There's a new episode of @librelounge out where we interview Ludovic Courtès about Guix! Functional programming? Functional package managers? Distros? Reproducibility? It has all the cool things! https://librelounge.org/episodes/episode-23-guix-with-ludovic-court%C3%A8s.html
Notices by Mike Gerwitz (mikegerwitz@social.mikegerwitz.com), page 2
-
Christine Lemmer-Webber (cwebber@octodon.social)'s status on Friday, 21-Jun-2019 17:48:40 EDT 
Christine Lemmer-Webber
-
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Thursday, 20-Jun-2019 23:04:47 EDT 
Mike Gerwitz
I decided to occasionally pop back onto IRC when I'm free at night. I miss the real-time chat, but I don't often have time for it.
Catch me on freenode, nick mikegerwitz. I'll be in #gnu, #fsf, #guix, and some others. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Wednesday, 12-Jun-2019 22:00:33 EDT
Mike Gerwitz
I really enjoyed this Purism "'See Your Junk' - Behind the scenes" post and video, which goes into some detail on professional video production using free software:
https://puri.sm/posts/see-your-junk-behind-the-scenes/
Thanks @purism for taking the time to put that together, especially since it's such a specialized domain that many people don't have exposure to. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Monday, 10-Jun-2019 21:27:36 EDT
Mike Gerwitz
On the topic of #privacy and #surveillance, I often seen arguments that can be phrased as: "if someone you loved were lost, wouldn't you do everything you could to find them?"
Of course I would. I have two young children. They mean more to me than anything, and that includes my principles. I can't imagine the desperation I would feel if they were lost, and I would do almost anything to find them.
And that's part of the problem. We have these pervasive surveillance systems---be it government or civilian (like Ring)---that produce enormous amounts of data. We have mobile devices, cars, ALPRs, and such tracking most every person's moves. We have services analyzing DNA for family history being used for other uses. So on and so fourth.
And it doesn't matter what those data are collected for---maybe it's for certain purposes now, but once enough people become desperate enough, they'll be used for other things too. Even if those people think it's wrong to do so.
We need to avoid putting these systems in place to begin with. That's the only way we can't be tempted by them in difficult times.
And when something does happen, people say, "but if we had X, I wouldn't have lost the person I love". The problem is: it's impossible to satisfy that argument. You can never have enough. And as a consequence, the lives of everyone are affected, not just those who are in that terrible situation.
These aren't easy decisions to make. I say that as both an activist for user privacy, and as a father. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Sunday, 09-Jun-2019 23:21:51 EDT
Mike Gerwitz
@mangeurdenuage Any solution to any problem can be viewed as a specific application of some more general principle, recursively. If you first write that more general program, and then write the program you were _going_ to write in terms of that general program, then it might be useful for a larger class of problems, and more interesting to write (...also recursively). And it may also take orders of magnitude longer to write, and require more research, and possibly never get written.
As a professional, one learns to identify and avoid this problem, unless generalization is warranted (perhaps through incremental development). Yet at home, I fail to control myself. Which leads to a whole lot of interesting research, and a whole lot of incomplete projects. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Sunday, 09-Jun-2019 22:49:04 EDT
Mike Gerwitz
How I doom almost every personal project I start to work on: "Oh, I could generalize this." -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Sunday, 09-Jun-2019 22:14:53 EDT
Mike Gerwitz
cnet: "Amazon's helping police build a surveillance network with Ring doorbells"
https://www.cnet.com/features/amazons-helping-police-build-a-surveillance-network-with-ring-doorbells/ -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Thursday, 06-Jun-2019 23:59:54 EDT
Mike Gerwitz
https://news.stanford.edu/2019/06/05/edit-video-editing-text/
This is impressive, and concerning. This is only going to get more convincing.
A method like watermarking doesn't make sense---someone will just develop a system for their own use that _doesn't_ use watermarking. There's no choice but to develop better forensic tools.
Inevitably, one day, those too will fail. If you want to know that something legitimately originated from someone, we need to do so cryptographically. If you want to know that something was legitimately recorded and unaltered by the legitimate source of the video, well, there'll always be a way around that. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Wednesday, 15-May-2019 22:06:01 EDT
Mike Gerwitz
@cwebber Ah, well, to actually answer your question:
- I generally prefer to mitigate issues, even if that means inconvenience or lack of performance. I put a great deal of time into making life intentionally difficult for myself, for many different things, in the name of security.
- In certain circumstances, I may choose not to adopt that practice depending on my threat model and the tradeoffs.
- For people who aren't able to understand the risks and tradeoffs thoroughly, I'd recommend that they go with less performant systems in favor of mitigations.
- BUT, in the context of Intel, their microcode updates are non-free, and so I won't install them, and I won't recommend that people install them. But I will warn them of the risks.
TBH this is the main thing making me wary of purchasing a Purism laptop---I really would like to eventually, but I'm having a lot of trouble justifying using an Intel processor (or most modern hardware, for that matter, that isn't libre) for any computing that I may consider sensitive. And a personal laptop inevitably falls under that category.
It's a shitty situation. But yes, I would consider purchasing a computer that's 3x slower for personal computing. If I'm doing something CPU or memory intensive like compilation, I usually offload to a separate box anyway, since that isn't usually sensitive. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Tuesday, 14-May-2019 20:45:08 EDT
Mike Gerwitz
@cwebber Oh, I would certainly advocate for libre hardware. What I was replying to was your original message:
> Would you buy/use a computer that ran 3x slower than modern machines if it were more secure (less vulnerable to side-channel attacks)?
I interpreted this as buying a modern e.g. Intel processor that has Meltdown/Spectre microcode mitigations, which can cut performance of certain processes by half (which we have to deal with at work).
But RISC-V is another story. We actually gain something substantial there. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Tuesday, 14-May-2019 05:01:28 EDT
Mike Gerwitz
@cwebber @lxoliva Certainly we need to trust it as well. But if you're installing software on your system, there are generally other, more effective ways to compromise the user than resorting to side-channels.
But ensuring your software is signed and reproducible also helps to mitigate targeted attacks---if you're running the same software that everyone else is running, then the risk is very high for someone to do something malicious and tarnish their reputation.
Many users just `curl foo | sudo sh` the latest hot thing as they're instructed. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Sunday, 12-May-2019 22:51:25 EDT
Mike Gerwitz
@lxoliva had some compelling words about this at LP2019:
https://media.libreplanet.org/u/libreplanet/m/who-s-afraid-of-spectre-and-meltdown/
I don't know if your comment related at all to Spectre, but---if all the software running on your system is free software, what is there to fear? And I agree.
The biggest trouble is that people often run non-free and untrusted code all of the time in their web browsers, and don't see it as a software freedom or security issue. It's important to recognize it for what it is---untrusted, unsigned, ephemeral software---if you're going to consider security tradeoffs when it comes to certain mitigations. I personally don't run JS at all, even if it's free, with very few exceptions, because it's unsigned. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Thursday, 09-May-2019 22:15:30 EDT
Mike Gerwitz
Video for my #LibrePlanet 2019 talk "Computational Symbiosis: Methods That Meld Mind and Machine" is now available, and includes the slides:
https://social.mikegerwitz.com/url/74281
The PIP does slightly cover some slide contents. PDF of the slides is here:
http://mikegerwitz.com/talks/cs4m.pdf
Errata posted here:
https://social.mikegerwitz.com/conversation/177288#notice-260018 -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Wednesday, 01-May-2019 22:20:26 EDT
Mike Gerwitz
@dthompson I bought it more than a couple years ago, so I don't recall what I paid back then, but I thought it was >=60USD. The current Nitrokey Pro 2 price is ~54USD.
Absolutely worth it, though. I use it every day for SSH, signing email, commit signing, decrypting personal files, and some other things.
The U2F one is ~25USD, but it's not a smart card. -
Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Monday, 29-Apr-2019 22:33:30 EDT
Mike Gerwitz
@dthompson They demoed the PureBoot process at LibrePlanet, using the key, and it looks great. I have a Nitrokey Pro---which is all their key is, plus the extra LED---and they said it'd work with that.
I asked them two years ago at LP if they'd consider adding Trackpoint, and it wasn't something they were going to do at the time. That's going to be a major disappointment for me as well. But there are keyboards that have it built in (of course that doesn't help on the go).
@cwebber did you ever get a chance to find/use a USB-C dock? -
Christine Lemmer-Webber (cwebber@octodon.social)'s status on Saturday, 20-Apr-2019 14:01:48 EDT
Christine Lemmer-Webber
Jetblue is rolling out a procedure where they identify customers not by their boarding pass or passport, but by facial recognition provided by the Department of Homeland Security https://twitter.com/mackenzief/status/1118509708673998848 http://mediaroom.jetblue.com/investor-relations/press-releases/2018/11-15-2018-184045420
Makes me feel sick to my stomach. I should stop flying places.
-
Christine Lemmer-Webber (cwebber@octodon.social)'s status on Saturday, 20-Apr-2019 14:07:05 EDT
Christine Lemmer-Webber
@sl007 I didn't but :(
All Jonkman Microblog content and data are available under the