Source files of fsfe.org, pdfreaders.org, freeyourandroid.org, ilovefs.org, drm.info, and test.fsfe.org. Contribute: https://fsfe.org/contribute/web/ https://fsfe.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

nl-201405.en.xhtml 14KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275
  1. <?xml version="1.0" encoding="UTF-8" ?>
  2. <html newsdate="2014-05-05" type="newsletter">
  3. <head>
  4. <title>FSFE Newsletter - May 2014</title>
  5. </head>
  6. <body class="newsletter article" microformats="h-entry" id="nl-201405">
  7. <h1 class="p-name">FSFE Newsletter – May 2014</h1>
  8. <h2>Heartbleed and economic incentives</h2>
  9. <p newsteaser="yes">You probably heard about the bug in the Free Software OpenSSL nicknamed
  10. "heartbleed". <a href="https://fsfe.org/news/2014/news-20140424-01.en.html">The
  11. FSFE already welcomed the industry initiative to fund critical Free Software
  12. projects</a>, and the topic was discussed in several blog articles on the
  13. planet: <a href="https://blogs.fsfe.org/samtuke/?p=718">Sam Tuke wrote about
  14. his impression</a>, Hugo Roy <a
  15. href="http://hroy.eu/notes/openssl-tragedy/">shared an XKCD comic explaining
  16. how heartbleed works</a>, and Martin Gollowitzer wrote about <a
  17. href="https://blogs.fsfe.org/gollo/2014/04/13/what-the-heartbleed-bug-revealed-to-me/">what
  18. the Heartbleed bug revealed to him</a> about StartSSL certificate
  19. authority.</p>
  20. <p>But your editor is convinced that the main problem is not OpenSSL. It is not
  21. Free Software. It is about companies not taking responsibilities and about
  22. missing economic incentives to ensure security. Security expert <a
  23. href="https://www.schneier.com/blog/archives/2006/06/economics_and_i_1.html">Bruce
  24. Schneier wrote in 2006</a>:</p>
  25. <blockquote><p>"We generally think of computer security as a problem of
  26. technology, but often systems fail because of misplaced economic incentives:
  27. The people who could protect a system are not the ones who suffer the costs of
  28. failure."</p></blockquote>
  29. <p>In a nutshell, if your private data is exposed because your health
  30. insurance, where it is stored, did not take care to secure it, you suffer to a
  31. much higher degree than the health insurance does! You are in no position to
  32. pressure the health insurance to change its level of security, and they have no
  33. economic incentive to do so. In the article Schneier further explains that the
  34. liability for attacks is diffuse and that "the economic considerations of
  35. security are more important than the technical considerations".</p>
  36. <p>Following the argument, the important question we face is, how can we give
  37. the right economic incentives to ensure that: security relevant software has
  38. the proper funding; third parties are auditing code; more people are trained in
  39. computer security; programmers have time for maintenance and are not forced to
  40. just develop new features; we have a <a
  41. href="https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations">diversity
  42. of software</a> for different special purposes and therefor prevent <a
  43. href="https://www.schneier.com/blog/archives/2014/04/dan_geer_on_hea.html">software
  44. monocultures</a>; companies run secure software instead of just giving people a
  45. good feeling by performing a security theatre or by delegating responsibility
  46. to others (for example the government), so they can be blamed if there is a
  47. problem, and that also the security interest of private users is fulfilled and
  48. not just those of big cooperations.</p>
  49. <p>In the FSFE we thought about how to give good economic incentives for Free
  50. Software development from the beginning, and now we have to think more about
  51. economic incentives to increase security. It is a difficult area, so we are
  52. looking forward to your comments on this topic and invite you <a
  53. href="/contact/community.html">to discuss it on our public mailing
  54. lists</a>.</p>
  55. <h2>Internet Censorship and Open Standards</h2>
  56. <p>Local elections scheduled across the country for the following day, the
  57. government blocking both YouTube and Twitter, and the usage numbers of the Free
  58. Software anonymity software Tor doubling during the week. Is there a better
  59. time for the FSFE's President to go to this country? At the annual conference
  60. of the Turkish GNU/Linux Users Association in Istanbul Karsten Gerloff talked
  61. about the relationship between technology and power, and made it to the front
  62. page of a national newspaper by mentioning who sold the software to block the
  63. internet. Karsten wrote a <a
  64. href="https://blogs.fsfe.org/gerloff/2014/04/29/interesting-times-speaking-about-free-software-in-istanbul/">
  65. summary of his talk and his journey in his blog</a>.</p>
  66. <p>The talk would not have happened without our Turkish volunteer Nermin Canik,
  67. who encouraged us to attend the conference. Nermin has been working steadily
  68. and reliably as a volunteer for a couple of years now. Together with other
  69. volunteers she organised <a
  70. href="http://documentfreedom.org/events/events.html">Document Freedom Day</a>
  71. (DFD) events in Turkey. This year, although as mentioned above it was a hard
  72. time for people in Turkey who care about freedom, they accomplished 7 events in
  73. Istanbul, Ankara, Çayırova, Denizli, and Adana.</p>
  74. <p>Have a look at the <a
  75. href="http://documentfreedom.org/news/2014/news-20140424-01.html">Document
  76. Freedom Day 2014 Report</a> to find out what happened in Turkey and around the
  77. world during that day. The report includes lots of pictures ranging from
  78. children celebrating DFD at school, the new leaflets, comic, and t-shirts, as
  79. well as the very delicious looking cakes. Thanks to our Turkish <a
  80. href="http://fsfe.org/contribute/translators/translators.html">translator</a>
  81. Tahir Emre and our leaving intern Matti Lammi the report and the whole DFD
  82. website are also available in Turkish and Finnish.</p>
  83. <h2>Something completely different</h2>
  84. <ul>
  85. <li>The German association <a href="https://www.teckids.org/">Teckids e.V.</a>
  86. offers workshops for 10 to 16 year olds to build robots with different sensors
  87. (light, sound, or ultrasonic) and program them to do cool things by using Free
  88. Software. Your editor was delighted to see that in those workshops <a
  89. href="https://blogs.fsfe.org/mk/teenagers-teach-how-to-program-robots-with-free-software/">teenagers
  90. teach other teenagers how to tinker with Free Software</a>. More news about
  91. education are covered by Guido Arnold in the <a
  92. href="https://blogs.fsfe.org/guido/2014/04/free-software-in-education-news-march/">Free
  93. Software education news</a>.</li>
  94. <li>News from the public administration: <a
  95. href="https://joinup.ec.europa.eu/community/osor/news/galicia-recommends-use-open-document-format">The
  96. government of Galicia recommends use of Open Document Format</a> and a <a
  97. href="https://joinup.ec.europa.eu/community/news/swiss-school-invests-open-source-savings-education">school
  98. in Villmergen/Switzerland is satisfied with Free Software</a> as they can now
  99. invest more money in education.</li>
  100. <li>143 of the politicians newly elected in France's municipal elections have
  101. pledged their support for Free Software. They all <a
  102. href="https://joinup.ec.europa.eu/community/news/143-french-politicians-pledge-support-free-software">signed
  103. the Free Software Pact by the French Free Software organisation April</a>. The
  104. FSFE congratulates them for the good job. Please notice that this month's "Get Active"
  105. item, always at the end of the newsletter, is also about the Free Software
  106. Pact and how you can help us.</li>
  107. <li>From the <a href="http://planet.fsfe.org">planet aggregation</a>: </li>
  108. <ul>
  109. <li>Ghostery is an browser extension supposed to help users against tracking
  110. and surveillance on the web. <a
  111. href="http://hroy.eu/notes/avoid_ghostery-proprietary/">But as Hugo Roy
  112. reports</a>, the problem is that Ghostery is not released as Free
  113. Software.</li>
  114. <li>Guido Günther reports from <a
  115. href="http://honk.sigxcpu.org/con/Bits_from_the_7th_Debian_groupware_meeting.html">the
  116. 7th Debian groupware meeting</a> at the Linuxhotel including why the
  117. participants, of whom all but one are FSFE Fellows, took the decision to remove
  118. iceowl (calendar) or what they did with icedove (e-mail).</li>
  119. <li>Our Fellow Number 1, wrote about <a
  120. href="https://blogs.fsfe.org/mario/?p=205">KDE e.V., families at Free Software
  121. meetings, especially at the meetings in Randa Switzerland</a>, and he <a
  122. href="https://blogs.fsfe.org/mario/?p=224">made some proposals for future KDE
  123. releases</a>.</li>
  124. <li>Karl Beecher explains <a
  125. href="http://computerfloss.com/2014/04/chapter-0-programmers-start-counting-zero-2/">why
  126. Programmers Start Counting at Zero</a>.</li>
  127. <li>Carsten Agger gave a <a
  128. href="https://blogs.fsfe.org/agger/2014/04/10/speaking-about-open-data-and-hacktivism/">talk
  129. about Open Data and Hacktivism at the hackerspace in Aarhus</a>. He also
  130. participated at the first International Festival for Technoshamanism. <a
  131. href="https://blogs.fsfe.org/agger/2014/04/18/participating-in-the-1st-international-festival-for-technoshamanism/">He
  132. explains what Technoshamanism is</a>, what it has to do with Free Software, and
  133. <a
  134. href="https://blogs.fsfe.org/agger/2014/04/25/opening-the-1st-international-festival-of-technoshamanism/">reports
  135. from the first day</a>.</li>
  136. <li>Hugo Roy takes a look at the GNU GPL in a javascript outliner: <a
  137. href="http://hroy.eu/posts/gpl-js-bs/">"GNU GPL, JS and BS"</a> and he wrote
  138. about <a href="http://hroy.eu/posts/innovation-policy/">Innovation policy and
  139. Internet liability in courts–beyond advertising</a> with the conclusion that
  140. "we need to take back control of innovation and technology policy to foster
  141. privacy and freedom; more than ever."</li>
  142. <li>Konstantinos Boukouvalas wrote about <a
  143. href="https://blogs.fsfe.org/boukouvalas/?p=546">the OSCAL conference in
  144. Albania</a> (3-4 May) which is <a
  145. href="https://joinup.ec.europa.eu/community/news/albania-youth-ministry-supports-open-source-meeting">supported
  146. by Albania's Ministry of Youth and Social Welfare</a>. They keynote there was <a
  147. href="http://oscal.openlabs.cc/speakers/">done by FSFE's Erik Albers</a>.</li>
  148. <li>On a technical side: <a
  149. href="https://blogs.fsfe.org/guido/2014/04/key-signing-with-caff/">Guido Arnold
  150. explains the advantages of using caff for keysigning</a>, which is part of the
  151. keysigning-party package on Debian based systems.</li>
  152. <li>Kevin Keijzer's new bedroom is now <a
  153. href="https://blogs.fsfe.org/the_unconventional/2014/03/29/my-new-bedroom-htpc-gigabyte-brix/">equipped
  154. with a new Free Software computer</a> and he documented <a
  155. href="https://blogs.fsfe.org/the_unconventional/2014/04/20/acer-c720-chromebook-debian-gnu-linux/">how
  156. to install Debian GNU/Linux on the Acer C720 Chromebook</a>.</li>
  157. <li>Jens Leuchtenbörger explains how to do <a
  158. href="https://blogs.fsfe.org/jens.lechtenboerger/2014/04/05/certificate-pinning-for-gnulinux-and-android/">Certificate
  159. Pinning for GNU/Linux and Android</a>.</li>
  160. <li>When Daniel Pocock upgraded an Android device he <a
  161. href="http://danielpocock.com/android-betrays-tethering-data">"found out that
  162. Android betrays the tethering data"</a>, after he received a lot of feedback he
  163. wrote <a href="http://danielpocock.com/tethering-and-petrol-charges">a
  164. follow-up article because people justified the way mobile networks try to
  165. discriminate against tethering</a> after his first blog entry. Also read <a
  166. href="https://blogs.fsfe.org/pboddie/?p=769">Paul Boddie's comment about the
  167. second article</a>.</li>
  168. <li>Furthermore Daniel wrote about <a
  169. href="http://danielpocock.com/sms-logins-an-illusion-of-security">problems with
  170. SMS logins</a>, <a
  171. href="http://danielpocock.com/airbnb-hosts-scanning-copying-passports">how his
  172. AirBNB hosts wanted to scan his identity documents and passports</a>, and <a
  173. href="http://danielpocock.com/best-rtc-voip-softphone-linux-desktop">the best
  174. real-time communication (RTC / VoIP) softphone on the GNU/Linux
  175. desktop</a>.</li>
  176. </ul>
  177. </ul>
  178. <h2>Get active: Make the Free Software Pact a success!</h2>
  179. <p>As we <a href="/news/2014/news-20140304-01.html">wrote in March</a>,
  180. candidates pledging for Free Software is a good way to take them at their word
  181. after an election. In Future we can contact them whenever there will be EU
  182. legislation to be passed that might endanger the existence or growth of Free
  183. Software.</p>
  184. <p>After FSFE's volunteers did a lot of translations for the pact, April now
  185. published all necessary information on the <a
  186. href="http://freesoftwarepact.eu/">Free Software pact website</a> so you can
  187. get active.</p>
  188. <p>In Italy our new intern Michele Marrali already contacted 51 candidates. He
  189. searched for the candidates, used <a
  190. href="https://blogs.fsfe.org/eal/2014/04/23/the-free-software-pact-for-the-european-elections-2014/">Erik's
  191. template</a> (also <a
  192. href="https://blogs.fsfe.org/eal/2014/04/23/der-freie-software-pakt-eu">available
  193. in German</a>) to contact them, and afterwards noted on <a
  194. href="https://public.pad.fsfe.org/p/freesoftwarepact-eu-candidates">our pad
  195. whom he already contacted</a>. His goal is to contact every Italian candidate
  196. and get them to sign the pact. So how many can you contact?</p>
  197. <p>In case you do not have time to participate in this "hobby lobby
  198. competition", consider to <a href="/donate/donate.html">make a donation</a> so
  199. we can offer the most active volunteers <a href="/order/order.html">some
  200. rewards from our shop</a>.</p>
  201. <p>Thanks to all the <a href="/contribute/contribute.html">volunteers</a>, <a href="http://fellowship.fsfe.org/join">Fellows</a> and
  202. <a href="/donate/thankgnus.html">corporate donors</a> who enable our work,<br/>
  203. <a href="/about/kirschner">Matthias Kirschner </a> - <a href="http://www.fsfe.org">FSFE</a></p>
  204. <!--/e-content-->
  205. </body>
  206. <sidebar promo="about-fsfe"><!--
  207. <h3>FSFE News</h3>
  208. <ul>
  209. <li><a href="/news/">Press Releases</a></li>
  210. <li><a href="/news/newsletter.html">Newsletters Archive</a></li>
  211. <li><a href="/events/">Upcoming Events</a></li>
  212. <li><a href="http://planet.fsfe.org/">Planet Blogs</a></li>
  213. <li><a href="/contact/community.html">Free Software Discussions</a></li>
  214. </ul>
  215. --></sidebar>
  216. <author id="kirschner" />
  217. <date>
  218. <original content="2014-05-04" />
  219. </date>
  220. <followup>donate</followup>
  221. <tags>
  222. <tag>newsletter</tag>
  223. <tag>Heartbleed</tag>
  224. <tag>DFD</tag>
  225. <tag>ayc</tag>
  226. </tags>
  227. </html>
  228. <!--
  229. Local Variables: ***
  230. mode: xml ***
  231. End: ***
  232. -->