Show Navigation
Notices by Mike Gerwitz (mikegerwitz@social.mikegerwitz.com), page 11
-
It's difficult to have useful conversations about mobile tracking when people say "your phone / mobile device tracks you". The phone is just a computer.
The networks that you connect to can spy on you---your cellular network, bluetooth, wifi, etc. To help mitigate these threats, you can disable those communications until you are in a safe place that you don't mind others knowing about. This can really only be guaranteed with a hardware switch---iOS now lies to its users when they ask to disable those communications, for example.
The software running on your device spys on you: the operating system itself often spies; the apps you install often spy. This is the fault of the individual _authors_---_they_ are the problem. Consider using free/libre software that empowers you and serves _you_ rather than its creators; it's much harder to hide secrets in free software. On Android, consider using only free software available in F-Droid. We also need fully free mobile operating systems, like Replicant and hopefully Purism's Librem 5 that is still under development.
Call out those that do harm---don't veil and protect them using statements like "your phone tracks you". Talks about the specific issues. Demand change and have the courage to reject them entirely. That involves inconvenience and sacrifice, but if we're strong now, then in the near future, perhaps we won't have to make any sacrifices, much like the fully free GNU/Linux system desktops we have today.
-
Watching some #LibrePlanet 2018 videos for sessions that I wasn't able to attend. Looks like most/all of them are posted now:
https://media.libreplanet.org/
-
Anyone subscribe to Mozilla e-mails? I forget what list. But they provide links that are nothing but a long unique identifier, which I can only assume to be unique per recipient. Further, they mask the actual destination, which is a security risk. I have never followed one of the links in the e-mails, which is unfortunate, given that some of them do sound interesting.
I have replied on a couple of occasions asking them to please stop doing that, but I haven't received an acknowledgement. Indeed, I'm not even sure if it goes anywhere. Maybe others can speak up as well. Or maybe someone seeing this message is or knows a Mozillian to forward this concern to.
-
@gamehawk Did they end up using the microcode updates or have to work around it in other ways?
-
@cwebber Oh, do let me know your experiences in agonizing detail! I talked to them for a good 20m or so at LP and was impressed by the details of some of their work. I was mainly talking to them about some security features.
I really would like a modern laptop. But getting rid of the X200 will be hard, in part for the same reason you mentioned: a dock. We have USB-C docks at work and I despise the thing. Hardware docks Just Work. But I haven't done any research on USB-C docks on GNU/Linux.
I also asked them if they have plans to add a TrackPoint device. Unfortunately, they said it'd take too much re-working of the hardware, so it's not something they'd do right now. :(
-
Some #Spectre/#Meltdown Intel microcode update observations:
At work we have the same hardware for each of the developers (corporate-mandated Windows laptops). We develop in GNU/Linux VMs. We received them when we were purchased back in April by a larger company.
There's a full compiler stack I wrote for the development of certain systems. It uses Saxon and is therefore really heavy on resources (and syscalls). Lots of inefficiencies. (Don't write your next compiler stack in XSLT. I wouldn't have if I knew it was going to become what it is today.)
I noticed that newer devs' systems, with identical configurations, were taking more than twice the amount of time to compile the same software using this stack. A coworker and myself spent a bit of time debugging and it was eventually found to be the microcode. Once my coworker updated his Intel microcode and BIOS to include the Spectre and Meltdown mitigations, the virtualization performance was terrible---over 100% performance degredation in this case (~5m for a normal build without mitigations, ~12m after mitigations). That's far worse than any benchmarks I've read. Disabling the microcode mitigations restored performance to previous levels.
What a mess.
-
I can finally get back to everything I was doing a couple months ago. I feel rather relieved.
No more research talks for me for a couple years at least. The past couple years have been >80hrs each. I'll stick with things I know well and can put together in a fraction of the time.
-
@mchlrch Thanks. I ran out of time to prepare and completely butchered the beginning, but I'm glad some people found the topics interesting.
I wasn't aware of the Archimedean Oath---thanks for sharing.
-
@dthompson @cwebber @mlemweb @diggity @privacylab Yes it was a great time. We had some good conversations. Looking forward to seeing you all again next year!
-
I give my talk "The Ethics Void" in just over a week at #LibrePlanet2018. For those interested in attending or watching remotely, please consider watching or glancing at the slides for my talk last year, "The Surreptitious Assault on Privacy, Security, and Freedom"; I'll be touching on a number of examples and concepts from that talk, and a better understanding of the issues will help you to appreciate some of the moral consequences:
https://social.mikegerwitz.com/url/17200
But you won't be lost without it.
There's a great list of speakers and sessions; check it out, and please join us!
https://libreplanet.org/2018/
-
@fsf's annual report is out: https://static.fsf.org/nosvn/annual-reports/FY16_LR.pdf
-
@catonano certainly---the topological sort part was a joke (the graph has cycles, and an algorithm to choose the "correct" sort would be the human creativity).
But the graph on its own is very useful in mapping out thoughts and discovering relationships that might be suited for certain sections of the talk. Dense portions of the graph might benefit from reduction (too granular---would take up too much time). Cycles show chicken-and-egg situations that are always fun to introduce in talks/presentations. Nodes with the most edges may demonstrate core concepts, or it may demonstrate that too much research / focus is being placed on something that it shouldn't be (isn't a core topic). Etc.
Other people call them "mind maps" (though I haven't researched the formalities of mind maps, so I can't really say much about them.)
-
When writing a compiler/linker, when I need to know what order to put things in, I perform a topological sort of the dependency graph.
When writing a complex talk, when I need to know what order to put things in, perhaps I should perform a topological sort of a dependency graph...!
I'm writing a dot file right now to graph the relationships between all the topics for my talk to figure out how I should organize and eliminate them. Not what I expected to be doing. And unfortunately I can't just take the first topological sort and call it a day. The resulting talk wouldn't be very good.
Step one should be get back to work instead of using GNU Social as a procrastination tool.
#LibrePlanet2018
-
@sajith
> I will be at LibrePlanet. :-)
Great! Please do stop over and say hello.
-
@pho4cexa Thanks. Yes, unfortunately virtually every ethics mention I've been researching is precisely about the topics mentioned in the ACM Code of Ethics _and Professional Conduct_. As you mention, it is void of the strongest ethical concerns from the perspective of software freedom.
-
@cwebber Oh, interesting---I'd love to hear your thoughts! I have no formal CS education either (I didn't attend college at all), and I also have no formal ethics education; I'm giving myself a crash-course on pertinent topics.
But if it's anything like the last two years, I'll over-research and have to cut half of it out of my talk.
-
@sajith Thanks for your response. I'm assuming you meant "Indiana", not "India", based on the link you provided. :)
I'm considering maybe getting into contact with some universities in the US to see what their thoughts are on these issues. But I think it might have to be post-talk activism; I don't have much time to reach out. I'll note your university.
-
As part of my research for my #LibrePlanet2018 talk:
Those of you who had formal education for programming: how many of you were taught about any sort of ethical issues as a core part of your education---as a _part_ of the material, not alongside it? And how many were taught about ethics as an aside, or separate course?
Please include your educational institution/organization/resources. Feel free to e-mail me at mtg@gnu.org if you don't want to respond publicly. If you are an educator that teaches about ethics in the classroom or in your materials, I'd love to hear from you as well.
Mike Gerwitz
All Jonkman Microblog content and data are available under the