Bradley M. Kuhn

originally from Baltimore, MD, USA.

President and Distinguished Technologist at Software Freedom Conservancy. On the Board of Directors of the Free Software Foundation. Generally, a Software Freedom advocate, GPL Enforcer, and Occasional developer..

  • NYPD Deputy Commissioner advocates violating proprietary licenses, or?

    2015-05-10T17:27:01Z via Pumpa To: Public CC: Followers

    On This Week, John Miller claimed "Isis is using Apple computers. They're using Directors Final Cut software … same stuff that every other 19 and 22-year-old who's got some creativity can use to send out powerful messages.".

    So, how many 19-22 year olds, in the USA alone, has well over $1,000 (cost of a Mac plus a Final Cut Pro license)? What about around the world? Does he really believe every 19-22 old has access to such? Is he so wealthy that he's that out of touch with how expensive Apple products are?

    Isis probably steals their equipment and violates the proprietary licenses to get this stuff.

    Is Miller suggesting that 19-22 year olds do the same so they can get an anti-Isis message out to their peers?

    I'm deeply offended by Miller's comments. I had plenty of creativity when I was young. I could barely afford my own computer when I was a undergrad. I could only run the most advanced operating system available for PC's because GNU/Linux was not only free as in freedom, but free as in price. That free as in price was the only reason I was able to "exercise my creativity" as a 19-22 year old.

    Claes Wallin (韋嘉誠) , Stephen Michael Kellat , Douglas Perkins , Kete Foy like this.

    Olivier Mehani , Claes Wallin (韋嘉誠) , Claes Wallin (韋嘉誠) , Stephen Michael Kellat and 1 others shared this.

    Show all 11 replies

    People are just now noticing that many of the folks leading these groups in the modern Near East have MBAs and other sorts of contemporary education? Why is this something people are only just now noticing? History did not start 10 minutes ago.

    If the bad guys are making slick propaganda, poke holes in it. Make fun of them. Tear them down. If we have the power with GNU/Linux or even GNU/SystemD/Linux to do it...then let us go ahead and do it.

    Stephen Michael Kellat at 2015-05-11T02:07:52Z

    I saw about a minute of <a senior US gov't official> being interviewed about IS propaganda. He actually said something that surprised me (because previous folks in his position would never have thought far enough to realize this):

    It isn't really about US and other Western people trying to out-propagandize IS leaders and spokespersons. Instead, other voices within the same cultural and religious traditions have to speak up and tell people why IS' dogma does not fit in with their traditions.

    Those who are listening to (and in some cases being convinced by) IS propaganda are not listening to people in suits speaking in front of some building in Washington, DC. They are listening to people whom they feel some connection. at 2015-05-11T02:30:20Z

    jrobb , Claes Wallin (韋嘉誠) , Doug Whitfield like this.

    What is "Directors Final Cut software"? I researched it and discovered it's Final Cut Pro we are talking about.

    jrobertson at 2015-05-11T11:01:19Z

    Re: whatever Isis might use for their video
     - most likely its stolen anyway ... that's not really an indication of being able to "afford" anything

    michaelmd at 2015-05-11T11:11:11Z

  • US/Pacific collaboration?

    2015-05-08T17:34:47Z via Pumpa To: Public CC: Followers

    I'm relatively used to the idea of US/Pacific and US/Eastern collaboration from the west side.

    I typically was always awake no later than 06:30 anyway, and often earlier. The only real change is that I must "roll out of bed and begin work", but I rather like that. It makes one feel important to have to dial into a conference call immediately after waking up, possibly while it's still dark.

    But, the main issue I have is this: I would ideally like to cook breakfast while I am on the phone. If I have to be the one talking, it will wake up my wife in the nearby bedroom.

    This morning, I did a long conference call while walking the dogs, which worked ok, but I had the problem of returning to my apartment and being really hungry at that point and needed to cook the oatmeal, but still being on the phone.

    I could plan ahead and not eat oatmeal the days when I have to do this, but I don't really like many of the 'cold breakfast' options (at least, I don't like any of the healthy ones, which is why I make oatmeal every day. I'd certainly enjoy, say, a big cheese plate for breakfast but I try to treat cheese more like a dessert than a meal these days).

    Today, I handled this by going in my office to talk and then running back out at moments when the other person was talking to stir the oatmeal. My wife says I did not wake her up doing this, so it was a reaonable hack, but:

    I'm curious, has anyone else had the problem of taking early morning US/Pacific conference calls and needing to cook breakfast at the same time when someone is still sleeping in a nearby room?

    (BTW, I do work really hard to make my problems specific in nature rather than generally say: "HOW TO CONFERENCE CALL EARLY MORNING FROM WEST COAST TO EAST COAST?" I'm good with bug reports that way -- I dig down until the problem is well defined ;)

    Olivier Mehani likes this.

    @Bradley M. Kuhn I highly recommend investing in a decent rice cooker (I like the induction heading ones). You can just dump in oatmeal and the appropriate amount of water and whatever else (fruit, etc), turn it on, walk away. When you come back, perfectly cooked oatmeal!

    Christopher Allan Webber at 2015-05-08T17:46:37Z

    Andrew Engelbrecht , jonkulp , j1mc , Mike Linksvayer like this.

    I guess it is terrible responding to bug practice to question a tangential part of the user's experience, but I wouldn't call oatmeal healthy.

    But ignoring that, can't oatmeal be made pretty much noise-free? You could use an electric tea kettle to heat the water, even in your office.

    Mike Linksvayer at 2015-05-08T17:47:01Z

    j1mc likes this.

    WONTFIX: calling US/Eastern conferences from non-US/Eastern timezones is not a supported use-case and will be disabled in future versions


    Olivier Mehani at 2015-05-09T05:39:17Z , sazius like this.

  • Some Things *Are* His Fault

    2015-05-08T01:10:39Z via Pumpa To: Public CC: Followers

    Large parts of Portland's public transit are shut down as POTUS goes from PDX to downtown Portland.



    Christopher Allan Webber , Dan Scott , jrobb , Claes Wallin (韋嘉誠) and 2 others like this.

    Claes Wallin (韋嘉誠) , Claes Wallin (韋嘉誠) shared this.

    I'm glad to be able to work from home these two days.

    Charles Stanhope at 2015-05-08T04:08:57Z

    RiveraValdez likes this.

  • Charity Fundraising

    2015-05-08T00:02:01Z via Pumpa To: Public CC: Followers

    This is completely scattered and unclear, but I doubt I have time to work this into a clearer blog post, and if I save it to edit later, it won't see the light of day, so I'm just going to post it. Here goes:

    Is it only because I'm a non-profit geek that I become jealous of public radio fundraising drives, thinking: "If only what my org did could easily interrupt the flow of publicmix benefit it does for 5 minutes to explain why donations are needed?"

    I'm not a fan of Shareware, but I do think, say, what Wikipedia does for fundraising is reasonable (the banners could be a little smaller, but that's a minor tweak).

    However, most Free Software projects, and even more, orgs that serve the needs of Free Software projects just don't have the ability to interrupt the flow of the "public benefit work" to remind the public of the importance of the work. But, if you take a look, orgs that can do that have had a much easier time getting funding. WMF is a very wealthy org, as are most public radio stations.

    It's just tough not to be jealous. My colleagues and I talk in terms of "how in the world can we raise another $N", where $N << 100,000. These are numbers that other charities can raise so easily, merely by doing a fundraising drive via their "standard medium". For other orgs, they can only raise that much when there is a huge crisis, and those donors don't repeat the following year, so you get to do some good work for a while, and then what?

    I read a study a long time ago arguing that NPOs should invest much much more in fundraising overhead, since the study showed orgs that did that increased size (and thus public good work done) by orders of magnitude.

    Maybe that principle applies easily to the typical org, which has a simple and clear message of what it does that is hard to criticize, but what if you're raising money for a radical cause that lots of powerful people have convinced many would-be donors shouldn't exist at all? Think about how GPL enforcement has been portrayed by the powers-that-be, and you'll get a sense of why it's not like raising money for an animal shelter. (And yes, I give to animal shelters; it's not that I'm against them, I'm just saying that some of these things are just easier to raise money for).

    This is the world I live in. And, while fundraising is thankfully not my job anymore, everyone who works for a small non profit has to help on this, particularly when the charity is so taxed by overwork that everyone fights proverbial fires all day.

    Which just brings me back to jealousy. I always try to set it aside, but it's tough not to. I try not to think about the OpenStack party at OSCON 2013 that looked, upon inspection of the event and back-of-napkin calculations, to cost more than a year of Conservancy's operations (gratis FIji water and full bar with mixed drinks for hundreds of people?!?!). I try not think about the fact that Oregon Public Radio, whose fundraising drive has been playing the whole time I've been writing this, probably will raise Conservancy's entire annual budget just this week, just during All Things Considered.

    To combat the jealousy, my new way of approaching this situation is simply this: basically, if people don't give to Conservancy, it's my fault, not theirs. If Conservancy can't fund its rather meager operations, I and my coworkers just weren't doing work that mattered to the world. Conservancy just shouldn't exist if people don't want to fund it. I've worked for charities where the leadership had a fundraising "sense of entitlement" that they deserved to get donations because of who they were. I certainly never want to work at a place like that again.

    But, this in turn leads me into a sprial of self-loathing: if so few people actually support Conservancy's work, then I am clearly wasting my life.

    I've thus generally come to the conclusion that being a radical activist requires a careful balance of self-righteousness and humility. I've not met a single person, including myself, who has gotten an appropriate balance on that front. I've also seen a bunch of people move away from radical activism because they leaned too far in one direction.

    e.g. I've met people who got so self-righteous about their cause, that they conflated it with their own professional success. I've also met people so humble that they can't motivate themselves to do anything bold in activism because they feel they just "aren't important enough to make a difference".

    I want to be neither, but hopefully you see why I think it's a balance of those two seemingly incompatible tendencies found in activists.

    OTOH, there's really no room for jealousy, but to deny that jealousy exists is simply not being introspective. As I said to someone recently when discussing this issue of "pecking order of charity jealousy": "someone on the block always has a nicer house". Every charity is jealous of the charity that has 3-5x its budget. I know for sure: because when you talk to colleagues frankly at other non-profits, you can tell them how jealous you are of them, and they'll tell you who they're jealous of. That's how I figured out that 3-5x "jealousy number". :)

    Richard Fontana , sirgazil , Mike Linksvayer , Christopher Allan Webber and 3 others like this.

    Christopher Allan Webber , Mike Linksvayer , Claes Wallin (韋嘉誠) , Claes Wallin (韋嘉誠) shared this.

    Show all 7 replies
    A FaiF episode in the style of NPR fundraising would be good theater.

    Mike Linksvayer at 2015-05-08T14:28:24Z

    Doug Whitfield , Nathan Smith like this.

    That's an interesting insight, Bradley. It would be interesting to try to think of ways that a free software project could "interrupt the flow" for fund raising without interfering with the functioning of the software. I think it also helps to have specific targets and limited fund raising periods. Projects have wiki pages, download pages, and mailing lists. Messages could be placed there. For rapidly released projects, perhaps a release cycle could have fund raising messages in documentation or startup banners. Distributions could consider cooperating with appropriately tasteful fund raising drives and pass along messages during installation or upgrade of packages. For organizations such as SFC, interrupting the flow will definitely be more challenging. Hopefully the projects you help manage would point back to you during their own campaigns.

    Charles Stanhope at 2015-05-08T15:27:28Z

    Mike Linksvayer likes this.

    Some free software projects could definitely "interrupt the flow" to remind people of their importance. For example Firefox could occasionally delay the rendering of a web page to display "an important message" :-) I doubt people would stand for that very long, though, and there would be a fork out soon :-)

    sazius at 2015-05-08T17:19:39Z

    Mike Linksvayer likes this.

    @sazius I think you're right, user-facing programs can easily interrupt flow. Firefox doesn't need to (because search revenue) but they do in subtle ways occasionally. More programs could, and get away with it, particularly if they had strong relationship with their communities already. Are there any good examples? 

    Don't tons of 'apps' do in-app upselling to a proprietary version or other in-app purchase? Do any faif apps ask for donations or offer in-app purchase of crowdfunding-like perks? I guess I should try more 'apps' so that my knowledge isn't secondhand.

    I know the bigger problem is not having millions of users, but lack of $ for development and marketing only perpetuates that problem.

    As @wolftune might be reading, perhaps after finally launches with real money, it should somehow enable in-app/program pledging.

    I don't know that there's a solution for Conservancy wrt applications interrupting users, other than some of its member projects raising lots of money that way and giving Conservancy its cut. But I suppose (modulo it not having enough resources to do anything beyond what it is already doing, etc) that it could conceivably also help member projects do in-application asks.

    Mike Linksvayer at 2015-05-08T18:20:30Z

    Christopher Allan Webber , Aaron Wolf like this.

  • 2015-05-06T01:41:40Z via Pumpa To: Public CC: Followers

    I have always loved the sound of disk I/O. I'm listening to the Conservancy backups run now. That bursty crunch is like music.

    Has anyone compiled sounds of how hard drive I/O noise changed over the decades? I am wondering what made that high-pitched note in the middle of the crunch that went away sometime in the mid 1990s.

    And, this may be a lost sound, like modem noise. At least for the moment magnetic disks are still cheaper than solid state, though. :)

    Olivier Mehani , Brion Vibber like this.

    what about the sound of floppy drives? .. haven't heard that for a while!

    more of a worry is finding one that still works of you want to get a file from an old floppy!

    michaelmd at 2015-05-06T03:29:45Z

    Douglas Perkins likes this.

    I like how the Amiga500 emulator UAE makes use of that and plays back a recording of an actual Amiga loading from disk

    mray at 2015-05-06T10:24:18Z

    Elena ``of Valhalla'' likes this.

    tried to set that up years ago .. but I think it needed a rom image to work ... didn't find anywhere to get that (guessing maybe a real amiga but don't have one)

    michaelmd at 2015-05-08T05:44:24Z probably not your intention, but this gives me a fun idea for some electronic music I've been kicking around

    x1101 at 2015-05-08T16:44:47Z

  • 2015-04-23T23:39:39Z via Pumpa To: Public CC: Followers

    The thing I probably hate most about being a software freedom activist is how often the politics dictate that I ingratiate myself to proprietary software company employees and leaders.

    I then always wonder how often environmental activists ingratiate themselves to Exxon employees.

    Then I wonder if I really am an activist at all.

    Robert Musial , Sean Tilley , Aaron Wolf , Matthew Tift and 3 others like this.

    Claes Wallin (韋嘉誠) shared this.

    Show all 7 replies

    I don't really understand what you mean. Could you give an example, either real or fictional?

    Douglas Perkins at 2015-04-24T04:57:22Z

    in my opinion the problem is in, some, environmental activists. employees as individuals are not "guilty". environmental activists neither work in the same industry than petrol or car industry employees. microsoft emps, I imagine, think they are developing the best software and that the non-community approach is better, at least some of them. I don't think that they have all the time in mind how to slave their user. everybody try to see the positive parts of the work they have. in my opinion the free software community have a much more healthy attitude than some, more noisy is true, parts of the environmental movement. long and awfully written. sorry.

    lard at 2015-04-24T06:16:09Z

    Scorpio20 likes this.

    Why would ingratiating ever be necessary? Or to put it another way - if you are being fair to yourself about accusing yourself of ingratiating yourself, what has such ingratiation actually achieved for you?

    When I look at how companies deal with one another, I don't see anything like the sort of ingratiation I think you are talking about (ignoring things like sales pitches - surely you're not talking just about corporate fundraising). 

    Richard Fontana at 2015-04-24T18:34:00Z

    i do not get it at all

    hellofgames at 2015-04-30T13:00:47Z

  • Wikipedia on 60 Minutes

    2015-04-06T02:57:41Z via Pumpa To: Public CC: Followers

    The media admittedly often takes the worst possible soundbite, but it's unfortunate that the Wikipedia story on 60 Minutes tonight included a Wikipedian saying that "its growth could be infinite".

    I assure the world with complete certainty that Wikipedia will remain finite forever.

    The quote was probably a mis-speak, but I'm disturbed that 60 Minutes decided to use a quote that had a Wikipedian stating a mathematical impossibility in a story about knowledge and its dissimenation freely to the public.

    Also, I wonder if there's a subtle sexism in the editing, since that item just happened to be a quote from a female Wikipedian rather than the male ones.

    Meanwhile, I must also note I'm quite disturbed that Sue Gardner said "Wikipedians are a little bit OCD". It's really not appropriate to opine publicly that a class of people in our community have a psychological disorder. Sue is not the only community leader I've seen do this, though, it's just that she was on 60 Minutes saying it.

    EricxDu , Olivier Mehani like this.

    Claes Wallin (韋嘉誠) , Olivier Mehani , Olivier Mehani shared this.

    Show all 7 replies
    this assumes human expansion is finite, which may or may not be true. Of course, distributed computing across planets will make for some serious diff issues.

    I suppose at some point there are also concerns about speciation, so perhaps we should just be talking about intelligent beings (though intelligence is also debateable).

    Doug Whitfield at 2015-04-06T17:14:41Z

    I agree with lnxwalt. My point was that nothing we do on a computer is infinite. It can't be.

    If the speaker really meant to talk about growth that would continue as long as human beings are around, then the right words are "unbounded" or "indefinite". They don't sound as exciting as infinite, of course, but the accurate rarely sounds as exciting as the inaccurate.

    Bradley M. Kuhn at 2015-04-06T17:22:50Z

    I just learned that "infinite" can mean "immeasurably great"

    Whatever the accepted definitions though, clearly the use of the word leaves one open to criticism, and I suppose is to be avoided. There are other words that fall in this category. For example: &"niggardly"

    Doug Whitfield at 2015-04-06T17:40:05Z

    The supposition of sexism seems to be based on the assumption that 60 Minutes agrees with you on the pedantic criticism of the Wikipedian's use of "infinite growth" (if I understand the point correctly). This however seems highly unlikely.

    Richard Fontana at 2015-04-09T17:09:10Z

  • 2015-04-01T22:49:09Z via Pumpa To: Public CC: Followers

    Dear April Fools Joke Implementors,

    Some of us work for a living. We really don't have time to wait for the 1999 screen of your website disappear so we can get our work done.

    How much money in our economy is wasted on implementing April Fools Jokes? Is it just my perception, or are there more in the high-tech / web world than the "real world"?

    BTW, I also annoyingly had to consider briefly whether a political hot potato issue that came up today was an April Fools joke, which also wasted time.

    It's all fun and games until productivy is lost with tihs frivolity.

    Yes, I hereby declare myself the Scrooge of April Fools. Will the ghosts of April Fools past, present and future visit me in my dreams tonight?

    I suspect the Ghost of April Fools Past will show me this, the only April Fools joke I ever thought was clever, but it was probably because I was at an impressionable age wen I first read it:

    ciarang likes this.

    Show all 5 replies
    Every day is April 1 to me. Or rather I can't discern any increase in waste or bad jokes on April 1. At most intentional April 1 jokes are froth on a great ocean.

    Mike Linksvayer at 2015-04-01T23:13:53Z

    Kete Foy likes this.

    Oh, and since you make a reference to Xmas ... even I can discern the increase in waste and hoaxes during that season! April 1 is nothing to complain about.

    Mike Linksvayer at 2015-04-01T23:15:20Z

    I think this post is a hoax, @Richard Fontana probably broke into @Bradley M. Kuhn's account as a parody.

    Funny joke, Fontana! But you're not fooling anyone.

    Christopher Allan Webber at 2015-04-01T23:46:50Z

    Jim Bowering , Richard Fontana , warp , Charles Stanhope and 3 others like this.

  • Ancient

    2015-03-31T22:53:07Z via Pumpa To: Public CC: Followers

    So much ancient astronaut theory is predicated on the assumption that ancient peoples had no imagination. Particiularly the parts that relate ancient myths to modern technology.

    In fact, I suspect they had more imagination than we do today. Think about it: night is truly dark, like really dark. Nothing to see but the stars. Nothing to read (literacy is likely near 1% or something).

    Of course you make up stories to entertain yourselves. Who wouldn't?

    That said, I often ask my dogs (both pugs) if they are in fact ancient aliens. I really do secretly wish that, like the mice in Hitchhiker's Guide, the are in fact highly intelligent beings that are studying me and will reward me when the Vorgons come to destroy Earth because I treated them so well.

    This is in fact why I think I didn't really like Lord of Light.

    EricxDu , Richard Fontana like this.

  • Sunday morning Spin

    2015-03-28T02:46:09Z via Pumpa To: Public CC: Followers

    I watched Tim Russert, and yes, basically from when he started. I'm old enough to have been an adult before the Clinton administration started.

    I liked David Gregory even though many didn't. He was no Tim Russert, but he wasn't bad.

    But Chuck Todd, I mean, I don't need goofy CNN animiations, what I want is the hard hitting questions asked, and watch them get not answered, and see them asked in another way that occasionally tricks the interviewee into going off message. Tim did this so well. Stretch did ok. Todd, that's not his thing.

    I tried watching Clinton's own first press secretary try to do this. I mean, I never liked Roberts and Donaldson in the first place, but I hate people who switch sides from politico to press.

    So, the short question is: what happened to my late sunday morning and who should I watch?

    And no, Schieffer wasn't on the table for me before, but maybe I should give him a chance?

    Richard Fontana , EricxDu like this.

    Odd enough to be an adult before the Clinton administration started, are you trying to say I am old?

    lostson at 2015-03-28T03:30:26Z

    Tim Russert started out in politics (working for Pat Moynihan and then Mario Cuomo).

    Richard Fontana at 2015-03-29T13:41:52Z

    X11R5 likes this.

  • 2015-03-18T01:22:21Z via Pumpa To: Public CC: Followers

    Maybe I'm just old, but I do watch local news, usually while finishing up various bookkeeping tasks at end of the day. I don't actually know which Portland news casters I should watch. Does anyone have recommendations? I watch either afternoon team or early morning team, so I am looking recommendations there.

    So, recommendations?

    (Note: I have a standard HDTV antenna so don't recommend anything that can't be received with that).

    Stay classy, Portland!

    Douglas Perkins shared this.

  • The Dirty Politics Begin

    2015-03-12T21:14:08Z via Pumpa To: Public CC: Followers

    And, it took less than a week for third-parties to start playing dirty politics. I really do feel so often that I live in an episode of House of Cards. I admit, one thing that show makes apparent that bears true in real life: the unscrupulous always have advantage over the principled people, no matter how good we are at politics.

    I made a lot of notes for my memoirs today, so I guess I should take solace in that.

    dvn , Richard Fontana like this.

    I'm assuming this is related to the gpl enforcement?

    David "Judah's Shadow" Blue at 2015-03-13T11:20:15Z

  • 2015-03-12T00:09:51Z via Pumpa To: Public CC: Followers

    This is humor in the same manner as Silicon Valley.

    I think this explains what I was trying to say about why I wouldn't really consider living in San Francisco Bay Area.

    Distrubingly, I have actually joked to my wife at times that we should "sell the privilege" of walking our dogs to someone who lives in a building that doesn't allow them.

    I mean, my dogs do all sorts of cute things all day that I am too busy working to notice. I could sell that to someone, right? :)

    Jason Self , Tyng-Ruey Chuang , Charles Stanhope , Richard Fontana and 1 others like this.

  • 2015-03-11T04:41:33Z via Pumpa To: Public CC: Followers

    Until a few weeks ago, I walked my dogs past here on an almost daily basis. In my new neighborhood in Portland, there have yet to be any shootings.

    And, I or my wife used to have to call 911 on pretty much a monthly basis. My last 911 call was less than a week before we moved, when I witnessed a domestic violence choking incident a block for my apartment.

    I am glad I don't live in NYC anymore.

    Efraim Flashner likes this.

    Taylor Gunnoe , Taylor Gunnoe , Taylor Gunnoe , Taylor Gunnoe shared this.

    Portland has a lower crime rate than NYC in some respects. However, it appears to have a significantly higher incidence of rape compared to NYC. As for property crimes, Portland appears to have a much higher rate than NYC.

    Portland | NYC crimes per 100,000 people in 2012 (FBI stats as reported by Wikipedia)
    Violent crime 517.2 639.3
    Murder and non-negligent manslaughter 3.3 5.1
    Rape 38.6 14.0
    Robbery 158.9 243.7
    Aggravated assault 316.4 376.5
    Property crime 5092.3 1722.2
    Burglary 747.6 224.8
    Larceny-theft 3745.3 1398.6
    Motor vehicle theft 599.5 98.8

    Richard Fontana at 2015-03-11T15:12:43Z

    Also, violent crime rates within U.S. cities often follow patterns of racial and income-level segregation. My general impression, confirmed by some quick research, is that Portland is a far more racially segregated city than New York.

    Richard Fontana at 2015-03-11T15:18:13Z

    Doug Whitfield likes this.

    @fontana Way to kill a buzz

    Taylor Gunnoe at 2015-03-11T17:40:27Z

  • Cargo Culting Password Strength Testing (or why Health Insurance costs so much in the USA)

    2015-03-10T18:53:39Z via Pumpa To: Public CC: Followers

    Yes, Dental insurance company. [sarcasm]My incredibly secure password with more than 8 characters generated with pwgen -s just isn't secure enough.[/sarcasm] I got past the fact that I had to call for you to tell me the website wouldn't work if I replaced the two digit prefix on my id number with a 0. I was still giving you the benefit of the doubt at that point.

    But now, you tell me that my password must contain 3 of each of the following: uppercase alpha, lowercase alpha, numbers, and "approved symbols". You don't even tell me what approved symbols list is. I guess that @ # ! are fine, so I take the already secure password I had, throw an @, #, and ! into it in three places. Now, you've let me register.

    But, do you even have a clue that you are just inspiring people to make ABCabc123!@# as their password? I nearly tried it just to see if you'd accept that outright (out of curiosity), but your website was so bad, I feared that once I did that, you wouldn't permit me to change it, and then I would be stuck with a truly insecure password.

    Of course, next you asked me for a security question to choose like Mother's Maiden name or my father's name, both of which are more or less a matter of public record. So, I made up a name for my father using pwgen -s and saved it in a GPG encrypted file. So, the funny part is, if I'd just treated your default security questions as legitimate, anyone who reads my blog could have called you and told you my father's name and gotten a password reset anyway.

    Seriously, Dental Insurance Company, do you really think these things make your systems more secure? Do you really think it protects patients? Has anyone on your tech team ever taken a single course in computer science that mentioned how users tend to seek easy-to-remember ways to circumvent requirements like this, and that the known best way to ensure security of passwords is run libcrack style tests, and that merely adding hoops of number/types of characters do indeed inspire 'abc123!@#' phenomena?

    I'm disturbed that your computer security team is this incompetent, given that you have on file a lot of personal data about me.

    I have, BTW, now logged into your website with my new account. It literally looks like a gopher site, which is fine with me of course — I like that sort of thing. But, we now also know that your developers don't even know what CSS is. Now, I find CSS incredibly frustrating but even the web Luddite that I am, I realize you can't put up a professional website without some basic CSS. To put it in terms you can understand: It's like sending out letters without your letterhead on it. Yes, it doesn't make the communication invalid, but it looks like you're some fly-by-night operation.

    It's cute that your developers know some Javascript though — a great way to spruce up any early 1990s gopher-ish site:

        function isLetter (c)
        {   return ( ((c >= "a") && (c &lt;= "z")) || ((c &gt;= "A") && (c &lt;= "Z")) )
        function isDigit (c)
        {   return ((c &gt;= "0") && (c <= "9"))
        function isLetterOrDigit (c)
        {   return (isLetter(c) || isDigit(c))

        function Validator(form2)
        if ( (form2.UserRestriction2.value.length<3) )
        alert("Please enter 3 or more characters for Search");
        return (false);

    Of course, it's proprietary. But I wonder if it's even copyrightable anyway. :)

    (Sarcasm again): Anyway, the only real improvements I can suggest that fit your current website style is to add a few blink tags, and maybe you should get that Javsacript that mess with window.status to scroll a message at the bottom of the status bar. That's all the rage, I hear.

    BTW: I'd have no trouble naming names of what Dental insurance company this is. However, I fear doing so would put my own data at risk, since they have my personal info on file and I've revealed how insecure they are. I think given their bad security, that security through obscurity solution may be my only option for my personal data with them.

    And yes, this is one of those companies that tells us it's impossible to generate PDF or electronic invoices and sends us four sheets of paper every month to invoice Conservancy for 3 employees plans.

    Benjamin Cook , ciarang , Freemor , uıɐɾ ʞ ʇɐɯɐs and 5 others like this.

    Olivier Mehani , uıɐɾ ʞ ʇɐɯɐs , Claes Wallin (韋嘉誠) , Claes Wallin (韋嘉誠) and 4 others shared this.

    Part of that is that ensuring good passwords is really hard. Not to defend them, you can do it with enough work (count entropy instead of characters, make use of user testing to eliminate the most commonly used passwords, etc.) but it's a lot of work and I'd bet that convincing management to allow it would be hell.

    tekk at 2015-03-10T20:43:34Z

    Olivier Mehani likes this.

  • 2015-03-09T23:04:42Z via Pumpa To: Public CC: Followers

    People are so nice here in Portland, OR, that I am now actually worried I might lose my edge. More than one person has joked that my growing less suspicious nature and friendliness is going to cause me to not require full compliance for GPL violators. (No, that won't happen, just a joke :)

    Here's an example: the moving truck delivery with all my stuff on it still hasn't arrived, and I don't know what day it will come. I am trying to block off the parking spots in front of my building for the truck, but don't know the day. The dude in parking enforcement for the city of Portland, empathized with me, telling me that he faced the same thing with his move, and is expediting my application, looking up on real time while on the phone if the spaces were availble for reserve, and allowing me to adjust later to the right date.

    Granted, I have to give the city of Portland $70 for this, but in NYC, I'd still be trying to figure out what agency has jurisdiction on such things, and they'd be telling me you "just can't reserve space".

    Indeed, for the pickup, the truck just sat illegally and they told us we'd have to pay a ticket if they got it.

    I may write more on this later, but the best and quickest way I can describe NYC is that a citizen there is constant and contentious competition for everything: from space to stand in aisle in grocery stores (yes, that's a thing, most of the aisle aren't wide enough for two people to stand abreast), to city resources, to apartments, to space to stand on the subway, to just about everything in daily life. I felt in NYC that daily life was a constant struggle. And that's how someone with middle class means feels: think of how it feels to be truly poor (not relatively poor due to rising rents) in NYC!

    Anyway, I have to say I'm glad to be out! I keep joking that I now don't know if I can "make it anywhere" (referencing the Sinatra song, New York, New York), but I actually believe that NYC is the one place I can't "make it". Ok, maybe San Francisco too, but I can't stand being pitched start-up ideas in line at a coffee shop, anyway, so no chance I want to live there.

    A few of you got in touch who are local. I must admit, I'm losing track of how many Free Software people live here. I'm going to have to make a list.

    RiveraValdez , Charles Stanhope , Taylor Gunnoe , Jason Self and 4 others like this.

    Yup! And by the way: we do need a more focused software-freedom organization effort here. There was a start with something called LibrePDX but that didn't get enough foundation to really get going. I know a decent number of the local folks, but there's mostly tangential tech/Linux groups and no real organization or list dedicated to libre-focus at this time. Whatever happens, whether you're active in organizing or not, I'll want to hear about it… and happy to do what I can to help (athough I'm always feeling overly busy already as is normal…)

    Aaron Wolf at 2015-03-09T23:26:57Z

    Now I want to move there

    Taylor Gunnoe at 2015-03-10T03:02:35Z

    I have never heard anyone pitching startup ideas in line in a coffee shop in SF or nearby. But I would enjoy that. Apparently the bay area has nowhere near the concentration of startups necessary for my maximum enjoyment. Onward!

    Mike Linksvayer at 2015-03-10T04:48:49Z

    Regarding grocery store aisles, I assume you're talking about the ones that are in the supermarket genre (as opposed to what I tend to call a "deli"). Narrow-aisle grocery store aisles I associate with Manhattan, though perhaps you encountered them elsewhere. I recall finding them annoying. It's been a long time since I was in a supermarket in Brooklyn or Queens but the ones I remember from living there (i.e. till I was approximately 15 in Brooklyn, 24 in Queens) were more like their spacious suburban siblings, though no doubt smaller. I am not even sure supermarket-genre grocery stores were common in Manhattan before the 1990s (Manhattan underwent a kind of suburban transformation corresponding approximately to the Giuliani administration).

    Richard Fontana at 2015-03-10T05:15:13Z

  • Coreboot on the T530?

    2015-03-07T22:12:43Z via Pumpa To: Public CC: Followers

    This is a bit of a lazyweb but I think people here might know:

    I have always preferred 14" laptops and the Thinkpad T60 with coreboot is a great option.

    Strangely, there hasn't been a more recent 14" Thinkpad model that coreboot supports.

    I have new idea: Get a 12" and 15.6", and use the 15.6" for home and 12" for travel and swap a drive as needed. (I hate having to rsync my home directory when I travel, and not having "all my files" with me when I travel.)

    So, the obvious 12" option is just to buy an X200 with coreboot preinstalled from Gluglug. But what for the 15"?

    The T530 seems reasonably well supported with coreboot, and while the idea of getting an external SPI flasher and a SOIC clip seems mildly daunting for a software guy like me, I can probably pull it off.

    But, does anyone have other suggestions here? I like the T60s, but RAM constraints of 2GB are starting to become problematic for me, and the CPU speed isn't great either.

    And huge thank you in advance if someone is going to LibrePlanet later this month and wants to help me install coreboot on the T530. But let me know soon so I can order it for then!

    Olivier Mehani shared this.

    how free do you need the machine to be? the x200 and the r400 are the latest and greatest that can be blob free. The T530 obviously requires blobs and the management engine.

    Maybe the r400 would be enough for you? It has the same specs as the x200 but with a larger screen

    Taylor Gunnoe at 2015-03-08T00:42:26Z

    Kete Foy likes this.

  • See me at PLUG meeting tonight (Portland, OR)

    2015-03-06T00:47:01Z via Pumpa To: Public CC: Followers

    You might have noticed I've been very busy since I got to Portland, and I hadn't mentioned that I am speaking 2 hours from now at the PLUG meeting. Here are the slides.

    Kete Foy , Charles Stanhope shared this.

    Great talk, and terrific handling of questions.

    Charles Stanhope at 2015-03-06T05:20:04Z

  • 2015-03-04T02:17:09Z via Pumpa To: Public CC: Followers

    I obviously am in an insular circle because no one I've interacted with has been excited about using Gitlab.

    OTOH, I suppose that anyone who hasn't thought about the software freedom issues related to their DVCS hosting is already using Bitbucket or Github anyway.

    Aaron Wolf likes this.

    Perhaps you need to narrow your circle further to have such bragging rights. I am excited about using Gitlab.

    Admittedly most of this feeling of excitement has little to do with me using Gitlab:

    * I enjoy seeing a moribund project which was sucking oxygen out of the room shut down (gitorious)
    * My guess is that gitlab CE is helping several times more people get software freedom than anything before it (because it is easy to install and widely known: yes is marketing for EE, but also serves to make the cheap and/or informed aware of CE) and likely anything in the near feature, network effects being hard to achieve...
    * ...and because gitlab has gotten pretty popular it could be a serious threat long term to Github and Altassian businesses.

    I'd be much more excited by an entrant with these qualities and no proprietary version...looking forward to that but not holding my breath.

    Mike Linksvayer at 2015-03-04T03:15:15Z

    Richard Fontana , Tyng-Ruey Chuang , William L. Anderson like this.

    I am. I have switched as many as possible of my repos to (too lazy to install my own instance). Way way more useful than Gitorious.

    mcepl at 2015-03-05T13:04:22Z

    I'd be more excited about Gitlab if they would host the CE in addition to (or instead of) the EE.

    Using non-free extensions to free tools is no more useful to me than non-free tools.

    Kevin Everets at 2015-03-05T14:28:33Z