Broadcasting news

A little introduction

Everything started from an non-planing stuff done on #opsyria. To give you some context, we have a bot there, named ii, that’s help us with information management.

Birth and death of a bot

ii’s birth dates back to the second phase of opsyria, the phase were we go wild and try to get some contacts with Syrians. It was first a greetings bots, telling new comers some safety tips in Syrian (because we still do not speak Syrian).

Then, we fired up a tweeter account, and so, we add twitter functions to ii. And status.net also (for our status.net platform). And then, we added it the possibility to repeat interesting stuff ii saw on those platform (publishing on IRC the thing he saw in its following list on both platforms).

Then, we had some problem with the micro bloging thing. 140 characters is short, especially when you use arabic and weird unicode chars. So, we build a news functionality, that leads us to our news website where we still publish real time news form the ground, due to our contacts help.

After that, things went crazy. Lots of videos were posted online and we started indexing them. here came the videos functionality (and later on the pics one, same thing, but with pictures) and we started building an index of all videos related to Syrian events.

So, this is how we built on 6 month, our database of information, with dates, places and comments of each videos, pictures or news we can find. We build different websites using these and, one day, we realized that, it could be nice for preservation of the data, to extract them from the website they are located to be sure they will always be online.

We had fears that Syrian officials (or Assad’s supporters) could manage to get youtube or facebook accounts closed, and then have the videos unavailable and lost for everyone.

The archiving idea

At the 28C3, we already had a somewhat big databases. And a script that could download each video, and stores them on a website, as ‘static file’ with a non-friendly user interface (apache directory listing) located here: http://syria-videos.ceops.eu/

Some journalists just told us that it was nice, but not really usable (no way to easily parse stuff, or to find events related to one particular date, and so on). So, we started to think about how we could do that.

Parsing it by hand was out of questions, there was more than 600 videos, that is more than 4GB of files to watch, and some of them are harsh and crude to watch. Besides, we’re still unable to understand arabic in the text, so the only data we could use was the one in the flat files provided by ii.

Let’s compile html

And, at the time, I was playing a lot with ikiwiki, which is a markdown compilation to build static html page. So, I started looking at that. After all, it can generate html5, so it should be easy to add some \<video> tag inside a template, generating the pages form flat text is easy to do in bash and then, I just have to use git to push it and make the magic of ikiwiki works.

We will have pure html website, with smart URL, easily mirrorable (hey, no ?static=yes&wtf=ya&unknownparam&yetanotherfrckingstuff url, just 2012/02/11 for the 11st of February of 2012 events page), with a tagging system and full html5.

This was the concept. And since ikiwiki provides a local.css system, we could even asks gently and harass some designers to have a logo and some design around it (I can leave with pure HTML, but a lot of people do like fancy and rounded stuff…)

Enough talk, do it

So, first, installing what we need. I’m on a debian openvz squeeze kernel and I’m gonna use nginx to serve it. Ineed to add the unstable version of ffmpeg to support .ogv

aptitude install ikiwiki nginx ffmpeg

Th setup of ikiwiki is preety easy to do, I’ll paste you all the uncommented line of TelecomixBroadcastSystem.setup:

So, let’s start with some naming stuff, the name of the wiki, the mail of the admin and the username of the admin/

wikiname => 'Telecomix Broadcast System', adminemail => 'okhin@bloum.net'; adminuser => [qw{a_user_admin}],

Since there’s no user function available, this should be empty.

banned_users => [],

Where I’ll puth the markdown files

srcdir => '/var/ikiwiki/TelecomixBroadcastSystem',

Where ikiwki will put the

destdir => '/var/www/tbs',

What will be teh url of the website

url => 'http://broadcast.telecomix.org',

The plugins I wanna add. Goodstuff is a package with a lot of usefull plugins for ikiwki. The goodstuff plugins page on ikiwiki website will give you more details.

I wanted a sidebar (for hosting the navigation), a calendar (to enable the calendar generation) and a favicon (because they are nice). As I do not want the site to be editable, I deactivate the recentchanges plugin.

add_plugins => [qw{goodstuff sidebar calendar favicon}], disable_plugins => [qw{recentchanges}],

Some system directory and default that I’ve kept.

templatedir => '/usr/share/ikiwiki/templates', underlaydir => '/usr/share/ikiwiki/basewiki', indexpages => 0, discussionpage => 'Discussion', default_pageext => 'mdwn', timeformat => '%c', numbacklinks => 10, hardlink => 0, wiki_file_chars => '-[:alnum:]+/.:_', allow_symlinks_before_srcdir => 0,

HTML 5 is nice and fun to play with, we should use it more

html5 => 1,

A link for the post-update git wrapper (that is, once the repo received an update, automatically generates the new wiki)

git_wrapper => '/var/git/TelecomixBroadcastSystem.git/hooks/post-update', atom => 1,

I want a sidebar for all the pages

global_sidebars => 1,

I want to autogenerate tagpage, and to stores them in the tag/ directory.

tagbase => 'tag', tag_autocreate => 1,

There’s a lot more things to change, but you should have a look at the ikiwiki documentation.

Now, we have to create the various directory ”/var/ikiwiki/TelecomixBroadcastSystem” and ”/var/www/tbs”, making them writable and owned by the user you’re going to use to generate it, and to give ”/var/www/tbs” permission to be read by the nginx user.

And let(s setup the wiki:

ikiwiki --setup /path/to/your/Wiki.setup file

Let’s tweak some templates

So, now, I need some templates to work with the videos repo. One for video, one for pictures (to add a specific CSS class around them), and one for the ‘regular’ page, because I wanted a logo in top of all of them.

Video template

I added a ”template” directory into the wiki root (so, //var/ikiwiki/TelecomixBroadcastSystem/template) and I create the video.tmpl file.

The tempaltes of ikiwiki use the HTML::Toolkit system to create the needed templates, and the one I need were realtively simples one. OI think comments are not needed

<article class="video">     <video controls="controls" type="video/ogg" width="480" src="/videos/<TMPL_VAR file>" poster="/pics/SVGs/tbs_V1.svg"><TMPL_VAR alt></video>     <p><TMPL_VAR alt></p>     <p><a href="/videos/<TMPL_VAR file>">Direct Link to the file</a> ||     <a href="<TMPL_VAR original>">Original link</a></p> </article>

So, fixed width video, in HTML5, the files must be in a /videos/ webdir and there will be a poster displayed on the video before playing it with one nice logos. Some more links to add context, and we’re set-up.

Notice the mime format used here: video/ogg, I want to use really free web format, that will need transcoding (but that’s a later problem). The same goes for the pictrues template.

Page template

So, the page template is a huge (and complex) one, so just a patch:

--- templates/page.tmpl 2012-03-07 15:35:45.000000000 +0000 +++ /usr/share/ikiwiki/templates/page.tmpl      2011-03-28 23:46:08.000000000 +0000 @@ -30,7 +30,6 @@  </head>  <body>  -<div id="logo"><a href="/" title="Dirty Bytes of Revolutions Since 1337"><img src="/pics/PNGs/tbs_V2.png" alt="Dirty Bytes of Revolutions  Since 1337" /></a></div>  <TMPL_IF HTML5><article class="page"><TMPL_ELSE><div class="page"></TMPL_IF>   <TMPL_IF HTML5><section class="pageheader"><TMPL_ELSE><div class="pageheader"></TMPL_IF> @@ -134,7 +133,6 @@  </TMPL_UNLESS>   </div> -<div class="clearfix"></div>   <TMPL_IF HTML5><footer id="footer" class="pagefooter"><TMPL_ELSE><div id="footer" class="pagefooter"></TMPL_IF>  <TMPL_UNLESS DYNAMIC>

The clearfix div is here for the goddamn IE browser (at least, that’s why the CSS integrator guy told me). And above, there’s the pictures.

Let’s build special pages

Sidebar.mdwn

So, the sidebar plugins, grants me the use of a sidebar.mdwn file in the root folder of the wiki.

First, some useful links (back to home, the pure text news and our webchat)

\# Quick Links \* \[Back to Home\](/index.html) \* \[News from the ground\](http://syria.telecomix.org) \* \[Webchat\](https://new.punkbob.com/chat)

What did happened this month

\# This month events

And all the page since the start of the year.

\# Events month by month

Index.mdwn

Next step is to build a nice index.mdwn page with some speech, the tag cloud and a global map of everything. I’ll skip to the interesting parts (maps and tagcloud).

Thepage list use the map directive to find all the page under 2011 and 2012 directories (one per year), that will lead to a list of all the daily pages

# Page list

This will go through all of the tag of the page, and do some computational to generate a nice cloud

Fancyness

I then added a favicon.ico file along with a local.css to the repository, the local.css need to be copied manually into the ”/var/www/tbs” directory. And now, the basic setup is done.

Commiting

So, now use git to add all those files and commit and push them. Easy to do, that will generates some files into /var/www/tbs/.

Yeepee, now, we need to populate this.

Bashing accross videos

So, I have a list of videos soemwhere here of the form:

2011-12-04 homs/al-meedan http://www.youtube.com/watch?v=-qjNo0uqSM8 Random gunfires during the night

(And yes, sometimes, Arabic characters all over the place). So, I have, date, location (that will be used for tags), URL and some comments to add. Thanks to ii’s magic (and the huge work done for month). We already add some python scripts for downloading the video, but, for this kind of things, I wanted to use something I know: bash. It will be split in 2. One half to parse the youtube’s hell pages and to download the .webm, this part is still inpython, works well and I was too lazy to rewrite it; the second half will get the video info and add the necessary information to the wiki.

And then, I’ll need to transcode it.

So, script. Let’s start with some variable, will need them later

#!/bin/bash # We want to download everything. export VIDEOS_LINK='https://telecomix.ceops.eu/material/ii/videos.txt' export VIDEOS_RAW_DIR='/var/tbs/tbs/raw/' export VIDEOS_OGV_DIR='/var/tbs/tbs/videos/' export VIDEOS_WIKI_ROOT='/var/ikiwiki/TelecomixBroadcastSystem' export VIDEOS_LIST=${VIDEOS_WIKI_ROOT}/videos.lst export VIDEOS_NEW=${VIDEOS_WIKI_ROOT}/new_videos.lst

Let’s make some cleaning, and backup, needed to now what’s new

[[ -e ${VIDEOS_LIST}.old ]] && rm -rf ${VIDEOS_LIST}.old [[ -e $VIDEOS_LIST ]] && mv $VIDEOS_LIST ${VIDEOS_LIST}.old

Get the new version of the file list

cd $VIDEOS_WIKI_ROOT wget $VIDEOS_LINK --no-check-certificate -O $VIDEOS_LIST

Update the git repository (we probably add tags since last time, so new pages) and find the new videos part (a dirty diff, with only the added lines).

git pull 2>&1 > /dev/null diff -N $VIDEOS_LIST ${VIDEOS_LIST}.old | grep -e '^<' > $VIDEOS_NEW

Loop in all the news videos to add them to the wiki.

while read LINE do

This is a bash array if you did not know how they worked

        VIDEO=( $LINE )         DATE=${VIDEO[1]}         TTAGS=${VIDEO[2]}

Let’s split TAGS in different words separated by space not by slash

        TAGS=$(echo $TTAGS | tr '/' ' ')         LINK=${VIDEO[3]}

This is how I get the same thing than [4:] in python (from 4th fields to the end of teh array)

        COMMENTS=${VIDEO[@]:4:${#VIDEO[@]}}

The date is YYYY-MM-DD in the file, I want it to be YYYY/MM/DD for creating my file in the good place (YYYY/MM/DD.mdwn), like that I have an automagick hierarchy, plus, you can get to /2012/02/14 URL quite easily.

The filename is the video link with only alphanumeric characters, will be good enough for me.

        VIDEO_PATH=$(echo ${DATE}.mdwn | tr '-' '/')         VIDEO_FILENAME=$(echo $LINK | tr -dc '[:alnum:]')

So, if the directory (which is YYYY/MM) dos not exist, let’s create it. If the file does not exist, it means this is the first time we see something for the day. We must create the page, and add some stuff (notably the date of creation must be juked, also we add a nice title). Once the file is create, git add it to the repo.

        # We have only updates which is nice, no need to check if the videos already exist         [[ ! -d $(dirname ${VIDEOS_WIKI_ROOT}/${VIDEO_PATH}) ]] && mkdir -p $(dirname ${VIDEOS_WIKI_ROOT}/${VIDEO_PATH})         if [ ! -e ${VIDEOS_WIKI_ROOT}/${VIDEO_PATH} ]                 git add ${VIDEOS_WIKI_ROOT}/${VIDEO_PATH}         fi

Add some tags to the page, along with the video template (one line, really fun), note the .ogv part added to the filename.

And now, download the file. I need to add a dot at the end of it, because the download scripts add the extension (without the .) to the file. I download it in a raw dir, where I’ll next transcode all the video into the proper format and directory.

        # And now, download it         python ${VIDEOS_WIKI_ROOT}/scripts/multiproc_videos_dl.py ${VIDEOS_RAW_DIR} "${VIDEOS_RAW_DIR}/${VIDEO_FILENAME}." "$LINK" 2>&1 > /dev/null &  done < $VIDEOS_NEW

Commit al the change at once, and push it.

# While we're at it, just publish the file git commit -a -m "VIDEO updated" 2>&1 > /dev/null git push 2>&1 > /dev/null

We’re done, just transcoding now, which is pretty easy, and done in another script. Nothing special here, looping across all the file in raw dir to transcode them into the video dir.

#!/bin/bash # Transcoding a video into ogv export ORIG='/var/tbs/tbs/raw' export DEST='/var/tbs/tbs/videos'  for RAW in $(ls -1 $ORIG) do         NAME=${RAW%.*}         echo "transcoding $NAME"         [[ -e $DEST/${NAME}.ogv ]] || ffmpeg -i $ORIG/$RAW -acodec libvorbis -ac 2 -ab 96k -b 345k -s 640x360 $DEST/${NAME}.ogv         rm $ORIG/$RAW done

Bashing across pictures

Same format as video, so same scripts, almost. Won’t detail it, just do sed VIDEO/PICTURE and you’re almost done. Also, the dl is done using wget –no-check-certificate.

Bashing the news

Same kind of things, except that I add the timstamp to it, but besides that, just the same thing.

Cronjobs everywhere

I just now need to auto-exec the 3 jobs above, the transcoding and some ikiwki-internal command to update the calendars, I’ve got 2 cronjobs for that executed every 6 hours

0 */6 * * * /var/ikiwiki/TelecomixBroadcastSystem/scripts/dl_news.bash 2>&1 > /dev/null && /var/ikiwiki/TelecomixBroadcastSystem/scripts/dl_pictures.bash 2>&1 > /dev/null && /var/ikiwiki/TelecomixBroadcastSystem/scripts/dl_video.bash 2>&1 > /dev/null && /var/tbs/transcode.sh > /dev/null 2>/dev/null 0 1/6 * * * ikiwiki-calendar /var/ikiwiki/TelecomixBroadcastSystem.setup "2011/* or 2012/*" 2012

This is the end

Now the wiki auto-build itself. I then just needed to tweak the nginx to suit my needs bt that was really easy to do. I just need to keep in mind that I’m in need of two aliases (one for /videos, one for /pictures) because I did not wanted to commit all the videos in the git directory (that eat a lot of space), and to tell it that .ogv aare indeed video files.

server {          listen   80; ## listen for ipv4         listen   [::]:80 default ipv6only=on; ## listen for ipv6          server_name  broadcast.telecomix.org;          access_log off;          location / {                 root   /var/www/tbs;                 index  index.html index.htm;         }          location /pictures {                 alias   /var/tbs/pictures;                 autoindex off;         }          location /videos {                 alias   /var/tbs/videos;                 autoindex off;         }  }

And I just need to edit the mime.types file to add those line at the end of the file:

    video/ogg                             ogm;     video/ogg                             ogv;     video/ogg                             ogg;

That’s it, everything worked fine now. A final thing was needed, to spread it easily (and that’s why I wanted static pages), ease the process of mirroring. The best way to do this is to use rsync in daemon mode with three modules read-only.

Installation of rsync is piece of cake:

aptitude install rsync

You then need to enable it in debian, for this, editing the file /etc/default/rsync is the way to go. I wanted to throttle it down and to keep it nice on the I/O (because I already have too much process that eat my cpu like, transcoding), so I’ve enabled those options in the same file:

RSYNC_ENABLE=true RSYNC_OPTS='--bwlimit 200' RSYNC_NICE='10 RSYNC_IONICE='-c3'

And then, in the /etc/rsyncd.conf, I’ve added those modules

max connections = 10 log file = /dev/null timeout = 200  [tbs] comment = Telecomix Broadcast System path = /var/www/tbs read only = yes list = yes uid = nobody gid = nogroup  [videos] comment = Telecomix Broadcast System - videos path = /var/tbs/videos read only = yes list = yes uid = nobody gid = nogroup  [pictures] comment = Telecomix Broadcast System - pictures path = /var/tbs/pictures read only = yes list = yes uid = nobody gid = nogroup

ANd that’s it, people can now duplicate the whole thing on a simple web server (they just need space) without anything else on it that serving webpage.

Thank You

There’s something on my mind I can’t sort without putting it in words. I feel extremely uncomfortable about it and it almost makes me sick. Yeah, it happens sometimes and that means I’m not a complete sociopath.

This is a problem about journalists, reporters, and each and every people that do everything they can to report news. I have no problems with any of them, and most of them are doing an incredible job.

They’re risking their life on a daily basis in Syria, and today that’s two of them being killed after broadcasting live from Homs and they probably were good at doing their jobs, yesterday one the citizen journalist was killed too, and that’s just the one reporting the news from the field.

My problem is about the ‘what can we do’. With the telecomix cluster and the opsyria volunteers, we are, most of us, sitting in our offices, speaking to media or other stuff like that. We always try to have fun, because else we won’t be able to manage all this crap, but we never were on the field.

We have some contacts there, and some of them have disappeared for a while. That’s how we can feed our different news publishing sites, but we do not put our lives in danger (yeah, we learned that life is a video-game with only one credit).

Sometimes journalists come on our chans asking us for advices. They’re asking if they can go in Syria. And we don’t know how to answer.

Either we spare their life, the one of the fixer they’ll have over there, and the ones of the people they’ll meet but then we play the game of Assad: encouraging black-out of information on the field, or we just tells them stay safe, use strong encryption, do not have notes or rush that can identify people.

But all those advices are good as long as you’re not in a city blindly shelled night and day for weeks. And we see the people dying there, trying to grab testimony and doing their jobs. We’re just archivists, we try to keep all the data we can found in perspective, but without those amazing people on the ground (whether they’re citizen journalists, or professional and international field reporters) we wouldn’t be able to do this.

Last week, I was at a lecture to discuss about the interaction between hackers and NGO, and someone asked me:

What are your plans for Syria now?

I don’t fucking know. I have no idea. We maintain our systems of communication, but when you’re under heavy shelling without electricity or food or water for days, it’s of no use. I have no fucking clue of what we can do. We are not meant to go on the field.

I see no hope of a peaceful resolution, and now that Assad’s forces have been ordered to assassinate journalists I do not even see how it is possible.

I do not know what to say. Journalists must get there, it’s mandatory to know what’s happening there, but they will get assassinated.

I will stand for freedom in Syria. We, as humans, need to know what’s happening there, not for any macabre voyeur thing, but for being able to be a witness, to be of any help for them.

So, to all the people that puts their life at stake to brings informations out of Syria, I want to say Thank You. You’re not alone, you won’t be forgotten. Continue your amazing job. Report. Try to stay reasonably safe, but it has no meaning in a battlefield. The violence must not kill the information. If you need any help to hide your communication or to establish more or less safe one, get in touch with us.

And to all the redactors out there or to all the editors of content that sometimes remove stuff like that from the intertubes, we’re watching you. You know what’s happening there. You must speak about it.

Thank You. Really.

Addendum: The Express

HowTo Chaos Workshop

Context

One thing I strongly believe in is that all kind of knowledge must be shared with the biggest number of people. So, there’s Internet which have a lot of knowledge in it but I think it’s more effective to explain to people in the meat space, rather than letting them procrastinate watching My Little Pony on line.

So, I try to animate workshop, lectures, or whatever you can call them toward a lot of different public. There will be one in Paris newt week end (the jhack thing that RWB and Telecomix set-up) directed to journalist, but I do not want to talk about this, it’s, from my perspective, a bit of boring (same old shit, bla bla, tor, bla bla, gpg).

The fun part of workshop, are the Chaos Workshop. Those are the workshop we organise with the crazy hackers from Le Loop. They are always different, totally unexpected and, as we do not know really the audience at first hand, you cannot plan anything.

The last one, ended with around 80 people in a crowded place, to have a talk about cryptography, where I expected 20 for a workshop around anonymity. Was interesting, but total improvisation was needed (and I still do not know what kind of people was there).

Let’s get a fire started

The first thing you have to do is to get a fixer. Someone that is connected to a lot of people. Go bang at his door, when he wakes up in the morning (around 16:00PM) with some beer and tell him:

There will be a workshop about crypto stuff, Tuesday evening, next week. I’ve found some beer on my way here, here you are.

So, the organized part of the non-organized workshop is now done. Go at your home, have fun with whatever you have fun with, wait the Monday evening for the date and place, run before you’re too late and enjoy.

Wait, WUT?

Oh, you actually want to get there with some kind of preparation? You’re a lamer you know that? But ok, I can get it. It’s quite intimidating.

They came for a reason

Yes, you’ll have an audience. Those people have moved away from the relative comfort of what is their usual life to come here and listen at you (and assault you with questions, torture you with questions, questions you with questions). Do not be afraid, Cannibals groups are now dead (we ate the last one yesterday) so, they won’t eat you.

I fully understand that standing on a stage or whatever is a kind of intimidating, but as technician, BOFH, or what you do for your living, you always need to speak to people, even when you try to be creative to tell a stupid-ass that he can rot in hell.

So, the intimidation is not due to the fact you’re going to speak to people. It’s not like you’re doing a crypto workshop in a stadium (could be fun however), you will speak to curious people about something you like. They will forgive your mistakes as long as you acknowledge them.

So, they will squeeze all the knowledge they can have from you with a lot of interesting questions that will force you to be smart and to think fast to get a quick answer.

I will recommend you to get on stage clean. No beer, no coffee, no drug. You must be in full possession of your mind for the first 2 minutes. After that, do what you want, the inhibition about speaking to an audience should have been dissolved by adrenalin.

Know what you know

You cannot know everything. Be humble, and tell to the people when you do not know. Try to give them leads to follow, you must try to have them understand that they can learn fast if they’re willing to search for knowledge.

For the thing you know, do not make any assumptions about the tech level of your audience. You do not know them so you do not know what they know. You can only work with the ‘what are they supposed to know’. You must be exhaustive. If you want to do a lecture about how internet work, you must be able to answer most of the questions linked to it (what’s the difference with the web, what’s a protocol, what’s an IP, what’s a packet, what’s a wire), those questions are the funniest part of a workshop or lecture part.

So, be prepared to everything, and know where you do not know and what you know. One thing however, try to avoid looping in a tech discussion that will takes you a lot of time. You can do that later with the two or three people that will jump on you at the end of the lecture.

Know where you wanna go

Remember the fixer above? He probably have sent an email with the main subject that will get discussed. Grab a piece of paper and a pen, and note them. You now know what you’ll have to speak about. Do not stick to it, you are here to answer the people’s question and to teach them more or less interesting stuff (and less is more or the other way around).

Try to speak freely about all the topic, do not restrain yourself. From the prospective of your audience you are weird, you can only get weirder so, use memes, acronym, weird axiom. Shout KILL IT WITH FIRE when people asks you What can I do with Skype?’

Try to have a clock in your point of view, it could be useful to know if you gonna get home with the last subway, in taxis, with the first one. Believe me, you will have no more notion of time when speaking, so if you have to stick to a planning (this is not very Chaotic, I know), get a clock you can read from a distance. Or asks your audience how much time left you have.

The visual display

The tricky part. The visual display are here to present data and to emphasize your speech. Not to be you speech. I rather working without them, or with only one or two words written in huge fonts that will give some thematics.

The thing with visual display is that they are organized. You cannot jump from slide 1 to 5 then going back to 2, so you must know it by heart and you will have to stick to it. It can be interesting for a lecture with 100 people, but for a workshop it’s not a good idea.

So, if you choose to go with slides or any kind of visual display, do not put your text on it, or anything that will takes more than 4s to be read. You must be the awareness focus of your audience, not the thing that’s been displayed on the wall.

I know it will gives you confidence, but you can perfectly have detailed notes on a scrapbook to refer to in case of doubt or if you get lost. But, again, that’s only for more planned talks. In case of Chaos, deal with it and assume the fact you’re going to explore a lot of directions.

The things that must be done

If you want people to do stuff, tells them before hand to bring whatever they will need to do it. Be as agnostic toward the prerequisite as you can (do not rely on a specific distribution, hardware or OS for instance), go for the easiest troll if you want, but do not spend time on it.

Then, never ever do things on their computers. They must do it by themselves, even if you have to spell each and every command line. Tell them to RTFM and to use seeks every once and a while.

You will encounter unexpected problem. If you can solves them fast, do it. Else, note them, and move on. You can spend time on it at a later time and even fill a bug report.

I’m not very fond of demo. First, they often rely on the fact that people understand what you’re doing, and then they will never work as expected. Even if you have prepared them. However, grab some live-CD or USB keys with you, to show them how it can work, but if they discover it by themselves it will be better.

Aftermath of chaos revolution

When everything is done, drink some water, grab a beer and go discuss and answer to most of the questions people will ask you. The hardest part is done, you deserve some rest, especially since being under the spotlight is quite amazing, even if intimidating.

So, send an email to the fixer to thanks him, and give him a small resume of the discussion. Populate it with links to how-to and to the software you tells about to people.

Communicate about it, keep it open to everyone, a wiki is nice for that but it does not have to be like this. It can be a txt file or an etherpad or a pastebin. As long as people can get it, at a later time. It’s important, it’s the only way for you to climb up the ladder in the tech level of the workshop you’re doing.

What are you waiting for?

So, it’s not that hard to get in the chaotic battle against ignorance. It’s even fun, so join us, find a date, find a topic you wanna discuss, find a place and do it. Do not be afraid, it’s fun and you’ll learn a lot of things doing it, because you can only teach what you know, you’ll soon need to know more.

Let’s Rumble!

Have Fun!

There is no hope

Opening

So, my post about software has generate some comments. The most detailed answer I can find until now is the one from Ju (sorry people, it’s written in baguette‘s speech). Go and read it, it’s interesting.

So, you are telling me:

But, what if I want to learn, but do not have the time? You won’t help me!

First, that’s not what I said. I said that I won’t install you any software, because you must do it to learn. If you need to asks question, go ahead, and asks, we even have axioms for that on IRC and other places:

Don’t ask to ask, just ask

But, a more important one:

Think before asking

Yeah, I won’t help you if what you’re asking me can be found on seeks or in less than 10 second of reflexion. I will not think for you. I will not make your life better, you will. Well, you will later, for now, you’re about to jump in the abysmal depth of knowledge. I know that it can be intimidating and if you are not scared, well, it means you’re knee deep into it.

Take the red pill. And the blue one. And the yellow one too.

Learning and understanding will eat your time and soul, it will forces you to change your perception of the world around you. Knowing how it work and how you can change it will not makes your life easier or nicer. It will makes you see how fucked things are.

I wasn’t in the protests last Saturday to say no to ACTA. First, because if protest could actually change things, the things will be in motion motion now, the Greek government had refused the ultimatum we gave him, people of Homs won’t be under heavy ordnance and the asshole at the head of the different countries will be demised. Second, because a lot of people are saying no to ACTA and that did not make government stepping out of the things they do not understand.

I do not want to takes you by the hand, walking in the My little poney fields, with cloud made of candy and a sunshine smiling at your face. We do not live in cuddlebears kingdom.

There is no hope the world will get better anytime soon. If someone tells you anything different, he’s lying to you. Hope is waiting passively for things to get better. Hope is the same thing as prayer. Hoping is what government and mass medias are giving you to keep you under control.

So, forget about hope. That’s not hope that brings Syria in this state, it’s the fact that people actually wanted to do things and to change their world. Yeah, believing that things will get better probably helped them to go into the street and to start changing their environment.

There is no chance things will get better if you think they will, and if it’s the only thing you do about it. ACTA will not pass, but the media industry and governments will come back with another thing to crush on us. It’s an endless battle which will not end, or one we can’t win.

I do not want to tell you lies. You do not need hope, you need to stand up on your legs and to walk in whatever direction you want. And you do not need me for

Be Evil, Kick Google In the balls

Be Evil

All of you might have heard the Google moto:

Don’t be evil

With a bit of context, this is said by a company that have only one goal: Be the only web that people will use. Glazman explain that Google, and Apple, are working to build a works only on webkit web, using some CSS closed properties (the one that starts with webkit-*). I won’t develop too much on this, it’s just that this is the event that generates this post.

So, we need to be evil and to move out of the googles-centralized-and-closed-space.

There is a lot of steps, and I’ll probably miss some. You have to know that I’m using an Android too, and that I’m tweaking it (and I almost managed to kick google out of it). But first thing first, let’s go for the easiest part first.

Gmail

So, let’s start. I do not like webmail. Not back when POP3 was hype, not even now that we have IMAP. I do not want to gives my personal email to a third party that will do whatever they want with it (yeah, even with encryption, if the mail is decrypted on the server, that gives the server to read it and break the point of encryption.

We know that Google is reading your mail, to place targeted advertisements on the page you’re reading it. We do not know what they’re doing with your mail and, since there still is an issue with censorship and google being ruled by US laws and regulation, you cannot be sure you won’t have any legal problem with your mails.

So, what can you do? Simple answer: host your mails. You will need a server. It’s cheap, and there is some nice virtual server hosted in Iceland, a country which have strong personal data protection law. Head at https://www.1984hosting.com for instance. That will cost you a few bucks per month. You’re going to need a domain name to. I made a mistake, mine is nation-tied (.fr), don’t do it, try to find a non nation-linked one.

Now, you’ve got a nice server, install an OS server (one open and free, as in freedom, one you know or can learn about, one designed for servers so, basically, a Linux distribution or a BSD one), plug a small databases in it, that will be needed later, and install stuff.

For your mail, I’ll advise you with postfix, I know it more than I know the other ones out there (but not enough to treat myself as a guru). There’s a lot of interesting Howto in the wild, pick one.

Look at TLS too, and grab a SSL Certs (either fire up an account on https://cacert.org, a distributed Certificate Authority based on trust, not on money, or create your own authority.

So, you know have your own server for sending and receiving mail. It’s enough for my needs, because I do not use webmail. If you really want one, have a look at roundcube, it’s pretty and shiny, works on most of the modern browser (probably even with links or mozaic), it looks a bit like gmail so you won’t be lost.

Nice isn’t it, you’re now in charge of your own mail system. No more advertisement, no more dependencies on an external company for that, plain and total autonomy. How does it feel?

You’re addicted now and you want more fix of decentralized freedom? You’re a junkie. But so am I, so, here is your new fix.

Google search

The previous one was easy to understand and to do. Now, we’re going after the big player. Search engines. Google wants you to find websites they think is more relevant to you. They do not want to tell you how they’re doing it, they will target you with advertisement, and they will operates real time censorship and suggestion.

But then, you’re going to say ‘Hey, no choices.’ For one, it’s not true. Even among the closed search engines, there’s Bing (and Yahoo, same engine now) which is quite interesting. Or http://duckduckgo.com. But those are still centralized and closed source solution.

We want to go derper. And farther. We want really open and decentralized search solutions. There’s two out there: YaCy, a java implementation of P2P search and seeks, a C++ one.

I do not know well YaCy, but it have the advantage of scanning and index local pages, and it has its own fans and community. I’m more a seeker (and I run my personal seeks node). They started like a proxy and a meta-engine, but they are now sharing results across P2P and, since the 0.4.0 version, there’s pure seeks results.

You can use a public node for seeks (like mine) that will learn from the uses of all the people that uses it, or you can install your private one. You can use it as a proxy that will intercept all the query that should have landed on Google to process it via seeks instead.

It will require you to build it from sources, but it’s easy to do, there’s an updated and fully detailed tutorial, so go for it. Also, there’s an IRC chan: #seeks@freenode.org, they’re quite nice people to hang with.

So, now, you won’t use google anymore to search your stuff. You see? The Colossus won’t feed on you. Now, worst part is done, let’s deal with the details.

Calendar and contact

Yeah, those are nice tools. But you do not need to them being on google. They are ical compatible, which is nice. VCARD is a old protocol, that used to work on my Nokia 3210 (the phone that can break the world in half with enough velocity). You just need an ical server (and a webserver, but with nginx or apache out there… Plus, if you have roundcube, you already have one).

The best solution I can found until now is Davical. It’s light, it do the job, it works on Postgresql. The sad part is that it does not gives you a shiny interface to click on. But that’s why you need software, no? You need an RSS Reader to read RSS flux, you need a client mail to read mail, you need a calendar client to read calendar. Claws-mail have one, but I assume that if you’re reading this, you’re not on claws. I suspect mutt to have one, emacs-fan will tell you that emacs most probably have one calendar included.

If you want a client that won’t scare you, go for the Mozilla Sunbird or, if you’re already using ThunderBird, there is a lightning add-on.

Davical works with contact to. And the calendar can be read by a lot of other clients, just go through their wiki. Or use your new seeks node to find more about it.

Documents

Use a local office suite (such as libre office if you really need the weight of it. You can use some pad (etherpad one for instance), like the one on Telecomix for on line and collaborative editing. You can even set one up on your own server, yay \o/.

If all you want is hosting and sharing documents, you have two choices. Owncloud will give you the possibility to use a part of your server as a public (or private: your server, your rules) hard drive. I strongly suggest you to encrypt it. Or Unhosted which, as the name suggest, is based on ‘not hosting’ the data. Sounds promising, the fact that the data are encrypted before being stocked anywhere is promising, and, since it’s free software, you can add your own server.

So, no more google docs, ok people?

The last fix will be for the coders one.

Google reader

A RSS Reader. It’s extremely easy and there’s a lot of one. I personally use tinytinyrss. Again it needs a webserver, but then you’ll have all your RSS in the same place. You can probably find other project like this one, but it works quite well.

And you can import OPML (or whatever the acronym is) file format. The one used by google when you want to do a backup of your flux.

Google talk

And last but not least (also, quite an easy one). Google talk. Google talk is pure XMPP. Just like jabber is. You can find a lots of client for jabber, but go for pidgin-otr, you’ll then have the possibility of Encrypted chat with plausible deniability for the same price.

You’ll just need an account for that. EIther set-up your own jabber server (all the XMPP-server can talk to each other) or you use one. Use your seeks node to find a provider you like.

For hosting your own XMPP server, go for Jabberd. Simple, packaged for most distribution. You can then register there with your own nick and talk to other XMPP accounts.

Google Code

Get out of it now, and as fast as you can. There’s plenty of open source git forge out there, especially the most notorious one Gitorious. GitHub isn’t free (does not run on free software) but is a not that bad candidate. But you do not want me to feed you with half-freedom, right? So, gitorious.

What else?

I need to talk to you about Android, but I’m not fully satisfied with what I have now, so you’ll have to wait for your next fix of freedom.

If you’ve done everything here, you probably have nothing left on google. Close and destroy your account. If they ask you why, just answer:

I do what I want, I’m a Matser of Evilness, MOUAHAHAHAHAHAH!

Or RickRoll them.

If you find one server for only you is a bit overkill, then go talk to your friends and family, have them in your server. It will be funnier if you’re a lot. Do not sold them anything, have them understand that the services might or might not working. Do backup. Try restoring your backup. Encrypt them. And do not forget:

Computers and freedom are like sex. The more we are doing it at the same time, the better it get.


version 2.0 – I’ve forgot about reader and talk. Need to find a picasa

Achievement Unlocked

Yeepee

http://streisand.okhin.fr is, according to Mr. Claude Guéant, French Minister of Interior Affairs a website that must be blocked along with https://copwatchnord-idf.org.eu (yeah, I know, they must learn how to do SSL) which is a copwatching website that has been previously censored (with a different domain name).

I need to add that I’m not a full supporter of this copwatching website, I do not like the tone of it and, while I think copwatching must be done, I do not think this is the best ethical way to do it.

So, the assignation is here and the lawyers of the main ISP are currently fighting it.

The funny part of this assignation is the §2.1.2 (page 6) where they said that collecting public information without the consent of the person concerned by those information is a violation of the 6th of January, 1978 law about personal data. Which is the case. But it’s also the case of almost all of the ‘official’ police files (as the CNIL [FR] repeatedly told them), and I’m not speaking about the shadow file that most probably exist.

The worst part is that, beyond the 34 mirrors listed (mine is the first one, Wooooot!!!), Mister Claude Guéant do want that all the ISP must extend the blockade list dynamically and without asking further details to a competent authority (so, a judge).

The way they’ll do that will probably be a DNS blockade. I’ll probably move my domain name to something else when it won’t be available. The funny part is, that my personal emails and calendar are hosted on the same domain name.

I am a terrorist (and?)

So, those days two events where directly directed toward people who wants to enforce and protect their privacy, or toward the ones that would maybe participate in an Anonymous group. One here, in France, another in the US.

The blowing of EDF

The first affair, that everyone’s discussing about, is a thing that started 6 months ago. When the landing page of EDF (The main company that’s selling electricity in France, public business but in a market open to concurrency) was hit by a DDoS. That was in June, and the thing hits the news[FR]. It was not that long after the serious problem in Fukushima, and there was a lot of pressure around nuclear power at this time. The DCRI (French secret police), following the leads they had, found that people was using a public pad hosted by piratendpad.de, the German Pirate Party, to synchronise the attack. They asked for an access to the logs to their cross borders colleagues, and then the police raided the server, just some days before an important local election for the German Pirate Party (where they made a big score by the way). The story was covered in the press, particularly on Ars Technica.

Last week, they finally went after two guys linked to Anonymous (but who does not?) and put at least one of them in custody for 60 hours in a row (the interview of the guy is at owni[FR]). The police said 45h and that he waited for 15h in a cell. That still 60h of custody. That’s more than the legal limit of 48h, so it’s a special exception for fighting terrorism (yeah, US got Patriot Act, we got at least 2 LOPPSI, and 2 other National Security Law during the last ten years). Oh, and the goal of the DCRI is to catch terrorist (and to put everyone under a CCTV cam). The evidence was that the guy IP was found in the webserver logs (so, he just visited the website of the company that sold him electricity, probably to pay his bill for instance… Surely, he is a terrorist).

The thing that worries me here, besides the fact that they do not understand the internet, is that they used terrorism allegation. terrorism is destroying critical infrastructure and killing people to spread terror in a part of the world. A DDoS on a public website (even if I disapprove it) must not be a threat to a power plant. Especially if it’s a nuclear one. So, there was no risk at all of destroying critical infrastructure to spread terror, so not terrorism. If their was a risk (meaning, a computer of the plant LAN connected to the internet), first a DDoS on the public (and non-related) website would not have destroyed the plant, but that’ will be the evidence that those people are idiot and incompetent and dangerous, they should do jail time.

The FBI poster about terrorism

Fear. Uncertainty. Doubt

The governments are doing this because they’re afraid. They’re panicking, they do not understand what’s slipping between their hands. They’re loosing the battle, so they’re panicking. What they want, besides controlling everything and everyone, is killing Anonymous and other hackers movement. One efficient way to do it, is to use the Fear of the people, by using Uncertainty of facts (there’s a possible terrorism risk) and by disseminate Doubt in the people minds (are hackers good or evil?). That’s why they want to control the information, and the media. It’s so bad for them that a lot of media do like us since the Arab Spring and the Occupy Movement all over the world.

They want to makes us terrorists, because everyone have an unrational fear of terrorism. Terrorism is perceived as a high profile threat, with an extremely high probability for terrorism event to occur, while it’s not. I mean, there’s more people killed on the road each year in France (about 6 000), that by a terrorism act since the last ten years. But it’s a risk a government can pretend to fight by chowing things like policeman equipped with shotgun and assault rifle, servicemen in public space, invasion of privacy for a greater good. That’s why they want us to be terrorists, it’s because they need it to control the cyberspace and they want to kick us out their world.

The thing they did not get is what we are already out of their world. John Perry Barlow wrote some time ago the Declaration of the Independence of Cyberspace, and that have never been so true. We fight government and corporations. We stand for people when all of you have fled from the battle. We will be the last line between them and our privacy, and that will be an epic battle. Not using guns and spilling bloods, but using speech to spill words, laws and regulations, computer and internet to spill data all over the place. This is the real cyberwar people told it exists. People, host, bots and cats from the internet, versus the control freak of the nation states and corporation.

I will fight for my freedom. And you should od the same. They called us terrorists so you are not at threat, we will takes the pressure, we can manage stress and staying awake for nights, you should join us and make your voice heard because you have something to say. The crypto ammunition box is now full open, come and get some. If you still need to know why and how, read the Cyphernomicon.


I won’t install you any software anymore.

I won’t install you any software anymore.

Yeah, you read that right. I would not install you any software. Never. For once, I’m usually paid for it already, and it’s the lamest part of my job,the one that I hate the most: making things works for people who do not want to understand how it works. My work, as an IT worker is to do everything that’s possible to keep the flow of information flowing in the company I work for. It includes updating and maintaining complex system architecture, but alos interacting with people who do not want to bother to understand. They think they’re beyond this, trying to sell stuff and that computers are just in the middle of their way to get things done, that there is a kind of secret sect of computers trying to undermine their job.

I’ll be glad if it was the case, at least computers could try to teach people what they’re doing wrong. But they are simply information treatment machine, they do exactly what you asks for. They do not takes initiative or working in your back. They are delicate machine we engineered to ease your life, not to make it harder. I admit we did not get some stuff right, we have problem with some UI that goes in your way to work. But then, you come at me and just yell, just as if it’s an evidence and that we exist only to makes you happy (go get a life if that’s the case):

It does not work.

Yeah. Right. Not a bug report. Redirect to /dev/null. ‘It’ could be a lot of stuff (from the keyboard to the mainframe your connected on, I’ve got at least 10 systems that you use everyday without noticing, and each one of them can be a It. Or any part of it could be the It. It’s like heading at the Financial office and yelling at them:

There’s a problem.

They will probably ignore you, and they’ll be right to do so. And you’ll do some reasearch trying to find what’s wrong, what part of the fianncial report you read seems wrong to you, and why. That will takes you probably a good part of your day, then you can formulate a problematic to submit them. Why don’t you make it for computer? They are full of warning and errors, the one that get clicked off faster than light. Softwware and computer parts have name and version number extremly easy to find, and explicit (at least for me), error message. SO why don’t you send me a documented bug report as you’re going to do with any other problem you’ll ever encounter?

You gonna say ‘I do not know zip about computer’. That’s right, that’s not a problem per se, but it means you do not want this situation to evolve. You’ll come two weeks later with teh exact same problem without having done the effort to learn about it and to try to work around. And you do not know nothing about financial problems, but you’ll try to understand how it works and learn. So you’re next argument "I’m not here to learn", is a fail. You learn everyday you work, that’s why you’re betetr now than two years ago.

So, mainly, I’m confronted everyday with people that do not want to learn. That’s why I won’t install you software, becasue if y’oure doing it yourself you will learn and understand how things works.

Let me explain you

I will, however, spend a huge amount of time to answer all your questions. You’ve got to understand that most of teh question you’ll ask will probably looks trivial to me and that’s why I’ll slap you hard on your head with Read That Fucking Manual, use man, man man works too and other go seeks onthe internet, the answer is in the first page. I’m doing it beacuse those questions are of no interests for me, and because you’re going to learn to learn by yourself.

I’m a fierce defenser of free knowledge. So I try to share it with people willing to. You do not want to learn or to make the necessary mental effort to do so? You can die. I won’t move to helps you. One day, maybe, you will coem at me asking me how to go around the fracking DRM, or how to surf without being monitored. I’ll try to not hold gruudge and I’ll try to explain you again the exact same thing you do not want to know before. So, I won’t event try to explain things to people who do not asks questions. It’s a loss of time for both of us, I have better things to do, and you have some porn to watch.

Because this is the main problem. You think computer or knowledge is not necessary as long as you do have what you want. But a brainless citizen is no more a citizen than a cow (and cows are really stupid) or a sheep. Following the amss because the mass must probably know what’s good for them. Following them, happy to be a sheep in the sheep yard until you see the knife of the butcher. Until it’s too late and you’ll die in terror sith the rest of the sheep, while the black sheep will yells "I told you so. I warned you. And you did not wanted to listen, you have what you deserve". The black sheep won’t laugh, or be happy. Evene if you throw shit at his face all the time, even if you’ve laughed at him because he was awkward inhigh school, choosing to talk to computers instead of regular sheeps.

This is what I feel, each time someone told me ‘What’s ACTA?’ or ‘I’m bothered with you’re computer bullshit’. I’m sad because this is what have led us here. With private interests going over public ones. With banks ruling countries. With music industries trying to protect themselves and writing laws, and closing down websites. That’s why I was raging against you when Megaupload was shut down by foreign companies. I was sad because we tried to warn you. You necessarily got the message (with Telecomix, we’ve hit most of the national newspaper and radio of Europe, even the Wall Street Journal had written on us, and on ACTA) so you knew. You just did think that this kind of shit won’t happen because it’s a sad thought and that will change your mood and the way you look at the world.

You do not want toget burned by the world outside. That’s understandable. But then stop complaining about it. Or try to fix things.

This is what we do

We. Hackers. The weird kids in town. I can speak for all of them, so will wpeak for me. I grew up in a world that do not suit me. I’m rather tall and extremly thin. I was alone most of my time at school, at least until my graduation. So I spent all the time you spend in parties, hitting on girl, getting wasted, to learn. I assemble my computer myself, I learned Linux the hard way (back in the time, early Internet here, I needed to use another computer to get the documentation) with noone to help me. I’m not complaining, I learned a lot. And I’ve done this because I wanted to understand how things works. I wanted to unscrew everything and to adapt it to my needs. You were doing the exact opposite things: adapting your needs to your environment. You wanted the thing everybody wants, you let people decides for your future.

We, in the meantime, tried to understand how the world was working to change it. We want to change it because it is broken, it does not work in a way that suits humanity. So we learn. When a law appeared in a parliament that we think will destroy some liberties, we learn about the democratic process in the EU, the US Senate, the French parliament, we learned about laws, we read and process the huge amount of paper that no one was supposed to read, we find flaws and we sued them to try to subvert the system. We thrive by knowledge, this is our weapon, this is our life. That’s why we have a lot of conference and formal or informal meetings, that’s why I enjoy going at the CCC to meet people and learn what they did last year.

A world without a total openness and free sharing of knowledge is a world we reject fiercely.

Twitter and censorship

Twitter and the censorship

In a controversial post entitled Tweets still must flow((And they stole the third datalove principles, yay for us)), twitter said that they will now be able to censor some tweets regarding on the locality of the reader. That mean that someone in China won’t be able to see this tweet about Tien An Men celebration, or that a tweet with a svastika will not be readable in France or in Germany. And then, the whole twitter sphere get mad, yelling while running in circle.

And the storm will cease, people will forget and move on the next big thing. Twitter will expand and open a new office in China, because they’re doing business. It’s their objective remember? Business, after all twitter is a profit driven company that want money. They do not want your freedom or your safety, they want your money.

I always think that twitter wasn’t that bad, at least, toward my privacy. After all, my friend list is public (anyone can see it, even people without a twitter account), my lists and tweets are also public and they do not have any bits of personal information about me, except my pseudonym and an email to join me. Twitter is one of the few corporation that deal correctly about privacy (I can share my location, but it’s not active by default, I can use my GSM, but it’s not active by default, etc.) So, they provide a service to everyone (they even tolerates bots, even the one that only speaks to computers, that mean control command for botnets). It’s not purely neutral (it’s not distributed), but it’s a good start.

Then things changed

In the beginning (yeah, last year, maybe the year before), twitter had a great documented API that anyone could use to do anything they want, as long as they respect certain limitation in volume. Limitation a normally constituted human cannot be able to reach. So everybody could write a twitter client, or an app that use this twitter API. Then they decided they wanted more control over what people where doing with twitter. Things have moved since the green movment in Iran and, now that Twotter has grown, they want more control.

First things they do, was to forbid third party clients, like the one I’ve used to use to access twitter on my old Nokia phone. 2 years later, I still have no idea of how I can access twitter from the OVI store, so I cannot use it. They makes some huge change on the Twitter API too, without maintaining complete public documentation, this has break a lot of compatibility with, for instance, status.net. They still never explained how the trending Topics and they responds to legitimate questionning about this important future (that’s how you know what’s happening now and near you) with ‘trust us, we’re not censoring anything (and look at the support page about trending topics: https://support.twitter.com/groups/31-twitter-basics/topics/111-features/articles/101125-about-trending-topics, there is no precise enough answer that could be used to infirm or confirm tweets.

I’m not saying they’re censoring Trending Topics however. They sell trending topics (you can see sponsored one in top of your list). They want control over the trends because that’s how they earn their lives and that’s what they sell to Nike, Disney or BlueCoat for instance. Since two years now, and after 2 major change in the interface and the way they display content, they have exerced a lot of control on how things are moving, they’ve penetrate a lot of new market (in Middle East, Africa, South America, etc) where activists use twitter to circumvent censorship because it’s a US based company, and then the US law are the only one that can be used to censor twitter.

The Wikileaks case

Look at wikileaks for instance. In November 2011, Twitter was forced by the US Justice Department to hand over all the information they had about three people, suspected to be linked to the organisation. A secret order in fatc, that would be revealed to the people under investigation once the investigation is done. Twitter defend the case, but they finally had to give out those information (but they could warn the users they were under investigation). The story is in the NY Times if you need more details. Google do not fight those, they just maintain a page where they put the request from a judge they received, ordered by country. For facebook, I’ve still never heard of such thing.

The things happening there is that a US Company own parts of your identity and they are under the US law (with the patriot Act). That gives to this governement a reach to all the twitter user. Including ones that are not even US citizen neither on the US soil. This is not a twitter problem, this is a legal problem. The centralized system everyone use fall under specific national laws that supersede the local one (amongst the target of the wikileaks thing, there were an Icelandic representative, from a country which have the strongest law arsenal to defend the source protection and the whistle blowers).

Things get big

Twitter has received a lot of money from different sources. They wnat to grow bigger. They want to get in Pakistan, Iran, China or India. They want to have local offices, or not to be banned by a country because ‘terrorists uses it’. So they say they will follow the law of each and every country they will be used. It means that, if Bashar el Assad, the still ruling dictator in Syria, aks for content he do not like must be removed in Syria, they will obey (they will follow the local law). You’ll still be able to see those horrible video and massacre live, but people on the ground won’t be able to talk to each other, because they won’t be there.

My point is, you’re yelling because you’re afradi Twitter will censor things. You should not be afraid of that. You should be afraid that twitter had previously censored tweets due to justice decision that should not apply to you. You should be afraid that all of those datas are centralized, teh same way megaupload, Google or Facebook are. You should be ashamed to reinforce it by using it to protest. You should be ashamed because you have not used a decentralised solution, either by using one that already exists such as https://status.telecomix.org or https://identi.ca, or by setting one up with friend (status.net installation is documented). I know it’s hard, and I am to blame to because I use twitter, but move to a free cypherspace, you’ll see, they’re some nice people hanging there, is you’re looking for me, I am just right here: https://status.telecomix.org/okhin.

Data must flow Enter the decentralized cypherspace


The version 1.0 of this post was written on 2012/01/27 by okhin. Relaesed under no licence or the WTFPL.

Let’s talk about Privacy, Intimacy, Anonimity and Identity

Let’s talk about privacy, intimacy, anonimity and identity

I wanted to write about those topics for a while because I think they’re important topics, eseentially nowadays due to the ever growing ubiquitous surveillance. I think that most of them are not perceived the same way by everybody, so i’ll try to write down and define what I put behind the concept of identity, privacy, anonymity and intimacy.

So, we’re going to start with some definitions, see how they are linked etc. I wo’nt use many links, because it’s what I think it’s probably not original and unique, but that’s how I fell things are working. Also, we are going to eat Information Theory.

The identity problematics

We walk in the world as an emitter and receiver of signal (part noise, part information). This signal is directed toward one((unidirectional communication, also named unicast by network engineers)), some((multidirectionnal communication, named multicast in network operation)) or all((wide communication, or broadcast)) receivers in range.

The etymology of ”Identity” comes form the latin identitas (sameness) annd indicates what information are emitted by the same entity, thing. That means two things. There’s a track to previous information emitted by this entity, and the receiver can link the emitter to this entity. The identity is then the sum of all the information about an entity an emitter can perceive, and an entity can have multiple identity, in general one for each space (public or private) the entity evolves into.

One thing about information, if they’re not archived and indexed, they will disappear with time. Who remember who Jessi Slaughter is?

What’s my name?

The name is the unique handle of an identity. It can be a unique number, a common name, a description, etc. The name of an entity is how you will access all the information you can find about it. This is the bit of information you need to know to find out who an entity is and then accessing all the information available about this identity in the space you’re standing.

If an entity has no name, and is in fact anonymous, then you won’t be able to find any information about it. But then, the ‘Girl with Nice Boobs who was at the party yesterday’ and the ‘Bunch of people that sing in the subway’ in a name. A temporary one, but it’s still a name. You can discuss about those person with other people who were in the same space at the same time, but the information will probably be wuickly dissolved in the flux of data we live in.

A name stand for an identity. Or should. The tricky part is the homonyms. Two (or more) different identities covered by only one name. To find out which entity you’re communicating with, you will try to find context that is, previously stored information that you can then use to find out which entity your dealing with. You deal Homonimy the exact same way that Usurpation. Using the information you can find about an entity, you can know who they are to you, independently of their name.

Trust

The trust is the biggest thing in social relation. It exists in principally three states. You trust an entity, you distrust it or you have no idea of the trust you should have into the entity. The trust is the accountability. When something you trust gives you an information, you know the information is correct. If someone you trust claims a name, you won’t check his history back to confirm or infirm it. Someone you trust is alos someone who will probably not takes information about you out of the space you are communicating.

The people you distrust is easy, you won’t believe them and try to verify every information they send because you can find a source of information you trust to confirm or infirm their identity.

The world is small anyway, so you can probably build a trust chain to this entity and confirm or infirm the identity link for an entity you do not trust.

Trust is not bidirectionnal and is personnal. That’s not because you trust me that I trust you. ANd that’s not because I trust someone taht you should trust it by default, but it will gives it more trustability (because you trust me and I’m telling you that this entity is really who they claim to be), so that will help you to decide if you want to trust this entity.

What’s privacy then?

Privacy opposes to publicity. If something is not in the public space, that means it’s in a private space (or that it’s in no space, which is not possible due to some contrsaints such as physics).

So, what is public then? From etymology it is linked to the people((From the latin poplicus which is a derivative from populus, the people)). That mean everybody can access and see a public thing. At least, there is no authorisation needed to access something public.

For instance, when you walk in the street, you are in a public space. When you enter a bar or a restaurant, you’re still in a public space. When you pay the fee to access a museum or a night club, you are in a public space (it’s not an authorization, it’s a cost). When you surf the web reading at datas that do not requires a password to access to, you’re in a public space.

That mean that everybody in the same public space as you can access all the information you’re emitting. Wether it being you’re apparent age, skin color, gender (not your sexual identity however), the thing you’re saying or the song you’re singing. If you are in a public space, everybody can access and see and track all the information you’re emitting there.

So, the privacy opposes itself to the publicity. That is, you’re in privacy, and so in a private space, when you access a non public place. A place that requires you to have an authorization of a kind. It could be a good old key for your house or your locker, a password to access a private sharing space online, a simple door closed with a sign on it stating ‘Access forbidden’ is a delimitation between a public and a private space.

Privacy is then a matter of limiting access to the information you emit. If you have the key to enter a private space, you can access the private information.

Intimacy

The intimcay, again from etymology, comes from the inside. This is what’s inside an entity, that’s all the information you’re not emitting. It’s when you opt-out totally, with no emitter of information you cannot control, and all the one you control shut down. You generally add your closest friend into this intimacy, as long as all the ‘special’ people, those are people that won’t tell those information to anyone.

The intimacy is the part of yourself that no one knows about, except the specials ones. Intimacy is way more than privacy, privacy is intresting, as it allow you to communicate with people of choice without being put in danger for what your saying. It allow you to have multiple identities and to use them in multiple social circles. Intimacy is what’s out of all social circle.

let’s explore the world!

We now have our concepts defined. Almost. So, now, let’s go online, because everything is funnier if you add network and computers to it.

Let’s enter the world of information

So, it’s easy to get a grasp on the private/public problem in the physical space. I can live with a bunch of people in an open space like a loft, or a squat, but still have some private space (the one I close with a key I own). What’s hard is when you add some layers, and, for instance the cyberspace. I can sit in a private space (my room, locked) and accessing a maybe-public space.

The thing is, independently of the thing you’re gonna access, every bits of information that goes out of your device of choice will go through different intermediaries before reaching the data you want to access. The origin and the destination of the packets are know, as long as a lor of other stuff. Those information are needed to route the packets through the diferents network, but they are data you emit in the public space (anyone on the route of yourpacket can see it and access to this information).

Wether you’re accessing your facebook page (which is more or less private, dependings on the settings you choose), your webmail (which is private, given the fact that only you is supposed to have the password needed to access it) or your mails, reading a website, downloading a video using P2P protocols, etc, you will emit a lot of information that a lot of people (or computers) can read.

So, remember what I told about the lock in the previous part? You need to put a lock on the information you want to keep private. You can’t lock all the information in the packets, some of them are needed to grants you access to the resource you’ve asked for. Those are mainly routing and protocol information, because that’s the way computers works, they need to talk a lot to each other to get things done. But the others informations, the ones you want to keep private, you can lock them to deny anyone the possibility to read them without a key of a kind.

That’s the cryptography goal. Forbidding a data being physically readable by anyone and restricting it to whoever got the key.

So, you’re in the private space only when you use string cryptography. yeah, encrypt everything you want to make private. If something goes online without encryption, it belongs to the public space.

A wild corporation appears!

Corporations, at least internet ones, suck at two things. Security (but that’s the burden of everyone) and transparency. When you land on a ‘secured’ website of a company, they will require you to proove your identity while they’re doing the same (using ssl certificates). They’re not asking you for a key (an authorization), they’re using your identity as a key. They’re using the whole set of data they can build about you as the key to access their services. You cannot know what data they have on you, you cannot opt-out those data, they’re building a strong identity of you. And they’re following you everywhere they can, without telling you.

So, they build an identity about you, one you don’t know anything about and they’re building it using data from a private space that they’re not supposed to share with everyone else (except if you explicity opt-in). They’re archiving everything information you emit, stocking it in extremly redundant servers becasue tehy do not want to lose any bits of identity about you. And then, they will replace the wall of the private space they made by polarised window, giving everyone who can afford it to penetrate theprivate space without the key and without your consent. When someone goes into your place without authorization, generally you call the authorities or shoot the trespassor. You’re not allowed to do it for corporation taht sells personnal data, some of them they shoudl not have.

I mean, they do not need your name for running their business. The only reason they need it is becasue they want to cross check into other database – private space – what you’re doing when not undr their radar. That’s what real-name policies are, they’re a meta identification token spanning all the databases taht uses the same policy. And that’s why they’re so bad.

The financial data stored in non banking websites is bad to. They do not need it. They need to know, in the worst case, who buys what to who and when. Not the bank name, the card number or any othr details on it.

So, corporation are robbing your identities. They lure you in confy private space, then put you on national broadcast. I’m not even speaking about the risks of a data leak or a breach in the infrastructure. People accuses hacker when information about them isleaked. But hackers did not archived this information in frist hand, they did not make huge files to track people and to spy them and to rape and destroy their privacy. What hackers do is finding a part of a public space that was hidden behind a curtain. So, next time someone is doxing you, asks the company why they had those information about you in clear text.

You can access a company server, if they store all the private information (or what they define as private) in an encrypted format you won’t be able to read it. That’s the way to go, if you want an information to be private, then encrypt it. If it touch toyour intimacy, do not publish the information. The internet and computers have an endless memory of extreme precision.

Protect yourself. Encrypt everything that moves. Give momentum to everything that do not move.


Version 1.0 of this entry was written by okhin on 2012/01/26. Use it as you wish. Or follow the WTFPL.