Goodbye, pgp.gwolf.org

Submitted by gwolf on Thu, 08/01/2019 - 10:25

I started running an SKS keyserver a couple of years ago (don't really remember, but I think it was around 2014). I am, as you probably expect me to be given my lines of work, a believer of the Web-of-Trust model upon which the PGP network is built. I have published a couple of academic papers (Strengthening a Curated Web of Trust in a Geographically Distributed Project, with Gina Gallegos, Cryptologia 2016, and Insights on the large-scale deployment of a curated Web-of-Trust: the Debian project’s cryptographic keyring, with Victor González Quiroga, Journal of Internet Services and Applications, 2018) and presented several conferences regarding some aspects of it, mainly in relation to the Debian project.

Even in light of the recent flooding attacks (more info by dkg, Daniel Lange, Michael Altfield, others available; GnuPG task tracker). I still believe in the model. But I have had enough of the implementation's brittleness. I don't know how much to blame SKS and how much to blame myself, but I cannot devote more time to fiddling around to try to get it to work as it should — I was providing an unstable service. Besides, this year I had to rebuild the database three times already due to it getting corrupted... And yesterday I just could not get past of segfaults when importing.

So, I have taken the unhappy decision to shut down my service. I have contacted both the SKS mailing list and the servers I was peering with. Due to the narrow scope of a single SKS server, possibly this post is not needed... But it won't hurt, so here it goes.

( categories: )

DebConf19 Key Signing Party: Your personalized map is ready!

Submitted by gwolf on Sat, 07/20/2019 - 13:13

When facing a large key signing party in a group, even a group where you are already well socially connected in, you often lose track whom you have cross-signed with already, who is farther away from you (in the interest of better weaving the Web of Trust)...

So, having Samuel announce the DebConf19 KSP fingerprints list, I hacked a bit to improve the scripts I used on previous years, and... Behold!

The DC19 KSP personalized maps!

This time it's even color-coded! People you have not cross-signed with are in light grey. People whose keys have been signed by you are presented with blue text. People that have signed your key are presented with green background. Of course, people you have cross-signed with have blue text and green background :-]

The graph is up to date as of early today, pulling the data from keys.gnupg.net. Sorry for the huge size, but it's the only way I found it to be useful to see both the big picture and the detailed information. Of course — You can zoom in and out at will!

( categories: )

Updates from Raspberrypi-land

Submitted by gwolf on Sat, 06/29/2019 - 00:06

Yay!

I was feeling sad and depressed because it's already late June... And I had not had enough time to get the unofficial Debian Buster Raspberry preview images booting on the entry-level models of the family (Broadcom 2835-based Raspberries 1A, 1B, 0 and 0W). But, this morning I found a very interesting pull request open in our GitHub repository!

Dispatched some piled-up work, and set an image build. Some minutes later, I had a shiny image, raspi0w.tar.gz. Quickly fired up dd to prepare an SD card. Searched for my RPi0w under too many papers until I found it. Connected to my trusty little monitor, and...

So, as a spoiler for my DebConf talk... Yes! We have (apparent, maybe still a bit incomplete) true Debian-plus-the-boot-blob, straight-Buster support for the whole Raspberry Pi family all of the raspberries sold until last month (yeah, the RPi4 is probably not yet supported — the kernel does not yet have a Device Tree for it. But it should be fixed soon, hopefully!)

( categories: )

LIDSOL: teaching privacy and anonymity concepts and tools to social scientists

Submitted by gwolf on Sun, 06/23/2019 - 22:46

I have been working on several privacy/anonymity topics in the past couple of years. And I am very happy, as we just achieved one of our most important stated goals.

I am coordinating LIDSOL, Laboratorio de Investigación y Desarrollo de Software Libre, at the Engineering Faculty, UNAM. LIDSOL is a very interesting and very open lab regularly inhabited by ≈7 bright students, most of them from Computer Engineering (but some from other careers in the faculty), and with over twenty years of history. And I have worked with several of them in my PAPIME project for privacy and anonymity. This time, the task was –after working a year on the broad topic– for the students to plan and present a course titled Privacidad y anonimato para un manejo seguro de mi información en redes» — Privacy and anonymity for safely handling my online information, as part of the Political and Social Sciences Faculty's intersemestral courses on technological updating.

The covered program was quite ambitious; I'm not translating it, you can look at it in Spanish in the course's information. The LIDSOL instructors (please, a round of applause for them!) were:

  • Diego Barriga
  • Emilio Cabrera
  • Marco Ruano


My friend Lourdes Reséndiz, who works at FCPyS and got us the space to present the course, also gave a module.

Lourdes, during the famous three envelopes dynamic for explaining onion routing

I felt the course to be a great success, and we were asked to repeat it in the future. As any course presenting anonymization technologies, it was of course not without its controversy and discussion — which was great! I think we got many concepts clarified for the attendees. I will later report on any measurable accounts we got, of course!

Towel Day 2019

Submitted by gwolf on Sat, 05/25/2019 - 22:39

Today we went to celebrate a good friend's birthday. And while most of my social circles are in some way geeky or geekier... This one is definitively geekiest. Not so much in the Free Software alignment scale, but in many, many other ways.

I was (pleasantly!) surprised to find we were four fellow potential hitchhikers (on the photo above, Jesús Wong; Susana and Aaron were also towel-bearers).
Oh, but you are still asking yourself what this is about?
I gather you have not yet read The Hitchhiker's Guide to the Galaxy, by Douglas Adams. The international Towel Day is observed annually on May 25, since 2001. And why? In Adams' words:

A towel, it says, is about the most massively useful thing an interstellar hitchhiker can have. Partly it has great practical value. You can wrap it around you for warmth as you bound across the cold moons of Jaglan Beta; you can lie on it on the brilliant marble-sanded beaches of Santraginus V, inhaling the heady sea vapours; you can sleep under it beneath the stars which shine so redly on the desert world of Kakrafoon; use it to sail a miniraft down the slow heavy River Moth; wet it for use in hand-to-hand-combat; wrap it round your head to ward off noxious fumes or avoid the gaze of the Ravenous Bugblatter Beast of Traal (such a mind-bogglingly stupid animal, it assumes that if you can't see it, it can't see you — daft as a brush, but very very ravenous); you can wave your towel in emergencies as a distress signal, and of course dry yourself off with it if it still seems to be clean enough.

More importantly, a towel has immense psychological value. For some reason, if a strag (strag: non-hitch hiker) discovers that a hitchhiker has his towel with him, he will automatically assume that he is also in possession of a toothbrush, face flannel, soap, tin of biscuits, flask, compass, map, ball of string, gnat spray, wet weather gear, space suit etc., etc. Furthermore, the strag will then happily lend the hitch hiker any of these or a dozen other items that the hitch hiker might accidentally have "lost." What the strag will think is that any man who can hitch the length and breadth of the galaxy, rough it, slum it, struggle against terrible odds, win through, and still knows where his towel is, is clearly a man to be reckoned with.

Thanks to the DC18 organizers for providing such a handy gift, thanks to Andreas Tille for kindly reminding us the observation of this important festivity, and thanks to Felipe Esquivel for providing photographic evidence.

( categories: )

Made with Creative Commons (Spanish translation): Copyedits done!

Submitted by gwolf on Wed, 05/08/2019 - 18:07

Uff!
Remember almost two years ago I announced on this same blog I would start coordinating a translation effort for the (excellent!) Made with Creative Commons book into Spanish? Having made the vey wise decision to choose Weblate as our translation platform, only four months later and with the collaboration from people all over Latin America, we amazingly reached 100% translated strings only four months later! Not only that — other languages were also started, and Norwegian (coordinated by Petter Reinholdtsen) also reached 100%.

But editting a book is not just a matter of translating it. In my case, as I publish via the National University, the translation had to undergo peer review –as any university-published book would– which took several months (!)
Once we got academic approval for the University to host the edition, resources were approved for our editors to do the style correction reading. And, of course, being us so diverse geographically, our linguistic styles were really not coherent. Some ideological issues appear in the resulting text, which also becomes easily aparent. Plus, not all of us are in the habit of writing — And it also shows.

So, the copyediting process was long and painful for our readers and for me, who incorporated their comments into the source. Oh — Eat your own dogfood: Given we did our translation based on a nice and nifty gettext+DocBook environment... Well, gettext is meant for programming, not for whole texts. I basically did all the copyediting by opening the .po file as plain text. Surprisingly, I broke things very few times!

The process still has many stops in the horizon. But at least I already finished a huge chunk of the pending work. I am happy! ☺

#FLISOL at Facultad de Ingeniería, UNAM - April 25 and 26 @lidsol @comunidadfi @die_fi_unam @FIUNAM_MX #FIUNAM

Submitted by gwolf on Wed, 04/10/2019 - 13:36

After several years of absence, LIDSOL (Laboratorio de Investigación y Desarrollo de Software Libre) is once again organizing a FLISOL!

And what is a FLISOL? It is the Festival Latinoamericano de Investigación y Desarrollo de Software Libre — An activity that started off as an installfest, but went on to become a full set of conferences. Set of conferences? Yes, because FLISOL happens more-or-less simultaneously (the official date is the last Saturday of April, but there is tolerance for it to happen up to a couple of weeks around it) all over Latin America. This year, FLISOL will be held at different cities in Germany, Argentina, Bolivia, Brazil, Chile, Colombia, Costa Rica, Cuba, Ecuador, Spain, El Salvador, Guatemala, Honduras, México, Nicaragua, Panamá, Paraguay, Perú, Rep. Dominicana, Uruguay and Venezuela.

So, besides the install fest that will be continuously happening on tables at the entrance of the auditorium, we will have a very interesting set of talks for Thursday and Friday, April 25 and 26, at the main auditorium of Facultad de Ingeniería (Auditorio Javier Barros Sierra):

A rough translation for the talks (yes, this is aimed at a local audience, but my blog is in English for $reasons ;-) ) follows:

Thursday, April 25
11:00
Hackers and Free Software, the immune system of Internet (Hiram Camarillo)
12:00
The Debian project: Beyond the mother of all distributions (Gunnar Wolf)
13:00
Advantages of communities, and how to contribute (Luis E. Jiménez Robles)
14:00
DeepDream with TensofFlow (Alejandro Hernández)
15:00
Science + Free Software = <3 (Diego Barriga)
16:00
Modbus Protocol: A present risk in Industrial Control Systems (Paulo Contreras Flores)
Friday, April 26
11:00
It's not your friend, it's proprietary software (Paul Aguilar)
12:00
Introduction to Fedora (Efrén A. Robledo)
13:30
Fedora Containers Lab (dockerless containers) (Alex Callejas)
15:00
Programmers sought: How to save the world without dying in the attempt (Irene Soria)
16:00
git + CI + CD = Devops (Andrés Hernández)

Debian @ Internet Freedom Fesitval #internetFF

Submitted by gwolf on Mon, 04/01/2019 - 18:07

Today, we had a little get-together of DDs in València, Spain, with some other DDs.

Most of us were here to attend the Internet Freedom Festival (IFF), plus Héctor and Filippo, who are locals. We missed some DDs (because in a 2500+ people gathering... Well, you cannot ever find everybody you are looking for!) so, sorry guys for not having you attend!

Sadly, we have no further report than having enjoyed a very nice dinner. No bugs were closed, no policy was discussed, no GRs were drafted, no cabals were hatched.

( categories: )

Many random blurbs on Debian

Submitted by gwolf on Mon, 03/25/2019 - 23:03

I have been busy as hell this year. I might have grabbed a bigger bite than what I can swallow – In many fronts! Anyway, sitting at an airport, at least I have time to spew some random blurbs to The Planet and beyond!

Voting
We all feared when no candidates showed up at the first call for DPL. But things sorted out themselves as they tend to (and as we all knew that would happen ;-) ), and we have four top-notch DPL candidates. It's getting tough to sort through their platforms and their answers in the lists; the old-timers among us have the additional advantage of knowing who they are and probably having worked closely with some of them. I am still drafting my Condorcet ballot. It won't be an easy task to completely rank them!
DebConf 20 and world politics
For personal and selfish reasons, I am very, very happy to have a reason to go back to Israel after over two decades. Of course, as everybody would expect, there is a bothering level of noise that's not going to quiet down until probably late August 2020... DebConf has often taken controversial turns. Israel is not the toughest one, even if it seems so to some readers. And... Well, to those that want to complain about it — Please do understand that the DebConf Committee is not a politically-acting body. Two bid submissions were presented fully, and the Israeli one was chosen because its local team is stronger. That is probably the best, most important criteria for this conference to be successful. No, it's not like we are betraying anything — It's just the objective best bidding we got from completely volunteer teams.
DebConf 19
What are you waiting for? Register! Submit a talk! Pack up and get your ticket for Brazil!

I'd better get moving, the plane might be getting some ideas about taking off.

( categories: )

Mob justice and extreme violence in Copilco Universidad — @Alcaldia_Coy @CopilcoUniv @CopilcoVecinos @manuelnegrete22

Submitted by gwolf on Tue, 03/05/2019 - 01:03

Some days ago I read a piece of news that shocked me at different levels: Three blocks away from my home, and after being "unclearly" denounced for harassing a woman, a guy was beaten to death. Several sources for this: El Diario MX: Por acosar a mujer lo golpean hasta la muerte; El Siglo de Torreón: Asesinan a hombre por presuntamente acosar a mujer en Coyoacán; Zócalo: Matan a hombre en Coyoacán; Milenio: Por presuntamente acosar a mujer, golpean y matan a hombre en CU.

Of course, when anybody cries for help, it should be our natural response (everybody's!) to rush and try to help. However, stopping an aggression is a far cry from taking justice in our own hands and killing a guy.

Mob justice is usually associated with peri-urban or rural areas, with higher socioeconomic margination and less faith in authority. Usually, lynching mobs generate a very bad and persistent name to wherever said acts of brutality happened. While I don't want to say we are better than..., it shocks me even more to have found this kind of brutality in the midst of the Universitary neighbourhood, at a very busy pedestrian street, at all times (this happened somewhat after noon on Thursday) full of teachers and students.

Not only that. The guy who was attacked was allegedly a homeless guy, in his mid 20s. Some reports say that after the beating took place, he was still alive, but when the emergency services arrived (30 minutes later!) he had died. We are literally less than 200m away from Facultad de Medicina, and hundreds of students and teachers walk there. Was nobody able to help? Did nobody feel the urge to help?

If this guy was a homeless person, quite probably he was weak from malnutrition, maybe crossed with some addictions, and that's what precipitated his death. But, again — This raises other suspicions. Maybe he was pointed to by some of the store owners that wanted to drive him away from their premises? (he was attacked inside a commercial passageway, not in the open street)

Also... While there is not much information regarding this attack, I'm quite amazed almost no important local (or even national!) media have picked this up. We are less than 1Km away from the central offices of Grupo Imágen! This is no small issue. Remember the terrible circus raised around the Tláhuac lynches in ~2005 (and how Tláhuac still carries that memory almost 15 years later)? What is the difference here?

No attack on women should be tolerated quietly. But no lynchmob should be given a blind eye to. This deeply worries and saddens me.

( categories: )

Debian on the Raspberryscape: Great news!

Submitted by gwolf on Fri, 02/15/2019 - 22:25

I already mentioned here having adopted and updated the Raspberry Pi 3 Debian Buster Unofficial Preview image generation project. As you might know, the hardware differences between the three families are quite deep — The original Raspberry Pi (models A and B), as well as the Zero and Zero W, are ARMv6 (which, in Debian-speak, belong to the armel architecture, a.k.a. EABI / Embedded ABI). Raspberry Pi 2 is an ARMv7 (so, we call it armhf or ARM hard-float, as it does support floating point instructions). Finally, the Raspberry Pi 3 is an ARMv8-A (in Debian it corresponds to the ARM64 architecture).

The machines are quite different, but being the CPUs provided by Broadcom, they all share a strange bootloader requirement, as the GPU must be initialized to kickstart the CPU (and only then can Linux be started), hence, they require non-free firmware

Anyway, the image project was targetted at model 3 Raspberries. However...

Thanks (again!) to Romain Perier, I got word that the "lesser" Raspberries can be made to boot from Debian proper, after they are initialized with this dirty, ugly firmware!

I rebuilt the project, targeting armhf instead of arm64. Dropped an extra devicetree blob on the image, to help Linux understand what is connected to the RPI2. Flashed it to my so-far-trusty SD. And... Behold! On the photo above, you can appreciate the Raspberry Pi 2 booting straight Debian, no Raspbian required!

As for the little guy, the Zero that sits atop them, I only have to upload a new version of raspberry3-firmware built also for armel. I will add to it the needed devicetree files. I have to check with the release-team members if it would be possible to rename the package to simply raspberry-firmware (as it's no longer v3-specific).

Why is this relevant? Well, the Raspberry Pi is by far the most popular ARM machine ever. It is a board people love playing with. It is the base for many, many, many projects. And now, finally, it can run with straight Debian! And, of course, if you don't trust me providing clean images, you can prepare them by yourself, trusting the same distribution you have come to trust and love over the years.

Wheee!

Spinning rust woes: Cowbuilder

Submitted by gwolf on Fri, 02/15/2019 - 13:37

Wow.
I use a traditional, spinning rust hard drive as my main volume:

  1. $ /dev/sda2 on / type btrfs (rw,relatime,compress=zlib:3,space_cache,subvolid=5,subvol=/)

I just adopted Lars' vmdb2. Of course, I was eager to build and upload my first version and... Hit a FTBFS bug due to missing dependencies... Bummer!
So I went to my good ol' cowbuilder (package cowdancer)to fix whatever needed fixing. But it took long! Do note that my /var/cache/pbuilder/base.cow was already set up and updated.
  1. # time cowbuilder --build /home/gwolf/vcs/build-area/vmdb2_0.13.2+git20190215-1.dsc
  2. (...)
  3. real 15m55.403s
  4. user 0m53.734s
  5. sys 0m23.138s

But... What if I take the spinning rust out of the equation?
  1. # mkdir /var/cache/pbuilder
  2. # mount none -t tmpfs /var/cache/pbuilder
  3. # time rsync -a /var/cache/pbuilderbk/* /var/cache/pbuilder
  4.  
  5. real 0m5.363s
  6. user 0m2.333s
  7. sys 0m0.709s
  8. # time cowbuilder --build /home/gwolf/vcs/build-area/vmdb2_0.13.2+git20190215-1.dsc
  9. (...)
  10. real 0m52.586s
  11. user 0m53.076s
  12. sys 0m8.277s

Close to ¹/₁₆th of the running time — Even including the copy of the base.cow!

OK, I cheated a bit before the rsync, as my cache was already warm... But still, convenient!

( categories: )

Raspberry Pi 3 Debian Buster *unofficial preview* image update

Submitted by gwolf on Wed, 02/06/2019 - 11:43

As I mentioned two months ago, I adopted the Debian Raspberry 3 build scripts, and am now building a clean Buster (Debian Testing) unofficial preview image. And there are some good news to tell!
Yesterday, I was prompted by Martin Zobel-Helas and Holger Levsen to prepare this image after the Buster Debian Installer (d-i) alpha release. While we don't use d-i to build the image, I pushed the build, and found that...
I did quite a bit of work together with Romain Perier, a soon-to-become Debian Maintainer, and he helped get the needed changes in the main Debian kernel, thanks to which we now finally have working wireless support!

Romain also told me he did some tests, building an image very much like this one, but built for armel instead of armhf, and apparently it works correctly on a Raspberry Pi Zero. That means that, if we do a small amount of changes (and tests, of course), we will be able to provide straight Debian images to boot unmodified on all of the Raspberry lineup!
So, as usual:
You can look at the instructions at the Debian Wiki page on RaspberryPi3. Or you can just jump to the downloads, at my people.debian.org:

Enjoy!

( categories: )

Back to the teaching business!

Submitted by gwolf on Wed, 01/30/2019 - 23:29

Sometimes, life is measured in semesters.

This is the 13th semester I teach. I can no longer feel a newbie. I am still just a part-time teacher, but I know it's an activity I very much enjoy, and I hope I can at some point manage it to become full-time activity.

After three months of slumber (three weeks of which were the hard vacations, but then there's the intersemestral active period), our university came back to life and full occupation.

Due to one fellow teacher taking a sabbatical, I have the largest group that I have been assigned. 40 students does not seem an easy task! Lets see how it comes...

Anyway... I am happy!

( categories: )

Finally, a sensible increase in participation for Tor in Mexico!

Submitted by gwolf on Wed, 01/09/2019 - 19:23

/Known fact: Latin America's share of participation in different aspects of the free software movement is very low.

There are many hypotheses for this, but all in all, it's mainly economics related: Only a tiny minority of us in this geographic region can spare the time, energy and money needed to donate part of our work and life to a project, no matter how much we agree with it. Of course, this cannot explain it wholly; there are many issues that further contribute with this low participation. Free software development is mostly carried out in English (much more so even than programming in general, although basically any programing language "reeks" of English).

In mid-2017, the Tor project acknowledged this and created the Global South Initiative. At first, I heard about it when the global-south@lists.torproject.org mailing list was started, and started interacting there right away. Roughly a month later, we started to plan for what is now our research/documentation project. We even managed to somehow attract the Tor community at large for the Tor Meeting last September/October in Mexico City (which was a *great* opportunity!)

One of the issues we have been pushing for, with marginal success rate until very recently, is to get more people involved running Tor relays or, if possible, exit nodes. Of course, when I asked officially for permission to set up an exit node at the university (I want to do things the right way), I was right away slammed and denied.

But... Patience, time, hardware donation by Derechos Digitales, and some determination have led us to the fact that... 18 months ago, we only had one or two active Tor relays. Now, the reality is finally changing!

Thanks to many individuals willing to donate their time and resources, we currently have eleven relays (eight of them which I can recognize by name and thank their respective owners — The linked page will probably give different results, as it varies over time).

As for the diversity this brings to the network, it's well summed up by the aggregated search:

Four autonomous systems; the only ISP that's usable for home users we have been able to identify is Axtel, with which we have five relays currently running; three at UNAM, the biggest university in the country; one in CINVESTAV, an important research facility; finally, one in Mega Cable, which surprises me, as Mega Cable does not provide a reachable IP for any of the subscribers we have probed! (Maybe it's run by corporate users or something like that?)

And, very notably: I have to recognize and thank our friends at Red en Defensa de los Derechos Digitales (R3D), as they have set up our –so far– only exit node (via the Axtel ISP). Wow!

Ten relays, mind you, is still a tiny contribution. Due to the bandwidth we are currently able to offer (and many many many other factors I cannot go into details, as I don't even know them all), Mexico as a country is currently providing approximately 0.05% (that is, one out of each 2000) Tor connections as a guard (entry) node, a slightly higher amount as a middle node, and a slightly lower amount as an exit node. But it is steadily increasing, and that's great!

( categories: )
Syndicate content