Planet Fellowship (en)

Friday, 27 May 2016

Thank you for FOSS North 2016!

free software - Bits of Freedom | 14:16, Friday, 27 May 2016

Thank you for FOSS North 2016!

This week, I've had the pleasure of being in Gothenburg for the first annual FOSS North 2016 conference. Johan Thelin, who was one of the main organisers, was already speaking about a repeat performance next year which I'm very much looking forward to.

The event was visited by just over 100 people most of which came from the area and worked with or had a strong personal interest in free and open source software. My principal contribution of the day was a talk in the afternoon about the state of free software in Europe (and elsewhere), which I will post more about on Monday.

Other speakers included FSFE's vice president Alessandro Rubini who held a very appreciated talk about time and FSFE's fellowship representative Mirko Boehm who spoke about OIN. Anders Arnholm spoke about software craftmanship, we got a peek at the new logo and roadmap of the curl project from Daniel Stenberg and Alexandra Leisse spoke about the user experience of complexity. The day was filled with interesting topics and discussions which continued into the evening.

For myself, I also got a chance to for the first time in many years put up an FSFE booth at the conference, which led to a number of interesting connections and discussions with the participants and at times the FSFE table also became the gathering point for most of the participating Fellows and volunteers during the breaks. I should give a special thanks to Sebastian Hörberg who helped keep an eye on things.

From a booth participation point of view, it was also the first time I traveled with a "light" booth setup with limited merchandise and information material. In fact, aside from some pins and keychains, the only real swags I brought with me were our NoCloud t-shirts in two colors.

I also used an exhibition stand which fold into an (oversized) case which made transport extremely convenient: in one single case I carried all swag, material for the booth, a roll-up and the exhibition stand itself. And there was plenty of room to spare! It's definitely something I will do again, and I can see the FSFE participating in more events in Sweden in the future (and elsewhere; I can easily take it on a flight).

Here are a few photos of the booth setup. In the last one you can imagine how the curved surface on the outside (if you take away the FSFE banner) is actually hiding the storage case itself. You just take away the top, remove the banner, and then fold it together.

Thank you for FOSS North 2016! Thank you for FOSS North 2016! Thank you for FOSS North 2016! Thank you for FOSS North 2016!

Running a Hackerspace

nikos.roussos - opensource | 03:51, Friday, 27 May 2016

I wrote parts of this post after our last monthly assembly at Athens Hackerspace. Most of the hackerspace operators are dealing with this monthly meeting routinely and we often forget what we have achieved during the last 5 years and how many great things this physical space enabled to happen. But this post is not about our hackerspace. It's an effort to distant myself and try to write about the experience of running a hackerspace.

workbench

Yes, it's a community

The kind of people a space attracts is the kind of people it "wants" to attract. That sounds kind of odd right? How a physical space can want anything? At some point (the sooner the better) the people planning to open and run a hackerspace should realize that they shape the form of the community to occupy and utilize the space. They are already a community before even they start paying the rent. But a community is not a random group of people that just happen to be in the same place. They are driven by the same vision, common goals, similar means, etc. Physical spaces don't have a vision. A community does. And that's a common struggle and misconception that I came across so many times. You can't build a hackerspace with a random group of people. You need to build a community first. And to do so you need to define that common vision beforehand. We did that. Our community is not just the space operators. It's everyone who embraces our vision and occupies the space.


Yes, it's political

There is a guilt behind every attempt to go political. Beyond the dominant apolitic newspeak that surrounds us and the attempt to find affiliations in anything political, there is still space to define yourself. It's not necessarily disruptive. After all it's just a drop in the ocean. But this drop is an autonomous zone where a collective group deliberately constructs a continuous situation where we challenge the status quo. Being not for profit is political. Choosing to change the world one bit at a time, instead of running another seed round, is political. Going open source and re-shaping the way we code, we manufacture, we share, we produce and in the end the way we build our own means of production, is political. Don't hurry to label it. Let it be for now. But it's a choice. Many spaces have chosen otherwise, operating as tech shops or as event hosts for marketing presentations around new commercial technologies and products, or even running as for-profit companies, declaring no political intention. These choices are also political. Acceptance comes after denial.


Rules vs Principles

You'll be tempted to define many ground rules on how you want things to operate. Well, I have two pieces of advice. Never establish a rule for a problem that has not yet emerged. You'll create bigger frictions than whatever problem you are trying to solve. Always prefer principles over rules. You don't need to over-specify things. Given the trust between the people of a hackerspace there is always common sense on how a principle applies.


Consensus vs Voting

All hackerspaces should have an assembly of some form to make decisions. Try to reach consensus, through discussion and arguments. There will be cases where a controversial matter can be hard to have an unanimous decision. Objections should be backed with arguments, otherwise they should be disregarded. Voting should always be the last resort. Remember, the prospect of a voting at the end of a discussion kills many good arguments in the process. Consensus doesn't mean unanimity.


Do-ocracy

Some call it lazy consensus. If you have an idea for a project you don't need permission. Don't wait for someone else to organize things for you. Just reach out to the people you want and are interested in your idea and start hacking.


Code of conduct

You'll find many approaches here. We decided to keep it simple and most importantly to stick on a positive language. Describe what's an accepted behavior inside your community, instead of stating all behaviors you find wrong (you'll miss something). Emphasize excellence over Wheaton's Law. "Be polite to everyone. Respect all people that you meet at the space, as well as the space itself.", is what we wrote on our frontpage. It may not be stated explicitly, but any form of discrimination is not an accepted behavior. Being excellent to everyone means that you accept the fact that all people are equal. Regardless of nationality (whatever that means) or sexual orientation, you should be polite to all people.


Hackability

This is my favorite word when it comes to hackerspaces. I'm sure most people reading this are familiar with Free Software and its four freedom definition. Let me remind you one of the freedoms:

The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.

Something that usually escapes the attention of many people is that the availability of source code is not the important thing here. The important thing is the the freedom to study and change. Source code availability is a prerequisite to achieve that freedom.

Same happens with hackability. Remember the Hackerspace definition as it stands on the Hackerspaces.org wiki:

Hackerspaces are community-operated physical places, where people share their interest in tinkering with technology, meet and work on their projects, and learn from each other.

So again the important thing here is that you tikner/hack things. Many people have misinterpret this into thinking that since there is no mention of Open Source or Free Software in that definition then these things are not important. Again, these are the requirements. In order to hack something, you should be granted the freedom to study and change it. Access to the source code is a prerequisite for this. For those who prefer graphical representations:

hackability

Mind the "principles" next to Free Software, since we are not just talking about software here. This also applies to hardware (hack beaglebones, not makey makey), data (hack OpenStreetMap, not Google Maps), content (hack Wikipedia, not Facebook) and of course software again (teach Inkscape, not Illustrator).

Sharing your knowledge around a specific technology or tool freely is not enough. Actually this notion is often used and more often abused to justify teaching things that nobody can hack. You are a hackerspace, act like one. All the things taking place in a hackerspace, from the tiniest piece of code to the most emblematic piece of art, should by definition and by default be hackable.


Remember, do-ocracy

I hope it's obvious after this post that building and running a hackerspace is a collective effort. Find the people who share the same vision as you and build a hackerspace. Don't wait for someone else to do it. Or if you are a lucky, join an existing one that already runs by that vision. It's not that hard. After all, the only thing we want to do is change the world. How hard can it be?


Comments and reactions on Diaspora or Twitter

Thursday, 26 May 2016

Road Ahead

English – Björn Schießle's Weblog | 08:02, Thursday, 26 May 2016

Road ahead

CC BY 2.0 by Nicholas A. Tonelli

I just realized that at June, 1 it is exactly four years since I joined ownCloud Inc. That’s a perfect opportunity to look back and to tell you about some upcoming changes. I will never forget how all this get started. It was FOSDEM 2012 when I met Frank, we already knew each other from various Free Software activities. I told him that I was looking for new job opportunities and he told me about ownCloud Inc. The new company around the ownCloud initiative which he just started together with the help of others. I was directly sold to the idea of ownCloud and a few months later I was employee number six at ownCloud Inc.

This was a huge step for me. Before joining ownCloud I worked as a researcher at the University of Stuttgart, so this was the first time I was working as a full-time software engineer on a real-world project. I also didn’t write any noteworthy PHP code before. But thanks to a awesome community I got really fast into all the new stuff and could speed up my contributions. During the following years I worked on many different aspects of ownCloud, from sharing, over files versions to the deleted files app up to a complete re-design of the server-side encryption. I’m especially happy that I could contribute substantial parts to a feature called “Federated Cloud Sharing”, from my point of view one of the most important feature to move ownCloud to the next level. Today it is not only possible to share files across various ownCloud servers but also between other cloud solutions like Pydio.

But the technical part is only a small subset of the great experience I had over the last four years. Working with a great community is just amazing. It is important to note that with community I mean everyone, from co-workers and students to people who contributed great stuff to ownCloud in their spare time. We are all ownCloud, there should be no distinction! We not only worked together in a virtual environment but meet regularly in person at Hackathons, various conferences and at the annual ownCloud conference. I met many great people during this time which I can truly call friends today. I think this explains why ownCloud was never just a random job to me and why I spend substantial parts of my spare time going to conferences, giving talks or helping at booths. ownCloud combined all the important parts for me: People, Free Software, Open Standards and Innovation.

Today I have to announce that I will move on. May, 25 was my last working day at the ownCloud company. This is a goodbye and thank you to ownCloud Inc. for all the opportunities the company provided to me. But it is in no way a goodbye to all the people and to ownCloud as a project. I’m sure we will stay in contact! That’s one of many great aspects of Free Software. If it is done right a initiative is much more than any company which might be involved. Leaving a company doesn’t mean that you have to leave the people and the project behind.

Of course I will continue to work on Free Software and with great communities, especially I have no plans to leave the ownCloud community. Actually I hope that I can even re-adjust my Free Software and community focus in the future… Stay tuned.

Wednesday, 25 May 2016

Patch for the CLI password manager “pass”

things i made | 21:47, Wednesday, 25 May 2016

I use Pass (https://www.passwordstore.org/) to store and synchronize all my passwords.

When I use Pass via SSH on a remote system in order to retrieve a password, I cannot make use of it’s clipboard feature. In order to output the password without actually displaying it, I wrote the following patch which prints the password in red on a red background while still being able to be manually copied to the clipboard:

https://gist.github.com/exitnode/73065c7ecf3c2e5bb77cef5a8563b86e

Tuesday, 24 May 2016

Is this the end of decentralisation?

fsfe - Bits of Freedom | 09:03, Tuesday, 24 May 2016

Is this the end of decentralisation?

I've been sitting on these thoughts for some time, but after not progressing in my thoughts more for a week or two, I'd love to share them with you. You may recall Moxie's blog post about how the software ecosystem is constantly moving and what this means for decentralised services.

Signal, which is developed by Moxie and Open Whisper Systems, is a tool for secure messaging between mobile devices. It has faced criticism since Signal is built on a centralised platform. The criticism was fueled even further by an idea that LibreSignal, an independent build of Signal, would not be able to federate and talk to the Signal servers.

In a response to this critique, Moxie wrote about how he feels that innovation can not happen as quickly and easily as needs be with federated and decentralised structures. To prove his point, he argued that the premise that the internet could not have gotten to where it is without interoperable and federated protocols is false.

We got to the first production version of IP, and have been trying for the past 20 years to switch to a second production version of IP with limited success. We got to HTTP version 1.1 in 1997, and have been stuck there until now. Likewise, SMTP, IRC, DNS, XMPP, are all similarly frozen in time circa the late 1990s. That's how far the internet got. It got to the late 90s. - Moxie Marlinspike

I would postulate that Moxie is right in his reasoning, but that his reasoning misses the larger picture. If I'm right, we're a year or a bit away from a federated structure for secure messaging. And we'd have gotten there thanks to Moxie and his work.

It all has to do with infrastructures.

Infrastructures for communication depend on having a larger user base. The more users you have signing up, the more likely it will be that someone you meet and want to communicate with is using the same communications infrastructure. Once you get a significant portion -- I would estimate some 30-50% -- of a community to use your infrastructure, it will be very difficult for the remaining 50-70% of the community to stay away from using the same infrastructure. You'll automatically attract more users by sheer necessity of communication.

If you have the right users, you can get away with significantly less than 30-50%: you can benefit from the majority illusion, but even that will only take you so far. No one can reasonably expect to develop (and control!) clients which are suitable for everyone's use, and the user base is limited by it. Open Whisper Systems is nowhere near such a user base, and there's tremendous growth potential in Signal still, but it may soon start to be difficult to see the same growth as it has to date.

Facebook, to take another popular example, doesn't have the same limit. Not because they have more resources, but because they use a communication technology (the web) which is based on the 90s technology which Moxie finds so troublesome. It's the common denominator for pretty much everyone using the web today, which is what makes it powerful. Despite mobile phones, I'd argue that Facebook became what it is due to them using a communication protocol which was not theirs, but a common standard. Had they enforced control over the clients used to connect, they would probably not have scaled in the way they did.

For communication infrastructure which should scale, we need common standards which everyone can use. For other software, which does not depend on scale, the standards aren't as important: it could be perfectly fine to have just one client for your tax software, as long as that's open source.

But this is also a matter of maturity: when a field is being established, it helps to have control over everything. As it grows, open standards and decentralisation become more important and people start to expect it to scale and grow wider. Nothing is as irritating as having a client for encrypted SMS and not being able to communicate with your friend, just because she happens to use a different program.

When those expectations mount, the need for a proper response will grow, and that response will be a decentralised structure which does not depend on control over individual applications.

But where Moxie and Open Whisper Systems finds themselves today is very natural. They are where every new infrastructure starts: in the establishment phase, where several actors independently of each other work within their own communities to build similar infrastructures with limited or no need for interoperability or decentralisation.

Our train lines started out the same way, with multiple train companies establishing and building complete tracks with stations and trains. Electricity was locally sourced and under the control of the local electrical company. Telegraph lines were point to point and operated individually. As was telephone networks, where you had a massive amount of local telephone companies operating in different communities.

Until it wasn't any more. All of these infrastructures are now, to various degrees, federated. You may have multiple providers operating parts, but they are all interconnected, because the need for interoperability trumps the need for centralisation.

Moxie is right in his reasoning, and his conclusion is understandable based on where the field is today. And even if, as Moxies puts it:

... at this point it seems that it will have to do.

The ecosystem is moving, as is the environment in which it operates. Put a reminder in your calendar a year from now and revisit the situation then: at that point of time, the ecosystem will have moved, the environment around it will have moved, and I'd be greatly surprised if it hadn't inched closed to a federated structure.

Is this the end of decentralisation?

free software - Bits of Freedom | 09:03, Tuesday, 24 May 2016

Is this the end of decentralisation?

I've been sitting on these thoughts for some time, but after not progressing in my thoughts more for a week or two, I'd love to share them with you. You may recall Moxie's blog post about how the software ecosystem is constantly moving and what this means for decentralised services.

Signal, which is developed by Moxie and Open Whisper Systems, is a tool for secure messaging between mobile devices. It has faced criticism since Signal is built on a centralised platform. The criticism was fueled even further by an idea that LibreSignal, an independent build of Signal, would not be able to federate and talk to the Signal servers.

In a response to this critique, Moxie wrote about how he feels that innovation can not happen as quickly and easily as needs be with federated and decentralised structures. To prove his point, he argued that the premise that the internet could not have gotten to where it is without interoperable and federated protocols is false.

We got to the first production version of IP, and have been trying for the past 20 years to switch to a second production version of IP with limited success. We got to HTTP version 1.1 in 1997, and have been stuck there until now. Likewise, SMTP, IRC, DNS, XMPP, are all similarly frozen in time circa the late 1990s. That's how far the internet got. It got to the late 90s. - Moxie Marlinspike

I would postulate that Moxie is right in his reasoning, but that his reasoning misses the larger picture. If I'm right, we're a year or a bit away from a federated structure for secure messaging. And we'd have gotten there thanks to Moxie and his work.

It all has to do with infrastructures.

Infrastructures for communication depend on having a larger user base. The more users you have signing up, the more likely it will be that someone you meet and want to communicate with is using the same communications infrastructure. Once you get a significant portion -- I would estimate some 30-50% -- of a community to use your infrastructure, it will be very difficult for the remaining 50-70% of the community to stay away from using the same infrastructure. You'll automatically attract more users by sheer necessity of communication.

If you have the right users, you can get away with significantly less than 30-50%: you can benefit from the majority illusion, but even that will only take you so far. No one can reasonably expect to develop (and control!) clients which are suitable for everyone's use, and the user base is limited by it. Open Whisper Systems is nowhere near such a user base, and there's tremendous growth potential in Signal still, but it may soon start to be difficult to see the same growth as it has to date.

Facebook, to take another popular example, doesn't have the same limit. Not because they have more resources, but because they use a communication technology (the web) which is based on the 90s technology which Moxie finds so troublesome. It's the common denominator for pretty much everyone using the web today, which is what makes it powerful. Despite mobile phones, I'd argue that Facebook became what it is due to them using a communication protocol which was not theirs, but a common standard. Had they enforced control over the clients used to connect, they would probably not have scaled in the way they did.

For communication infrastructure which should scale, we need common standards which everyone can use. For other software, which does not depend on scale, the standards aren't as important: it could be perfectly fine to have just one client for your tax software, as long as that's open source.

But this is also a matter of maturity: when a field is being established, it helps to have control over everything. As it grows, open standards and decentralisation become more important and people start to expect it to scale and grow wider. Nothing is as irritating as having a client for encrypted SMS and not being able to communicate with your friend, just because she happens to use a different program.

When those expectations mount, the need for a proper response will grow, and that response will be a decentralised structure which does not depend on control over individual applications.

But where Moxie and Open Whisper Systems finds themselves today is very natural. They are where every new infrastructure starts: in the establishment phase, where several actors independently of each other work within their own communities to build similar infrastructures with limited or no need for interoperability or decentralisation.

Our train lines started out the same way, with multiple train companies establishing and building complete tracks with stations and trains. Electricity was locally sourced and under the control of the local electrical company. Telegraph lines were point to point and operated individually. As was telephone networks, where you had a massive amount of local telephone companies operating in different communities.

Until it wasn't any more. All of these infrastructures are now, to various degrees, federated. You may have multiple providers operating parts, but they are all interconnected, because the need for interoperability trumps the need for centralisation.

Moxie is right in his reasoning, and his conclusion is understandable based on where the field is today. And even if, as Moxies puts it:

... at this point it seems that it will have to do.

The ecosystem is moving, as is the environment in which it operates. Put a reminder in your calendar a year from now and revisit the situation then: at that point of time, the ecosystem will have moved, the environment around it will have moved, and I'd be greatly surprised if it hadn't inched closed to a federated structure.

Monday, 23 May 2016

PostBooks, PostgreSQL and pgDay.ch talk

DanielPocock.com - fsfe | 17:35, Monday, 23 May 2016

PostBooks 4.9.5 was recently released and the packages for Debian (including jessie-backports), Ubuntu and Fedora have been updated.

Postbooks at pgDay.ch in Rapperswil, Switzerland

pgDay.ch is coming on Friday, 24 June. It is at the HSR Hochschule für Technik Rapperswil, at the eastern end of Lake Zurich.

I'll be making a presentation about Postbooks in the business track at 11:00.

Getting started with accounting using free, open source software

If you are not currently using a double-entry accounting system or if you are looking to move to a system that is based on completely free, open source software, please see my comparison of free, open source accounting software.

Free and open source solutions offer significant advantages: flexibility, businesses can choose any programmer to modify the code, and use of SQL back-ends, multi-user support and multi-currency support are standard. These are all things that proprietary vendors charge extra money for.

Accounting software is the lowest common denominator in the world of business software, people keen on the success of free and open source software may find that encouraging businesses to use one of these solutions is a great way to lay a foundation where other free software solutions can thrive.

PostBooks new web and mobile front end

xTuple, the team behind Postbooks, has been busy developing a new Web and Mobile front-end for their ERP, CRM and accounting suite, powered by the same PostgreSQL backend as the Linux desktop client.

More help is needed to create official packages of the JavaScript dependencies before the Web and Mobile solution itself can be packaged.

Workshop on standardised fingerprints

free software - Bits of Freedom | 11:37, Monday, 23 May 2016

Workshop on standardised fingerprints

The algorithms I've worked on in the Elog.io and Videorooter projects all aim to make visual identification of photographs and videos possible with the use of fingerprints: two videos which are the same, but in different encoding formats, should ideally generate the same fingerprint.

In September, Kennisland and Commons Machinery is inviting to a workshop on standardising hashing, with the intent of bringing others who do similar work together. We're far from the only ones doing fingerprint algorithms for photographs and videos, and we'd like to bring as many people as possible together to discuss joinly how we can move the field forward and what the opportunities there are for more collaboration.

If you're interested in algorithms for fingerprinting videos and photographs, and ideally if you've worked on such algorithms yourself, check out the announcement.

Sunday, 22 May 2016

Comments closed

things i made | 18:14, Sunday, 22 May 2016

Dear visitor,

I’m sorry but I had to disable new comments on posts since I’m not able to answer them at the moment. I will reactive commenting as soon as it will be possible for me to react in a timely manner.

Friday, 20 May 2016

Report of the local FSFE meeting in Frankfurt on May 4

Being Fellow #952 of FSFE » English | 11:35, Friday, 20 May 2016

At the last FSFE meeting in Frankfurt, we planned to work mainly on the Free Software flyers which we adopted from the local group in Munich. Unfortunately, three of the six persons who showed up were not aware that this was meant to be a “workshop” and didn’t bring any equipment for it.

For the future, I guess we have to communicate this a little better. And as some time sensitive topics were added to the agenda we couldn’t work on the flyers as much as we wanted to.

FS Flyer

We did manage to get “something” done on the flyers though. Main topics and findings were:

  • What is important to people? How can we stress this on the intro page? (political aspects, security, gratis, usability, …)
  • The old (and tiring argument FS vs OS. I pointed to Björns article about the issue.
  • How to tackle common preconceptions like “it can’t be as good if it doesn’t cost anything”.
  • and we found a few outdated links and that Lightning calender is now part of Thunderbird

Workshops/Cryptoparty at insurance company

As a follow-up to a talk Michael Stehmann gave at an insurance company, we were asked if we could provide more workshops and talks related to Free Software as there seems some interest among the employees.

Linux Presentation Day

As agreed on earlier, we decided not to come up with our “own” events for LPD but rather support existing events in the area. This will not only bundle the limited resources for these events but also strengthen the network of active people.

Acitivites in a nearby school

There will be a “project week” in a nearby school. We may end up organizing a talk about FS and/or a cryptoparty.

Upcomming Workshop at the Goethe-University in Frankfurt

I’ve been invited to a workshop at the university to talk about Free Software in education and asked the participants for imput for this.

Düsseldorf

We summarized the discussions of the last few weeks about the closure of the FSFE office in Düsseldorf and related topics.

Miscelanious

  •  FSFE wiki migration
  • Kolab can handle MS exchange
  • “half free” GNU/Linux distros and should they even be advertised
  • a little MS Windows bashing :)
  • Email encryption for mailinglists
  • de-mail
  • Steed

That’s what my notes reveal to me. The next meeting will take place on June 7 in Wiesbaden. We’ll visit the CCC MZ/WI on their “open day”.

See you then!

flattr this!

Thursday, 19 May 2016

OSCAL 2016: A role model for community events

PB's blog » en | 10:36, Thursday, 19 May 2016

This year, I had the honor of being invited to give a talk and workshop at the “Open Source Conference ALbania” (OSCAL) in Tirana, again.
It was simply amazing. Again.

Over the years, I’ve attended many conferences of this kind – as speaker, as well as a visitor.
Yet, the OSCAL-experience from 2015 was quite outstanding in my memory – so my expectations to meet were even higher this year ;)

Community events need the right atmosphere:

Firstly, it’s amazing how well the voluntary team of organizers takes care of the speakers:
They’re not only incredibly nice, friendly and helpful wherever they can, but they just made every single one of us feel appreciated, welcome and being looked after.
It was the most amazing “all-awesome-feelaround-package”, even including pick-up from the airport, and a nice goodie-present with local delicacies.

Maybe it sounds strange to mention this, but this is a community event. Not a trade-show. (Although, there are business opportunities and networking connections to be made there too, of course)

I’ve seen other events like this, were the organizers had not understood that they’re mostly dealing with volunteers (also on the speaker side), who put a lot of their spare-time into this. I’ve been to events where they made you feel like a solicitant. Like you had to serve the organizers and be grateful that you were “allowed” to contribute.
This makes you feel bad – and in consequence, it makes people less interested, less cooperative, less open and greatly reduces the interest of participating next time.

The OSCAL team understood this, and managed to create a great event, where participants as well as contributors felt great:

This encourages people to embrace the ideas of Software Freedom even more, as it generates a great atmosphere where people want to ask, participate, communicate, collaborate and exchange themselves about ideas, projects and visions.

A wide range of interesting subjects:

The conference itself was well-organized, with multiple tracks of presentations, workshops and even “birds of feathers” (BoF) rooms, where participants could arrange ad-hoc meetings or working-groups on different topics.
The selection of topics covered a wide range of interesting subjects – ranging from programming, office or audiovisual – to graphics design.
The FSFE had an info-table with information material, and me standing there, offering additional information where needed.

Tech: Not only a male thing!

Something else thing that makes OSCAL special, is that the male/female ratio seems to be the inverse of what you usually see in our western world:
Just like last year, there were at least as many girls as guys!
Many of the girls there are studying computer science, programming or other subjects – and they’re having great fun.
Check out the speakers list, to see for yourselves.

Usually I keep hearing that “technical stuff is only interesting for men”, or even worse: “women can not understand these things” (and even some female friends of mine believe that).
OSCAL not only proves that this is complete nonsense.
At other “nerd events”, I’ve seen that girls might feel uncomfortable: Not only, because they stand out as rare exception, but also because some guys seem to not take them fully seriously – or even say inappropriate things to them…

So, OSCAL also stands out as a role model here again, when you see how people respectfully interact with each other – regardless of their sexual gender.
Therefore, I’d encourage the rest of the world to learn from Tirana how gender-equality is done better :)

After spending only this short time there, I learned that Albanian people will always find a way to make things happen.
You emerge in a world and atmosphere where you feel that anything is possible, if you envision it – and this again attracts and inspires others.

Looking forward to OSCAL 2017! :D

Tuesday, 17 May 2016

Are you the FSFE's next intern?

fsfe - Bits of Freedom | 14:38, Tuesday, 17 May 2016

Are you the FSFE's next intern?

One of the advantages of our ticket system in the FSFE, which we now use to manage among other things our internship applications, is that it's very easy to get an overview. I just extracted a report of our internship applications for the past month.

Since the 18th of April, we've had 29 applications for an internship or traineeship. Among those, we've accepted 1 (one!) who will start her internship now in the end of the month. Most of the applications we get sadly do not make the cut.

We have to prioritise among the applications, and we tend to prioritise those who've shown a previous commitment to free software, and who we think would benefit the most from an internship. Working with the FSFE is a challenge: as an intern, you are not only encouraged, but expected, to participate in and lead our work. It's a true learning by doing experience.

Each intern is also an investment from our side. We believe in what we do, and we believe that giving people experience from working on political, technical and social issues in a non-profit organisation is one of our most useful activities. As such, we invest significant time and effort into each intern, which is also why we limit the number of concurrent interns to what the organisation can actually manage at any one time.

Each year, we accept somewhere between three and six interns and trainees, a bit depending on the number of applications we receive and the relevance of them. If current trends continue, this means an acceptance rate of about 1,7% of all applications. Or put in a different way: it means that for every intern we accept, we decline 58 others.

Here are some hints, if you want to be the FSFE's next intern:

  • Motivational letters help, especially if you show that you've done your homework and read up on our activities beforehand so you can relate them to your own experience and interests.
  • Be careful about reading through the requirements for our internship. It wastes time for both you and us if you apply and we get into a discussion, only to find out we can not accept you due to the internship not being required by your university1.
  • References aren't as important as you may think. It's more important how you present yourself, and what previous experience you can show for.
  • Previous experience in Free Software isn't a strict necessity, but you must definitely know something of the field of free and open generally, and the stronger background you have in this regard, the more useful an internship will be for you.

Good luck with your application!

  1. We have a separate traineeship program which has less formal requirements, but it comes at a more significant cost for us, and we can not accept as many as we want. If you're interested in sponsoring our work so we can increase the number of trainees we accept, I'd love to talk to you!

Are you the FSFE's next intern?

free software - Bits of Freedom | 14:38, Tuesday, 17 May 2016

Are you the FSFE's next intern?

One of the advantages of our ticket system in the FSFE, which we now use to manage among other things our internship applications, is that it's very easy to get an overview. I just extracted a report of our internship applications for the past month.

Since the 18th of April, we've had 29 applications for an internship or traineeship. Among those, we've accepted 1 (one!) who will start her internship now in the end of the month. Most of the applications we get sadly do not make the cut.

We have to prioritise among the applications, and we tend to prioritise those who've shown a previous commitment to free software, and who we think would benefit the most from an internship. Working with the FSFE is a challenge: as an intern, you are not only encouraged, but expected, to participate in and lead our work. It's a true learning by doing experience.

Each intern is also an investment from our side. We believe in what we do, and we believe that giving people experience from working on political, technical and social issues in a non-profit organisation is one of our most useful activities. As such, we invest significant time and effort into each intern, which is also why we limit the number of concurrent interns to what the organisation can actually manage at any one time.

Each year, we accept somewhere between three and six interns and trainees, a bit depending on the number of applications we receive and the relevance of them. If current trends continue, this means an acceptance rate of about 1,7% of all applications. Or put in a different way: it means that for every intern we accept, we decline 58 others.

Here are some hints, if you want to be the FSFE's next intern:

  • Motivational letters help, especially if you show that you've done your homework and read up on our activities beforehand so you can relate them to your own experience and interests.
  • Be careful about reading through the requirements for our internship. It wastes time for both you and us if you apply and we get into a discussion, only to find out we can not accept you due to the internship not being required by your university1.
  • References aren't as important as you may think. It's more important how you present yourself, and what previous experience you can show for.
  • Previous experience in Free Software isn't a strict necessity, but you must definitely know something of the field of free and open generally, and the stronger background you have in this regard, the more useful an internship will be for you.

Good luck with your application!

  1. We have a separate traineeship program which has less formal requirements, but it comes at a more significant cost for us, and we can not accept as many as we want. If you're interested in sponsoring our work so we can increase the number of trainees we accept, I'd love to talk to you!

Blogs and other infrastructures

fsfe - Bits of Freedom | 07:24, Tuesday, 17 May 2016

Blogs and other infrastructures

The proverb says that necessity is the mother of invention, and while I wouldn't call what happened today a major invention, it was at least a necessity. For about a month, one of the servers of the FSFE has been crashing randomly, necessitating us to press the button to restart it regularly. It's been particularly troublesome as the server in question has housed our blog setup, our web pages and svn repositories. From a communications perspective, this is one of the three pillars of the organisation (the other pillars being email and XMPP).

In our new virtualisation environment (think of this as the FSFE's private cloud - but remember there is no cloud), this wouldn't be a problem: the servers would migrate to a new host and restart there. But the services I mentioned run on older hardware and haven't been migrated yet. And they still have to be migrated, more so now than ever, but there's a silver lining to these events, and that silver lining is due to our amazing volunteers.

A while ago, I started talking to a smaller group of people regarding our blog platform. This is a service we provide to our volunteers to give them a place to write about their explorations of free software and their work in the FSFE. Our blog platform, however, has been in a dire state and not only needing to be migrated, but also upgraded in the process. My original thought had been to migrate away from offering blogs, but I was convinced otherwise, for two very important reasons.

One, a volunteer stepped forward and offered to coordinate a volunteer team to focus on maintaining the blog platform, turning this service into a service run by the volunteers, for the benefit of other volunteers. This is an excellent development, and we're just starting to send out the invitations to join this volunteer team for anyone who's interested in blog platform hosting. Which leads me to the second reason why I'm excited about this.

Two, hosting a service is a good learning experience. If you're interested in devops or system administration, hosting your own blog is a way of learning the tips and tricks of the trade. Hosting a blog platform for hundreds, potentially thousands, of others, is even more so. And this is what the FSFE can offer: an ability for interested individuals to join in and work practically in volunteer teams to further their skills.

This is something we've always done with the FSFE's internships and I'm excited we're now at a point where we can successfully do the same in other ways.

If you're interested in helping out with our blog platform team, get in touch with our system administrators at system-hackers (obvious-at) fsfeurope.org or just reach out to me about it. While this team is getting up to speed, I've meanwhile migrated the blogs and svn repositories from the faulty computer to another computer. This squeezes the services together on a slower machine, so everything will run a bit slower, but it will hopefully at least not crash.

Blogs and other infrastructures

free software - Bits of Freedom | 07:24, Tuesday, 17 May 2016

Blogs and other infrastructures

The proverb says that necessity is the mother of invention, and while I wouldn't call what happened today a major invention, it was at least a necessity. For about a month, one of the servers of the FSFE has been crashing randomly, necessitating us to press the button to restart it regularly. It's been particularly troublesome as the server in question has housed our blog setup, our web pages and svn repositories. From a communications perspective, this is one of the three pillars of the organisation (the other pillars being email and XMPP).

In our new virtualisation environment (think of this as the FSFE's private cloud - but remember there is no cloud), this wouldn't be a problem: the servers would migrate to a new host and restart there. But the services I mentioned run on older hardware and haven't been migrated yet. And they still have to be migrated, more so now than ever, but there's a silver lining to these events, and that silver lining is due to our amazing volunteers.

A while ago, I started talking to a smaller group of people regarding our blog platform. This is a service we provide to our volunteers to give them a place to write about their explorations of free software and their work in the FSFE. Our blog platform, however, has been in a dire state and not only needing to be migrated, but also upgraded in the process. My original thought had been to migrate away from offering blogs, but I was convinced otherwise, for two very important reasons.

One, a volunteer stepped forward and offered to coordinate a volunteer team to focus on maintaining the blog platform, turning this service into a service run by the volunteers, for the benefit of other volunteers. This is an excellent development, and we're just starting to send out the invitations to join this volunteer team for anyone who's interested in blog platform hosting. Which leads me to the second reason why I'm excited about this.

Two, hosting a service is a good learning experience. If you're interested in devops or system administration, hosting your own blog is a way of learning the tips and tricks of the trade. Hosting a blog platform for hundreds, potentially thousands, of others, is even more so. And this is what the FSFE can offer: an ability for interested individuals to join in and work practically in volunteer teams to further their skills.

This is something we've always done with the FSFE's internships and I'm excited we're now at a point where we can successfully do the same in other ways.

If you're interested in helping out with our blog platform team, get in touch with our system administrators at system-hackers (obvious-at) fsfeurope.org or just reach out to me about it. While this team is getting up to speed, I've meanwhile migrated the blogs and svn repositories from the faulty computer to another computer. This squeezes the services together on a slower machine, so everything will run a bit slower, but it will hopefully at least not crash.

Friday, 13 May 2016

Briar – Next Step of The Crypto Messenger Evolution

Free Software – | 14:11, Friday, 13 May 2016

Who still remembers ICQ, AIM and MSN? My first messenger was ICQ and I liked the fact that it was instant. In those days, I didn’t think much about security and was probably too young anyway. We can count ourselves lucky if those tools even used transport encryption. This means that our messages are encrypted on the way from our computer to the server, so nobody can see the content of the messages while they are in transit.

Whoever has access to the server however can know the content since all messages get decrypted as soon as they arrive at the server and then encrypted again before they leave the server for the recipient.

Those days are long gone. We have smartphones now and there are plenty of new apps that replaced the instant messengers of the past. Many of those apps haven’t even used simple transport encryption in the beginning and have been criticized for it. Security became a selling point and even more so after Snowden’s revelations. So let’s fast-forward a bit.

Transport Encryption

Transport Encryption

Recent Security Innovations

Many companies have finally realized that if they have our messages in plain text, they attract others who also want those messages. The most powerful of those adversaries have ways to get hold of our conversations, be it by hacking into the servers or by using the law. So the service providers started to deploy end-to-end encryption similar to what PGP does for email. In contrast to transport encryption, end-to-end encryption ensures that the message can only by read by its sender and the intended recipient. It is never decrypted along the way and if stored on a server, even the server’s owner can not read the messages.

End-to-End Encryption

End-to-End Encryption

That is at least the idea. It needs to be implemented properly and you need to make sure that nobody else gets access to the private keys that secure the communication. As soon as that happens and an adversary has your private key, he can decrypt all your past communication. That is why the concept of forward-secrecy has been introduced. It prevents exactly that from happening by encrypting your communication with fresh session keys as often as possible. These ephemeral keys can not be broken, even if the adversary gets hold of your long term private key.

Looking at Some Popular Messengers

TelegramLet’s look at some messaging apps that people use today. There’s Telegram for example. It uses only transport encryption by default. Then it even stores all your messages on their server, so that when you reinstall the app on another phone, you get all your messages back. How convenient! But that also means that whoever has access to Telegram’s server (or manages to register with your phone number) gets access to all your conversations as well.

Telegram has a secret chat mode as well that you need to activate specifically to gain end-to-end encryption and forward-secrecy. People who know more about cryptography than me have looked into their crypto and even they don’t know exactly what Telegram is doing there. Although, there is no known weakness of the “secure” chats, I personally wouldn’t even trust those to be secure.

SignalThen there’s Signal. That’s what everybody (including Edward Snowden) is recommending and it is great. The signal crypto protocol (formally called Axolotl) is awesome. It finally solves many tricky problems that made using good encryption so difficult for so long. For example, if you need a private key to secure your communication and you want to chat from a different device with the same account, how do you get your private key to your other device? How do you communicate asynchronously with somebody who might be offline and therefore can not do a key exchange? All these problems, the Signal protocols solves elegantly.

With Signal, the crypto is solid and gets out of your way. It is easy to use and secure by default. That is why everybody is recommending it and depending on your threat model, I would recommend it as well.

WhatsAppThen there’s WhatsApp which is the messenger that most people use. It had big security problems in the past, but got a lot better. They contracted Moxie Marlinspike from Signal who helped them to implement the Signal protocol. It got activated for WhatsApp on Android a while ago already and recently was activated on iPhones as well. That’s great since it brought strong and good end-to-end crypto to billions of people.

Unfortunately, WhatsApp is not Free Software, so we can not inspect the source code, make sure it is good and we can’t build our own version of WhatsApp to make sure the source code actually corresponds to the binary. It would be easy for WhatsApp to ship an update that leaks information and conversations from people that law enforcement is currently interested in. Would it be Free Software with reproducible builds like Signal is, that wouldn’t be possible. So security-wise WhatsApp is probably still better than Telegram, but I still wouldn’t trust it.

Like with Telegram’s secret chats, Signal and WhatsApp also give you the ability to make sure the person you are talking to is actually who you think you are talking to. Let me call this Authentication. It is typically done by scanning a QR code or comparing a digital fingerprint. Most messengers use a trust-on-first-use (TOFU) approach which means that your contact is considered to be authenticated from the beginning. You can only discover that you are actually talking to a man-in-the-middle when you scan the QR code.

WhatsApp does not even warn you by default when your contacts’ keys change. This enables an attacker to take over your WhatsApp account with a hijacked SMS and see what people are writing you.

So to summarize, when assessing the security of messengers, we are typically looking at these criteria:

  • End-to-End Encryption
  • Authentication
  • Forward-Secrecy
  • Free Software

If you are interested in knowing whether your favorite messenger fulfills these criteria or not, check out EFF’s Secure Messaging Scorecard.

Centralization vs. Federation

Centralized Architecture

Centralized Architecture

The basic architecture of all the popular messengers is monolithic and centralized. There’s one server (or a cluster of those) that everybody has to connect to. These services are walled gardens where the company running the service has total control over what’s happening. They can not only hand out your metadata, but also exclude you from using the service cutting you off from all your friends. They can require you to use only their non-free software, show you their ads, etc. But even if they don’t bother you and just let you use their service, others have an easy time to block a centralized service entirely. Like Brazil did when WhatsApp couldn’t disclose the information Brazilian judges wanted, because the suspects were already using WhatsApp with end-to-end encryption.

That is why federated architectures have been popular once. The most famous example for that is email. There’s not only Gmail, but many other email servers in the world. You can choose the email provider you like. Everybody is free to open one and it will just work with all the others. You can send emails to everybody no matter on which server they are and nobody can exclude you from using email or dictate the software you have to use.

Federated Architecture

Federated Architecture

The equivalent to that in the messaging world is XMPP or Jabber. It works great and was once even supported by Facebook, Google and Microsoft. But they have decided again that walled-gardens are better for their business model, so they dropped XMPP like a hot potato. Signal supported federation initially, but decided that it can not make changes fast enough to stay competitive if it has to federate with others.

What about security with XMPP? Well, it is like with email. In the beginning, it was just (optional) transport encryption and even today many servers exchange messages with each other unencrypted or at least potentially unencrypted. Security had to be added later on top of what was already there. For email that was PGP, for Jabber it was OTR. When it came out, it was great. Good security properties and even does deniability. Many people are still recommending it today, but the truth is that it is a pain to use especially when you have more than one device. It also requires both parties to be online when they want to chat encrypted and is just not well integrated in the overall chat experience.

OTR is nowhere near the ease of use the Signal protocol offers, but thankfully the latter has been brought to the XMPP world under the name of OMEMO by the Conversations team. Conversations is an Android app for XMPP. Actually, it is the best XMPP app I know. Give it a try! Unfortunately, OMEMO is not activated by default since many people still use XMPP without it. But this will hopefully change soon. Then Conversations will be a good match to the centralized competition.

What is missing?

So we came a long way and now have better and more secure tools to use than we had just a year ago. That’s great, but we can still do better.

Even if the server can’t read your messages anymore due to end-to-end encryption, it still knows who your friends are and how often you talk to them. That’s usually called metadata and can be more dangerous than the content of the messages. It can be used to map entire social groups and to identity its key people. We know that there’s organizations on this world that kill people based on metadata. So if your adversaries include these organizations and you still like to communicate, you’ve got a problem.

While federation is great in principle, it is not perfect. While a lot harder to censor and block, the metadata is still there and is even seen by more servers. Heck, you still need somebody to run a server for you. Why? Aren’t we all equal in the internet? Couldn’t we connect directly to each other without the need for servers?

Peer-to-Peer Architecture

Peer-to-Peer Architecture

That is exactly what a decentralized architecture or peer-to-peer does. You might know that from Bittorrent. It works great there, why not for messaging as well? After all a message is a lot smaller than a HD movie. Do we really need servers that keep track of our activities? Maybe not, let’s find out!

But first, let’s extend the list of criteria for evaluating messengers. We’ve got messengers that fulfill the earlier criteria already, so let’s raise the bar:

  • End-to-End Encryption
  • Authentication
  • Forward-Secrecy
  • Free Software
  • Censorship Resistant
  • No Metadata

Most messengers currently fail at the last two criteria.

Meet Briar

BriarNow it is time to finally meet Briar which does work completely peer-to-peer without the need for servers and is all about protecting your metadata. It is fully Free Software and utilizes end-to-end encryption with forward secrecy.

Briar doesn’t require you to upload your entire address book to someone’s server. In fact, it doesn’t even allow that to not disclose your metadata. Instead, it goes back to the good old personal connections. You add your first contacts by meeting them face-to-face to establish maximum trust by scanning each others QR codes. Your communication is authenticated right from the start and you can always be sure who you are talking to.

screenshot_add_contactThose who can not meet in person can be introduced by a common friend. This way a web-of-trust is built naturally without needing to manually sign any keys. Others options to add contacts will be added later.

Briar never makes direct connections to your contacts. This would leak metadata. Instead, it runs a Tor Hidden Service on your phone and connects to your contact’s hidden services through the Tor network which anonymizes your connections. An outside observer can not say who is talking to who. They just see that you are making a connection into the Tor network, but that’s all. You could call Briar a Darknet Messenger if you are into this term.

But Briar even works without Internet by using Bluetooth or WiFi. When your contacts are near, Briar recognizes them and establishes a secure connection over which it transmits all messages. So even when the Brazilian government shuts down the mobile internet to inhibit protests during the Olympics, people can still communicate using Briar. It provides maximum defenses against censorship and blocking.

Pigeon

You can even exchange messages via SD cards.

Let me reiterate: With Briar, your data is not stored somewhere in the “cloud” one someone else’s computer, but only encrypted on your device. You choose with whom you share what data and nobody knows with whom you are sharing it with. Takedown orders can have no effect, because every user in a forum for example keeps a copy of its content, so there is no single point where a forum post can be deleted. Also, there can be no denial of service attacks, because Briar has no central server to attack, and everyone has access to all content even if offline.

diagram_secure

Briar’s goal is to “enable people in any country to create safe spaces where they can debate any topic, plan events, and organize social movements”. To do this, it needs to be much more than just a messenger and it is! Its architecture is quite generic and it allows for all sorts of other applications to be built on top of it. Messaging is just the first easy show-case application, but of course an important one.

When can I try it myself? Briar is not ready yet. Have a look at the roadmap and the wiki for documentation and ways to help us to get a public beta out faster. Of course, you can always compile the source code yourself if you are really curious. Otherwise, just spread the word a stay tuned for more!

 

Disclaimer: I am currently working part-time for Briar, so I might be biased on its awesomeness.

 

<script type="text/javascript"> (function () { var s = document.createElement('script'); var t = document.getElementsByTagName('script')[0]; s.type = 'text/javascript'; s.async = true; s.src = '/wp-content/libs/SocialSharePrivacy/scripts/jquery.socialshareprivacy.min.autoload.js'; t.parentNode.insertBefore(s, t); })(); </script>

FSFE summit: Why we extend the deadline (Now May 29)

English Planet – Dreierlei | 09:22, Friday, 13 May 2016

<figure class="wp-caption alignright" id="attachment_1334" style="width: 238px">(download large file)<figcaption class="wp-caption-text">(download large file) [1]</figcaption></figure>

tl;dr: The deadline of the Call for Participation for the first FSFE European summit is extended to May 29.

“It’s tough to make predictions, especially about the future.” (multiple sources [2]) And if you organize a large conference for the first time, you have to do a lot of tough predictions. How many people will attend? Who are the interested speakers? What is your community going to organize? A lot of questions whose answers sometimes depend on or influence each other. For example, if a lot of people attend, speakers get interested in talking. Or if the community organises interesting opportunities to share and learn, more people are likely to attend and so forth.

This leaves you with a hard time for fundraising. Because when you do your summit for the first time, you have nothing to show. The only thing you have is prediction but donors like to see numbers and names. That is why the QtCon-team decided for a short deadline in the first place. We needed to get some feedback to back our predictions.

Fortunately, we received hugh interest by the community and a number of very interesting submissions so far. This convinces us, that we are on a good way and that we will manage to raise enough funds for the project once the Agends is set. On the other hand, we received messages of people who like to submit a proposal but feel that the deadline is too short to prepare it properly.

Now that we feel strenghtened and backed by our community we like to give more people the chance to take part in the first FSFE European summit and decided to extend the deadline of our Call for Participation until May 29.

FSFEsummit 2016

Picture / Logo: http://polr.me/vfc – Hashtag: #FSFEsummit

[1] CC-BY-SA 2.0 by Erik Albers, based on CC-BY-SA 2.0 by Eva Rinaldi
[2] The origin seems to come from a Danish proverb and circulated from there.

Wednesday, 11 May 2016

Automated testing of algorithms

free software - Bits of Freedom | 18:03, Wednesday, 11 May 2016

Automated testing of algorithms

Some of the interesting work we do over at the Videorooter project is automated testing of algorithms. In short, we're ranking algorithms for visual matching of images and videos as per how well they perform. High accuracy and low number of false positives give a high mark. What's new is that we've connected this to the Github repositories, so when someone forks our code and changes it (potentially improving the algorithm), the automated tests are run.. well, automatically, and the performance of the new algorithm automatically included in our statistics.

Read more in my blogpost about testing algorithms over at the Videorooter project to learn more.

Monday, 09 May 2016

Call for Participation: FSFE European summit

English Planet – Dreierlei | 22:24, Monday, 09 May 2016

<figure class="wp-caption alignright" id="attachment_1319" style="width: 256px">Enlightening Europe<figcaption class="wp-caption-text">Enlightening Europe</figcaption></figure>Imagine a European Union that builds its IT infrastructure on Free Software. Imagine European Member States that exchange information in Open Standards and share their software. Imagine municipalities and city councils that benefit from decentralized and collaborative software under free licenses. Imagine no European is any longer forced to use non-Free Software.

This is the introduction of the Call for Participation of the first FSFE European Summit

Come and be part of an event where local activists gather to change Europe and its politics into using, creating and sharing free technology.

If you like to inspire, sent your submission until May 17

Save the date: September 2 – 4, 2016 – BCC Berlin, Germany
Hashtag: #FSFEsummit – Picture / Logo: http://polr.me/vfc

Sunday, 08 May 2016

One year ago…

Mario Fux | 08:10, Sunday, 08 May 2016

… I finally got my diploma for a study that took much longer than I first thought ;-) . But then with the knife at my throat (the old study model ran out and thus it was my last chance to finish) and great support of friends and family I found the time and energy to successfully finish and get my Master’s degree. The title of my diploma thesis was “Media Choice and the Media-Synchronicity-Theory – Development of an Instrument for the Study of selected Elements of MST for Free Software Communities” and here you find its English abstract:

This paper will analyse the media choice and media usage of Free Software communities and hence to draw conclusions for a more successful deployment of Computer-Supported Collaborative Learning (CSCL) in the area of education and school. After a history of ten years of CSCL in action, relevant failures and possible causes, we develop a questionnaire on the foundation of the Theory of Media Synchronicity from Dennis et al. (2008). The acertained data will be evaluated regarding the daily media usage on the one hand and the media choice in specific situations on the other hand. Additionally we are going to compare the data with the data of the study of Miller (2014) about "learning strategies and new media".
To validate the ideas of a more successful deployment of CSCL two concrete hypotheses will be established: 1. the characteristics in media usage und choice in Free Software communities and the preferred choice of asynchronous media when being longer within the community, and 2. the importance of email as communication media in these communities. The acertained data and its evaluation do not confirm the first hypothesis. But there are lots of results that confirm the second hypothesis.

Unfortunately this is the only English part of the diploma thesis besides the questionnaire. With this questionnaire I collected some data through a survey. Thanks everybody for participating in this survey and yesterday I finally informed the two lucky winners about their prices.

A paper that might be more interesting for you is the one about “KDE as an example of a Free Software community” from a social-educational perspective. In the appendix you find 9 longish IRC interviews with different people from the KDE community. There you might find some interesting insights and different perspectives.

PS: Oh and one of my sons has his birthday today so: Happy birthday little b.

flattr this!

Saturday, 07 May 2016

Pyra preorders

Elena ``of Valhalla'' | 12:30, Saturday, 07 May 2016

Pyra preorders

If you've met me at a conference you may have noticed that instead of a laptop I was using a handeld which looks like a laptop scaled down to nintendo DS size, the https://en.wikipedia.org/wiki/Openpandora.

I've used it as my main computing device while travelling for a few years, even for work (as a programmer)so happily that when EvilDragon announced at FOSDEM (link points to youtube video) https://www.youtube.com/watch?v=4T-w1KqrVsM that he was working on a successor device I started saving money for it even before I knew many details about the specs, other that they would have been way better than the Pandora ones (which is getting painful to use a browser on, because of its 256MB RAM).

Immagine/fotohttp://social.gl-como.it/photos/valhalla/image/5a9fdfadf33e40e9e3517b18ca7cba68

Now this successor device is almost ready, they have opened the preorders https://www.dragonbox.de/en/45-pyra, and they have already reached the absolute minimum number of orders for mass production and are almost there for a more reasonable number of 1000 devices, so if you want a chance to get one of the first batch devices now it's time to visit their store.

A few highlights, from my point of view, include:

* It will run Debian with just a custom kernel/bootloader (and a few configuration only packages): most of the kernel mods are being submitted upstream, so maybe one day there won't even be a need for this kernel (but e.g. with Pandora upstream didn't accept the custom way they managed the keyboard; on the Pyra the keyboard is managed in a more standard way, but there may be other similar issues).

* It has been designed with modularity in mind: the CPU board is socketed on the main board and in the future upgrades may require just replacing the CPU board. I haven't read the details on the actual licensing, but it seems that the hardware design will be open enough that 3rd party boards may also be a possibility.

* just like on Pandora: real keyboard. hardware analog volume wheel. Huge user-replaceable battery (I don't think that there are any independent reviews of the pyra battery yet, but the one on the Pandora is still able to go through a day of FOSDEM — i.e. alternating often between on with wifi and suspendend — and only go down to 50% or so charge). Stylus (and 3d-printed quill) friendly touchscreen. Long term support from the producer.

* The 4G version has been designed in such a way that the GSM modem can be actually turned off (just like on the https://neo900.org/)

There are of course a few bad parts:

* PowerVR. The good news is that there is a risk that no 3d drivers will be available at all, and this means that the Pyra has been tested and considered good enough with just (FOSS) software acceleration.

* The price: yes, it is expensive. I'm happy I've saved money in advance for it, otherwise I wouldn't have been able to afford it. Some of it is a problem of small production, some is actual product quality. If you consider that it can take the place of both a laptop (and small ones are getting quite expensive, now that netbooks have disappeared) and a smartphone (I don't do lots of voice calls) it will start going down from "oh so **** high" to "high, but not unreasonably so"

Disclaimer: I have preordered one, so I am interested in the success of the project because it will mean better software and better support for the device.

Edit: forgot the link to the press kit the images comes from http://cloud.openpandora.org/index.php/s/a0Q0TXV8gh5NLAC?path=%2F, which also includes more infos on specs etc.

Shaping a vision of the future

Blog – Think. Innovation. | 09:29, Saturday, 07 May 2016

I met Jesús Pérez, a friend of my wife, while on vacation on Tenerife. He invited to guide us on a trip on the island, driving up the 3000+ meters tall volcano El Teide. While enjoying the amazing Mars-like views up the mountains, we got talking about the things that really interest us.

Jesús is a sociologist, specializing in and writing about armed conflicts and security. He explained to me how he recently got more interested into the impact of high-tech on global civil developments. Reading about Tesla and its ambitious vision for global energy, he understood how developments like these are changing the landscape of geopolitical interests.

I continued about how I envisioned a future which I would like to see develop, with not just energy going from global to local distributed, but also manufacturing, construction and food growing. And how the Silicon Valley start-up/investment model is actually an outdated model limiting innovation, how the so-called next industrial revolution is actually something very different, the role of open source in this, what the Singularity folks believe and how a major prohibiter of new social structures is the current heritage of the global monetary system.

Then Jesús asked me: “Where can I find all this information?” I began listing some of the books and websites I read and follow, which helped me develop my ideas. But he interrupted me: “That is not what I mean, where can I find your story, these ideas, the things you are telling me now”?

I did not know how to answer that, and mumbled: “Nowhere, I guess. I mean, they are in my head. Maybe I could write more on my blog.” All the while thinking about this year-long idea of maybe writing a book… maybe developing a TED-like story to tell… maybe at least write more blog posts. But I had not.

So instead I promised him to at least provide a list of the books, events and documentaries which resonate(d) and from hindsight seem to have helped in shaping my beliefs of the world, a vision of a future society and the task I feel we have at hand in this lifetime.

Jesús, this blog post is for you, some resources you undoubtedly know, probably some not and hopefully some will be helpful for you, in somewhat chronological order (oldest to newest read/watched):

Probably I forgot to list a few important ones here and some of these made a larger impact than others, but here you go. It would be nice to make this into an annotated list, giving the take away points I got from each and how that influenced my life’s philosophy and motivations: the developing ‘why’ understanding of my life.

And as a bonus for Jesús, check this one about opsec for journalists, by Carlo and Kamphuis 😉

-Diderik

 

 

Wednesday, 04 May 2016

How to campaign for the cause of software freedom

FLOSS – Creative Destruction & Me | 15:03, Wednesday, 04 May 2016

FSFE-Workshop-11

Super secret conspiracy workshop.

Free Software communities produce tons of great software. This software drives innovation and enables everybody to access and use computers, whether or not they can afford new hardware or commercial software. So that’s that, the benefit to society is obvious. Everybody should just get behind it and support it. Right? Well, it is not that easy. Especially when it comes to principles of individual freedom or trade-offs between self-determination and convenience, it is difficult to communicate the message in a way that it reaches and activates a wider audience. How can we explain the difference between Free Software and services available at no cost (except them spying at you) best? Campaigning for software freedom is not easy. However, it is part of the Free Software Foundation Europe’s mission. The FSFE teamed up with Peng! Collective to learn how to run influential campaigns to promote the cause of Free Software. The Peng Collective is a Berlin based group of activists who are known for their successful and quite subversive campaigns for political causes. And Endocode? Endocode is a sponsor of the Free Software Foundation Europe. We are a sponsor because free software is essential to us, both as a company and as members of society. And so here we are. 

There are some exciting, courageous and engaging campaigns that focus on communicating complex political goals. The escape helpers campaign leaves the audience conflicted between the two choices of being a good human rights activists (driven by ideals and demonstrating solidarity with refugees) and being a good citizen (by abiding the law). Great, because the message is to re-think what is legal against what is right.The #slamshell performance emotionally demonstrated the risks associated with oil drilling that are normally regarded as marginal.

These campaigns translate abstract, distant risks or worries into concrete, tangible calls to action. By being provocative, they break the mold and reach a wide audience online and through traditional media. They are “cat content for social change”, as our tutors put it. Campaigners are being urged to stop preaching or complaining, and to start using positive communication combined with subversive PR work instead. Such messaging needs punchlines, which requires some kind of hyperbole – dadaism, hijacking attention, or provocation.

Campaign development is still a pretty down to earth task. Through fact finding research and the analysis of campaign goals, supporting allies and potential opponents, answers to the four essential questions are being narrowed down: What is the change that we want to achieve? How can this change be brought about? Who can make that change we want to see? And who has power over the involved people or groups? Setting campaign goals is often a compromise between achieving big changes locally or small changes “globally”. It helps to envision the impact of the campaign through utopia/dystopia brainstorms: What would a world look like where all campaign goals have been achieved perfectly? What would it look like if everything went horribly wrong? These kind of mental exercises also help to explain the relevance of the campaign goals and show how the intended change can affect people’s lives. The goals may be perfectly obvious to those passionate about them already, but not to outsiders – a common problem regarding the ethics and ideals of Free Software.

Implementing a campaign involves many standard, by the book project management tasks. The individual publicity stunts and activities are the actions that form the campaign timeline. A dilemma specific to the FSFE is that the relevant and influential media – social networks especially – are the kind of centralized proprietary platforms against which we are advocating. However, we learned that it may be possible to play this situation to our advantage :-) Since the FSFE’s goals require some heavy lifting of Free Software lobbying, the campaign timeline extends far into the future. We found ourselves thinking about what to present at conferences a year or more into the future. Finalizing the campaign plan involves answering the “classical” question of what time, material and talent is required to perform the tasks, and to put them into a timeline. Often this includes outside help for extra manpower or professional expertise. Noticeably, those with technical backgrounds tend to haste towards a release, underestimating the lead time required to get there, and the duration of the campaign. This tendency works almost, but not quite, entirely unlike in software projects. Securing and confirming the support of allies and protagonists also takes time.

The planned actions need to be reviewed with a focus group that resembles or at least understands the target audience. This review should  confirm that the message conveyed is in fact understandable and makes sense. It is not possible to get a clear answer on whether or not a campaign project needs an ultimate decision maker. The answer depends too much on the composition of the campaign team and the timeline of the project. The necessary communication infrastructure is pretty straightforward – tasks boards, and instead and asynchronous messaging. Most Free Software groups use those anyway.

After two and a half days of workshop, all 15 participants ended up rather tired. However we had plenty of fun and learned a lot. Surprisingly, the group came up with a good amount of real, usable ideas for activities. Be very afraid :-) The guidance and mentoring by the experienced campaigners from Peng! Collective helped tremendously. Of course the workshop was merely an exercise in how to develop and run a campaign for software freedom. The bulk of the work is now ahead of us. But we are off to a good start. We are curious where this road will take us.

 


Filed under: CreativeDestruction, English, FLOSS, KDE, Linux, OSS Tagged: Creative Destruction, FLOSS, free software communities, free software foundation europe, freie software, FSFE, Linux

Sunday, 24 April 2016

LinuxWochen, MiniDebConf Vienna and Linux Presentation Day

DanielPocock.com - fsfe | 06:23, Sunday, 24 April 2016

Over the coming week, there are a vast number of free software events taking place around the world.

I'll be at the LinuxWochen Vienna and MiniDebConf Vienna, the events run over four days from Thursday, 28 April to Sunday, 1 May.

At MiniDebConf Vienna, I'll be giving a talk on Saturday (schedule not finalized yet) about our progress with free Real-Time Communications (RTC) and welcoming 13 new GSoC students (and their mentors) working on this topic under the Debian umbrella.

On Sunday, Iain Learmonth and I will be collaborating on a workshop/demonstration on Software Defined Radio from the perspective of ham radio and the Debian Ham Radio Pure Blend. If you want to be an active participant, an easy way to get involved is to bring an RTL-SDR dongle. It is highly recommended that instead of buying any cheap generic dongle, you buy one with a high quality temperature compensated crystal oscillator (TXCO), such as those promoted by RTL-SDR.com.

Saturday, 30 April is also Linux Presentation Day in many places. There is an event in Switzerland organized by the local local FSFE group in Basel.

DebConf16 is only a couple of months away now, Registration is still open and the team are keenly looking for additional sponsors. Sponsors are a vital part of such a large event, if your employer or any other organization you know benefits from Debian, please encourage them to contribute.

Monday, 18 April 2016

On our backend work

fsfe - Bits of Freedom | 10:00, Monday, 18 April 2016

On our backend work

Every half year (starting from the beginning of 2016, so it's fairly recent), we set organisational goals for our staff. These are usually focused on internal structures and procedures which need to be improved in order to make it easier for our volunteers to do the work they do on the local level.

In my mail to our web discussion list a while ago, I hinted at some changes we've done to the backend of our work, and I want to elaborate a little bit more on this.

About a month ago, I introduced a new ticket system built on OTRS, which we've now started to make use of, at first for processes which only include staff, but which will eventually expand to touch upon other areas of our work too. The areas where we've implemented this ticket system is for merchandise order and internship applications.

To give some background, both of these areas previously depended on mail exchanges. Internship applications, as an example, went to a mailing list on which all staff were subscribed. People would read and comment (occasionally) and one of us would eventually get back to the applicant. We frequently lost track of applications, it was difficult to get an overview, and there were no follow-ups from our side to ensure all applications got a reply.

We've now put all internship applications into a specific Queue in our ticket system, and all incoming applications are automatically added there. When an application is added to the ticket system, a confirmation mail is automatically being sent to the applicant letting them know it has been received.

We also manage all communication with the applicant through the ticket system, so everyone from the staff can see who is working on each application (mostly me), and specific tasks can be delegated easily without losing track of anything in the process. This may not sound like much, but it's already been an excellent help to make sure we don't miss anything.

For our merchandise orders, this is now managed similarly. Orders which come in get an automatic confirmation from the ticket system that their order has been received. When there's a payment, there's also an automatic confirmation, and we can follow up easily on orders which are not getting paid. We can also manage the communication with the persons ordering in a way which is accessible to everyone in our office, so when someone goes on vacation, someone else can easily fill in and follow up on questions or ship merchandise.

Moving forward, I would want to implement more of our processes in this ticket system to make our internal work more coherent, and what I really like personally about having done this work so far is it will now be very easy to allow anyone in the FSFE: a volunteer or Fellow, to also access information in the ticket system which is useful for them. We haven't implemented any processes in the ticket system which include volunteers yet, but I can see us doing so for a lot of work around events and booths.

Saturday, 16 April 2016

Installing Wallabag 2 on a Shared Web Hosting Service

English – Björn Schießle's Weblog | 21:41, Saturday, 16 April 2016

Wallabag 2.0.1

Wallabag describes itself as a self hostable application for saving web pages. I’m using Wallabag already for quite some time and I really enjoy it to store my bookmarks, organize them by tags and access them through many different clients like the web app, the official Android app or the Firefox plug-in.

Yesterday I updated by Wallabag installation to version 2.0.1. The basic installation was quite easy by following the documentation. I had only one problem. I run Wallabag on a shared hoster, so I couldn’t adjust the Apache configuration to redirect the requests to the right sub-directory, as described by the documentation. I solved the problem with a small .htaccess file I added to the root folder:

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^links\.schiessle\.org$ [NC]
    RewriteRule !^web/ /web%{REQUEST_URI} [L,NC]
</IfModule>

I also noticed that Wallabag has a “register” button which allows people to create a new account. There already exists a feature request to add a option to disable it. Because I don’t want to allow random people to register a account on my Wallabag installation I disabled it by adding following additional lines to the .htaccess file:

<FilesMatch ".*register$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

Talk about Instant Messaging with XMPP

Norbert Tretkowski | 05:00, Saturday, 16 April 2016

Last week I gave a talk about Instant Messaging with XMPP at our local Linux User Group regulars table, mostly focusing on XMPP as an alternative for WhatsApp, Threema, Hangouts, Signal and other smartphone messengers. In 2007 I already gave a similar talk, but at that time I focused on XMPP as an alternative for ICQ, AIM, MSN and other desktop messengers.

Friday, 15 April 2016

TLS is a yes

English―mina86.com | 20:11, Friday, 15 April 2016

Let’s Encrypt has left beta and to celebrate, this blog gained TLS support. \o/ If all goes well it’ll become the default including an HSTS header so everyone can benefit from improved privacy¹.

If you want to give it a try before it becomes cool, feel free to direct your browser to https://mina86.com.

If you’re unfamiliar with Let’s Encrypt, it’s a certificate authority which provides free TLS certificates. It uses automated process to verify whether certificate’s requestor controls the domain certificate is for and takes literally seconds to complete.

Its sponsors include Mozilla and Google which means that Let’s Encrypt’s certificate is included in those browsers as well as many other software packages and operating systems.

With nearly zero cost for getting a widely accepted certificate, another obstacle for encrypted web is crumbling. And not a moment too soon since aforementioned Mozilla and Chrome duo plan to ‘deprecate’ plain HTTP.

If you’re running your own server there’s no excuse not to use TLS and if you’re hosting provider doesn’t support it, complain and do it loudly.

¹ Especially paranoid readers surely noticed the site uses third-party widgets but those same readers are expected to know how to install uBlock Origin.

Updating the FSFE's self conception

fsfe - Bits of Freedom | 10:00, Friday, 15 April 2016

Updating the FSFE's self conception

A while ago, I wrote on the FSFE's web mailing list a review I'm currently making of our web pages, and in particular our section which explain the organisation (About). One of the documents in this hierarchy, which I believe is critical to update, is our "Self Conception".

In principle, the document is good, but in several parts, the document hasn't been updated with the work distribution and authority of the various organs and thus is not consistent with neither current practice or authority. Most importantly, it pre-dates the Fellowship, and the position of Executive Director. While the document has seen some smaller updates over the years to at least mention Fellows, it's largely been unchanged since the 2004 version.

When I read through the document, I identified two two critical bugs:

  • it said employees are not part of the decision-making process,
  • it defined employment as a decision of the members.

Neither of this is true: decision making involve anyone who care to participate within one of our teams, regardless of if they're employees, volunteers, Fellows or part of our members. And as for employment, the only employment decided on by the General Assembly is that of the Executive Director.

I've now committed a new revision of the self conception with some limited updates, that bring the self conception closer in line with the actual structure (it's not perfectly aligned, nor will it be for some time). When discussing this in the core team (which include our members), comments I received were largely in favor of the changes with just some proposal of removing the document completely, which seems like it would've been a drastic measure to take.

There's a lot of work that's still needed to be done in cleaning up information about the organisation, as well as many formal documents which we'll eventually need to update (our constitution is not exempt from this; it still contains clauses that define national associations, which we don't have any in practice, as just one example).

Watch this space for more to come! :-)

Thursday, 14 April 2016

A vocabulary for media fingerprint algorithms

free software - Bits of Freedom | 05:40, Thursday, 14 April 2016

A vocabulary for media fingerprint algorithms

Also posted on Videorooter

When we begun work on Videorooter, we felt that one of the most difficult tasks ahead of us would be to find algorithms suitable for our use. While there are definitely not so many algorithms for videos, there’s definitely a fair share of algorithms for images and sound (and remember, a video is essentially a sequence of images with sound). In one way, having many algorithms is good. The algorithm you decide on for a particular project depend on your application: algorithms have different strengths and weaknesses.

On the other hand, if I give you the fingerprint f81bf91ffb803400e07f0c7d049f058706013e033fe33fe11f600e618ea30def without any other information, you’d be hard pressed to know what to do with it, and how to compare this against any other fingerprints you have which may or may not have been generated with the same algorithm. Even if I wanted to convey to you that this fingerprint is a 256 bit blockhash, I don’t really have a language to do so which can be interpreted unequivocally by a computer. I can’t just say “it’s a 256 bit blockhash” and expect a computer to understand that this is the same as if I say “blockhash (256 bits)”.

We need a vocabulary for fingerprint algorithms. Something which can be used in computer to computer interaction and convey with no uncertainty which algorithm we’re talking about when we’re communicating a fingerprint.

To this end, we’ve started putting this in practice over at the Videorooter github, establishing a list of known algorithms, giving them unique identifiers and outlining what we consider important for an algorithm to have. Essentially:

  • We assign an algorithm a URN (actually a namespace identifier, and in most cases an experimental or informal one, unless there’s a draft or published URN for an algorithm)
  • We describe which media types this specific algorithm is intended for
  • We record the URL of the specification document, and two links to reference implementations

The namespace specific string in the URN, which would follow after the namespace identifier, depend on the algorithm implementation. But at least, having this specified would allow us to give the fingerprint urn:x-bhvideo-phash:f81bf91ffb803400e07f0c7d049f058706013e033fe33fe11f600e618ea30def and there would be little uncertainty as to how that fingerprint should be interpreted. You could just look it up in the table, and you’d even have links to reference implementations!

Planet Fellowship (en): RSS 2.0 | Atom | FOAF |

  /127.0.0.?  /var/log/fsfe/flx » planet-en  Albrechts Blog  Alessandro at FSFE » English  Alessandro's blog  Alina Mierlus - Building the Freedom » English  André on Free Software » English  Being Fellow #952 of FSFE » English  Bela's Internship Blog  Bernhard's Blog  Bits from the Basement  Blog of Martin Husovec  Blog » English  Blog – Think. Innovation.  Bobulate  Brian Gough's Notes  Carlo Piana :: Law is Freedom ::  Ciarán's free software notes  Colors of Noise - Entries tagged planetfsfe  Communicating freely  Computer Floss  Daniel Martí's blog  DanielPocock.com - fsfe  Don't Panic » English Planet  ENOWITTYNAME  Elena ``of Valhalla''  English Planet – Dreierlei  English – Björn Schießle's Weblog  English – Max's weblog  English―mina86.com  Escape to freedom  FLOSS – Creative Destruction & Me  FSFE Fellowship Vienna » English  FSFE interviews its Fellows  Fellowship News  Florian Snows Blog » en  Frederik Gladhorn (fregl) » FSFE  Free Software & Digital Rights Noosphere  Free Software with a Female touch  Free Software –  Free Software – hesa's Weblog  Free as LIBRE  Free speech is better than free beer » English  Free, Easy and Others  From Out There  GLOG » Free Software  Graeme's notes » Page not found  Green Eggs and Ham  Handhelds, Linux and Heroes  Heiki "Repentinus" Ojasild » English  HennR's FSFE blog  Henri Bergius  Hook’s Humble Homepage  Hugo - FSFE planet  Inductive Bias  Jelle Hermsen » English  Jens Lechtenbörger » English  Karsten on Free Software  Losca  Marcus's Blog  Mario Fux  Mark P. Lindhout’s Flamepit  Martin's notes - English  Matej's blog » FSFE  Matthias Kirschner's Web log - fsfe  Myriam's blog  Mäh?  Nice blog  Nico Rikken » fsfe  Nicolas Jean's FSFE blog » English  Norbert Tretkowski  PB's blog » en  Paul Boddie's Free Software-related blog » English  Pressreview  Rekado  Riccardo (ruphy) Iaconelli - blog  Saint's Log  Seravo  Technology – Intuitionistically Uncertain  The Girl Who Wasn't There » English  The trunk  Thib's Fellowship Blog » fsfe  Thinking out loud » English  Thomas Koch - free software  Thomas Løcke Being Incoherent  Told to blog - Entries tagged fsfe  Tonnerre Lombard  Torsten's FSFE blog » english  Viktor's notes » English  Vitaly Repin. Software engineer's blog  Weblog  Weblog  Weblog  Weblog  Weblog  Weblog  Werner's own blurbs  With/in the FSFE » English  a fellowship ahead  agger's Free Software blog  anna.morris's blog  ayers's blog  bb's blog  blog  drdanzs blog » freesoftware  emergency exit  free software - Bits of Freedom  free software blog  freedom bits  gollo's blog » English  irl:/dev/blog » fsfe-planet  julia.e.klein's blog  marc0s on Free Software  mkesper's blog » English  nikos.roussos - opensource  pichel's blog  rieper|blog » en  softmetz' anglophone Free Software blog  stargrave's blog  the_unconventional's blog » English  things i made  tobias_platen's blog  tolld's blog  wkossen's blog  yahuxo's blog