Declaration of Internet Freedom

We stand for a free and open Internet.

We support transparent and participatory processes for making Internet policy and the establishment of five basic principles:

  • Expression: Don’t censor the Internet.
  • Access: Promote universal access to fast and affordable networks.
  • Openness: Keep the Internet an open network where everyone is free to connect, communicate, write, read, watch, speak, listen, learn, create and innovate.
  • Innovation: Protect the freedom to innovate and create without permission. Don’t block new technologies, and don’t punish innovators for their users’ actions.
  • Privacy: Protect privacy and defend everyone’s ability to control how their data and devices are used.

Don’t get it? You should be more informed on the power of the internet and what governments around the world have been doing to it.

Good starting places are: Avaaz, Ars Technica, Electronic Frontier Foundation, End Software Patents, Piratpartiet and the excellent Case for Copyright Reform.

Source: http://www.internetdeclaration.org/freedom

Smart Grid Privacy

I have recently joined the IETF Smart Grid group to see what people were talking about it and to put away my fears on security and privacy. What I saw was a bunch of experts discussing the plethora of standards that could be applied (very important) but few people seemed too interested in the privacy issue.

If you see the IEEE page on Smart Grids, besides the smart generation / distribution / reception (very important) there is a paragraph on the interaction between the grid and the customers, being very careful not to mention invasive techniques to allow the grid to control customer’s appliances:

“Intelligent appliances capable of deciding when to consume power based on pre-set customer preferences.”

Here, they focus on letting the appliances decide what will be done to save power, not the grid or the provider. Later on, on the same paragraph:

“Early tests with smart grids have shown that consumers can save up to 25% on their energy usage by simply providing them with information on that usage and the tools to manage it.”

Again, enforcing that the providers will only “provide [the customer] with information”. In other words, the grid is smart up to the smart meter (that is controlled by the provider), where inside people’s houses, it’s the appliances that have to be smart. One pertinent comment from Hector Santos in the IETF group:

“Security (most privacy) issues, I believe, has been sedated over the years with the change in consumer mindset. Tomorrow (and to a large extent today) generation of consumers will not even give it a second thought. They will not even realize that it was once considered a social engineering taboo to conflict with user privacy issues.”

I hate to be pessimist, but there is a very important truth in this. Not only people are allowing systems to store their data for completely different reasons, but they don’t care if the owner of the system will distribute their information or not. I, myself, always paranoid, have signed contracts with providers knowing that they would use and sell my data to third parties. The British Telecom is one good example. He continues:

“Just look how social networking and the drive to share more, not less has changed the consumer mindset. Tomorrow engineers will be part of all this new mindset.”

There is no social engineering any more like it used to be. Who needs to steal your information when it’s already there, on your Facebook? People are sharing willingly, and a lot of them know what problems it may cause, but the benefit, for them, is greater. Moreover, millions bought music, games and films with DRM, allowing a company control what you do, see or listen. How many Kindles were bought? How many iPhones? People don’t care what’s going on if they have what they want.

That is the true meaning of sedated privacy concerns. It’s a very distorted way of selfishness, where you don’t care about yourself, as long as you are happy. If it makes no sense to you, don’t worry, it makes no sense to me too.

Recently, the Future of Privacy Forum published an excellent analysis (via Ars) on the smart grid privacy. Several concepts that are easy to understand how dangerous they can be, became commonplace to not think about it or even consider it a silly worry, given that no one cares anyway.

An evil use of a similar technology is the “Selectable Output Control“. Just like a Kindle, the media companies want to make sure you only watch what you pay for. It may seem fair, and even cheaper, as they allow “smart pricing”, like some smart-grid technologies.

But we all have seen what Amazon did to kindle users, of Apple did to its AppStore, taking down contents without warn, removing things you paid for from your device, allowing or disallowing you to run applications or contents on your device as if you hadn’t pay enough money to own the device and its contents.

In the end, “smart pricing” is like tax cut, they reduce tax A, but introduce taxes B, C and D, which double the amount of taxes you pay. Of course, you only knew about tax A and went happy about your life. All in all, nobody cares who or how much they pay, as long as they can get the newest fart app

MySQL down the drain?

Almost 10 years ago, MySQL became a great open source database, part of the LAMP platform (Perl, not PHP) and had everything to compete with the big players in the next few years.

It was then that they have done major releases, with a huge set of new features each, almost once a year. The community was happy using, developing and integrating with other products. But it was around 2005 that the things started going bad…

Back in 2005, when I was still in the loop, I have to say that I wasn’t impressed with the progress that the database had. I wasn’t also impressed with the new view the board gave to big companies (such as Yahoo!) on what was a good bet and what wasn’t.

After release 5.0 (still the production release, irrespective of what Sun says) there wasn’t a major development until Sun acquired MySQL and only then they’ve released 5.1 which they better shouldn’t.

In the old days, MySQL became famous by not implementing foreign keys and transactions, something that every other database had, because of speed issues. That decision became the core of the company and allowed other storage engines (such as InnoDB and BerkeleyDB which had those features) to be integrated, making it very easy to plan your database, using only the features you needed where you needed.

Who’s to blame?

I’m not sure it has something to do with Oracle buying InnoDB and Sleepycat (and now buying Sun, which owns MySQL). Even with all the politics of Oracle slowly buying MySQL in pieces, I don’t believe it’s the whole story. I see much more of an internal conflict and a lack of vision (probably for the lack of guts to keep taking weird decisions and succeeding) than anything else.

Now, MySQL is going down the same drain InnoDB and Sleepycat went, but with a twist: the source code is still GPL. Sun screwed up MySQL in a way I thought it wasn’t possible, Oracle will do it much more efficiently, even if they still play as good guys, it is definitely the end.

Don’t take my word only, my good friend and MySQL guru Jeremy Cole is taking himself out of the loop to avoid the useless politics. Steven (Computerworld) also cannot see how any of the involved companies will get anything in return of this deal.

Is there a light at the end?

Could Monty’s fork become a new MySQL without all the fuss? Could he, the odd guy with odd ideas, put MySQL on the map again? I do hope so, but that will cost MySQL the hall of fame. They’ll need to start over again and eventually fail once they’re there again and restart…

It’ll be fun to watch, at least MySQL had a GPL license which always ease forks and future development. Long live the open source revolution!

UPDATE:

Two excellent articles about the same issue from The Register and Ars Technica.

Who needs Microsoft’s FAT?

Hydrogenated, unsaturated fat and cholesterol are long enemies of the public, but recently a new type of fat has been added: FAT.

Microsoft has filed a patent suit against TomTom about its FAT implementation on their Linux satnavs. This is a bit of a long story and Microsoft is not tired yet. Probably because of the recent losses with patents, they’re trying to get some profit for themselves.

Luckily, there is hope. The guys at End Software Patents can see some light at the end of the tunnel. Looks like the Bilski case can give precedence for rejecting the lawsuit of that (and many other stupid patents they’re claiming) based on the tangibility of mathematical algorithms (software) when they’re not particularly tied to any concrete implementation (hardware).

This was how it was done before in the US until the first case passed through that wasn’t attached to any particular hardware and then with the final revision in 1998 that they could patent even cake recipes.

Why not ditch it for good?

So, FAT is rubbish, 30 years old and close to zero evolution since then, why keep it? It’s true that there are many other filesystems around, much faster, safer, optimized and well designed, but FAT still has its market: on embedded devices. Because it’s simple and stupid, it’s quite easy to support it on very small machines with reduced RAM and CPU power. It’s also light-weight and fits well for small flash cards and USB storage. But the biggest reason to keep it is another: Microsoft supports it since its birth.

Would you buy an SD card that needs to install a driver to make it work? What’d be the point?

Yet again, because of the market domination (and not technical merits), Microsoft forced rubbish down everyone’s throats live for longer that it was expected. And now, they’re trying to get the profits by suing everyone that followed them for decades. What a nice way to say thank you!

Speaking of which, not only they’re happy by suing companies by using Linux (TomTom in this case and many others during the FAT fight), they’re also asking for the open-source community’s help to make Visual Studio 2010 a better product, isn’t that nice? How lovely is the American way of life, I guess the world will never be able to thank them enough.

Who’s afraid of the big bad code?

What would Bruce Schneier say about the magic list that the NSA is putting together with Microsoft and Symantec of the 25 biggest errors in code that normally lead to a security flaw.

Don’t get me wrong, putting out a list of bad practices is a fantastic job, that’s for sure. It makes programmers more aware of the dangers, and as the article says itself, newbies can learn from experience before getting into a new field.

But the way that (lay) people take it makes it so magical that the practical side of such list is greatly reduced.

Order and size of the list

I understand that the order must have some sense, but which? Is it ordered by number of attacks in the last 12 months? Or by the sum of all reported losses caused by them? Or by number of such errors found in common code (on those companies’ code, of course)? Or by any other subjective “importance” factor from a bunch of “Security Experts”?

Also, why 25? Why not 30? Who says that the 25th is so important to show up in the list and not the 26th?

Real-world

We programmers know about most of them, know the problems they pose and normally how to fix them. We often want to fix them, but that normally requires some refactoring and now it’s time to implement those features that our client needs for the demo, right? We can think about that later… can we? Will we?

Than, NSA decides to make this a priority for the country and claim it as a national security problem. Big companies like fancy terms, and would strive to adopt any new standard that shows up in the market.

Then, comes down the VP of engineering and say:

“We need to make sure every programmer knows how to write code that is free of the top 25 errors.”

Done, he can put the GIF image from the NSA saying his company’s software is secure against all odds, according to the NSA and DHS.

Now, coders and technicians, tell me: Would any editor, IDE or compiler ever be able to spot those errors with 100% accuracy?

“Then we need to make sure every programming team has processes in place to find and fix these problems [in existing code] and has the tools needed to verify their code is as free of these errors,”

Of course not, but they will try, and Microsoft will put a beta on Visual C++ and other companies will tell their clients that their software is being tested with the new product and the clients will buy, after all, who are them to say anything about that matter?

Protect against who?

Now, after so much time and effort, 30+ companies and government departments working hard to come up with a (quite good) list of the most common errors that lead to security flaws for what?

“The real dedicated serial attacker will probably find a way in even if all these errors were removed. But a high school hacker with malicious intent – ankle-biters if you will – would be deterred from breaking in.”

WHAT?!?! All that to stop script-kids? For heavens’ sake, I thought they were serious on that… Well, maybe I expected too much from the NSA… again…

(Note: quotes from original article, ipsis litteris)

Search the Web and send a girl to school

camfed.jpg

“Most of us wish we could give more, now we can. Everyclick is a really simple way to raise money for free, just by doing something you already do” said Polly Gowers CEO, co- founder and winner of the WEBA Ethical Entrepreneur of the year 2007. “As we see it, every search that is not raising money for charity is a search wasted.”

 Everyclick.com works just like any other search engine, but allows the users to choose the charity they would like to benefit from their searching. The revenue generated for charities comes from companies that advertise on the site. There is no sign up fee or hidden charge to the user or the charity, it’s free giving.

 Charities of all sizes are benefiting from this new fundraising service; they range from Cancer Research to small village schools. If 10% of the UK online population used Everyclick.com for their searches, an additional £172,000 would be raised for charity every day.

How to raise more money for Camfed using Everyclick:

About Everyclick Charity Challenge

The Everyclick Charity Challenge enables us to raise more money and have the chance to win a poster campaign on 1500 Clear Channel Outdoor sites that will be viewed an estimated 192 million times.

The challenge runs from 15th October 2008 to 1 March 2009 during which time we will have a range of innovative ways to raise money online.

OOXML update

A while ago I’ve posted about how crap Microsoft’s “Open” OOXML is (GPL violations and redundancy among other things).

Now the battle seems to have heated up: IBM threatened to step out ISO (via slashdot) if they don’t roll back the OOXML approval.

Well, they’re big and still a bit powerful. MS is big, but falling apart. Probably other companies would join them, especially those against.

Microsoft is not only failing technically with Vista and their web platform but also financially. They probably spent too much with .NET, Vista and stupid patents. At least the European Patent Office went on strike (I’m really amazed) because they are: “granting as many patents as possible to gain financially”. I wonder is the US patent office ever considered that…

Nevertheless, it’s always good when a big company poses against something bad and restrictive (for the future), although the reasons are seldom for the greater good. Let’s hope for the best.

Non-sense patent system acting as social reform

I was wondering about the patent system in US after reading this article. I am and always was against the non-sense of filling patents for thoughts and algorithms but this weird system can be in fact helpful, the weird results of the pressure against small companies in the US.

It is known that animals (men included?) can develop cannibalism when in restricted environments (such as a cage with more individuals than its capacity holds) or that cyclones develop when you have an extreme conditions in the atmosphere and the Coriolis effect force the air to spin at speeds much greater than we’d like. In a nutshell, the bigger the pressure, the bigger the results.

The capitalism system is all around property. When slaves were not humans, the property of humans were more valuable than their lives. The freedom we have today is the freedom of owning things IF you have money to buy them. If you can’t find a job to feed your children because you didn’t have money to pay for a good school (and therefore didn’t attend a good college) and you eventually steal food for your children, you get arrested and no one will look further to see why you have stolen in the first place.

The patent system was devised to protect the intellectual property (if that exists) and, conceptually is wrong from birth. Ideas don’t have owners and even the Greeks knew that. The core of augmenting ideas is to share and enhance and not to protect it. The only reason to protect ideas is to get money in the end, again, the capitalism is more about money and property than freedom and happiness (I’m being redundant here, I know).

Anyway, the US is the uttermost expression of the capitalism and supposedly of freedom and equality. A system that protects anyones ideas is, in principle wrong but, egalitarian. If that system can yield you money, so you can pay for your son’s studies and he can have a “better” life it means that it’s giving you “freedom” to choose your steps from now on.

But we all know how bureaucratic this systems is and individuals just can’t start filling patents, they won’t even know how to start even if they had good ideas. Worse, if their parents weren’t rich they couldn’t have gone to good school and college and have good ideas on their own and the US is not famous for treating well poor people not even trying to find ways to fight against poverty (they’re too busy getting oil from Middle-East).

So, for a long time, the patent system was used to protect the big companies’ interests for decades. They’d hire great minds and incorporate their ideas to the company (not personal anymore) and if someone can answer me how can a company have ideas I’d be very glad to know.

But as always, the bigger the pressure the worse the answer. Small companies are filling patents like crazy for the last decade or so and they’re making a huge profit out of them. It’s still not right, companies can’t have ideas to protect but that’s the very ugly answer to a very high pressure. It is, in the end, equalising the US society, spreading the money from the big companies to the small companies and probably making the capitalism a bit fairer.

Still, as capitalism, the only group benefited is the rich. Poverty levers are still maintained (increasing?) and they won’t be affected by this change. Pretty much like in the French revolution where the people were used as a mass to disband nobles and kill the king and when everything was settled the (then unusual) group of non-noble rich people took the government and the poor were only poor again (still are).

I don’t want to go into that now but terrorism (in fact all small things that were wrongly put in the same basket called “terrorism”) is also a reflection of that pressure. For me, terrorism is much more the pressure it’s made on people than actually their response to that pressure! I’m not trying to justify any attitude, it’s still horrible and must be stopped, but it’s not by increasing the pressure that they will be stopped!

Humans, like animals, behave like that for millions of years, but I do believe that humans, unlike animals, can educate their instincts.