Source files of fsfe.org, pdfreaders.org, freeyourandroid.org, ilovefs.org, drm.info, and test.fsfe.org. Contribute: https://fsfe.org/contribute/web/ https://fsfe.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

268 lines
13 KiB

<?xml version="1.0" encoding="UTF-8" ?>
<html newsdate="2014-05-05" type="newsletter">
<version>1</version>
<head>
<title>FSFE Newsletter - May 2014</title>
</head>
<body microformats="h-entry">
<h1 class="p-name">FSFE Newsletter – May 2014</h1>
<h2>Heartbleed and economic incentives</h2>
<p>You probably heard about the bug in the Free Software OpenSSL nicknamed
"heartbleed". <a href="/news/2014/news-20140424-01.html">The
FSFE already welcomed the industry initiative to fund critical Free Software
projects</a>, and the topic was discussed in several blog articles on the
planet: <a href="https://blogs.fsfe.org/samtuke/?p=718">Sam Tuke wrote about
his impression</a>, Hugo Roy <a
href="http://hroy.eu/notes/openssl-tragedy/">shared an XKCD comic explaining
how heartbleed works</a>, and Martin Gollowitzer wrote about <a
href="https://blogs.fsfe.org/gollo/2014/04/13/what-the-heartbleed-bug-revealed-to-me/">what
the Heartbleed bug revealed to him</a> about StartSSL certificate
authority.</p>
<p>But your editor is convinced that the main problem is not OpenSSL. It is not
Free Software. It is about companies not taking responsibilities and about
missing economic incentives to ensure security. Security expert <a
href="https://www.schneier.com/blog/archives/2006/06/economics_and_i_1.html">Bruce
Schneier wrote in 2006</a>:</p>
<blockquote><p>"We generally think of computer security as a problem of
technology, but often systems fail because of misplaced economic incentives:
The people who could protect a system are not the ones who suffer the costs of
failure."</p></blockquote>
<p>In a nutshell, if your private data is exposed because your health
insurance, where it is stored, did not take care to secure it, you suffer to a
much higher degree than the health insurance does! You are in no position to
pressure the health insurance to change its level of security, and they have no
economic incentive to do so. In the article Schneier further explains that the
liability for attacks is diffuse and that "the economic considerations of
security are more important than the technical considerations".</p>
<p>Following the argument, the important question we face is, how can we give
the right economic incentives to ensure that: security relevant software has
the proper funding; third parties are auditing code; more people are trained in
computer security; programmers have time for maintenance and are not forced to
just develop new features; we have a <a
href="https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations">diversity
of software</a> for different special purposes and therefor prevent <a
href="https://www.schneier.com/blog/archives/2014/04/dan_geer_on_hea.html">software
monocultures</a>; companies run secure software instead of just giving people a
good feeling by performing a security theatre or by delegating responsibility
to others (for example the government), so they can be blamed if there is a
problem, and that also the security interest of private users is fulfilled and
not just those of big cooperations.</p>
<p>In the FSFE we thought about how to give good economic incentives for Free
Software development from the beginning, and now we have to think more about
economic incentives to increase security. It is a difficult area, so we are
looking forward to your comments on this topic and invite you <a
href="/contact/community.html">to discuss it on our public mailing
lists</a>.</p>
<h2>Internet Censorship and Open Standards</h2>
<p>Local elections scheduled across the country for the following day, the
government blocking both YouTube and Twitter, and the usage numbers of the Free
Software anonymity software Tor doubling during the week. Is there a better
time for the FSFE's President to go to this country? At the annual conference
of the Turkish GNU/Linux Users Association in Istanbul Karsten Gerloff talked
about the relationship between technology and power, and made it to the front
page of a national newspaper by mentioning who sold the software to block the
internet. Karsten wrote a <a
href="https://blogs.fsfe.org/gerloff/2014/04/29/interesting-times-speaking-about-free-software-in-istanbul/">
summary of his talk and his journey in his blog</a>.</p>
<p>The talk would not have happened without our Turkish volunteer Nermin Canik,
who encouraged us to attend the conference. Nermin has been working steadily
and reliably as a volunteer for a couple of years now. Together with other
volunteers she organised <a
href="http://documentfreedom.org/events/events.html">Document Freedom Day</a>
(DFD) events in Turkey. This year, although as mentioned above it was a hard
time for people in Turkey who care about freedom, they accomplished 7 events in
Istanbul, Ankara, Çayırova, Denizli, and Adana.</p>
<p>Have a look at the <a
href="http://documentfreedom.org/news/2014/news-20140424-01.html">Document
Freedom Day 2014 Report</a> to find out what happened in Turkey and around the
world during that day. The report includes lots of pictures ranging from
children celebrating DFD at school, the new leaflets, comic, and t-shirts, as
well as the very delicious looking cakes. Thanks to our Turkish <a
href="/contribute/translators/translators.html">translator</a>
Tahir Emre and our leaving intern Matti Lammi the report and the whole DFD
website are also available in Turkish and Finnish.</p>
<h2>Something completely different</h2>
<ul>
<li>The German association <a href="https://www.teckids.org/">Teckids e.V.</a>
offers workshops for 10 to 16 year olds to build robots with different sensors
(light, sound, or ultrasonic) and program them to do cool things by using Free
Software. Your editor was delighted to see that in those workshops <a
href="https://blogs.fsfe.org/mk/teenagers-teach-how-to-program-robots-with-free-software/">teenagers
teach other teenagers how to tinker with Free Software</a>. More news about
education are covered by Guido Arnold in the <a
href="https://blogs.fsfe.org/guido/2014/04/free-software-in-education-news-march/">Free
Software education news</a>.</li>
<li>News from the public administration: <a
href="https://joinup.ec.europa.eu/community/osor/news/galicia-recommends-use-open-document-format">The
government of Galicia recommends use of Open Document Format</a> and a <a
href="https://joinup.ec.europa.eu/community/news/swiss-school-invests-open-source-savings-education">school
in Villmergen/Switzerland is satisfied with Free Software</a> as they can now
invest more money in education.</li>
<li>143 of the politicians newly elected in France's municipal elections have
pledged their support for Free Software. They all <a
href="https://joinup.ec.europa.eu/community/news/143-french-politicians-pledge-support-free-software">signed
the Free Software Pact by the French Free Software organisation April</a>. The
FSFE congratulates them for the good job. Please notice that this month's "Get Active"
item, always at the end of the newsletter, is also about the Free Software
Pact and how you can help us.</li>
<li>From the <a href="https://planet.fsfe.org">planet aggregation</a>: </li>
<ul>
<li>Ghostery is an browser extension supposed to help users against tracking
and surveillance on the web. <a
href="http://hroy.eu/notes/avoid_ghostery-proprietary/">But as Hugo Roy
reports</a>, the problem is that Ghostery is not released as Free
Software.</li>
<li>Guido Günther reports from <a
href="http://honk.sigxcpu.org/con/Bits_from_the_7th_Debian_groupware_meeting.html">the
7th Debian groupware meeting</a> at the Linuxhotel including why the
participants, of whom all but one are FSFE Fellows, took the decision to remove
iceowl (calendar) or what they did with icedove (e-mail).</li>
<li>Our Fellow Number 1, wrote about <a
href="https://blogs.fsfe.org/mario/?p=205">KDE e.V., families at Free Software
meetings, especially at the meetings in Randa Switzerland</a>, and he <a
href="https://blogs.fsfe.org/mario/?p=224">made some proposals for future KDE
releases</a>.</li>
<li>Karl Beecher explains <a
href="http://computerfloss.com/2014/04/chapter-0-programmers-start-counting-zero-2/">why
Programmers Start Counting at Zero</a>.</li>
<li>Carsten Agger gave a <a
href="https://blogs.fsfe.org/agger/2014/04/10/speaking-about-open-data-and-hacktivism/">talk
about Open Data and Hacktivism at the hackerspace in Aarhus</a>. He also
participated at the first International Festival for Technoshamanism. <a
href="https://blogs.fsfe.org/agger/2014/04/18/participating-in-the-1st-international-festival-for-technoshamanism/">He
explains what Technoshamanism is</a>, what it has to do with Free Software, and
<a
href="https://blogs.fsfe.org/agger/2014/04/25/opening-the-1st-international-festival-of-technoshamanism/">reports
from the first day</a>.</li>
<li>Hugo Roy takes a look at the GNU GPL in a javascript outliner: <a
href="http://hroy.eu/posts/gpl-js-bs/">"GNU GPL, JS and BS"</a> and he wrote
about <a href="http://hroy.eu/posts/innovation-policy/">Innovation policy and
Internet liability in courts–beyond advertising</a> with the conclusion that
"we need to take back control of innovation and technology policy to foster
privacy and freedom; more than ever."</li>
<li>Konstantinos Boukouvalas wrote about <a
href="https://blogs.fsfe.org/boukouvalas/?p=546">the OSCAL conference in
Albania</a> (3-4 May) which is <a
href="https://joinup.ec.europa.eu/community/news/albania-youth-ministry-supports-open-source-meeting">supported
by Albania's Ministry of Youth and Social Welfare</a>. They keynote there was <a
href="http://oscal.openlabs.cc/speakers/">done by FSFE's Erik Albers</a>.</li>
<li>On a technical side: <a
href="https://blogs.fsfe.org/guido/2014/04/key-signing-with-caff/">Guido Arnold
explains the advantages of using caff for keysigning</a>, which is part of the
keysigning-party package on Debian based systems.</li>
<li>Kevin Keijzer's new bedroom is now <a
href="https://blogs.fsfe.org/the_unconventional/2014/03/29/my-new-bedroom-htpc-gigabyte-brix/">equipped
with a new Free Software computer</a> and he documented <a
href="https://blogs.fsfe.org/the_unconventional/2014/04/20/acer-c720-chromebook-debian-gnu-linux/">how
to install Debian GNU/Linux on the Acer C720 Chromebook</a>.</li>
<li>Jens Leuchtenbörger explains how to do <a
href="https://blogs.fsfe.org/jens.lechtenboerger/2014/04/05/certificate-pinning-for-gnulinux-and-android/">Certificate
Pinning for GNU/Linux and Android</a>.</li>
<li>When Daniel Pocock upgraded an Android device he "found out that Android betrays the tethering data", after he received a lot of feedback he
wrote a follow-up article because people justified the way mobile networks try to discriminate against tethering after his first blog entry. Also read <a
href="https://blogs.fsfe.org/pboddie/?p=769">Paul Boddie's comment about the
second article</a>.</li>
<li>Furthermore Daniel wrote about problems with SMS logins, how his AirBNB hosts wanted to scan his identity documents and passports, and the best
real-time communication (RTC / VoIP) softphone on the GNU/Linux
desktop.</li>
</ul>
</ul>
<h2>Get active: Make the Free Software Pact a success!</h2>
<p>As we <a href="/news/2014/news-20140304-01.html">wrote in March</a>,
candidates pledging for Free Software is a good way to take them at their word
after an election. In Future we can contact them whenever there will be EU
legislation to be passed that might endanger the existence or growth of Free
Software.</p>
<p>After FSFE's volunteers did a lot of translations for the pact, April now
published all necessary information on the <a
href="http://freesoftwarepact.eu/">Free Software pact website</a> so you can
get active.</p>
<p>In Italy our new intern Michele Marrali already contacted 51 candidates. He
searched for the candidates, used <a
href="https://blogs.fsfe.org/eal/2014/04/23/the-free-software-pact-for-the-european-elections-2014/">Erik's
template</a> (also <a
href="https://blogs.fsfe.org/eal/2014/04/23/der-freie-software-pakt-eu">available
in German</a>) to contact them, and afterwards noted on <a
href="https://public.pad.fsfe.org/p/freesoftwarepact-eu-candidates">our pad
whom he already contacted</a>. His goal is to contact every Italian candidate
and get them to sign the pact. So how many can you contact?</p>
<p>In case you do not have time to participate in this "hobby lobby
competition", consider to <a href="https://my.fsfe.org/donate">make a donation</a> so
we can offer the most active volunteers <a href="/order/order.html">some
rewards from our shop</a>.</p>
<p>Thanks to all the <a href="/contribute/contribute.html">volunteers</a>, <a href="https://my.fsfe.org/donate">Fellows</a> and
<a href="/donate/thankgnus.html">corporate donors</a> who enable our work,<br/>
<a href="/about/people/kirschner">Matthias Kirschner </a> - <a href="/">FSFE</a></p>
<!--/e-content-->
</body>
<sidebar promo="about-fsfe"><!--
<h3>FSFE News</h3>
<ul>
<li><a href="/news/">Press Releases</a></li>
<li><a href="/news/newsletter.html">Newsletters Archive</a></li>
<li><a href="/events/">Upcoming Events</a></li>
<li><a href="https://planet.fsfe.org/">Planet Blogs</a></li>
<li><a href="/contact/community.html">Free Software Discussions</a></li>
</ul>
--></sidebar>
<author id="kirschner" />
<date>
<original content="2014-05-04" />
</date>
<followup>donate</followup>
<tags>
<tag key="newsletter"/>
<tag key="security"/>
<tag key="dfd"/>
<tag key="ayc"/>
</tags>
</html>
<!--
Local Variables: ***
mode: xml ***
End: ***
-->