Notices by Mike Gerwitz (mikegerwitz@social.mikegerwitz.com), page 2
-
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Saturday, 12-Nov-2016 17:01:11 UTC 
Mike Gerwitz
This article, while it does mention Qubes, fails to mention one of the most obvious and important things users can do: stop using proprietary operating systems, especially Windows 10. Apple at least places emphasis on user security, but they can still betray you at any moment without your knowledge.
If you're not interested in switching away from your proprietary operating system, don't do anything sensitive on it.
The article also mentions installing updates promptly: on a proprietary operating system, you're in a pretty bad situation; you need the security updates immediately, but those updates could introduce e.g. backdoors. This is possible for free/libre OS's like GNU/Linux as well---update mechanisms are considered by a number of security experts to be a sort of universal backdoor---but the software at least has a chance to be inspected by the community and the package maintainers. Some distros /package mangers put emphasis on security and reproducible builds, like Debian and Guix. And remember that, while it's impossible to have security without free software, the reverse isn't necessarily true. If you can use software with reproducible builds, then you can also be sure that the binary wasn't compromised.
!privacy -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Friday, 11-Nov-2016 07:15:11 UTC
Mike Gerwitz
I do not speak publicly of my emotions. Shit, my anxiety medication is an anti-depressant, and I still went through that.
But my point with all of this: this is a big fucking deal. Those who read about all these grievances; who watch video of crying crowds; who read something like my statement and think it's dramatic: you've missed the most fundamental part of this election. And you're probably not in the situation to discover it. Especially if you're outside the US and have little to nothing to lose---it's easy to look at the US and laugh or dismiss it as the usual cluster. This is different.
Now, I can only imagine how other groups feel. Muslims _citizens_ live in legitimate fear. Children of immigrants fear their parents being taken from them in a mass deportation event. There's many more, but I need to get some rest. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Friday, 11-Nov-2016 07:08:15 UTC
Mike Gerwitz
@ericxdu23 I didn't have a favorite either. ;) Just a less deplorable.
I'm not scared, but I have strong concerns, and hope that congress will absorb most of the completely batshit proposals.
I recall a reporter weeks ago saying that half of the population will be distraught, some in the fetal position in tears. I thought that was dramatic. I had no tears, yet I found myself sitting on the couch hugging my legs at ~2 AM EST election night. And "grief" is an appropriate emotional description for the day that followed. Grief for the difficult realization that this man was actually legitimized and elected to office, and that there is no turning back. Grief for the defilement of the office. Grief for the families living in fear. Grief for the children watching him as our president. Grief for the unknown. Grief for being completely blindsighted---that a people actually _chose this "man"_; this constitutional antitheses. My coworker told me of a young girl that asked if her Muslim friend would be at school that day, or if she was already gone.
During the first 24 hours, my mind was incapable of comprehending it. I have never felt that way before. Though, I've never had anything to grieve over.
Now I can only hope for the best and fight for what I believe in. So many do not understand how deeply it affects many of us. This is so much more than choosing between two bad candidates; this is a true loss on a deep, fundamental level; more than I ever thought possible. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Wednesday, 09-Nov-2016 12:32:43 UTC
Mike Gerwitz
The country has voted. Motivated by fury and misinformation, they have fallen for a blatant scam, warned at every move. I hope that most of these voters have chosen #Trump as an act of revolt, not affirmation; I hope that these voters do not truly support all that this man has said and done.
More than half of the nation has chosen a xenophobic, sexist, racist, authoritarian, isolationist, superstitious bigot that encourages violence and foreign espionage while rejecting facts and producing lies to manipulate the people. He has proposed unconstitutional policies such as bans on the basis of religion, and caters to white nationalist ideals. He advocates torture, and the murdering of families of terrorists. He wants to pass libel laws to silence the press, and wants to censor the Internet, calling people who cite free speech as "foolish people".
I could go on, but I hope that all those that voted really think that appointing this man to the highest office in the world is worth the "change" they're hoping for. This broad, shotgun term---anything but the status quo. We'll get change. But anyone who thinks it's the change he's promising is foolish, naive, or struck by their own desperation.
It is sad that I have to describe our President elect as a "bad man" to my children, and tell them never to speak or act as he does. And the world is watching too.
So: let's see this grand vision for America. Let's see what it means to Make America Great Again. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Tuesday, 08-Nov-2016 04:24:11 UTC
Mike Gerwitz
@davexunit HN is a largely entrepreneurial crowd. It is depressing from a broader perspective, but dwelling on HN people welcoming a GPL extinction isn't worth it; it's a delicate art to find a way to gently yet firmly disagree without being downvoted into oblivion. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Thursday, 06-Oct-2016 01:03:18 UTC
Mike Gerwitz
@clacke A voice crying out for a GNU/Linux system. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Sunday, 02-Oct-2016 16:48:59 UTC
Mike Gerwitz
@clacke I'm sorry, I was narrowly thinking of shell in targets. I guess Make doesn't handle spaces well on its own:
http://stackoverflow.com/questions/9838384/can-gnu-make-handle-filenames-with-spaces
I guess I never realized because I've never had to deal with filenames with spaces! So it seems that you are correct. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Saturday, 01-Oct-2016 17:29:00 UTC
Mike Gerwitz
@clacke @mjd As long as the filename is escaped/quoted, GNU Make shouldn't have any issues if a filename contains spaces.
It's the fury of users of Unix-like operating systems that you have to worry about. ;) -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Friday, 30-Sep-2016 02:46:36 UTC
Mike Gerwitz
@clacke I'm dealing with that same question now while interviewing candidates at work. IMO, it's all relative to the amount of value the candidate adds to the team. That doesn't just mean technical skill; yes, I'd expect a "senior" programmer to be able to write decent code that meets requirements without much supervision, but I'd also expect that person to be able to follow standards; work well within the team; advance the team and the development process; be able to convey knowledge and criticism effectively to others; accept (and act upon) criticism; write code that is easily maintained by any person on the team (present and future); understand when and how to abstract, and use those principles effectively while keeping the system as _simple_ as possible; be fundamentally interested in their work (ideally have related interests outside of work); recognize when to do research to improve both his/her knowledge and that of the team; constantly work to improve systems and procedures rather than sticking with the status quo; understand both the "how" and the "why" (e.g. theory) of these concepts; _not_ push their own agenda and style without consulting the team; etc.
It's easy to be a hacker. It's all the other stuff that's hard and takes both wisdom and experience. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Sunday, 25-Sep-2016 18:10:51 UTC
Mike Gerwitz
Anyone have any OCR experience? I have a pile of receipts I've been too lazy to put in. I've experimented with tesseract; I'm hoping to get better results if I use a scanner rather than my phone, and at a higher DPI, but it has trouble with, say, recognizing "26Z" as "262", and "WF6Z" as "UFGZ".
I'll also scan my existing data for common "words" (product names) and such to generate a word list, but something like "WF6Z" is dynamic; they just didn't put a space between the WZ and the size (6oz).
Must be a free/libre solution to the problem. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Friday, 23-Sep-2016 03:38:08 UTC
Mike Gerwitz
@clacke The AGPL only applies to modified works; otherwise, there is no requirement to make the source code available. In the above link:
"It has one added requirement: if you run a modified program on a server and let other users communicate with it there"
That text didn't used to contain the word "modified" ~1y ago; it was a source of confusion that I clarified with rms and he subsequently corrected. I don't agree with it, but it makes sense.
The AGPL is a superset of the GPL. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Thursday, 22-Sep-2016 01:36:38 UTC
Mike Gerwitz
@clacke Freedom 0 isn't any different under the AGPL (than the GPL) because the software itself isn't being distributed---the users running it on their own servers have Freedom 0 completely (and all the others). The AGPL is just a tool to help with getting modifications of such software liberated and distributed, where they otherwise wouldn't.
https://www.gnu.org/licenses/why-affero-gpl.html -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Thursday, 22-Sep-2016 01:13:13 UTC
Mike Gerwitz
JavaScript's "classes" are syntactic sugar atop of the original prototype model. If someone's interested in Classical OOP as is commonly understood, they won't like them. If someone is interested in functional programming, they won't like them. If someone is interested in a Scala-like marrying of the two, they won't like them.
I prefer functional programming, but the OO paradigm in itself isn't the problem. Since we use OOP exclusively at work, I wrote a Classical OOP implementation for ES3. Today it supports Scala's concept of stackable traits as well.
https://gnu.org/s/easejs
And for the record: I believe that classical inheritence (a class extending a class) is a violation of principle: it tightly couples, often breaks encapsulation for subtypes, and is just an all around mess. Given composition through objects and traits, OOP doesn't have to be bad. It gets a bad name because people (and languages) do terrible things. So do educational institutions. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Wednesday, 14-Sep-2016 00:41:36 UTC
Mike Gerwitz
@strypey Thanks for sharing your research! I think a P2P search is essential, but we also need a way for it to feed into the indexes of the larger centralized search engines that everyone else uses. I hope one day that won't be necessary, but until that time, others need to be able to use it to discover. :(
A standard protocol is also important; free/libre projects are great, but fragmentation will stall this into oblivion.
But I'm optimistic!
cc @clacke -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Saturday, 10-Sep-2016 16:15:52 UTC
Mike Gerwitz
@strypey @clacke I hadn't given too much thought to search, but it seems like indexing federated systems wouldn't be something too difficult to implement, provided that an indexer deduplicates records and points the user to the authoritative source of the record. If I search for something in i.e. Google, that's one of the major issues: same text on so many separate instances.
P2P/Mesh is more interesting, but could be reduced to a federated search problem if enough data propagates to nodes persistent enough to be discovered by other indexers (e.g. Google). But then the user might be directed to a node that's not online, so what would the fallback be? A cache? Would that cache be centralized? Federated? What should be trusted with such authority? If it's cryptographically signed by the originating node, maybe it won't matter, provided a proper trust model.
If anyone has experience thinking about these things, I'd be curious to know; I haven't done research myself. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Thursday, 08-Sep-2016 05:33:13 UTC
Mike Gerwitz
@strypey Self-hosting needs to be as simple as running any other program---the user shouldn't have to host it on a "server". And ideally federated, so that the experience doesn't differ between using your instance and their own.
But yes, that is unfortunate indeed. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Friday, 26-Aug-2016 02:00:24 UTC
Mike Gerwitz
My oldest son is starting Kindergarten in under two weeks. I just sent an e-mail to the district under New York's Parents' Bill of Rights For Data Privacy and Security requesting information about how they store student data and give access to third parties. I also provided them a link to the EFF's research on student privacy: https://www.eff.org/issues/student-privacy/
I encourage anyone else with children to contact their districts as well. Not all states have privacy laws like NY's, but worst case, you can have a constructive discussion with the district, and file FOIA requests if need be. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Thursday, 25-Aug-2016 02:21:00 UTC
Mike Gerwitz
Liberated 25k lines of code from my employer today. More to come in the future. I made the mistake of waiting to liberate things until they were refactored---the projects were developed under a lot of stress and time constraints (things have since gotten much better), and so the code is nowhere near what I'd be proud of.
But I realized that it'd never be liberated, because there was no time to refactor tens of thousands of lines of code. So I sat on it for years.
My advice to others: don't be ashamed; all software deserves to be free. Go talk to your employers. :) -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Friday, 05-Aug-2016 04:06:25 UTC
Mike Gerwitz
@clacke You are correct, depending on the site. If I'm logging into or entering personal information into a website that does not use TLS, I do not use Tor. Fortunately, there are no such websites that I use.
But you do make an important point---one that many users will not understand, or necessarily notice. I recommend HTTPS Everywhere too---just because a site offers HTTPS doesn't mean it'll force it. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Thursday, 04-Aug-2016 04:21:53 UTC
Mike Gerwitz
https://social.mikegerwitz.com/url/6600
Just the fact that they're considering such a thing demonstrates that you should treat your #ISP as an adversary. Make #TOR a default, even if you aren't expecting anonymity from the sites you're visiting.
All Chirp! content and data are available under the