The long year

Or a little bit more than a year

It’s been a year for me, one in with a lot of stuff happened, some good but a lot of bad and harsh. I’ve been recovering from a burnout since February 2018, and I’m now finally back at work at La Quadrature, where a lot of changes are underway.

During this time, I spent more than six month experimenting different prescriptive drugs, trying to find a balance that would finally enables me to feel normal emotions, not the huge exhaustive and destructive tsunamis of rage, or the infinite pain of just being in pain.

Experimenting with your brain homeostasis is kind of a weird process. It changes the way you think, the way you perceive the world, the way you define yourself. It questions your free will, it questions your world, It questions who you are. And, in the end, am I just more than the serotonin neuroreceptor inhibitor drug that I take daily, or am I something different ?

The fiction I’m reading again has always at its core this notion of identity. It’s the basis of all the CyberPunk movement, and it should be at the center of Transhumanism too. Yes, queer politics are also about identity, as well as all politics in the end. And my identity has been fucked up by depression and traumas. I’ve built myself around a seed of anger, buried under layers after layers of insensibility, sarcasm and individualism. That’s how I survived until ten years ago. Got no choice, my socialization as a teenager has been adversarial and I had to weaponize it.

This seed of rage turned into a full blown sinister tree of depression, deploying its root in each aspect of my life and the way I relate to other, burying me under big black rotting leaves of melancholia and existential crisis, ornamenting the abysmal depth of despair with beautiful flower of exhausting emotional burst, lots of them were rage. Some others were dried by suicidal thought and morbidity. Other were flower of pure joy, turning despair in seconds, because it made me see the darkness I’m leaving in.

So yeah. Depression sucks. ADD make things worse. But back to the pills. What they do, basically, is giving me future and prospective. It’s helping me to get out of the fight or flight mode I’ve been in for years. It’s giving me the ability to plan for the future. Or the next two days, which is a huge improvement.

And yes, it is an emotional prosthetic. I see it that way. There’s a non zero chance I’ll take them until the day I’ll kill myself, or that a car decided that I should have stopped my bike in time and rode over my disarticulated body. It is part of me. The depression tree has been tamed a little bit : I still have those emotional burst where I have to fight myself to not jump on someone and turn his face in a bloody pulp with my bare hands. But they’re manageable, I can channel them a bit now. It’s still exhausting, and I’ll have fucked up night after that, despite the pills who are supposed to help me rest when I sleep, but at least it only last a few minutes, not hours or days as it used to.

You have to understand that those pills, are the only things that can help me to get some stable ground. Maybe after years of therapy I won’t need them, but for the foreseeable future, they’re part of me. And they allow me to shift my identity away from the rotten tree of despair to somewhere else. To a place where I can enjoy being with friends and lovers without blaming myself after that. To one where I can manage some social stress, even if being in a room with more than ten people is still tough for me. To a place where I can dance the stress and anxiety away. Where being sober among drunk and high friends is not stressful. Where I can admit that shit might hit the fan and that there’s probably nothing I can do to avoid that. The thing you call getting over stuff I think.

I’m still bad at it. I never learned to manage my feelings, and to accept them as not being alien, implanted in me by a fucked up chemistry, pushing me in the backseat of myself. But I think I’ll get there. At least I’m getting a little less shy about it.

But depression is always there to sucker punch you the second you stop paying attention. I can’t forgot the pills. If I forgot them for twelve or more hours, I’m getting suicidal. Fast. I need to be sure that I have them with me in case I’m not sleeping home. Getting arrested at a protest, even only for twenty four hour, is dangerous.I have to think about it every day, all day and it doesn’t help to see my progress.

So, I started to log my feelings. A small app, that will pops some time in my day asking me how I’m doing and what I’m doing. Something proactive, which will interrupt my train of thought and forces me to think about how I feel. Even for only ten seconds. It’s not like keeping a journal, which would require me to take an action, to think about logging and, being ADD, forgetting about it two seconds after thinking that I should do it, postponing it forever.

And yes, maybe this free apps is riddled with advertisement (I could pay to get rid of parts of it) and is built on GAFAM tech. But, as a lot of assistive tech, it needs to exists to make my life a bit easier, to rely a bit less on others, to stop feeling like I’m a burden to others. But this software, those data, are part of who I am. They record my past, and gives me agency. I can look at it and see that yesterday I was quite happy, and that all things considered it’s getting better. The same way the molecules I ingest daily patch my homeostasis, those assistive apps patch my moods.

It doesn’t tells me how I could be more productive. It just tells me how I am outside of now. But then, I’m hearing people, allies or friends, telling me that assistive apps are bad, that they’re only used to gather data about me, profile me in order to deliver targetted ads. Yes that’s true. The same way pharmacological companies tries (and succeed) to profit of every pills they make.

But rejecting this, rejecting the assistive tech part is the same as refusing people with diabetes to monitor their glucose level and to adapt their insulin intake, giving them autonomy. Or refusing access to glasses or hearing aids. Or prosthesis of any kind.

I have the right to help myself with external apparels, and to alter my self using anything available. And I have this right either because it’s a necessity to adapt to this crazy and destructive world we live in, or because it’s fun. Or both. The issue is that we’re monetizing the data about us, about our lives, not that the data exists. Those data are parts of me, they helps me understand myself. They helps you understand me. They helps me understand you, and the world we share.

Onionify

Hidden services

So, for those of you who never heard about it, there’s some hidden services in the wild. They’re called .onion if you use Tor – and you should.

Facebook, for instance, also have a .onion. My blog to.

It’s neat, it helps protect privacy of the user and escape mass surveillance and censorship. Anyone should do it if they’re even remotely interested in protecting their users (I mean, even facebook did it. You can’t be worse thanthem on this bsasis, except if you’re a bank).

But, users still need to know that the .onion exist, and they still need to redirect there. And the onion adresses are anything but human friendly. They’re hard to remember, and a mistake in one character might land you on a totally different website.

It would be nice that, the same way HTTPS Everywhere redirects you to https enabled website when you go for the non-encrypted version, there would be some way to redirect users who uses tor to the .onion version.

Onionify all the things

The cloudflare way

So, you can perfectly do the same thing that cloud flare is doing. Get a list of exit nodes, and – on your web-server – when a queries go from one of them, redirect to the hidden services.

It needs an updated list of exit node. Can probably be done, but then you also need control of the webserver (which might not necessarily be the case) and some cron jobs.

I need to do a bit more research on that anyway.

HTTP Headers

You can also probably add a header server side which would advertise the .onion. Or advertise address in DNSSEC zones one way or another. But then, you need the browser to be aware of that and to do those check before going on the website.

I think it’s probably the best way to do it. And it probably isn’t a lot of code (might need to do a plugin for that, to agree with everyone on a standard, and write a RFC).

Plain JS

Or you can control the browser with something on your content whch is aware of the onion. And which can check if the browser is able of using them.

That’s what JS is for. A simple HEAD query sent by the client to the onion will tell you if the client can connect to your .onion.

It’s probably dirty, it’s JS it does asks permission to do it, but the bit of script I’ve write works fine.

It can be embedded on any page to redirect to a hidden service.

Code

The code is straightforward. No dependencies. You do not need jquery for doing just a query, you need XMLHttpRequest.

It ca also be easily adaptable (just change the content of the onion variable), and it works from anywhere your client lands.

Better privacy for the user in 15 lines of JS.

The code is here, licenced under WTFPL. There’s probably way to do it in a cleaner way, and I said earier, I think it would be better to have a .onion dectection feature in the browser, but it’s there now.

And the more you’ll use it, the more people will land on your onions. WHich will improve both Tor network – more casual surf is always good – and the privacy of your users.

Have fun.

Be Evil, Kick Google In the balls

Be Evil

All of you might have heard the Google moto:

Don’t be evil

With a bit of context, this is said by a company that have only one goal: Be the only web that people will use. Glazman explain that Google, and Apple, are working to build a works only on webkit web, using some CSS closed properties (the one that starts with webkit-*). I won’t develop too much on this, it’s just that this is the event that generates this post.

So, we need to be evil and to move out of the googles-centralized-and-closed-space.

There is a lot of steps, and I’ll probably miss some. You have to know that I’m using an Android too, and that I’m tweaking it (and I almost managed to kick google out of it). But first thing first, let’s go for the easiest part first.

Gmail

So, let’s start. I do not like webmail. Not back when POP3 was hype, not even now that we have IMAP. I do not want to gives my personal email to a third party that will do whatever they want with it (yeah, even with encryption, if the mail is decrypted on the server, that gives the server to read it and break the point of encryption.

We know that Google is reading your mail, to place targeted advertisements on the page you’re reading it. We do not know what they’re doing with your mail and, since there still is an issue with censorship and google being ruled by US laws and regulation, you cannot be sure you won’t have any legal problem with your mails.

So, what can you do? Simple answer: host your mails. You will need a server. It’s cheap, and there is some nice virtual server hosted in Iceland, a country which have strong personal data protection law. Head at https://www.1984hosting.com for instance. That will cost you a few bucks per month. You’re going to need a domain name to. I made a mistake, mine is nation-tied (.fr), don’t do it, try to find a non nation-linked one.

Now, you’ve got a nice server, install an OS server (one open and free, as in freedom, one you know or can learn about, one designed for servers so, basically, a Linux distribution or a BSD one), plug a small databases in it, that will be needed later, and install stuff.

For your mail, I’ll advise you with postfix, I know it more than I know the other ones out there (but not enough to treat myself as a guru). There’s a lot of interesting Howto in the wild, pick one.

Look at TLS too, and grab a SSL Certs (either fire up an account on https://cacert.org, a distributed Certificate Authority based on trust, not on money, or create your own authority.

So, you know have your own server for sending and receiving mail. It’s enough for my needs, because I do not use webmail. If you really want one, have a look at roundcube, it’s pretty and shiny, works on most of the modern browser (probably even with links or mozaic), it looks a bit like gmail so you won’t be lost.

Nice isn’t it, you’re now in charge of your own mail system. No more advertisement, no more dependencies on an external company for that, plain and total autonomy. How does it feel?

You’re addicted now and you want more fix of decentralized freedom? You’re a junkie. But so am I, so, here is your new fix.

Google search

The previous one was easy to understand and to do. Now, we’re going after the big player. Search engines. Google wants you to find websites they think is more relevant to you. They do not want to tell you how they’re doing it, they will target you with advertisement, and they will operates real time censorship and suggestion.

But then, you’re going to say ‘Hey, no choices.’ For one, it’s not true. Even among the closed search engines, there’s Bing (and Yahoo, same engine now) which is quite interesting. Or http://duckduckgo.com. But those are still centralized and closed source solution.

We want to go derper. And farther. We want really open and decentralized search solutions. There’s two out there: YaCy, a java implementation of P2P search and seeks, a C++ one.

I do not know well YaCy, but it have the advantage of scanning and index local pages, and it has its own fans and community. I’m more a seeker (and I run my personal seeks node). They started like a proxy and a meta-engine, but they are now sharing results across P2P and, since the 0.4.0 version, there’s pure seeks results.

You can use a public node for seeks (like mine) that will learn from the uses of all the people that uses it, or you can install your private one. You can use it as a proxy that will intercept all the query that should have landed on Google to process it via seeks instead.

It will require you to build it from sources, but it’s easy to do, there’s an updated and fully detailed tutorial, so go for it. Also, there’s an IRC chan: #seeks@freenode.org, they’re quite nice people to hang with.

So, now, you won’t use google anymore to search your stuff. You see? The Colossus won’t feed on you. Now, worst part is done, let’s deal with the details.

Calendar and contact

Yeah, those are nice tools. But you do not need to them being on google. They are ical compatible, which is nice. VCARD is a old protocol, that used to work on my Nokia 3210 (the phone that can break the world in half with enough velocity). You just need an ical server (and a webserver, but with nginx or apache out there… Plus, if you have roundcube, you already have one).

The best solution I can found until now is Davical. It’s light, it do the job, it works on Postgresql. The sad part is that it does not gives you a shiny interface to click on. But that’s why you need software, no? You need an RSS Reader to read RSS flux, you need a client mail to read mail, you need a calendar client to read calendar. Claws-mail have one, but I assume that if you’re reading this, you’re not on claws. I suspect mutt to have one, emacs-fan will tell you that emacs most probably have one calendar included.

If you want a client that won’t scare you, go for the Mozilla Sunbird or, if you’re already using ThunderBird, there is a lightning add-on.

Davical works with contact to. And the calendar can be read by a lot of other clients, just go through their wiki. Or use your new seeks node to find more about it.

Documents

Use a local office suite (such as libre office if you really need the weight of it. You can use some pad (etherpad one for instance), like the one on Telecomix for on line and collaborative editing. You can even set one up on your own server, yay \o/.

If all you want is hosting and sharing documents, you have two choices. Owncloud will give you the possibility to use a part of your server as a public (or private: your server, your rules) hard drive. I strongly suggest you to encrypt it. Or Unhosted which, as the name suggest, is based on ‘not hosting’ the data. Sounds promising, the fact that the data are encrypted before being stocked anywhere is promising, and, since it’s free software, you can add your own server.

So, no more google docs, ok people?

The last fix will be for the coders one.

Google reader

A RSS Reader. It’s extremely easy and there’s a lot of one. I personally use tinytinyrss. Again it needs a webserver, but then you’ll have all your RSS in the same place. You can probably find other project like this one, but it works quite well.

And you can import OPML (or whatever the acronym is) file format. The one used by google when you want to do a backup of your flux.

Google talk

And last but not least (also, quite an easy one). Google talk. Google talk is pure XMPP. Just like jabber is. You can find a lots of client for jabber, but go for pidgin-otr, you’ll then have the possibility of Encrypted chat with plausible deniability for the same price.

You’ll just need an account for that. EIther set-up your own jabber server (all the XMPP-server can talk to each other) or you use one. Use your seeks node to find a provider you like.

For hosting your own XMPP server, go for Jabberd. Simple, packaged for most distribution. You can then register there with your own nick and talk to other XMPP accounts.

Google Code

Get out of it now, and as fast as you can. There’s plenty of open source git forge out there, especially the most notorious one Gitorious. GitHub isn’t free (does not run on free software) but is a not that bad candidate. But you do not want me to feed you with half-freedom, right? So, gitorious.

What else?

I need to talk to you about Android, but I’m not fully satisfied with what I have now, so you’ll have to wait for your next fix of freedom.

If you’ve done everything here, you probably have nothing left on google. Close and destroy your account. If they ask you why, just answer:

I do what I want, I’m a Matser of Evilness, MOUAHAHAHAHAHAH!

Or RickRoll them.

If you find one server for only you is a bit overkill, then go talk to your friends and family, have them in your server. It will be funnier if you’re a lot. Do not sold them anything, have them understand that the services might or might not working. Do backup. Try restoring your backup. Encrypt them. And do not forget:

Computers and freedom are like sex. The more we are doing it at the same time, the better it get.


version 2.0 – I’ve forgot about reader and talk. Need to find a picasa