FSFE Newsletter – May 2014

press at fsfeurope.org press at fsfeurope.org
Mon May 5 16:21:42 CEST 2014

 = FSFE Newsletter – May 2014 =

[ Read online: https://fsfe.org/news/nl/nl-201405.en.html ]

 == Heartbleed and economic incentives ==

You probably heard about the bug in the Free Software OpenSSL nicknamed
"heartbleed". The FSFE already welcomed the industry initiative to fund
critical Free Software projects[1], and the topic was discussed in
several blog articles on the planet: Sam Tuke wrote about his
impression[2], Hugo Roy shared an XKCD comic explaining how heartbleed
works[3], and Martin Gollowitzer wrote about what the Heartbleed bug
revealed to him[4] about StartSSL certificate authority.

But your editor is convinced that the main problem is not OpenSSL. It is
not Free Software. It is about companies not taking responsibilities and
about missing economic incentives to ensure security. Security expert
Bruce Schneier wrote in 2006[5]:

    "We generally think of computer security as a problem of technology,
    but often systems fail because of misplaced economic incentives: The
    people who could protect a system are not the ones who suffer the
    costs of failure."

In a nutshell, if your private data is exposed because your health
insurance, where it is stored, did not take care to secure it, you
suffer to a much higher degree than the health insurance does! You are
in no position to preasure the health insurance to change its level of
security, and they have no economic incentive to do so. In the article
Schneier further explains that the liability for attacks is diffuse and
that "the economic considerations of security are more important than
the technical considerations".

Following the argument, the important question we face is, how can we
give the right economic incentives to ensure that: security relevant
software has the proper funding; third parties are auditing code; more
people are trained in computer security; programmers have time for
maintenance and are not forced to just develop new features; we have a
diversity of software[6] for different special purposes and therefor
prevent software monocultures[7]; companies run secure software instead
of just giving people a good feeling by performing a security theatre or
by delegating responsibility to others (for example the government), so
they can be blamed if there is a problem, and that also the security
interest of private users is fulfilled and not just those of big

In the FSFE we thought about how to give good economic incentives for
Free Software development from the beginning, and now we have to think
more about economic incentives to increase security. It is a difficult
area, so we are looking forward to your comments on this topic and
invite you to discuss it on our public mailing lists[8].

 == Internet Censorship and Open Standards ==

Local elections scheduled across the country for the following day, the
government blocking both YouTube and Twitter, and the usage numbers of
the Free Software anonymity software Tor doubling during the week. Is
there a better time for the FSFE's President to go to this country? At
the annual conference of the Turkish GNU/Linux Users Association in
Istanbul Karsten Gerloff talked about the relationship between
technology and power, and made it to the front page of a national
newspaper by mentioning who sold the software to block the internet.
Karsten wrote a summary of his talk and his journey in his blog[9].

The talk would not have happened without our Turkish volunteer Nermin
Canik, who encouraged us to attend the conference. Nermin has been
working steadily and reliably as a volunteer for a couple of years now.
Together with other volunteers she organised Document Freedom Day[10]
(DFD) events in Turkey. This year, although as mentioned above it was a
hard time for people in Turkey who care about freedom, they accomplished
7 events in Istanbul, Ankara, Çayırova, Denizli, and Adana.

Have a look at the Document Freedom Day 2014 Report[11] to find out what
happened in Turkey and around the world during that day. The report
includes lots of pictures ranging from children celebrating DFD at
school, the new leaflets, comic, and t-shirts, as well as the very
delicious looking cakes. Thanks to our Turkish translator[12] Tahir Emre
and our leaving intern Matti Lammi the report and the whole DFD website
are also available in Turkish and Finnish.

 == Something completely different ==

- The German association Teckids e.V.[13] offers workshops for 10 to 16
  year olds to build robots with different sensors (light, sound, or
  ultrasonic) and program them to do cool things by using Free Software.
  Your editor was delighted to see that in those workshops teenagers
  teach other teenagers how to tinker with Free Software[14]. More news
  about education are covered by Guido Arnold in the Free Software
  education news[15].

- News from the public administration: The government of Galicia
  recommends use of Open Document Format[16] and a school in
  Villmergen/Switzerland is satisfied with Free Software[17] as they can
  now invest more money in education.

- 143 of the politicians newly elected in France's municipal elections
  have pledged their support for Free Software. They all signed the Free
  Software Pact by the French Free Software organisation April[18]. The
  FSFE congratulates them for the good job. Please notice that this
  month's "Get Active" item, always at the end of the newsletter, is
  also about the Free Software Pact and how you can help us.

- From the planet aggregation[19]:

    - Ghostery is an browser extension supposed to help users against
      tracking and surveillance on the web. But as Hugo Roy reports[20],
      the problem is that Ghostery is not released as Free Software.

    - Guido Günther reports from the 7th Debian groupware meeting[21] at
      the Linuxhotel including why the participants, of whom all but one
      are FSFE Fellows, took the decision to remove iceowl (calendar) or
      what they did with icedove (e-mail).

    - Our Fellow Number 1, wrote about KDE e.V., families at Free
      Software meetings, especially at the meetings in Randa
      Switzerland[22], and he made some proposals for future KDE

    - Karl Beecher explains why Programmers Start Counting at Zero[24].

    - Carsten Agger gave a talk about Open Data and Hacktivism at the
      hackerspace in Aarhus[25]. He also participated at the first
      International Festival for Technoshamanism. He explains what
      Technoshamanism is[26], what it has to do with Free Software, and
      reports from the first day[27].

    - Hugo Roy takes a look at the GNU GPL in a javascript outliner:
      "GNU GPL, JS and BS"[28] and he wrote about Innovation policy and
      Internet liability in courts–beyond advertising[29] with the
      conclusion that "we need to take back control of innovation and
      technology policy to foster privacy and freedom; more than ever."

    - Konstantinos Boukouvalas wrote about the OSCAL conference in
      Albania[30] (3-4 May) which is supported by Albania's Ministry of
      Youth and Social Welfare[31]. They keynote there was done by
      FSFE's Erik Albers[32].

    - On a technical side: Guido Arnold explains the advantages of using
      caff for keysigning[33], which is part of the keysigning-party
      package on Debian based systems.

    - Kevin Keijzer's new bedroom is now equipped with a new Free
      Software computer[34] and he documented how to install Debian
      GNU/Linux on the Acer C720 Chromebook[35].

    - Jens Leuchtenbörger explains how to do Certificate Pinning for
      GNU/Linux and Android[36].

    - When Daniel Pocock upgraded an Android device he "found out that
      Android betrays the tethering data"[37], after he received a lot
      of feedback he wrote a follow-up article because people justified
      the way mobile networks try to discriminate against tethering[38]
      after his first blog entry. Also read Paul Boddie's comment about
      the second article[39].

    - Furthermore Daniel wrote about problems with SMS logins[40], how
      his AirBNB hosts wanted to scan his identity documents and
      passports[41], and the best real-time communication (RTC / VoIP)
      softphone on the GNU/Linux desktop[42].

 == Get active: Make the Free Software Pact a success! ==

As we wrote in March[43], candidates pledging for Free Software is a
good way to take them at their word after an election. In Future we can
contact them whenever there will be EU legislation to be passed that
might endanger the existence or growth of Free Software.

After FSFE's volunteers did a lot of translations for the pact, April
now published all necessary information on the Free Software pact
website[44] so you can get active.

In Italy our new intern Michele Marrali already contacted 51 candidates.
He searched for the candidates, used Erik's template[45] (also available
in German[46] ) to contact them, and afterwards noted on our pad whom he
already contacted[47]. His goal is to contact every Italian candidate
and get them to sign the pact. So how many can you contact?

In case you do not have time to participate in this "hobby lobby
competition", consider to make a donation[48] so we can offer the most
active volunteers some rewards from our shop[49].

Thanks to all the volunteers[50], Fellows[51] and corporate donors[52]
who enable our work,
Matthias Kirschner - FSFE

Free Software Foundation Europe <https://fsfe.org>
FSFE News <https://fsfe.org/news/news.en.rss>
Upcoming FSFE Events <https://fsfe.org/events/events.en.rss>
Fellowship Blog Aggregation <https://planet.fsfe.org/en/rss20.xml>
Free Software Discussions <https://fsfe.org/contact/community.en.html>

  1. https://fsfe.org/news/2014/news-20140424-01.en.html
  2. https://blogs.fsfe.org/samtuke/?p=718
  3. http://hroy.eu/notes/openssl-tragedy/
  4. https://blogs.fsfe.org/gollo/2014/04/13/what-the-heartbleed-bug-revealed-to-me/
  5. https://www.schneier.com/blog/archives/2006/06/economics_and_i_1.html
  6. https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations
  7. https://www.schneier.com/blog/archives/2014/04/dan_geer_on_hea.html
  8. https://fsfe.org/contact/community.en.html
  9. https://blogs.fsfe.org/gerloff/2014/04/29/interesting-times-speaking-about-free-software-in-istanbul/
 10. http://documentfreedom.org/events/events.html
 11. http://documentfreedom.org/news/2014/news-20140424-01.html
 12. http://fsfe.org/contribute/translators/translators.html
 13. https://www.teckids.org/
 14. https://blogs.fsfe.org/mk/teenagers-teach-how-to-program-robots-with-free-software/
 15. https://blogs.fsfe.org/guido/2014/04/free-software-in-education-news-march/
 16. https://joinup.ec.europa.eu/community/osor/news/galicia-recommends-use-open-document-format
 17. https://joinup.ec.europa.eu/community/news/swiss-school-invests-open-source-savings-education
 18. https://joinup.ec.europa.eu/community/news/143-french-politicians-pledge-support-free-software
 19. http://planet.fsfe.org
 20. http://hroy.eu/notes/avoid_ghostery-proprietary/
 21. http://honk.sigxcpu.org/con/Bits_from_the_7th_Debian_groupware_meeting.html
 22. https://blogs.fsfe.org/mario/?p=205
 23. https://blogs.fsfe.org/mario/?p=224
 24. http://computerfloss.com/2014/04/chapter-0-programmers-start-counting-zero-2/
 25. https://blogs.fsfe.org/agger/2014/04/10/speaking-about-open-data-and-hacktivism/
 26. https://blogs.fsfe.org/agger/2014/04/18/participating-in-the-1st-international-festival-for-technoshamanism/
 27. https://blogs.fsfe.org/agger/2014/04/25/opening-the-1st-international-festival-of-technoshamanism/
 28. http://hroy.eu/posts/gpl-js-bs/
 29. http://hroy.eu/posts/innovation-policy/
 30. https://blogs.fsfe.org/boukouvalas/?p=546
 31. https://joinup.ec.europa.eu/community/news/albania-youth-ministry-supports-open-source-meeting
 32. http://oscal.openlabs.cc/speakers/
 33. https://blogs.fsfe.org/guido/2014/04/key-signing-with-caff/
 34. https://blogs.fsfe.org/the_unconventional/2014/03/29/my-new-bedroom-htpc-gigabyte-brix/
 35. https://blogs.fsfe.org/the_unconventional/2014/04/20/acer-c720-chromebook-debian-gnu-linux/
 36. https://blogs.fsfe.org/jens.lechtenboerger/2014/04/05/certificate-pinning-for-gnulinux-and-android/
 37. http://danielpocock.com/android-betrays-tethering-data
 38. http://danielpocock.com/tethering-and-petrol-charges
 39. https://blogs.fsfe.org/pboddie/?p=769
 40. http://danielpocock.com/sms-logins-an-illusion-of-security
 41. http://danielpocock.com/airbnb-hosts-scanning-copying-passports
 42. http://danielpocock.com/best-rtc-voip-softphone-linux-desktop
 43. https://fsfe.org/news/2014/news-20140304-01.en.html
 44. http://freesoftwarepact.eu/
 45. https://blogs.fsfe.org/eal/2014/04/23/the-free-software-pact-for-the-european-elections-2014/
 46. https://blogs.fsfe.org/eal/2014/04/23/der-freie-software-pakt-eu
 47. https://public.pad.fsfe.org/p/freesoftwarepact-eu-candidates
 48. https://fsfe.org/donate/donate.en.html
 49. https://fsfe.org/order/order.en.html
 50. https://fsfe.org/contribute/contribute.en.html
 51. http://fellowship.fsfe.org/join
 52. https://fsfe.org/donate/thankgnus.en.html

More information about the Newsletter-en mailing list