Notices by clacke (clacke@social.heldscal.la), page 30

Benjamin Mako Hill (mako@social.coop)'s status on Tuesday, 22-May-2018 20:09:19 EDT Benjamin Mako Hill

Check out my (~15m) talk at @opendevconf@twitter.com where I explain why it's critical that free/libre/open source software projects shouldn't rely on proprietary tools: https://www.youtube.com/watch?v=U_nK6nP_RCY
It's a talk version of https://mako.cc/writing/hill-free_tools.html from 2010. Sadly still relevant.
In conversation Tuesday, 22-May-2018 20:09:19 EDT from social.coop permalink Repeated by clacke
Attachments
1. Invalid filename.
  
  Free Software Needs Free Tools
  
  By OpenDev from YouTube
clacke (clacke@social.heldscal.la)'s status on Wednesday, 23-May-2018 05:55:14 EDT clacke
- BjarniBjarniBjarni 🙊 🇮🇸 🍏
@herrabre Right! I missed that part too. Maybe because I still don't talk out loud. So the rubber duck effect has at least three identifiable components:

1. Preparation for exposing your thoughts and activities
2. Physically expressing them
3. Actually hearing them and engaging those parts of the brain too

Each of these steps adds another more intense and visceral layer for identifying whatever bullshit your are trying to get away with hiding from yourself.

In conversation Wednesday, 23-May-2018 05:55:14 EDT from social.heldscal.la permalink
clacke (clacke@social.heldscal.la)'s status on Wednesday, 23-May-2018 05:49:21 EDT clacke

Today's music: Mike Oldfield's "Exposed", the concert version of "Incantations"

https://hooktube.com/yF3YWq2w42g
https://hooktube.com/lq397Dgf88M

In conversation Wednesday, 23-May-2018 05:49:21 EDT from social.heldscal.la permalink
Nextcloud News (unofficial) (ncnews@libranet.de)'s status on Wednesday, 23-May-2018 05:08:42 EDT Nextcloud News (unofficial)
Nextcloud releases GDPR Compliance kit for on-premises collaboration solution

Many companies have been working hard to ensure they are GPDR compliant by the end of this week. For many, Nextcloud has been a part of that, simplifying compliance by helping companies keep sensitive data in-house. Today, we release a Nextcloud Compliance Kit to help these organizations comply with the requirements of the GDPR.
GDPR requirements

The GDPR requires businesses and other organizations who handle data from private users to offer clarity about how they use this data as well as a way to access, rectify or delete it. When dealing with a public cloud vendor, data leaves the control sphere of the business and a Data Processing Agreement needs to be signed with the cloud vendor. The business then has to ensure processes are set up to deal with GDPR related requests to be compliant. Keeping data in-house by self hosting negates the need for dealing with one more external party, keeping the whole process in-house and simplifying compliance.

The Data Request application shows buttons to request an export of personal data from the administrator in the user settings

The security requirements demand organizations to take appropriate measures to secure data. A Nextcloud Subscription delivers security patches and consulting based on our expertise and Security Bug Bounty Program, helping Nextcloud customers to make sure that this requirement is met.
Compliance Kit

The kit offers Nextcloud customers tools and documentation to make compliance a checklist-affair. Specific features in two Nextcloud apps and an update, a GDPR compliance steps walk-through and a detailed account of data handling in Nextcloud with instructions on how to extract, modify and delete data as required by law, make up the package.
GDPR compliance is a major concern for many of our customers. Our GDPR Compliance Kit essentially takes these concerns away with regards to the file handling, collaboration and communication capabilities as offered by Nextcloud
— Andreas Rode, head of sales

Nextcloud now offers organizations who host a Nextcloud server apps that help their GDPR compliance, depending on their specific circumstances:
- The Imprint update to the theming app enables businesses to show a link to a legal notice or privacy policy on login
- The Delete Account app http://apps.nextcloud.com/apps/drop_account enables businesses to offer users an easy way to delete their account as required under the GDPR
- The Data Request App http://apps.nextcloud.com/apps/data_request adds a way for users to request data, changes or account deletion from their user settings.
Adding an imprint link to Nextcloud 13

Moreover, Nextcloud offers customers access to a GPDR Compliance Checklist and a nearly 20 page detailed GPDR Admin Manual indicating where data can be found on a typical Nextcloud server and how to handle requests for extracting, rectifying and deleting data.
The GDPR Compliance Kit dealt with all our concerns. The global nature of the research community with frequent collaboration with European researchers and students requires global compliance awareness and an on-premises solution backed by the expertise of Nextcloud GmbH gives us the assurances we need.
— Hans Erasmus, Junior Infrastructure Architect at the North-West University in South Africa.

The User account deletion app allows users to delete an account without administrator assistance.

The apps and GDPR checklist are released to the general public while customers have access to the full compliance kit including GDPR Admin Manual. The apps can be found on the Nextcloud app store https://apps.nextcloud.com/blogs/feed/ while the GDPR checklist can be downloaded from our website https://nextcloud.com/whitepapers. If you have questions about Nextcloud and GDPR compliance, contact us https://nextcloud.com/contact/!

Today, Nextcloud also announces a partnership with Red Hat https://nextcloud.com/blog/nextcloud-and-red-hat-partner-to-provide-gdpr-compliance-friendly-on-premises-collaboration-solution/ to offer full-stack in-house storage and solutions to help customers with GDPR compliance.
#blog, #business, #news, #press release, #release
nextcloud.com/blog/nextcloud-r…
In conversation Wednesday, 23-May-2018 05:08:42 EDT from libranet.de permalink Repeated by clacke
Attachments
1. Invalid filename.
  
  Nextcloud and Red Hat partner to provide GDPR-compliance friendly on-premises collaboration solution
  
  from The most popular self-hosted file share and collaboration platform
  
  Nextcloud and Red Hat partner to provide GDPR-compliance friendly on-premises collaboration solution
2. File without filename could not get a thumbnail source.
  
  White papers, data sheets and analysis
  
  from The most popular self-hosted file share and collaboration platform
  
  White papers, data sheets and analysis
3. File without filename could not get a thumbnail source.
  
  Contact
  
  from The most popular self-hosted file share and collaboration platform
  
  Contact
clacke (clacke@social.heldscal.la)'s status on Wednesday, 23-May-2018 05:21:43 EDT clacke
in reply to
- clacke
> But what you do need to do, to harness the much observed rubber duck debugging effect, is to *talk aloud*.

It's probably super helpful, and I probably should do it, but even when I'm alone I'm basically socially embarrassed over talking to stuffed animals.

But you *do* get the rubber duck effect even when you start writing a bug report or a StackOverflow question, and then never post it because you got the answer on the way of writing it.

As you are preparing to present the question to another person, you won't leave any stone unturned, any measurement unmeasured, because you apply to yourself the future social embarassment of not having done your homework in front of your peers.

When you think to yourself, you get away with all kinds of shenanigans and short-circuited conclusions. Not so when you prepare for communicating to a peer.

But, to reiterate, the vocalization probably helps a lot too. I know I have used my colleagues as rubber ducks when I should have just used a rubber duck. I really should get over that vocalization embarrassment issue.

In conversation Wednesday, 23-May-2018 05:21:43 EDT from social.heldscal.la permalink
clacke (clacke@social.heldscal.la)'s status on Wednesday, 23-May-2018 05:14:01 EDT clacke

> "Andy," Bob said, "I don't want you to pray to the duck. I want you to ASK THE DUCK YOUR QUESTION."

> I licked my lips. "Out loud?" I said.

> "Out loud," Bob said firmly.

> I cleared my throat. "Duck," I began.

> "Its name is Bob Junior," Bob's superintendant supplied. I shot him a dirty look.

> "Duck," I continued, "I want to know, when you use a strap hanger, what keeps the sprinkler pipe from jumping out of the strap when the head discharges, causing the pipe to..."

> In the middle of asking the duck my question, the answer hit me. [...]

> I turned to look at Bob. Bob was nodding. "You know, don't you," he said.

https://siderea.dreamwidth.org/1368412.html

In conversation Wednesday, 23-May-2018 05:14:01 EDT from social.heldscal.la permalink
Wolf480pl (wolf480pl@niu.moe)'s status on Tuesday, 22-May-2018 17:36:27 EDT Wolf480pl
in reply to
- Rysiekúr Memesson
- BjarniBjarniBjarni 🙊 🇮🇸 🍏
@HerraBRE
@rysiek
One of the most important things I've learned about security during last few years is that it consists of not just Confidentiality and Integrity, but also Availability. So a situation where you can't connect to a server, or decrypt a message, is still treated as a security failure. There's often (always?) a tradeoff between Availability and the other two components, but it's not true that security people don't care about Availability.

In conversation Tuesday, 22-May-2018 17:36:27 EDT from niu.moe permalink Repeated by clacke
BjarniBjarniBjarni 🙊 🇮🇸 🍏 (herrabre@mastodon.xyz)'s status on Tuesday, 22-May-2018 14:52:57 EDT BjarniBjarniBjarni 🙊 🇮🇸 🍏

We've actually seen this dynamic before - in e-mail.
Because of spam, the weird technical hoops you had to jump through to run a mail server kept getting more and more insane.
And at the same time, people demand more and more functionality, fancy web interfaces, high availability.
Fast forwared to today: even big universities and governments with dedicated IT departments have given up and pointed their MX records at GMail.
Is the web headed the same way?

In conversation Tuesday, 22-May-2018 14:52:57 EDT from mastodon.xyz permalink Repeated by clacke
BjarniBjarniBjarni 🙊 🇮🇸 🍏 (herrabre@mastodon.xyz)'s status on Tuesday, 22-May-2018 14:44:13 EDT BjarniBjarniBjarni 🙊 🇮🇸 🍏

One of the paradoxes I struggle with in my work, is the conflict between crypto and reliability.
Crypto is important. But it is very binary in nature - either the stars align and you can decrypt, or it fails and there's no recovery. With that kind of binary, reliability suffers. This is inevitable.
As an example, most of the Mastodon downtime I've experienced has been related to minor SSL certificate blunders.
I feel like most of the #InfoSec community wilfully ignores this dynamic.

In conversation Tuesday, 22-May-2018 14:44:13 EDT from mastodon.xyz permalink Repeated by clacke
kaniini (kaniini@pleroma.dereferenced.org)'s status on Wednesday, 23-May-2018 02:45:00 EDT kaniini
- [104, 114, 101, 102].
- KemoNine
@kemonine @href

the Pleroma community ethos is not the same as the ethos of the GNU social instances that Mastodon hates. the Pleroma community ethos is one of finding solutions to problems and keeping out the bullshit, whatever that may be.

yes, it is a different ethos to that of Mastodon, but it is an appropriate ethos considering what we're trying to build -- software anyone is entitled to use and contribute to.

everyone is nice in the Pleroma community, even if they are not necessarily nice in the fediverse, because not being nice means that you will be ignored

In conversation Wednesday, 23-May-2018 02:45:00 EDT from pleroma.dereferenced.org permalink Repeated by clacke
KemoNine (kemonine@social.holdmybeer.solutions)'s status on Wednesday, 23-May-2018 02:48:56 EDT KemoNine
- kaniini
- [104, 114, 101, 102].
@kaniini @href I know this but I'm in a position of convincing others that this is the case.

The pleroma devs are about the code, quality of code and reasonable features and reasonable prioritization of development.

As a professional programmer I <3 this approach.

It can be a pain in the ass to put forth to non-devs though.

I deployed pleroma *because* you and other are decidedly non-assholes by default and focused on building good code and being reasonable about said code.

Aside from the code the pacmaning of gnusocial instances by pleroma puts the non-programmer ethos in a difficult position. I don't assume you are pro-jackass admin but at the same time your software is taking over those instances.

*That* is the hard problem to solve and one I've already argued in favor of pleroma

In conversation Wednesday, 23-May-2018 02:48:56 EDT from social.holdmybeer.solutions permalink Repeated by clacke
kaniini (kaniini@pleroma.dereferenced.org)'s status on Wednesday, 23-May-2018 02:53:51 EDT kaniini
- [104, 114, 101, 102].
@kemonine @href

Indeed, but not all GNU Social instances are bad or evil, and I think most Mastodon users do recognize that.

In fact, the vast majority of GNU social instances are filled with friendly people who share the same values that typical Mastodon users have.

Similarly, if you look at the whole spectrum of Pleroma instances, you'll find that it is basically the same scenario as Mastodon and GNU Social, there are extreme instances using all three softwares, but in reality, most instances are just small, friendly instances with friendly people who just like to have a nice time. In fact, I had a bad interaction with a neo-nazi using Mastodon on Sunday.

In recent months, the discourse that Pleroma is some evil plot to do whatever has mostly died out. I think this is because we have proven that isn't the case. It's just software.

In conversation Wednesday, 23-May-2018 02:53:51 EDT from pleroma.dereferenced.org permalink Repeated by clacke
clacke (clacke@social.heldscal.la)'s status on Wednesday, 23-May-2018 02:53:07 EDT clacke
- Quad 🌸
@quad I don't know what kind of data you're looking for, but I'll just rant on with my own story anyway. :-)

I actually found a "$50 decent" pair for 13 EUR the other year. They were so cheap I figured they'd make half-decent normal headphones if they weren't actually noise-canceling but they might be worth a shot.

They were called Sony PC-130 or PC-13 or something. They weren't even being made any more when I bought them, so it doesn't matter much what they're called. I've used them in the office and on flights, and they cancel (very subjectively) like 50% of airplane noise and 75% of office ventilation noise. I think the really nice Bose ones I have tried years ago canceled like 90% of airplane noise.

The quality that comes with the price has been apparent only in that after a few years, the leather muff on one ear lost its connection to the center, so the foam fluffed out and now that ear is more muffled than the other.

I think the real point of the story may be, buy some really cheap ones, see what they do for you, and then you have a point of reference to explore further. Maybe you could calibrate those audiophile comments on a known pair.

Or, you know, get a $400 pair and they'll probably be $400 decent. :-)

In conversation Wednesday, 23-May-2018 02:53:07 EDT from social.heldscal.la permalink
clacke (clacke@social.heldscal.la)'s status on Tuesday, 22-May-2018 14:45:31 EDT clacke
- JordiGH
@jordigh Ok, so we're just talking random users on some instance, not the development team.

You could say there's a left/right split in the Fediverse, or considerate-speech/free-speech split if you like, and the left side uses more Mastodon and the right side uses more Pleroma, and GS is originally largely left but got an infusion from the right the year before Mastodon. But then there are Nazis on Mastodon instances too, and communists and anarchists on Pleroma. Gay and trans people are spread throughout the platforms.

A lot of us are still here mostly for the free software discussions.

So I think the software is a pretty bad proxy for pre-screening people.

In conversation Tuesday, 22-May-2018 14:45:31 EDT from social.heldscal.la permalink
Open Culture (openculture@mstdn.io)'s status on Tuesday, 22-May-2018 14:00:23 EDT Open Culture
- Open Culture
RT @openculture
"Tsundoku," the Japanese Word for the New Books That Pile Up on Our Shelves, Should Enter the English Language http://www.openculture.com/2014/07/tsundoku-should-enter-the-english-language.html
Original URL: https://twitter.com/openculture/status/998980811763236864
In conversation Tuesday, 22-May-2018 14:00:23 EDT from mstdn.io permalink Repeated by clacke
Attachments
1. File without filename could not get a thumbnail source.
  
  "Tsundoku," the Japanese Word for the New Books That Pile Up on Our Shelves, Should Enter the English Language
  
  By Jonathan Crow from Open Culture
  
  “Tsundoku,” the Japanese Word for the New Books That Pile Up on Our Shelves, Should Enter the English Language
clacke (clacke@social.heldscal.la)'s status on Tuesday, 22-May-2018 14:32:58 EDT clacke
- JordiGH
@jordigh I have had only positive interactions with lain, eal, shpuld and kaniini, but I could see why some people would see it differently, as there are disagreements between Pleroma and Mastodon on which way the Fediverse should go, and people sometimes get exasperated about it.

It probably helps my impression that I have mostly experienced the Mastodon side to be the move fast and break things side, with very little effort to understand Chesterton fences, rather than trying to find compatible ways of adding improvements.

The agreements really are greater than the disagreements though.

In conversation Tuesday, 22-May-2018 14:32:58 EDT from social.heldscal.la permalink
clacke (clacke@social.heldscal.la)'s status on Tuesday, 22-May-2018 14:21:01 EDT clacke
- clacke@libranet.de ❌
- JordiGH
@jordigh I am using the Pleroma front-end on a GNU Social back-end run by the Pleroma lead developer. The foremost of my other accounts (@notclacke) is on an instance with a Pleroma back-end.

In conversation Tuesday, 22-May-2018 14:21:01 EDT from social.heldscal.la permalink

After
Before

Public

Notices by clacke (clacke@social.heldscal.la), page 30

GDPR requirements

Compliance Kit