Gunnar Wolf

You are scaring away much more than that.

I just came across an invitation for BugCon 2012.

BugCon is a Mexican conference devoted to computer security — I cannot comment on its level or value because, although it's a topic that has long interested me, I must recognize each day I feel less of an expert, nowadays finding myself at the level of a "sysadmin who tries not to be too dumb for his own job security". Oh, and also because it would be completely off-topic for this post.

If you look at Vendetta's (the main organizer) blog post, it will probably give you the impression that the conference is just an excuse for the afterparty: Lets go see some b00bs! Do you think your fellow female hackers will have any interest in joining a bunch of sex-starved, hormone-infested teenagers who only want to pwn a website and grab more pr0n? Do you think females will feel welcome (or even mildly safe) between you? I would not think so. And I also think you are alienating any professional who might have any interest in joining your community, be it as a member, as a mentor, or whatnot.

I cannot right now do a coherent post on this topic, but I can reference you to what I have seen (and read) over the last almost 10 years, when the issue was first brought up to our attention. I am very glad to see that, at least in the Free Software area, there has been a real change of mindset. I hope you are in time to think about it and rectify.

• Timeline of incidents in Geekfeminism. Note that while it seems we see more as time passes, I am almost sure it's because we are more aware of the problem, not because it occurs more often. I hope I'm not mistaken.
• Debconf ftp-masters talk. Myself a Debian person, my first contact with this problematic was being at the DebConf3 ftp-masters talk — And the discussion and action that followed. This led to the creation of the Debian Women group, one of the most (socially, not technically) influent parts of Debian. Great thanks and admiration to their members, as well as to the (male and female alike) people who have worked to form it and make it heard.
  I think Debian Women sparked other similar projects such as GnomeWomen (and there is a list with further projects in there), but I cannot authoritatively say who was there first.
• Planet Fedora up-skirting photo (the original post is still available) showed the communit does no longer tolerate this behaviour. Good!
• The Open Source Boob Project. One of the most childlike attempts at humor that surely alienated many would-be female geeks.
• Another conference season, another dumb sexist, a post by Piers Cawley addressing this issue after attending the CouchDB + Ruby: Perform like a Pr0n star talk. Quoting him, Apparently, the difference between 80s truck salesmen and Matt’s audience is that at least 80s salesmen had the grace to look embarrassed.
• Liz Keogh: "I am not a pr0n star: Avoiding unavoidable associations", a hacker woman that clearly felt offense by the CouchDB Pr0n Star joke, and did a thorough and interesting analysis, extending the effects to your work environment.
• Just Say You're Sorry Already (regarding the same incident on CouchDB+Ruby)
• Richard Stallman's EMACS virgins joke incident. It's sad how it's impossible to get Stallman to acknowledge he can also make mistakes and make feel people insulted.
• [update] And of course, MadameZou mentions the very important 2002 HOWTO: HOWTO encourage women in Linux?

Oh, and not the description of an incident, but a very interesting and thoughtful take on this: [pdf] Interesting analysis by Hannah Wallach on the numbers and motivations of women in Free Software groups. I don't know if Hannah has published this in article form, but many interesting points can be understood by looking at the presentation.

My good friend Vendetta: I don't mean this post (longer than what I originally intended) as a way to say you and the conference you are organizing for the third year (IIRC) already is unprofessional or targetted to pimply teenagers. I know the work you have put in it. I hope you see the points I'm trying to drive — You are of course free to have whatever afterparty you have. But, if as the main organizer, you are giving the images of nice chicks at Hooters more weight and relevance than to the conference itself... you are doing yourself a disservice. I hope you can rectify it, and make BugCon attractive to hacker women as well.

Every year, on January 1st, new material ceases to be protected by copyright and enters the public domain. This means, every year, more knowledge, literature, paintings, music, movies and a long etcetera becomes collective property, instead of being artificially held by the current holders of their rights.

As this image shows (source: http://publicdomainday.org/node/39 ), I have the honor(?) to live in the country with the longest copyright protection term in the world. Copyright in Mexico does not only last for 100 years — It lasts for the natural life of the author plus 100 years. This means that the popular corridos that tell the stories of the 1910 revolution are still not in the public domain. La sucesión presidencial, the book which Francisco I. Madero wrote to justify that a peaceful political change was needed for the 1910 elections, will not enter the public domain until 2014 (president Madero was killed during 1913). Does it make any sense to kidnap cultural, political or artistic works for over a century?

Not only that: Material that is legally sold as public domain in other countries is illegal in ours. Take as an example the recordings of Enrico Carusso, the great Italian tenor who died in 1921. Over 15 years ago, I bought a couple of CDs with his recordings (even if the sources were quite low-quality, as they had been copied over from wax cylinders to magnetic tapes to optical media). I bought them surprisingly cheap, as they were genuine public domain. But they are still protected in my country. That means, I ilegally have some stolen(!) works of art which I lawfully bought outside my country.

Copyright law needs to be revised to match reality. Technological advances have strongly changed reality since 1717's promulgation of the first copyright laws. The solution is not to extend the terms, but to rethink the whole process.

(yes, this rant was mainly made as an excuse for me to copy this image and put it in a location I can easily refer to later. But I hope it is interesting to you!)

I recently started getting mails from no-reply@joindiaspora.com. Usually, a mail from no-reply@whatever is enough to make me believe that the admins of said whatever are clueless regarding what e-mail means and how should it work. And in this case, it really amazes me — If I get an invite to Diaspora*, right, I should not pester a hypothetical sysadmin@joindiaspora.com to get me off his list, but I should be able to reply to the person mailing me — Maybe requesting extra details on what he is inviting me to, or allowing me to tell him why I'm not interested. But yes, Diaspora* has fallen to the ease of requiring me to join their network to be able to communicate back with the "friend" who invited me.

Some of the (three?) readers of this site might not be familiar with the Diaspora* project. It is a free reimplementation (as far as I know) of something similar to Facebook — Free not only in the sense that it runs free software, but also because it is federated — Your data will not belong to a specific company (that is, you are not the value object they sell and make money with), but you can choose and switch (or become) the provider for your information. A very interesting proposal, socially and technically.

I find that a gross violation of netiquette. I should be able to reply to the mail - Even if in this case it were to (and sorry – As you are spreading my name/mail, you will excuse me if I spread your name ;-) ) fernando.estrada.invite1501335@joindiaspora.com. Such an (fictional FWIW) address would allow for mail to reach back the submitter by the same medium it was sent, without allowing open spamming into the network.

Now, what prompted me to write this mail (just before adding no-reply@joindiaspora.com to my blacklist) is the message I got (in an ugly HTML-only mail which erroneously promised to be text/plain, sigh...) is that Fernando sent me as the inviting message, «So, at least are you going to give Diaspora a chance?»

The answer is: No..

But not because of being a fundamentalist. Right, I am among what many people qualify as Free Software zealots, but many of my choices (as this one is) is in no way related to the software's freeness. I use non-free Web services, as much as many of you do. Yes, I tend to use them less, rather than more (as the tendency goes).

But the main reason I don't use Twitter is the same reason I don't use Identi.ca, its free counterpart — And the reason I'm not interested in Facebook is the same reason I will not join Diaspora* — Because I lack time for yet another stream of activity, of information, of things to do and think about.

Yes, even if I care about you and I want to follow what's going on in your life: The best way to do it is to sit over a cup of coffee, or have some dinner, or to meet once a year in the most amazing conference ever. Or we can be part of distributed projects together, and we will really interact lots. Or you can write a blog! I do follow the blogs of many of my friends (plus several planets), even if they have fallen out of fashion — A blog post pulls me to read it as it is a unit of information, not too much depending on context (a problem when I read somebody's Twitter/Identica lines: You have to hunt a lot of conversations to understand what's going on), gives a true dump of (at least one aspect of) your state of (mind|life|work), and is a referenceable unit I can forward to other people, or quote if needed.

So, yes, I might look old-fashioned, clinging to the tools of the last-decade for my Social Web presence. I will never be a Social Media Expert. I accept it — But please, don't think it is a Stallmanesque posture from me. It is just that of a person who can lose too much time, and needs to get some work done in the meantime.

(oh, of course: Blog posts also don't have to make much sense or be logically complete. But at least they allow me to post a full argument!)

This is an update to my last post regarding the «Construcción Colaborativa del Conocimiento» book.

The book is, as we have repeatedly stated, available online for download — Both as a full PDF or chapter by chapter. In the website you will also find videos of all of the conferences held.

But holding a printed book in your hands is just a different experience, isn't it? :-) Anyway, I said I would give here an update on how to get your hands on it. The main venue would be through my University's e-store. I recommend it to anybody interested in buying the book in Mexico. The book's list price is MX$300 (around US$27), but it is currently sold at half price — I don't know how long will that price be offered.

On the other hand, we also uploaded it to the lulu.com self-publishing service. Of course, given I have not seen the printed results, I cannot assure you the resulting product will be of the same quality as the one we got here, but I have a couple of books I have bought at lulu, and their quality is quite acceptable. So, you can also buy it from lulu.com. Note the 20% discount it shows will be permanent — That's what I would get as an author, a payment I decided to forefit given we are 11 authors and it would be unfair to collect it all myself. So, the price at lulu.com is US$12.64 plus shipping — Very similar to the price at UNAM.

Enjoy!

Finally!

Last Friday, after two years worth of work, I finally got the first box of books for the Construcción Colaborativa del Conocimiento (Collaborative Knowledge Construction) project I worked on as a coordinator together with Alejandro Miranda (pooka), and together with a large group of 11 authors:

Translating over from the back cover text (and this is just a quick translation from me — It reads better in Spanish ;-) ):

What defines us as humans is our ability, on one side, to
create knowledge, and on the other, to share or communicate it with our neighbors. Both features have worked together over tens of thousands of years, and, working together, have led the knowledge to transcend the individual, avoiding the need to rediscovery or reinvention of is already known. Sharing knowledge is what has taken our species to the dominant role it occupies today.

But knowledge creation and sharing has seen a deep transformation in recent decades, thanks to the quick evolution of telecommunications, specially the massification of Internet and cellular telephony. We are transiting towards the so desired –and at the same time so feared– knowledge society.

In this book, eleven authors from very different disciplinary backgrounds and geographic origins ellaborate on how a hyper-connected world has modified the basic rules of interaction in areas as diverse as artistic creation, social organizations, computer code development, education or the productive sector.

This book is the result of a year worth of work for in the "Collaborative Construction of Knowledge" seminar, during which we
used the same new forms of knowledge production we have studied.

The videos of the sessions, electronic participations and the full contents of this book are available under a permisive license at
http://seminario.edusol.info/seco3/

We will soon have the book ready in IIEc's e-store (which is mostly meant for national requests). I am also uploading the book to the lulu.com self-publishing service, and we are working on a epub-like edition. Right now it is still not available, but it should be there in some days. I will keep you posted.

Meanwhile, the full contents can be read online at http://seminario.edusol.info/seco3

Once again, a polemic regarding how to properly integrate the Ruby language and libraries with the Debian distribution has been ignited. Similar arguments were presented in November and December 2008 and September 2010 — And excuse me for just refering to my own blog, but there are links to some other posts from there... and there will surely be many others I just missed. There were even nice collaboration attempts (such as DebGem, announced in January 2009... But which apparently never stuck on, as it is still listed as in its public Beta period and lists only support for Debian 4.0 and Ubuntu 8.04 and 8.10).

Some days ago, while I was on vacation, I received a mail from Lucas Nussbaum expressing the burnout he had been suffering from this situation. Some days after that, he posted a corresponding blog post - Giving up on Ruby packaging. The comments following his post are most interesting — The one comment I'd like to highlight (noting I skimmed a whole deal of them) is by Paul Brannan, one of the original RubyGems authors. Yes, possibly the design criteria for Gems included some mutually-conflicting goals, and they cover some of Debian's goals. Unfortunately, this conflicting criteria... Was resolved to the opposite way we would have wanted (specifically, that a sysadmin should be able to install software with the same tools he was already familiar with). And of course, there are deeper disagreements, which are rightly stemmed from different priorities: Debian (+derivatives) is meant to make user's and sysadmin's lifes simpler. Gems are meant to make developers' lifes simpler. And while all developers are some sort of users, and sysadminsthe reverse is (obviously) not so.

A developer maintaining several different codebases will surely suffer (well, this particular developer has surely suffered) if he has to maintain them all using coherent versions of system libraries. When a system is programmed, its developers want to use the greatest, latest tools to offer the best experience and functionality. And it's natural for libraries to evolve over time. However, any sysadmin will grind their teeth at the prospect of having many different versions of libraries, as the Gem model proposes. Why? Well, I was bitten by a minor example of it — Bug fixes do not get backported. Of course, if simple bugs are not backported, security and stability of the system as a whole suffers. Often, new software versions will not only add functionality, but improve on how things are done. Not only bugs get corrected, but we get better response times, better memory handling, etc.

It might sound harsh to say this, and even more, as a developer it feels I am talking against myself — But while development time should be minimized during the system design/implementation, once systems are in production, it should be used to allow for friendlier sysadmin relations.

I have to wear both hats at my real-life job. So, what is my take on this? Of course, blaming myself for choosing the wrong version is a no-go. When evaluating a library before using it in my projects, I try to look at its history and API-stability. APIs that change often speak about immature libraries which are still trying to get the right way to implement their functionality; just-started projects might be great and revolutionary, but they do not yet show any kind of long-term committment... And can lead (and have often led me) to painful rewrites when the Next Big Thing is reached.

As for the users: Even if your favorite language has the best and friendliest distribution method, users just do not care about what language was a particular piece of software implemented in. Users want to be able to install and uninstall with their system's usual tools. Directly using Gems, CPAN, PEAR and whatnot is just unnatural for users, however convenient they are for developers. Distributions offer a non-technical advantage in this regard as well: A human filter. As an example, as I write this there are 19392 Ruby Gems and 19092 Perl modules in CPAN (note that CPAN stores some older versions but discourages authors from keeping too many - So no, they are still very different in size). Debian has around 30,000 packages. Why is that? Because all Debian packages _must_ be human-generated, human-reviewed, human-submitted. This means, a person must think each packaged piece of code is worth packaging, is stable enough and provides value to users as it is, and is fit for being part of a stable release. I am not saying with this that 90% of CPAN and Gems are crap — I am saying that they are probably early implementations, to be installed, tested and improved by developers, and still not apt for general public use. Or maybe not interesting enough to be packaged as a service for the non-techie public at large.

Oh, and one last point: Ruby is not a new language anymore. It is a mature, powerful language with different implementations, every time more stable... But it is a language deeply affected by the (not so new anymore either) the appearance of Rails. Why do I say this? Because although the language is in no way tied to Web development, many of its strongest uses are Web-oriented. How does this affect the current discussion? Well, because many people argue that users are no longer needed to install the software. Web systems are installed by sysadmins and used via a Web browser, and sysadmins are expected be more skilled than casual users. Still, in Debian (and in other distributions, surely) we try to make sysadmin's lives simpler — I have (again, talking out of personal experience) installed several webapps (and system tools, and whatnot) for which I never followed any instructions besides aptitude install foo — Using different languages, frameworks, and so on. Can I troubleshoot their installs? Probably, as there is a common logic for how the distribution I have chosen and specialized in works. Can I find causes for bugs in them? Possibly, although there are some languages and frameworks I dare not touch. Can I get help on getting them out of a tight spot? Surely, as there is a central bug tracking system for my distribution — And one of the maintainer's tasks is to separate the problems related to the distribution (packaging, installing, simple user questions and misconceptions) to those derived from real bugs upstream.

Anyway — I am not saying that our way is the best way. No, by a long shot. Again, developers should have an easy, convenient way for installing whatever they want to play with. And to publish it without jumping through hoops. With this post, I'm only trying to express –again– why Debian works the way it does. And hope for better cooperation in the future.

And as for several comments of what I read in Lucas' post, I think that there is interest for this synergy among some of the most committed Ruby people.

As I'm not currently working on any suitable paper, I'll just post this to my blog so it does not completely slip off my radar ;-) Also, it might be interesting to my reader. Readers? Oh, there are two of you now? Good!

Yesterday, I learnt thanks to Beatriz Busaniche that a group of South American Free Culture activists launched number zero of a magazine that promises to be very interesting: Cultura RWX, cultura en modo lectura, escritura y acción (culture in reading, writing and action mode). Guys, best luck with this new project!

Anyway, reading it, I found this asseveration I want to keep at hand:

(…)cuando surge la industria musical aparecen los derechos de autor como forma de defensa de los productores musicales, específicamente los músicos. No tanto frente a los usuarios, porque hasta el “cassette” no existió posibilidad de copiar una obra musical. Era una defensa frente a las discográficas, que buscaban cerrar contratos muchas veces abusivos con los artistas.

— Música en Libertad: La industria musical frente al cambio de paradigma; Matías Lennie, adaptación: Sebastián Vazquez

Yes, yes, translating to English:

(…)when the musical industry was born, copyright appeared as a means of defense of the musical producers, specifically of the musicians. Not so much against the users, because up until the invention of the “cassette” there was no possibility to copy a musical creation. It was a defense against the discographic companies, which tried to close often abusive contracts with the artists.

Music in Freedom: Musical industry and the paradigm shift; Matías Lennie, adaptation: Sebastián Vázquez

I have argued (i.e. in here) in this same line regarding the birth of copyright itself — It was an arrangement that had to be made between writers and printers, back in the XVI/XVII centuries. Simple individuals were just unable to get anything of value out of the copying technology they had at hand.

Copyright was born in a time where reproduction required specialized equipment. Today, massive reproduction technology is a given for a good portion of the planet's population. Copyright now only defends big corporations — And will inevitably fade away as anachronic. Of course, it refuses to go without a fight... But it cannot win long-term. We cannot afford to allow it!

This Monday, Debian celebrated its 17th birthday. Yay!

I was invited to celebrate the birthday at HacklabZAM, but could not make it due to the time (17:00-19:00, and I was just leaving work by 19:00), but still, had some beers with long-time geekish friends Iván Chavero, Rolando Cedillo, Manuel Rabade and Odín Mojica. Nice hanging around, good beer+pizza time, and explicit congratulations to Debian.

On the Debian front, Margarita Manterola, Maximiliano Curia, Valessio Brito and Raphael Geissert came up with a very fun Debian appreciation day page. It even included a (slight) hijacking of the bug tracking system's Web interface, showing happy fun balloons! Guys, thanks for a good laugh, and thanks for providing a vehicle for getting the users' thanks to the project!

All in all, that was a great reminder to what we have been repeating as a mantram throughout the last years: Lets keep Debian fun!

So, DebConf time is over once again. The two weeks worth of fifty weeks waiting are left behind once again, and it's back to get back to normal. DebConf was great — Yes, it always is, and that's what we are all saying, but hey - Seriously! Being in the same building than 300 crazed developers is always fun, and it's always better than last year's fun. A good highlight this year is that, given the number of Free Software and Free Culture groups that exist in USA's north-eastern coast, we had the opportunity to join a large crowd which has never been part of DebConf. Also, I must agree that the USA bid for DebConf was aiming to attract as many Debian people (developers, maintainers, or just happy users) which had not yet been to a DebConf before as possible. And it was a great success! I finally met several people I have long read in the mailing lists, in blogs or in IRC. A much higher proportion than usual, I'd venture to say. Another interesting phenomenon /methinks is that this year's DebCamp started much more staffed than usual: I arrived on the first day, Sunday 25, and there were ~40 people there already; I don't have the actual numbers, but we quickly grew, and the number started to stabilize past mid-week, only to (sharply) rise in the weekend, in time for DebianDay and DebConf start. Great time!

But, they say, nobody can go to the USA without buying some sweet toys, right?

Well, being the proud owner of six very hairy cats, I have thought into entering the looming and weaving industry... But cat hair, while abundant, I have heard is untreadable... Maybe due to the indisciplined, natural and independent personality of the cats (catonality should I say?)...

So I had two choices: Clean up my home quite often, or live in a –literally– hairy mess.

Enter choice #3: The Roomba!

I had been waiting to buy this thing for several years, as they refuse to send to Mexico or charge Mexican cards. So, I walked across Manhattan and got my very own robot cleaner!

For my further surprise, although I have not yet tried it (I don't even have a suitable cable yet), I found this:

Yay, the Roomba is actually hackable (via a 7 pin miniDIN serial port)! Wikipedia says that:

Roomba comes with a Mini-DIN TTL serial interface, which is incompatible with standard PC/Mac serial ports and cables, both electrically and physically. However, third-party adapters are available to access the Roomba's computer via Bluetooth, USB, or RS-232 (PC/Mac serial). New, 500-series, and 410/420 series Roombas upgraded with the OSMO hacker device allow the user to monitor Roomba's many sensors and modify its behavior. The Roomba Open Interface (formerly "Roomba Serial Command Interface") API allows programmers and roboticists to create their own enhancements to Roomba. (…)

My first impressions? Well, the Roomba lazily charged its battery throughout the day today, and was hungry and ready when I arrived home. It is a but louder than what I expected, and –of course– my cats were not thrilled by the presence of a eighth animated and apparently sentient being at home. Their initial reaction was –of course– to be verrry alert of the thing. Twelve eyes were constantly pointing at the Roomba while mine alternated between them. As they measured the thing's speed and (I guess) inferred its movement patterns, they started escaping upstairs – A flat, round thing with no legs to be seen will not likely be able to climb the stairs. And they were completely right. At first, only Chupchic remained downstairs. After a bit, I went up to show them the Roomba didn't jump on us to eat our brains, and after a bit, Santa and Macusa joined. The Roomba roombed for maybe 90 minutes (this space is large, and decided it was enough... And slowly, the rest of them started coming down.

I would not say Roomba's cleaning is perfect, of course. Its room discovery algorithm is funny, and it even seems it's based on the mere chance of covering most (never all) of the space it has to clean. I had, of course, not fully studied it (after a single run, how could I?). It does make a honestly good attempt at cleaning under coaches, chairs and tables. It collected a fair amount of dust (on a house that seemed quite clean to me, I cannot imagine what would happen on a messy one). I have not yet played with the virtual walls (infrared transmitters which limit rooms as if a door was closed), but given the size of this house (and that I don't want it to clean around the cats' designated bathroom area), I guess I will end up using them regularly.

During DebConf, I heard one bad (stupid useless noisy thing) and two very good (it has radically changed my life) comments on the Roomba. I hope to shift the balance towards 3/4 and not towards 2/2!

Anyways... Thanks to each and every one of you. DebConf is great. Always great. Always a success. I cannot even thank specific teams. Debian Rules, and DebConf Rocks!

For the second time (First time was in 2008; I didn't join in 2009 as I travelled to Nicaragua on that date), I took part of the World Naked Bike Ride. The WNBR is a global effort, where people in ~150 cities all over the world go cycling nude on the streets of our towns, with varied demands, including:

• Safe conditions for cyclists (mainly aimed at car drivers, at the society at large, but also requesting proper infrastructure measures from our respective governments)
• Raising the consciousness that every individual has a bit of power to free us all from oil-produced pollution
• Tolerance, acceptance of people who are not exactly like us
• Lower the ecologic impact of humans against the world

One of the things I most like about WNBR is its diversity. Not everybody goes for the same reasons. As people who read me often will know, I took part because I believe (and act accordingly!) that the bicycle is the best, most efficient vehicle in –by far– most of the situations we face day to day, but we need to raise awareness in everybody that the bicycle is just one more vehicle: On one side, we have the right to safely ride on the streets, like any other vehicle. On the other side, we must be responsible, safe drivers, just as we want car drivers to be.

Ok, and I will recognize it before anybody complains that I sound too idealistic: I took part of the WNBR because it is _tons_ of fun. This year, we were between 300 and 500 people (depending on whom you ask). Compared to 2008, I felt less tension, more integration, more respect within the group. Of course, it is only natural in the society I live in that most of the participants were men, but the proportion of women really tends to even out. Also, many more people joined fully or partially in the nude (as nudity is not required, it is just an invitation). There was a great display of creativity, people painted with all kinds of interesting phrases and designs, some really beautiful.

Oh, one more point, important to me: This is one of the best ways to show that we bikers are not athletes or anything like that. We were people ranging from very thin to quite fat, from very young to quite old. And that is even more striking when we show our whole equipment. If we can all bike around... So can you!

Some links, with obvious nudity warnings in case you are offended by looking at innocent butts and similar stuff:

• My WNBR 2010 Mexico photo gallery
• My friend Jesús Wong, professional photographer, was documenting WNBR — His gallery
• Media presence (as far as I have seen):
  • El Universal, Saturday 14:30, reporting the Ride had finished and the streets were again... Safe?
  • El Universal, the note printed in the next morning paper: Pedalling nude, they demand respect towards cyclists
  • La Jornada: Cyclist protest
  • La Crónica: They pedalled bare naked
  • Organización Editorial Mexicana (OEM): Hundreds of cyclists protested nude on Mexico City because of the oil spill — Well... not exactly, but close :)
  • Qué! (España): Around three hundred naked cyclists toured Mexico City
  • rpp.com.pe (Perú): 300 nude cyclists toured the main avenues

As for the sad, stupid note: 19 cyclists were placed under arrest in Morelia, Michoacán because of faltas a la moral (trasgressions against morality), an ill-defined and often abused concept.

Also, by far, most of the comments I have read from people on the media, as well a most questions we had by reporters before or after the ride were either why are you going nude‽ (because that's the only way I'll get your attention!) or But many people were not nude! (nudity is not a requirement but only an option.

Yay!

The ticket is ready, and the long trip is getting closer.

Long trip? Won't most Debianers have a longer trip than me this time? Nope, not by far – My University will be on vacations starting July 3, and it is three weeks before DebConf... So I will be travelling Southwards before :-)

Details will follow later. Suffice to say that I am more than happy to announce that... I am definitively going to DebConf10!

Yay!

Yes, I know I had already said I would be travelling next week to the Central American Free Software Encounter. However, I was close to not making it.

I had got a sponsor for the plane ticket, and counted on it. However, in a depressed economy, you cannot count on anything… Least of all on a company being able to give you money for nothing.

On Wednesday, I was informed I... would not be getting the money. And although a Mexico-Nicaragua-Mexico flight is not too expensive (I got it for US$330 with TACA), it is bad to suddenly understand you have to pay this amount you didn't consider, and that it has to be right away.

Well, I was crying my sorrow near Fernando "El Pop", who had originally contacted me with my prospective sponsors. He said we could ask for donations at La Cofradía Digital, a site he set up several years ago and that for a long time was a main referring point to the Mexican Free Software community and friends. I hesitated — I felt it to be more or less like standing on a corner to beg for money. But, yes, El Pop does not ask — He does. So, a short couple of minutes later, my pledge was published.

Less than 48 hours, I am very happy to inform you that the money was raised, that the 100% of the ticket1 has been covered, and that I am a very happy man.

I never thought so many people would end up giving money from their own pockets to see me away from this country.

Thank you all!

• 1. Of course, it was slightly over 100% of the ticket. I will donate whatever I get over the needed amount back to Cofradía, as someone else may need it

As my Institute's sysadmin, I was appointed as the responsible for my Institute's certificate handling for today's voting session for the Universitary Council (Consejo Universitario).

UNAM, Mexico's largest University, is moving towards an e-voting platform. I talked about this with our (sole) candidate for the Council, and she told me this has been used a couple of times already - And, as expected, it has led to having to repeat voting sessions, due in part to e-voting's inherent lackings: It is impossible to act on any kind of impugnation. The only thing we have is an electronic vote trail, no way to recount or to make sure that all votes got in. Besides, we had a perfectly antinatural and inadequate identification system, which means voter's identity have no way to be trusted.

Besides, we still have all the traditional Universitary bureaucratic paper flow, which completely obscures any positive points this e-voting system might have had.

Before going any further, if you are interested: There is a so-called security audit certificate for this system. In Spanish, yes. Take a look at it if you understand the language and want to crack some laughs.

I will not make a detailed review of (what I could gather about) the setup. But to make things short: I had to go to the central administrative offices to get a CD-ROM with the monitoring station's SSL certificate. This certificate is tied to an IP address, so only one computer was able to be set up as a monitoring station. So far, so good.

But, what is the monitoring station's real role? You will probably laugh. The voting session (at my Institute - Each dependency can specify its own opening and closing times) was from 10:00 and until 18:00. We were instructed to place this computer at a public location, from where:

• Shortly before 10:00, we had to check the booth's status was set to closed and that zero votes were received.
• During the votation period, the computer would continuously display the number of received votes, refreshing the page twice a minute1
• During the day, anybody could go to the computer and check the number of total votes received. Its main function is, I think, to show that no votes are substracted precisely when a person is staring at it.
• Shortly before 18:00, we had to check the booth's status was still set to open, and wait until 18:00 to witness the booth is now closed.
• Get the needed data from the system and hand it over to the proper bodies. I'll get back to this point later on.

So, what is strange here? That there is a tremendous apparatus providing supposed security to... Information that is completely worthless. Just protecting a number that is, for all purposes, public. Oh, and the opening and closing of the booth - Of course, the system could have flaws during the process, or inject spurious votes along the way, or flip-flop the votes cast whichever way. But, did I mention votes? So far I have not mentioned how people are supposed to vote.

Together with our last paycheck, we got a piece of paper with all of the needed information: A randomly generated, 10-character-long-with-mixed-case-and-symbols password, and the link to a web page2. This paper was folded, yes, but it was in no way secured - So, whoever wanted to have all of our passwords could just go through the bunch of papers and get them.

Now, contrasting to the strong perception of physical security surrounding the oh-so-important monitoring stations, how can a person vote? Oh, sure, just fire up your favorite browser and go to https://www.jornadaelectoral.unam.mx/, produce your student number if you are a student or your full RFC3, select via checkboxes4, click on "submit", and voilà, you have voted. From any location, from any machine.

Yes, the University's population is largely itinerant, many people will be voting from abroad and all. It is good to give them a voice. But... At what price? Lets see... The security audit mentions the system is free from any malicious routine that can automatically alter the results and it has the minimum needed validations against spurious data injections from the most common Web browsers. However, if I am interested in modifying the results... I could put a trojan in a Faculty's laboratories, which modifies the votes sent by their users (students vote as well). Yes, I'd have to know how the system works, but lets accept security through obscurity does not work, and that this is a well-known system (as it has been used for over 3 years and is at version 3.5). PHP-based, for further points. Oh, and (if I recall correctly) a voter does not even get feedback as for which formula did he vote for, so no way of knowing if the computer really sent the information I requested. And given the low security for the password handling, I would not bet on it being worth much. Besides, this system was partly established to allow people voting from abroad - as long as they picked up their March 10 paycheck. That excludes anybody who has spent over three weeks away!

Many other things can be said. Last detail: e-voting's main selling point is that the results are known instantaneously, and (if no paper trail exists) no tedious re-counting is ever done, right?

Meet universitary bureaucracy. Technology changes, but processes don't. The Local Electoral Surveillance Commission has the responsability to enter once again the system after the vote has finished, and ask the server for the preliminary results. This consists of a tarball with the tally sheet (from the voters, who voted and who didn't), the total votes for each formula, and... one more file I don't remember. They also have to generate the signed legal documents where they testify to the received information. And then, ahem, they have to burn those files5 onto a CD-ROM, print them, and physically take them to the central administrative offices. Yes, take something from the server and get it to the server. For us it is not terrible (1.5Km can be readily done), but this same procedure must be done by people in other cities where there are University campii holding elections. How Nice!

Anyway... Worst of both worlds. The inefficacies of a paper-based ellection, together with the unaccountability of an e-voting ellection, sprinkled with fake sense of security here and there.

Bah.

• 1. Except that it didn't. I guess they didn't stress-test the server, so every couple of minutes it returned a connection error. Of course, the page would no longer self-update. And after noticing that, I (and nobody else but me) had to go and give the password and certificate for the system to continue to operate.
• 2. which is http://www.dgae-siae.unam.mx/ - The Schooling Administration General Direction (DGAE), an universitary body which has no relation with electoral issues. DGAE made available a poster detailing how to vote... But, again, lets ignore that fact for now
• 3. A nationwide ID number, largely derived from name and birth date data - Both numbers are often widely known, they cannot be considered private in any way.
• 4. Oh, for goodness sake... The "ballot" has 1..n options, and each has a checkbox, not a radio button. That means, you can select multiple options, which is of course invalid. Why? Because the electoral rules indicate that selecting more than one option in a ballot makes the ballot invalid, and thus, a way for making it invalid must be provided. Isn't logic beautiful?!
• 5. Want some more insight on what needs to be done? Take a look at the instructions. Don't forget paying attention to the lexicon used - We are still asked to count the votes, an impossible feat given the vote is 100% system-based - Quote: Los miembros de la CLVE realizarán, con base en el reporte del sistema, el cómputo de los votos depositados en la urna a favor de cada una de las fórmulas, declarando nulos los votos que procedan.

My attention was just drawn (thanks, Txopi!), slightly less than two days before the kick-off date, that although we have advertised quite thoroughly how to participate in this Thursday's EDUSOL Seminar session (didn't you read about it already?) via the formal videoconferencing channels (wow, we have 14 videoconferencing rooms signed up, w00t!), we have not yet announced how to participate by following the Ogg stream and the IRC channel. So, please:

Ogg stream

Connect to http://seminario.edusol.info:18000/edusol.ogg.m3u. What to connect with? If you are a Linux user, just about any media player will do. If you are not, download the great VLC - VLC for Windows, VLC for MacOS X.

IRC chat

Of course, you might be interested not only on listening to our talk but in participating as well, right? Take your favorite IRC client and enter the #edusol channel in irc.oftc.net. (I won't go into further details on this post on what is or how to enter IRC - But I will explain a bit more in the EDUSOL website, in Spanish, if you need it).

...We are very hurried and excited about this all. Hope to see you there, and during our work sessions for the many following months!

It's time to drive some buzz this way ;-) Although this post will only be a pointer towards the Spanish post I made on Planeta EDUSOL, for reasons soon to become obvious. In any case, the information I'm posting here is not exactly the same. Can you read Spanish? Please go on to the invitation for the first videoconference for the EDUSOL Seminar.

This year, we the organizers of the On-line Encounter of Education and Free Software (EDUSOL) are aiming higher - we are not "just" having a two-week encounter at the end of the year - We are having an all-year-long Seminar, focusing on the collaborative construction of knowledge. People from quite distinct backgrounds will be part of this project, and we aim to drive it towards the publication of a book.

We (mainly, Alejandro Miranda and me) have been quite busy bootstrapping this seminar, getting the proposed authors, thinking over the intended communication channels and ways, and setting up the needed infrastructure) and are ready to start the public-facing activities.

We will be having monthly videoconferencing sessions, the last Thursday each month, 16:00-18:00 Mexico Central time (currently GMT-6; GMT-5 after the beginning of April). The VC sessions will be also relayed through Ogg streams, and we will have an IRC channel available to offer full interactivity for those who do not have access to a H.323 VC setup.

This first session will be moderated by Victor Manuel Martínez; the speakers will be Alejandro Miranda and myself - The topics we will present are:

• Short project presentation, delineating the list of invited authors and tematic lines we will pursue
• Description of the collaboration scheme we expect to hold, including how everybody (not just invited authors) can participate
• Presentation of one of the topics we will work into in the Seminar: Free Software and the Democratic Construction of the Society

If you have access to videoconferencing facilities, please get in touch with Carlos Cruz, the Videoconferences Coordinator at the Economic Research Institute, as soon as possible for all the needed coordination.