Stuff I have written/presented
Submitted by gwolf on Thu, 06/05/2014 - 23:20
John states some very important reasons for people everywhere to verify the identities of those parties they sign GPG keys with in a meaningful way, and that means, not just trusting government-issued IDs. As he says, It's not the Web of Amateur ID Checking. And I'll take the opportunity to expand, based on what some of us saw in Debian, on what this means.
I know most people (even most people involved in Free Software development — not everybody needs to join a globally-distributed, thousand-people-strong project such as Debian) are not that much into GPG, trust keyrings, or understand the value of a strong set of cross-signatures. I know many people have never been part of a key-signing party.
I have been to several. And it was a very interesting experience. Fun, at the beginning at least, but quite tiring at the end. I was part of what could very well constitute the largest KSP ever in DebConf5 (Finland, 2005). Quite awe-inspiring — We were over 200 people, all lined up with a printed list on one hand, our passport (or ID card for EU citizens) in the other. Actwally, we stood face to face, in a ribbon-like ring. And, after the basic explanation was given, it was time to check ID documents. And so it began.
The rationale of this ring is that every person who signed up for the KSP would verify each of the others' identities. Were anything fishy to happen, somebody would surely raise a voice of alert. Of course, the interaction between every two people had to be quick — More like a game than like a real check. "Hi, I'm #142 on the list. I checked, my ID is OK and my fingerprint is OK." "OK, I'm #35, I also printed the document and checked both my ID and my fingerprint are OK." The passport changes hands, the person in front of me takes the unique opportunity to look at a Mexican passport while I look at a Somewhere-y one. And all is fine and dandy. The first interactions do include some chatter while we grab up speed, so maybe a minute is spent — Later on, we all get a bit tired, and things speed up a bit. But anyway, we were close to 200 people — That means we surely spent over 120 minutes (2 full hours) checking ID documents. Of course, not all of the time under ideal lighting conditions.
After two hours, nobody was checking anything anymore. But yes, as a group where we trust each other more than most social groups I have ever met, we did trust on others raising the alarm were anything fishy to happen. And we all finished happy and got home with a bucketload of signatures on. Yay!
One year later, DebConf happened in Mexico. My friend Martin Krafft tested the system, perhaps cheerful and playful in his intent — but the flaw in key signing parties such as the one I described he unveiled was huge: People join the KSP just because it's a social ritual, without putting any thought or judgement in it. And, by doing so, we ended up dilluting instead of strengthening our web of trust.
Martin identified himself using an official-looking ID. According to his recount of the facts, he did start presenting a German ID and later switched to this other document. We could say it was a real ID from a fake country, or that it was a fake ID. It is up to each person to judge. But anyway, Martin brought his Transnational Republic ID document, and many tens of people agreed to sign his key based on it — Or rather, based on it plus his outgoing, friendly personality. I did, at least, know perfectly well who he was, after knowing him for three years already. Many among us also did. Until he reached a very dilligent person, Manoj, that got disgusted by this experiment and loudly denounced it. Right, Manoj is known to have strong views, and using fake IDs is (or, at least, was) outside his definition of fair play. Some time after DebConf, a huge thread erupted questioning Martin's actions, as well as questioning what do we trust when we sign an identity document (a GPG key).
So... We continued having traditional key signing parties for a couple of years, although more carefully and with more buzz regarding these issues. Until we finally decided to switch the protocol to a better one: One that ensures we do get some more talk and inter-personal recognition. We don't need everybody to cross-sign with everyone else — A better trust comes from people chatting with each other and being able to actually pin-point who a person is, what do they do. And yes, at KSPs most people still require ID documents in order to cross-sign.
Now... What do I think about this? First of all, if we have not ever talked for at least enough time for me to recognize you, don't be surprised: I won't sign your key or request you to sign mine (and note, I have quite a bad memory when it comes to faces and names). If it's the first conference (or social ocassion) we come together, I will most likely not look for key exchanges either.
My personal way of verifying identities is by knowing the other person. So, no, I won't trust a government-issued ID. I know I will be signing some people based on something other than their name, but hey — I know many people already who live pseudonymously, and if they choose for whatever reason to forgo their original name, their original name should not mean anything to me either. I know them by their pseudonym, and based on that pseudonym I will sign their identities.
But... *sigh*, this post turned out quite long, and I'm not yet getting anywhere ;-)
But what this means in the end is: We must stop and think what do we mean when we exchange signatures. We are not validating a person's worth. We are not validating that a government believes who they claim to be. We are validating we trust them to be identified with the (name,mail,affiliation) they are presenting us. And yes, our signature is much more than just a social rite — It is a binding document. I don't know if a GPG signature is legally binding anywhere (I'm tempted to believe it is, as most jurisdictions do accept digital signatures, and the procedure is mathematically sound and criptographically strong), but it does have a high value for our project, and for many other projects in the Free Software world.
So, wrapping up, I will also invite (just like John did) you to read the E-mail self-defense guide, published by the FSF in honor of today's Reset The Net effort.
Submitted by gwolf on Thu, 04/03/2014 - 20:16
I woke up to the news that, after a very short tenure, Brendan Eich steps down as the Mozilla CEO.
Why? Because of the community outcry. Because some years ago, Eich pubilcly supported (and donated funds) the ban of any kind of marriages in California that were not between a man and a woman. The world has advanced enormously in this regard in the last years/decades, and so many individuals and organizations opposed and announced they would boycott Mozilla that either him or Mozilla could not stand the pressure anymore.
So, of course, it's sad the person had to resign. Many people talked about freedom of speech, freedom of harbouring his own personal opinion — But when it comes to the rights of minorities, particularly of minorities that have suffered such hard prejudice and abuse as the gay, lesbian and all the other non-orthodox sexual- and gender- orientations, righting a wrong is much more important than preserving an individual's freedom of opinion. Besides, it's not just thinking or talking about something — The concrete proposition Eich supported (and eventually made him resign) is about bringing the life of thousands of people to a hellish state of uncertainty, and going back to not having a way for the society to legally recognize their way of being, their love, their lifes.
But anyway — What prompts me into writing this is that, once again, the Free Software (and related denominations) community has shown that a set of core values, seemingly shared by a very large amount of our own people with no coordination or correlation with what conforms us as a community (and thus, being emergent traits), are strong enough to create a critical mass, to achieve cohesion. And that ours is not just a technical community of people writing software at all layers of the stack, but –first and foremost– is a group of social activists, committed to making the world better.
I will quote from Matthew Garrett's post on this topic, clearly more contundent and thorough that what I'm trying to come up with:
For people in Mexico: Workshop next Wednesday! Video editing from the command line (by Chema Serralde, @joseserralde)
Submitted by gwolf on Thu, 12/05/2013 - 20:56
(Yes, yes... Maybe I should post in Spanish.. But hey, gotta keep consistecy in my blog!)
General, public, open invitation
Are you in Mexico City, or do you plan to be next Wednesday (December 11)?
Are you interested in video edition? In Free Software?
I will have the pleasure to host at home the great Chema Serralde, a good friend, and a multifacetic guru both in the technical and musical areas. He will present a workshop: Video editing from the command line.
I asked Chema for an outline of his talk, but given he is a busy guy, I will basically translate the introduction he prepared for this same material in FSL Vallarta, held two weeks ago.
Everybody is welcome to come for free, no questions asked, no fees collected. I can offer coffee for all, but if you want anything else to eat/drink, you are welcome to bring it.
We do require you to reserve and confirm your place (mail me to my usual mail address). We have limited space, and I must set an absolute quota of 10 participants.
Some people hide their address... Mine is quite publicly known: Av. Copilco 233, just by Parque Hugo Margain, on the Northern edge of UNAM (Metro Copilco).
The course starts at 16:00, and lasts... As long as we make it last ;-)
So, that said... See you there! :-D
[update]: Chema sent me the list of topics he plans to cover. Copy/pasting from his mail, in Spanish:
Submitted by gwolf on Sun, 11/10/2013 - 20:46
I'm very happy: I was finally able to present a talk at a Free Software conference in Paraná, Argentina — Regina's hometown. Not only in Paraná, but at the Vieja Usina culture center, half a block away from her parents' house. So, I must doubly thank Laura: First, for letting us know there would be a Free Software conference there, and second, for taking some pictures :-}
What was this conference? Conferencia Regional de Software Libre, organized by Grupo de Usuarios de GNU/Linux de Entre Ríos (GUGLER). Of course, flying to Argentina (and more specifically, to Paraná, which is ~500Km away from the international airport) just for a one day conference was out of the question — So I gave the talk by videoconference. Of course, given we will be travelling for the December vacations to Argentina, I expect to meet in person the GUGLER guys soon.
I gave a single talk, mixing together two different topics: (my very personal take on) the Free Software philosophy and Debian's place in the Free Software universe. I had a very good time giving the talk, and while I was unable to look at my audience, I got reports saying they were happy and interested. I even got some mails from them, which makes me quite happy ;-)
Now, one of the recurring points whenever I talk about Debian: I often tell people that I cannot tell them why they should use Debian instead of other distributions. My years testing every distribution I come across are long gone, and I nowadays am familiar with Debian only. But I also tell them that personally I gain nothing by having more Debian users in the world — What I want to achieve is the next logical step: To have more people contributing to Debian. So, here is a great opportunity for interested people, specifically a group that often has a hard time finding a way to collaborate with Free Software projects.
Today, Paul Tagliamonte published a call for proposals for Debian 8 (Jessie)'s artwork. So, given many people always want to find a way to contribute to Free Software without being a coder, here's a golden opportunity. You can look at the themes sent for Debian 7 as a reference; look also at the technical requirements for your artwork, and... Well, you have until early February to work on it!
Submitted by gwolf on Sun, 11/10/2013 - 20:19
Presenting my talk via videoconference at Conferencia Regional de Software Libre, set up by GUGLER, in Paraná, Argentina, November 7, 2013
Submitted by gwolf on Sun, 11/10/2013 - 20:17
Looking for a (small) place to host a Free Software-related meeting, course or similar in Mexico City?
Submitted by gwolf on Fri, 03/29/2013 - 11:00
Hey, Mexican hackers!
If anybody is interested in holding a small Free Software-related meeting (say, with up to 10-15 people) in the South of Mexico City, please tell me — We have adapted a nice room at our house where we want to invite people to come and do activities — Courses, meetings, whatever. It is not very big (~5×5 meters), but it has all of the needed amenities (some chairs, a projector, coffee-related amenities, and is very conveniently located). We are not charging for hosting your activities (but will of course want to schedule it beforehand with you).
So, if you have something to teach, or some project to hack on, and want a nice place to do it in, please drop us a line/call.
(hmh, yes, this is one of the posts that should probably be in Spanish — But this blog has a long-standing policy for English content ;-)
Submitted by gwolf on Thu, 02/28/2013 - 00:30
Daniel tells his story building a wooly mammoth, and throws some ideas on how this could be implemented easily with free software. But if I read his post correctly, Daniel still misses the precise ways to do it.
Our friends Octavio and Claudia (twitted hereby) have given some Blender courses here at our classroom at home (Guys! Come again! We miss you!), and host the Spanish-speaking g-blender community. At one of their courses, they showed how to model an object/character, and in order to color/texture its parts, you can unwrap it — This process yields a flattened image with the surfaces that build your object, that you can then color. Well, you can also use it as a base pattern to cut and sew your plush!
It is not meant to be used for this (although it works), so it won't give you the extra tabs to be sewn in place, and the joints might not be at the most comfortable places. But it is base you can work from.
Submitted by gwolf on Thu, 08/16/2012 - 12:19
Happy 19th birthday, Debian!
The Debian project is 19 years old now. Following Francesca's invitation (and Raphaël's lead, and using Leandro's image, collaboratively as it always happens here), I will tell a bit of my memories: How I got to Debian.
I am a Debian user since ~2000, and a Debian Developer since April 2003. But, just as Raphaël's, my history must go somewhat further back in time.
In 1992, I got my first 1200bps modem, and almost immediately became an avid BBS user (what's that? Javier Matuk talks [in Spanish] about BBSes in his newspaper column back in 1994). By mid 1993 I started operating my own BBS, CatarSYS. One of the key points that defined CatarSYS is that my focus was large-scale communication. I started connecting to several BBS networks, allowing messages to be relayed to distant people, mainly in the USA and Spain, and getting some feeds that could be seen as the poor man's Usenet.
At some point during the year I kept CatarSYS going, I got connected through a strange set of gateways to pure gold: A UUCP feed! This means, during some months, I operated the first (free, hobbyist) service that offered its users a free Internet mail address in Mexico. Yes, it was completely different to what we are used to today. I tried to connect to my provider at least three times a week, but this meant less than one week turnover time for messages sent to people anywhere in the world! But, back to Debian: Via this UUCP feed, I also got some real Usenet newsgroups — Including several on the comp.os category. I remember reading about Linux back then, and learning some commands, but didn't really get hooked into it.
I was in Israel from July 1994 to June 1995, doing completely non-computer-related tasks. Came back in 1995, and due to my father being an academic, got dialup internet access at home. WOW, *real* Internet!
It didn't take me long to start downloading Linux information and floppy images. One failed after another. But before the end of the year, I found in a bookshop a book (that included a CD-ROM) called "Build your own web server with Linux". WOW again — Remember this was still 1995! I bought it, and shortly afterwards, I had a Slackware system (Linux kernel 1.0.9) running. That meant many sleepless nights full of joy and frustration (as getting hardware to work was cloe to impossible).
By 1996, I got (within one week) my two first real jobs: A systems administrator at a small ISP and a highschool teacher. At the ISP, I got a spare computer to play with Linux, as –of course– the Big Server was running with Windows NT 3.51. Poor little machine... By then I was already a part of the Mexican Linux User Group. This group had just printed a batch of Linux CDs — RedHat 4.0. This was the first release that really made me happy and allowed me to do good work. Together with a friend I took to work with us, Juan Pablo Romero, we installed over a weekend a full replacement for our buggy NT machine, in much cheaper hardware. Of course, Linux was nowhere near corporate-recognition, and our project remained a project, not touching the Windows machine.
Anyway... Several years passed, and I was happy with my RedHat choice. I won't mention the milestones and job changes, as it would get boring and leave the point completely aside. By the year 2000, I was quite more involved with the LUG, as well as with the computer security group in DGSCA-UNAM. I became also an OpenBSD user, and had got so hooked up in free software that I felt the need to collaborate: To be a little part of one of those Big Projects that had given me so much. But which one?
I have never been much of a programmer — Yes, I can solve my everyday needs and have fun with it, and sometimes a bit beyond that. I enjoy programming. But all of my projects have begun little… and stayed little. I wanted to join OpenBSD, as it was a community I really believed in, but given my skillset (and given a flame-prone, aggressive developer community), I lost motivation to do so.
By 2000, I had also lost faith in RedHat. I don't have the exact dates, so I might be some months off — But after RedHat's IPO, I felt a sharp change. Version 7.0 was really demotivating — It tried to offer a polished desktop experience, but was really buggy, unstable, and full of bad decisions. In Mexico, Pepe Neif had taken up the job of making a derivative distribution of RedHat (called LinuxPPP), pressing hundreds of CDs and making a teaching program I was part of several times. Talking with Pepe (who continued to release based on RedHat 6), he told me he was interested in switching over to become a Debian-based distribution, but the job of migrating his installed base made the project stall — LinuxPPP reached only version 6.4.
But I installed Debian in early 2000, and loved it. I started getting familiar with its social philosophy and foundation documents at the same time I started migrating my servers from RedHat to Debian — This must have been by Spring 2000, as I installed Potato while it was frozen but not yet stable.
By January 2002 I applied for NM. My process took a long time, as my AM got MIA when he had already approved me (but before sending the AM report), so basically I had to go through AM twice — And by April 16, 2003, I got accepted as a DD. Contrary to what is acceptable today, I requested the full process to be done before starting to maintain any packages, as I didn't want to bother people with package sponsorship requests, so my whole process was done evaluating packages I would eventually upload.
Since becoming a DD, my main involvement in the project has been in packaging groups (I was a pkg-perl founder and member for many years, and am currently working in the pkg-ruby-extras group). But, as I said, my main strength is not programming — So my main involvement in Debian has been more social than technical: I have been a DebConf organizer since 2005, a very interesting, stressing, rewarding and (for some months) time-demanding role, and since 2009 I am part of the keyring maintainence team, which is much easier workload, although carries important ramifications.
So, after 19 years of Debian, and after nine years of me being part of it, Debian is clearly my strongest link to the Free Software community, a project I have grown to love and whose way of being I share and enjoy studying and explaining. And it is a technically excellent product, and a great place to start and keep learning both about how every aspect and layer of an operating system works, and how human-to-human interaction works in such a diverse, almost impossible environment happens.
Submitted by gwolf on Thu, 05/03/2012 - 10:25
As stated in the 2012-04-30 edition of the Debian Project News, this weekend I will be meeting Holger Levsen (who has been there for over a week now) in Managua, Nicaragua, as part of the Debian Tour 2012, a set of talks meant to raise awareness and interest on Debian between the Nicaraguan (+Central American) user groups, university students, companies and government.
Not all of the planned activities are present in the Debian Tour webpage. I know I will be giving my talk on Debian in the Free Software projects' universe, this Saturday at Universidad Centro Americana (UCA). Besides this, we will be meeting on Monday with the UCA staff to discuss some DebConf-specific issues. Sunday? Well, I hope^Wfully trust we will have interesting activities as well :)
Submitted by gwolf on Fri, 03/09/2012 - 17:10
I have just bought our plane tickets to Managua, so I can finally say this:
Yes, many of you will ask what happened, I was bragging everywhere I wanted to go by land, driving from Mexico City to Managua. I'd love to, and I'm sure it's completely doable... But we have family issues to attend on July 21, in Argentina. So we will have a beautiful flight schedule (and carbon footprint) for this July:
Several people have asked me on the best airline options for this trip. In our case, to Managua, it was with TACA, US$518 total. You can get tickets for ~US$30 less, but the flight goes through Panama instead of San Salvador, for an extra 1000Km – And instead of ~3hr it makes slightly over 6. Yes, on our way back we will be routed a bit South to San José, but it's not as bad, and it's for a very short layover.
For Argentina? Well, we have always found LAN to be the cheapest and most convenient. This time, TACA/Avianca was a very close second, which lost due to almost doubling the flight+layover time
Why aren't we taking a Mexico→Managua→Buenos Aires flight instead? Because it's ~US$150 more expensive per person. Not *that* much, but still some money. And by returning to Mexico and having a night at home, we will save us the hassle of carrying Winter clothes to Nicaragua and Summer clothes to Argentina.
Oh, and if you are planning on dropping by home while we are away and robbing all of our stuff: There's not that much to take from there, and we have already arranged for somebody to be there while we are away. But thanks for thinking about us, anyway!
[update] And what about DebConf12 registration? When is the system opening for us all to register? Soon, dear friends, we are talking about some related issues, and you will have your registrationi open soon.
Submitted by gwolf on Mon, 02/20/2012 - 01:48
Ben mentions he left Google Reader and went back to Liferea, but mentions a series of bugs that keep him from being happy. After pondering it a bit, a couple of months ago I also left Google Reader, but I turned to a free webapp: rssLounge aggregator. Although it does not fully cover Ben's wishlist (I'll get to it now), I am happy using it as it covers my main need: Being able to read my stuff from just about everywhere, without installing even a ssh client (that would make public Windows machines a liability for me, as they could sniff my keystrokes while authenticating to my ssh server). So, for me, a webapp is basically a must.
Well, as for Ben's list:
So, Ben, with only one (big) fail, it might be a good candidate for you.
PS- And hard as it might seem, I am leading an almost-Google-free life now! :) But don't let them hear this, as we want them to keep sponsoring Summer of Code and DebConf.
Submitted by admin on Tue, 05/31/2011 - 12:49
I was invited to be part of one of the panels to be present this Thursday (June 2) in a forum that promises to be interesting. The forum is organized by the Science and Technology comission of the Senate of the Republic (of Mexico ;-) ), Universidad Autónoma Metropolitana and Mozilla México. The day will be opened by Sen. Francisco Javier Castellón Fonseca and Richard Stallman; starting at 10:00, we will have thematic panels on:
The full program (as well as details of interest of those that can physically attend) is attached to this post.
I am looking forward to this forum. Not only it is a good opportunity to get our work known in one of those places where it matters, but it's also being organized by several interesting people I'm sure will have something interesting to contribute. And of course, we lacked time to build a better, more complete and more coherent proposal — but there is a good probability we will have further such contacts.
You might find interesting to read on the list we have been discussing; subscription seems to be open (although access to the archives is not — Maybe it will be later on? In any case, I'm saving a mbox ;-) )
Submitted by gwolf on Tue, 12/14/2010 - 13:58
As I'm not currently working on any suitable paper, I'll just post this to my blog so it does not completely slip off my radar ;-) Also, it might be interesting to my reader. Readers? Oh, there are two of you now? Good!
Yesterday, I learnt thanks to Beatriz Busaniche that a group of South American Free Culture activists launched number zero of a magazine that promises to be very interesting: Cultura RWX, cultura en modo lectura, escritura y acción (culture in reading, writing and action mode). Guys, best luck with this new project!
Anyway, reading it, I found this asseveration I want to keep at hand:
Yes, yes, translating to English:
I have argued (i.e. in here) in this same line regarding the birth of copyright itself — It was an arrangement that had to be made between writers and printers, back in the XVI/XVII centuries. Simple individuals were just unable to get anything of value out of the copying technology they had at hand.
Copyright was born in a time where reproduction required specialized equipment. Today, massive reproduction technology is a given for a good portion of the planet's population. Copyright now only defends big corporations — And will inevitably fade away as anachronic. Of course, it refuses to go without a fight... But it cannot win long-term. We cannot afford to allow it!
Submitted by gwolf on Sun, 09/19/2010 - 11:21
Asheesh posted When "free software" got a new name, which mentions about the transition period where the Free Software movement started its quest towards being understood by non-geeks, and when people started finding terms better suited for general (and specifically, business-minded) audiences.
We are talking about facts that reached concretion 12 years ago, when the term Open Source was coined and divulgated. That is already far in the past to try and change it – Still, during DebConf I was talking with several friends about it. In my opinion, there was never really the need to choose such an ambiguous name – In English, the word Liberty unambiguously refers to free as in freedom, with no conceptual links to gratuity. Liberty is also a concept held dear by the values of the USA society (which is the birthplace of our ideological movement, so it's specially important). Jimmy Kaplowitz pointed out a reason: Liberty is an incomplete word. You could translate what Asheesh's post mentions, Freed Software → Liberated Software, but libertydoes not exist as an adjective by itself, only when used as contrasting with an earlier more restricted situation. We can say some piece of software was liberated if it was born unfree, but what about things that were libre since the beginning?
So, yes, as beautiful as Liberty is, and as advantageous as such a concept would have been for us... Liberty seems to be too imperfect to be able to represent our movement.
Talks, papers and documents by category
Blog posts by category