278 lines
14 KiB
HTML
278 lines
14 KiB
HTML
<?xml version="1.0" encoding="UTF-8" ?>
|
||
|
||
<html newsdate="2014-05-05" type="newsletter">
|
||
<head>
|
||
<title>FSFE Newsletter - May 2014</title>
|
||
</head>
|
||
|
||
<body class="newsletter article" microformats="h-entry" id="nl-201405">
|
||
<h1 class="p-name">FSFE Newsletter – May 2014</h1>
|
||
|
||
<div class="e-content">
|
||
|
||
<h2>Heartbleed and economic incentives</h2>
|
||
|
||
<p newsteaser="yes">You probably heard about the bug in the Free Software OpenSSL nicknamed
|
||
"heartbleed". <a href="https://fsfe.org/news/2014/news-20140424-01.en.html">The
|
||
FSFE already welcomed the industry initiative to fund critical Free Software
|
||
projects</a>, and the topic was discussed in several blog articles on the
|
||
planet: <a href="https://blogs.fsfe.org/samtuke/?p=718">Sam Tuke wrote about
|
||
his impression</a>, Hugo Roy <a
|
||
href="http://hroy.eu/notes/openssl-tragedy/">shared an XKCD comic explaining
|
||
how heartbleed works</a>, and Martin Gollowitzer wrote about <a
|
||
href="https://blogs.fsfe.org/gollo/2014/04/13/what-the-heartbleed-bug-revealed-to-me/">what
|
||
the Heartbleed bug revealed to him</a> about StartSSL certificate
|
||
authority.</p>
|
||
|
||
<p>But your editor is convinced that the main problem is not OpenSSL. It is not
|
||
Free Software. It is about companies not taking responsibilities and about
|
||
missing economic incentives to ensure security. Security expert <a
|
||
href="https://www.schneier.com/blog/archives/2006/06/economics_and_i_1.html">Bruce
|
||
Schneier wrote in 2006</a>:</p>
|
||
|
||
<blockquote><p>"We generally think of computer security as a problem of
|
||
technology, but often systems fail because of misplaced economic incentives:
|
||
The people who could protect a system are not the ones who suffer the costs of
|
||
failure."</p></blockquote>
|
||
|
||
<p>In a nutshell, if your private data is exposed because your health
|
||
insurance, where it is stored, did not take care to secure it, you suffer to a
|
||
much higher degree than the health insurance does! You are in no position to
|
||
pressure the health insurance to change its level of security, and they have no
|
||
economic incentive to do so. In the article Schneier further explains that the
|
||
liability for attacks is diffuse and that "the economic considerations of
|
||
security are more important than the technical considerations".</p>
|
||
|
||
<p>Following the argument, the important question we face is, how can we give
|
||
the right economic incentives to ensure that: security relevant software has
|
||
the proper funding; third parties are auditing code; more people are trained in
|
||
computer security; programmers have time for maintenance and are not forced to
|
||
just develop new features; we have a <a
|
||
href="https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations">diversity
|
||
of software</a> for different special purposes and therefor prevent <a
|
||
href="https://www.schneier.com/blog/archives/2014/04/dan_geer_on_hea.html">software
|
||
monocultures</a>; companies run secure software instead of just giving people a
|
||
good feeling by performing a security theatre or by delegating responsibility
|
||
to others (for example the government), so they can be blamed if there is a
|
||
problem, and that also the security interest of private users is fulfilled and
|
||
not just those of big cooperations.</p>
|
||
|
||
<p>In the FSFE we thought about how to give good economic incentives for Free
|
||
Software development from the beginning, and now we have to think more about
|
||
economic incentives to increase security. It is a difficult area, so we are
|
||
looking forward to your comments on this topic and invite you <a
|
||
href="/contact/community.html">to discuss it on our public mailing
|
||
lists</a>.</p>
|
||
|
||
<h2>Internet Censorship and Open Standards</h2>
|
||
|
||
<p>Local elections scheduled across the country for the following day, the
|
||
government blocking both YouTube and Twitter, and the usage numbers of the Free
|
||
Software anonymity software Tor doubling during the week. Is there a better
|
||
time for the FSFE's President to go to this country? At the annual conference
|
||
of the Turkish GNU/Linux Users Association in Istanbul Karsten Gerloff talked
|
||
about the relationship between technology and power, and made it to the front
|
||
page of a national newspaper by mentioning who sold the software to block the
|
||
internet. Karsten wrote a <a
|
||
href="https://blogs.fsfe.org/gerloff/2014/04/29/interesting-times-speaking-about-free-software-in-istanbul/">
|
||
summary of his talk and his journey in his blog</a>.</p>
|
||
|
||
<p>The talk would not have happened without our Turkish volunteer Nermin Canik,
|
||
who encouraged us to attend the conference. Nermin has been working steadily
|
||
and reliably as a volunteer for a couple of years now. Together with other
|
||
volunteers she organised <a
|
||
href="http://documentfreedom.org/events/events.html">Document Freedom Day</a>
|
||
(DFD) events in Turkey. This year, although as mentioned above it was a hard
|
||
time for people in Turkey who care about freedom, they accomplished 7 events in
|
||
Istanbul, Ankara, Çayırova, Denizli, and Adana.</p>
|
||
|
||
<p>Have a look at the <a
|
||
href="http://documentfreedom.org/news/2014/news-20140424-01.html">Document
|
||
Freedom Day 2014 Report</a> to find out what happened in Turkey and around the
|
||
world during that day. The report includes lots of pictures ranging from
|
||
children celebrating DFD at school, the new leaflets, comic, and t-shirts, as
|
||
well as the very delicious looking cakes. Thanks to our Turkish <a
|
||
href="http://fsfe.org/contribute/translators/translators.html">translator</a>
|
||
Tahir Emre and our leaving intern Matti Lammi the report and the whole DFD
|
||
website are also available in Turkish and Finnish.</p>
|
||
|
||
<h2>Something completely different</h2>
|
||
|
||
<ul>
|
||
|
||
<li>The German association <a href="https://www.teckids.org/">Teckids e.V.</a>
|
||
offers workshops for 10 to 16 year olds to build robots with different sensors
|
||
(light, sound, or ultrasonic) and program them to do cool things by using Free
|
||
Software. Your editor was delighted to see that in those workshops <a
|
||
href="https://blogs.fsfe.org/mk/teenagers-teach-how-to-program-robots-with-free-software/">teenagers
|
||
teach other teenagers how to tinker with Free Software</a>. More news about
|
||
education are covered by Guido Arnold in the <a
|
||
href="https://blogs.fsfe.org/guido/2014/04/free-software-in-education-news-march/">Free
|
||
Software education news</a>.</li>
|
||
|
||
<li>News from the public administration: <a
|
||
href="https://joinup.ec.europa.eu/community/osor/news/galicia-recommends-use-open-document-format">The
|
||
government of Galicia recommends use of Open Document Format</a> and a <a
|
||
href="https://joinup.ec.europa.eu/community/news/swiss-school-invests-open-source-savings-education">school
|
||
in Villmergen/Switzerland is satisfied with Free Software</a> as they can now
|
||
invest more money in education.</li>
|
||
|
||
<li>143 of the politicians newly elected in France's municipal elections have
|
||
pledged their support for Free Software. They all <a
|
||
href="https://joinup.ec.europa.eu/community/news/143-french-politicians-pledge-support-free-software">signed
|
||
the Free Software Pact by the French Free Software organisation April</a>. The
|
||
FSFE congratulates them for the good job. Please notice that this month's "Get Active"
|
||
item, always at the end of the newsletter, is also about the Free Software
|
||
Pact and how you can help us.</li>
|
||
|
||
<li>From the <a href="http://planet.fsfe.org">planet aggregation</a>: </li>
|
||
|
||
<ul>
|
||
|
||
<li>Ghostery is an browser extension supposed to help users against tracking
|
||
and surveillance on the web. <a
|
||
href="http://hroy.eu/notes/avoid_ghostery-proprietary/">But as Hugo Roy
|
||
reports</a>, the problem is that Ghostery is not released as Free
|
||
Software.</li>
|
||
|
||
<li>Guido Günther reports from <a
|
||
href="http://honk.sigxcpu.org/con/Bits_from_the_7th_Debian_groupware_meeting.html">the
|
||
7th Debian groupware meeting</a> at the Linuxhotel including why the
|
||
participants, of whom all but one are FSFE Fellows, took the decision to remove
|
||
iceowl (calendar) or what they did with icedove (e-mail).</li>
|
||
|
||
<li>Our Fellow Number 1, wrote about <a
|
||
href="https://blogs.fsfe.org/mario/?p=205">KDE e.V., families at Free Software
|
||
meetings, especially at the meetings in Randa Switzerland</a>, and he <a
|
||
href="https://blogs.fsfe.org/mario/?p=224">made some proposals for future KDE
|
||
releases</a>.</li>
|
||
|
||
<li>Karl Beecher explains <a
|
||
href="http://computerfloss.com/2014/04/chapter-0-programmers-start-counting-zero-2/">why
|
||
Programmers Start Counting at Zero</a>.</li>
|
||
|
||
<li>Carsten Agger gave a <a
|
||
href="https://blogs.fsfe.org/agger/2014/04/10/speaking-about-open-data-and-hacktivism/">talk
|
||
about Open Data and Hacktivism at the hackerspace in Aarhus</a>. He also
|
||
participated at the first International Festival for Technoshamanism. <a
|
||
href="https://blogs.fsfe.org/agger/2014/04/18/participating-in-the-1st-international-festival-for-technoshamanism/">He
|
||
explains what Technoshamanism is</a>, what it has to do with Free Software, and
|
||
<a
|
||
href="https://blogs.fsfe.org/agger/2014/04/25/opening-the-1st-international-festival-of-technoshamanism/">reports
|
||
from the first day</a>.</li>
|
||
|
||
<li>Hugo Roy takes a look at the GNU GPL in a javascript outliner: <a
|
||
href="http://hroy.eu/posts/gpl-js-bs/">"GNU GPL, JS and BS"</a> and he wrote
|
||
about <a href="http://hroy.eu/posts/innovation-policy/">Innovation policy and
|
||
Internet liability in courts–beyond advertising</a> with the conclusion that
|
||
"we need to take back control of innovation and technology policy to foster
|
||
privacy and freedom; more than ever."</li>
|
||
|
||
<li>Konstantinos Boukouvalas wrote about <a
|
||
href="https://blogs.fsfe.org/boukouvalas/?p=546">the OSCAL conference in
|
||
Albania</a> (3-4 May) which is <a
|
||
href="https://joinup.ec.europa.eu/community/news/albania-youth-ministry-supports-open-source-meeting">supported
|
||
by Albania's Ministry of Youth and Social Welfare</a>. They keynote there was <a
|
||
href="http://oscal.openlabs.cc/speakers/">done by FSFE's Erik Albers</a>.</li>
|
||
|
||
<li>On a technical side: <a
|
||
href="https://blogs.fsfe.org/guido/2014/04/key-signing-with-caff/">Guido Arnold
|
||
explains the advantages of using caff for keysigning</a>, which is part of the
|
||
keysigning-party package on Debian based systems.</li>
|
||
|
||
<li>Kevin Keijzer's new bedroom is now <a
|
||
href="https://blogs.fsfe.org/the_unconventional/2014/03/29/my-new-bedroom-htpc-gigabyte-brix/">equipped
|
||
with a new Free Software computer</a> and he documented <a
|
||
href="https://blogs.fsfe.org/the_unconventional/2014/04/20/acer-c720-chromebook-debian-gnu-linux/">how
|
||
to install Debian GNU/Linux on the Acer C720 Chromebook</a>.</li>
|
||
|
||
<li>Jens Leuchtenbörger explains how to do <a
|
||
href="https://blogs.fsfe.org/jens.lechtenboerger/2014/04/05/certificate-pinning-for-gnulinux-and-android/">Certificate
|
||
Pinning for GNU/Linux and Android</a>.</li>
|
||
|
||
<li>When Daniel Pocock upgraded an Android device he <a
|
||
href="http://danielpocock.com/android-betrays-tethering-data">"found out that
|
||
Android betrays the tethering data"</a>, after he received a lot of feedback he
|
||
wrote <a href="http://danielpocock.com/tethering-and-petrol-charges">a
|
||
follow-up article because people justified the way mobile networks try to
|
||
discriminate against tethering</a> after his first blog entry. Also read <a
|
||
href="https://blogs.fsfe.org/pboddie/?p=769">Paul Boddie's comment about the
|
||
second article</a>.</li>
|
||
|
||
<li>Furthermore Daniel wrote about <a
|
||
href="http://danielpocock.com/sms-logins-an-illusion-of-security">problems with
|
||
SMS logins</a>, <a
|
||
href="http://danielpocock.com/airbnb-hosts-scanning-copying-passports">how his
|
||
AirBNB hosts wanted to scan his identity documents and passports</a>, and <a
|
||
href="http://danielpocock.com/best-rtc-voip-softphone-linux-desktop">the best
|
||
real-time communication (RTC / VoIP) softphone on the GNU/Linux
|
||
desktop</a>.</li>
|
||
|
||
</ul>
|
||
|
||
</ul>
|
||
|
||
<h2>Get active: Make the Free Software Pact a success!</h2>
|
||
|
||
<p>As we <a href="/news/2014/news-20140304-01.html">wrote in March</a>,
|
||
candidates pledging for Free Software is a good way to take them at their word
|
||
after an election. In Future we can contact them whenever there will be EU
|
||
legislation to be passed that might endanger the existence or growth of Free
|
||
Software.</p>
|
||
|
||
<p>After FSFE's volunteers did a lot of translations for the pact, April now
|
||
published all necessary information on the <a
|
||
href="http://freesoftwarepact.eu/">Free Software pact website</a> so you can
|
||
get active.</p>
|
||
|
||
<p>In Italy our new intern Michele Marrali already contacted 51 candidates. He
|
||
searched for the candidates, used <a
|
||
href="https://blogs.fsfe.org/eal/2014/04/23/the-free-software-pact-for-the-european-elections-2014/">Erik's
|
||
template</a> (also <a
|
||
href="https://blogs.fsfe.org/eal/2014/04/23/der-freie-software-pakt-eu">available
|
||
in German</a>) to contact them, and afterwards noted on <a
|
||
href="https://public.pad.fsfe.org/p/freesoftwarepact-eu-candidates">our pad
|
||
whom he already contacted</a>. His goal is to contact every Italian candidate
|
||
and get them to sign the pact. So how many can you contact?</p>
|
||
|
||
<p>In case you do not have time to participate in this "hobby lobby
|
||
competition", consider to <a href="/donate/donate.html">make a donation</a> so
|
||
we can offer the most active volunteers <a href="/order/order.html">some
|
||
rewards from our shop</a>.</p>
|
||
|
||
<p>Thanks to all the <a href="/contribute/contribute.html">volunteers</a>, <a href="http://fellowship.fsfe.org/join">Fellows</a> and
|
||
<a href="/donate/thankgnus.html">corporate donors</a> who enable our work,<br/>
|
||
<a href="/about/kirschner">Matthias Kirschner </a> - <a href="http://www.fsfe.org">FSFE</a></p>
|
||
</div>
|
||
<!--/e-content-->
|
||
|
||
</body>
|
||
<sidebar promo="about-fsfe"><!--
|
||
<h3>FSFE News</h3>
|
||
<ul>
|
||
<li><a href="/news/">Press Releases</a></li>
|
||
<li><a href="/news/newsletter.html">Newsletters Archive</a></li>
|
||
<li><a href="/events/">Upcoming Events</a></li>
|
||
<li><a href="http://planet.fsfe.org/">Planet Blogs</a></li>
|
||
<li><a href="/contact/community.html">Free Software Discussions</a></li>
|
||
</ul>
|
||
--></sidebar>
|
||
<author id="kirschner" />
|
||
<date>
|
||
<original content="2014-05-04" />
|
||
</date>
|
||
<followup>donate</followup>
|
||
<tags>
|
||
<tag>newsletter</tag>
|
||
<tag>Heartbleed</tag>
|
||
<tag>DFD</tag>
|
||
<tag>AskYourCandidates</tag>
|
||
</tags>
|
||
|
||
</html>
|
||
<!--
|
||
Local Variables: ***
|
||
mode: xml ***
|
||
End: ***
|
||
-->
|