion free repository for Fedora (19) <>

Sure, but it doesn’t really help. Does it just mean that I should write to a mailing list to tell them that I don’t get what they are trying to tell me to do 😀 ?

  • Signature identifier: 172FF33D

Ha, that looks useful. But again, I don’t know where to verify it.

  • gstreamer1-plugins-ugly-1.0.10-1.fc19.x86_64

Strange name… I don’t know what it is or what it is for. If I say that I don’t want to trust this package, the general update process stops.

  • Do you recognize the user and trust this key?

Well, no I don’t. But I still want my other updates! Having security pop-ups is good, but not if it confuses the user more that it helps her.

The help page says

To trust a repository, you should verify the details of the signing key. Normally the best way to do this is to go to the web page of the software source, and try to find details about the key used to sign the packages. This is normally called a GPG key.
You should only proceed with this dialog if you are happy to trust packages from this software source.

Fine but there’s no URL in the pop-up. Should I check the website of rpmfusion, of Fefora (19), or this “gstreamer…ugly” package?

On the RPM Fusion website I can verify the RPM Fusion’s signing keys. There is a  “RPM Fusion free for Fedora 19” key, but the key fingerprint doesn’t appear in the pop-up.

Result: I’m stuck.

Verifying the keys is important, I would like to know how to do it. 90% of not very technical users would just click yes in this situation, because a computer needs to work and not just to bother us.

Next step: contact someone involved in the fedora project and improve the documentation.

Ten Steps You Can Take Right Now Against Internet Surveillance

The EFF issued a quick overview of actions we can take against the NSA spying. It doesn’t mention Free Software but I love the last piece of advice:

Be an ally. If you understand and care enough to have read this far, we need your help. To really challenge the surveillance state, you need to teach others what you’ve learned, and explain to them why it’s important. Install OTR, Tor and other software for worried colleagues, and teach your friends how to use them. Explain to them the impact of the NSA revelations. Ask them to sign up to Stop Watching Us and other campaigns against bulk spying. Run a Tor node, or hold a cryptoparty. They need to stop watching us; and we need to start making it much harder for them to get away with it.

Teach each other. Gain control over your computing through understanding. Teach people around you how to do the same. Knowledge is power! Knowledge is empowering!

For French speakers, read the digital self defense guide, and share it with your friends and grandma. It explains in two hours what I have been trying to understand for two years.

If you think that you are not facing targeted surveillance, it’s the right time to learn how to use crypto and a Free Software operating system! You will screw up, make mistakes and learn from it: better do it when your life isn’t at stake!

I’m for example trying to work at home using Tails (The amnesic incognito system) and OpenBSD as much as possible. I struggle, read a lot of documentation, talk about it and have my friends have a look at what I’m doing. And I’m always wondering about a lot of things. Is that safe? Is this dangerous? I don’t understand the subtle way Tor works! How can I configure my email without disclosing anything? How should I manage the persistence? My passwords!? Security of my keys!? I keep discovering good practices and new tools.

Having to learn all that urgently, under pressure would just have made my mind blow – I probably wouldn’t have been able to cope and give up the activism I would have felt threatened for. Good luck to those in that situation… you have my full moral support…

In short, nothing to hide, everything to learn!

By the way, the next cryptoparty we’ll run in Berlin will be on Nov 8.
Join, teach, learn, share.

Pre-printing work

Thanks to Sam, I understand better some basic concepts of pre-printing work. Since it’s extremely useful for anyone wanting to print advocacy (or other) material, here is what I understood.

We used Inkscape and Scribus.

Professional printing requires your image to have a high resolution. Resolution is expressed in “dots per inch” or dpi. A good resolution for the printer we are using is 300 dpi.

If the graphic you want to print is a vector graphic, no problem, it can be as high definition as needed. If it’s a photo or something similar, the very high resolution has to be taken into account from the start.

Setting the resolution in Inkscape: File -> Export Bitmap -> Bitmap size -> 300 dpi

I’m still completely lost in the world of colors. Getting exactly the same colors on your screen and on paper is a nightmare.

Three pieces of advice:

  • Let it be, you can’t control everything
  • If you REALLY want to, calibrate your screen
  • or use a color matching system to find the name of the colors you want and define them individually. Use CMYK color model (Cyan, Magenta, Yellow and Key – black).

Bleeds are extra colored space on the sides or your designs. It’s a little bit like margins, but colored. It is made to be sure that you won’t end up with a white strip around your design, while it was supposed to be entirely colored.

For our printing company, the bleeds have to be 3mm on each side. So if your sticker I supposed to be 74 mm / 74 mm, the page including bleeds should be 80 mm / 80 mm.

Exporting from Inkscape, importing to Scribus
I still haven’t really understood why is this step needed, but it has something to do with some colors scheme being supported better by Scribus.

  1. In Inkscape: Export Bitmap -> Page -> 300 dpi -> Export
  2. Open Scribus
  3. When you create a new document, set the bleeds (next to ‘margin guide’) (3mm). The margins must be at 0mm
  4. Create a image box the size of your page
  5. Import the .png image in your image box
  6. Save as PDF (there is an icon in Scribus 1.4.3)
  7. In the ‘Color’ tab, chose ‘Output Intended For’ -> Printer
  8. In the ‘Pre-Press’ tab, check the box ‘Use Documents Bleeds’ in the ‘Bleed Settings’ part

Save. Congratulations!

Privacy and freedom of speech require Free Software

For a few weeks I have been working on a 3 fold leaflet about privacy and Free Software. The text and basic layout are pretty much done.

The main point of the leaflet is that in the internet age, Free Software is a necessary condition for us to have some basic rights (privacy and freedom of speech..) because of the collective control is grants to users. It also clearly states that Free Software is not sufficient.

The leaflet targets a non technical audience, people who already care about privacy but don’t get the link between it and technological choices.

I need you!
No matter how much I want this leaflet to be ready for print and distribution soon, I am facing my own limits: I don’t have the skills, time and knowledge to create attractive and meaningful graphics for the leaflet, nor to do the general design work.

You’re a designer, illustrator or graphic artist, care about privacy and want to contribute? Welcome! Join! Please use the Contact form on the right side of this page. I’ll send you the drafts and we can improve it.

If you don’t have anything to do with design but still care about privacy and Free Software, please contact me too. Several brains are worth much more than a single one.

Tips for AFK meeting moderation

Before joining FSFE I have been part of many other political groups or movements. In several of them we spent a lot of time implementing and enforcing basic but strict moderation techniques for meetings. It’s designed for AFK meetings but I’m sure the same kind of things exist for video conference or IRC meetings.

Many Free Software projects already use moderation techniques, and several of the tricks described bellow won’t make sense for small meetings like fellowship events. I’m however sure that there are still things any event organiser can pick from the list.

When do we need meeting moderation techniques ?
A little bit of it is useful in any kind of meeting with, lets say, more than 5 people. It quickly becomes natural. It is especially useful when hot topics are discussed or strong opinionated people are present. The bigger the meeting, the stricter the moderation.

Why do we need meeting moderation ?
It aims at ensuring that the meeting won’t be hijacked by a little group of people and at easing the active participation of the greatest number of attendants – especially shy ones. It also greatly increases productivity!

The chair
No matter what the tricks are, we need people to enforce them (especially for big meetings). The chair is usually elected or chosen at the beginning of the meeting. It is composed of :

  • A main moderator: he or she listens to the group and leads the debates – and must be able to tell anyone to shut up if needed.
  • Someone taking the minutes
  • Someone keeping a list of speakers and, if needed, checking the length of each speech

The agenda
Having a precise agenda ready before the meeting is a good idea. In there should be the topics that will be discussed, and how long the discussion on each one should roughly be.

Who controls the agenda has a lot of power over the meeting. The agenda must therefore at least be publicly available and participants should ideally be able to modify it / be part of its redaction beforehand.

I used to complain very loudly when an agenda was imposed by the chair of some meeting, because an agenda is never “neutral”. I’m now less loud but still believe that no democratic decision can be taken during a meeting if its agenda hasn’t been collectively written and accepted. In the meantime I just realised that taking democratic decisions was far from the main aim of most meetings. As long as it is clear, no problem 🙂

Speakers list and speech length
How to actually do it depends on the kind of meeting you want to get, and its size. Some random ideas :

  • Keep a speakers list with two columns if you want to ensure equal participation of two groups of people (with one usually louder than the other) : male / female, new members / people who have been there for ever, tech / non-tech… Then pick the first name of each column alternatively to announce the next speaker.
  • Fix a maximum time for each intervention (two minutes ?) and prepare sheets of paper with ’30s’ on it to tell the speaker that he/she only has 30 seconds left, and then in red ‘-30s’ or ‘-1min” when the time is over and he/she still doesn’t stop. There, the ability of the main moderator to really make people shut up becomes useful.
  • Keep in mind of how long the whole discussion on a topic should be – and what should be it’s outcome (vote? Concrete proposals?). With this data, the moderator or list-and-time-keeper can announce when will the speakers list for a particular topic be closed (like “time for 3 more speakers to register, then we close the list for this round”).

Note : for this kind or rules to work they must be clearly stated, explained and agreed at the beginning of the meeting.

Here are basic gesture for participants to give their opinion without disturbing the speaker and therefore the flow of the meeting. Those are very important for the moderator and minutes keeper : if a big part of the audience expresses its agreement with a topic / idea, the debate should probably be shifted in that direction

-> Agreement : this gesture is supposed the replace “that’s a good idea” / “cool” / “I agree” / “Yeah I wanted to say that too!”.

-> Disagreement : to replace “bouuuh!” / “that’s sh*t !!!” / “how can you dare saying that, you stupid f**k!” and other things of this kind

-> Repetition : this gesture needs to be used with care and requires the moderator’s vigilance. It can hurt and discourage some speakers (strangely, experience shows that it does it more than the “disagreement gesture”). To replace “you are repeating what a countless number of speakers have already say” / “go on ! It’s too slow !”. It of course doesn’t need to be done so high, I usually do it at chest level.

Other gesture can be added, especially for international meetings, like for example to express the need for translation of a particular point.

This post could go on forever, but what is important is just that we should put some time into the creation of formal or informal rules to make our meetings nicer, less hostile for newcomers and shy people, more democratic and in general… more useful and productive. Experiment, make up your own techniques and share it!

First European Coordinators meeting

European CoordinatorsIn order to promote Free Software even more efficiently and increase the reach of FSFE’s work across Europe, 22 Fellows from FSFE, coming from 10 countries, gathered on September 28-29 in Berlin for the first European Coordinators Meeting. During the week-end, team, country and group coordinators learned to know each other, exchanged views and good local practices, provided valuable feedback about FSFE’s campaigns and presented their numerous projects. Each coordinator brought his or her expertise and made it benefit everyone else.

Presentations covered a comprehensive range of issues important for the Fellowship. It included advocacy material and strategies; ideas and advise to organise successful events, to build, coordinate and make solid local communities grow; tools for communication and outreach; campaigns and workshops. All the presentations generated lively and valuable discussions. Feedback about the first coordinators meeting were excellent, I’m looking forward to the next one!