Notices by Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)
-
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Thursday, 11-Apr-2019 01:33:49 UTC 
Mike Gerwitz
@diggity While this practice is expected (as the article notes, other companies do it as well), most users are definitely not aware of it and I think that many more people would be uncomfortable using these devices if they did learn that this isn't all just being processed by computers. Some of that conversation happened during the Snowden revelations---is it okay if it's just computers "listening" rather than a human being? (Of course, it's never just computers.)
It's also another example of AI capabilities being over-sold to users.
Thanks for sharing! -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Tuesday, 19-Feb-2019 05:17:37 UTC
Mike Gerwitz
@cwebber Good stuff!
Re: encryption "shelf life": would the URI scheme support multiple encryption?
Barring weaknesses in the actual ciphers (and the various other ways to undermine encryption), it's unlikely that data encrypted with modern ciphers at sufficient keysizes will ever be able to be decrypted without the key (Bremermann's limit, with the optimal brute-force post-quantum attack against symmetric ciphers being Grover's algorithm, which is mitigated by doubling the keysize).
So one option to mitigate the compromise of a cipher due to some sort of cryptanalytic attack is to use multiple ciphers, each with different keys.
Of course, if Alice is communicating an ephemeral symmetric key to Bob using a asymmetrically encrypted channel, the robustness of the symmetric algorithms won't matter much if attacker that can monitor network traffic between Alice or Bob may be able to decrypt that key exhcnage in the future. But that exchange could take place over a more trusted connection that is not available to the public, unlike the e.g. IPFS-stored encrypted messages themselves (though it may still be available to e.g. the NSA/GHCQ/etc). So there is still value in hardening the symmetrically encrypted message as much as Alice and Bob desire based on their threat model. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Monday, 18-Feb-2019 06:20:56 UTC
Mike Gerwitz
GHCQ’s “Exceptional Access”, End-To-End Encryption, Decentralization, and Reproducible Builds
https://mikegerwitz.com/2019/02/ghcq-exceptional-access-e2ee-decentralization-reproducible
My contribution to the debate to address what I felt was missing from mainstream discussions. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Sunday, 10-Feb-2019 06:20:12 UTC
Mike Gerwitz
@cwebber I've been trying to explore hacking as a form of relaxation too by forcing myself to work on very small things (because "relaxing" on a larger project turns into sleepless nights). I'd be curious to know how you approach it and prevent yourself from getting too serious and re-stressed.
I recently set myself up a repository to try to encourage myself to do just that (https://mikegerwitz.com/projects/night/about/), though I haven't had too much time for it yet. Though it did have an unexpected consequence: one of the things I did was write a sed script to make little balls move and fall around a barely-interactive ASCII map, and my kids fell in love with it. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Saturday, 09-Feb-2019 15:09:38 UTC
Mike Gerwitz
To subscribe to a Google Groups mailing list without having to run non-free JS or have a Google account, send an email to:
<group-name>+subscribe@googlegroups.com
That seems to have worked, but we'll see if I actually start getting messages.
After @cwebber's talk about Guile and Racket in which he mentioned a mailing list, I figured I'll start lurking on racket-{users,dev}. I was disappointed to learn both of them use Google Groups. I still don't know how to browse group archives without JS; if anyone knows, lmk. Otherwise I won't ever be able to send anyone links to such conversations (I can send message-id, but users would need to have copies in their own mailbox to avoid having to run non-free JS). -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Friday, 11-May-2018 00:54:29 UTC
Mike Gerwitz
https://social.mikegerwitz.com/url/37790
https://cdn.arstechnica.net/wp-content/uploads/2018/04/bb20.jpg
This is very disappointing to see. The screenshot shows "You're ready to go!", followed by "You can use 'Software' to install apps like these:". The apps they list, in left-right top-down order, are: VLC (free), Skype (non-free), Spotify (non-free), Slack (non-free), Discord (non-free), Corebird (free), Mailspring (free), GIMP (free), Minecraft (non-free), Android Studio (non-free), Ora (non-free), Notepad-Plus-Plus (free), Tusk (free), Brave (free), and IDEA Community (free).
That is 8 free and _7 non-free_. Also in the screenshot on the left is an Amazon icon.
We've known #Ubuntu to do these things for a while now, but I grow increasingly disappointed with each release. Ubuntu also encourages the use of proprietary software through "snaps", and advertises non-free software by default through their package repositories unless you explicitly check a box (at least in previous version) during installation to use only free repositories. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Saturday, 06-Jan-2018 02:52:57 UTC
Mike Gerwitz
Just got word that I'll be speaking again at this year's #LibrePlanet! I was going to attend regardless, but I'm very excited to be able to continue to build off of last year's talk.
The title of this year's talk is The Ethics Void. Here's a rough abstract:
Medicine, legal, finance, journalism, scientific research—each of these fields and many others have widely adopted codes of ethics governing the lives of their professionals. Some of these codes may even be enshrined in law. And this is for good reason: these are fields that have enormous consequences.
Software and technology pervade not only through these fields, but through virtually every aspect of our lives. Yet, when compared to other fields, our community leaders and educators have produced an ethics void. Last year, I introduced numerous topics concerning #privacy, #security, and #freedom that raise serious ethical concerns. Join me this year as we consider some of those examples and others in an attempt to derive a code of ethics that compares to each of these other fields, and to consider how leaders and educators should approach ethics within education and guidance.
My previous talks can be found here:
https://mikegerwitz.com/talks
---
For this talk, I want to solicit the community at various points. I know what _I_ want to talk about, but what are some of the most important ethical issues to _you_? Unfortunately there's far too much to fit into a 40m talk! Also feel free to e-mail me at mtg@gnu.org. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Thursday, 09-Nov-2017 03:07:15 UTC
Mike Gerwitz
Yesterday I had a long-awaited meeting with two lawyers and the CIO from my new employer (who purchased my previous back in April) regarding our releasing of certain software under the GPLv3+. This follows a previous, fairly deep discussion a number of weeks ago with one of the lawyers. Despite their unfamiliarity with software and copyright (we are not a software company), the CIO and lawyers approved our current arrangement. We will continue to release free software under the GPLv3+, and one of the lawyers will work with me on starting to formalize a procedure for doing so with projects going forward.
I'm relieved, because had this gone in the other direction, it would have been a nail in the coffin for me---this issue is deeply important to me, which I made clear. I structured a lot of my personal time and research around these projects knowing they would be free/libre, and they would not otherwise exist.
And it's a nice demonstration of the benefits of corporate use of the GPL as copyright holders. In this case, Copyleft made my job pretty easy: competition wouldn't be able to make use of our projects without releasing code, which made the legal department much more comfortable. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Tuesday, 07-Nov-2017 01:52:15 UTC
Mike Gerwitz
The @FSF's call for sessions for #LibrePlanet2018 continues until Wednesday, November 9th. LibrePlanet is one of the only places where I feel like I legitimately fit in with the group---where I'm with others with whom I identify on the most fundamental level. That's the reason I chose LP to try out public speaking for the first time two years ago---something I had wanted to do for years, but could never bring myself to do.
If you are passionate about free software, or maybe even just have a valuable perspective to share, LibrePlanet is looking for everyone from hackers to organizers, teachers to librarians. One of the most lasting impressions I received at last year's conference was with someone who wasn't even fully familiar with free software---he just came to check it out and see what others had to say. Everyone has something interesting to say, and everyone can leave a lasting impression.
So if you've been looking to maybe share your experience with others, consider submitting a proposal! Let's make this year's LibrePlanet even better than last. More information is here:
https://my.fsf.org/lp-call-for-sessions
If you're looking to see what others have done in past years, media from last year's conference can be found here:
https://media.libreplanet.org/u/libreplanet/tag/libreplanet-2017-video/
See everyone at LP2018. :) -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Saturday, 02-Sep-2017 04:10:25 UTC
Mike Gerwitz
On a related note, with WoT discussions going on elsewhere: wide distribution of your key fingerprint and signature on many hundreds of documents (e.g. email, git commits, ...) can be one means of informally authenticating an individual when they're not in your web of trust and you have no means of securely retrieving a public key.
If a malicious GNU mirror replaced an ease.js tarball and signed it with a key that looks to be mine, and you just downloaded that public key, that'd be useless. But I love to ramble about lots of stuff online, so you can dig into mail archives and see the same key used over and over and see that the other is a forgery.
It's not a substitute for proper keysigning in a web of trust, of course. I might not actually be Mike Gerwitz. He's locked in my basement. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Saturday, 08-Jul-2017 06:02:56 UTC
Mike Gerwitz
Just two days before the #DayAgainstDRM, the #W3C approves DRM for the Web (EME) without even a commitment to defend security researchers:
https://www.eff.org/deeplinks/2017/07/amid-unprecedented-controversy-w3c-greenlights-drm-web
https://social.mikegerwitz.com/url/25959
Watch for an appeal. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Saturday, 17-Jun-2017 13:48:56 UTC
Mike Gerwitz
@mangeurdenuage
> But we can, indirectly, limit legally if we use CC-BY-SA.
That won't limit it completely. When I said datamining was transformative and therefore fair use, I meant that it's exempt from Copyright protection in certain countries like the United States:
https://en.wikipedia.org/wiki/Data_mining
https://en.wikipedia.org/wiki/Fair_use
I haven't studied other countries in much detail, but I'd like to. I just don't have the time at the moment. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Tuesday, 06-Jun-2017 03:07:45 UTC
Mike Gerwitz
#GnuPG fundraising campaign:
https://gnupg.org/donate
It is disappointing how some of the world's most essential and widely used programs struggle to get funds. GPG was even worse off a couple years ago before the ProPublica article. For those who don't remember:
https://social.mikegerwitz.com/url/23794 -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Saturday, 03-Jun-2017 05:02:30 UTC
Mike Gerwitz
#GNU is more than just a collection of software; it is an operating system:
https://www.gnu.org/gnu/thegnuproject.html
Many hackers and activists within the free software community don't understand this well, and it's a shame to see attacks on GNU's relevance (as measured by programs written by GNU on a given system) going unchallenged. Software for GNU was written by the GNU Project when a suitable free program was not available. It wouldn't have made sense to write everything from scratch if free programs already solved the problem.
When we say GNU/Linux, we really are referring to the GNU operating system that just happens to be using Linux. It could be using the FreeBSD kernel (GNU/FreeBSD). It could be using a Windows kernel with a Linux API (GNU/kWindows). It could be using the Hurd (GNU/Hurd). The disambiguation is important, but the end result is pretty much the same.
There are many systems that use Linux that are not GNU. Android is not GNU, for example. We shouldn't attempt to call those systems "GNU/Linux" blindly. (Also note how it's called "Android", not "Android/Linux", or just "Linux". Somehow GNU is controversial, though.)
So if you see someone challenging GNU's relevance because GNU/Linux contains so much software that isn't part of a GNU package, then please provide the above link, and kindly explain to them that their observation is correct, because GNU is an operating system, not a collection of programs. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Thursday, 25-May-2017 04:02:35 UTC
Mike Gerwitz
@cwebber Looks like MediaGoblin is at the top of HN: https://news.ycombinator.com/item?id=14414712
Complete with the obligatory AGPL HN talk. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Thursday, 20-Apr-2017 06:47:07 UTC
Mike Gerwitz
Hmm...my GNU/Linux system doesn't exfiltrate _any_ of this stuff; I fear that my system must not be "secure" and may not be "operating properly"!
https://technet.microsoft.com/itpro/windows/configure/windows-diagnostic-data
(But in all seriousness, what the FUCK!)
#WindowsWasMyIdea #privacy #security -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Sunday, 26-Mar-2017 00:02:46 UTC
Mike Gerwitz
Yesterday at the @fsf's office I met a fine gentleman who was helping me prepare name tags / lanyards for the conference. He was modest enough that I feel like I only got information out of him by asking the right questions, and because I inquired about how close he and rms were (Richard had come into the office and asked him to do lunch/dinner some time).
That person was Alexandre Oliva, and tonight rms presented him with the annual award for the Advancement of Free Software. He was brought to tears, and expressed that he was glad to know that he made a difference. I wish I remembered his words directly---he stated that he wasn't sure if he _had_ made a difference. It was hard not to share emotion with him. Richard had to ask the audience to stop their standing ovation so that Alex could continue talking.
Yesterday I mentioned that one of the biggest things missing with online communities is small talk---those random encounters that might only last moments, but yield relationships that are otherwise unlikely. This is an excellent example; I may have otherwise never gotten to know him. I've gotten to know many others here well, and everyone has had interesting stories to tell, big or small, free software hacker or not.
#LibrePlanet -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Tuesday, 28-Feb-2017 05:05:42 UTC
Mike Gerwitz
#OrgMode is amazing.
We already knew that, but it's worth repeating. No context needed. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Saturday, 04-Feb-2017 04:57:55 UTC
Mike Gerwitz
@gargon I didn't look up the referenced list of social media platforms, but it sounds like they maintain a regulated list. They also mention blogs in the definition of a "social media platform". Federated instances seem like a similar case: my instance is for my own personal use, so they'd only be able to censor it in the same way they'd censor my personal blog (well, if I were to live in the UK, that is).
Federated instances that allow users to sign up are likely a different story based on their level of popularity. But censorship would be fruitless: other instances would have the data they're trying to censor. That includes my personal instance. I'm outside the UK's jurisdiction, and even if I weren't, we go back to the blog argument.
I'd say that I'm curious to see how this might be implemented in a federation, but I'm really not---this shouldn't happen at all. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Monday, 23-Jan-2017 03:06:34 UTC
Mike Gerwitz
https://www.techdirt.com/articles/20170111/11440836465/techdirts-first-amendment-fight-life.shtml
Sorry: I don't know the history enough to speak intelligently, but if you're going to try to silence the press through legal fees, you're a troll. This is absurd.
http://inventorofemail.com/
If everyone who invented something went about themselves like that, it'd be a terribly unfortunate world. You don't see rms going around trying to sue everyone who credits Linus with the GNU/Linux operating system.
All Chirp! content and data are available under the 