Help Support a Critical, Free Software Privacy and Security Tool (Updated)

I noticed an update from the GNU Privacy Guard project (gnupg or gpg) come across my feeds the other day. If you have received an email from me that has a digital signature if you know what that is or a bunch of gobblety-gook characters at the bottom if you don’t, the tool that makes those signatures possible is gnupg.

More people seem aware of what encryption is and why it is important. We have had a string of increasingly distressing leaks, the ones from Edward Snowden just the latest, about how many governments in presumed open societies are participating in some very questionable trawling of their citizens’ personal communications. For those still not sure why encryption is important, it is the one technology answer everyone can agree upon that allows individual citizens any sense of secrecy and privacy in their online communications, regardless of who may want to snoop on it and how well resourced those eavesdroppers may be.

gnupg is especially important as it is is both free of charge and freely licensed. That second point is critical, it means that gnupg is open to scrutiny from any expert to help ensure it is free of back doors or other problems that might compromise its effectiveness. For users of alternate operating systems like BSD and GNU/Linux, it is often the only choice for certain applications of encryption. Thankfully, it happens to be a usable and useful one that interoperates with the commercial, proprietary choices available to users of more mainstream operating systems.

That post from the gnupg folks? They are in clear need of help in terms of funding.

Work on GnuPG is mostly financed from donations. To continue maintaining GnuPG so to keep it strong and secure against the ever increasing mass surveillance we need your support. Until the end of November we received a total of 6584 € (~5500 net) donations for this year. Along with the 18000 € net from the Goteo campaign this paid for less than 50% of the costs for one developer.

For a critical project of this size two experienced developers are required for proper operation. This requires gross revenues of 120000 Euro per year. Unfortunately there is currently only one underpaid full time developer who is barely able to keep up with the work; see this blog entry for some backgound. Please help to secure the future of GnuPG and consider to donate to this project now.

Support for half of one developer for a project that could easily engage a handful, full time, year round. Do please consider making a donation and if you are unfamiliar with gnupg, spend some time on the project site. It really is a great tool.

Updated 2014-01-06: At the request of the primary author of gnupg, I changed the title and a reference to GNU/Linux in recognition of gnupg’s formal status as part of the umbrella GNU project.

An Unused Resource in the Struggle for Greater Diversity in Tech?

As a technology manager, there is a resource I often ignore that I just realized could be incredibly value in the growing conversation about how we improve diversity in the world of technology work. I did a little searching to see if someone else had this same epiphany. If they have, they haven’t talked about it widely enough to show up after a few cursory web searches.

I am a cisgender, heterosexual, white male who manages a staff of only cisgender, heterosexual white men. I rightly am scrutinized by the rest of my organization, which is at least more gender diverse, in my recruiting and hiring practices. I listen and read a lot as a consequence and struggle to do better. We now include a diversity statement in all of job postings. We constantly think about where we circulate job postings to get them into more places visible to a greater diversity of candidates. We increasingly pay more attention to word choice to make our descriptions as accessible and attractive as possible. We are always thinking of what more we can do.

At the same time, my organization is growing. We have an ever increasing amount of work to get done and the funding to bring on more people to do it. In the past week or so, I posted three job openings for which I am actively recruiting (one for a less experienced candidate, one for a more experienced one, and one that isn’t necessarily a technologist.) I am just as closely scrutinized for recruiting more staff so that we can support our growing commitments.

The first set of candidates we have received are discouraging in terms of diversity. Only one or two are in any way diverse and definitely not along gender lines. We have selected two to pursue, neither of whom change the overall composition of my staff. I feel like a partial failure, that in moving ahead in terms of staff capacity I am falling that much further behind on improving the diversity of my staff. Worse, even if both of these candidates succeed and result in hires, I am still under pressure to hire one more, continuing the tension between capacity and diversity.

That pressure has me re-thinking a resource of which I am often skeptical: professional recruiters.

Don’t get me wrong, I have had good experiences with recruiters, both as a candidate and as a hiring manager. Those experiences have been in the minority however. Those recruiters are the ones who get that the best results are found through cultivating relationships, not about quantity of placements. Identifying the good recruiters unfolds through conversation and trust building which takes more time and effort. That investment hasn’t seemed worth it before this most recent up turn in the number of openings.

Regardless of how I feel about them, recruiters still contact me out of the blue all of the time. When you are easily identifiable as a hiring manager, it goes with the territory. Usually I just delete such contacts or send them to voice mail. As we have struggled even to get a decent pool of non-diverse candidates, I have been re-thinking that policy.

As I was considering how to make better use of recruiters and of the conundrum of hiring quickly or hiring diversely, I came up with a simple idea: accept every cold contact from a recruiter but respond with a set of standard questions.

  1. Do you have a diversity policy or statement?
  2. Can you demonstrate of track record of diverse placement?
  3. Are you experienced at placing candidates at non-profits?
  4. Can you place candidates in the greater Washington, DC area?

In my replies, I insist that I require an affirmative answer to all of these questions before talking further. Out of two contacts I’ve had since thinking of this response, it successfully filtered out one and engaged the other in a way that encouraged me. The first two questions took him off guard but he wrote them down with a promise to look into them and email me his firm’s answers.

I have been thinking a lot on those first two questions. (The last two questions are simply logistics of these particular opportunities.) In particular, I am slapping my forehead wondering why I never thought to ask them of every recruiter who contacts me.

Those web searches I mentioned at the outset. Most of what I found were statements from hiring organizations, the majority of them universities, institutions and a few larger corporations. There may be a more specific set of search terms than I was using that would reveal recruiters who specifically value diversity. I expect that if there was a non-trivial number of such firms, it shouldn’t take any particular skill at web searches to find them. I think there is an opportunity to raise the bar for technology recruiters.

From now on, I am going to ask those first two questions of every recruiter who contacts me, at this job or any other. I will ask whether I am currently hiring or not. I would love for as many of you who are reading this to do the same, if you are in an appropriate circumstance to do so.

Recruiting in technology is a huge business. For qualified candidates, placement fees are quite lucrative. Recruiters, even the good ones, are highly competitive. If we can get some fraction of the firms recruiting specifically for technology jobs to prioritize diversity, I suspect it could have a huge impact.

I think making such a change can start with just a couple of questions.

Heartbreak over Mozilla’s DRM Decision from a Dedicated Firefox User

I saw news last night that, as the headline suggests, broke my heart.

For months, I’ve been following the story that the Mozilla project was set to add closed source Digital Rights Management technology to its free/open browser Firefox, and today they’ve made the announcement, which I’ve covered in depth for The Guardian. Mozilla made the decision out of fear that the organization would haemorrhage users and become irrelevant if it couldn’t support Netflix, Hulu, BBC iPlayer, Amazon Video, and other services that only work in browsers that treat their users as untrustable adversaries.

Like Cory, I have been following the push to install the Encrypted Media Extension as part of the standards that underpin the web. I had not realized Mozilla was seriously considering siding with the W3c. The W3c is the standards body that oversees the constellation of documents that describe the common intersection of what is possible with the web. Their push to adopt EME and, worse, resistance to any calls to reconsider are I think grave mistakes.

The news of Mozilla’s decision to add DRM to Firefox has rapidly spread online. I was a bit surprised at how quickly folks responded to my own expression of frustration on Twitter. Far and away one of the best pieces I’ve seen comes from British journalist, Glyn Moody. He, I think rightly, frames this as far more than a simple choice about technology. This is a question about the very fate of Mozilla begged by the dissonance between their role prior role as the strongest advocate for an open web and this latest development.

I won’t quote a snippet from Moody’s piece but rather encourage you to read the entire thing. It is a compelling and accessible explanation of the situation, why this decision matters, and how we may go forward from here. Ultimately he is optimistic, that the community of technology creators who believe that the freedom to understand, alter and share code and content is paramount will do as they always have done and route around this latest obstacle.

I am sure he is right. We saw it happen with OpenOffice and MySQL though admittedly under rather different circumstances.

I am still incredibly disappointed and upset. I have been a champion of Mozilla’s since before Firefox existed. I used Phoenix, Firebird and continue to use Firefox from the moment that name stuck until now. There exists no doubt in my mind that the shift from a Microsoft dominated Web to the current ecosystem is due entirely to Mozilla’s tireless commitment to open source and open standards. That ecosystem, due to those efforts, includes more openness than just that encapsulated in Firefox’s source code. More astonishing, I don’t think Mozilla ever need to be popular, dominant or relevant to a mainstream audience to be an effective change agent.

I never once considered abandoning my support as I have seen others do. New gimmicks or even claims to best Firefox in terms of speed, size or true functionality have never outweighed for me Mozilla’s dedication to principle. In recent years especially, none of those choices would have come about but for Mozilla. None of them included the same deep commitment to principles I cherish.

Until now.

The decision of Mozilla to include digital rights management, regardless of the technical details, feels like a betrayal of those principles. Worse, it poisons the space for the same reasons Mozilla’s dedication to openness made it an effective change agent. Firefox is an existence proof. Others may not weave openness as deeply into their efforts but they see it is valuable and worth addressing to significant degree.

And now it will go for this counter example. If the staunchest defender of the open web concedes to the pressures to hobble the web with DRM, then why shouldn’t every other last creator of web technologies? Had Mozilla chosen differently, it may not have stopped EME and the inclusion of DRM in other web browsers, but it would have undoubtedly created more space for openness, well beyond its own direct efforts.

Now the question we need to ask, to paraphrase Glyn Moody, is whither the open web?


 

If  you want to know what you can do, read the Free Software Foundation’s criticism of the decision which includes several good calls to action at the end.

Outreach Program for Women

I have increasingly been reading, thinking and writing about the question of inclusion and diversity in the world of technology in general and within FLOSS more specifically. I am most in read and learn mode.

When I come across something worthwhile, though, I do like to share; especially examples of people and projects actively working to improve things. One that I not only came across recently but have the very good fortune to participate in for my day job, is the Outreach Program for Women being run by the Gnome Foundation.

Outreach Program for Women (OPW) internships were inspired in many ways by Google Summer of Code and by how few women applied for it in the past. This was reflective of a generally low number of women participating in the FOSS development. The GNOME Foundation first started the internships program with one round in 2006, and then resumed the effort in 2010 with 4 more rounds organized every half a year. In the previous round, the Software Freedom Conservancy joined the Outreach Program for Women with one internship with the Twisted project. This round, we’ve expanded the program to include several other FOSS organizations.

You cand find the full information on the program, including details on mentoring organizations and how to apply, here.

While, full disclosure, I am writing this post for the benefit of my employer and the work I do at the Open Technology Institute, this is an endorsement, and a request for help in spreading the word, that I can whole heartedly personally endorse as well. The Outreach Program for Women isn’t just a good idea but in the short span it has been run, it has yield some sustained, concrete successes in terms of interest and participation from women.

My sole regret is that I was unable to write and publish this post sooner. The deadline is Monday but since this is the final wekk before applications are due, mentors are able to work more closely with candidates in selecting and completing their first contributions to the participating projects.

Mozilla Scaling Back Thunderbird Development Shouldn’t Mean Not Innovating in Messaging

To start with, I feel compelled to directly address a lot of the laughable reading of tea leaves I have seen since the story broke that Mozilla is scaling back development on Thunderbird late yesterday.

I don’t think it is a coincidence that the first declarations of the demise of Thurderbird I saw came from TechCrunch, a site I associate with hyperbole and the worst sort of journalistic pot-stirring in the tech news sphere. Mitchell Baker’s announcement on her blog bears much closer reading, though. I think saying that the multi-platform, open source messaging client is being put on life support is overstating things. That would be like saying a long term support release of Ubuntu is the same as life support.

It is useful to bear Thunderbird’s storied past in mind when thinking about this most recent turn. Thunderbird has never been as actively developed or supported as Firefox. I still remember the very long and frustrating doldrum that was version 2. Then suddenly there seemed to be enough interest and will to try to couple it to Firefox’s recently re-invigorate development cadence. From Thunderbird 3 through the present saw a rewarding surge forward for long time users and supporters, like myself.

I tend to interpret Baker’s announcement that Mozilla is shifting away development resources as a return to that sargasso of slow development in which Thunderbird really has spent most of its time anyway. This time, there is the possibility the community will take up her invitation, to pick up the banner and move the state of the mail client forward independently. There is some cause to hope; I cite how LibreOffice rose from the ashes of the fork that birthed it, before which there was similar hand wringing about the slow death of OpenOffice.

I want to emphasize one key point in Baker’s post before I go on. Mozilla is still supporting Thunderbird, just not undertaking any new feature development. They are committed to releasing security updates. For the time being, Thunderbird is still a viable choice for those who use desktop messaging clients, like myself and even Baker herself.

I want to point out for Linux users there are a bevy of other options from mutt to Evolution and Kmail. I suspect though that each of these may be found lacking in some ways, not because of a short fall in the developers’ attention to them. I worry that there is a common cause for lack luster progress, one that arises from certain user expectations. I think we all know what may be robbing all desktop email efforts of oxygen: Gmail.

Gmail wasn’t the first webmail solution, nor is it the only one. We even have open source options, like SOGo, for those that want to combine the convenience of a web based solution with owning their own mail server. I don’t even think it is the features of Gmail that are responsible for its overpowering draw. Just pay attention every time there is a change in features or new ones launched. There is plenty of growsing and often a battery of extensions and GreaseMonkey scripts to restore older functionality.

For me there is a persisent lack in Gmail that finally drove me away for good, no reliable way to support encrypted correspondence. I don’t see that changing any time soon given Google’s focus on organizational gewgaws like priority mail.

I think it is the incredible ease of setup and use that feeds Gmail’s success at the expense of seemingly everything else. I honestly think Mozilla should address that far more directly and if they are unwilling to innovate on top of Thunderbird, perhaps it is time for them to create an open source alternative to Gmail. They have toyed with various efforts around open web applications. Above all they are committed to their role in ensuring an open Internet not through market dominance but in always ensuring that users have a choice.

If Thunderbird isn’t the choice users want, I submit Mozilla should marshal their experiences with efforts like Sync, Raindrop and Thunderbird to produce their own webmail service. I know they will never be able to scale to the size of Gmail but that isn’t the point. Creating a compelling, competitive webmail offering that expresses Mozilla’s commitment to user sovereignty, security and open standards would be worth whatever resources the plucky non-profit can spare and, I suspect, would draw far more outside support and interest if they chose to take the initiative, meeting the market dominant player head on just as Firefox continues to do.

vim Clutch, a Dedicated Peripheral for the Minimalist Text Editor

I saw this on MAKE and as a long time and inveterate vim user, I kind of want one.

If you are unfamiliar with vim, it is a text editor that places control from the keyboard first and sports a couple of different modes that swap different commands for common keys, like ones dedicated to movement and editing. vim is actually the modern descendant of vi, an editor that has its roots in very slow terminal links so was designed to work well with a trickle of throughput

Adding a pedal to swap modes just makes sense once you get used to the idea of flipping your editor into different modes to accomplish different tasks. Your fingers don’t even have to leave the home row to invoke that changeover, you can just tap a foot like an F-1 racer.

Vim Clutch, MAKE

Is Facebook that Desperate about Its Failed Email Service?

Casey Johnston at Ars Technica has the details of what to me seems like a pretty sleazy move. I have definitely confirmed that the “About” part of my profile now shows the email at the FB domain instead of my actual email. Worse, as reported, there is no way for a user to change this, to remove the FB email or give preference to any other address over it. I have been on the fence about deleting my Facebook account for some time. This may be the final straw.

Facebook forces all users over to @facebook.com e-mail addresses, Ars Technica

Open3DP Now Less Open

Entirely through no fault of their own, the astonishingly innovative academics at the Open3DP project have run into obstacles living up to the “open” in their name.

Since approximately, October 17, 2011, we’ve been a little bit more guarded about what is going on in our lab and perhaps a little less helpful or open to some of you. We’re sorry. Our University has decided, with no faculty involvement to change our consulting/engagement forms.

The change means that University of Washington is now claiming total ownership of intellectual property developed by facutly and students. Previously the project had been sharing its knowledge much more freely across an amazing breadth of efforts. These are the folks that figured out how to print 3D objects in wood and generally have been working with a variety of materials broader than most included concrete, glass and tea.

To benefit from their considerable experience now requires a consulting contract that may cost as much as $80K to $110K at a minimum. Several of the faculty are working to change the new policy. They are circulating a form letter in response to inquiries highlighting the situation and redirecting interested parties to other resources in the 3DP community.

I had the great pleasure of talking with one of the faculty working on Open3DP last Summer. The irony for me is that the conversation I had then informed me of the patent situation around powder bed 3DP technologies of which previously I had been largely ignorant. In a nutshell there are still considerable barriers in the form of intellectual property licensing keeping out all but the well financed commercial ventures or the most brazen academics and homebrew enthusiasts.

Sorry we’re not so Open lately, Open3DP (via BoingBoing)

A Renewed Plea for Moving Beyond DRM and Incompatibilities in eBooks

Joe Wikert at O’Reilly clearly articultes a view I’ve held for some time, that we need ebook interoperability that is entirely comparable to that of MP3’s for digital music. The use of DRM by the larger ebook stores has certainly kept me from even contemplating a dedicated reader as much as I am increasingly attracted by the promised advantages.

Imagine buying a car that locks you into one brand of fuel. A new BMW, for example, that only runs on BMW gas. There are plenty of BMW gas stations around, even a few in your neighborhood, so convenience isn’t an issue. But if one of those other gas stations offers a discount, a membership program, or some other attractive marketing campaign, you can’t participate. You’re locked in with the BMW gas stations.

This could never happen, right? Consumers are too smart to buy into something like this. Or are they? After all, isn’t that exactly what’s happening in the ebook world? You buy a dedicated ebook reader like a Kindle or a NOOK and you’re locked in to that company’s content. Part of this problem has to do with ebook formats (e.g., EPUB or Mobipocket) while another part of it stems from publisher insistence on the use of digital rights management (DRM).

Wikert goes on to re-visit the problems inherent in the current ebook market in a coherent and I think compelling fashion. It is worth noting that O’Reilly, who re-posted this piece from Publishers Weekly, is one of the few publisher from whom I regularly buy ebooks exactly because they support all the popular formats and have never used DRM.

I simply will not buy into another platform that has an intentional switching cost built in. I possess the technical experience and skills to exercise what I believe to be fair use in the form of personal copies and format shifting. That doesn’t change how I feel even if that means I still have to live with the limitations of paper books as an avid reader, both for pleasure and for my profession. I would love nothing more than to have my entire non-fiction library always at my fingertips with quick lookup and digital notes to add in my research, writing and other work.

It is more important to me to set a visible example and to keep pushing for a legitimate means to exert my preferences, especially with my purchasing dollar. If I buy DRM’ed or otherwise platform locked titles, I fear it sends the wrong message, that I find this situation acceptable when I clearly do not.

It’s time for a unified ebook format and the end of DRM, O’Reilly Radar

Why Science Fiction is Part of My Own Narrative

I commonly field the question of what ties together all the threads I pursue on this blog and in my podcast. Cory Doctorow, in his most recent Locus column, has generously given me an excellent explanation at least for why I tend to ruminate so much on science fiction as a literature and why I find it woven so much into my thinking about technology and policy.

Science fiction exposes: it can be hard to understand or even see upheaval when you’re in its midst. But just as a doctor will swab your throat and grow a sample of the flora she finds there in a petri dish until it’s large enough to identify, so too can a science fiction writer construct a petri dish of a world in which a single technology or idea can grow to fill it, providing a magnified look at something that was too small to be detected in situ.

The exposure he so beautifully explains is just one of the functions this genre of work can serve. I won’t spoil the most compelling argument, rather urging that you read the article, if you haven’t already. Cory’s keen insight here is why I recently praised his skill as an essayist, a facet of his work that I don’t think garners as near as much attention and credit as his oratory and fiction.

A Vocabulary for Speaking about the Future, Locus Online