2015

Gajim and GPG Agent

Since I’ve started using Gajim I’ve been trying to get it working using the GPG Agent rather than the built-in GPG option. The practical benefit is that I’m no longer required to insert my passphrase each time I open up my laptop, as the passphrase is part of my keychain, just like I have enabled from my Evolution email client. It took me quite a while to get it working, and looking by the number of reported tickets others had difficulties as well. I finally got it working by ultimately trusting the receivers key. In order to keep others from having similar issues, I’ve filed a ticket on the trust level and a ticket on the error.

My C720P upgrade to freedom

A couple of years ago I started using my own laptop at work under the policy of bring your own device although to me it wasn’t about the device, it was about bringing a free computing platform I can trust, a GNU/Linux distribution, and many free and powerful applications, all to improve my short-term and long-term effectivenes as an engineer. This however changed my needs regarding battery life, screen brightness and form-factor. And with the recent dying of my Lenovo Thinkpad T60p, I desired an upgrade, to be able to destine my current Lenovo Thinkpad T61 to become my backup.

Currently there are plenty of interesting developments regarding more free laptop projects, which are even destined to pass the FSF Respects Your Freedom certification. Specifically the Novena laptop, the Libreboot X200, other corebooted Thinkpads, the Librem laptop, and the EOMA68 15 inch laptop. Of this set only the Libreboot X200 and the Librem seem to provide the desired technical upgrade relative to my T61. The Librem seems more ideal, but import taxes would drastically increase the already hefty price. Eventually the Libreboot X200 seemed to be the best deal around, and that’s probably why it is used by many FSFE contributors.

However eventually I decided to go another route, in retrospect mainly driven by technical aspects of an even longer battery-life, an even brighter screen, and an even smaller form-factor. I decided to use a converted Acer C720 Chromebook, more specifically the C720P model bringing more RAM, a larger SSD, a touchscreen and a white housing. Also there are quite a number of copies available second-hand, reducing the cost. Having an X86-architecture supported by SeaBIOS, the level of freedom on the C720P can be increased rather easily. Removing an internal screw allows the BIOS to be reflashed, and thanks to John Lewis amongst others a free SeaBIOS payload is available to flash the laptop using coreboot. I must admit this laptop wouldn’t pass the FSF’s Respects Your Freedom certification, due to the Intel Management Engine and VGA BIOS, which are on the coreboot tasklist.

C720P buffed by Kevin

C720 BIOS reflash being enabled

Although I’m somewhat of a tinkerer, I left the freedomification to my Dutch FSFE Fellow Kevin Keijzer. He has flashed his own Acer C720 with coreboot, having used it since early 2014. We agreed on a fair price, as free software isn’t about free as in gratis, it’s about free as in freedom. I must admit I was pleasantly surprised by the level of service I was given. The laptop was buffed to remove scratches, reflashed, pre-installed with Ubuntu GNOME according to my specifications, configured with all the right shortcuts and device-specific configurations, and subjected to a test run to make sure everything was working correctly. As a finishing touch, to remind me about practices by other vendors preloading unwanted media, I was given my best preloaded media yet. I donated my defect T60p to Kevin’s effort on creating freedom respecting laptops from discarded Thinkpads.

Ubuntu GNOME on Acer C720P

Personal laptop sticker on Acer C720P

I strongly encourage anyone to contact Kevin for his Quiet Life Linux Services to experience his level of expertise and great level of service.

Freedom respecting Thinkpad T60

Now having two operational laptops with two slightly different use-cases, I’m even more encouraged to finish my syncing setup. So far my synchronization is done using Syncthing, Mozilla Sync, my own Freenas build, and a remote OwnCloud server, but more on that later.

Fairphone back to the drawing board

Previously I’ve shared my thoughts and concerns on freedom in mobile operating systems. The Fairphone project unfortunately has a bad reputation in this area. Not because they don’t care, but because they failed to deliver on this promise in their first version. Other people involved in open hardware design for mobile devices saw it coming as they’ve been struggling with exactly the same issue for many years already. Especially for them it shouldn’t have been a surprise that a perfectly fine hardware platform would be kept from future firmware updates.

But as in any process of innovation, a new version allows for improvements. And so will a new upcoming version of the Fairphone. For months the Fairphone has featured several lengthy threads discussing alternative, generally more free operating systems. As I tried to state with a lengthy forum post there are multiple interest in strong conflict with each other. So even whether there will be multiple OS flavours or one for all customers is not yet decided. The great news however is that the Fairphone team have taken on this challenge, big time! I’ve had some email conversations with Kees Jongenburger and Joe Mier regarding further plans and options. But more importantly, they went looking for alternatives at the Mobile World Congress. Over the course of the next months the plans will be finalized, so I’d like to encourage anybody with relevant information to contribute to the discussions. Let’s make the next Fairphone far more fair.

Confronting your digital self

July last year I’ve deleted my Facebook account, but not just by deactivating my account, but by removing each and every post, tag and like. This was a head on confrontation with my digital self. The little information I believed to have submitted proved to be an overwhelming pile of data with serious privacy implications. This wasn’t just a rigorous action, it was a treatment teaching me about privacy. Being convinced I would be one of the few crazy enough to make the effort of deleting the individual scraps of information, I was surprised to find out that some of my friends did exactly the same thing. And more importantly, they had a similar mind-boggling experience. What if there would be a tools continually reminding you about the information you have shared, in statistics as well as by highlighting some of that information? Giving this feedback would certainly help to make people more privacy-aware, the initial step towards a better common practice.

Dia, I love you

Poem for I Love Free Software Day.

Roses are red. Handles are green.
You’re the finest diagramming software I have ever seen.
Always there to help me out.
And you ask nothing in return.
Creating things together is all I really yearn.

Dia I know we will be a great team.
We can work together even upstream.
So let this be my tag line:
Would you be my Valentine?

Valentine letter in Dia

Glasvezelkaravaan

Gedicht over de vele storingen veroorzaakt door de aanleg van glasvezel.

Informatie met de snelheid van het licht, daar komt het aan.
Busje, werklui, zand, stoeptegels, kraan.
Daar komt het aan, daar komt het aan.
Gravend en wackend, de glasvezelkaravaan.

Het is gekomen, de vezel, licht erin.
Volle snelheid, brede band, al bij het begin.
Een wereld vol content, een leven vol zin.
Maar plots geen gas, elektra evenmin.

Daar komt het aan, daar komt het aan.
Telefoon, antenne, gas, water, elektra, allen erachteraan,
Busje, werklui, zand, stoeptegels, kraan, koffie.
De reparateurs, helden in hun kloffie.

Ubuntu calling freedom

So far the flash sales of the first Ubuntu phone by Bq has been sold out, and certainly not without a reason: the Ubuntu phone holds great promises for both the users and the development community. On the FSFE Discussion mailinglist I already gave a quick and general overview mostly based on a recent Linux Unplugged podcast, and so in this post I’d like to revisit my comments with a focus on freedom, as this is lacking in other articles. One word of caution though, I haven’t yet read formal documents or code, so all listed info is second-hand.

First off, embedded devices are difficult, and phones in particular are hard, like Fairphone for instance has come to find. The problem with phone-hardware in general, is the fact that a build is needed for a specific phone since auto-discovery of peripherals like on a regular computer is missing. Add to that the fact that electronics are developed more rapidly than free drivers an be developed, as was the case for the Vivaldi tablet. So unless you have a say in the electronics, and allow a non-signed bootloader, it is very hard and especially time-consuming to develop this lowest layer as free software. and that is also why project like Neo900 and GTA04 exist. One of the added benefits the GTA04 offers, is that the modem is physically separated from other processors, as the modem implementation is locked-down by law. This is about as free software supporting as free hardware designs can get, but this freedom comes at a cost in performance and money, thus requiring plenty of commitment to become a reality.

So in order to actually ship a product, using non-free designs and chips will be the default option, like Ubuntu did in this instance. In order to get a kernel running the device-specific board support package offers the prerequisites needed to boot the Linux kernel. But rather than modifying the Linux kernel and building a tightly integrated software stack for a particular device, as is the case for Android, Ubuntu Phone separates the software stack in two separate layers: a device-specific part and a Ubuntu-part. This separation is ingenious and brings great benefits.

By having a separate Ubuntu-part, this can be updated in the future, without having to do revisions on the device-specific part, thus allowing all models to stay up to date with the newest Ubuntu, and thus avoiding both the platform segregation of Android and the limited number of firmware updates like on iOS. Users can thus still get security fixes and the features newer applications might rely on. Also regarding this part, it would be possible to run a different top layer for a specific mobile operator, or run a different interface on top of this Ubuntu separation layer. I haven’t looked into this layer, but ideally it should be a clean and stable in order to allow others to adopt it.

Likewise the bottom part can be swapped. For instance an Ubuntu Phone port was made to the Nexus 5, which was done by building the necessary but limited hardware support and offering the separation layer. Due to the additional separation, this port will be able to keep up with firmware updates, and so all additional development efforts can go towards improving the device-specific part rather than keeping up with firmware versions. Depending on the required complexity of this device-specific layer, porting additional devices is relatively easy and particularly fruitful as it can remain nearly a one-time effort.

I’m not aware how free the Ubuntu-part is, although I assume this would be in line with other Ubuntu distributions where it mostly adheres to your needs for freedom. The interface is based on Qt5 and is very supportive of HTML5 applications. In this way mobile applications would be able to run on the Ubuntu desktop in the same matter, offering a great convergence solution. Also it is supportive of efforts being made to put forward HTML5 applications for a run-everywhere solution. There is no policy which requires applications to be free, so you can install all kinds of applications, of which a long list is already available. Users are able to sideload applications, avoiding the dependence on an appstore, which is probably the reason why no appstore was launched by Ubuntu just yet. Of no less importance, it seems to be well designed and offer great usability.

One somewhat overlooked part, is the availability of scopes. They aren’t as much overlooked in functionality, but rather in philosophy. Android and iOS have recently realized that apps can be complementary and it is up to the firmware to provide the integration. This can be news and weather, but more recently health and home automation seem relevant as well. The fact that scopes can either work with local data or on the internet but not both, respects the capabilities of the device and prevents unwanted data transmission. More importantly by offering aggregated scopes, you can create a locally generated view. This adheres to the vision of a web which is decentralized rather than centralized and in which each computer has many outgoing connections.

Of course the big elephant in the room is that the phone ties into the Ubuntu ecosystem and so convergence would be best between the Ubuntu phone and the Ubuntu desktop, and likewise it would bring a boost to the Ubuntu store, Ubuntu Snappy Core and presumably to cloud services. So what if Ubuntu would be the next big platform? Well, it would bring a very free firmware which is very friendly to porting devices, it would encourage development in HTML5 and Qt, it would encourage more decentralized applications, it would enable development of the Ubunthu phone itself, and it would put a great alternative next to the Google-ized Android and other systems.

Either way, I nearly bought one but I just missed out by the flash-sale. I’d strongly consider ordering one, because I believe this stack is much more freedom-respecting than Android. More frustrating my perfectly fine phone is still on Android 2.2 with a lack of application support and a whole load of known bugs. I haven’t looked deep enough into Jolla or Tizen to judge them. There are many known improvements available to be adopted, both in hardware, firmware and the available applications. Currently however this seems to be a great phone, with a great software platform, which is another stepping stone in the right direction.

Software isn’t magic

Last month the news landed that the recent Microsoft Outlook app for Android and iOS was leaking and exploiting login credentials. Because of this leak the European Parliament and some universities have blocked the use of this app. Although Microsoft promises double-encryption of the credentials, this specification is an optimistic representation of the actual practice:

What I saw was breathtaking. A frequent scanning from an AWS IP to my mail account. Means Microsoft stores my personal credentials and server data (luckily I’ve used my private test account and not my company account) somewhere in the cloud! They haven’t asked me. They just scan. So they have in theory full access to my PIM data.

— Rene Winkelmeyer

From an engineering perspective this seems to be a straightforward way of offering push messages when the original synchronization interface wasn’t suitable to. But something is of course totally off in the interface of the app. Asking whether or not you’d like to receive push-messages only covers part of the deal. The real result of switching on push-messages can be read in the privacy statement:

We provide a service that indexes and accelerates delivery of your email to your device. That means that our service retrieves your incoming and outgoing email messages and securely pushes them to the app on your device. Similarly, the service retrieves the calendar data and address book contacts associated with your email account and securely pushes those to the app on your device. Those messages, calendar events, and contacts, along with their associated metadata, may be temporarily stored and indexed securely both in our servers and locally on the app on your device. If your emails have attachments and you request to open them in our app, the service retrieves them from the mail server, securely stores them temporarily on our servers, and delivers them to the app.

— Microsoft

It is a unfortunate combination of a lack of security with an unclear presentation to the user. Likewise I’m curious who actually knows for that Google is storing all WiFi credentials of users having enabled the ‘backup’ option. In fact, these misconceptions of the inner working aren’t an exception, it’s more the usual case. Arne Padmos spoke at the last CCC and referred to a research into public perception of email. The over-simplistic drawings on page 15 clearly shows peoples lack of understanding about parties involved. Likewise 29% of U.S. citizens believe the cloud has something to do with the weather, and 95% are using cloud services whilst they thought they weren’t.

Software isn’t magic, but unfortunately it isn’t easy to understand for most people either. I’m certain we can, and should, do better job in educating the general public on these topics. It feels like a big secret waiting to come out, that so many parties and services are involved in getting a service to work. A secret we’d rather not bother a customer with, because the engineers have taken care of it and weighed the pro’s and con’s for the customer. But wouldn’t the customer be better of knowing what decisions underlie a system, to allow an educated choice?

In the Netherlands we have standardized obligatory layouts for energy bills so that customers have a better chance of understanding the product. Likewise there is a standard specification describing more complex financial products for a similar goal. In this regard it seems odd that digital services, which are often times highly complex, can get away with obfuscating instead of explaining. If more people would know their emails are like postcards, and would know that many parties handle those emails, I’m certain the demand for encryption would increase.

Optional rights

Our societies are built on rights which correspond to social norms; fundamental rights correspond to fundamental norms and local rights correspond to local norms. These rights can either be written down like laws, or they can merely be the practical manifestation of the informal norm. This collection of rights is a product of many, many years of progress, but this unfortunately doesn’t mean we can take them for granted. Every single day our rights are subject to discussion and shifting norms.

In recent history it seems that our established rights are no longer taken for granted but are repeatedly being offered as an option. The choice is offered between either keeping your rights or either having some increased convenience or financial benefit. Whilst this does not directly attack our rights, it still does so by way of shifting our norms. If some majority of people aren’t aware of this ‘trap’ and consequently give up their rights, this decreased level of rights becomes the new norm. In these cases the option of choice is hurtful to society, unlike the choice in the marketplace. This choice analogy is however used as an argument to justify the optional rights.

Recently in the Netherlands the right to choose your doctor was subject to debate in parliament, as the liberal party wanted to offer it as a choice, rather than as a right. Giving up this right would enable a financial benefit to the health insurances resulting from their increased negotiation position. In principle consumers should be able to still have this right available to them, but this market principle only holds if some insurances are offering this freedom of choice and the consumers are in fact aware of this consideration and care enough to defend this right. Erecting a new insurance company that adheres to these norms would be the way of the market, but unfortunately this is easier said than done. This market principle thereby undermines the stack of rights we have built over the years as a society via our democratic process.

This grim future of unavailable rights is already a fact in the Dutch educational system, as explained at this Dutch page. Whilst the Dutch parliament has agreed on the right for people to strictly use open standards and free software during education, there is no single Dutch school offering such an educational program. The reason for this unavailability is that in practice schools can choose their IT-systems and the student in market for education respecting open standards and free software is apparently too small or to distributed. So despite our democratic parliament agreeing on this right, in practice this right is subject to the market offering and as a consequence this right isn’t defended anywhere.

Another example is the infamous Facebook, which uses their social lock-in principle to trap users into accepting new terms which violate social norms on privacy, intellectual property and copyright. So rather than offering any benefit in return, it leaves not using the service as the only alternative. In order to defend our established rights, we must stand against this violation both as users and as a society. In this regard we can be glad the Dutch Data Protection Authority is at least investigating Facebook’s new terms.

Considering established levels of privacy, security, freedom or any other kind or right as a marketable feature is hurtful to society, because it erodes our values, our norms and therefore our rights.

This insight was triggered partially by the presentation on Privacy in Context by Helen Nissenbaum and the presentation by Richard Stallman at 31c3.

Why engineering students need to be taught free software

At a power systems symposium today I met some of my previous classmates of the technical university, now in the starting phase of their engineering career. My viewpoint on the need for free software in education was once again confirmed. Whilst at the university many advanced software packages are provided to students at negligible cost, at work these same tools are hard to obtain. In practice these software packages are too expensive to be used on just a couple of cases, let alone ‘try out’ to find a use case. This basically leave the choice between misusing unsuitable packages or not taking on the task in the first place, both of which are generally undesirable.

As I have learned, and my classmates are learning as well, as an engineering professional you are in need for software with no strings attached: free software. Engineers are taught to overcome many hurdles by grasping the problem and coming up with a right approach for solving the problem at hand. Restricting the set of these possible approaches by restricting the software selection ultimately leaves unmet engineering potential, making this practice hurtful to the end-result.

As each individual use case will require the software for a different use case, software packages in general cover a larger set of features in order to target a larger market of multiple use cases, resulting in relatively overpriced software. Apart from the cost of the software package, there are the costs of maintaining yet another software install and having to deal with recurring costs like license fees per year or version. A way to diminish this barrier is by offering subscriptions to hosted solutions, as many software vendors have started doing. Whilst this reduces the upfront cost, there is more to free software than cost alone.

The freedom to modify the code enables integrating the software package in a solution like an automated tool chain. Better still by modifying the underlying code or even working with upstream development engineers can customize and improve each tool of your tool set. Since it is free software no party will be able to take it from you, and you are able to fork the software if you disagree with the direction development is heading in. In this way an engineer is able to achieve far greater independence.

Whilst it seems to be a good idea to teach students to use professional software pckages used in the workplace, this approach presumes that those software packages will be available for students at the job after graduation. If this isn’t the case, these engineers experience unmet potential. By teaching free software, all students are able to exercise their potential, although some students will experience a non-free software package on the job. If the latter is the case, this presumably is because of specific features, which wouldn’t have been taught at university in the first place.

Furthermore students need to be taught to evaluate software offerings in order to select a package based on the task at hand, rather than to have a package selected for them which is often misused or underused. And free software should be taught just like academics are taught, since both value sharing information and checking the work of others.