Planet Debian

Subscribe to Planet Debian feed
Planet Debian -
Updated: 25 min 41 sec ago

Lucy Wayland: Diversity and Inclusion, Debian Redux

13 November, 2016 - 02:28
So, today at Cambridge MiniDebConf, I was scheduled to do a Birds of a Feather (BoF) about Diversity and Inclusion within Debian. I was expecting a handful of people in the breakout room. Instead it was a full blown workshop in the lecture theatre with me nominally facilitating. It went far, far better than I hoped (although a couple of other and myself people had to wrench us back on topic a few times). There were lots of good ideas, and productive friendly debate (although we were pretty much all coming from the same ball park). There are three points I have taken away from it (others may have different views):
  1. We are damned good at Inclusion, but have a long way to go on the Diversity (which is a problem of the entire tech sector).
  2. Debian is a social project as well as a technical one – our immediately accessible documentation does not reflect this.
  3. We are currently too reactive and passive when it comes to social issues and getting people involved. It is essential that we become more proactive.

Combined with the recent Diversity drive from Debconf 2016, I really believe we can do this. Thank-you all you who attended, contributed, and approached me afterwards.

Andrew Cater: Debian MiniConf ARM Cambridge - post 5

12 November, 2016 - 23:37
Daniel Pocock finally getting Jitsi to work - us talking to Berkeley, CA.

He's just given a talk on OpenPGP / Clean Room ISO creation for creating keys / CA certs appropriately offline and keeping everything secure.

It's been a good day, but I'm feeling pretty bushed :)

Andrew Cater: Debian MiniConf ARM Cambridge 12/11/16 - Post 4

12 November, 2016 - 22:49
Now Daniel Pocock on RTC. Again, a few technical issues :(

Big thanks to the video folks who have been working hard: they couldn't get into this room until 1800 last night and spent until about 2000 fixing the cameras etc. They must be shattered.

Thanks for front desk: who also pointed out that the security staff in over the weekend are also volunteers.

Andrew Cater: MiniDebconf ARM 12/11/12 - post 3

12 November, 2016 - 21:22
A crazy presentation on amateur radio and dongles for SDR for which I was at least partially responsible which may well have inspired others and piqued their interest - but, if nothing else, it was a lot of fun.

KiwiSDR - there should be anything up to 200 deployed in the end worldwide - look for them on - all done on top of a Beaglebone running Debian.
Four users independently tuning the receiver from 0-30MHz
Lunch was sandwiches in the kitchen - much hilarity as the door appeared locked, folk were shut outside - and the door was open all the time.

A presentation / group discussion on diversity and on ways that we can improve the understanding of Debian

Andrew Cater: Debian Miniconf ARM Cambridge Day 3 12/11/16 - post 2

12 November, 2016 - 17:24
Steve Capper on Java.

Room quiet - lots of folk listening and typing simultaneously.

A couple of folk behind me are writing for later in the day.

Thanks to all for their help (and what is it with me and typing dates this week) :)

Andrew Cater: Debian MiniConf, ARM, Cambridge 11/11/16 - Day 3 post 1

12 November, 2016 - 16:50
It's raining cats and dogs in Cambridge.

Just listening to Lars Wirzenius - who shared an office with Linus Torvalds, owned the computer that first ran Linux, founded the Linux Documentation Project. Living history in more than one sense :)

Live streaming is also happening.

Building work is also happening - so there may be random noise happening occasionally.

Wouter Verhelst: New Toy: Nikon D7200

12 November, 2016 - 15:48

Last month, I was abroad with my trusty old camera, but without its SD cards. Since the old camera has an SD only slot, which does not accept SDHC (let alone SDXC) cards, I cannot use it with cards larger than 2GiB. Today, such cards are not being manufactured anymore. So, I found myself with a few options:

  1. Forget about the camera, just don't take any photos. Given the nature of the trip, I did not fancy this option.
  2. Go on eBay or some such, and find a second-hand 2GiB card.
  3. Find a local shop, and buy a new camera body.

While option 2 would have worked, the lack of certain features on my old camera had meant that I'd been wanting to buy a new camera body for a while, but it just hadn't happened yet; so I decided to go with option 3.

The Nikon D7200 is the latest model in the Nikon D7xxx series of cameras, a DX-format ("APS-C") camera that is still fairly advanced. Slightly cheaper than the D610, the cheapest full-frame Nikon camera (which I considered for a moment until I realized that two of my three lenses are DX-only lenses), it is packed with a similar amount of features. It can shoot photos at shutter speeds of 1/8000th of a second (twice as fast as my old camera), and its sensor can be set to ISO speeds of up to 102400 (64 times as much as the old one) -- although for the two modes beyond 25600, the sensor is switched to black-and-white only, since the amount of color available in such lighting conditions is very very low already.

A camera which is not only ten years more recent than the older one, but also is targeted at a more advanced user profile, took some getting used to at first. For instance, it took a few days until I had tamed the camera's autofocus system, which is much more advanced than the older one, so that it would focus on the things I wanted it to focus on, rather than just whatever object happens to be closest.

The camera shoots photos at up to twice the resolution in both dimensions (which combines to it having four times the amount of megapixels as the old body), which is not something I'm unhappy about. Also, it does turn out that a DX camera with a 24 megapixel sensor ends up taking photos with a digital resolution that is much higher than the optical resolution of my lenses, so I don't think more than 24 megapixels is going to be all that useful.

The builtin WiFi and NFC communication options are a nice touch, allowing me to use Nikon's app to take photos remotely, and see what's going through the lens while doing so. Additionally, the time-lapse functionality is something I've used already, and which I'm sure I'll be using again in the future.

The new camera is definitely a huge step forward from the old one, and while the price over there was a few hundred euros higher than it would have been here, I don't regret buying the new camera.

The result is nice, too:

All in all, I'm definitely happy with it.

Jonathan Dowland: Vinyl is killing Vinyl (but that's ok)

12 November, 2016 - 00:28

I started buying vinyl records about 16 years ago, but recently I've become a bit uncomfortable being identified as a "vinyl lover". The market is ascendant, with vinyl album sales growing for 8 consecutive years, at least in the UK. So why am I uncomfortable about it?

A quick word about audio fidelity/quality here. I don't subscribe to the school of thought that audio on vinyl is inherently better than digital audio, far from it. I'm aware of its limitations. For recordings that I love, I try to seek out the best quality version available, which is almost always digital. Some believe that vinyl is immune to the "loudness war" brickwall mastering plaguing some modern releases, but for some of the worst offenders (Depeche Mode's Playing The Angel; Red Hot Chili Pepper's Californication) I haven't found the vinyl masterings to sound any different.

16 years ago

Let's go back to why I started buying vinyl. Back when I started, the world was a very different place to what it is today. You could not buy most music in a digital form: it was 3 more years before the iTunes Store was opened, and it was Mac-only at first, and the music it sold was DRM-crippled for the first 5 or so years afterwards. The iPod had not been invented yet and there was no real market for personal music players. Minidiscs were still around, but Net-MD (the only sanctioned way to get digital music onto them from a computer) was terrible.

old-ish LPs

Buying vinyl 16 years ago was a way to access music that was otherwise much harder to reach. There were still plenty of albums, originally recorded and released before CDs, which either had not been re-issued digitally at all, or had been done so early, and badly. Since vinyl was not fashionable, the second hand market was pretty cheap. I bought quite a lot of stuff for pennies at markets and car boot sales.

Some music—such as b-sides and 12" mixes and other mixes prepared especially for the format—remains unavailable and uncollected on CD. (I'm a big fan of the B-side culture that existed prior to CDs. I might write more about that one day.)

10 years ago

modern-ish 7 inches

Fast forward to around 10 years ago. Ephemeral digital music is now much more common, the iPod and PMPs are well established. High-street music stores start to close down, including large chains like MOS, Our Price, and Virgin. Streaming hasn't particularly taken off yet, attempts to set up digital radio stations are fought by the large copyright owners. Vinyl is still not particularly fashionable, but it is still being produced, in particular for singles for up-and-coming bands in 7" format. You can buy a 7" single for between £1 and £4, getting the b-side with it. The b-side is often exclusive to the 7" release as an incentive to collectors. I was very prepared to punt £1-2 on a single from a group I was not particularly familiar with just to see what they were like. I discovered quite a lot of artists this way. One of the songs we played at our wedding was such an exclusive: a recording of the Zutons' covering Jackie Wilson's "Higher and Higher", originally broadcast once on Colin Murray's Evening Session radio show.


An indulgence

So, where are we now?

Vinyl album sales are a huge growth market. They are very fashionable. Many purchasers are younger people who are new to the format; it's believed many don't have the means to play the music on the discs. Many (most?) albums are now issued as 12" vinyl in parallel with digital releases. These are usually exactly the same product (track listing, mixes, etc.) and usually priced at exactly twice that of the CD (with digital prices normally a fraction under that).

The second hand market for 12" albums has inflated enormously. Gone are the bargains that could be had, a typical second hand LP is now priced quite close to the digital price for a popular/common album in most places.

The popularity of vinyl has caused a huge inflation in the price of most 7" singles, which average somewhere between £8-£10 each, often without any b-side whatsoever. The good news is—from my observations—the 2nd hand market for 7" singles hasn't been affected quite as much. I guess they are not as desirable to buyers.

The less said about Record Store Day, the better.

So, that's all quite frustrating. But most of the reasons I used to buy vinyl have gone away anyway. Many of the rushed-to-market CD masterings have been reworked and reissued, correcting the earlier problems. B-side compilations are much more common so there are far fewer obscure tracks or mixes, and when the transfer has been done right, you're getting those previously-obscure tracks in a much higher quality. Several businesses exist to sell 2nd hand CDs for rock bottom prices, so it's still possible to get popular music very cheaply.

The next thing to worry about is probably streaming services.

Chris Lamb: Awarded Core Infrastructure Initiative grant for Reproducible Builds

12 November, 2016 - 00:04

I'm delighted to announce that I have been awarded a grant from the Core Infrastructure Initiative (CII) to fund my previously-voluntary work on Reproducible Builds.

Whilst anyone can inspect the original source code of free software for malicious flaws, most GNU/Linux distributions provide pre-compiled software to end users. The motivation behind the Reproducible Builds effort is to allow verification that no flaws have been introduced — either maliciously or accidentally — during this compilation process by promising identical binary packages are always generated from a given source.

I'd like to sincerely thank the CII, not only for their material support but also for their recognition of my existing contributions. I am looking forward to working with my co-grantees towards fulfilling our shared goal.

Press release.

Andrew Cater: Debian Miniconf ARM Cambridge - 11/11/16 - Day 2

11 November, 2016 - 22:27
Lots of chatting at various points  - a couple of extra folk have joined us today.

I've been fighting UEFI network booting: found inconsistencies on various Wiki pages - then found that the laptop I was intending to boot was just too old to support UEFI properly. In the meantime, the person I was intending to help has moved on and hit something else ...

Release team have managed to hammer out a couple of points: various other progress from the video team. It's all going fairly well.

Lunch - and coffee - excellent once again.

Thanks to front desk folks - and ARM folks - who are tolerating the end of their working week being invaded by Debian folk.

Andrew Cater: Debian Miniconf ARM, Cambridge 10/11/16 - Post 4

11 November, 2016 - 05:46
As we left at about 1740, Wookey was still working on the Cubietruck I'd left him with but had made progress.

Dispersed to various pubs and eateries: we all ended up talking a great deal, much as last year. Tsk, tsk - you hardly see people for 20 years then you see the same people twice in two years :)

Though I didn't see that much of them through the day, thanks to Jo, Lucy and all who kept front desk running as ever and thanks to all the various ARM staff who were helpful with opening doors for the visitors and all the little things around administration - wifi access, badges and all that goes with hosting.

And why, O why, did I not notice that I'd subconsciously typed 10/11/12 not once but three times

Matthew Garrett: Tor, TPMs and service integrity attestation

11 November, 2016 - 03:48
One of the most powerful (and most scary) features of TPM-based measured boot is the ability for remote systems to request that clients attest to their boot state, allowing the remote system to determine whether the client has booted in the correct state. This involves each component in the boot process writing a hash of the next component into the TPM and logging it. When attestation is requested, the remote site gives the client a nonce and asks for an attestation, the client OS passes the nonce to the TPM and asks it to provide a signed copy of the hashes and the nonce and sends them (and the log) to the remote site. The remoteW site then replays the log to ensure it matches the signed hash values, and can examine the log to determine whether the system is trustworthy (whatever trustworthy means in this context).

When this was first proposed people were (justifiably!) scared that remote services would start refusing to work for users who weren't running (for instance) an approved version of Windows with a verifiable DRM stack. Various practical matters made this impossible. The first was that, until fairly recently, there was no way to demonstrate that the key used to sign the hashes actually came from a TPM[1], so anyone could simply generate a set of valid hashes, sign them with a random key and provide that. The second is that even if you have a signature from a TPM, you have no way of proving that it's from the TPM that the client booted with (you can MITM the request and either pass it to a client that did boot the appropriate OS or to an external TPM that you've plugged into your system after boot and then programmed appropriately). The third is that, well, systems and configurations vary so much that outside very controlled circumstances it's impossible to know what a "legitimate" set of hashes even is.

As a result, so far remote attestation has tended to be restricted to internal deployments. Some enterprises use it as part of their VPN login process, and we've been working on it at CoreOS to enable Kubernetes clusters to verify that workers are in a trustworthy state before running jobs on them. While useful, this isn't terribly exciting for most people. Can we do better?

Remote attestation has generally been thought of in terms of remote systems requiring that clients attest. But there's nothing that requires things to be done in that direction. There's nothing stopping clients from being able to request that a server attest to its state, allowing clients to make informed decisions about whether they should provide confidential data. But the problems that apply to clients apply equally well to servers. Let's work through them in reverse order.We have no idea what expected "good" values areYes, and this is a problem. CoreOS ships with an expected set of good values, and we had general agreement at the Linux Plumbers Conference that other distributions would start looking at what it would take to do the same. But how do we know that those values are themselves trustworthy? In an ideal world this would involve reproducible builds, allowing anybody to grab the source code for the OS, build it locally and verify that they have the same hashes.

Ok. So we're able to verify that the booted OS was good. But how about the services? The rkt container runtime supports measuring each container into the TPM, which means we can verify which container images were started. If container images are also built in such a way that they're reproducible, users can grab the source code, rebuild the container locally and again verify that it has the same hashes. Users can then be sure that the remote site is running the code they're looking at.

Or can they? Not really - a general purpose OS has all kinds of ways to inject code into containers, so an admin could simply replace the binaries inside the container after it's been measured, or ptrace() the server, or modify rkt so it generates correct measurements regardless of the image or, well, there's lots they could do. So a general purpose OS is probably a bad idea here. Instead, let's imagine an immutable OS that does nothing other than bring up networking and then reads a config file that tells it which container images to download and run. This reduces the amount of code that needs to support reproducible builds, making it easier for a client to verify that the source corresponds to the code the remote system is actually running.

Is this sufficient? Eh sadly no. Even if we know the valid values for the entire OS and every container, we don't know the legitimate values for the system firmware. Any modified firmware could tamper with the rest of the trust chain, making it possible for you to get valid OS values even if the OS has been subverted. This isn't a solved problem yet, and really requires hardware vendor support. Let's handwave this for now, or assert that we'll have some sidechannel for distributing valid firmware values.Avoiding TPM MITMingThis one's more interesting. If I ask the server to attest to its state, it can simply pass that through to a TPM running on another system that's running a trusted stack and happily serve me content from a compromised stack. Suboptimal. We need some way to tie the TPM identity and the service identity to each other.

Thankfully, we have one. Tor supports running services in the .onion TLD. The key used to identify the service to the Tor network is also used to create the "hostname" of the system. I wrote a pretty hacky implementation that generates that key on the TPM, tying the service identity to the TPM. You can ask the TPM to prove that it generated a key, and that allows you to tie both the key used to run the Tor service and the key used to sign the attestation hashes to the same TPM. You now know that the attestation values came from the same system that's running the service, and that means you know the TPM hasn't been MITMed.How do you know it's a TPM at all?This is much easier. See [1].

There's still various problems around this, including the fact that we don't have this immutable minimal container OS, that we don't have the infrastructure to ensure that container builds are reproducible, that we don't have any known good firmware values and that we don't have a mechanism for allowing a user to perform any of this validation. But these are all solvable, and it seems like an interesting project.

"Interesting" isn't necessarily the right metric, though. "Useful" is. And I think this is very useful. If I'm about to upload documents to a SecureDrop instance, it seems pretty important that I be able to verify that it is a SecureDrop instance rather than something pretending to be one. This gives us a mechanism.

The next few years seem likely to raise interest in ensuring that people have secure mechanisms to communicate. I'm not emotionally invested in this one, but if people have better ideas about how to solve this problem then this seems like a good time to talk about them.

[1] More modern TPMs have a certificate that chains from the TPM's root key back to the TPM manufacturer, so as long as you trust the TPM manufacturer to have kept control of that you can prove that the signature came from a real TPM


Andrew Cater: Debian Miniconf, ARM Cambridge 10/11/12 - post 3

11 November, 2016 - 00:31
Quiet room with occasional outbursts of talking. One of my problems with radio gear down to broken cable so that's OK-ish - I have spares.

And suddenly it's 1720 and we need to leave at about 1730.

2 x radio receivers tried: 2 x transmitters working ready for talk on Saturday.

Spare huge bag of cables appreciated by others - it's amazing how often you find someone else needs stuff :)

Ritesh Raj Sarraf: apt-offline 1.7.2 released

11 November, 2016 - 00:01

I am happy to announce the release of apt-offline 1.7.2. This has turned out in time for the next release of Debian, i.e. Debian Stretch.

A long standing cosmetic issue in CLI of the progress bar total item count has been fixed. There are also a bunch of other bug fixes, for which the specifics are present in the git logs.

Also, in this release, we've tried to catch-up on the Graphical Interface, adding the GUI equivalent of the features, that were added to apt-offline in the recent past.


In 1.7.1, we added the changelog option, and in this release, we've added the GUI equivalent of it.


The 'set' command had had many new options. So in this release the 'set' command's GUI has those options added.


I hope you like this release. Please test and file bug reports in time so that we have a bug free version for Debian Stretch.

Future tasks now will focus on porting the GUI to PyQt5 first and then apt-offline to Python3. Any help is welcome.

You can download apt-offline from the github page or the alioth page. For Debian users, the package will show up in the repository soon.

PS: What is apt-offline ?

Description: offline APT package manager
 apt-offline is an Offline APT Package Manager.
 apt-offline can fully update and upgrade an APT based distribution without
 connecting to the network, all of it transparent to APT.
 apt-offline can be used to generate a signature on a machine (with no network).
 This signature contains all download information required for the APT database
 system. This signature file can be used on another machine connected to the
 internet (which need not be a Debian box and can even be running windows) to
 download the updates.
 The downloaded data will contain all updates in a format understood by APT and
 this data can be used by apt-offline to update the non-networked machine.
 apt-offline can also fetch bug reports and make them available offline.
Categories: Keywords: Like: 

Andrew Cater: Debian Miniconf ARM, Cambridge 10/11/12 - post 2

10 November, 2016 - 21:05
Now about 30 people here: the video team are chasing down power leads and cables in readiness for the weekend.

One large open plan room with about 30 small quadrilateral tables - two make a hexagon. Very quiet for open plan: periodically the room falls completely silent - lots of developers quietly coding / reading screens.

Lunch was very good curry: ARM caterers feed us very well indeed :D

The radio I'm trying to program refuses to play with the software: the maintainer is at the back of the room and has offered to sort out a backport to Debian stable. Debian can occasionally seem like a dysfunctional family but it's good to be a member.

The Cubietruck I bought last year is sitting with another developer as I speak - he's going to try adding multiple disks for a RAID array on a machine that only draws 5W or so.

Andrew Cater: Day 1 - Debian Miniconf, ARM, Cambridge 10/11/12

10 November, 2016 - 16:51
More or less just getting going: there are eight of us here.

Release team are round one desk and a couple of others of us are on adjacent tables. Coffee is good, as ever :)

ARM very helpful as ever: they have been able to provide a disabled space for me though parking here is really, really tight

Russ Allbery: Some thoughts on the US elections

10 November, 2016 - 00:11

I apparently am not going to get anything done today until I write this. Some thoughts, in no particular order.

  • The most heart-breaking thing for me this morning, and last night, is the reactions from people I know who are not white, not male. Who are LGBT, or immigrants, or Muslim. They're hurt, and they're scared, and they feel like the United States just slammed the door in their faces.

    A lot of Trump supporters will be offended by this, or dismissive of it. A lot of Trump supporters don't feel like that was what the campaign was about at all. And I strongly believe that many, many people voted for Trump for reasons that have absolutely nothing to do with sexism or racism. But whether or not you believe Trump supported the alt-right, the alt-right supported Trump, and a lot of people are really scared this morning. That feeling is real.

    To all of those people, all I can say is this: the most meaningful inclusiveness is how we all treat each other on a day-to-day basis. How we, as individuals, act towards other individuals. Governments can change a lot of things that matter a great deal in terms of legal recognitions and legal protections, but they can't take away our individual determination to see each other as fellow humans and to treat every person with respect and open-hearted welcome.

    If you believe, as I do, in welcoming and supporting every single person, regardless of race, creed, gender, sexuality, or any other such distinction, now is a really good time to say so, and to act like it. To your friends, to your co-workers, to the people you meet in stores, to the people you see on the street. Whoever you voted for. People are scared. People are hurt. People need to hear that they're not alone, that the world didn't turn on them last night.

    As a well-off white man, a member of, supposedly, the winning demographic class of this election last night, I want to say to everyone in the US who is angry and scared and despairing today: I have your back. Nothing has changed for me. Nothing has changed in how I'm going to see you. To the extent that I can contribute to this, the US will continue to become more inclusive, more welcoming, and more supportive at the level of day-to-day interactions between all of us. Workplaces that have a true ethical committment to diversity will continue to support that. Multicultural, diverse cities that have welcomed everyone in all their wonderful variety will continue to do so.

    An election can cause a lot of damage. I'm scared too. But no matter what, I believe in tolerance, I believe in diversity, I believe love wins, and there are a lot of people out there like me. A lot. And we'll continue to act in accordance with those principles no matter what government is elected.

  • There is going to be a lot of ink spilled over the next few days dissecting this election, and a lot of theories put forward for why it went the way it did. A lot of that is going to come in the form of blaming people, and a lot of that analysis is going to be more of the same insider political horse race analysis. I think we should question that. Sharply.

    Going all the way back to the US primaries, and also looking at votes in other countries like Brexit in the UK, a much more foundational theme leaps out at me.

    The status quo is not working for people.

    Technocratic government by political elites is not working for people. Business as usual is not working for people. Minor tweaks to increasingly arcane systems is not working for people. People are feeling lost in bureaucracy, disaffected by elections that do not present a clear alternate vision, and depressed by a slow slide into increasingly dismal circumstances.

    Government is not doing what we want it to do for us. And people are getting left behind. The left in the United States (of which I'm part) has for many years been very concerned about the way blacks and other racial minorities are systematically pushed to the margins of our economy, and how women are pushed out of leadership roles. Those problems are real. But the loss of jobs in the industrial heartland, the inability of a white, rural, working-class man to support his family the way his father supported him, the collapse of once-vibrant communities into poverty and despair: those problems are real too.

    The status quo is not working for anyone except for a few lucky, highly-educated people on the coasts. People, honestly, like me, and like many of the other (primarily white and male) people who work in tech. We are one of the few beneficiaries of a system that is failing the vast majority of people in this country.

    I don't think right now is the best time to talk about the solutions I favor. For good or bad, the US just asked Trump to try his approach. We'll see how that goes. But I think it's very important to see how important this failure of our institutions and our economy was in the outcome of this election, and to see the echoes of that in Sanders's campaign on the Democratic side, and to think hard about what that means.

    This is something that unites us as a country. The status quo is not working for the vast majority of people in this country, whether black or white or Latinx, whether urban or rural, of any gender.

    Let me talk for a moment to the left in the US. The temptation in human psychology, when one is scared and angry, is to fall back on zero-sum thinking. To try to get back what we feel like was stolen from us by "those people." The left has been criticizing the right in the US for that type of thinking for years now. But you will see the same style of thinking on the left this morning because it's just human psychology. So here's the test. Do we really believe in inclusiveness and in finding a way to escape the zero-sum trap? If so, the way forward isn't to write off half the country as racist, or ignorant, or duped, or otherwise to react out of anger and create more divisions. It's to regroup and rebuild on top of something that unites us.

    The status quo isn't working. We all need something better than incremental tweaks of a broken system by elitist technocrats funded by inherited money and multinational corporations.

  • The result of this election was a huge surprise largely because the voices of a substantial portion of Americans were not heard by the polls. If you talk to those Americans, you will quickly find that they're unsurprised, because they don't feel heard by anything else in our society either.

    This sort of failure is possible because we're not talking to each other. Many Clinton voters do not know a single Trump voter. Many Trump voters do not know a single Clinton voter.

    There are many causes for this, but as someone who works in tech, I think we have to own a large part of this failure. We, as the people who write modern communication tools, have failed our country, and are failing the world.

    The two communication mediums on the rise, the ones that are replacing traditional newspapers and TV news as the source of information for a vast number of Americans, are Facebook and Twitter. Both of them, whatever their merits for other uses, are absolutely awful for our political discussions, for our understanding of each other, and for our democracy.

    Facebook is a closed bubble of people who think like you. It is optimized and designed to expose you to your people: to the people you are the most connected to, to the people you therefore probably agree with, to the people who think the same way and react to the same things. Everything from reactions by your friends down to the news you see on Facebook is filtered to align with your implicit biases as best as Facebook's algorithms can determine them. It isolates you from disagreement by design. You can, of course, reach out intentionally, and families will always cut across political divides to some extent, but Facebook will default you into a bubble in which you are not having thoughtful, intelligent discussions with people who disagree with you.

    Twitter, by contrast, is a public screaming match. To express any controversial political opinion on Twitter, left or right, is to invite an onslaught by a raging mob. A small number of people can manage to heavily filter that environment and have some semblance of a conversation. Almost no one is going to bother. It feels profoundly dangerous. It's terrifying to say something that might attract real attention. Only very unusual people are able to risk opening up their heart and mind on Twitter and being vulnerable enough to possibly change their minds.

    We have to do better than this.

    I don't know how to do better than this. I don't have any grand plan. I'm not the person to start a project. I don't have a start-up idea, or a free software concept. But if we, as programmers and designers and free software developers, cannot do better than this, who will?

    We have to have a way to enable thoughtful conversations between people with real and profound political disagreements in an environment where there is some mutual respect, some foundation of politeness, and a sufficiently supportive environment that people are willing to risk being convinced. And it has to somehow bypass the filter bubble and allow us to come into contact with people who do not think like us, do not come from the same walk of life, the same region, the same race, the same religion, the same economic circumstances.

    This is a profound challenge. But the news media is not going to suddenly revive. TV news is not going to magically become a venue for intelligent and thoughtful discussion. And people largely do not change their minds through being preached at by "thought leaders." People change their minds through contact with other people, through having their assumptions and conclusions questioned in an environment that supports enough of a foundational level of decency that they can get out of the trap of being afraid and defensive.

    We don't have that platform. We need it. Or I fear we're in for a continual whipsaw of zero-sum voting, as factions with no communication channels to each other whip up xenophobia in an attempt to outvote each other.

I don't have any profound conclusions. I'm honestly pretty upset. And pretty scared. But we have to talk to each other. And we have to listen to each other. And we have to persaude each other. And we have to be willing to be persuaded.

And please go tell someone this morning that you have their back.

Enrico Zini: On SPF

9 November, 2016 - 16:10

I woke up this morning with some Django server error mails in my inbox:

UnicodeDecodeError: 'ascii' codec can't decode byte 0xc5 in position 9: ordinal not in range(128)
 'REMOTE_USER': u'…',

I did what one does in cases like these, I tried to fix the bug and mailed … asking them to try again and let me know if it works.

I get a bounce:

  <Actual user's email>
    (generated from …
    SMTP error from remote mail server after MAIL FROM:<> SIZE=3948:
    host … […]: 550 Please see :
    Reason: mechanism

I resent the mail to the actual user's address, and it went through. Job done, at least until they get back to me telling me that my fix didn't work.

Lessons learnt:

  • Activating SPF checks breaks receiving email via a forwarding address.
  • Activating SPF checks breaks hiding an email address behind a forwarding address.

Daniel Pocock: Understanding what lies behind Trump and Brexit

9 November, 2016 - 15:23

As the US elections finish, many people are scratching their heads wondering what it all means. For example, is Trump serious about the things he has been saying, or is he simply saying whatever was most likely to make a whole bunch of really stupid people crawl out from under their rocks to vote for him? Was he serious about winning at all, or was it just the ultimate reality TV experiment? Will he show up for work in 2017, or like Australia's billionaire Clive Palmer, will he set a new absence record for an elected official? Ironically, Palmer and Trump have both been dogged by questions over their business dealings, will Palmer's descent towards bankruptcy be replicated in the ongoing fraud trial against Trump University and similar scandals?

While the answer to those questions may not be clear for some time, some interesting observations can be made at this point.

The world has been going racist. In the UK, for example, authorities have started putting up anti-Muslim posters with an eery resemblance to Hitler's anti-Jew propaganda. It makes you wonder if the Brexit result was really the "will of the people", or were the people deliberately whipped up into a state of irrational fear by a bunch of thugs seeking political power?

Who thought The Man in the High Castle was fiction?

In January 2015, a pilot of The Man in the High Castle, telling the story of a dystopian alternative history where Hitler has conquered America, was the most-watched original series on Amazon Prime.

It appears Trump supporters have already been operating US checkpoints abroad for some time, achieving widespread notoriety when they blocked a family of British Muslims from visiting Disneyland in 2015. Ambushing them at the last moment as they were about to board their flight, it is unthinkable how anybody could be so cruel. When you reflect on statements made by Trump and the so-called "security" practices around the world, this would appear to be only a taste of things to come though.

Is it a coincidence that Brexit and Trump both happened in the same year that the copyright on Mein Kampf expired? Ironically, in the chapter on immigration Hitler specifically singles out the U.S.A. for his praise, is that the sort of rave review that Trump aspires to when he talks about making America great again?

US voters have traditionally held concerns about the power of the establishment. The US Federal Reserve has been in the news almost every week since the financial crisis, but did you know that the very concept of central banking was thrown out the window four times in America's history? Is Trump the type of hardliner who will go down this path again, or will it be business as usual? In his book Rich Dad's Guide to Investing in Gold & Silver, Robert Kiyosaki and Michael Maloney encourage people to consider putting most of their wealth into gold and silver bullion. Whether you like the politics of Trump and Brexit or not, are we entering an era where it will be prudent for people to keep at least ten percent of net wealth in this asset class again? Online dealers like BullionVault in Europe already appear to be struggling under the pressure as people rush to claim the free grams of bullion credited to newly opened accounts.

The Facebook effect

In recent times, there has been significant attention on the question of how Facebook and Google can influence elections, some European authorities have even issued alerts comparing this threat to terrorism. Yet in the US election, it was simple email that stole the limelight (or conveniently diverted attention from other threats), first with Clinton's private email server and later with Wikileaks exposing the entire email history of Clinton's chief of staff. The Podesta emails, while being boring for outsiders, are potentially far more damaging as they undermine the morale of Clinton's grass roots supporters. These people are essential for knocking on doors and distributing leaflets in the final phase of an election campaign, but after reading about Clinton's close relationship with big business, many of them may well have chosen to stay home. Will future political candidates seek to improve their technical competance, or will they simply be replaced by candidates who are born hackers and fluent in the language of a digital world?

Jaldhar Vyas: You Know Who Else Won Elections?

9 November, 2016 - 14:33

You didn't possibly think my streak of serious posts could last did you?


Creative Commons License ลิขสิทธิ์ของบทความเป็นของเจ้าของบทความแต่ละชิ้น
ผลงานนี้ ใช้สัญญาอนุญาตของครีเอทีฟคอมมอนส์แบบ แสดงที่มา-อนุญาตแบบเดียวกัน 3.0 ที่ยังไม่ได้ปรับแก้