Planet Fellowship (en)

Sunday, 01 March 2015

FOSDEM 2015: some interviews

FSFE Fellowship Vienna » English | 12:56, Sunday, 01 March 2015

Horst from visited the FOSDEM this year and caught the mood there in some nice interviews. I just wanted to share it with you. Not all of the interviews he posted in his German blog article are done in English, but at least four of them:

  • Knitting machine A kniting machine from the seventies brought to new life with free software.
  • Mageia Linux Community A woman overcame a personal loss with the help of a friendly free software comunity.
  • EPFSUG Erik K Josefsson raises awareness of free software in the European Parliament.
  • Diaspora Jason Robinson explains how the decentralised social media platform works.

Saturday, 28 February 2015 at conference on 21st of February

FSFE Fellowship Vienna » English | 11:56, Saturday, 28 February 2015 - Computer Support for Free Software
Gespräche am Infostand
Leute nahmen bereitwillig und interessiert unser Infomaterial
Viele Besuche den ganzen Tag über is a web platform founded by some members of the Viennese Fellowship group of the FSFE. It aims to help people who are interested in using free software but who do not want to administrate their own computers. At least in Austria all support offers for free software users are aimed at businesses. Therefore only techically interested private people could start using free software in the past if they didn’t happen know others well aquainted with free software willing to help them. To close this gap offers a simple search field to type in buzz words. After submitting the form a list of people knowledgeable with this subjects on free software systems is displayed. People searching for help then can browse through this results and can contact the persons they want to consult. The platform is merely a way to connect people. So all terms can be defined by the people interacting with each other. Some people offer help on a voluntary basis. Others will help for a fee. The only condition for experts offering their services on the platform is the preference of free software.

The team of invites free software experts to create a profile. After applying to be listed the team reviews the profile and releases the experts to be listed on the platform. At the moment is in it’s trial phase and does offer services in Vienna only. If everything works out as intended the local restriction can be left behind. Even others can get the freely licenced python code on bitbucket and offer similar services independently.

On 21st of February was invited to participate as one of 50 initiatives on a conference about wellbeing for all (Gutes Leben für alle). The project was explicitly invited because we applied in a contest a few months ago. The contest aimed to choose the best ideas for sustainable and fair development in our society. didn’t win anything back then, but the organizers of the conference still wanted us to participate at the conferences fair of initiatives.

Originally the organizers aimed to welcome about 250 people at the recently build new campus of the Viennese universitiy for economics. But in a very short period of time everything was overbooked and in the end about 850 registrations exceeded all expectations. A young assistent from the university told me about a little group of alternative thinkers at the university responsible for such events. Normally nobody would expect the university of economics to host such an event. But some people obviously could move something even in this traditionally not very progressive environment.

The fair of initiatives covered a lot of different subjects. The majority was about better ways to use and share our ressources. There was a focus on local initiatives for connecting people with different ressources and/or skills. Over all was received very well. The audience was open in a very similar way than the visitors of the Veganmania summer festivals we attended in the last years with a boot of the Viennese Fellowship group of the FSFE. They where open to consider free software as an alternative and did quickly understand the problems with closed standards and proprietary software production. One difference to the people met on the Veganmania summer festivals was the big user base of Apple computers. I think I never met a target group with more individuals using Apple products. I would guess at least eighty percent of the many people I talked to at the event told me to use OSX from Apple.

We set up our very little boot as one of the first initiatives at about 10 am. Even if we had more leaflets, folders and stickers on free software and open standards than any other initiative on other subjects we had only about 60 x 30 centimeters space on a table. It was tightly packed with colorful, inviting material. We could only put our books about free software on display in the late afternoon after some initiatives left and we could use the only then spare space on the table. We where quite buzy the whole day with many interested people and shortly after 9pm we packed everything together and left the venue because it got closed up.

Even if we could not reach tousands of people (like on events such as the Game City fair) I still think it was very well worth taking the time since the quality of our conversations was very high and we still could introduce many people to the virtues of free software.

Thursday, 26 February 2015

PostBooks accounting and ERP suite coming to Fedora - fsfe | 21:08, Thursday, 26 February 2015

PostBooks has been successful on Debian and Ubuntu for a while now and for all those who asked, it is finally coming to Fedora.

The review request has just been submitted and the spec files have also been submitted to xTuple as pull requests so future upstream releases can be used with rpmbuild to create packages.

Can you help?

A few small things outstanding:

  • Putting a launcher icon in the GNOME menus
  • Packaging the schemas - they are in separate packages on Debian/Ubuntu. Download them here and load the one you want into your PostgreSQL instance using the instructions from the Debian package.

Community support

The xTuple forum is a great place to ask any questions and get to know the community.


Here is a quick look at the login screen on a Fedora 19 host:

Student papers, Reda report amendments, birthday and more!

Creative Destruction & Me » FLOSS | 11:23, Thursday, 26 February 2015

I had two rather busy weeks doing plenty of exciting things. It felt really productive and fun. However when I spoke about it with friends recently, they said they had no clue what I was working on and sometimes did not even know where exactly I was traveling. So, there you have it: The Reda report needed amending, I am preparing a presentation about the role of patents in software, at Endocode we are developing on the company strategy, there was a CoreOS meetup, an Endocode meetup, and more work on the employee share program. My wife had her birthday and we partied a lot. The Open Invention Network is preparing an update to it’s Linux System Definition. The students presented the remaining papers for the winter term “Open Source and Intellectual Property” course at TU Berlin. And I had a flu. Want to know more?

In January Julia Reda presented her report on harmonization of copyright in the EU. Through OpenforumEurope, I participated with others in providing input for the report. Once the report had been presented, feedback was opened again in the form of amendments. The same group is now preparing the submission of suggested amendments to the “Reda Report”. This is one of the most exciting processes at EU level at the moment, I am very glad to be part of it.

The Joint Research Center of the European Commission will have a conference on “Innovation in a European Digital Single Market – The Role of Patents” on March 17. I was invited to speak about the patentability of software. In the speaker panel the number of proponents clearly outweights the number of critical voices. Because of that I will focus on giving a comprehensive overview of the reasons why the Free Software community is rather critical towards software patents. To develop the presentation, I am consulting with FSFE, OpenforumAcademy and ideally as many other experts as possible.

I wrote about Endocode and it’s philosophy here. The Endocode experiment so far has been going really well, an awesome team has assembled and we are working on some super-interesting stuff, as you can see in our Github account. It is time to look at what to do next, now that the initial goals have been reached. We had a first of a series of workshops with an external moderator, and started discussing what makes Endocode special, and in which direction we want it to develop.

Together with many other Endocoders, I attended the Rocket and the App Container Spec meetup. Containers are an exciting technology, and Endocode is working both in deploying them in projects as well as developing on some of the basic management tools. Jonathan Boulle presented especially about the app container spec is developed collaboratively out in the open. Great event, great presentation and free drinks, pizza and sushi. It feels great to be diving into stuff like that.

Endocode also has meetups (yay). Our meetups are, at least for now, internal events where Endocoders share interesting stuff they hack on or learned. The topics are not necessarily work related, more importantly they should be fascinating :-) This time, on February 10, it involved a Kinect and tracking skeletons and people that looked like ogers with two heads.

Right before that we had a presentation by the lawyer we work with about legal aspects of setting up an employee share program. It is not as easy as it sounds, mostly due to issues of taxation. “Virtual stocks” are an option. They have the disadvantage of not giving the employee an actual voting influence on the company. We will have to go back to the drawing board with this idea and discuss it with the employees.

February 16 is Alexandra’s birthday. We started to celebrate with breakfast at one of our favorite places, Tomasa in Kreuzberg. We both had to go to work that day. After a top-secret meeting :-) until 7pm I came home to find the house packed with friends. Some of them had been expected, and some simply drove for an hour to stop by. What a nice surprise!

The Open Invention Network is preparing an update to the Linux System Definition. The Linux System Definition defines the technical scope of OIN’s patent non-aggression community. Since the FLOSS ecosystem evolves at a pretty fast pace, the definition is updated on a regular basis. The process involves many stakeholders and it is important to make sure everybody is well informed and on the same page. This is an exciting process, even though it involves numerous phone conferences with Japan and the west coast at strange times.

The semester is almost over, so the course “Open Source and IP” at TU Berlin is wrapping up. The final student presentations where held on Feb 11, then it was time to grade the papers. The attendees were international and interdisciplinary again, which made for quite some interesting results. Then I caught a flu and was out for a day.

Finally last week I went to Erfurt for some C++ and Qt hacking. This is some rare fun these days, so I really enjoyed it. I do still hope to find more time in the future to do some technical work. It does seem like a dream, though. On the weekend we did some more birthday partying. Now it is time to do the same thing all over again :-)

Filed under: Coding, CreativeDestruction, English, FLOSS, KDE, OSS

Wednesday, 25 February 2015

Lenovo: What Were They Thinking?

Paul Boddie's Free Software-related blog » English | 18:16, Wednesday, 25 February 2015

In the past few days, there have been plenty of reports of Lenovo shipping products with a form of adware known as Superfish, originating from a company of the same name, that interferes with the normal operation of Web browser software to provide “shopping suggestions” in content displayed by the browser. This would be irritating enough all by itself, but what made the bundled software involved even more worrying was that it also manages to insert itself as an eavesdropper on the user’s supposedly secure communications, meaning that communications conducted between the user and Internet sites such as online banks, merchants, workplaces and private-and-confidential services are all effectively compromised.

Making things even worse still, the mechanism employed to pursue this undesirable eavesdropping managed to prove highly insecure in itself, exposing Lenovo customers to attack from others. So, we start this sordid affair with a Lenovo “business decision” about bundling some company’s software and end up with Lenovo’s customers having their security compromised for the dubious “benefit” of being shown additional, unsolicited advertisements in Web pages that didn’t have them in the first place. One may well ask what Lenovo’s decision-makers were thinking?

Symptoms of a Disease

Indeed, this affair gives us a fine opportunity to take a critical look at the way the bundling of software has corrupted the sale of personal computers for years, if not decades. First of all, most customers have never been given a choice of operating system or to be able to buy a computer without an operating system, considering the major channels and vendors to which most buyers are exposed: the most widely-available and widely-advertised computers only offer some Windows variant, and manufacturers typically insist that they cannot offer anything else – or even nothing at all – for a variety of feeble reasons. And when asked to provide a refund for this unwanted product that has been forced on the purchaser, some manufacturers even claim that it is free or that someone else has subsidised the cost, and that there is no refund to be had.

This subsidy – some random company acting like a kind of wealthy distant relative paying for the “benefit” of bundled proprietary software – obviously raises competition-related issues, but it also raises the issue of why anyone would want to pay for someone else to get something at no cost. Even in a consumer culture where getting more goodies is seen as surely being a good thing because it means more toys to play with, one cannot help but be a little suspicious: surely something is too good to be true if someone wants to give you things that they would otherwise make you pay for? And now we know that it is: the financial transaction that enriched Lenovo was meant to give Superfish access to its customers’ sensitive information.

Of course, Lenovo’s updated statement on the matter (expect more updates, particularly if people start to talk about class action lawsuits) tries to downplay the foul play: the somewhat incoherent language (example: “Superfish technology is purely based on contextual/image and not behavioral”) denies things like user profiling and uses terminology that is open to quite a degree of interpretation (example: “Users are not tracked nor re-targeted”). What the company lawyers clearly don’t want to talk about is what information was being collected and where it was being whisked off to, keeping the legal attack surface minimal and keeping those denials of negligence strenuous (“we did not know about this potential security vulnerability until yesterday”). Maybe some detail about those “server connections shut down in January” would shed some light on these matters, but the lawyers know that with that comes the risk of exposing a paper trail showing that everybody knew what they were getting into.

Your Money isn’t Good Enough

One might think that going to a retailer, giving them your money, and getting a product to take home would signal the start of a happy and productive experience with a purchase. But it seems that for some manufacturers, getting the customer’s money just isn’t enough: they just have to make a bit of money on the side, and perhaps keep making money from the product after the customer has taken it home, too. Consumer electronics and products from the “content industries” have in particular fallen victim to the introduction of advertising. Even though you thought you had bought something outright, advertisements and other annoyances sneak into the experience, often in the hope that you will pay extra to make them go away.

And so, you get the feeling that your money somehow isn’t good enough for these people. Maybe if you were richer or knew the right people, your money would be good enough and you wouldn’t need to suffer adverts or people spying on you, but you aren’t rich or well-connected and just have to go along with the indignity of it all. Naturally, the manufacturers would take offence at such assertions; they would claim that they have to take bribes subsidies to be able to keep their own prices competitive with the rest of the market, and of course everybody else is taking the money. That might be almost believable if it weren’t for the fact that the prices of things like bundled operating systems and “productivity software” – the stuff that you can’t get a refund for – are completely at the discretion of the organisations who make it. (It also doesn’t help these companies that they seem to be unable to deliver a quality product with a stable set of internal components, or that they introduce stupid hardware features that make their products excruciating to use.)

Everybody Hurts

For the most part, it probably is the case that if you are well-resourced and well-connected, you can buy the most expensive computer with the most expensive proprietary software for it, and maybe the likes of Lenovo won’t have tainted it with their adware-of-the-month. But naturally, proprietary software doesn’t provide you with any inherent assurances that it hasn’t been compromised: only Free Software can offer you that, and even then you must be able to insist on the right to be able to build and install that software on the hardware yourself. Coincidentally, I did once procure a Lenovo computer from a retailer that only supplied them with GNU/Linux preinstalled, with Lenovo being a common choice amongst such retailers because the distribution channel apparently made it possible for them to resell such products without Windows or other proprietary products ever becoming involved.

But sometimes the rich and well-connected become embroiled in surveillance and spying in situations of their own making. Having seen people become so infatuated with Microsoft Outlook that they seemingly need to have something bearing the name on every device they use, it is perhaps not surprising that members of the European Parliament had apparently installed Microsoft’s mobile application bearing the Outlook brand. Unfortunately for them, Microsoft’s “app” sends sensitive information including their authentication credentials off into the cloud, putting their communications (and the safety of their correspondents, in certain cases) at risk.

Some apologists may indeed claim that Microsoft and their friends and partners collecting everybody’s sensitive details for their own convenience is “not an issue for the average user”, but in fact it is a huge issue: when people become conditioned into thinking that surrendering their privacy, accepting the inconveniences of intrusive advertising, always being in debt to the companies from which they have bought things (even when those purchases have actually kept those companies in business), and giving up control of their own belongings are all “normal” things and that they do not deserve any better, then we all start to lose control over the ways in which we use technology as well as the technologies we are able to use. Notions of ownership and democracy quickly become attacked and eroded.

What Were They Thinking?

We ultimately risk some form of authority, accountable or otherwise, telling us that we no longer deserve to be able to enjoy things like privacy. Their reasons are always scary ones, but in practice it usually has something to do with them not wanting ordinary people doing unexpected or bothersome things that might question or undermine their own very comfortable (and often profitable) position telling everybody else what to do, what to worry about, what to buy, and so on. And it turns out that a piece of malware that just has to see everything in its rampant quest to monetize every last communication of the unwitting user now gives us a chance to really think about how we really want our computers and their suppliers to behave.

So, what were they thinking at Lenovo? That Superfish was an easy way to make a few extra bucks? That their customers don’t deserve anything better than to have their private communications infused with advertising? That their customers don’t need to know that people are tampering with their Internet connection? That the private information of their customers was theirs to sell to anyone offering them some money? Did nobody consider the implications of any of this at all, or was there a complete breakdown in ethics amongst those responsible? Was it negligence or contempt for their own customers that facilitated this pursuit of greed?

Sadly, the evidence from past privacy scandals involving major companies indicates that regulatory or criminal proceedings are unlikely, merely fuelling suspicions that supposed corporate incompetence – the existence of conveniently unlocked backdoors – actually serves various authorities rather nicely. It is therefore up to us to remain vigilant and, of course, to exercise our own forms of reward for those who act in our interests, along with punishment for those whose behaviour is unacceptable in a fair and democratic society.

Maybe after a break from seeing any of it for a while, our business and our money will matter more to Lenovo than that of some shady “advertising” outfit with the dubious and slightly unbelievable objective of showing more adverts to people while they do their online banking. And by then, maybe Lenovo (and everyone else) will let us install whatever software we like on their products, because many people aren’t going to be trusting the bundled software for a long time to come after this. Not that they should ever have trusted it in the first place, of course.

In The End Freedom Is What Matters

Max's weblog » English | 02:03, Wednesday, 25 February 2015

Yesterday I’ve been asked by a good friend of mine why I am investing so much time in the FSFE (Free Software¹ Foundation Europe) instead of putting more energy in other organisations with more focus on privacy issues. The background of his question is that I’m quite concerned about governmental and commercial surveillance and the lack of really private ways to communicate with each other and the impact this has on our online and offline behaviour. With Laura Poitras’ recent movie “Citizenfour” awarded with an Oscar, I use the media attention as an icebreaker to talk with my friends about these topics if the situation allows it.

Back to question which can also be read as “Why are you investing your time in Free Software instead of privacy which seems to touch you more?”. To be honest I had to think about this a bit. But then I remembered Jacob Appelbaum saying[…] what people used to call liberty and freedom we now call privacy“. And I think that’s the reason why I stick with putting my energy as activist in FSFE rather than in other (very good!) organisations: Because I think that freedom is the foundation of everything we call privacy today and in the future. I’ll explain that in the following paragraphs.It already has been said in many blog posts, articles, press releases, and interviews from people in- and outside the Free Software movement that Free Software (sometimes also called Open Source) is the key to privacy, mostly because only Free Software is the only sane way how to publish serious encryption methods. Of course the very basis for encryption is trust, and trust is only gained by transparency and the possibility to look behind the scenes.

But for me, it goes much further than just the rational reason why Free Software is the basis for privacy programs. I invest my time in the FSFE because it’s about freedom. We can have as good privacy-enhancing tools as possible, without freedom they are worth nothing. I’m not (only) talking about physical freedom, but more about the freedom to interact with the society in a way one can determine. Imagine following – not unrealistic – situation: You can communicate with your friends anonymously over perfectly encrypted channels and this is good. But now your country’s financial office urges you to give information about your tax situation in an electronical way – which is only possible by using a proprietary (and therefore insecure) operating system. And inside the tax administration all your sensitive files reside on proprietary servers, are opened on insecure systems, and with zero transparency.

Or another example: You are oblidged by your internet provider to use their router and you’re not allowed to replace it by an alternative device. Even your country’s net agency or economical ministry allows it, which is the current state in many European countries. You may use Tor or VPN but you still don’t know if they track metadata like your connection times and volume, MAC addresses, number of connected devices, preferred anonymisation techniques, or phone call destinations. Or they just throttle all communication which they cannot read or which is directed to services like Tor.

In these cases software privacy is of little use. It’s about regulations, it’s about changing the toughts of political actors, it’s about dirty politics and dust-dry laws – and it’s about freedom. About our freedom of choice, not only which software we want to use, but also the ways we want to communicate, which devices and file format we want to choose, and the things we want to say publicly and not only encrypted in the dark. Privacy is necessary for situations in which we cannot speak or act freely, but freedom is the only way how to improve the world we’re living in so that we won’t have to fight for the right of privacy anymore. And freedom in all ways is what the FSFE stands for, not only by improving software but by informing the public and politicians, and by putting political pressure on decision makers. Because freedom is the foundation for a society in which someday privacy can be the most normal thing.

This, dear friend, is the reason why I volunteer for the FSFE – and therefore also for privacy.

¹ Means software which you are allowed to use for every purpose, which everybody can inspect, modify and redistribute

Tuesday, 24 February 2015

Campaign to Better Involve Users

bb's blog | 15:31, Tuesday, 24 February 2015

Sign and share our campaign to create tools that allow users to actively participate in the development of products. User Centric Development today follows a one way communication. Whenever developers need some information, they ask the users (neglecting the problem of reaching a representative sample of users here). The other way around is much harder [...]

Re: Die Schlüssel-Falle

Werner's own blurbs | 09:59, Tuesday, 24 February 2015

[This article is in German because it is an reply to an article in the German c't magazine]

In der c't 6/2015 vom 21. Februar fordert Redakteur Jürgen Schmidt in seinem Editorial: „Lasst PGP sterben“. Er hält PGP (also den OpenPGP Standard) für technisch veraltet und einen „lahmen Dinosaurier“. Dabei vergleicht er PGP mit Online Diensten von Apple sowie mit TextSecure Chat-Dienst. Mal ganz abgesehen davon, daß alle amerikanischen Firmen gezwungen sein können, Hintertüren in Ihre Anwendungen einzubauen, werden hier Güterzüge mit U-Booten verglichen. Gut, sie werden beide aus Metall gebaut und könne Dinge transportieren, aber damit hört es dann schon auf. In dem Artikel Die Schlüssel-Fälle auf Seite 160 versucht er sodann die Probleme zu erläutern.

Online Protokolle wie TextSecure mit Offline Protokollen wie OpenPGP oder S/MIME zu vergleichen ist keine lautere Argumentation. Ein Meeting, ob direkt oder per Videokonferenz, hat offensichtlich ja auch ganz andere Erfordernisse als ein Briefwechsel. Viele Angelegenheiten können in einem direkten Gespräch viel einfacher geklärt werden als durch eine zeitlich versetzte Diskussion per Mail. Aber damit werden Briefe/Mails und Berichte noch lange nicht überflüssig; nur durch diese Offline Kommunikation können Information auch (vertraulich) aufbewahrt werden und stehen für spatere bearbeitung noch zur Verfügung.

Wir benötigen Offline Protokolle, da sie auch funktionieren wenn das Netz zusammengebrochen ist. Auch ist das „Sneakernet” in vielen Fällen günstiger (hohe Bandbreite, vgl. Backups) und sicherer als eine Onlineverbindung. Wer Citizen Four gesehen hat wird sich daran erinnern, wie Snowden zwischen Online und Offline Laptop unterscheidet. Im Übrigen ist Email qua Architektur Offline.

Im Gegensatz zu S/MIME, dem anderen Offline Protokoll, ist OpenPGP dezentral und hat damit große Vorteile: Man kann es überall benutzen und braucht nicht erst eine CA. Die Zusammenkünfte mit anderen Menschen muß man sich ja auch nicht vorab vom Einwohnermeldeamt (dem Pendant zu einer CA) bestätigen lassen.

Die Forderung, Keyserver sollen einen Upload nur zulassen, nachdem sie eine Mail Bestätigung eingeholt haben, zielt wiederum auf ein zentralisiertes System und geht damit vollkommen an der Realität der de-zentralen Architektur von OpenPGP vorbei. Bei zentralen Diensten kann man das halt machen aber nicht bei de-zentralen replizierten Diensten, die absichtlich nicht unter einer gemeinsame Kontrolle stehen.

Die lästigen Probleme, die Jürgen Schmidt offenbar mit nicht-enschlüsselbaren Mails hat, könnte man seht leicht abmildern, indem die c't im Impressum und auf der Webseite auch die notwendigen Kontaktdaten angibt: Also nicht nur Mailadresse sondern zumindest auch die lange KeyID oder den Fingerprint sowie die direkte URL zum Schlüssel.

Auf die gleichartigen Probleme bei S/MIME ist gar nicht eingegangen worden, obgleich dies das andere und angeblich gängigere Mailverschlüsselunsgprotokoll ist. Dies wundert umso mehr, als die c't seit einigen Jahren immer wieder S/MIME als einfache Lösung propagiert. Nur, wie findet man damit den Schlüssel wenn er einem nicht in einer ersten Mail geschickt wird? Die vermeintlichen vertrauenswürdigen CAs sind ein Scherz. Mit deren Hilfe kann jede staatliche oder private Spionageorganisation sich beliebige Zertifikate für beliebige Adressen ausstellen lassen. Das sind dann zwar nicht so offensichtlich falsche Schlüssel wie bei den Keyservern aber freut um so mehr die NSA, den GCHQ, und den BND.

Das direkte Webinterface der Keyserver zu benutzen, um so angebliche „falsche“ Schlüssel aufzuzeigen, ist eine unsinnige Vorgehensweise da Keyserver keine kryptographischen Prüfungen durchführen können (bzw. wollen). Das sollte dem Autor des Artikels bekannt sein, inbesondere da er mich noch einige Tage vorher danach gefragt hatte. Bei der Benutzung von OpenPGP Software wird sich schnell herausstellen, was ein „gefälschter Schlüssel” ist - so ein Schlüssel bzw. User-Id wird erst gar nicht importiert oder in einer Schlüsselliste angezeigt.

Selbstverständlich kann man beliebige Schlüssel anlegen. Beliebtes Beispiel is mit zirka 27 Schlüsseln. Das ist ja nun wirklich nichts Neues und etwas was man auf jeder Crypto-Part lernt. Deswegen gibt es aber auch die Fingerprints in manchen Zeitschriften und auf vielen Visitenkarten. Eingeweihte haben dann auch noch die Keysigning-Parties (obgleich diese mehr ein Gesellschaftsspiel sind als einem Massenpublikum dienlich).

Anstatt über Keyserver und OpenPGP allgemein herzuziehen wäre mehr erreicht, die Mail-Provider aufzufordern, etwas zu tun: Mailadressen sind einzig über das DNS festgelegt und deswegen kann und sollte man auch das DNS benutzen um an einen passenden Schlüssel zu gelangen. Der kann zwar immer noch gefälscht sein, da DNS nicht wirklich sicher ist, aber immerhin gäbe es dann einen passenden Schlüssel zu jeder Mailadresse. Dazu gibt es seit Jahren RFCs und GnuPG hat es seit 2006 implementiert (vgl. GUUG FFG Vortrag). In 2012 habe ich hierzu mit meinem Kollegen Marcus Brinkmann ein Konzept unter dem Namen Steed veröffentlicht, wozu es in der c't den größtenteils korrekten Artikel Vertrauen auf den ersten Blick gab.

Leider wollen die Provider dabei nicht mitmachen und lullen die Öffentlichkeit in Sicherheit durch Schwachsinn wie Email made in Germany oder gar dem Verweis auf den Hintertürdienst De-Mail ein.

Monday, 23 February 2015

Secure Texting Part II

emergency exit | 21:33, Monday, 23 February 2015

Last summer I blogged about secure messaging and why FSFE cares about it (and why you should, too!). Since then a few things have changed, and I want to give you an update on the situation.

The conclusion of my last article was:

TextSecure and Kontalk are both good apps in our eyes, however, TextSecure has a much larger adoption and its protocol has gone through more reviews. The protool is integrated into CyanogenMod, recommended by leading security experts and the project just recently gained lots of media attention and $400.000 funding. So we believe if we are to have a chance at migrating people away from WhatsApp than TextSecure is the way to go.

We knew that TextSecure depended on Google Play Services last year, but we were hoping that this was a temporary problem, as virtually every other messaging app in existence has a fallback mode for delivery that does not require proprietary (Google) components. Unfortunately we were wrong: nearly a year later the development of a websocket based version of TextSecure has stalled. Lead developers at WhisperSystems have stated repeatedly that it is not important to them, and the many requests, tests and code contributions from external people did not result in the situation now being any better than it was a year ago.

Furthermore WhisperSystems has repeatedly demanded other people not distribute modified and unmodified versions of their software. While I believe that WhisperSystems is sincere about security, they seem to have no problem with the security implications of proprietary software, sharing meta-data with Google (by means of Google Push) and now working for WhatsApp / Facebook. This is all a sad example for a project that does license its code under Free licenses, but that otherwise is between uninterested and hostile towards community involvement and the Free Software landscape.

Fortunately, not all is lost! The other program mentioned already a year ago, Kontalk, is doing great. Kontalk is community-based and is transparently financed through donations. It is based on XMPP, actively develops new extensions and proposals for XMPP and their developers are very friendly towards suggestions and community involvement. The server side is even implemented as extensions on top of an existing XMPP server and you can of course run your own (the server isn’t even hardcoded in the app, can be changed via the options). It runs without any proprietary components and is available in F-Droid. There is also a desktop client, although I haven’t tried it, yet.

Some of Kontalk’s features are:
• contact discovery via phone numbers
• transport and end-to-end encryption
• working picture and file sharing
• customizable privacy settings (per-user in future versions)

It is currently still in beta, but some of the expected features for the 3.0 are:
• group chats
• perfect forward secrecy
• sharing of message history between multiple clients
• federation with regular jabber servers(!!!)

I use it day to day and have experienced only few issues. You should it give it a try! And maybe you can help with spreading the word, reporting bugs or even contributing code?

edit: see I am not big for Valentine’s day, but maybe this counts a slightly delayed #ilovefs for Kontalk ;)

Behind every great package stands a great maintainer

softmetz' anglophone Free Software blog | 20:31, Monday, 23 February 2015

Recently I switched from Kopete to Pidgin to KDE Telepathy which got some very nice features with the last release, most notably OTR support. So I went to the YUM-Repository and fetched the package for Fedora 21 just to find the OTR settings panel broken (ok the panel was fine, but the buttons did nothing Read more »

Distributed Java Programming – A new training topic

Computer Floss | 10:58, Monday, 23 February 2015

I was recently in Hamburg once again to deliver another IT training. This time around the topic was Java, a language I’ve long been familiar with.

But it wasn’t just plain old Java; the participants were already well-versed in that. Instead, they wanted to learn how to build distributed systems using Java. Not only that, but they had a few very specific interests, which you see in the list below.

Distributed systems is a challenging topic to teach, especially because it encompasses so much stuff and I had only two days to cover the requested material. Here’s what I managed to include:

Principles of networked and distributed systems

  • Definitions
  • Transparency
  • Benefits and challenges
  • Case study: The web

Distributed architecture and design patterns

  • Layer paradigm
  • Distributed operating systems
  • Interprocess communication
  • Remote invocation
  • Models (client/server, peer-to-peerm multi-server, proxy, mobile variants, thin clients)
  • Distributed design patterns


  • Thread vs. processes
  • Benefits and costs
  • Server threading architectures
  • Threads in Java

Lower-level concurrency mechanisms

  • Thread interference
  • Synchronising

Higher-level concurrency mechanisms

  • Locks
  • Executor, ExecutorService, ThreadPools
  • Futures
  • Concurrent collections


  • Addressing with sockets
  • UDP
  • TCP


  • Input and output streams
  • Stream readers and writers
  • Streaming with sockets
  • Streaming among multiple threads
  • Multicast


  • Serializable interface
  • Serialisation with references
  • Serialisation with inheritence
  • Best practices

Remote Method Invocation

  • Using the RMI registry
  • Remote interface
  • Creating a server
  • Creating a client

Case study: CORBA

Distributed object persistence

  • Java Persistence API
  • Hadoop
  • Distributed databases
  • Special topic: Distributed cache using memcached
  • Best practices for distributed caching

Tuesday, 24 February 2015

Tracking changes with Libreoffice

bb's blog | 15:31, Tuesday, 24 February 2015

The Libreoffice UX team shows a proposal for the management of change tracking. It intends to have a comprehensive and good-looking overview but with the flexibility to add future enhancements. Read more…

Sunday, 22 February 2015

Whitelisting subdirectories using Git’s .gitignore

Sam Tuke » Free Software | 16:14, Sunday, 22 February 2015

Git’s handling of directories and wildcards doesn’t follow bash conventions. First glance at a .gitignore file can easily mislead you into thinking that typical directory references will work recursively and allow whitelisting of many directories at a time. But directories don’t really exist for Git, or at least not as you’d expect. Here’s how to […]

Friday, 20 February 2015

Monday, 16 February 2015

Free Software in Education News – January

Being Fellow #952 of FSFE » English | 11:53, Monday, 16 February 2015

January was quite busy for me, but I still managed to collect some things. If you come accross anything that might be worth mentioning in this series, please drop me a note, dump it in this pad or drop it on the edu-eu mailinglist!

FSFE Edu-Team activities

The first physical edu-team meeting took place alongside FOSDEM in Brussels.

Blogpost by edu-team member Nico Rikken: Why engineering students need to be taught free software


5100+ signatures for open formats in the French educational system (Nice campaign, April!)

Free Software GIS week for Athens students (organised by the Greek Free/Open Source Software Society (El/Lak or GFOSS), in cooperation with the municipality of Athens.

Blog post by Aleix Pol from KDE-Edu: Hacking Free Software, a different point of view

Mozilla Science Lab will launch a fellowship program for early-career researchers, centered around training for more efficient, collaborative research as well as community leadership.


As covered under “community”: Free Software GIS week for Athens students (organised by the Greek Free/Open Source Software Society (El/Lak or GFOSS), in cooperation with the municipality of Athens.

Danish open source early warning system for schools

Edu software

The ATI (Art and Technology of Image) department at University Paris 8 is switching to Krita this year. “This department has the double aim to train students both to use graphic software (2D,3D,VFX and Compositing) and to code their own (Python, C#, C++). Until recently the classes used only Adobe Photoshop, but because of inadequate support from the company the department decided to replace that.”

Other news

Charlie Reisinger talk: More soup, less nuts

Raspberry Pi embraced by Australian school

I’m afraid I missed this in December: Univention presents their annual Graduate Prize for dissertations dealing with applicable and in ­demand Free Software solutions

There is a new open source tool for parents to make their children study and learn in exchange for internet access. It enables education software developers to be compensated for their efforts.

The project’s success will depend on participation. It needs a parent community and a developer community, both of which are beginning to take shape.

Inclusion: Malta promotes ICT tools for an inclusive society

Future events

March 21, 2015: Education Freedom Day

July 21-24, 2015: 9th International Conference on e-Learning (Las Palmas de Gran Canaria, Spain)

Thanks to all contributors!

flattr this!

Saturday, 14 February 2015

I ♥ Free Software 2015

Hook’s Humble Homepage | 21:20, Saturday, 14 February 2015

“Romeo, oh, Romeo!” exclaims the 3D-printed robot Julliet to her 3D-printed Romeo.

It is that time of the year again – the day we display our affection to our significant other …and the Free Software we like best.

Usually I sing praise to the underdogs that I use, the projects rarely anyone knows about, small odd things that make my everyday life nicer.

This year though I will point out some communities, that I am (more or less) active in, that impressed me the most in the past year.

  • KDE – this desktop needs no introduction and neither should its community. But ever so often we have to praise things that we take for granted. KDE is one of the largest and nicest FS communities I have ever come across. After meeting a few known faces and some new ones at FOSDEM, I am very much looking forward to going to Akademy again this year!
  • Mageia – as far as GNU/Linux distros go, many would benefit by taking Mageia as a good example on how to include your community and how to develop your infrastructure to be inclusive towards newcommers.
  • Mer, Nemo Mobile – note: Jolla is a company (and commercial product with some proprietary bits), most of its Sailfish OS’s infrastructure is FS and Jolla tries very hard to co-operate with its community and as a rule develops in upstream. This is also the reason why the communities of the mentioned projects are very intertwined. The co-operation in this wider community is very active and while not there yet, Mer and Nemo Mobile (with Glacier UI coming soon) are making me very optimistic that a modern Free Software mobile OS is just around the corner.
  • Last, but not least, I must mention three1 communities that are not FS projects by themselves, but where instrumental to educating me (and many others) about FS and digital freedoms in general – Thank you, LUGOS for introducing me to FS way back in the ’90s and all the help in those early days! Thank you, Cyberpipe for all the things I learnt in your hackerspace! And thank you, FSFE for being the beacon of light for Free Software throughout Europe (and beyond)!

hook out → closing my laptop and running back to my lovely Andreja, whom I thank for bearing with me

  1. Historically Cyberpipe was founded as part of Zavod K6/4, but in 2013 Cyberpipe merged with one of its founders – LUGOS, thus merging the two already before intertwined communities for good. 

I Love Free Software Day 2015: GnuPG

André on Free Software » English | 18:53, Saturday, 14 February 2015

If you went through regular education in the Netherlands like me, then you most likely ended up in a situation where what you’ve been thought and what is happening around you now are two completely different things.

What happened behind the wall in the ’80s…

While people in East Germany were being robbed, and tax money went into
walls and tapping of communications of the whole population, the Dutch
government, state media and education have shamed such a kind of
society. We, the Netherlands, were a free social market economy and as
such much better than that. At least, that’s what we were led to

On demand of my school back then, I’ve visited Berlin and the
surrounding area in the late ’80s. In my memory of East Berlin, streets
were clean, prices low, and people very friendly. There were almost no
ads in the streets or on buildings. There were no big company slogans
on people’s clothing. A PR lady of the GDR was with our group all the
time, explaining the advantages of communism and what great things the
state had achieved. East Berlin looked like a small city in the province
that happened to have over one million inhabitants.

…and the reframing of what happened next

Societies can only produce a limited amount of resources (labor time,
tax money). If a lot of creative energy is under social oppression and
money is going into surveillance and the upkeep of walls, then you’re
not going to win it economy-wise. That’s why the Soviet Union went down.

But in that era, the beginning of the ’90s, it was not longer about
maintaining and if possible exporting the free social market economy. It
was about laying the foundation for the dismantling of the welfare
state in Western Europe, pushing Russia back as far as possible, and
keeping the Germans in a situation were they were only allowed to win
economically. Which they did.

In the Netherlands, that had no enemy anymore, the state could have
chosen to become a real democracy, where for example you could chose
your mayor. It didn’t.

So “the West” had a one chance period to change everything for the good
and they blew it completely.

Instead of that the people in power wanted to stay in power and were in
need of a political excuse. Exports of weapons to unstable countries
where madman rule everything are guaranteeing that there is terrorism,
and terrorism is the excuse to not become a full democracy (yet) and put
the whole population under mass surveillance.

As a subject of the Netherlands, I can do almost nothing. But what I can
do, I do:

  •   Free Software, as it stands for everything dictators do not like
  •   no commercial “social media”
  •   choose a bank that is not financing the weapons industry

In the ’80′s, my history teacher said that because of what happened in
1940, the Dutch state would never hold population data with personal
information about everybody. I hope for him he’s waken up from his
fairytale and join me in supporting Free Software.

On this day I want to thank everyone involved in Free Software, and
especially those who develop and work for GnuPG, as it is in the end
about Freedom.

I love Taskwarrior, therefore I love Free Software

Max's weblog » English | 12:05, Saturday, 14 February 2015

ilovefs-heart-pxIt’s Valentine’s day and you’re writing a blog post? Are you nuts?” you might ask. Well, but it’s not only Valentine’s day but also I love Free Software day. This day is proclaimed every year on February 14 by the Free Software Foundation Europe to thank all developers and contributors of Free Software (software you can use for any purpose, which source code you or others can analyze, which can be modified and distributed).

As last year with ZNC, I want to say thank you to a specific project which easies my daily life. As you might know by other blog posts here, organisation of tasks, mails and almost everything else is a very important issue for me. So this year I want to write some lines about Taskwarrior, taskd and Mirakel which enable me to take some free time without thinking of task which I could possibly forget to accomplish later on.

My head is full of ideas and mental To-Do lists and so I’m in need of a handy tool which allows me to write down and organise items at any place and time: At my desk, in bus or train, when I’m offline or abroad. And its important that I don’t have (analog and digital) bits of paper everywhere, so I need a system that syncs all task inputs and outputs. I tried a lot of tools but Taskwarrior was the best so far. It used the well-known “Getting Things Done” concept with different priorities. Taskwarrior also supports tagging tasks, organising them in projects, due dates, postponing, making tasks dependend on others and much more. And Taskwarrior has a (modifyable) algorhythm that sorts your tasks by urgency levels, so that the most important tasks always are on the top of the list. Even now I just took a glance at what Taskwarrior is able to do!

Picture of a woman with a chalk board which expresses her apreciation for Taskwarrior

Someone who loves Taskwarrior as much as I do

Services and programs that organise tasks aren’t very special!” one might think. But if you prefer sorting tasks digitally, you cannot simply chose a random todo-organising service provider. Most of the tools and services on the market aren’t free and transparent. All input may no longer belong to you, all the gathered information (which is a lot if you think of it!) could be used for targeted ads or worse. You cannot modify the algorhythm to suit your needs. And what happens if the service provider goes bankrupt? All data, all project history and all pending tasks would be lost at once. So using a free (as in freedom), decentralised, maybe self-hosted service is the best idea to organise your tasks decentrally.

But one thing at a time, let’s start from the very basic. You can install Taskwarrior and almost any operating system. After the installation, taskwarrior isn’t much more than a black window with white letters in it. And even when you’re a pro-user, you won’t find much more than white or colourful text on black background – and this is a good thing! I’ve seen no graphical user interface which can handle Taskwarrior’s complexity and the users’ needs sufficiently (but there are some, feel free to test them!). Nevertheless, it’s quite easy to use Taskwarrior from your terminal:

$ task add "This is my first task"          # Add your first item
$ task long                                 # Show all pending tasks
$ task add "Second VIP task!" pri:H         # Add a task with priority
$ task add "Third task with tag" +test      # Add a task with a tag
$ task add "Fourth projected task" pro:Blog # Add a task with a project
$ task long                                 # Show all pending tasks
$ task 1 done                               # Mark first task as done (ID = 1)

There are many useful and well understandable guides in the project’s documentation. Most likely you do not need every command but maybe it’s useful to read something about techniques which might help you to organise your tasks your way.

Some useful commands of Taskwarrior (using some fish shell features)

Some useful commands of Taskwarrior using some fish shell features (click to open)

But Taskwarrior is only for your local computer. What’s if you want to use it when sitting in the bus and don’t want to forget a ToDo item you want to write down at the very moment? Then there’s a handy application for Android called Mirakel. Even the app itself is powerful, but it’s full potential is unleashed when combining it with Taskwarrior. For this, we need a central instance which synchronises the tasks you add or edit on your devices. The Taskwarrior project developed taskd for it which you can easily setup on a server. You can also use Mirakel’s own public taskd server (at least in the past) if you don’t own a server or don’t want to maintain this service.

So if you connect both Taskwarrior and Mirakel to the new taskd server, you can easily share all tasks among them. When marking a task done on your smartphone, it’s marked as done on your home computer some seconds or minutes later if you want to. Security is an important part of taskwarrior as well, so transport encryption is on by default. And if you want, you can also try a web interface or other handy tools and extensions for your server and client which I haven’t tested yet.

Hopefully you now know a bit more about Taskwarrior and Mirakel and the great tools they designed. Of course I do not only want to recommend some software but also use this opportunity to say a big THANK YOU to all the people behind these projects! Thank your for developing the software and making it compatible to each other. Thanks to the various contributors which are writing the important documentation, adding new languages, writing tools and bridges for other usage scenarios and thank you for reacting to bug reports. People like you make Free Software possible!

Confronting your digital self

Nico Rikken » fsfe | 11:41, Saturday, 14 February 2015

July last year I’ve deleted my Facebook account, but not just by deactivating my account, but by removing each and every post, tag and like. This was a head on confrontation with my digital self. The little information I believed to have submitted proved to be an overwhelming pile of data with serious privacy implications. This wasn’t just a rigorous action, it was a treatment teaching me about privacy. Being convinced I would be one of the few crazy enough to make the effort of deleting the individual scraps of information, I was surprised to find out that some of my friends did exactly the same thing. And more importantly, they had a similar mind-boggling experience. What if there would be a tools continually reminding you about the information you have shared, in statistics as well as by highlighting some of that information? Giving this feedback would certainly help to make people more privacy-aware, the initial step towards a better common practice.

Dia, I love you

Nico Rikken » fsfe | 09:47, Saturday, 14 February 2015

Roses are red. Handles are green.
You’re the finest diagramming software I have ever seen.
Always there to help me out.
And you ask nothing in return.
Creating things together is all I really yearn.

Dia I know we will be a great team.
We can work together even upstream.
So let this be my tag line:
Would you be my Valentine?

'I Love Dia' drawn in Dia.

I love Free Software: Thanks to all the GnuPG contributors

I love it here » English | 07:22, Saturday, 14 February 2015

Today is “I love Free Software”-Day. A day to thank all the hard working people behind Free Software. Beside initiating #ilovefs I also try to write a short thank you note to one project every year. After I thanked Coreboot in 2013, and mpd, ncmpcpp, and MPDroid in 2014 this year I want to thank all the people involved in GnuPG coding and promoting.

Unfortunately I do not remember when exactly I started using the GNU Privacy Guard (GnuPG). I just know that I started using a PGP implementation in 2001 on my GNU/Linux machine. First with some friends from our local Free Software group to encrypt and sign our data and communication, which was a very cool feeling. Later I tried to convince close friends and family with whom I had private conversations to set it up so “we can communicate like we do with letters instead of postcards”.

<figure about="" xmlns:cc="" xmlns:dc="">Person with a red ilovefs balloon and a speaking buble saying GnuPG <figcaption>Someone expressing his love to GnuPG Matthias Kirschner CC BY-SA <script> function showEmbed(element) { var figureNode = element.parentNode.parentNode; var helperNode = document.createElement('html'); helperNode.appendChild(figureNode.cloneNode(true)); embedNode = document.createElement('input'); embedNode.value = helperNode.innerHTML.replace(/<:/g,"<").replace(/<.:/g,"</figcaption><style scoped="scoped">figure[about] { display: inline-block; margin: 0; padding: 0; position: relative; } figure[about] > img, figure[about] > audio, figure[about] > video, figure[about] > object { display: block; margin: 0; padding: 0; } figure[about] figcaption { background-color: rgba(190, 190, 190, 0.6); bottom: 0px; font-size: 12px; height: 22px; left: 0px; line-height: 22px; overflow: hidden; padding-left: 22px; position: absolute; width: 0px; } audio +figcaption, video + figcaption, object + figcaption { left: 22px !important; } figure[about] figcaption:hover { height: inherit; width: inherit; } figure[about] figcaption [property*=title] { display: none; } figure[about] figcaption [property*=attributionName] { border: none; color: black; display: inline-block; height: 22px; margin: 0 0.5em; text-decoration: underline; text-shadow: none; } figure[about] figcaption small { position: absolute; left: 0; bottom: 0; } figure[about] figcaption small, figure[about] figcaption small a, figure[about] figcaption small a abbr { color: transparent !important; border: none; display: inline-block; height: 22px; margin: 0; padding: 0; text-shadow: none !important; width: 22px; } figure[about] figcaption small a[href^=""] { background: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABYAAAAWCAQAAABuvaSwAAAAAnNCSVQICFXsRgQAAAAJcEhZcwAABJ0AAASdAXw0a6EAAAAZdEVYdFNvZnR3YXJlAHd3dy5pbmtzY2FwZS5vcmeb7jwaAAABmklEQVQoz5XTPWiTURTG8d8b/GjEii2VKoqKi2DFwU9wUkTdFIeKIEWcpIOTiA4OLgVdXFJwEZHoIII0TiJipZJFrIgGKXQQCRg6RKREjEjMcQnmTVPB3jNc7j1/7nk49zlJ+P+1rPsqydqFD1HvSkUq9MkpaQihoWRcfzqftGUkx9y10Yy33vlttz2GzBmNQtfLrmqqGu6odNKccOvvubXt1/Da+tAZBkwKx1OwHjNqti1EQ7DBN2Vr2vBl4cJiaAjOCdfbcMF3mWC7O6qmDFntms9KzgYZNU/bcFkxBM+UjXjiilFNl4yZsCIoqrRgA0IuGNRws1W66H1KSE5YFzKoa+pFTV0/ydYk66s+kt5kE1ilqd7qs49KIcj75bEfxp0RJn0yKxtMm21rzmtYG6x0Wt5Fy4ODbhuzJejx06M2PCzc+2frbgjn0z9YEE4tih7Q8FyShgdVzRvpQk+omLe5wxvBIV+ECTtkQpCx00Oh4ugCI7XcfF8INa9MqQnhQdrRSedYJYcdsc9eTHvjRbzsyC5lBjNLYP0B5PQk1O2dJT8AAAAASUVORK5CYII="); background-position: 0px center; background-repeat: no-repeat; } figure[about] > figcaption button, figure[about] > figcaption input { color: inherit; background: inherit; border-width: 1px; font-size: smaller; margin: 0 0.5em; width: 5em; } </style></figure>

(Just for clarifications: no it is not me on the picture, it is Maurice from our team in the Netherlands.)

In 2002 — at that time I was definitely using GnuPG — I had the pleasure to meet friendly Debian guys at the University of Konstanz, who were also quite active in keysigning. So from that time on, whenever I met someone using GnuPG we signed our keys to establish new trust paths.

When I joined FSFE in 2004 it gave me the chance to work with the main GnuPG author Werner Koch. As we decided in 2004 to use GnuPG smartcards as sustaining membership cards for FSFE, I also helped Rebecca + Thorsten Ehlers and Werner with some contributions to the GnuPG smartcard Howto.

This was also the time when I got my first business cards for FSFE, and they included my GnuPG fingerprint! At that time lots of people, especially outside the Free Software community, raised their eyebrows after I answered their question what those numbers are.

In the following years I had the pleasure to meet more and more GnuPG developers: NIIBE Yutaka, from the Free Software Initiative Japan, who thankfully explained me new cool stuff every time we met, and Marcus Brinkmann who was employed to work for GnuPG in the past.

For a long time I had the impression that GnuPG usage was decreasing, and it was not considered that cool anymore. But recently that changed after the Snowden leaks. Many new people wanted to learn how to secure their communications. Fortunately many people, including a lot of our FSFE’s volunteers, organised and helped at Cryptoparties, teaching e-mail encryption.

Recently I was very happy to see FSF’s Email Self-Defence Guide, which explains how and why you should use GnuPG for your electronic communication. Afterwards Erik Albers worked together with our volunteer Franz Gratzer to to create FSFE’s “E-Mail self-defence” leaflets. Thanks to our translators they are now layouted in simplified Chinese, German, English, Spanish, French, Italian, Dutch, and Albanian. The translations for Greek, Latvian, Serbian, and Turkish are in the proofreading process, and the Catalan as well as the Polish translations are almost ready for proofreading. So whenever you want to promote encryption, those leaflets can help you with that.

Many people contribute to GnuPG. I have more space than Laura Poitras in the credits of her film Citizenfour which mentions GnuPG as well, so I will thank some people directly. Beside them there are others who also did important work to enable me to have private communication and to keep my computer more secure. So to all of you whom I do not know (yet) or whom I forgot: Thank you! I love what you are doing!

Special thanks to the GnuPG hackers David Shaw, Marcus Brinkmann, NIIBE Yutaka, Jussi Kivilinna. Thanks to the people documenting GnuPG, e.g. Thorsten and Rebecca Ehlers. Thanks to Martin Gollowitzer for supporting FSFE’s sustaining members when they have questions about our smartcards. Thanks to Nicolai Josuttis (Enigmail), the kmail developers, the developers and maintainers of the signing-party tools. Thanks to Zak Rogoff and FSF’s campaign team for the E-Mail-Self-Defence guide and to Ana Isabel Carvalho and Ricardo Lafuente who designed those awesome infographic. Thanks to Erik Albers who convinced me that we need the GnuPG leaflets and who created them. Thanks to Franz Gratzer who did the layout for those leaflets. Thanks to FSFE’s volunteers for translating them in so many languages! Thanks to all the people around the globe who organise cryptoparties and help others to secure their communication, especially Hauke Laging, Felix Stegerman, and Guido Arnold.

But my biggest thank you of course go to Werner: thank you, Werner, for keeping up your good work during all those years!

Ubuntu calling for freedom

Nico Rikken » fsfe | 01:00, Saturday, 14 February 2015

So far the flash sales of the first Ubuntu phone by Bq has been sold out, and certainly not without a reason: the Ubuntu phone holds great promises for both the users and the development community. On the FSFE Discussion mailinglist I already gave a quick and general overview mostly based on a recent Linux Unplugged podcast, and so in this post I’d like to revisit my comments with a focus on freedom, as this is lacking in other articles. One word of caution though, I haven’t yet read formal documents or code, so all listed info is second-hand.

First off, embedded devices are difficult, and phones in particular are hard, like Fairphone for instance has come to find. The problem with phone-hardware in general, is the fact that a build is needed for a specific phone since auto-discovery of peripherals like on a regular computer is missing. Add to that the fact that electronics are developed more rapidly than free drivers an be developed, as was the case for the Vivaldi tablet. So unless you have a say in the electronics, and allow a non-signed bootloader, it is very hard and especially time-consuming to develop this lowest layer as free software. and that is also why project like Neo900 and GTA04 exist. One of the added benefits the GTA04 offers, is that the modem is physically separated from other processors, as the modem implementation is locked-down by law. This is about as free software supporting as free hardware designs can get, but this freedom comes at a cost in performance and money, thus requiring plenty of commitment to become a reality.

So in order to actually ship a product, using non-free designs and chips will be the default option, like Ubuntu did in this instance. In order to get a kernel running the device-specific board support package offers the prerequisites needed to boot the Linux kernel. But rather than modifying the Linux kernel and building a tightly integrated software stack for a particular device, as is the case for Android, Ubuntu Phone separates the software stack in two separate layers: a device-specific part and a Ubuntu-part. This separation is ingenious and brings great benefits.

By having a separate Ubuntu-part, this can be updated in the future, without having to do revisions on the device-specific part, thus allowing all models to stay up to date with the newest Ubuntu, and thus avoiding both the platform segregation of Android and the limited number of firmware updates like on iOS. Users can thus still get security fixes and the features newer applications might rely on. Also regarding this part, it would be possible to run a different top layer for a specific mobile operator, or run a different interface on top of this Ubuntu separation layer. I haven’t looked into this layer, but ideally it should be a clean and stable in order to allow others to adopt it.

Likewise the bottom part can be swapped. For instance an Ubuntu Phone port was made to the Nexus 5, which was done by building the necessary but limited hardware support and offering the separation layer. Due to the additional separation, this port will be able to keep up with firmware updates, and so all additional development efforts can go towards improving the device-specific part rather than keeping up with firmware versions. Depending on the required complexity of this device-specific layer, porting additional devices is relatively easy and particularly fruitful as it can remain nearly a one-time effort.

I’m not aware how free the Ubuntu-part is, although I assume this would be in line with other Ubuntu distributions where it mostly adheres to your needs for freedom. The interface is based on Qt5 and is very supportive of HTML5 applications. In this way mobile applications would be able to run on the Ubuntu desktop in the same matter, offering a great convergence solution. Also it is supportive of efforts being made to put forward HTML5 applications for a run-everywhere solution. There is no policy which requires applications to be free, so you can install all kinds of applications, of which a long list is already available. Users are able to sideload applications, avoiding the dependence on an appstore, which is probably the reason why no appstore was launched by Ubuntu just yet. Of no less importance, it seems to be well designed and offer great usability.

One somewhat overlooked part, is the availability of scopes. They aren’t as much overlooked in functionality, but rather in philosophy. Android and iOS have recently realized that apps can be complementary and it is up to the firmware to provide the integration. This can be news and weather, but more recently health and home automation seem relevant as well. The fact that scopes can either work with local data or on the internet but not both, respects the capabilities of the device and prevents unwanted data transmission. More importantly by offering aggregated scopes, you can create a locally generated view. This adheres to the vision of a web which is decentralized rather than centralized and in which each computer has many outgoing connections.

Of course the big elephant in the room is that the phone ties into the Ubuntu ecosystem and so convergence would be best between the Ubuntu phone and the Ubuntu desktop, and likewise it would bring a boost to the Ubuntu store, Ubuntu Snappy Core and presumably to cloud services. So what if Ubuntu would be the next big platform? Well, it would bring a very free firmware which is very friendly to porting devices, it would encourage development in HTML5 and Qt, it would encourage more decentralized applications, it would enable development of the Ubunthu phone itself, and it would put a great alternative next to the Google-ized Android and other systems.

Either way, I nearly bought one but I just missed out by the flash-sale. I’d strongly consider ordering one, because I believe this stack is much more freedom-respecting than Android. More frustrating my perfectly fine phone is still on Android 2.2 with a lack of application support and a whole load of known bugs. I haven’t looked deep enough into Jolla or Tizen to judge them. There are many known improvements available to be adopted, both in hardware, firmware and the available applications. Currently however this seems to be a great phone, with a great software platform, which is another stepping stone in the right direction.

Friday, 13 February 2015

I Love Free Software

Jens Lechtenbörger » English | 23:01, Friday, 13 February 2015

I love Free Software!
Today is Valentine’s Day, which is a popular occasion to celebrate love. I love free software. In case you don’t know: Free software is software that respects our freedom, and I suggest that you take a close look.

Today I’d like to recommend a pair of nifty, lovely Android apps that I use on a regular basis to improve my vocabulary, namely AnkiDroid with QuickDic. (Needless to say, both are available via F-Droid, an alternative app store that provides nothing but free software.)

AnkiDroid is a tool to memorize things based on flashcards, organized in decks. In a nutshell, you create cards with different contents on back and front, AnkiDroid presents one side of a card, and you try to recall the other, telling AnkiDroid how easy it was to recall the matching content. The frequency of how often a single card’s side is presented is determined by a so-called spaced repetition algorithm. Essentially, the better you know a card, the less frequently it is presented. Lots of card decks are available on the Web and can be imported into AnkiDroid. I don’t use that feature, however.

Instead, I use AnkiDroid with the offline dictionary app QuickDic, which offers dictionaries for lots of (pairs of) languages. Whenever I look up an intriguing word or phrase in QuickDic, I long-press that dictionary entry to invoke a share dialog. Selecting AnkiDroid in that dialog creates a pre-filled flashcard in AnkiDroid, which just needs minor tweaking to create a new card. Learning vocabulary has never been simpler.

I love free software.

I love Free Software!

Software isn’t magic

Nico Rikken » fsfe | 21:26, Friday, 13 February 2015

Last month the news landed that the recent Microsoft Outlook app for Android and iOS was leaking and exploiting login credentials. Because of this leak the European Parliament and some universities have blocked the use of this app. Although Microsoft promises double-encryption of the credentials, this specification is an optimistic representation of the actual practice:

What I saw was breathtaking. A frequent scanning from an AWS IP to my mail account. Means Microsoft stores my personal credentials and server data (luckily I’ve used my private test account and not my company account) somewhere in the cloud! They haven’t asked me. They just scan. So they have in theory full access to my PIM data. – Rene Winkelmeyer

From an engineering perspective this seems to be a straightforward way of offering push messages when the original synchronization interface wasn’t suitable to. But something is of course totally off in the interface of the app. Asking whether or not you’d like to receive push-messages only covers part of the deal. The real result of switching on push-messages can be read in the privacy statement:

We provide a service that indexes and accelerates delivery of your email to your device. That means that our service retrieves your incoming and outgoing email messages and securely pushes them to the app on your device.Similarly, the service retrieves the calendar data and address book contacts associated with your email account and securely pushes those to the app on your device. Those messages, calendar events, and contacts, along with their associated metadata, may be temporarily stored and indexed securely both in our servers and locally on the app on your device. If your emails have attachments and you request to open them in our app, the service retrieves them from the mail server, securely stores them temporarily on our servers, and delivers them to the app.

It is a unfortunate combination of a lack of security with an unclear presentation to the user. Likewise I’m curious who actually knows for that Google is storing all WiFi credentials of users having enabled the ‘backup’ option. In fact, these misconceptions of the inner working aren’t an exception, it’s more the usual case. Arne Padmos spoke at the last CCC and referred to a research into public perception of email. The over-simplistic drawings on page 15 clearly shows peoples lack of understanding about parties involved. Likewise 29% of U.S. citizens believe the cloud has something to do with the weather, and 95% are using cloud services whilst they thought they weren’t.

Software isn’t magic, but unfortunately it isn’t easy to understand for most people either.  I’m certain we can, and should, do better job in educating the general public on these topics. It feels like a big secret waiting to come out, that so many parties and services are involved in getting a service to work. A secret we’d rather not bother a customer with, because the engineers have taken care of it and weighed the pro’s and con’s for the customer. But wouldn’t the customer be better of knowing what decisions underlie a system, to allow an educated choice?

In the Netherlands we have standardized obligatory layouts for energy bills so that customers have a better chance of understanding the product. Likewise there is a standard specification describing more complex financial products for a similar goal. In this regard it seems odd that digital services, which are often times highly complex, can get away with obfuscating instead of explaining. If more people would know their emails are like postcards, and would know that many parties handle those emails, I’m certain the demand for encryption would increase.

I want to love the future. That’s why I love Free Software

Karsten on Free Software | 17:55, Friday, 13 February 2015

In the 1990s and early 2000s, we believed that we with digital technology and the internet, we were building a utopia. And my, has the comedown been harsh, as we discovered that we had built all the tools for a surveillance state instead. We enthusiastically took to platforms like Facebook and Google and fed them with every last detail about our lives.

We did this for the search results and the cat pictures and to have a better way to coordinate pub nights with our friends. All the while, the giants of flesh and steel who we thought were weary were hauling our secrets out through the back door by the truckload. Those platforms aren’t public spaces. They’re like shopping malls, with their own mean little sets of rules. We’re only ever allowed there on their terms, and they watch everything we do.

Using a device with stock Android puts me in the same state of anxious watchfulness that I get when I walk through a crowded railway station. There are data pickpockets lurking at every turn, waiting for me to be distracted for a second, perhaps by one of the dozens of dodgy deals that are constantly shoved in front of me.

I look at Ethiopia, the world’s first off-the-shelf surveillance state, it’s our own future that I see. Given how internet policy in the western world has evolved over the past decade and a half, Halvar Flake is right in saying that most democracies are two terror strikes and one opportunist away from a dictatorship.

But it doesn’t have to be this way.

We have powerful tools that help us defend and regain the freedoms we’ve lost, and the ones we’ve given up. We can use GnuPG to securely encrypt our files and our communication. We can use Tor to browse more or less anonymously. In a perfect world we wouldn’t need these tools; but this world isn’t perfect, and so we need them. Anyone who asks you to use non-free crypto and privacy tools is either a fool or a liar. There’s just no way to put this more mildly.

We can avoid giving up data and control out of sheer laziness. If you tell me that you don’t want to pay around 10€ a month for email and hosting while fiddling with your 500€ smartphone, then I’ll say that you’ve got your priorities wrong. For a lot of the things that you can do with Google, Facebook and all the other stuff, you can find self-hosted Free Software programs that do much the same, while putting you in the driving seat. And that’s before we even mention approaches like open data, which we can combine with Free Software to put more power back in people’s hands.

This is Valentine’s Day, and we’re supposed to think of the people we love. Let’s teach them the skills that they’ll need to protect their freedom in a world that’s only ever going more digital. If you host your mail with one of the big providers, you’re exposing everyone you exchange messages with to government surveillance. If there’s someone you love, don’t force them to communicate with you through these platforms. Instead, give them the skills they need to retain their autonomy in today’s world.

In the end, we’re making the bed that we are going to lie in. Our choices today help to determine the future that we’ll live in. Not only do we have choice; we constantly exercise choice, whether by commission or by omission.

We’re always building something. We can build the tools of oppression, or we can build the tools of freedom.

We can teach. We always teach, mostly by example. Let’s make sure that we teach freedom to our children and our friends.

We’re always making choices. By choosing the technology we use, we build the world we’ll live in tomorrow, bit by bit. That’s why I choose Free Software: So that we can live in freedom tomorrow.


Tuesday, 24 February 2015

Rapid UI development for TrustBridge

bb's blog | 15:31, Tuesday, 24 February 2015

TrustBridge is a secure root certificate installer for Windows and Linux. In this article we outline the development of the User Experience. Last year we teamed up with Intevation to create interfaces and interactions for TrustBridge. TrustBridge is a secure root certificate installer for Windows and Linux, contracted by the German Federal Office for Information [...]

Tuesday, 10 February 2015

Open Source Developers’ Conference Nordic

Frederik Gladhorn (fregl) » FSFE | 09:05, Tuesday, 10 February 2015

I got involved in organizing a local conference in Oslo: Open Source Developers’ Conference Nordic. I’m very much looking forward to an open source event here!

And it looks like we will have a Qt track! I’d be happy to add more Qt and KDE talks, so sign up. Of course everyone involved in free and open software is invited to join. And a big thanks goes to the local Perl Mongers to get the whole show started.

Here is the invitation to join the event:

OSDC Nordic is an upcoming open-source friendly community-oriented
event, held May 8th - 10th in Oslo.

Open Source Developers' Conference exists to enable the many Nordic
open source communities to come together and share their enthusiasm.

Read more about the event on

We want you and your friends to come together to learn, hack and share
their enthusiasm!

Participate by presenting a talk, hosting a workshop, involving your
community, by volunteering, or simply by participating in this awesome
and unique event. Register on

Feel free to contact us with any questions on

And finally. To build a great community event we need everybody care by sharing.

Help us spread the word!

Monday, 23 February 2015

Report from FSFE Munich local group meeting January 2015

softmetz' anglophone Free Software blog | 20:31, Monday, 23 February 2015

The Munich FSFE fellowship group gathered for the first time in 2015 on 9th January. Although some of the regulars were still on vacation, we were able to get some things done. As decided during the December meeting we reviewed some tools to support our work. We had Owncloud, Trac, Redmine and the Fellowship Wiki Read more »

Been at FSCONS 2014

softmetz' anglophone Free Software blog | 20:31, Monday, 23 February 2015

I’ve been in Gothenborg, Sweden from Oct. 30th to Nov. 4th 2014. During my stay I got to know Sweden and Gothenborg to some extend. I really had a nice time there, wandered the city and harbour a lot, got addicted to Fika (coffee with kanelbulle (cinnamon rolls)), talked to locals using my still minor Read more »

Monday, 09 February 2015

Switching SSL certificate – no bullshit

Martin's notes - English | 16:02, Monday, 09 February 2015

As attentive readers of my blog might have noticed, has a new SSL certificate. I didn't simply renew it (which would have become necessary in March anyway), but I also switched to a new Certificate Authority (CA). The CA I chose is, a french CA and registrar (I transferred the domain to them as well).
This step became necessary after the Heartbleed disaster revealed what my former CA StartSSL actually cared about – which is not security. Gandi is different, which is the reason for their slogan: no bullshit.
Gandi is also well-known as a company who takes its responsibility towards society seriously. This is why they also support Free Software Foundation Europe – FSFE will switch to certificates as well as part of the current process of migrating services to new hardware and newer versions of the underlying operating system. We hope to finish this process until the end of 2015, but we cannot guarantee it since the project is mainly run be volunteer working power. However, we hope to keep the impact on you, the user, as little as possible.

Planet Fellowship (en): RSS 2.0 | Atom | FOAF |

  /127.0.0.?  /var/log/fsfe/flx » planet-en  Albrechts Blog  Alessandro at FSFE » English  Alina Mierlus - Building the Freedom » English  André on Free Software » English  Being Fellow #952 of FSFE » English  Bela's Internship Blog  Bernhard's Blog  Bits from the Basement  Björn Schießle's Weblog » English  Blog of Martin Husovec  Blog » English  Bobulate  Brian Gough's Notes  Carlo Piana :: Law is Freedom ::  Ciarán's free software notes  Colors of Noise - Entries tagged planetfsfe  Commons Machinery » FSFE  Communicating freely  Computer Floss  Creative Destruction & Me » FLOSS  Daniel Martí's blog - fsfe  Don't Panic » English Planet  ENOWITTYNAME  Escape to freedom  FSFE Fellowship Vienna » English  Fellowship Interviews  Fellowship News  Frederik Gladhorn (fregl) » FSFE  Free Software & Digital Rights Noosphere  Free Software with a Female touch  Free as LIBRE  Free speech is better than free beer » English  Free, Easy and Others  From Out There  GLOG » Free Software  Gianf:) » free software  Graeme's notes » Page not found  Green Eggs and Ham  Handhelds, Linux and Heroes  Heiki "Repentinus" Ojasild » English  HennR's FSFE blog  Henri Bergius  Hook’s Humble Homepage  I love it here » English  Inductive Bias  Intuitionistically Uncertain » Technology  Jelle Hermsen » English  Jens Lechtenbörger » English  Jonas Öberg  Karsten on Free Software  Leena Simon » » english  Losca  Mario Fux  Mark P. Lindhout’s Flamepit  Martin's notes - English  Matej's blog » FSFE  Max's weblog » English  Myriam's blog  Mäh?  Nice blog  Nico Rikken » fsfe  Nicolas Jean's FSFE blog » English  Paul Boddie's Free Software-related blog » English  Pressreview  Saint's Log  Sam Tuke » Free Software  Sam Tuke's blog  Seravo  The Girl Who Wasn't There » English  The trunk  Thib's Fellowship Blog » fsfe  Think. Innovation. » Blog  Thinking out loud » English  Thomas Koch - free software  Thomas Løcke Being Incoherent  Thoughts in Parentheses » Free Software  Tonnerre Lombard  Torsten's FSFE blog » english  Torsten's Thoughtcrimes» Free Software  Viktor's notes » English  Weblog  Weblog  Weblog  Weblog  Weblog  Weblog  Werner's own blurbs  With/in the FSFE » English  a fellowship ahead  agger's Free Software blog  anna.morris's blog  ayers's blog  bb's blog  blog » English  drdanzs blog » freesoftware  emergency exit  free software blog  freedom bits  gollo's blog » English  hesa's Weblog » Free Software  irl:/dev/blog » fsfe-planet  julia.e.klein's blog  marc0s on Free Software  mkesper's blog » English  nikos.roussos  pb's blog » en  pichel's blog  rieper|blog » en  softmetz' anglophone Free Software blog  stargrave's blog  the_unconventional's blog » English  things i made  tobias_platen's blog  tolld's blog  wkossen's blog  yahuxo's blog