Planet Fellowship (en)

Tuesday, 24 May 2016

Is this the end of decentralisation?

fsfe - Bits of Freedom | 09:03, Tuesday, 24 May 2016

Is this the end of decentralisation?

I've been sitting on these thoughts for some time, but after not progressing in my thoughts more for a week or two, I'd love to share them with you. You may recall Moxie's blog post about how the software ecosystem is constantly moving and what this means for decentralised services.

Signal, which is developed by Moxie and Open Whisper Systems, is a tool for secure messaging between mobile devices. It has faced criticism since Signal is built on a centralised platform. The criticism was fueled even further by an idea that LibreSignal, an independent build of Signal, would not be able to federate and talk to the Signal servers.

In a response to this critique, Moxie wrote about how he feels that innovation can not happen as quickly and easily as needs be with federated and decentralised structures. To prove his point, he argued that the premise that the internet could not have gotten to where it is without interoperable and federated protocols is false.

We got to the first production version of IP, and have been trying for the past 20 years to switch to a second production version of IP with limited success. We got to HTTP version 1.1 in 1997, and have been stuck there until now. Likewise, SMTP, IRC, DNS, XMPP, are all similarly frozen in time circa the late 1990s. That's how far the internet got. It got to the late 90s. - Moxie Marlinspike

I would postulate that Moxie is right in his reasoning, but that his reasoning misses the larger picture. If I'm right, we're a year or a bit away from a federated structure for secure messaging. And we'd have gotten there thanks to Moxie and his work.

It all has to do with infrastructures.

Infrastructures for communication depend on having a larger user base. The more users you have signing up, the more likely it will be that someone you meet and want to communicate with is using the same communications infrastructure. Once you get a significant portion -- I would estimate some 30-50% -- of a community to use your infrastructure, it will be very difficult for the remaining 50-70% of the community to stay away from using the same infrastructure. You'll automatically attract more users by sheer necessity of communication.

If you have the right users, you can get away with significantly less than 30-50%: you can benefit from the majority illusion, but even that will only take you so far. No one can reasonably expect to develop (and control!) clients which are suitable for everyone's use, and the user base is limited by it. Open Whisper Systems is nowhere near such a user base, and there's tremendous growth potential in Signal still, but it may soon start to be difficult to see the same growth as it has to date.

Facebook, to take another popular example, doesn't have the same limit. Not because they have more resources, but because they use a communication technology (the web) which is based on the 90s technology which Moxie finds so troublesome. It's the common denominator for pretty much everyone using the web today, which is what makes it powerful. Despite mobile phones, I'd argue that Facebook became what it is due to them using a communication protocol which was not theirs, but a common standard. Had they enforced control over the clients used to connect, they would probably not have scaled in the way they did.

For communication infrastructure which should scale, we need common standards which everyone can use. For other software, which does not depend on scale, the standards aren't as important: it could be perfectly fine to have just one client for your tax software, as long as that's open source.

But this is also a matter of maturity: when a field is being established, it helps to have control over everything. As it grows, open standards and decentralisation become more important and people start to expect it to scale and grow wider. Nothing is as irritating as having a client for encrypted SMS and not being able to communicate with your friend, just because she happens to use a different program.

When those expectations mount, the need for a proper response will grow, and that response will be a decentralised structure which does not depend on control over individual applications.

But where Moxie and Open Whisper Systems finds themselves today is very natural. They are where every new infrastructure starts: in the establishment phase, where several actors independently of each other work within their own communities to build similar infrastructures with limited or no need for interoperability or decentralisation.

Our train lines started out the same way, with multiple train companies establishing and building complete tracks with stations and trains. Electricity was locally sourced and under the control of the local electrical company. Telegraph lines were point to point and operated individually. As was telephone networks, where you had a massive amount of local telephone companies operating in different communities.

Until it wasn't any more. All of these infrastructures are now, to various degrees, federated. You may have multiple providers operating parts, but they are all interconnected, because the need for interoperability trumps the need for centralisation.

Moxie is right in his reasoning, and his conclusion is understandable based on where the field is today. And even if, as Moxies puts it:

... at this point it seems that it will have to do.

The ecosystem is moving, as is the environment in which it operates. Put a reminder in your calendar a year from now and revisit the situation then: at that point of time, the ecosystem will have moved, the environment around it will have moved, and I'd be greatly surprised if it hadn't inched closed to a federated structure.

Is this the end of decentralisation?

free software - Bits of Freedom | 09:03, Tuesday, 24 May 2016

Is this the end of decentralisation?

I've been sitting on these thoughts for some time, but after not progressing in my thoughts more for a week or two, I'd love to share them with you. You may recall Moxie's blog post about how the software ecosystem is constantly moving and what this means for decentralised services.

Signal, which is developed by Moxie and Open Whisper Systems, is a tool for secure messaging between mobile devices. It has faced criticism since Signal is built on a centralised platform. The criticism was fueled even further by an idea that LibreSignal, an independent build of Signal, would not be able to federate and talk to the Signal servers.

In a response to this critique, Moxie wrote about how he feels that innovation can not happen as quickly and easily as needs be with federated and decentralised structures. To prove his point, he argued that the premise that the internet could not have gotten to where it is without interoperable and federated protocols is false.

We got to the first production version of IP, and have been trying for the past 20 years to switch to a second production version of IP with limited success. We got to HTTP version 1.1 in 1997, and have been stuck there until now. Likewise, SMTP, IRC, DNS, XMPP, are all similarly frozen in time circa the late 1990s. That's how far the internet got. It got to the late 90s. - Moxie Marlinspike

I would postulate that Moxie is right in his reasoning, but that his reasoning misses the larger picture. If I'm right, we're a year or a bit away from a federated structure for secure messaging. And we'd have gotten there thanks to Moxie and his work.

It all has to do with infrastructures.

Infrastructures for communication depend on having a larger user base. The more users you have signing up, the more likely it will be that someone you meet and want to communicate with is using the same communications infrastructure. Once you get a significant portion -- I would estimate some 30-50% -- of a community to use your infrastructure, it will be very difficult for the remaining 50-70% of the community to stay away from using the same infrastructure. You'll automatically attract more users by sheer necessity of communication.

If you have the right users, you can get away with significantly less than 30-50%: you can benefit from the majority illusion, but even that will only take you so far. No one can reasonably expect to develop (and control!) clients which are suitable for everyone's use, and the user base is limited by it. Open Whisper Systems is nowhere near such a user base, and there's tremendous growth potential in Signal still, but it may soon start to be difficult to see the same growth as it has to date.

Facebook, to take another popular example, doesn't have the same limit. Not because they have more resources, but because they use a communication technology (the web) which is based on the 90s technology which Moxie finds so troublesome. It's the common denominator for pretty much everyone using the web today, which is what makes it powerful. Despite mobile phones, I'd argue that Facebook became what it is due to them using a communication protocol which was not theirs, but a common standard. Had they enforced control over the clients used to connect, they would probably not have scaled in the way they did.

For communication infrastructure which should scale, we need common standards which everyone can use. For other software, which does not depend on scale, the standards aren't as important: it could be perfectly fine to have just one client for your tax software, as long as that's open source.

But this is also a matter of maturity: when a field is being established, it helps to have control over everything. As it grows, open standards and decentralisation become more important and people start to expect it to scale and grow wider. Nothing is as irritating as having a client for encrypted SMS and not being able to communicate with your friend, just because she happens to use a different program.

When those expectations mount, the need for a proper response will grow, and that response will be a decentralised structure which does not depend on control over individual applications.

But where Moxie and Open Whisper Systems finds themselves today is very natural. They are where every new infrastructure starts: in the establishment phase, where several actors independently of each other work within their own communities to build similar infrastructures with limited or no need for interoperability or decentralisation.

Our train lines started out the same way, with multiple train companies establishing and building complete tracks with stations and trains. Electricity was locally sourced and under the control of the local electrical company. Telegraph lines were point to point and operated individually. As was telephone networks, where you had a massive amount of local telephone companies operating in different communities.

Until it wasn't any more. All of these infrastructures are now, to various degrees, federated. You may have multiple providers operating parts, but they are all interconnected, because the need for interoperability trumps the need for centralisation.

Moxie is right in his reasoning, and his conclusion is understandable based on where the field is today. And even if, as Moxies puts it:

... at this point it seems that it will have to do.

The ecosystem is moving, as is the environment in which it operates. Put a reminder in your calendar a year from now and revisit the situation then: at that point of time, the ecosystem will have moved, the environment around it will have moved, and I'd be greatly surprised if it hadn't inched closed to a federated structure.

Monday, 23 May 2016

PostBooks, PostgreSQL and pgDay.ch talk

DanielPocock.com - fsfe | 17:35, Monday, 23 May 2016

PostBooks 4.9.5 was recently released and the packages for Debian (including jessie-backports), Ubuntu and Fedora have been updated.

Postbooks at pgDay.ch in Rapperswil, Switzerland

pgDay.ch is coming on Friday, 24 June. It is at the HSR Hochschule für Technik Rapperswil, at the eastern end of Lake Zurich.

I'll be making a presentation about Postbooks in the business track at 11:00.

Getting started with accounting using free, open source software

If you are not currently using a double-entry accounting system or if you are looking to move to a system that is based on completely free, open source software, please see my comparison of free, open source accounting software.

Free and open source solutions offer significant advantages: flexibility, businesses can choose any programmer to modify the code, and use of SQL back-ends, multi-user support and multi-currency support are standard. These are all things that proprietary vendors charge extra money for.

Accounting software is the lowest common denominator in the world of business software, people keen on the success of free and open source software may find that encouraging businesses to use one of these solutions is a great way to lay a foundation where other free software solutions can thrive.

PostBooks new web and mobile front end

xTuple, the team behind Postbooks, has been busy developing a new Web and Mobile front-end for their ERP, CRM and accounting suite, powered by the same PostgreSQL backend as the Linux desktop client.

More help is needed to create official packages of the JavaScript dependencies before the Web and Mobile solution itself can be packaged.

Workshop on standardised fingerprints

free software - Bits of Freedom | 11:37, Monday, 23 May 2016

Workshop on standardised fingerprints

The algorithms I've worked on in the Elog.io and Videorooter projects all aim to make visual identification of photographs and videos possible with the use of fingerprints: two videos which are the same, but in different encoding formats, should ideally generate the same fingerprint.

In September, Kennisland and Commons Machinery is inviting to a workshop on standardising hashing, with the intent of bringing others who do similar work together. We're far from the only ones doing fingerprint algorithms for photographs and videos, and we'd like to bring as many people as possible together to discuss joinly how we can move the field forward and what the opportunities there are for more collaboration.

If you're interested in algorithms for fingerprinting videos and photographs, and ideally if you've worked on such algorithms yourself, check out the announcement.

Sunday, 22 May 2016

Comments closed

things i made | 18:14, Sunday, 22 May 2016

Dear visitor,

I’m sorry but I had to disable new comments on posts since I’m not able to answer them at the moment. I will reactive commenting as soon as it will be possible for me to react in a timely manner.

Friday, 20 May 2016

Report of the local FSFE meeting in Frankfurt on May 4

Being Fellow #952 of FSFE » English | 11:35, Friday, 20 May 2016

At the last FSFE meeting in Frankfurt, we planned to work mainly on the Free Software flyers which we adopted from the local group in Munich. Unfortunately, three of the six persons who showed up were not aware that this was meant to be a “workshop” and didn’t bring any equipment for it.

For the future, I guess we have to communicate this a little better. And as some time sensitive topics were added to the agenda we couldn’t work on the flyers as much as we wanted to.

FS Flyer

We did manage to get “something” done on the flyers though. Main topics and findings were:

  • What is important to people? How can we stress this on the intro page? (political aspects, security, gratis, usability, …)
  • The old (and tiring argument FS vs OS. I pointed to Björns article about the issue.
  • How to tackle common preconceptions like “it can’t be as good if it doesn’t cost anything”.
  • and we found a few outdated links and that Lightning calender is now part of Thunderbird

Workshops/Cryptoparty at insurance company

As a follow-up to a talk Michael Stehmann gave at an insurance company, we were asked if we could provide more workshops and talks related to Free Software as there seems some interest among the employees.

Linux Presentation Day

As agreed on earlier, we decided not to come up with our “own” events for LPD but rather support existing events in the area. This will not only bundle the limited resources for these events but also strengthen the network of active people.

Acitivites in a nearby school

There will be a “project week” in a nearby school. We may end up organizing a talk about FS and/or a cryptoparty.

Upcomming Workshop at the Goethe-University in Frankfurt

I’ve been invited to a workshop at the university to talk about Free Software in education and asked the participants for imput for this.

Düsseldorf

We summarized the discussions of the last few weeks about the closure of the FSFE office in Düsseldorf and related topics.

Miscelanious

  •  FSFE wiki migration
  • Kolab can handle MS exchange
  • “half free” GNU/Linux distros and should they even be advertised
  • a little MS Windows bashing :)
  • Email encryption for mailinglists
  • de-mail
  • Steed

That’s what my notes reveal to me. The next meeting will take place on June 7 in Wiesbaden. We’ll visit the CCC MZ/WI on their “open day”.

See you then!

flattr this!

Thursday, 19 May 2016

OSCAL 2016: A role model for community events

PB's blog » en | 10:36, Thursday, 19 May 2016

This year, I had the honor of being invited to give a talk and workshop at the “Open Source Conference ALbania” (OSCAL) in Tirana, again.
It was simply amazing. Again.

Over the years, I’ve attended many conferences of this kind – as speaker, as well as a visitor.
Yet, the OSCAL-experience from 2015 was quite outstanding in my memory – so my expectations to meet were even higher this year ;)

Community events need the right atmosphere:

Firstly, it’s amazing how well the voluntary team of organizers takes care of the speakers:
They’re not only incredibly nice, friendly and helpful wherever they can, but they just made every single one of us feel appreciated, welcome and being looked after.
It was the most amazing “all-awesome-feelaround-package”, even including pick-up from the airport, and a nice goodie-present with local delicacies.

Maybe it sounds strange to mention this, but this is a community event. Not a trade-show. (Although, there are business opportunities and networking connections to be made there too, of course)

I’ve seen other events like this, were the organizers had not understood that they’re mostly dealing with volunteers (also on the speaker side), who put a lot of their spare-time into this. I’ve been to events where they made you feel like a solicitant. Like you had to serve the organizers and be grateful that you were “allowed” to contribute.
This makes you feel bad – and in consequence, it makes people less interested, less cooperative, less open and greatly reduces the interest of participating next time.

The OSCAL team understood this, and managed to create a great event, where participants as well as contributors felt great:

This encourages people to embrace the ideas of Software Freedom even more, as it generates a great atmosphere where people want to ask, participate, communicate, collaborate and exchange themselves about ideas, projects and visions.

A wide range of interesting subjects:

The conference itself was well-organized, with multiple tracks of presentations, workshops and even “birds of feathers” (BoF) rooms, where participants could arrange ad-hoc meetings or working-groups on different topics.
The selection of topics covered a wide range of interesting subjects – ranging from programming, office or audiovisual – to graphics design.
The FSFE had an info-table with information material, and me standing there, offering additional information where needed.

Tech: Not only a male thing!

Something else thing that makes OSCAL special, is that the male/female ratio seems to be the inverse of what you usually see in our western world:
Just like last year, there were at least as many girls as guys!
Many of the girls there are studying computer science, programming or other subjects – and they’re having great fun.
Check out the speakers list, to see for yourselves.

Usually I keep hearing that “technical stuff is only interesting for men”, or even worse: “women can not understand these things” (and even some female friends of mine believe that).
OSCAL not only proves that this is complete nonsense.
At other “nerd events”, I’ve seen that girls might feel uncomfortable: Not only, because they stand out as rare exception, but also because some guys seem to not take them fully seriously – or even say inappropriate things to them…

So, OSCAL also stands out as a role model here again, when you see how people respectfully interact with each other – regardless of their sexual gender.
Therefore, I’d encourage the rest of the world to learn from Tirana how gender-equality is done better :)

After spending only this short time there, I learned that Albanian people will always find a way to make things happen.
You emerge in a world and atmosphere where you feel that anything is possible, if you envision it – and this again attracts and inspires others.

Looking forward to OSCAL 2017! :D

Tuesday, 17 May 2016

Are you the FSFE's next intern?

fsfe - Bits of Freedom | 14:38, Tuesday, 17 May 2016

Are you the FSFE's next intern?

One of the advantages of our ticket system in the FSFE, which we now use to manage among other things our internship applications, is that it's very easy to get an overview. I just extracted a report of our internship applications for the past month.

Since the 18th of April, we've had 29 applications for an internship or traineeship. Among those, we've accepted 1 (one!) who will start her internship now in the end of the month. Most of the applications we get sadly do not make the cut.

We have to prioritise among the applications, and we tend to prioritise those who've shown a previous commitment to free software, and who we think would benefit the most from an internship. Working with the FSFE is a challenge: as an intern, you are not only encouraged, but expected, to participate in and lead our work. It's a true learning by doing experience.

Each intern is also an investment from our side. We believe in what we do, and we believe that giving people experience from working on political, technical and social issues in a non-profit organisation is one of our most useful activities. As such, we invest significant time and effort into each intern, which is also why we limit the number of concurrent interns to what the organisation can actually manage at any one time.

Each year, we accept somewhere between three and six interns and trainees, a bit depending on the number of applications we receive and the relevance of them. If current trends continue, this means an acceptance rate of about 1,7% of all applications. Or put in a different way: it means that for every intern we accept, we decline 58 others.

Here are some hints, if you want to be the FSFE's next intern:

  • Motivational letters help, especially if you show that you've done your homework and read up on our activities beforehand so you can relate them to your own experience and interests.
  • Be careful about reading through the requirements for our internship. It wastes time for both you and us if you apply and we get into a discussion, only to find out we can not accept you due to the internship not being required by your university1.
  • References aren't as important as you may think. It's more important how you present yourself, and what previous experience you can show for.
  • Previous experience in Free Software isn't a strict necessity, but you must definitely know something of the field of free and open generally, and the stronger background you have in this regard, the more useful an internship will be for you.

Good luck with your application!

  1. We have a separate traineeship program which has less formal requirements, but it comes at a more significant cost for us, and we can not accept as many as we want. If you're interested in sponsoring our work so we can increase the number of trainees we accept, I'd love to talk to you!

Are you the FSFE's next intern?

free software - Bits of Freedom | 14:38, Tuesday, 17 May 2016

Are you the FSFE's next intern?

One of the advantages of our ticket system in the FSFE, which we now use to manage among other things our internship applications, is that it's very easy to get an overview. I just extracted a report of our internship applications for the past month.

Since the 18th of April, we've had 29 applications for an internship or traineeship. Among those, we've accepted 1 (one!) who will start her internship now in the end of the month. Most of the applications we get sadly do not make the cut.

We have to prioritise among the applications, and we tend to prioritise those who've shown a previous commitment to free software, and who we think would benefit the most from an internship. Working with the FSFE is a challenge: as an intern, you are not only encouraged, but expected, to participate in and lead our work. It's a true learning by doing experience.

Each intern is also an investment from our side. We believe in what we do, and we believe that giving people experience from working on political, technical and social issues in a non-profit organisation is one of our most useful activities. As such, we invest significant time and effort into each intern, which is also why we limit the number of concurrent interns to what the organisation can actually manage at any one time.

Each year, we accept somewhere between three and six interns and trainees, a bit depending on the number of applications we receive and the relevance of them. If current trends continue, this means an acceptance rate of about 1,7% of all applications. Or put in a different way: it means that for every intern we accept, we decline 58 others.

Here are some hints, if you want to be the FSFE's next intern:

  • Motivational letters help, especially if you show that you've done your homework and read up on our activities beforehand so you can relate them to your own experience and interests.
  • Be careful about reading through the requirements for our internship. It wastes time for both you and us if you apply and we get into a discussion, only to find out we can not accept you due to the internship not being required by your university1.
  • References aren't as important as you may think. It's more important how you present yourself, and what previous experience you can show for.
  • Previous experience in Free Software isn't a strict necessity, but you must definitely know something of the field of free and open generally, and the stronger background you have in this regard, the more useful an internship will be for you.

Good luck with your application!

  1. We have a separate traineeship program which has less formal requirements, but it comes at a more significant cost for us, and we can not accept as many as we want. If you're interested in sponsoring our work so we can increase the number of trainees we accept, I'd love to talk to you!

Blogs and other infrastructures

fsfe - Bits of Freedom | 07:24, Tuesday, 17 May 2016

Blogs and other infrastructures

The proverb says that necessity is the mother of invention, and while I wouldn't call what happened today a major invention, it was at least a necessity. For about a month, one of the servers of the FSFE has been crashing randomly, necessitating us to press the button to restart it regularly. It's been particularly troublesome as the server in question has housed our blog setup, our web pages and svn repositories. From a communications perspective, this is one of the three pillars of the organisation (the other pillars being email and XMPP).

In our new virtualisation environment (think of this as the FSFE's private cloud - but remember there is no cloud), this wouldn't be a problem: the servers would migrate to a new host and restart there. But the services I mentioned run on older hardware and haven't been migrated yet. And they still have to be migrated, more so now than ever, but there's a silver lining to these events, and that silver lining is due to our amazing volunteers.

A while ago, I started talking to a smaller group of people regarding our blog platform. This is a service we provide to our volunteers to give them a place to write about their explorations of free software and their work in the FSFE. Our blog platform, however, has been in a dire state and not only needing to be migrated, but also upgraded in the process. My original thought had been to migrate away from offering blogs, but I was convinced otherwise, for two very important reasons.

One, a volunteer stepped forward and offered to coordinate a volunteer team to focus on maintaining the blog platform, turning this service into a service run by the volunteers, for the benefit of other volunteers. This is an excellent development, and we're just starting to send out the invitations to join this volunteer team for anyone who's interested in blog platform hosting. Which leads me to the second reason why I'm excited about this.

Two, hosting a service is a good learning experience. If you're interested in devops or system administration, hosting your own blog is a way of learning the tips and tricks of the trade. Hosting a blog platform for hundreds, potentially thousands, of others, is even more so. And this is what the FSFE can offer: an ability for interested individuals to join in and work practically in volunteer teams to further their skills.

This is something we've always done with the FSFE's internships and I'm excited we're now at a point where we can successfully do the same in other ways.

If you're interested in helping out with our blog platform team, get in touch with our system administrators at system-hackers (obvious-at) fsfeurope.org or just reach out to me about it. While this team is getting up to speed, I've meanwhile migrated the blogs and svn repositories from the faulty computer to another computer. This squeezes the services together on a slower machine, so everything will run a bit slower, but it will hopefully at least not crash.

Blogs and other infrastructures

free software - Bits of Freedom | 07:24, Tuesday, 17 May 2016

Blogs and other infrastructures

The proverb says that necessity is the mother of invention, and while I wouldn't call what happened today a major invention, it was at least a necessity. For about a month, one of the servers of the FSFE has been crashing randomly, necessitating us to press the button to restart it regularly. It's been particularly troublesome as the server in question has housed our blog setup, our web pages and svn repositories. From a communications perspective, this is one of the three pillars of the organisation (the other pillars being email and XMPP).

In our new virtualisation environment (think of this as the FSFE's private cloud - but remember there is no cloud), this wouldn't be a problem: the servers would migrate to a new host and restart there. But the services I mentioned run on older hardware and haven't been migrated yet. And they still have to be migrated, more so now than ever, but there's a silver lining to these events, and that silver lining is due to our amazing volunteers.

A while ago, I started talking to a smaller group of people regarding our blog platform. This is a service we provide to our volunteers to give them a place to write about their explorations of free software and their work in the FSFE. Our blog platform, however, has been in a dire state and not only needing to be migrated, but also upgraded in the process. My original thought had been to migrate away from offering blogs, but I was convinced otherwise, for two very important reasons.

One, a volunteer stepped forward and offered to coordinate a volunteer team to focus on maintaining the blog platform, turning this service into a service run by the volunteers, for the benefit of other volunteers. This is an excellent development, and we're just starting to send out the invitations to join this volunteer team for anyone who's interested in blog platform hosting. Which leads me to the second reason why I'm excited about this.

Two, hosting a service is a good learning experience. If you're interested in devops or system administration, hosting your own blog is a way of learning the tips and tricks of the trade. Hosting a blog platform for hundreds, potentially thousands, of others, is even more so. And this is what the FSFE can offer: an ability for interested individuals to join in and work practically in volunteer teams to further their skills.

This is something we've always done with the FSFE's internships and I'm excited we're now at a point where we can successfully do the same in other ways.

If you're interested in helping out with our blog platform team, get in touch with our system administrators at system-hackers (obvious-at) fsfeurope.org or just reach out to me about it. While this team is getting up to speed, I've meanwhile migrated the blogs and svn repositories from the faulty computer to another computer. This squeezes the services together on a slower machine, so everything will run a bit slower, but it will hopefully at least not crash.

Friday, 13 May 2016

Briar – Next Step of The Crypto Messenger Evolution

Free Software – | 14:11, Friday, 13 May 2016

Who still remembers ICQ, AIM and MSN? My first messenger was ICQ and I liked the fact that it was instant. In those days, I didn’t think much about security and was probably too young anyway. We can count ourselves lucky if those tools even used transport encryption. This means that our messages are encrypted on the way from our computer to the server, so nobody can see the content of the messages while they are in transit.

Whoever has access to the server however can know the content since all messages get decrypted as soon as they arrive at the server and then encrypted again before they leave the server for the recipient.

Those days are long gone. We have smartphones now and there are plenty of new apps that replaced the instant messengers of the past. Many of those apps haven’t even used simple transport encryption in the beginning and have been criticized for it. Security became a selling point and even more so after Snowden’s revelations. So let’s fast-forward a bit.

Transport Encryption

Transport Encryption

Recent Security Innovations

Many companies have finally realized that if they have our messages in plain text, they attract others who also want those messages. The most powerful of those adversaries have ways to get hold of our conversations, be it by hacking into the servers or by using the law. So the service providers started to deploy end-to-end encryption similar to what PGP does for email. In contrast to transport encryption, end-to-end encryption ensures that the message can only by read by its sender and the intended recipient. It is never decrypted along the way and if stored on a server, even the server’s owner can not read the messages.

End-to-End Encryption

End-to-End Encryption

That is at least the idea. It needs to be implemented properly and you need to make sure that nobody else gets access to the private keys that secure the communication. As soon as that happens and an adversary has your private key, he can decrypt all your past communication. That is why the concept of forward-secrecy has been introduced. It prevents exactly that from happening by encrypting your communication with fresh session keys as often as possible. These ephemeral keys can not be broken, even if the adversary gets hold of your long term private key.

Looking at Some Popular Messengers

TelegramLet’s look at some messaging apps that people use today. There’s Telegram for example. It uses only transport encryption by default. Then it even stores all your messages on their server, so that when you reinstall the app on another phone, you get all your messages back. How convenient! But that also means that whoever has access to Telegram’s server (or manages to register with your phone number) gets access to all your conversations as well.

Telegram has a secret chat mode as well that you need to activate specifically to gain end-to-end encryption and forward-secrecy. People who know more about cryptography than me have looked into their crypto and even they don’t know exactly what Telegram is doing there. Although, there is no known weakness of the “secure” chats, I personally wouldn’t even trust those to be secure.

SignalThen there’s Signal. That’s what everybody (including Edward Snowden) is recommending and it is great. The signal crypto protocol (formally called Axolotl) is awesome. It finally solves many tricky problems that made using good encryption so difficult for so long. For example, if you need a private key to secure your communication and you want to chat from a different device with the same account, how do you get your private key to your other device? How do you communicate asynchronously with somebody who might be offline and therefore can not do a key exchange? All these problems, the Signal protocols solves elegantly.

With Signal, the crypto is solid and gets out of your way. It is easy to use and secure by default. That is why everybody is recommending it and depending on your threat model, I would recommend it as well.

WhatsAppThen there’s WhatsApp which is the messenger that most people use. It had big security problems in the past, but got a lot better. They contracted Moxie Marlinspike from Signal who helped them to implement the Signal protocol. It got activated for WhatsApp on Android a while ago already and recently was activated on iPhones as well. That’s great since it brought strong and good end-to-end crypto to billions of people.

Unfortunately, WhatsApp is not Free Software, so we can not inspect the source code, make sure it is good and we can’t build our own version of WhatsApp to make sure the source code actually corresponds to the binary. It would be easy for WhatsApp to ship an update that leaks information and conversations from people that law enforcement is currently interested in. Would it be Free Software with reproducible builds like Signal is, that wouldn’t be possible. So security-wise WhatsApp is probably still better than Telegram, but I still wouldn’t trust it.

Like with Telegram’s secret chats, Signal and WhatsApp also give you the ability to make sure the person you are talking to is actually who you think you are talking to. Let me call this Authentication. It is typically done by scanning a QR code or comparing a digital fingerprint. Most messengers use a trust-on-first-use (TOFU) approach which means that your contact is considered to be authenticated from the beginning. You can only discover that you are actually talking to a man-in-the-middle when you scan the QR code.

WhatsApp does not even warn you by default when your contacts’ keys change. This enables an attacker to take over your WhatsApp account with a hijacked SMS and see what people are writing you.

So to summarize, when assessing the security of messengers, we are typically looking at these criteria:

  • End-to-End Encryption
  • Authentication
  • Forward-Secrecy
  • Free Software

If you are interested in knowing whether your favorite messenger fulfills these criteria or not, check out EFF’s Secure Messaging Scorecard.

Centralization vs. Federation

Centralized Architecture

Centralized Architecture

The basic architecture of all the popular messengers is monolithic and centralized. There’s one server (or a cluster of those) that everybody has to connect to. These services are walled gardens where the company running the service has total control over what’s happening. They can not only hand out your metadata, but also exclude you from using the service cutting you off from all your friends. They can require you to use only their non-free software, show you their ads, etc. But even if they don’t bother you and just let you use their service, others have an easy time to block a centralized service entirely. Like Brazil did when WhatsApp couldn’t disclose the information Brazilian judges wanted, because the suspects were already using WhatsApp with end-to-end encryption.

That is why federated architectures have been popular once. The most famous example for that is email. There’s not only Gmail, but many other email servers in the world. You can choose the email provider you like. Everybody is free to open one and it will just work with all the others. You can send emails to everybody no matter on which server they are and nobody can exclude you from using email or dictate the software you have to use.

Federated Architecture

Federated Architecture

The equivalent to that in the messaging world is XMPP or Jabber. It works great and was once even supported by Facebook, Google and Microsoft. But they have decided again that walled-gardens are better for their business model, so they dropped XMPP like a hot potato. Signal supported federation initially, but decided that it can not make changes fast enough to stay competitive if it has to federate with others.

What about security with XMPP? Well, it is like with email. In the beginning, it was just (optional) transport encryption and even today many servers exchange messages with each other unencrypted or at least potentially unencrypted. Security had to be added later on top of what was already there. For email that was PGP, for Jabber it was OTR. When it came out, it was great. Good security properties and even does deniability. Many people are still recommending it today, but the truth is that it is a pain to use especially when you have more than one device. It also requires both parties to be online when they want to chat encrypted and is just not well integrated in the overall chat experience.

OTR is nowhere near the ease of use the Signal protocol offers, but thankfully the latter has been brought to the XMPP world under the name of OMEMO by the Conversations team. Conversations is an Android app for XMPP. Actually, it is the best XMPP app I know. Give it a try! Unfortunately, OMEMO is not activated by default since many people still use XMPP without it. But this will hopefully change soon. Then Conversations will be a good match to the centralized competition.

What is missing?

So we came a long way and now have better and more secure tools to use than we had just a year ago. That’s great, but we can still do better.

Even if the server can’t read your messages anymore due to end-to-end encryption, it still knows who your friends are and how often you talk to them. That’s usually called metadata and can be more dangerous than the content of the messages. It can be used to map entire social groups and to identity its key people. We know that there’s organizations on this world that kill people based on metadata. So if your adversaries include these organizations and you still like to communicate, you’ve got a problem.

While federation is great in principle, it is not perfect. While a lot harder to censor and block, the metadata is still there and is even seen by more servers. Heck, you still need somebody to run a server for you. Why? Aren’t we all equal in the internet? Couldn’t we connect directly to each other without the need for servers?

Peer-to-Peer Architecture

Peer-to-Peer Architecture

That is exactly what a decentralized architecture or peer-to-peer does. You might know that from Bittorrent. It works great there, why not for messaging as well? After all a message is a lot smaller than a HD movie. Do we really need servers that keep track of our activities? Maybe not, let’s find out!

But first, let’s extend the list of criteria for evaluating messengers. We’ve got messengers that fulfill the earlier criteria already, so let’s raise the bar:

  • End-to-End Encryption
  • Authentication
  • Forward-Secrecy
  • Free Software
  • Censorship Resistant
  • No Metadata

Most messengers currently fail at the last two criteria.

Meet Briar

BriarNow it is time to finally meet Briar which does work completely peer-to-peer without the need for servers and is all about protecting your metadata. It is fully Free Software and utilizes end-to-end encryption with forward secrecy.

Briar doesn’t require you to upload your entire address book to someone’s server. In fact, it doesn’t even allow that to not disclose your metadata. Instead, it goes back to the good old personal connections. You add your first contacts by meeting them face-to-face to establish maximum trust by scanning each others QR codes. Your communication is authenticated right from the start and you can always be sure who you are talking to.

screenshot_add_contactThose who can not meet in person can be introduced by a common friend. This way a web-of-trust is built naturally without needing to manually sign any keys. Others options to add contacts will be added later.

Briar never makes direct connections to your contacts. This would leak metadata. Instead, it runs a Tor Hidden Service on your phone and connects to your contact’s hidden services through the Tor network which anonymizes your connections. An outside observer can not say who is talking to who. They just see that you are making a connection into the Tor network, but that’s all. You could call Briar a Darknet Messenger if you are into this term.

But Briar even works without Internet by using Bluetooth or WiFi. When your contacts are near, Briar recognizes them and establishes a secure connection over which it transmits all messages. So even when the Brazilian government shuts down the mobile internet to inhibit protests during the Olympics, people can still communicate using Briar. It provides maximum defenses against censorship and blocking.

Pigeon

You can even exchange messages via SD cards.

Let me reiterate: With Briar, your data is not stored somewhere in the “cloud” one someone else’s computer, but only encrypted on your device. You choose with whom you share what data and nobody knows with whom you are sharing it with. Takedown orders can have no effect, because every user in a forum for example keeps a copy of its content, so there is no single point where a forum post can be deleted. Also, there can be no denial of service attacks, because Briar has no central server to attack, and everyone has access to all content even if offline.

diagram_secure

Briar’s goal is to “enable people in any country to create safe spaces where they can debate any topic, plan events, and organize social movements”. To do this, it needs to be much more than just a messenger and it is! Its architecture is quite generic and it allows for all sorts of other applications to be built on top of it. Messaging is just the first easy show-case application, but of course an important one.

When can I try it myself? Briar is not ready yet. Have a look at the roadmap and the wiki for documentation and ways to help us to get a public beta out faster. Of course, you can always compile the source code yourself if you are really curious. Otherwise, just spread the word a stay tuned for more!

 

Disclaimer: I am currently working part-time for Briar, so I might be biased on its awesomeness.

 

<script type="text/javascript"> (function () { var s = document.createElement('script'); var t = document.getElementsByTagName('script')[0]; s.type = 'text/javascript'; s.async = true; s.src = '/wp-content/libs/SocialSharePrivacy/scripts/jquery.socialshareprivacy.min.autoload.js'; t.parentNode.insertBefore(s, t); })(); </script>

FSFE summit: Why we extend the deadline (Now May 29)

English Planet – Dreierlei | 09:22, Friday, 13 May 2016

<figure class="wp-caption alignright" id="attachment_1334" style="width: 238px">(download large file)<figcaption class="wp-caption-text">(download large file) [1]</figcaption></figure>

tl;dr: The deadline of the Call for Participation for the first FSFE European summit is extended to May 29.

“It’s tough to make predictions, especially about the future.” (multiple sources [2]) And if you organize a large conference for the first time, you have to do a lot of tough predictions. How many people will attend? Who are the interested speakers? What is your community going to organize? A lot of questions whose answers sometimes depend on or influence each other. For example, if a lot of people attend, speakers get interested in talking. Or if the community organises interesting opportunities to share and learn, more people are likely to attend and so forth.

This leaves you with a hard time for fundraising. Because when you do your summit for the first time, you have nothing to show. The only thing you have is prediction but donors like to see numbers and names. That is why the QtCon-team decided for a short deadline in the first place. We needed to get some feedback to back our predictions.

Fortunately, we received hugh interest by the community and a number of very interesting submissions so far. This convinces us, that we are on a good way and that we will manage to raise enough funds for the project once the Agends is set. On the other hand, we received messages of people who like to submit a proposal but feel that the deadline is too short to prepare it properly.

Now that we feel strenghtened and backed by our community we like to give more people the chance to take part in the first FSFE European summit and decided to extend the deadline of our Call for Participation until May 29.

FSFEsummit 2016

Picture / Logo: http://polr.me/vfc – Hashtag: #FSFEsummit

[1] CC-BY-SA 2.0 by Erik Albers, based on CC-BY-SA 2.0 by Eva Rinaldi
[2] The origin seems to come from a Danish proverb and circulated from there.

Wednesday, 11 May 2016

Automated testing of algorithms

free software - Bits of Freedom | 18:03, Wednesday, 11 May 2016

Automated testing of algorithms

Some of the interesting work we do over at the Videorooter project is automated testing of algorithms. In short, we're ranking algorithms for visual matching of images and videos as per how well they perform. High accuracy and low number of false positives give a high mark. What's new is that we've connected this to the Github repositories, so when someone forks our code and changes it (potentially improving the algorithm), the automated tests are run.. well, automatically, and the performance of the new algorithm automatically included in our statistics.

Read more in my blogpost about testing algorithms over at the Videorooter project to learn more.

Monday, 09 May 2016

Call for Participation: FSFE European summit

English Planet – Dreierlei | 22:24, Monday, 09 May 2016

<figure class="wp-caption alignright" id="attachment_1319" style="width: 256px">Enlightening Europe<figcaption class="wp-caption-text">Enlightening Europe</figcaption></figure>Imagine a European Union that builds its IT infrastructure on Free Software. Imagine European Member States that exchange information in Open Standards and share their software. Imagine municipalities and city councils that benefit from decentralized and collaborative software under free licenses. Imagine no European is any longer forced to use non-Free Software.

This is the introduction of the Call for Participation of the first FSFE European Summit

Come and be part of an event where local activists gather to change Europe and its politics into using, creating and sharing free technology.

If you like to inspire, sent your submission until May 17

Save the date: September 2 – 4, 2016 – BCC Berlin, Germany
Hashtag: #FSFEsummit – Picture / Logo: http://polr.me/vfc

Sunday, 08 May 2016

One year ago…

Mario Fux | 08:10, Sunday, 08 May 2016

… I finally got my diploma for a study that took much longer than I first thought ;-) . But then with the knife at my throat (the old study model ran out and thus it was my last chance to finish) and great support of friends and family I found the time and energy to successfully finish and get my Master’s degree. The title of my diploma thesis was “Media Choice and the Media-Synchronicity-Theory – Development of an Instrument for the Study of selected Elements of MST for Free Software Communities” and here you find its English abstract:

This paper will analyse the media choice and media usage of Free Software communities and hence to draw conclusions for a more successful deployment of Computer-Supported Collaborative Learning (CSCL) in the area of education and school. After a history of ten years of CSCL in action, relevant failures and possible causes, we develop a questionnaire on the foundation of the Theory of Media Synchronicity from Dennis et al. (2008). The acertained data will be evaluated regarding the daily media usage on the one hand and the media choice in specific situations on the other hand. Additionally we are going to compare the data with the data of the study of Miller (2014) about "learning strategies and new media".
To validate the ideas of a more successful deployment of CSCL two concrete hypotheses will be established: 1. the characteristics in media usage und choice in Free Software communities and the preferred choice of asynchronous media when being longer within the community, and 2. the importance of email as communication media in these communities. The acertained data and its evaluation do not confirm the first hypothesis. But there are lots of results that confirm the second hypothesis.

Unfortunately this is the only English part of the diploma thesis besides the questionnaire. With this questionnaire I collected some data through a survey. Thanks everybody for participating in this survey and yesterday I finally informed the two lucky winners about their prices.

A paper that might be more interesting for you is the one about “KDE as an example of a Free Software community” from a social-educational perspective. In the appendix you find 9 longish IRC interviews with different people from the KDE community. There you might find some interesting insights and different perspectives.

PS: Oh and one of my sons has his birthday today so: Happy birthday little b.

flattr this!

Saturday, 07 May 2016

Pyra preorders

Elena ``of Valhalla'' | 12:30, Saturday, 07 May 2016

Pyra preorders

If you've met me at a conference you may have noticed that instead of a laptop I was using a handeld which looks like a laptop scaled down to nintendo DS size, the https://en.wikipedia.org/wiki/Openpandora.

I've used it as my main computing device while travelling for a few years, even for work (as a programmer)so happily that when EvilDragon announced at FOSDEM (link points to youtube video) https://www.youtube.com/watch?v=4T-w1KqrVsM that he was working on a successor device I started saving money for it even before I knew many details about the specs, other that they would have been way better than the Pandora ones (which is getting painful to use a browser on, because of its 256MB RAM).

Immagine/fotohttp://social.gl-como.it/photos/valhalla/image/5a9fdfadf33e40e9e3517b18ca7cba68

Now this successor device is almost ready, they have opened the preorders https://www.dragonbox.de/en/45-pyra, and they have already reached the absolute minimum number of orders for mass production and are almost there for a more reasonable number of 1000 devices, so if you want a chance to get one of the first batch devices now it's time to visit their store.

A few highlights, from my point of view, include:

* It will run Debian with just a custom kernel/bootloader (and a few configuration only packages): most of the kernel mods are being submitted upstream, so maybe one day there won't even be a need for this kernel (but e.g. with Pandora upstream didn't accept the custom way they managed the keyboard; on the Pyra the keyboard is managed in a more standard way, but there may be other similar issues).

* It has been designed with modularity in mind: the CPU board is socketed on the main board and in the future upgrades may require just replacing the CPU board. I haven't read the details on the actual licensing, but it seems that the hardware design will be open enough that 3rd party boards may also be a possibility.

* just like on Pandora: real keyboard. hardware analog volume wheel. Huge user-replaceable battery (I don't think that there are any independent reviews of the pyra battery yet, but the one on the Pandora is still able to go through a day of FOSDEM — i.e. alternating often between on with wifi and suspendend — and only go down to 50% or so charge). Stylus (and 3d-printed quill) friendly touchscreen. Long term support from the producer.

* The 4G version has been designed in such a way that the GSM modem can be actually turned off (just like on the https://neo900.org/)

There are of course a few bad parts:

* PowerVR. The good news is that there is a risk that no 3d drivers will be available at all, and this means that the Pyra has been tested and considered good enough with just (FOSS) software acceleration.

* The price: yes, it is expensive. I'm happy I've saved money in advance for it, otherwise I wouldn't have been able to afford it. Some of it is a problem of small production, some is actual product quality. If you consider that it can take the place of both a laptop (and small ones are getting quite expensive, now that netbooks have disappeared) and a smartphone (I don't do lots of voice calls) it will start going down from "oh so **** high" to "high, but not unreasonably so"

Disclaimer: I have preordered one, so I am interested in the success of the project because it will mean better software and better support for the device.

Edit: forgot the link to the press kit the images comes from http://cloud.openpandora.org/index.php/s/a0Q0TXV8gh5NLAC?path=%2F, which also includes more infos on specs etc.

Shaping a vision of the future

Blog – Think. Innovation. | 09:29, Saturday, 07 May 2016

I met Jesús Pérez, a friend of my wife, while on vacation on Tenerife. He invited to guide us on a trip on the island, driving up the 3000+ meters tall volcano El Teide. While enjoying the amazing Mars-like views up the mountains, we got talking about the things that really interest us.

Jesús is a sociologist, specializing in and writing about armed conflicts and security. He explained to me how he recently got more interested into the impact of high-tech on global civil developments. Reading about Tesla and its ambitious vision for global energy, he understood how developments like these are changing the landscape of geopolitical interests.

I continued about how I envisioned a future which I would like to see develop, with not just energy going from global to local distributed, but also manufacturing, construction and food growing. And how the Silicon Valley start-up/investment model is actually an outdated model limiting innovation, how the so-called next industrial revolution is actually something very different, the role of open source in this, what the Singularity folks believe and how a major prohibiter of new social structures is the current heritage of the global monetary system.

Then Jesús asked me: “Where can I find all this information?” I began listing some of the books and websites I read and follow, which helped me develop my ideas. But he interrupted me: “That is not what I mean, where can I find your story, these ideas, the things you are telling me now”?

I did not know how to answer that, and mumbled: “Nowhere, I guess. I mean, they are in my head. Maybe I could write more on my blog.” All the while thinking about this year-long idea of maybe writing a book… maybe developing a TED-like story to tell… maybe at least write more blog posts. But I had not.

So instead I promised him to at least provide a list of the books, events and documentaries which resonate(d) and from hindsight seem to have helped in shaping my beliefs of the world, a vision of a future society and the task I feel we have at hand in this lifetime.

Jesús, this blog post is for you, some resources you undoubtedly know, probably some not and hopefully some will be helpful for you, in somewhat chronological order (oldest to newest read/watched):

Probably I forgot to list a few important ones here and some of these made a larger impact than others, but here you go. It would be nice to make this into an annotated list, giving the take away points I got from each and how that influenced my life’s philosophy and motivations: the developing ‘why’ understanding of my life.

And as a bonus for Jesús, check this one about opsec for journalists, by Carlo and Kamphuis 😉

-Diderik

 

 

Wednesday, 04 May 2016

How to campaign for the cause of software freedom

FLOSS – Creative Destruction & Me | 15:03, Wednesday, 04 May 2016

FSFE-Workshop-11

Super secret conspiracy workshop.

Free Software communities produce tons of great software. This software drives innovation and enables everybody to access and use computers, whether or not they can afford new hardware or commercial software. So that’s that, the benefit to society is obvious. Everybody should just get behind it and support it. Right? Well, it is not that easy. Especially when it comes to principles of individual freedom or trade-offs between self-determination and convenience, it is difficult to communicate the message in a way that it reaches and activates a wider audience. How can we explain the difference between Free Software and services available at no cost (except them spying at you) best? Campaigning for software freedom is not easy. However, it is part of the Free Software Foundation Europe’s mission. The FSFE teamed up with Peng! Collective to learn how to run influential campaigns to promote the cause of Free Software. The Peng Collective is a Berlin based group of activists who are known for their successful and quite subversive campaigns for political causes. And Endocode? Endocode is a sponsor of the Free Software Foundation Europe. We are a sponsor because free software is essential to us, both as a company and as members of society. And so here we are. 

There are some exciting, courageous and engaging campaigns that focus on communicating complex political goals. The escape helpers campaign leaves the audience conflicted between the two choices of being a good human rights activists (driven by ideals and demonstrating solidarity with refugees) and being a good citizen (by abiding the law). Great, because the message is to re-think what is legal against what is right.The #slamshell performance emotionally demonstrated the risks associated with oil drilling that are normally regarded as marginal.

These campaigns translate abstract, distant risks or worries into concrete, tangible calls to action. By being provocative, they break the mold and reach a wide audience online and through traditional media. They are “cat content for social change”, as our tutors put it. Campaigners are being urged to stop preaching or complaining, and to start using positive communication combined with subversive PR work instead. Such messaging needs punchlines, which requires some kind of hyperbole – dadaism, hijacking attention, or provocation.

Campaign development is still a pretty down to earth task. Through fact finding research and the analysis of campaign goals, supporting allies and potential opponents, answers to the four essential questions are being narrowed down: What is the change that we want to achieve? How can this change be brought about? Who can make that change we want to see? And who has power over the involved people or groups? Setting campaign goals is often a compromise between achieving big changes locally or small changes “globally”. It helps to envision the impact of the campaign through utopia/dystopia brainstorms: What would a world look like where all campaign goals have been achieved perfectly? What would it look like if everything went horribly wrong? These kind of mental exercises also help to explain the relevance of the campaign goals and show how the intended change can affect people’s lives. The goals may be perfectly obvious to those passionate about them already, but not to outsiders – a common problem regarding the ethics and ideals of Free Software.

Implementing a campaign involves many standard, by the book project management tasks. The individual publicity stunts and activities are the actions that form the campaign timeline. A dilemma specific to the FSFE is that the relevant and influential media – social networks especially – are the kind of centralized proprietary platforms against which we are advocating. However, we learned that it may be possible to play this situation to our advantage :-) Since the FSFE’s goals require some heavy lifting of Free Software lobbying, the campaign timeline extends far into the future. We found ourselves thinking about what to present at conferences a year or more into the future. Finalizing the campaign plan involves answering the “classical” question of what time, material and talent is required to perform the tasks, and to put them into a timeline. Often this includes outside help for extra manpower or professional expertise. Noticeably, those with technical backgrounds tend to haste towards a release, underestimating the lead time required to get there, and the duration of the campaign. This tendency works almost, but not quite, entirely unlike in software projects. Securing and confirming the support of allies and protagonists also takes time.

The planned actions need to be reviewed with a focus group that resembles or at least understands the target audience. This review should  confirm that the message conveyed is in fact understandable and makes sense. It is not possible to get a clear answer on whether or not a campaign project needs an ultimate decision maker. The answer depends too much on the composition of the campaign team and the timeline of the project. The necessary communication infrastructure is pretty straightforward – tasks boards, and instead and asynchronous messaging. Most Free Software groups use those anyway.

After two and a half days of workshop, all 15 participants ended up rather tired. However we had plenty of fun and learned a lot. Surprisingly, the group came up with a good amount of real, usable ideas for activities. Be very afraid :-) The guidance and mentoring by the experienced campaigners from Peng! Collective helped tremendously. Of course the workshop was merely an exercise in how to develop and run a campaign for software freedom. The bulk of the work is now ahead of us. But we are off to a good start. We are curious where this road will take us.

 


Filed under: CreativeDestruction, English, FLOSS, KDE, Linux, OSS Tagged: Creative Destruction, FLOSS, free software communities, free software foundation europe, freie software, FSFE, Linux

Sunday, 24 April 2016

LinuxWochen, MiniDebConf Vienna and Linux Presentation Day

DanielPocock.com - fsfe | 06:23, Sunday, 24 April 2016

Over the coming week, there are a vast number of free software events taking place around the world.

I'll be at the LinuxWochen Vienna and MiniDebConf Vienna, the events run over four days from Thursday, 28 April to Sunday, 1 May.

At MiniDebConf Vienna, I'll be giving a talk on Saturday (schedule not finalized yet) about our progress with free Real-Time Communications (RTC) and welcoming 13 new GSoC students (and their mentors) working on this topic under the Debian umbrella.

On Sunday, Iain Learmonth and I will be collaborating on a workshop/demonstration on Software Defined Radio from the perspective of ham radio and the Debian Ham Radio Pure Blend. If you want to be an active participant, an easy way to get involved is to bring an RTL-SDR dongle. It is highly recommended that instead of buying any cheap generic dongle, you buy one with a high quality temperature compensated crystal oscillator (TXCO), such as those promoted by RTL-SDR.com.

Saturday, 30 April is also Linux Presentation Day in many places. There is an event in Switzerland organized by the local local FSFE group in Basel.

DebConf16 is only a couple of months away now, Registration is still open and the team are keenly looking for additional sponsors. Sponsors are a vital part of such a large event, if your employer or any other organization you know benefits from Debian, please encourage them to contribute.

Monday, 18 April 2016

On our backend work

fsfe - Bits of Freedom | 10:00, Monday, 18 April 2016

On our backend work

Every half year (starting from the beginning of 2016, so it's fairly recent), we set organisational goals for our staff. These are usually focused on internal structures and procedures which need to be improved in order to make it easier for our volunteers to do the work they do on the local level.

In my mail to our web discussion list a while ago, I hinted at some changes we've done to the backend of our work, and I want to elaborate a little bit more on this.

About a month ago, I introduced a new ticket system built on OTRS, which we've now started to make use of, at first for processes which only include staff, but which will eventually expand to touch upon other areas of our work too. The areas where we've implemented this ticket system is for merchandise order and internship applications.

To give some background, both of these areas previously depended on mail exchanges. Internship applications, as an example, went to a mailing list on which all staff were subscribed. People would read and comment (occasionally) and one of us would eventually get back to the applicant. We frequently lost track of applications, it was difficult to get an overview, and there were no follow-ups from our side to ensure all applications got a reply.

We've now put all internship applications into a specific Queue in our ticket system, and all incoming applications are automatically added there. When an application is added to the ticket system, a confirmation mail is automatically being sent to the applicant letting them know it has been received.

We also manage all communication with the applicant through the ticket system, so everyone from the staff can see who is working on each application (mostly me), and specific tasks can be delegated easily without losing track of anything in the process. This may not sound like much, but it's already been an excellent help to make sure we don't miss anything.

For our merchandise orders, this is now managed similarly. Orders which come in get an automatic confirmation from the ticket system that their order has been received. When there's a payment, there's also an automatic confirmation, and we can follow up easily on orders which are not getting paid. We can also manage the communication with the persons ordering in a way which is accessible to everyone in our office, so when someone goes on vacation, someone else can easily fill in and follow up on questions or ship merchandise.

Moving forward, I would want to implement more of our processes in this ticket system to make our internal work more coherent, and what I really like personally about having done this work so far is it will now be very easy to allow anyone in the FSFE: a volunteer or Fellow, to also access information in the ticket system which is useful for them. We haven't implemented any processes in the ticket system which include volunteers yet, but I can see us doing so for a lot of work around events and booths.

Saturday, 16 April 2016

Installing Wallabag 2 on a Shared Web Hosting Service

English – Björn Schießle's Weblog | 21:41, Saturday, 16 April 2016

Wallabag 2.0.1

Wallabag describes itself as a self hostable application for saving web pages. I’m using Wallabag already for quite some time and I really enjoy it to store my bookmarks, organize them by tags and access them through many different clients like the web app, the official Android app or the Firefox plug-in.

Yesterday I updated by Wallabag installation to version 2.0.1. The basic installation was quite easy by following the documentation. I had only one problem. I run Wallabag on a shared hoster, so I couldn’t adjust the Apache configuration to redirect the requests to the right sub-directory, as described by the documentation. I solved the problem with a small .htaccess file I added to the root folder:

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^links\.schiessle\.org$ [NC]
    RewriteRule !^web/ /web%{REQUEST_URI} [L,NC]
</IfModule>

I also noticed that Wallabag has a “register” button which allows people to create a new account. There already exists a feature request to add a option to disable it. Because I don’t want to allow random people to register a account on my Wallabag installation I disabled it by adding following additional lines to the .htaccess file:

<FilesMatch ".*register$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

Talk about Instant Messaging with XMPP

Norbert Tretkowski | 05:00, Saturday, 16 April 2016

Last week I gave a talk about Instant Messaging with XMPP at our local Linux User Group regulars table, mostly focusing on XMPP as an alternative for WhatsApp, Threema, Hangouts, Signal and other smartphone messengers. In 2007 I already gave a similar talk, but at that time I focused on XMPP as an alternative for ICQ, AIM, MSN and other desktop messengers.

Friday, 15 April 2016

TLS is a yes

English―mina86.com | 20:11, Friday, 15 April 2016

Let’s Encrypt has left beta and to celebrate, this blog gained TLS support. \o/ If all goes well it’ll become the default including an HSTS header so everyone can benefit from improved privacy¹.

If you want to give it a try before it becomes cool, feel free to direct your browser to https://mina86.com.

If you’re unfamiliar with Let’s Encrypt, it’s a certificate authority which provides free TLS certificates. It uses automated process to verify whether certificate’s requestor controls the domain certificate is for and takes literally seconds to complete.

Its sponsors include Mozilla and Google which means that Let’s Encrypt’s certificate is included in those browsers as well as many other software packages and operating systems.

With nearly zero cost for getting a widely accepted certificate, another obstacle for encrypted web is crumbling. And not a moment too soon since aforementioned Mozilla and Chrome duo plan to ‘deprecate’ plain HTTP.

If you’re running your own server there’s no excuse not to use TLS and if you’re hosting provider doesn’t support it, complain and do it loudly.

¹ Especially paranoid readers surely noticed the site uses third-party widgets but those same readers are expected to know how to install uBlock Origin.

Updating the FSFE's self conception

fsfe - Bits of Freedom | 10:00, Friday, 15 April 2016

Updating the FSFE's self conception

A while ago, I wrote on the FSFE's web mailing list a review I'm currently making of our web pages, and in particular our section which explain the organisation (About). One of the documents in this hierarchy, which I believe is critical to update, is our "Self Conception".

In principle, the document is good, but in several parts, the document hasn't been updated with the work distribution and authority of the various organs and thus is not consistent with neither current practice or authority. Most importantly, it pre-dates the Fellowship, and the position of Executive Director. While the document has seen some smaller updates over the years to at least mention Fellows, it's largely been unchanged since the 2004 version.

When I read through the document, I identified two two critical bugs:

  • it said employees are not part of the decision-making process,
  • it defined employment as a decision of the members.

Neither of this is true: decision making involve anyone who care to participate within one of our teams, regardless of if they're employees, volunteers, Fellows or part of our members. And as for employment, the only employment decided on by the General Assembly is that of the Executive Director.

I've now committed a new revision of the self conception with some limited updates, that bring the self conception closer in line with the actual structure (it's not perfectly aligned, nor will it be for some time). When discussing this in the core team (which include our members), comments I received were largely in favor of the changes with just some proposal of removing the document completely, which seems like it would've been a drastic measure to take.

There's a lot of work that's still needed to be done in cleaning up information about the organisation, as well as many formal documents which we'll eventually need to update (our constitution is not exempt from this; it still contains clauses that define national associations, which we don't have any in practice, as just one example).

Watch this space for more to come! :-)

Thursday, 14 April 2016

A vocabulary for media fingerprint algorithms

free software - Bits of Freedom | 05:40, Thursday, 14 April 2016

A vocabulary for media fingerprint algorithms

Also posted on Videorooter

When we begun work on Videorooter, we felt that one of the most difficult tasks ahead of us would be to find algorithms suitable for our use. While there are definitely not so many algorithms for videos, there’s definitely a fair share of algorithms for images and sound (and remember, a video is essentially a sequence of images with sound). In one way, having many algorithms is good. The algorithm you decide on for a particular project depend on your application: algorithms have different strengths and weaknesses.

On the other hand, if I give you the fingerprint f81bf91ffb803400e07f0c7d049f058706013e033fe33fe11f600e618ea30def without any other information, you’d be hard pressed to know what to do with it, and how to compare this against any other fingerprints you have which may or may not have been generated with the same algorithm. Even if I wanted to convey to you that this fingerprint is a 256 bit blockhash, I don’t really have a language to do so which can be interpreted unequivocally by a computer. I can’t just say “it’s a 256 bit blockhash” and expect a computer to understand that this is the same as if I say “blockhash (256 bits)”.

We need a vocabulary for fingerprint algorithms. Something which can be used in computer to computer interaction and convey with no uncertainty which algorithm we’re talking about when we’re communicating a fingerprint.

To this end, we’ve started putting this in practice over at the Videorooter github, establishing a list of known algorithms, giving them unique identifiers and outlining what we consider important for an algorithm to have. Essentially:

  • We assign an algorithm a URN (actually a namespace identifier, and in most cases an experimental or informal one, unless there’s a draft or published URN for an algorithm)
  • We describe which media types this specific algorithm is intended for
  • We record the URL of the specification document, and two links to reference implementations

The namespace specific string in the URN, which would follow after the namespace identifier, depend on the algorithm implementation. But at least, having this specified would allow us to give the fingerprint urn:x-bhvideo-phash:f81bf91ffb803400e07f0c7d049f058706013e033fe33fe11f600e618ea30def and there would be little uncertainty as to how that fingerprint should be interpreted. You could just look it up in the table, and you’d even have links to reference implementations!

Course “On the Road to the Free Digital Society” is available in Moodle and IMS Common Cartridge formats now

Vitaly Repin. Software engineer's blog | 04:44, Thursday, 14 April 2016

If you are interested in launching your own instance of the Stallman’s course “On the Road to the Free Digital Society”, I have good news for you. I have published the course in Moodle Backup and IMS Common Cartridge formats.

The files are available in the “Download” section of the course website.

I will be happy to hear your feedback about the course!

Don’t forget that we need your help in several areas:

Check “Support” section of the course website for the details.

Original blog post

 

Monday, 11 April 2016

Structures and membership

fsfe - Bits of Freedom | 10:00, Monday, 11 April 2016

Structures and membership

In January, I elaborated on the structure of the FSFE, owing to a request from our members to work out a plan for making the FSFE more inclusive and transparent. Since then, we've taken some actions towards this, including making a transparency commitment which is consistent with the guidelines from Transparency International Germany. We wait for a final approval from them, but our understanding is that everything is now fine (aside from a logo we needed to add, which we added last week).

We still have other work to do, but before this, allow me to recapture parts of the dialogue leading up to this point. At the FSFE General Assembly in 2015, we had an intensive discussion about the structure of the organisation which lead to Matthias, myself, Erik Albers and our fellowship representative Nicholas Dietrich, working out a proposal for changing the structure of the FSFE.

What we proposed then were to increase the number of members of the association, making it easier for active members of our community to become formal members as well as setting up a separate Board of Directors.

From the feedback we received from our current members, we developed an understanding that what is critically missing is perhaps not only ways for people to become formal members, but a clarity of how people can already become members today, something which we admittedly have not been good at communicating.

It's also been difficult to see what teams exist in the FSFE, what agency the participants have to act within those teams, and how to get involved in the work of the teams.

We've started working on both of these topics, but not completed it yet. Our transparency commitment is part of this work, as it gives details about our constitution which elaborates on how to become a member.

This needs to be extended on by more information about membership, such as how the membership applications are evaluated and how to determine whether becoming a member is the right step for someone. The latter is tricky to formulate: we do not wish to exclude anyone from applying to be a member if they have an interest in shouldering such responsibility.

At the same time, I want to make it clear formal membership in the FSFE depend on a deep commitment to Free Software. This is what Matthias and I have come up with so far as to what we feel makes a member of the FSFE:

"A member is someone who is strongly committed to Free Software and feels strongly connected with FSFE. (S)he has the long term goal to empower people to control technology, and can prove this with past activities. The person wants to take responsibilities over the decades to come to make sure FSFE's work will benefit Free Software and participate in the long term strategic decision making. If someone applies we prefer the person met other members before, so we can better assess the persons motives."

Our Fellows and volunteers support us in our day to day work, financially, through volunteer work or both. Their work, as well as the work of our staff, is made possible by the commitment of the members to secure the organisations' long term goals. Being a member is a responsibility, but an important one.

In the next months, I want to:

  • Improve further on the public information on our web pages and elsewhere about the structure of the FSFE, and how membership works,
  • Create a better overview for anyone as to what teams there are in the FSFE, what they work on, and where someone can engage.

Expect more on this in the months to follow.

Friday, 08 April 2016

Urgent - Help until 10 April to influence how 750 millions will be spent

Matthias Kirschner's Web log - fsfe | 02:30, Friday, 08 April 2016

We were notified of a very interesting consultation by the European Commission. The European Commission is about to allocate 750 million Euro over the next years on the "future internet", but the really important subjects (like: everything we learned from Edward Snowden) are not on their radar - yet.

However, if we bundle our efforts that is something that is definitely within reach. At the moment we are told there are only a couple of dozens of submissions from mostly the usual suspects, so your response would (at least on paper) count for influencing a few million Euro of this budget. It really makes a difference if you submit something, even if it is really short.

Power Infrastructure

For more background you can check out Michiel Leenaars' blog post.

What do you have to do?

Submit your ideas by Sunday 10 April on the European Commission's website.

Do not get distracted by the subtext of the questions. For the first question there is no problem to just answer something like:

"The internet is very broken at the architecture level, which lies at the basis of mass surveillance and the current security and privacy problems. A significant investment from Europe in better standards and Free Software implementing those standards is needed to fix that."

The second question is more tricky, but just add some quick notes, either your positive vision or your negative one how it will look like if certain things are not fixed. Possibly repeat the importance of the issues in the previous question being addressed as a prerequisite for any improvements of the security crisis between now and then.

The third and fourth question are the important ones, here you can submit your ideas. You can start your submission by flagging that the top priority is to repair the fundamental design issues of the core of the internet in the post-Snowden era. Possibly add that new funding strategies are needed which are more agile and responsive to grass roots improvements than the large consortia used in other EC projects, in order to better profit from the deep expertise and strong motivation of the Free Software movement and the technical internet community.

Additionally I suggest to upload papers, articles, with former project proposals, analysis of problems, etc. you wrote as additional files and submit them.

Do not hesitate to forward this information to other people and groups who might have good ideas how to improve the internet of tomorrow.

Thursday, 07 April 2016

Public schools making MS Office mandatory

Being Fellow #952 of FSFE » English | 11:10, Thursday, 07 April 2016

There was an extensive debate on the German discussion list which addressed a lot of aspects that may be relevant to other European countries. I wanted to provide a summary to encourage exchange of information and experiences across borders.

The trigger was a letter that a school kid brought home, informing the parents that a Windows 10 device with MS Office 2013/2016 will be made mandatory to participate in class.

As outrageous this sounds for Free Software supporters, I fear that this is getting common practice throughout Europe and that most parents accept it with a shrug. I’ll be happy for any feedback dispelling or confirming this fear.

Is there a template letter to complain about it?

The original poster asked if there was template letter for such cases that he could use to inform the school that this practice is not what he expects from a public body.

Wouldn’t it be nice to have such a template or maybe even a booklet of templates? As English is most commonly understood in Europe, it would be best to start with an English version and move on with translations into other languages. In fact, creating a section with sample letters has been on our wish list for years already! Feel free to plunge in!

There are currently two versions of the draft: one and two, both German. (By the way: the FSFE maintains a public Etherpad you can use for such cases.)

As the last post in the discussion so far, Max shared some brief findings from the European Free Software Policy Meeting in Brussels, that it is difficult to “convince” in a letter. It is important not to exaggerate and point out the benefits of the recipient.

Advocating Free Software or demand our rights?

It was discussed whether the focus of the letter should be to convince the school that Free Software is a great thing or rather that they are obliged to leave the minority the right to keep using the systems of their choice.

Some may argue that the majority is using Windows anyway and simply won’t care. Does that entitle a public school to force those who do care to give up their freedom and privacy?

Are we in such a weak position that we have to beg the institutions to let us use Free Software or is there any legal ground where we can claim the right to do so?

Use your right to participate!

Either way, we should make our voice heard more often. During the course of the discussion, Michael encouraged parents to use their right to participate in decision making processes in their kids’ schools.
This process is highly regulated in Germany and what parents can actually do is limited but still, they do have a say on school matters. How is this done elsewhere in Europe?

Is this practice even legal?

Public schools force their students/pupils to use a certain operating system with known backdoors, with a certain office suite using a certain cloud software and various kinds of privacy issues, e.g.: storing personal data in a different jurisdiction.

Is this practice legal? The answer seems to vary depending on which federal state in Germany you look at. How is it in your area? Do you know any rules or laws that would prohibit this kind of practice?

A while back in Switzerland, an expert group recommended to use Free Software after analysing Microsoft’s offer called live@edu back then due to privacy and lock-in concerns. Data protection law would prohibit the data collection mentioned in the proposed contract.

Proposed analogies

To make the problem more transparent to the recipient of the letter, it was proposed to ask: “What would you say if a teacher forced the kids to come to the gym with a special model of sneakers?”

It was mentioned that a similar practice is accepted, and even the default, when it comes to school books. The schools decide what books will be used in class. Why should it be any different with Software?

“The Chains of Habit Are Too Light To Be Felt Until They Are Too Heavy To Be Broken.”

Source unknown, sometimes used by Warren Buffet

I am grateful to Bernd who pointed out that these analogies are missing a crucial aspect. What shoes I wear will not change the way I run and I’ll be as fast with a similar pair of shoes as with the ones I was asked to buy for class. A certain schoolbook will not change the way I read nor change my ability to read or understand complex texts in other books.

Software is fundamentally different. Using a certain software program defines a certain work flow and way of thinking. Learning a certain work flow and get effective with it takes time and effort (with any software). Almost nobody has the motivation or resources to constantly change the way to get a routine task done, especially not if one is already comfortable with one. Just ask a vim user to use emacs!

The program I use to do my homework will probably be the same I write my first job applications with. And the file format will most likely be the same as well as the place where I save them “in the cloud”. Forcing pupils to use proprietary software, will push them into the lock-in trap.

Equality of opportunity

or the widening “Rich-Poor Achievement Gap” may be another argument against such practices. What burden may it be for a poor family to purchase a computer that meets the requirements of Windows 10? They have to buy that computer. There is no way around it. So, they will have to relinquish something else like healthy food or family time as they have to spend more time at work.

Bad publicity or positive campaigning

One thesis in the discussion was that only bad publicity will make the school at hand reconsider their practice. FSFE usually tries to follow a different approach. That doesn’t mean we’d ignore bad news and don’t deal with them. The question is: What will make people change their view? I think it is much more sustainable if the people grasp the idea and benefits of Free Software instead of just “being forced to allow it”.

Point out the learning aspect of using Free Software

Geza suggested to mention the pedagogical angle as well. Free Software offers diversity, allows to experiment and try out various alternatives (different editors, programming languages, desktop environments) and thus leads to a competent self determined and responsible handling of the opportunities available.

Part of the problem is that teachers usually don’t know anything else than MS products themselves as they’ve been in the same creature-of-habit cycle as they are about to push their students.

Sample lesson with OneNote

Bernd pointed us to a tutorial video how OneNote can be used in class and had to admit that it looks pretty impressive and that there is probably no Free Software alternative which would allow a similar work flow.

Bernd is missing an easy to use alternative. Without these alternatives, it is difficult to object (object in the sense of “successfully convince others”).

To create a video that starts a thinking process has been on our ToDo list for a while.

Wanted: Show case of Free Software solutions that are actually being used

It was mentioned that with a list of programs, the same thing could be achieved, but it is highly questionable if this zoo of different applications will ever be used in class.

It is clear that a lot of good stuff can be done with Free Software, but we need to show to the interested audience that it is practical as well. We need you! Do you know somebody using Free Software in class that is willing to create a presentation? Do you know presentations that have been given before and were recorded (preferably under a free licence)?

Are you aware of any educational institution that teaches on/about Free Software?

Going-to-be teachers need to see what is possible with Free Software. It needs to be proven that Free Software can deliver exactly what they need.

Not necessarily what they think they need. It’s not my goal to mimic OneNote or other proprietary products. At the end, the work flow in the tutorial wasn’t that smooth either.
DG said: “Pupils may not be nerds but shouldn’t be the school the place to learn how to use digital tools creatively without having a company make a product out of one particular use case? Until this isn’t done in school – teaching how to use digital tools meaningfully and creatively – the perception that Free Software is only for nerds will stick.”

I’ll advertise this summary on the English mailing list. Please join the discussion there or drop me a note if you have anything to contribute. Thanks!

flattr this!

Planet Fellowship (en): RSS 2.0 | Atom | FOAF |

  /127.0.0.?  /var/log/fsfe/flx » planet-en  Albrechts Blog  Alessandro at FSFE » English  Alessandro's blog  Alina Mierlus - Building the Freedom » English  André on Free Software » English  Being Fellow #952 of FSFE » English  Bela's Internship Blog  Bernhard's Blog  Bits from the Basement  Blog of Martin Husovec  Blog » English  Blog – Think. Innovation.  Bobulate  Brian Gough's Notes  Carlo Piana :: Law is Freedom ::  Ciarán's free software notes  Colors of Noise - Entries tagged planetfsfe  Communicating freely  Computer Floss  Daniel Martí's blog  DanielPocock.com - fsfe  Don't Panic » English Planet  ENOWITTYNAME  Elena ``of Valhalla''  English Planet – Dreierlei  English – Björn Schießle's Weblog  English – Max's weblog  English―mina86.com  Escape to freedom  FLOSS – Creative Destruction & Me  FSFE Fellowship Vienna » English  FSFE interviews its Fellows  Fellowship News  Florian Snows Blog » en  Frederik Gladhorn (fregl) » FSFE  Free Software & Digital Rights Noosphere  Free Software with a Female touch  Free Software –  Free Software – hesa's Weblog  Free as LIBRE  Free speech is better than free beer » English  Free, Easy and Others  From Out There  GLOG » Free Software  Graeme's notes » Page not found  Green Eggs and Ham  Handhelds, Linux and Heroes  Heiki "Repentinus" Ojasild » English  HennR's FSFE blog  Henri Bergius  Hook’s Humble Homepage  Hugo - FSFE planet  Inductive Bias  Jelle Hermsen » English  Jens Lechtenbörger » English  Karsten on Free Software  Losca  Marcus's Blog  Mario Fux  Mark P. Lindhout’s Flamepit  Martin's notes - English  Matej's blog » FSFE  Matthias Kirschner's Web log - fsfe  Myriam's blog  Mäh?  Nice blog  Nico Rikken » fsfe  Nicolas Jean's FSFE blog » English  Norbert Tretkowski  PB's blog » en  Paul Boddie's Free Software-related blog » English  Pressreview  Rekado  Riccardo (ruphy) Iaconelli - blog  Saint's Log  Seravo  Technology – Intuitionistically Uncertain  The Girl Who Wasn't There » English  The trunk  Thib's Fellowship Blog » fsfe  Thinking out loud » English  Thomas Koch - free software  Thomas Løcke Being Incoherent  Told to blog - Entries tagged fsfe  Tonnerre Lombard  Torsten's FSFE blog » english  Viktor's notes » English  Vitaly Repin. Software engineer's blog  Weblog  Weblog  Weblog  Weblog  Weblog  Weblog  Werner's own blurbs  With/in the FSFE » English  a fellowship ahead  agger's Free Software blog  anna.morris's blog  ayers's blog  bb's blog  blog  drdanzs blog » freesoftware  emergency exit  free software - Bits of Freedom  free software blog  freedom bits  fsfe - Bits of Freedom  gollo's blog » English  irl:/dev/blog » fsfe-planet  julia.e.klein's blog  marc0s on Free Software  mkesper's blog » English  nikos.roussos - opensource  pichel's blog  rieper|blog » en  softmetz' anglophone Free Software blog  stargrave's blog  the_unconventional's blog » English  things i made  tobias_platen's blog  tolld's blog  wkossen's blog  yahuxo's blog