Hi everyone,
I wanted to point you to this open internship position at the FSFE:
https://fsfe.org/news/2017/news-20170811-01.en.html
As you know, when the FSFE was founded, we put together a document
describing our self conception. That was 16 years ago, and while I
believe it to still be relevant, we'll be looking at making a new
committment towards a revised organisational identity later this year.
As a part of this work, we're looking for an intern to support the
process for 3-6 months, working closely with me and others in the
FSFE on analysing how the different groups within and outside of the
FSFE perceive the organisation's identity, which will then work
towards understanding how aligned they are, and supporting a
renewed committment towards a self conception.
We've already started the work, and will be looking for someone who
could jump on board quite soon indeed, so don't wait to send this
to someone you think might be interested! Work description and other
application details on the page above.
Sincerely,
--
Jonas Öberg, Executive Director
Free Software Foundation Europe | jonas(a)fsfe.org
Your support enables our work (fsfe.org/join)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Just wanted to pass this along from the FSF on this side of the pond in
case you haven't seen it yet:
https://www.fsf.org/blogs/licensing/support-the-talos-ii-a-candidate-for-re…
- --
Timothy Pearson
Raptor Engineering
+1 (415) 727-8645 (direct line)
+1 (512) 690-0200 (switchboard)
https://www.raptorengineering.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJZuEx+AAoJEK+E3vEXDOFbEI4H/ii1wPQbq6xhZF0F5hcS3Kfi
03oE0E1Xaj5IV2FM30sExO/Lf8I5jl+VQnVdrsiCoIIqBev4DcfxA/vfJ4SUY24y
hmbwzafi8g2zffaLSICIChiAEEcDHlaQniTU4S6wxNWv4RyIUrkEYvqUvwRNnpUv
g69V8VxYUqcjnHtZVpu9gwAmPgc1TXNW508i4fnMP3EHX1DEmW5pBLmRvPvGsRor
9th3F/ezacfqkPlkuWmL2YLb7wRvTzTJw6CMXInpKDyK+kQCMvL3Tgyp2HFZcCm7
skpS+uconvRQhpp/InVYYCh/e6CrHznpxyEhvug0elX0lZDpqvmv1Hv0sTY3mEU=
=WEgY
-----END PGP SIGNATURE-----
Hey everyone,
I received a request to add Doteveryone [1] to our list of supporting
organizations for Public Code, however I'm not sure if they are truly an
NGO like the other organisations on our list.
They are a registered charity, however I'm not sure what that entails so
I wanted to ask if anyone who knows a lot about the UK could pitch in
with some information (I CC'd Daniel so maybe he can forward this mail).
After I asked Catherine this:
> could you write a few words about how your organisation relates to Free Software and Open
> Source? I'm unfamiliar with your organisation and not sure if will fit with our campaign.
She replied:
> Doteveryone is a thinktank fighting for a fairer internet. We want to ensure that people and society benefit from technology in a fair and responsible way. Our Responsible Tech work is around how technology development - in public and private sectors - can be done ethically and thoughtfully, with appropriate business models which reflect the values of those involved directly or otherwise. The Public Code declaration is perfectly aligned with this. As an example, last year we worked on technologies for end of life care [2] within the UK health system, and the importance of open source (and open standards) to avoid vendor lockin and exploitative pricing in software used in the NHS was part of our commissioning recommendations. [3]
I'm concerned about their commitment to Free Software, should I still
add them?
Best regards,
Jonke
[1] https://doteveryone.org.uk/
[2] https://projects.doteveryone.org.uk/improvingcare/index.html
[3]
https://projects.doteveryone.org.uk/improvingcare/pages/commissioning.html
Hello all,
I thought you might be interested in that blog post:
http://k7r.eu/2-percent-discussion-free-software-or-open-source-software/
Scott Peterson from Red Hat this week published an article "Open
Source or Free Software". It touches on a very important
misunderstanding; people still believe that the terms "Open Source
Software" and "Free Software" are referring to different software:
they are not! Scott asked several interesting questions in his article
and I thought I share my thoughts about them here and hopefully
provoke some more responses on an important topic.
Would be interested in your views.
Regards,
Matthias
--
Matthias Kirschner - President - Free Software Foundation Europe
Schönhauser Allee 6/7, 10119 Berlin, Germany | t +49-30-27595290
Registered at Amtsgericht Hamburg, VR 17030 | (fsfe.org/join)
Contact (fsfe.org/about/kirschner) - Weblog (k7r.eu/blog.html)
As on Wednesday a committee in Munich decided to do the Windows Munich
Migration Project (let's call that "WiMue" for short in future ;) ) I
thought you might be interested in this LWN article about my talk on the
migration in Munich, which I gave at the Open Source Summit in Prague.
https://lwn.net/SubscriberLink/737818/5b7cd538561e8a06/
This does not cover the latest news from this week. But our German team
is working on that. A rough English translation of the quick comment
which Florian Snow (Deputy German Coordinator) and I worked on this is:
EU wide politicians recognise the importance of Free Software for the
modernisation of the state. The German land Schleswig-Holstein
established the migration to Free Software in the coalation agreement
and in the [Tallinn Declaration 32
EU-Ministers](https://fsfe.org/news/2017/news-20171109-01.html),
responsible for egovernment, called to push for Free Software].
But Munich in an intransparent process Munich drifts in the opposite
direction. Instead of focusing on the organisations problems --
identified by studies commissioned by the city itself -- the mayor
Dieter Reiter starts this project. With this red herring he present
this to his new head of IT, who will start early 2019, as a fait
accompli. The WiMue project (Windows in Munich) will paralyse the city
administration for years with the public servants and the citizien in
Munich suffering from this.
As always the comments on LWN are also interesting. I especially like
this one:
"The title lured me into reading what I thought would be a religious
article or some kind of flamewar. But then I found myself reading all
this common sense. Very disappointed, I want my money back! :-)"
Best Regards,
Matthias
--
Matthias Kirschner - President - Free Software Foundation Europe
Schönhauser Allee 6/7, 10119 Berlin, Germany | t +49-30-27595290
Registered at Amtsgericht Hamburg, VR 17030 | (fsfe.org/join)
Contact (fsfe.org/about/kirschner) - Weblog (k7r.eu/blog.html)
Dear list,
some news portals already picked it up and every FSFE supporter received a
message about it in his inbox: today in the morning we launched a new campaign
"Public Money Public Code".
For the campaign we published an open letter [1] together with 31
organisations in which we call for lawmakers to make it mandatory to publish
all publicly financed software under a Free Software licence. Among the
initial signatories are CCC, EDRi, KDE, Open Knowledge Foundation Germany,
openSUSE, Open Source Business Alliance, Open Source Initiative, The Document
Foundation, Wikimedia Deutschland, as well as several others.
Prominent support we also got from Edward Snowden, who says: "Right now, the
blueprints for much of our most critical public infrastructure are simply
unavailable to the public. By aligning public funding with a Free Software
requirement -- "Free" referring to public code availability, not cost -- we
can find and fix flaws before they are used to turn the lights out in the next
hospital."
You find the whole press-release here:
https://fsfe.org/news/2017/news-20170913-01.en.html
Now it is up to you! Please help and join us by signing this letter and ask
your friends and colleagues to do likewise:
https://publiccode.eu/#action
Why is this important? Public institutions spend millions of euros every year
for the development of new software for them. But the public sector's
procurement choices play a significant role in determining which companies are
allowed to compete and what software is supported with taxpayers' money. This
means, that changing policies in public procurement will have a huge positive
impact on the Free Software community.
The open letter will be sent to candidates for the current German Parliament
election and, during the coming months, until the 2019 EU parliament
elections, to other representatives of the EU and EU member states.
Since it is our public money, it should be our public code as well!
This mail can and shall be copied and forwarded.
Best regards,
Erik
[1] https://publiccode.eu/openletter/
--
No one shall ever be forced to use non-free software
Erik Albers | Communication & Community Coordinator | FSFE
OpenPGP Key-ID: 0x8639DC81 on keys.gnupg.net
Hi!
I think it was not a good idea at all to change the "Join the ..." to "Become a supporter".
My point is that "being a member" of something (even if just an associate one) suggests a much stronger bound than being just a "supporter". So I think using phrases as "Join the FSFE", "become a(n associate) member" etc is way more compelling for most of the people.
In my view "supporter" is someone outside of the circle while "any-kind-of member" is someone who is inside of the circle. So I do believe demoting "fellowship members" to mere "supporters" made this status too cold and less compelling.
I think FSF is doing this much better. If you visit fsf.org this time of the year you immediately run into a very encouraging and inviting banner about joining them.
I really miss this inviting spirit from fsfe.org.
(Also, why is no similar banner on fsfe.org in the last two months of every year?)
I think recruiting members and encouraging people to donate is important.
So it worth making extra efforts to doing it right.
What do you think?
Best,
Gergely
Hi all,
glad my glamorous title obtained your attention :-D
I'm joking about Black Friday, I'm _not_ joking about "CPU as a service"
since the issue I recently labeled in this ML as the "MINIX on ring -3
discovery" is not clear to at least one of my FSFE-pen-friends, I have be
more specific
also, please I would like to know if and eventually how FSFE will address
this kind of issues when talking with EU or local representatives about the
"Consumer rights and device sovereignty" policy goal for 2019
https://fsfe.org/activities/policy/eu/policy-goals/consumer-rights.en.html
considering what I'm going to show here, we should definitely extend the
device sovereignty to **all users**: public and private companies,
governments and all other institutions too, not only consumers (ouch!) :-O
...so please also remind EU and local representative that **(part of) their
(sorry: our) IT systems are also affected** by this serious issue
Executive summary
------------------
«One Ring to rule them all, One Ring to find them,
One Ring to bring them all and in the darkness bind them»
on all Intel processors sold after 2008 there's a running *proprietary*
variation of the not copyleft free software MINIX 3 (unknown version), MINIX
is running in "ring -3" [1]
now we have the proofs that:
1. **no** "user facing OS" operating system have final control of the x86
platform
2. between the "user facing OS" and the hardware there are at least 2 ½ OS
kernels (MINIX and UEFI)
3. these are proprietary and very likely exploit-friendly
4. the exploits can persist, i.e. be written to FLASH, and you can't fix that
5. the user have _no access_ to the MINIX running in ring -3
MINIX is running on three separate x86 cores on modern chips, on that OS are
running:
1. TCP/IP networking stacks (4 and 6)
2. File systems
3. Drivers (disk, net, USB, mouse)
4. Web servers
please **do not** consider this kind of issues specific to a single brand of
CPUs, since we still do not have proofs but the development path is the very
same
*** Are you scared yet? If you're not scared yet, maybe I didn't explain it
very well, because I sure am scared. *** (Ronald Minnich)
The not so short story
-----------------------
the fact: on Wednesday, October 25 2017 Ronald Minnich from Google told the
world about this:
«With the WikiLeaks release of the vault7 material, the security of the UEFI
(Unified Extensible Firmware Interface) firmware used in most PCs and
laptops is once again a concern. UEFI is a proprietary and closed-source
operating system, with a codebase almost as large as the Linux kernel, that
runs when the system is powered on and continues to run after it boots the
OS (hence its designation as a “Ring -2 hypervisor"). It is a great place to
hide exploits since it never stops running, and these exploits are
undetectable by kernels and programs.»
this article presents a short version of the story:
http://www.zdnet.com/article/minix-intels-hidden-in-chip-operating-system/
I used this for my executive summary ;-)
the issue is **not** new (known since 2016, at least) and presented many
times also in FSF/FSFE "circles", eg. here
https://www.fsf.org/blogs/licensing/intel-me-and-why-we-should-get-rid-of-me
and here https://lists.fsfe.org/pipermail/discussion/2016-April/010912.html
EFF and Matthew Garrett where more specific about the nature of the issue on
May 8 2017 here
https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-haz…
and here
https://mjg59.dreamwidth.org/48429.html
so: what's new now?!?
since October 25 (save the date!) what **is** new is that we have a
scientific proof of the real nature of this _mess_
...and we know that Google *is* _desperately_ trying to get rid of this
issue from their systems *but* they are failing to fully do this
please enjoy the full Garrett's talk in this video
https://www.youtube.com/watch?v=iffTJ1vPCSo
he said: "always use coreboot if you can, but if you are stuck with a situation..."
(29:21 of the video) ... libreboot is maybe better, IMHO
so, ladies and gentlemen I'll introduce you "CPU as a service"
do we have to accept an EULA?!?
ciao
Giovanni
[1] https://en.wikipedia.org/wiki/Protection_ring
what the hell is ring -3 ?!?! who "invented" it?
where is it documented?
should we expect to see "ring -9" in the future?
how we could even allow anyone in the world to implement such a
perverted environment?
--
Giovanni Biscuolo
Xelera - IT infrastructures
http://xelera.eu/contact-us/
**per favore** Quota Bene: http://wiki.news.nic.it/QuotarBene
**please** use Inline Reply: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
Hi Gergely,
# Gergely Székely [2017-11-30 16:26 +0100]:
> I think it was not a good idea at all to change the "Join the ..." to
> "Become a supporter".
>
> My point is that "being a member" of something (even if just an
> associate one) suggests a much stronger bound than being just a
> "supporter". So I think using phrases as "Join the FSFE", "become a(n
> associate) member" etc is way more compelling for most of the people.
I concur with your point that "joining" is a stronger word than
"supporting". However, as our news item already states [1], it is
necessary because it caused a lot of confusion.
"Joining" implies that an individual becomes a member of an
organisation, and in the FSFE's case this also includes the rights
(voting rights) and obligations (time, in some cases money) [2].
However, this is not the case with our supporters programme (formerly
"Fellowship"), and we don't want to misguide interested people just to
get them to sign up.
But! We don't want to lock down the way into the GA, quite the opposite.
At the last GA meeting we decided to draft a possible path and structure
to increase the membership base and the necessary transparency to join
the association. This way we want to invite motivated and active
volunteers to join the decision making processes and shape the
organisation while continuing to offer a more passive way of support
through our supporter programme.
Again, I agree that the recently changed wording is not ideal for
fundraising but transparency is more important to us than the few
financial contributors we might miss to convince by that :)
I hope I was able to clarify things a bit!
Best,
Max
[1] https://fsfe.org/news/2017/news-20171116-01.html
[2] In our case members are members of the Free Software Foundation
Europe e.V.'s General Assembly: https://wiki.fsfe.org/Teams/GA
--
Max Mehl - Program Manager - Free Software Foundation Europe
Contact and further information: https://fsfe.org/about/mehl
Support advocacy for Free Software: https://fsfe.org/donate
Hi all,
I just discovered this study from "Freedom to tinker" [1] that clearly shows
clinic evidence of psychotic disorders by few web market operators who
pretend to track every single bit of users data with a new "technology"
called "session replay scripts":
«These scripts record your keystrokes, mouse movements, and scrolling
behavior, along with the entire contents of the pages you visit, and send
them to third-party servers. Unlike typical analytics services that provide
aggregate statistics, these scripts are intended for the recording and
playback of individual browsing sessions, as if someone is looking over your
shoulder.»
in some cases passwords are included in session recordings
I'm always astonished by the fantasy _and_ resources some group of people
is willing to invest to try to control users
apart from the clinical evidences, this also clearly shows that GDPR [2] -
that I *really* appreciate - will be as easily circumvented as the European
Union's net-neutrality rules _are_ circumvented [3]; this is why I agree
with #youbroketheinternet [4] folks that _both_ "net neutrality" and "no
massive surveillance market" can be achieved with and _only_ with a GNU
Internet, aka a free Internet *by design* (please do _not_ consider the web
as the whole Internet, as some unfortunately tend to do)
my conviction is stronger after I read of another working paper [5]
co-authored from a Stanford senior fellow that shows that privacy tends to
take a backseat to convenience and can easily get tossed out the window for
a reward as simple as free pizza
please consider that I *suspect* that this state of mind is also valid if
you think about user data "leaked" from our computing devices, not "just"
the web
<joke>
I'm addicted to pizza and **they know* that! so if they promise to give me
a pizza I'll let them track any data they want about me without making any
question... where's my pizza?!? :-D
</joke>
ciao
Giovanni
[1] hosted by Princeton's Center for Information Technology Policy
[2] https://en.m.wikipedia.org/wiki/General_Data_Protection_Regulation
[3] http://www.businessinsider.com/net-neutrality-portugal-how-american-interne…
[4] http://youbroketheinternet.org/
[5] https://news.stanford.edu/2017/08/03/pizza-privacy-stanford-economist-exami…
--
Giovanni Biscuolo
Xelera - IT infrastructures
http://xelera.eu/contact-us/
**per favore** Quota Bene: http://wiki.news.nic.it/QuotarBene
**please** use Inline Reply: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style