Planet Fellowship (en)

Friday, 19 December 2014

Password hygiene – every man’s responsibility

Seravo | 07:18, Friday, 19 December 2014

Everybody knows what hand hygiene is: hands are disinfected every time we enter a hospital. In the same way as germ-free hands stops diseases from spreading, password hygiene helps to prevent the misuse of credentials. Password hygiene may feel useless when the effect is not immediately visible, but it is never the less very important in the age of information society.

Password hygiene is no harder that normal hygiene. Everybody can learn it with the following simple principles:

1. Store your passwords securely

Passwords on paper

A trick to avoid storing passwords in plain-text on paper

The best would of course be to store all passwords inside one’s head, but since remembering all credentials by heart isn’t simply possible, another good option is keeping the in your wallet. People keep money in their wallets, so most of us are used to store it securely.

Passwords can be “encrypted” on paper with a simple trick: use a common first part in all passwords, for example ‘Ma55i’, which you remember by heart. Then write the last part of the password on paper, for example ‘hU8kkP’. Only you will know that the complete password is then ‘Ma55ihU8kkkP’.

Remember also to make backups of it for example by xeroxing the paper slip. Use the money analogue to choose a good place to store the backup: put the important paper in a safe.

Using paper has some drawbacks, like the need to type passwords all the time. Using a piece of software on the computer will make things easier, because then it is possible to simply copy-paste the usernames and passwords from the program. The recommended program is KeePass. It is free and open source software, its internal functioning is transparent and it is unlikely to have backdoors or other weaknesses, and the same program is available for multiple platforms, including Windows, Linux, OS X, Jolla, Android.

2. Use different passwords in different systems

It is dangerous to use the same password in multiple accounts. For example if your Twitter-password leaks and somebody can log in to Twitter using your account, they will quickly find out what your e-mail address is, and then for sure try to log into your e-mail account using the same password you had on Twitter. Can you afford to loose control of multiple accounts at the same time?

Here too, programs like KeePass help, because they facilitate the automatic generation of new passwords for each new account.

3. Use passwords which are difficult to guess and complex

KeePass

KeePass password strength meter

Password crackers always start out by trying to guess typical passwords, like horse99 or 123hound. Don’t have a weak password that is likely to be cracked by brute-force password cracking tools. A good password is complex and consists of at least 9 characters, and includes both capitals and small letters, numbers and special characters like +-.,_:;.

Again, KeePass helps with this too, because it has a built-in password strength meter, which will tell you it the password is strong enough, or it can even generate the passwords automatically for you.

4. Change your passwords regularly – or immediately if you think it has leaked!

If the password is strong enough, then a suitable interval to change passwords is a few years. If a password is too weak, then it does not matter much if you change if often or not. Rule number 3 is therefore more important.

In KeePass the dates when a new password was saved is automatically stored, so it can also help you see how old your passwords are.

If somebody suspect somebody peaked over your shoulder and spied on your password, you need to change it immediately. Well designed computer systems show you on login when your previous login was. For example if you return to work after a holiday, and when you log in the system tells your last visit was a few days ago – while you were still on holiday – you will notice that something is wrong and know that the password needs to be changed.

5. Never tell you password to anybody

Never ever tell your password to anybody. No administrator on any system needs to know your password – administrators can anyway always reset your account and get the password that way. If somebody asks for your passwords, it is almost for sure some kind of fraud.

The most common reason for password leaks is that users have themselves told the password to somebody who had a credible enough sounding reason to ask for it!

6. Send you passwords to the correct system and only using a secure connection

When you are about to sign in to a system, try to make sure that you are really connected to the correct system and that the connection is securely protected. A common way to steal passwords is to do a so called man-in-the-middle attack, where the user is tricked in a way or another to enter their credentials to a false system, yet the connection is passed on to the real system so the user does not notice anything unusual. For websites make sure the URL in the address bar is correct before you sign in and make sure it contains the s in the https part so that the connection is secure.

This is however not a guarantee – sophisticated attacks can make the remote system appear perfectly normal with correct address and everything, because the attack might target the underlying network infrastructure. But none the less, every user must make sure they do their own part in keeping the systems secure, and what happens after that is up to the system engineers to take care of.

Original presentation in Finnish

..is available on Slideshare:
<iframe frameborder="0" height="443" marginheight="0" marginwidth="0" scrolling="no" src="https://www.slideshare.net/slideshow/embed_code/42843833" width="540"></iframe>

Monday, 15 December 2014

People and their Walled Gardens

Paul Boddie's Free Software-related blog » English | 21:44, Monday, 15 December 2014

I wasn’t the only one to notice a discussion about moving Python-related resources to GitHub recently. An article on LWN covered the matter and was followed by the usual assortment of comments, but having expected the usual expression of sentiments about how people should supposedly all migrate to Git (something I completely disagree with for a number of reasons), what I found surprising was a remark indicating that some people use GitHub as their “one stop” source of code for any project they might wish to use. In other words, GitHub is their “App Store”, curated experience, or “walled garden”: why should they bother with the rest of the Internet?

Of course, one could characterise such an interpretation of their remark as being somewhat unfair: after all, the author of the comment is not pushing their comment to GitHub to be magically pulled by LWN and published in a comment thread; they must therefore be actively using other parts of the Internet, too. But the “why bother with anything else?” mentality is worrying: demanding that everybody use a particular Internet site for their work to be considered as being something of value undermines freedom of choice, marginalises those who happen to prefer other solutions, and, in this case, cultivates a dependency on a corporate entity whose activities may not always prove to be benign. Corporate gatekeepers frequently act in ways that provoke accusations of censorship or of holding their users to ransom.

Sweetening a Bitter Pill

Many people seem to be infatuated with GitHub, perhaps because it offers conveniences that might make Git more bearable to use. I personally find Git’s command line interface to be incoherent in comparison to other tools, and despite praise of tools like gitk by Git advocates (with their claims of superior Git tooling), I find that things like the graphlog feature in Mercurial give me, in that particular instance, a proper graphical history at the command line in an instant, without messing around with some clumsy Tk-based interface with a suboptimal presentation of the different types of information (and I could always use things like TortoiseHg if I really wanted a graphical user interface myself). So maybe I wouldn’t see the point of a proprietary Web-based interface to use with Mercurial, especially since the built-in Web interface is pretty good and is in many ways better than attempts to provide similar functionality in a tool-neutral way.

People do seem rather willing to discard many of the benefits of the distributed nature of Git and are quite happy to have a single point of failure in their projects and businesses: when GitHub becomes unreachable in such environments, everything grinds to a halt, despite the fact that they all sit there with the code and could interact with each other directly. Popularity and the “network effect” seem to be the loudest arguments in favour of dumping all their code on some distant servers, with the idea being that “social” project hosting will bring in the contributors. Although I accept that for potential contributors who have no convenient way of hosting their own code, such services provide an obvious solution – “fork” the project, pull, make changes, push, dispatch a “pull request” – and allow them to avoid having to either provide hosting for their own code themselves or to coordinate their work in other ways, everything now has to go through the same infrastructure and everyone now has to sign up for the same service, adhere to the same terms and conditions, and risk interruptions to their work caused by anything from downtime and communications failures to the consequences of litigation or such services being obvious targets for criminal or politically-motivated misbehaviour. Not only do the custodians of a project no longer control their own project, but they also put that project at considerable risk.

Perhaps all the risks would be worth it if “going social” attracted contributors. When looking at project-hosting sites, I tend to see numerous forks of project code that mostly seem to have been created enthusiastically at some point in time, only to now be dormant and have seen no actual changes committed at all: whether the user concerned created a fork in an aspirational moment not unlike making a New Year’s resolution, or whether they have done it to demonstrate their supposed credibility (“look at me: I forked the Linux kernel!”), neither kind of motivation is helping such projects get any contributions of value. Making things easier is not a bad idea in itself, nor is getting the attention of the right people. The issue here is whether one finds the right people on such project-hosting sites, or whether one merely finds a lot of people who aspire to do something but who will still do very little regardless of how easy it supposedly is.

Body of Convenience

Although the original discussion is mostly concerned with the core development of the CPython implementation and the direction of the Python language, it is hard to separate the issues involved from the activities of the Python Software Foundation. Past experience suggests that some people involved with both of these things do not seem to prioritise ethical concerns – it is no coincidence that the word “pragmatic” appears in the LWN coverage – and it disappoints me greatly that when ethical concerns about GitHub’s corporate culture were raised, few people seemed interested in taking them into consideration. Once again, the label of “ideology” is wielded, together with the idea that doing the right thing is too complicated and therefore not worth pursuing at all, leading to the absurd conclusion that it is better to favour the party shown to have done wrong over all other parties who, as far as we know, have not done any wrong but should be suspected of it, anyway.

With the PSF taking diversity and equal opportunities seriously, one might expect people to “join the dots” on this matter and for people to be engaged in showing that the organisation is unconditionally committed to such causes and is willing to use its public influence for the common good, but I suppose that since GitHub is not a “Python company” anyone with a problem with the corporate culture in question is simply out of luck. Once again, ethics stand in the way of the toys, and “pragmatism” is a nice term to use to indicate that the core Python development community and the organisation that supports it should have as narrow a focus as possible, even if that means neglecting the social movements that brought about the environment that enabled Python to become the successful technology that it is today.

(The matter at the centre of those ethical concerns was wrapped up either definitively or inconclusively depending on who you wish to believe and how credible you regard the company’s own review of the matter to be. This article does not intend to express a view on that matter itself, but does stress that where ethical concerns have been raised, those concerns should be addressed and not ignored.)

Easy Way Out

Python is getting a lot of competition from other technologies these days. For example, Google’s Go stole some thunder from Python both within the company and elsewhere, and there are people who admit to switching to Go in order to remedy some of the long-standing issues they experienced with Python implementations (mostly related to performance and scalability). As I noted before, had Python implementations, libraries and the language definition been improved to alleviate concerns about Python’s suitability in various domains, Python would be in a stronger position than it is now: a position which arguably resembles that of Perl at the height of its popularity. Sure, choosing Python for your next project in certain domains is an easy decision (just as Perl devotees used to annoyingly insist that people just “use Perl”), but there are plenty of other areas where Python has more or less forfeited the contest: how is Python doing on Android, for instance? People who do Python or Django all-day-every-day may not see a problem, but that doesn’t mean that there isn’t a fundamental problem waiting for a remedy.

It is understandable that people want to play the popularity card: if there’s an easy way of clawing back the masses, why not play it? Unfortunately, there may not be an easy way. Catching up with the development backlog may actually be achieved more effectively by addressing other shortcomings of the development workflow. And there’s an assumption that a crowd of ready-to-start contributors are lurking on GitHub when, despite the aforementioned evidence of people only wanting to play inside the walled garden, anyone sufficiently motivated to improve Python would surely have moved beyond a consumer mindset and would have sought out the development community already.

Python development is a relatively well-resourced activity compared to many voluntary endeavours, and the PSF is responsible for much of the infrastructure that supports the developer communities around Python. Although many benefits are derived from things like the mailing lists hosted at python.org, there are always those who are enticed by other providers and technological platforms. In matters relating to the PSF, the occasional Google spreadsheet or form has been circulated, much to the dismay of some people who would rather not have to use online resources that may require a Google account (and if not that, then maybe a fast computer and cheap energy to power all the JavaScript). Bringing up additional PSF-driven services requires time and effort that may be in short supply (as I have experienced in recent months, despite the help of various stalwarts of the community, including one kind enough to drop my name into this particular debate!), and efforts to just procure help and bypass the community have arguably caused an even greater burden on volunteers, even leading to matters as severe as the temporary abandonment of valuable resources such as the Python Job Board (out of action since February 2014).

Concerns about the future relevance and popularity of Python itself may not be so easily addressed and overcome, but that is a topic for another time. But the task of rebalancing relationships – between the PSF, the core developers, and the community volunteers who keep the wheels turning on the Python online assets – is one that cannot be ignored, either. And retreating to the comfort of today’s favourite walled gardens is perhaps too much of an easy way out that ignores the lessons of the past (despite assertions to the contrary) and leaves such relationships in their current, somewhat precarious state, undermining those trying to uphold the independence and viability of the initiative, potentially causing even more work and inconvenience for infrastructure volunteers, presenting an incoherent collection of project resources to contributors, all in the vague hope of grabbing the attention of people who cannot otherwise be relied upon to look further than the ends of their own noses.

Maybe people should be looking for more substantial remedies than quick fixes in walled gardens to address Python’s contribution, popularity and development issues.

Report from FSFE Munich local group meeting December 2014

softmetz' anglophone Free Software blog | 10:31, Monday, 15 December 2014

On their regular schedule FSFE’s Munich local group had its last meeting in 2014. After some smaller past meetings, mostly due illness, this time the gathering was big again. Special guest was a guy from the Red Matrix who saw my profile there and joined us to meet similar minded people. I see this as Read more »

Starting a new blog

softmetz' anglophone Free Software blog | 10:31, Monday, 15 December 2014

I started to write a new blog today. If you read this post, you found it. Although I already run the blog softmetzbetrieb I always felt that mixing up different written languages on one blog site sucks. Yet there is a need for me to publish some posts in english because the Free Software Movement Read more »

Sunday, 14 December 2014

Miscellaneous tips and tricks

mina86.com | 20:48, Sunday, 14 December 2014

Don't you hate it when you need to do something you did in the past, but cannot remember exactly how. What if looking it up takes much more time than it should?

There are couple of things I had to do at least twice in the past, and every time I did, searching up for a correct method was considerably harder than it should. Because of that, here's a bag of notes so I can easy reference if I ever need to do listed things again:

Getting past Chrome certificate error

Chrome does not let people go to websites with invalid certificates. Proper web browsers usually have a “I know, get me there anyway”, but Chrome makes this option a little more hidden. If you ever find a need to visit a site without valid certificate, on the Chrome error message screen type “proceed” and press enter or if that does not work type “danger" end press enter. Which word needs to by typed depends on kind of error I think. Whatever, just try both.

“Compressing” git repository

By now everyone should know that the --aggressive flag of git gc is not to be used. In general git should handle pack file effectively, but what if you really want to try and squeeze every byte out of it?

git repack -a -d --depth=10000 --window=10000

Torvalds suggested smaller numbers but his message was from 2007 and I found that today's machines handle high numbers quickly enough even for big repositories.

Changing commits author

On the topic of git, to change author of a commit simply run:

git commit --amend --author "Jane Doe <jane@doe.com>"

(Yeah, I know, this is obvious, but I keep forgetting that –author option exists).

How to start an English letter

This one is hard to find because the Internet is filled with pages that give too much information where all I need to know is proper salutation and valediction. So here it is: If you do not know the name of the person you are writing to:

Dear Sir or Madam,

I am writing to inform you of a fire that has broken out on the premises of 123 Cavendon Road…

Yours faithfully,

John Smith

If you know the name of the person you are writing to:

Dear Ms. Doe,

I am writing to inform you of a fire that has broken out on the premises of 123 Cavendon Road…

Yours sincerely,

John Smith

Polish speakers should note that — since English has a nonsensical typography and orthography rules — the salutation finishes with a comma even though the next paragraph starts with capital letter. In languages which make more sense (e.g. Polish), the salutation is closed with a period.

Re-rising Python exception with previous back-trace

import sys

exc_info = []

def fail(): assert False

def run():
    try: fail()
    except: exc_info[:] = sys.exc_info()

def throw(): raise exc_info[0], exc_info[1], exc_info[2]

def call_throw(): throw()

if not run(): call_throw()

When throw rises the exception again, back-trace will contain all frames that lade up to having the exception caught in run:

$ python exc.py
Traceback (most recent call last):
  File "exc.py", line 15, in 
    if not run(): call_throw()
  File "exc.py", line 13, in call_throw
    def call_throw(): throw()
  File "exc.py", line 8, in run
    try: fail()
  File "exc.py", line 5, in fail
    def fail(): assert False
AssertionError

This is a bit like bare rise in except clause but performing the re-rising at arbitrary later time.

Flattening a list in Python

To turn a list of lists (or in more generic terms, an iterable of iterables) into a single sequence use either of:

def flatten(list_of_lists):
    return itertools.chain.from_iterable(list_of_lists)

def flatten(list_of_lists):
    return (x for lst in list_of_lists for x in lst)

(If you feel confused about nested comprehension don't feel bad – it's syntax is broken. The thing to remember is that you write a normal nested for-if-for-if-… sequence but then put the final statement at the beginning of the line instead of at the end).

Summing numbers in a column in Emacs

Select column containing the numbers to sum and simply invoke C-u C-x * :.

Friday, 12 December 2014

The Unplanned Obsolescence of the First Fairphone Device

Paul Boddie's Free Software-related blog » English | 13:01, Friday, 12 December 2014

About a year-and-a-half ago, I gave my impressions of the Fairphone, noting that the initiative was worthy in terms of its social and sustainability goals, but that it had neglected the “fairness” of the software to be provided with each device. Although the Fairphone organisation had made “root access” – or more correctly stated, “owner control” – of the device a priority and had decided to provide its user interface enhancements to Android as Free Software, it had chosen to use a set of hardware technologies with a poor record of support for Free Software.

It might be said that such an initiative cannot possibly hope to act in the most prudent manner in every respect. However, unlike expertise in minerals sourcing, complicated global supply chains, and proprietary manufacturing activities, expertise on matters of hardware support for Free Software is available almost in abundance to anyone who can be bothered to ask. Many people already struggle with poorly-supported hardware for which only binary firmware or driver releases are available from the manufacturer, often resulting in incorrectly-performing hardware with no chance of future fixes as the manufacturer discontinues support in order to focus on selling new products. Others struggle with continuing but inconvenient forms of support on the manufacturer’s own timescale and terms.

Consequently, there are increasing numbers of people with experience of reverse engineering, documenting, and reimplementing firmware and drivers for proprietary hardware, many of whom would only be too happy to share their experiences with others wishing to avoid the pitfalls of being tied to a proprietary hardware vendor with a proprietary software mentality. There are also communities developing open hardware who seek out enlightened hardware vendors that encourage Free Software drivers for their products and may even support firmware that is also Free Software on their devices. There are even people developing smartphones in the open whose experiences and opinions would surely be valuable to anyone needing advice on the more reliable, open and trustworthy hardware vendors.

One community that has remained active despite various setbacks is the one pursuing the development of the EOMA-68 modular computing platform. It was precisely this kind of “ODM versus chipset vendor versus Free Software community” circus that prompted the development of an open platform and attempts to reach out and cultivate constructive communications with various silicon vendors. Such vendors, notably Allwinner Technology (in the case of EOMA-68), but also other companies that have previously been open to dialogue, have had the realisation that Free Software is an asset, and that Free Software communities are their partners and not just a bunch of people whose work can be taken and used without paying attention to the terms under which that work was originally shared. Such dialogues are ongoing and are subject to setbacks as well as progress, but it is far better to cultivate good practices than to ignore bad practices and to dump the ugly result onto the end-user.

Now, the Fairphone organisation has started to reconsider the software issue in light of the real possibility that their device will not be upgradeable beyond an old release of Android:

“We are actively looking at ways to achieve this goal, but we’re trying to be realistic and face the fact that the first Fairphones will most likely not be upgraded beyond Android 4.2.”

Given that the viability of devices depends not only on the continued functioning of the hardware but also the correct functioning of the software, and that one motivation that many people have stated for upgrading their phone is to gain access to a supported operating system distribution and/or one that supports applications they need or desire, the unfortunate neglect of software sustainability has undermined the general sustainability of the device. It may very well be the case that the Fairphone organisation’s initiatives around re-use and recycling can mitigate the problems caused by any abandonment of these devices, as people seek out replacements that do what they demand of them, but one of the most potent goals of reducing consumption by providing a long-lasting device has been undermined by something that should be the easiest part of the product to change, maintain, upgrade and even to remedy shortcomings with the chosen physical components; something whose lifespan is dictated far less by physical constraints than the assembly of physical components making up the device itself.

It is quite possible that certain industry practices have remained unknown to the Fairphone organisation, despite bitter experiences elsewhere, and that they are only now catching up with what many other people have learned over the years:

“Our chipset vendor MediaTek is only publicly releasing what it is bound to by the obligatory terms of the GNU public license GPL (the Linux Kernel and a few userland programs) and has chosen not to release any of the Android source code.”

Once again, the GPL demonstrates its worth as a necessary tool to ensure that the end-user remains in control. Unfortunately, Google decided that the often shoddy practices of its hardware and industry partners should be indulged by allowing them to make proprietary products with Google’s permissively-licensed code. It could be worse: some hardware vendors violate the GPL and blame their suppliers, requiring anyone seeking recourse to traverse the supply chain as far as it goes, potentially to some obscure company in a faraway land whose management plead poverty while actually doing very nicely selling their services to anyone willing to pay; others just appear to brazenly violate the GPL and dare someone to sue them.

The Fairphone organisation could have valued the sustainability benefits of Free Software and cooperative hardware vendors. In doing so, by merely asking for informed opinions, they would have avoided this mess entirely. Unfortunately, they may have focused too narrowly only on certain worthy and necessary topics, maintaining an oversimplified view of software that, if mainstream media punditry is to be believed, is merely transient and interchangeable: something that can be made to run on any hardware as if by magic, with each upgrade replacing what was there before with something that is always better, only ever offering improvements and benefits. Those of us with more than a passing knowledge of systems development know that such beliefs are really delusions produced from a lack of experience or a wish to believe that unfamiliar things are easier than they actually are.

Since we cannot go back and change the way things were done before, I suppose that now is the time to deliver on the sustainability promise by fully and properly promoting and supporting Free Software on any future Fairphone device. Which means that the Fairphone organisation has to start listening to people with experience of reliably deploying and supporting Free Software on open or properly-documented hardware, instead of going along with whatever some supplier (and their potentially GPL-violating associates) would have them do just to get the contract in the bag and the device out of the door.

Wednesday, 10 December 2014

Report of FSFE Meeting Rhine/Main in Frankfurt

Being Fellow #952 of FSFE » English | 00:43, Wednesday, 10 December 2014

Here is a quick report from our last meeting in Frankfurt/M. which took place on December 3rd.

End of touring around Frankfurt

As discussed at some previous meetings, we decided to stop our tour around Frankfurt after the second round. It was a nice experiment with many interesting discussions, a lot of new faces and definetely worth it. But we’ll end it anyhow to start something new:

We’ll keep the concept of changing locations every other month, but instead of travelling up to 90km out, we’ll visit other groups in Frankfurt to enlarge our network locally.

Networking

We still need to identify the groups to visit. We’ve already been to CCC and Freifunk. There are quite a bunch of other groups at usergroups.rheinmainrocks. Suggested were CaCert and mobile-users. We’ll see and discuss at the next meeting.

We may also present ourselfes at one of the upcoming WebMondays if the theme fits.

Talks

As the CCCFfm offered their rooms for occasional talks to us, we may very well accept the offer. I sent a selection of possible subjects. We’ll discuss this further on the mailing list. We may want to check with them as well ;D

Workshops

Next to talks, there seems also be a high interest in workshops. One about how to setup the Felloship smartcard, but also a Mutterware party.

It’s worth to be present

We were happy to welcome a new face to our group. Interestingly, one way he got aware of FSFE’s work was the booth at Corso Leopold which the Fellowship Group in Munich organized a few times now. Thanks to the folks in Munich! :)

There are also some movements that there might be a second Fuxcon, but we will also look for other events in the area that we may use to present FSFE and our group. Again, we’ll discuss the details on the mailing list and/or at the next meeting. Any suggestions?

merchandising/info material

The new There is no cloud…-Stickers sparked quite some interest and I promised to order some for the next meeting. I’ll bring more flyers and stickers to spread out anyway.

Cryptoparties

We’ll continue our engagement at the cryptoparties and even gained a new cryptoangel that night! Unfortunately, there is still no date for the next cryptoparty in Frankfurt yet. I’ll follow-up on that.

possible activities in educational institutions

We discussed what students may do at their universities. One idea I got from our new edu-team member Norman who managed to get FSFE info material into the “Erstie”-bag in Dresden.

issue 451

I talked with Thomas about how to improve my skript collection to promote the meetings. The plan is to have our profile updated automatically so it will always show up on ugrm.rheinmainrocks.de.

miscelanious

We talked about a lot of other things I failed to take notes of. The one topic I do remember was the Jolla tablet. We had two participants at the table who already ordered one!

next meeting

We decided to break the rythm of “every second month” and just meet at our default location in January. See details on our wiki page or subscribe to the mailing list!

flattr this!

Monday, 08 December 2014

WHY DO(N’T) YOU USE ACTIVITIES?

bb's blog | 12:31, Monday, 08 December 2014

On our quest for improving the concept of Virtual Desktops and Activities on the KDE Desktop, we once again ask you to share your experiences. Continue…

Sunday, 07 December 2014

About the first KDE CI IRC meeting and the date for the next one

Mario Fux | 23:27, Sunday, 07 December 2014

Our first meeting was quite successful. Something like 10 people participated. We discussed and introduced the current state of the CI system and got an introduction to the current Season of KDE project which Scarlett Clarks is working on and about the Mac OS X CI system. Afterwards we talked about what everybody could do and then decided what do to next and who works on what. Some work items are:

  • Evaluation of different CI solutions
  • Different platforms like Windows and Android
  • Continue with the current work

So there is progress (just today I saw huge progress on the Mac front) and I’d like to thank all the people who help for their time and dedication.

Interested people should read the summary (including a full IRC log) for more information.

And if you don’t have (yet) a KDE Account and thus can’t check the logs, mail me and I’ll send them to you.

Next IRC meeting is going to happen on Tuesday, 16th of December 2014, 8 pm CET (UTC+1). So if you want to help, see you there, speak up on kde-devel or ping me (unormal) on freenode IRC.

flattr this!

Saturday, 06 December 2014

Free Software in Education News – November

Being Fellow #952 of FSFE » English | 13:19, Saturday, 06 December 2014

Here’s what we collected in November. I have to say, it is not much this time. If you come accross anything that might be worth mentioning in this series, please drop me a note, dump it in this pad or drop it on the edu-eu mailinglist!

FSFE Edu-Team activities

  • Wolf-Dieter attended an event in the parliament of North-Rhine Westphalia titled: “Day of media literacy” (free translation).
  • We gained two new edu-team members: Nico and Norman.
  • Many interesting internal discussions on edu-team@ mailing list in preparation of our first physical meeting in January.

Future events

Thanks to all contributors!

flattr this!

Monday, 08 December 2014

WHAT PEOPLE THINK ABOUT KGET

bb's blog | 12:31, Monday, 08 December 2014

We present the results of the survey how people currently make use of KGet. Read on…

USING THE KANO METHOD TO PRIORITIZE REQUIREMENTS

bb's blog | 12:31, Monday, 08 December 2014

On the basis of data from the user survey about KGet we show how to apply the Kano method for use in massively multi-user online surveys. Continue reading …

Thursday, 04 December 2014

Workshop on “Open Standards for ICT procurement” [updated]

Karsten on Free Software | 11:48, Thursday, 04 December 2014

Yesterday I participated in a workshop on “”Open Standards for ICT Procurement: Sharing of Best Practices”. This was organised by PWC for the European Commission’s DG CNECT, and forms part of an EC-funded project on “Guidelines for public procurement of ICT systems“.

The invitation read:

Under Digital Agenda, the European Commission commits itself through Action 23 to provide guidance on the link between ICT Standardisation and Public Procurement in order to help public authorities use standards to promote efficiency and reduce lock-in.

As a matter of fact, using ICT open standards results in:
-       Higher savings when procuring ICT

-       An increased level of competition among suppliers

-       Being compliant with EU Public Procurement directives

Not much to quibble with here, except perhaps a slightly excessive use of bold font. As the goals for the event, the invitation stated:

-       Share some good practice examples about ICT procurement;

-       Stimulate the debate around the next steps / new ideas for DAE Action 23;

-       Present a first set of insights on the state of the art of ICT public procurement using standards through Europe.
Best practice examples have been carefully selected to match the needs and wants of all potential participants.

So, how did this go? For some of the talks, I’m really not sure what to make of them. This goes especially for the presentations of EU-funded projects like Fi-Ware, on which the EC has so far spent EUR 300 million, according to the CNECT person on the panel. Most of the Fi-Ware stuff is apparently meant to be Free Software. When I asked about specific licenses, and where to find code, the speaker replied “oh, it’s all open source”. I did end up finding something called the “catalogue of generic enablers“, which has links to source code for a bunch of projects, under various licenses. Well, that’s something – but I’ll leave it to others to decide whether this is worth the money invested.

Some talks were more valuable, like the one on standard contract clauses for software development contracts, which enable public bodies to re-use and share the software they (i.e. the taxpayers) have paid for. And some were quite excellent, such the one by Linda Humphries. Linda is a Senior Technology Adviser within UK’s Government Digital Service. She talked about the UK’s Open Standards policy (which she helped to build), and the effects of that policy.

My favourite moment of the day came when I tweeted that under the new policy, more than half of the government’s IT spending is going to SMEs. [Update: Stephen Quest has kindly pointed out that this refers only to the UK Government's IT spending on cloud services. It's still an impressive figure. -- thanks!] One of Linda’s colleagues in GDS pointed me to a page that doesn’t just show more figures. It also has the raw data on government IT contracts, by month, in CSV. I wish more governments were like this.

Quite a few of the participants commented that the main target audience of the workshop – people who are actually doing public procurement in ICT – wasn’t really there.

As so often, the real value of the event was in the people who were there. The workshop provided an opportunity for the small community pushing Free Software and Open Standards in procurement to meet and share updates. I managed to introduce a few people, especially from the Commission, to outside experts they should definitely be talking to.

What else could the Commission do to drive the take-up of Free Software and Open Standards in public procurement?

At the workshop, DG DIGIT’s Pierre Damas talked about updates he’s making to the Commission’s notoriously weak “open source strategy“. He specifically mentioned that in future, EC developers (perhaps even including contractors) will be allowed to contribute to outside Free Software projects, and that the EC would adopt a “free software first” policy for internal developments. Both steps are obviously useful, though a good time to take them would have been perhaps a decade ago.

From the presentations and several private conversations, it became clear that the EC’s main problem is their reliance on proprietary document formats. Awareness of this seems to be slowly growing, though I have yet to see any concrete steps proposed to deal with the issue.

Oh well, here at FSFE, we’ll keep pushing. If you’d like to support our work on public procurement, please sign up as a Fellow, or make a one-time donation. Thanks!

Wednesday, 03 December 2014

FSFE needs your support for 2015!

Creative Destruction & Me » FLOSS | 20:32, Wednesday, 03 December 2014

“Use, study, share, improve” – these four freedoms are the definition of Free Software for contributors all around the world. The focus of their communities is to produce content and code that can be shared freely, and to have fun and satisfaction on the way. But there is a whole other, non-technical side to the success of Free Software:

  • These freedoms need protection, as they may conflict with the interests of some states and some businesses.
  • These freedoms need explaining, as the benefits they contribute to society and their relation to basic liberties are not always obvious and easy to understand.
  • And these freedoms need organizing, to give the various Free Software communities and contributors one voice where they are usually not heard – for example in capitals, in Brussels, in trade associations, or in research.

The Free Software Foundation Europe does all that, transparently and consistently, so that we don’t have to do it and can concentrate on creating great things. For that, FSFE deserves our support. FSFE is independent and financed by people like you, mostly through donations.

FSFE Logo

For 2015, FSFE is fundraising to secure the budget that finances it’s work:

Free Software Foundation Europe is a pan-European charity, established in 2001 to empower users to control technology. To enable the organisation to intensify its work with the European Commission and to let more people know about Free Software, the FSFE needs another 190,000 Euro for its work in 2015. Next year, the FSFE will push harder than ever to weave software freedom into the fabric of our society.

Donate!

There are multiple ways to take part in this and become a supporter, for example you could sign up as a fellow (like I did). Or your company could become a sponsor. There is also the option for a single, one-off donation. Every small donation helps:

To continue its work in 2015, the FSFE will need 420,000 Euro in total. The organisation has already secured 230,000 Euro thanks to existing sustaining members, regular donations, and merchandise sales. The FSFE requires another 190,000 Euro to underwrite its work in 2015.

FSFE is the one organization in Europe that have software freedom as it’s main focus. If to create general understanding and support for Free Software and Open Standards in politics, business, law and society at large is important to you, please consider supporting this mission in one of the ways described above.


Filed under: Coding, CreativeDestruction, English, FLOSS, KDE, OSS, Qt

Baobáxia – the Galaxy of Baobab Trees

agger's Free Software blog | 05:31, Wednesday, 03 December 2014

Baobáxia - the Galaxy of Baobab TreesYesterday evening, I gave a T³ (Tech Talk Tuesday) talk in our local, friendly hackerspace about the Mocambos network and their software project Baobáxia – a free software project to connect very widely distributed, often rural communities, namely the Brazilian quilombos.

Since my visit to Brazil in April, I’ve been involved in this project as a programmer, at least as far as my time has allowed.

Above, you can find a link the slides from my presentation – you can also read them in PDF format (with functional links) here.

Monday, 01 December 2014

Preview: what FSFE did in 2014 [update]

Karsten on Free Software | 17:20, Monday, 01 December 2014

The year is almost over, and it’s reporting season. Here’s a sneak peek at list of things we achieved in 2014. A full report will follow shortly.

We want to keep doing these things, and more, in 2015. To continue operating at our current level in 2015, we will need €420,000. We have already secured €230,000 from our Fellows, donations, and merchandise sales. We need another €190,000 to finance our work next year. If you like what you see here, please consider joining the Fellowship or making a donation!

Public procurement [update]

We pushed hard for the European Commission to improve the way it acquires software, in order to open up opportunities for Free Software and Open Standards. Using the EU’s “freedom of information” mechanism, alongside parliamentary questions from MEP Amelia Andersdotter, we got the Commission to release documents about the way its contracts with Microsoft and other providers of non-free software are structured. We also obtained a document outlining the EC’s desktop software strategy for the coming years. This effort has opened the doors to several meetings with high-level IT decision makers in the Commission and the Parliament, and has enabled us to start a constructive conversation with them about what steps to take next. The Commission has asked us to provide input to the next version of its “open source strategy”

Free Software Pact / Ask Your Candidates

For the European elections in May 2014, we organised the Free Software Pact campaign together with the French Free Software association April. We invited candidates in those elections to sign the pact, asking them to commit to using their European Parliament mandate to promote Free Software. 33 of the pact’s signatories are currently serving as Members of the European Parliament. We will repeat this effort for other elections. Preparations are currently under way for Switzerland’s 2015 elections. With more resources available, we could put more time into following up with signatories, and using the contact we’ve built through the campaign to let them know what they should do in order to improve the situation for Free Software.

Compulsory Routers

In 2013 and 2014, we have followed developments on the issue of compulsory routers. We have published position papers, and documented the arguments and the process in both German and English. We supported other organisations with arguments and technical expertise, such as the Federation of German Consumer Organisations. Germany’s ministry of economics is currently working on a draft law to enable free router choice for consumers, and prohibit compulsory routers.

Information materials

We are currently sending out ten information packs per month on average. People can order these free of charge through our website. Both our introductory Free Software leaflet and our F-Droid leaflet are available in five languages. We recently added a flyer on “email self defense” in German and English; demand for this has been so great that we have already done three print runs of this.  Volunteers distributed this flyer at the premiere screenings of the movie “Citizenfour”.

Public relations for Free Software

We continously work to push the Free Software across Europe, in local languages wherever possible. During the past year, our monthly newsletter was translated into six languages on average.

Device sovereignty

On “trusted computing” and “SecureBoot”:  In 2014, we discussed this issue with Germany’s Federal Information Security Office, and with the ministries of economics and interior. At the EU level, we initiated conversations about alternatives such as CoreBoot. We are pushing to ensure that consumers have the possibility to install alternative operating systems on the devices they buy and own. Our goal is to use the progress we have made in Germany to create progress in other european countries, and finally put device owners in full control of their hard- and software.

Events

We explained Free Software in talks, workshops, panel discussions, radio shows and several times on TV. In addition to the usual IT conferences and events, we expanded our reach to cover street festivals in Munich and Düsseldorf (Germany). This new outreach angle worked well, and we want to be present at many other such events this year.

Free Software Legal Issues

FSFE facilitates the world’s largest network of legal experts on Free Software, with currently more than 360 members (up from 320 last year). Participating experts come from a wide range of backgrounds, from corporate legal departments to lawyers in private practice, and engineers with legal skills. The network serves to develop and spread best practices around Free Software, and increase acceptance. Several participants have called the network’s annual meeting, the Free Software Legal & Licensing Workshop, the best event of its kind in the world.

Document Freedom Day

Working with volunteers from around the world, our Document Freedom Day campaign explained and promoted Open Standards at 51 events in 21 countries around the world.

Help keep us going!

If you’ve made it all the way down here, you probably really are interested in the work we do at FSFE. So let me just point you to the Join the Fellowship and Donate pages again.

Thank you for any support you can provide!

Sunday, 30 November 2014

Fix Firefox fullscreen video bug on Gnome 3

Sam Tuke » Free Software | 02:48, Sunday, 30 November 2014

Does this sound like a familiar scenario?: You’ve found your favourite Seinfeld clip, you’ve waited for it to buffer, you’ve clicked fullscreen mode, swiftly alt-tabbed to check your mail (the thousandth time today), switched back into Firefox, clicked fullscreen again, only to find the comedy genius’ face has vacated your screen, or frozen, glass-eyed and […]

Friday, 28 November 2014

Sharing is caring – my Git instance

Max's weblog » English | 17:16, Friday, 28 November 2014

Some days ago I noticed another time that I have far too less knowledge about Git.
“Time to change that!”, I thought and set up my own Git instance and also installed gitweb for better usability.

Upside 1: I can keep track of the many (mainly bash) scripts I wrote in the past and all the changes I will adopt in the future.
Upside 2: You can hopefully benefit from using and reading my code. All code is licensed under GNU GPL v3 so please feel free to use, study, share and improve my work!

Some noteworthy projects I’m (a bit) proud of:

Any questions, ideas or improvements? Please contact me!

Monday, 08 December 2014

How do you use Libreoffice Impress?

bb's blog | 12:31, Monday, 08 December 2014

Please participate in a survey about your workflow with Libreoffice Impress and how you want to have its toolbar configured by default. Read on…

Thursday, 27 November 2014

How to contribute as a non-developer and the KDE-CI meeting date is set

Mario Fux | 23:05, Thursday, 27 November 2014

First about the upcoming IRC meeting about KDE’s Continuous Integration (CI) system. The Doodle resulted in the 2nd of December us our meeting day. We’ll see you in #kde-devel at 20.00 (8pm) CET (UTC+1). See this notepad about the agenda and Co.

And now about the way you can contribute to KDE even though you can’t program:

  • Do you like to write thrilling articles about KDE and its software?
  • Do you like to interview people?
  • Are you an English native speaker and spot writing errors on first sight?
  • Would you like to take care of regular and repetitive jobs like e.g. the beta release announcements?
  • Do you know something about promo work and marketing?

Then we want you! Come to our mailing list or ping me on IRC in #kde-promo and tell us on what you’d like to work, what you’d like to improve and what your ideas are.

As a first task you can read the Promo and Dot page. As it’s a wiki and these pages might be outdated please fixed them and ask on the kde-promo mailing list if you’re not sure.

flattr this!

New stickers and leaflets: No cloud and e-mail self-defense

I love it here » English | 21:47, Thursday, 27 November 2014

This week we received new additions for our information materials in the Berlin office.

First of all, the English version of the “e-mail self-defense” leaflet. In September Erik layouted and printed a German version of that leaflet to distribute at the “freedom not fear demonstration“ in Berlin. We received a lot of positive feedback about the leaflet, and had to order the German version three times already. Now we also have the English version, and our translators are working on Dutch, Italian, French, Spanish, Greek, and Chinese.

<figure about="http://blogs.fsfe.org/mk/wp-content/plugins/creative-commons-license-manager/embed-helper.php?id=1408" xmlns:cc="http://creativecommons.org/ns#" xmlns:dc="http://purl.org/dc/terms/"> <figcaption>gnupg-leaflet.en FSFE CC BY-SA <script> function showEmbed(element) { var figureNode = element.parentNode.parentNode; var helperNode = document.createElement('html'); helperNode.appendChild(figureNode.cloneNode(true)); embedNode = document.createElement('input'); embedNode.value = helperNode.innerHTML.replace(/<:/g,"<").replace(/<.:/g,"</figcaption><style scoped="scoped">figure[about] { display: inline-block; margin: 0; padding: 0; position: relative; } figure[about] > img, figure[about] > audio, figure[about] > video, figure[about] > object { display: block; margin: 0; padding: 0; } figure[about] figcaption { background-color: rgba(190, 190, 190, 0.6); bottom: 0px; font-size: 12px; height: 22px; left: 0px; line-height: 22px; overflow: hidden; padding-left: 22px; position: absolute; width: 0px; } audio +figcaption, video + figcaption, object + figcaption { left: 22px !important; } figure[about] figcaption:hover { height: inherit; width: inherit; } figure[about] figcaption [property*=title] { display: none; } figure[about] figcaption [property*=attributionName] { border: none; color: black; display: inline-block; height: 22px; margin: 0 0.5em; text-decoration: underline; text-shadow: none; } figure[about] figcaption small { position: absolute; left: 0; bottom: 0; } figure[about] figcaption small, figure[about] figcaption small a, figure[about] figcaption small a abbr { color: transparent !important; border: none; display: inline-block; height: 22px; margin: 0; padding: 0; text-shadow: none !important; width: 22px; } figure[about] figcaption small a[href^="http://creativecommons.org/licenses/"] { background: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABYAAAAWCAQAAABuvaSwAAAAAnNCSVQICFXsRgQAAAAJcEhZcwAABJ0AAASdAXw0a6EAAAAZdEVYdFNvZnR3YXJlAHd3dy5pbmtzY2FwZS5vcmeb7jwaAAABmklEQVQoz5XTPWiTURTG8d8b/GjEii2VKoqKi2DFwU9wUkTdFIeKIEWcpIOTiA4OLgVdXFJwEZHoIII0TiJipZJFrIgGKXQQCRg6RKREjEjMcQnmTVPB3jNc7j1/7nk49zlJ+P+1rPsqydqFD1HvSkUq9MkpaQihoWRcfzqftGUkx9y10Yy33vlttz2GzBmNQtfLrmqqGu6odNKccOvvubXt1/Da+tAZBkwKx1OwHjNqti1EQ7DBN2Vr2vBl4cJiaAjOCdfbcMF3mWC7O6qmDFntms9KzgYZNU/bcFkxBM+UjXjiilFNl4yZsCIoqrRgA0IuGNRws1W66H1KSE5YFzKoa+pFTV0/ydYk66s+kt5kE1ilqd7qs49KIcj75bEfxp0RJn0yKxtMm21rzmtYG6x0Wt5Fy4ODbhuzJejx06M2PCzc+2frbgjn0z9YEE4tih7Q8FyShgdVzRvpQk+omLe5wxvBIV+ECTtkQpCx00Oh4ugCI7XcfF8INa9MqQnhQdrRSedYJYcdsc9eTHvjRbzsyC5lBjNLYP0B5PQk1O2dJT8AAAAASUVORK5CYII="); background-position: 0px center; background-repeat: no-repeat; } figure[about] > figcaption button, figure[about] > figcaption input { color: inherit; background: inherit; border-width: 1px; font-size: smaller; margin: 0 0.5em; width: 5em; } </style></figure>

Beside that, yesterday our new “There is no cloud – just other people’s computers” stickers arrived. Our former intern Bela Seeger worked on them during his internship, and the first feedback is very positive. <figure about="http://blogs.fsfe.org/mk/wp-content/plugins/creative-commons-license-manager/embed-helper.php?id=1411" xmlns:cc="http://creativecommons.org/ns#" xmlns:dc="http://purl.org/dc/terms/"> <figcaption>there-is-no-cloud-pack Matthias Kirschner CC BY-SA <script> function showEmbed(element) { var figureNode = element.parentNode.parentNode; var helperNode = document.createElement('html'); helperNode.appendChild(figureNode.cloneNode(true)); embedNode = document.createElement('input'); embedNode.value = helperNode.innerHTML.replace(/<:/g,"<").replace(/<.:/g,"</figcaption><style scoped="scoped">figure[about] { display: inline-block; margin: 0; padding: 0; position: relative; } figure[about] > img, figure[about] > audio, figure[about] > video, figure[about] > object { display: block; margin: 0; padding: 0; } figure[about] figcaption { background-color: rgba(190, 190, 190, 0.6); bottom: 0px; font-size: 12px; height: 22px; left: 0px; line-height: 22px; overflow: hidden; padding-left: 22px; position: absolute; width: 0px; } audio +figcaption, video + figcaption, object + figcaption { left: 22px !important; } figure[about] figcaption:hover { height: inherit; width: inherit; } figure[about] figcaption [property*=title] { display: none; } figure[about] figcaption [property*=attributionName] { border: none; color: black; display: inline-block; height: 22px; margin: 0 0.5em; text-decoration: underline; text-shadow: none; } figure[about] figcaption small { position: absolute; left: 0; bottom: 0; } figure[about] figcaption small, figure[about] figcaption small a, figure[about] figcaption small a abbr { color: transparent !important; border: none; display: inline-block; height: 22px; margin: 0; padding: 0; text-shadow: none !important; width: 22px; } figure[about] figcaption small a[href^="http://creativecommons.org/licenses/"] { background: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABYAAAAWCAQAAABuvaSwAAAAAnNCSVQICFXsRgQAAAAJcEhZcwAABJ0AAASdAXw0a6EAAAAZdEVYdFNvZnR3YXJlAHd3dy5pbmtzY2FwZS5vcmeb7jwaAAABmklEQVQoz5XTPWiTURTG8d8b/GjEii2VKoqKi2DFwU9wUkTdFIeKIEWcpIOTiA4OLgVdXFJwEZHoIII0TiJipZJFrIgGKXQQCRg6RKREjEjMcQnmTVPB3jNc7j1/7nk49zlJ+P+1rPsqydqFD1HvSkUq9MkpaQihoWRcfzqftGUkx9y10Yy33vlttz2GzBmNQtfLrmqqGu6odNKccOvvubXt1/Da+tAZBkwKx1OwHjNqti1EQ7DBN2Vr2vBl4cJiaAjOCdfbcMF3mWC7O6qmDFntms9KzgYZNU/bcFkxBM+UjXjiilFNl4yZsCIoqrRgA0IuGNRws1W66H1KSE5YFzKoa+pFTV0/ydYk66s+kt5kE1ilqd7qs49KIcj75bEfxp0RJn0yKxtMm21rzmtYG6x0Wt5Fy4ODbhuzJejx06M2PCzc+2frbgjn0z9YEE4tih7Q8FyShgdVzRvpQk+omLe5wxvBIV+ECTtkQpCx00Oh4ugCI7XcfF8INa9MqQnhQdrRSedYJYcdsc9eTHvjRbzsyC5lBjNLYP0B5PQk1O2dJT8AAAAASUVORK5CYII="); background-position: 0px center; background-repeat: no-repeat; } figure[about] > figcaption button, figure[about] > figcaption input { color: inherit; background: inherit; border-width: 1px; font-size: smaller; margin: 0 0.5em; width: 5em; } </style></figure>

If you want some of the stickers and leaflets, we will from now on include them in FSFE’s promo packs.

Saturday, 22 November 2014

Your chance to contribute to KDE in non-C++ – or the first KDE-CI IRC meeting

Mario Fux | 20:29, Saturday, 22 November 2014

This blog post is about another possibility to contribute to KDE. It’s about taking work off Ben’s shoulders and about fixing the bus factor for our great CI (Continuous Integration) system.

I’d like to start a series of weekly or bi-weekly (to be decided) IRC meetings to coordinate the work to understand, change and enhance our CI system and therefore we need a first date. So if you’re interested please add yourself to this Doodle (think about different timezones!).

Prospective agenda for the IRC meeting:

  • Ben: Short introduction to KDE CI
  • Everybody: Short introduction incl. their skills and wishes for KDE CI
  • Ben: What needs to be changed
  • Everybody: Work on a roadmap and distribute work till next meeting
  • Everybody: Determine date for the next IRC meeting

This is your chance to help KDE to enhance the code quality and spread to even more platforms and thus bring our great software to even more computers and people. But if you prefer to support us in another way their is our ongoing fundraiser. Thanks for considering to help us!

And one last thing about the KDE CI system: we’ve a page about CI on the Frameworks wiki too.

Short Personal note: My diploma thesis was finally accepted (and thus again thanks to everybody who wished me all the best for my thesis!) and thus I’ve a bit more time (to coordinate some stuff in KDE ;-) . But I still need to learn and pass the exams (and there is some other big private change in my life soon to come ;-) .

flattr this!

Monday, 08 December 2014

PLEASE PARTICIPATE IN A SURVEY ABOUT KDE’S DOWNLOAD MANAGER KGET

bb's blog | 12:31, Monday, 08 December 2014

Please participate in a survey about KDE’s download manager KGet. Read more…

Friday, 21 November 2014

PostBooks 4.7 packages available, xTupleCon 2014 award

DanielPocock.com - fsfe | 14:12, Friday, 21 November 2014

I recently updated the PostBooks packages in Debian and Ubuntu to version 4.7. This is the version that was released in Ubuntu 14.10 (Utopic Unicorn) and is part of the upcoming Debian 8 (jessie) release.

Better prospects for Fedora and RHEL/CentOS/EPEL packages

As well as getting the packages ready, I've been in contact with xTuple helping them generalize their build system to make packaging easier. This has eliminated the need to patch the makefiles during the build. As well as making it easier to support the Debian/Ubuntu packages, this should make it far easier for somebody to create a spec file for RPM packaging too.

Debian wins a prize

While visiting xTupleCon 2014 in Norfolk, I was delighted to receive the Community Member of the Year award which I happily accepted not just for my own efforts but for the Debian Project as a whole.

Steve Hackbarth, Director of Product Development at xTuple, myself and the impressive Community Member of the Year trophy

This is a great example of the productive relationships that exist between Debian, upstream developers and the wider free software community and it is great to be part of a team that can synthesize the work from so many other developers into ready-to-run solutions on a 100% free software platform.

Receiving this award really made me think about all the effort that has gone into making it possible to apt-get install postbooks and all the people who have collectively done far more work than myself to make this possible:

Here is a screenshot of the xTuple web / JSCommunicator integration, it was one of the highlights of xTupleCon:

and gives a preview of the wide range of commercial opportunities that WebRTC is creating for software vendors to displace traditional telecommunications providers.

xTupleCon also gave me a great opportunity to see new features (like the xTuple / Drupal web shop integration) and hear about the success of consultants and their clients deploying xTuple/PostBooks in various scenarios. The product is extremely strong in meeting the needs of manufacturing and distribution and has gained a lot of traction in these industries in the US. Many of these features are equally applicable in other markets with a strong manufacturing industry such as Germany or the UK. However, it is also flexible enough to simply disable many of the specialized features and use it as a general purpose accounting solution for consulting and services businesses. This makes it a good option for many IT freelancers and support providers looking for a way to keep their business accounts in a genuinely open source solution with a strong SQL backend and a native Linux desktop interface.

Monday, 08 December 2014

RESULTS OF SURVEY ABOUT LIBREOFFICE CALC’S TOOLBAR CONFIGURATION

bb's blog | 12:31, Monday, 08 December 2014

We present the results from the survey about toolbar usage in Libreoffice Calc. Read more…

Thursday, 20 November 2014

Is Amnesty giving spy victims a false sense of security?

DanielPocock.com - fsfe | 12:48, Thursday, 20 November 2014

Amnesty International is getting a lot of attention with the launch of a new tool to detect government and corporate spying on your computer.

I thought I would try it myself. I went to a computer running Microsoft Windows, an operating system that does not publish its source code for public scrutiny. I used the Chrome browser, users often express concern about Chrome sending data back to the vendor about the web sites the users look for.

Without even installing the app, I would expect the Amnesty web site to recognise that I was accessing the site from a combination of proprietary software. Instead, I found a different type of warning.

Beware of Amnesty?

Instead, the only warning I received was from Amnesty's own cookies:

Even before I install the app to find out if the government is monitoring me, Amnesty is keen to monitor my behaviour themselves.

While cookies are used widely, their presence on a site like Amnesty's only further desensitizes Internet users to the downside risks of tracking technologies. By using cookies, Amnesty is effectivley saying a little bit of tracking is justified for the greater good. Doesn't that sound eerily like the justification we often hear from governments too?

Is Amnesty part of the solution or part of the problem?

Amnesty is a well known and widely respected name when human rights are mentioned.

However, their advice that you can install an app onto a Windows computer or iPhone to detect spyware is like telling people that putting a seatbelt on a motorbike will eliminate the risk of death. It would be much more credible for Amnesty to tell people to start by avoiding cloud services altogether, browse the web with Tor and only use operating systems and software that come with fully published source code under a free license. Only when 100% of the software on your device is genuinely free and open source can independent experts exercise the freedom to study the code and detect and remove backdoors, spyware and security bugs.

It reminds me of the advice Kim Kardashian gave after the Fappening, telling people they can continue trusting companies like Facebook and Apple with their private data just as long as they check the privacy settings (reality check: privacy settings in cloud services are about as effective as a band-aid on a broken leg).

Write to Amnesty

Amnesty became famous for their letter writing campaigns.

Maybe now is the time for people to write to Amnesty themselves, thank them for their efforts and encourage them to take more comprehensive action.

Feel free to cut and paste some of the following potential ideas into an email to Amnesty:


I understand you may not be able to respond to every email personally but I would like to ask you to make a statement about these matters on your public web site or blog.

I understand it is Amnesty's core objective to end grave abuses of human rights. Electronic surveillence, due to its scale and pervasiveness, has become a grave abuse in itself and in a disturbing number of jurisdictions it is an enabler for other types of grave violations of human rights.

I'm concerned that your new app Detekt gives people a false sense of security and that your campaign needs to be more comprehensive to truly help people and humanity in the long term.

If Amnesty is serious about solving the problems of electronic surveillance by government, corporations and other bad actors, please consider some of the following:

  • Instead of displaying a cookie warning on Amnesty.org, display a warning to users who access the site from a computer running closed-source software and give them a link to download a free and open source web browser like Firefox.
  • Redirect all visitors to your web site to use the HTTPS encrypted version of the site.
  • Using free software such as the GNU/Linux operating system (using one of the Debian, Fedora or Ubuntu systems is one of the more common ways to achieve this) and LibreOffice for all Amnesty's own operations, making a public statement about your use of free software and mentioning this in the closing paragraph of all press releases relating to surveillance topics.
  • Encouraging Amnesty donors, members and supporters to choose similar software especially when engaging in any political activities.
  • Make a public statement that Amnesty will not use cloud services such as SalesForce or Facebook to store, manage or interact with data relating to members, donors or other supporters.
  • Encouraging the public to move away from centralized cloud services such as those provided by their smartphone or social networks and use de-centralized or federated services such as XMPP chat.

Given the immense threat posed by electronic surveillance, I'd also like to call on Amnesty to allocate at least 10% of annual revenue towards software projects releasing free and open source software that offers the public an alternative to the centralized cloud.


While publicity for electronic privacy is great, I hope Amnesty can go a step further and help people use trustworthy software from the ground up.

Wednesday, 19 November 2014

Free Software for the European Parliament: FSFE comments at DG ITEC forum

Karsten on Free Software | 15:50, Wednesday, 19 November 2014

Today, the European Parliament organised a conference to inform MEPs about the IT services available to them. It featured a panel discussion led by Adina Valean, the new EP Vice President in charge of ICT, with a contribution from Giancarlo Villela, the director of the EP’s IT department.

After the panel discussion, I got the chance to contribute a few brief remarks. Here they are.

FSFE is a charity that works to put users in control of technology. Free Software means being able to use, study, share, and improve your software.

The EP has taken some important steps towards Free Software and interoperability: It has committed to being able to receive and send documents in the Open Document Format (ODF). The Parliament has also released some Free Software of its own.

These are very good beginnings. But there remains further work to do:

  • We need to enable interaction with citizens: You can’t force citizens to buy certain products in order to interact with you. Please make sure that the EP is fully accessible for citizens and public bodies that use Free Software. It’s currently very difficult for Free Software users to watch live streams from the Parliament.
  • As the EP continues to digitise, rely on Open Standards and Free Software. Make sure that Parliament doesn’t get locked into certain vendors and service providers. Today’s star gadget is tomorrow’s landfill. Today’s best-in-class app will be an old hat tomorrow. Stay independent as you digitise. Free Software and Open Standards let you do this.
  • Here in the Parliament, the DebianParl project has built a fully free and open desktop for MEPs and staffers. It works great; but to become fully usable, DG ITEC needs to offer access to mail servers via the standard IMAP protocol. That’s a simple step to take, and it should be taken as soon as possible.

You can count on the European Parliament Free Software User Group (EPFSUG) to help you in this effort, and I’m glad to offer FSFE’s support as well.

Let’s be clear. The European Parliament is the EU’s greatest democratic institution. European citizens are right to expect the Parliament to live up to this standard. Let’s all work together to help the Parliament on this path.

WhatsApp Adopts Secure End-to-End Encryption. But will it federate?

Torsten's Thoughtcrimes» Free Software | 11:13, Wednesday, 19 November 2014

WhatsApp has announced that it is currently switching all its users to secure end-to-end encryption. It is now using a state-of-the-art protocol that was developed for the Free Software app TextSecure. This cryptographic protocol fulfills most desired security properties and is simple to use at the same time. The encryption happens without the users even noticing it.

Thanks to Edward Snowden, the world’s population now knows about the reality of ubiquitous surveillance and is asking for private communications. It is a good sign that companies who previously have assisted surveillance are now helping to fight it.

WhatsApp has understood that the value of real private communication outweighs the value to be gained from reading people’s messages. Let’s hope that others will understand this as well.

Trust and Federation

This bold move will improve WhatsApp’s image significantly, provided that it doesn’t fail again badly in security as it already has many times in the past. The list of these failures is long and it remains to be seen if the encryption was implemented in a way that can’t be broken. Also, we have to trust that there are no backdoors built in.

Independent reviews of WhatsApp’s code are still not possible, because – contrary to TextSecure – the WhatsApp itself remains proprietary and closed. Also, only one part of TextSecure’s clever protocol was implemented: the encryption. The other interesting part was left out: federation.

Federation essentially means opening a service to competitors by allowing them to connect their products to it. This way you can choose the app you like most and still chat with all your friends instead of being forced to use only WhatsApp. This works just like email. The protocol of email is an Open Standard and allows for many independent email providers. You can choose the one you trust or can even be your own provider if you like.

But will it federate?

Opening up its service for federation unfortunately does not have the same positive benefit for WhatsApp’s image as encrypting its messages. It would even endanger the monopolistic ambitions it has, trying to become the world’s messenger.

I would rather see the world’s messaging service in the hands of society than in control of one single company. As much as I like to see WhatsApp open up, it will not happen. Opening up is just not in its interest and the public is not even asking for it.

The only way I see federation for WhatsApp happening is with an even bigger monopoly and a powerful cartel authority that forces WhatsApp to open up its service to competitors.

Until this happens and I can use a Free Software app to chat with WhatsApp users, I will continue to look for what to use instead of WhatsApp.

<script type="text/javascript"> (function () { var s = document.createElement('script'); var t = document.getElementsByTagName('script')[0]; s.type = 'text/javascript'; s.async = true; s.src = '/wp-content/libs/SocialSharePrivacy/scripts/jquery.socialshareprivacy.min.autoload.js'; t.parentNode.insertBefore(s, t); })(); </script>

Monday, 08 December 2014

ABOUT THE PERFORMANCE OF THE SIFR ICON SET

bb's blog | 12:31, Monday, 08 December 2014

We present results from the recent icon test using Sifr icons and compare it to the findings for Tango and Oxygen inspected in 2013. Read on…

Sunday, 16 November 2014

Installing Ubuntu without proprietary software

the_unconventional's blog » English | 18:00, Sunday, 16 November 2014

A couple of days ago, I wrote about how I’m fed up with Debian’s attitude on upgrading to working Intel X drivers. I’ve given up all hope for jessie to ever be usable, so I decided to migrate to Ubuntu … Continue reading

Planet Fellowship (en): RSS 2.0 | Atom | FOAF |

  /127.0.0.?  /var/log/fsfe/flx » planet-en  Albrechts Blog  Alessandro at FSFE » English  Alina Mierlus - Building the Freedom » English  André on Free Software » English  Being Fellow #952 of FSFE » English  Bela's Internship Blog  Bernhard's Blog  Bits from the Basement  Björn Schießle's Weblog » English  Blog of Martin Husovec  Blog » English  Bobulate  Brian Gough's Notes  Carlo Piana :: Law is Freedom ::  Ciarán's free software notes  Colors of Noise - Entries tagged planetfsfe  Commons Machinery » FSFE  Communicating freely  Computer Floss  Creative Destruction & Me » FLOSS  Daniel Martí's blog  DanielPocock.com - fsfe  Don't Panic » English Planet  ENOWITTYNAME  Escape to freedom  FSFE Fellowship Vienna » English  Fellowship Interviews  Fellowship News  Frederik Gladhorn (fregl) » FSFE  Free Software & Digital Rights Noosphere  Free Software with a Female touch  Free as LIBRE  Free speech is better than free beer » English  Free, Easy and Others  From Out There  GLOG » Free Software  Gianf:) » free software  Graeme's notes » Page not found  Green Eggs and Ham  Handhelds, Linux and Heroes  Heiki "Repentinus" Ojasild » English  HennR's FSFE blog  Henri Bergius  Hook’s Humble Homepage  I love it here » English  Inductive Bias  Intuitionistically Uncertain » Technology  Jelle Hermsen » English  Jens Lechtenbörger » English  Jonas Öberg  Karsten on Free Software  Leena Simon » » english  Losca  Mario Fux  Mark P. Lindhout’s Flamepit  Martin's notes - English  Matej's blog » FSFE  Max's weblog » English  Myriam's blog  Mäh?  Nice blog  Nico Rikken » fsfe  Nicolas Jean's FSFE blog » English  Paul Boddie's Free Software-related blog » English  Pressreview  Saint's Log  Sam Tuke » Free Software  Sam Tuke's blog  Seravo  The Girl Who Wasn't There » English  The trunk  Thib's Fellowship Blog » fsfe  Thinking out loud » English  Thomas Koch - free software  Thomas Løcke Being Incoherent  Thoughts in Parentheses » Free Software  Tonnerre Lombard  Torsten's FSFE blog » english  Torsten's Thoughtcrimes» Free Software  Valentin Rusu » fsfe  Viktor's notes » English  Weblog  Weblog  Weblog  Weblog  Weblog  Weblog  Werner's own blurbs  With/in the FSFE » English  a fellowship ahead  agger's Free Software blog  anna.morris's blog  ayers's blog  bb's blog  blog  blog.padowi.se » English  drdanzs blog » freesoftware  emergency exit  free software blog  freedom bits  gollo's blog » English  hesa's Weblog » Free Software  irl:/dev/blog » fsfe-planet  julia.e.klein's blog  marc0s on Free Software  mina86.com  mkesper's blog » English  nikos.roussos  pb's blog  pichel's blog  rieper|blog » en  softmetz' anglophone Free Software blog  stargrave's blog  the_unconventional's blog » English  things i made  tobias_platen's blog  tolld's blog  wkossen's blog  yahuxo's blog