Once upon a time in the web

I was gonna write a disclaimer about me not being objective about the Pirate Party, and them who will probably jump on me because I'm saying shit. But, well, fuck objectivity. I am nothing like objective and you probably know that. And if you take this too seriously,then, it's not really my problem.

So, why this. Some will say it's a free shot at the Pirate Party and, well, it is. More or less. But the point of having a blog is to express personal opinions, right? Also, a lot of people ask me on a regular basis what do I think of it and, since I do not want to rant endlessly I just avoid the subject.

And I'll continue. What will follow are my personal views of what I perceive what is the Pirate Party and why I think they're wrong and why they're going in the wrong direction.

Hackers are not, in my mind, people that fix things. Hackers are the ones who divert a system to do something else with it than its intentional purposes. So, when people says they're hacking politics it is with the intent to divert the political system to do something else than it's initial purpose - managing the city. Hacking politics could be, for instance, have the political system serving your own personal agendas, or discussing laws about the lolcats or whatever.

Hacking politics is not trying to have it working on its initial purposes. This is fixing politics. Make it working the way it should work - should being personal but it could be working along the rules the political system choose to follow.

Also, it is extremely hard to divert the system when you're only a user of it. This is why hackers seeks for privileged access when they want to hack their way into a system, and this can be done using software, a solder iron, a set of tools or whatever. It can be accomplished only from the outside of the system, you need to analyse and measure the output of the system when it receives some input or some constraint. Even better, you need the DNA, the source code, the schematics, all relevant documentation about the system, it will ease your way in.

The Pirate Party

People all around th world thought that the issues around copyright, sharing and mass surveillance deserved to be fought by a dedicated Party. Don't get me wrong here I do think they're critical issues and that the answers provided by the traditional system aren't good for anything (including business).

However, it is for the citizens to stand up and fight. Not some self proclaimed representative authority who, by design, must follow an insane number of rules, including the ones which asks for the structure to have a leader.

I believe in doocracy and autonomy. I can accept temporary delegation of my voice to a person I think share the same views than I on a specific topic. Even if liquid democracy is a problem (will discuss that later). I do not believe in pyramidal structures whim only goal is to gather more power to have a chance to be heard by the others.

Beside, I think the problematics raised by the Pirate Party - privacy, sharing, mass surveillance - are cross partisan ones, each political party should defends them because they are linked to basic human rights. A bit like every political party opposes torture, for instance, all of them should opposes mass surveillance.

It is a bit like ecology in fact. It's a group of public interests and each part of the democratic process should have it's opinion on it. I cannot imagine today a politician blatantly saying that ecology sucks, we need moar pollution. They can have different views and solution to the problematics, but it is now something beyond the classic right/left paradigm.

Civil liberties, the right to intimacy, the accountability of the society, the right to copy and share are problematics that are tied to society management - which is, by essence, politics - and every political groups have a stance about those issue. It's not a defining paradigm (like liberalism, socialism, communism, fascism, whateverism) of a political group.

And by being a political party, and so a political group, the Party Pirate claims that they are the only one to defend those issue, and that all other groups are, de facto, against those issue.

To make things worse, being a political party, besides the amount of paperwork needed and the fact that you need to have a chain of command, if you want to have some weight and to have representative you must make alliance with other groups. Since you fight for specific issues, they'll stand for them also. But then, their foes will oppose your ideas (friends of my foes are my foes) instead of fighting for them.

You'll end up with almost half of the people opposing your ideas because they oppose your allies. And you will be stuck with promises you've done and concession you've made to get those allies.

And you'll end up either disappearing (you made no concession, so you have no representative, and you're not existing) or by compromise yourself (defending ideas that aren't yours).

Just because the representative system is bugged by design and is maintaining itself.

Hacking politics, ORLY?

However, I must admit that, being a national or cross-national party can be useful. Political party usually consider other party as being like them and it can be a handy way to have them talking about some issue.

But, it is the wrong way to do it. First, it enforces them in the position of an elite of people that can make laws and regulations without having to be accountable of what they've done. Some might think that a vote can change that, but, since you can vote only for a person who present itself and who - if you really want things to change - must be backed up by an already existing entity, things won't change much with only a vote. Also, I tend to think that the people in charge want us to just vote and not speak our mind.

Second, citizens must speak out. I do not need a political party to speak for myself. I need my representative to do what he's supposed to do: represent me, speak for me, and be accountable before me for that. This is what civil liberties groups are. And La Quadrature du Net is one of them, EFF is another. The Party Pirate could be if they weren't so eager to have representative elected among them. Those civil liberties groups are good to deploy memes in the public space. We won't have heard about ACTA for them leaking it and fighting it (for four years in a row).

The fact that ACTA has been rejected in the EU parl is the proof that, when citizens are doing their job - asking their representative to represent them, not to represent private interests - the representative have no choice but to do what they should, not what they want (and yes, it's harsh, but they have a lots of benefits from this job, they should do the part they don't like or quit it).

And yes, the two representative (for all the Europe) in the EU Parl have done some good job about raising those issue, but it's not because they were a party they were effective, it's because they were doing their citizen job.

So, what?

In the end, my main problem with the Pirate Party is that, instead of changing the system, they validate it, makes it stronger. And they want to have representative elected, instead of just using the mediaspace to deliver a message and to try to convince everyone that they're speaking the truth and that some things might end (and other starts). It could have been an amazing tool, but it has been shaped by politicians that were already well established.

It is maintaining the illusion that the actual implementations of a democratic system we have is valid and can work.

Liquid democracy

To finish that, let's talk about liquid democracy.

Liquid Democracy is based on the simple fact that any citizen have a equal voice and uses it on each issues that is debated. They can choose to delegate this voice to someone who they think is an expert in a given field. And they can cancel or change this mandate at any moment and for no reason. They can also gives their voice for a specific issue to a different expert.

For instance, I can perfectly choose to give my voice to a person that I (and only I) judge as competent for all the issues relating to urbanism for I suck at urbanism, while I'll keep my voice for myself for all the issue about computers and intertubes.

And you can delegate all the voice you received the same way. It means if someone gave me their voice for urbanism problematics, I will delegate it to my urbanism expert.

It sounds like a good idea but there's two problems.

The consensus issue

First it is based on democracy. It means that, to do something, you call for a vote and you'll wait until you have a consensus about what you're going to do.

From my perspective, you do not need a consensus to do what you want. You just need to do it. If people dislike sit, thy will tell you, if they're outraged by it they'll try to destroy it, if they want to change it, they'll change it.

And it will be this way until one part abandon it because they judge it does not worth the effort.

Also, I do think that a majority of people can be wrong (else, Skype or Facebook won't be used that much). So having a consensus is not a sane objective (and it's the best way of doing nothing).

The reputation of expert

The other problems is the one about the reputation of the experts. If someone have twenty voice for problems related to intertubes, you'll think they are competent (or they won't have twenty voices). And you'll gave them your voice.

And, since you judge them being competent, they will keep your voice until your proven they're not. And they can only be proven incompetent by another expert of the same domain, with a better reputation.

Where it became weird is that, if this second expert is better than the previous one, why didn't you gave him your voice from the beginning? The system will end up with one, maybe two, experts competent on a domain, and probably a lot of independent citizens with one or two voices who cannot do anything since the expert have the majority of the voices (else they won't be expert and people won't gave them their voices). And the expert won't change.

Also they can create expert. If I've got quite a good reputation on a particular field and I give my voice to someone else in another field, a lot of people whom I already possess voices for my field of expertise, will gave their voices to them.

This is how you end with a tyranny of so-called experts.

It's easy to fix however. You must keep the number of voice you have secret. And I'll assume there's a technical way of not juking the system. So, you know nothing about intertubes and you want an expert. And you can't find one, because no one can. So you're going to make a choice based on what you can read. It means each expert have to expose their view and explains the issue.

And then, something magic will appear, you're going to learn some basic skills about the experts' domain. And you won't need an expert anymore, for they're more or less forced to publish everything, so you can learn. And votes for yourself.

If the experts refuses to publish, then they'll have to convince you differently, and we end up with the current system.

So, liquid democracy can't work. As a citizen you should never delegate your voice to anyone. And you should slaps anyone who asks you that with a large trout.

And this is why I cannot stand that someone describing themselves as a pirate asks me just that.

It started with a workshop

With some friends, we decided to have a workshop around the Piratebox, so we ordered a lot of TP-link WR703n and started to flash them.

They are labelled as 1.6 revision, but we discovered it the hard way they're not (worse, some of them actually are, and we were lucky on the first one we tried). So, basically we created some bricks and people were going home without their PirateBox, which is sad.

The trunk was building fine, but the snapshots on OpenWRT.org were built without USB modules, and they are mandatory for the PirateBox to works. I had a host with the full openwrt toolchains, so I started playing around with it and, finally, built a workable firmware for this hardware revision.

How canI use it

It works almost like on the original tutorial except that the firmware you need to download is this one and, that on the steps Install Piratebox you need to change the command issued on step 2 like this:

cd /tmp
opkg update && opkg install http://piratebox.aod-rpg.de/piratebox_0.6.3_all.ipk --force-depends

Note the force-depends added at the end of line. It is mandatroy, because I build the binary 'losetup' inside busybox, not as a package, so opkg won't find it.

You will have some error message written, speaking about missing dependencies, but you can ignore them.

Reboot your routeur, and now, everything should works.

Want to build your own?

So, in caseyou wantto have fun with the openwrt toolchains, I've pushed my openwrt env in gitorious

TL;DR Oh,well. Fuck you, you should read and stop being a lazy asshole.

Acknowledgement

I am privileged. Whatever I can say about the state of the world, I'mborn in the best side of it. I can express myself without risking getting beaten up and torture. I can go in the street to buy my food without risking being shot by a sniper. I know that I'll sleep in a safe place every night. I can have three (or more) meals a day (as long as I do not forget to eat).

And I won't be insulted, assaulted, raped, considered as a minority, feels in danger by simply walking in a street.

All of that because I'm a white male. I was granted some privileges (and I did not asks for them) the day I was born around here at this period of time. And that sucks. I mean, the fact that I have privileges means that I have power over someone. And that sucks because it means some people (the ones I have power over) are not free, and then it hinder my freedom (if people around me can't be free, then I can't benefit of my freedom)

So yeah, being a privileged makes your life easier, but it sucks. I do not want it. And to get rid of it will take some time because the society I live in needs to change on a more global scale. And it starts by raising awareness of the situation (and then to change it and to abandon this power).

Facts & Statistics

If there's no discrimination in education, then the skills are equally split across the whole population, so you should find educated and skilled people everywhere. Imean, if there's 20% of people blue-skinned then, 20% of the people good at cooking should have their skin blue. Sounds OK to you?

So, if our educationnal system works fine and tend to develop interest and curiosity equally across the population. What it means is that the simple fact that I've met 5 women since I started my studies in technological background (one in a company, the four others were classmate) is either a statistical error, or a proof that the system is borked. I've met other woman in tech department I've worked in, but they were mostly in the "creative" one (design, integration, etc).

Hence, there's something broken. I've quite an issue to spend a lot of time in a company, In the 13 years I've been working (yeah, started early), except the company I've spent my aprenticeship,I didn't spend more than a year in a company. So it's almost 8 of them. Of different size and of different background.

Never met a woman in the IT department. Sometimes I was the IT department, but even then, in the development teams I haven't met a woman. The only womans in tech I've meet is from the hacker scene (and yeah, most of the timeIdidn't knewbefore meeting in the meat, but that's another topic).

So, when someone tells me about sexism that if it's not broken, don't try to fix it as an argument to not think about anti-harassment policy, I think they're wrong. There is a problem.

And a wild politician appears

The other day (two or three days ago at time of writing), @_LaMarquise was assaulted in the street by some guy jerking of in public, and she tweeted about it. Some clever guy @romain_pp thinks it would be funny to joke about it. The thing is that this person happens to be one member of the French and Swiss Pirate Party, and, if I get those party right, anyone can speaks in the name of the party. It's even written on the name of twitter account, and in the twitter background. So yeah, it was the speach of the Pirate Party.

The things gone a bit wild on twitter, most of the argumentation against @_LaMarquise was that she wasn't rational. I'll develop that a bit later, but basically I tend to think that you can't expect for someone inshock to be rational.

She was also told that she is agressive, that she should not go public about private matters like agression (well, then why do people twitt about their personallife then?), that she was disturbing their life.

The Pirate Party did wrote a letter to @_LaMarquise. They did it in private (since I'm not able to find it online). Which I find weird for a Party who claims transparency at alllevel of society. However, computer system are nice, because it does not cost much to copy things and here is a copy of it (provided by the offended, I have no reason to doubt about her). In essence they say they regret what their member says, and they also regret the "buzz" around it. They do not take the opportunity to engage in a more active position, neither they've blamed their member.

Basically this letter is an attempt to shut the things down without aking a stance for or against sexism. If they're against sexism, they should, at least, get rid of Romain, if not they did not need to write it. This letter prove that what's important for them, is to avoid being drag into the mud not to defend some position.

What's a shame is also that they tend to be the first to condemn such comportment in other party. There's also an issue about freedom of speech, But I'll get to that later.

About the violence

To live in fear of being assaulted or raped does not help to keep you head cold. As I said (and other said), keeping your head cold is a privilege of people in power, don't forget that. Insurrection, and a need for a change, will lead to violence. That's inevitable. This piece summarise it quite well, and the foreword is interesting:

Submission of the oppressed relate to established order. May he disturb this order by beaking its chains and by hitting the master, that is the scandal. In the master language which became the common language, the violent is notthe one who do violence, but by the villain who dares to rebell. - Igor Reitzman

When someone yells at you about something, you should listen to them, because this something is important for them (if not for you). You don't imagine the French Revolutionnaries to ask kindly to Louis XVI if he would surrender the power. A lot of people don't want to abandon power and you'll have to forces them to do so.

It took me sometime to understand that, because it's not pleasant to have people yelling at you. It's irritating and you tend to answer agression with agression. I'm not sure I'm fully ok with that, but I try to understand why people are yelling now (also, I try to not answers quickly for it generally don't help the situation, whatever the situation is).

So, yeah, some feminists will use violence, either physical, either verbal. And if it disturbs you it means that it's working. You should asks and try to understand why they're upset, not to calm themselves.

About freedom of speech

However, I'm against censorship. It means that I condemn the fact of suppressing speach. I want nazis to speak their mind, because that's how you'll find their ideas can be dangerous. And I want mysogyn to speak their mind, because that's how you'll know them. And it's also the only way to discuss with them about those issue.

But freedom of speach goes both way. It's not because someone is allowed to say something that they should not been contradicted, ashamed, punished or whatever. You have the right od so a sexist jokes. And I have the right to say it's not funny. Heck, I even have the right to tell the world about it. If you don't want that and if you want to be able to say whatever you want without consequences, then you're defending censorship.

So yes, it makes me uncomfortable about what happened at Bsides (here's the violet blue point of view and here's the adainitiative one). Basically a prevention talk about sex and drugs, which had been announced late has been removed from schedule due to some fear of witch hunt by the BSides staff (whether or not the adainitiative initiate this isnot clear forme) under the pretext that there could have been rape survivor who could be put in a stress state (it seems that's how PTST works) if they attend the talk, and that speaking about how drugs works and, especially, the GHB in a talk labbelled _“sex +/- drugs: known vulns and exploits”_ is an incentive to rape.

The arguments is that, in hacking conferences, people giving talk named known vulns and exploits do that to encourage the exploitation of those vulnerabilities. Well, there's a misconception here. Most of the talks about known vulns are more about how toprotect yourself against them than exploiting them.

In general, the vulns is being patched at the time of the speech, or at least, the people exploiting the software or system are working on it (if they taking their jobs seriously I mean). Of course some people will uses them to their own profits, but that's not a majority.

And, in fact, people using vulns for their own profits, don't want the vulns to be known. Going public about them is prevention and education, it's not for arming people. This is how preventions works.

Now, should we do preventions in the tech community? Of course we should. There's an history of sexual agression and rape in tech conferences. If you don't speak about it, you can't educate people and you won't changes them. The adainitiative says that they organises their own camp to discuss about it. But it's like doing a drug prevention talk in a straight edge camp, you won't help drug addicts to manage their addiction.

So yes, we must educates our fellow hackers, especially in occasion where there's alot of drugs, alcohol and sleep deprivation, because it changes your perceptions of things. So talking about it is a necessity. And, if the talk happens tobe offensive, then people should says it and condemns it,but you can't know that until the talk happens.

There's still the problem with rape survivors and the PTST syndrom. I can understand why people who survived an agression and/or a rape don't want to be exposed to some talking about it (hey, one should manage their pain as they see fit). And it seems there's a custom about trigger warning, which I do not fully understand yet (seems to work a bit like the PEGI labels for video games)

End

Mmm, I might have missed some points somewhere. Or I can be wrong about some stuff. If you think that, well, ping me. You'll find me quite easily I think.

First, facts

So, Instagram updated their Terms of Services granting themselves the fact that they could sell whatever you posted on their websites:

Rights - Art 2: Some or all of the Service may be supported by advertising revenue. To help us deliver interesting paid or sponsored content or promotions, you agree that a business or other entity may pay us to display your username, likeness, photos (along with any associated metadata), and/or actions you take, in connection with paid or sponsored content or promotions, without any compensation to you.

And the web-2.0-sphere goes wild about that (and yes, it means you). They then explained what they did in a blog post.

The main argument I saw was "gnagnagna ... work I've made ... need compensation ... instagram fucktards ... gnagnagna" or something else.

So, you were complaining because someone is copying, distributing and sharing something you've done and from which you expected no benefits - or you'll have sold it one way or another - and you found this unacceptable.

While you find acceptable to pay MegaUpload to copy, distribute and share contents they do not own. You're quite a paradoxal fucktards.

Then, shoot

I mean, you're crying because instagram was doing what you're doing? Come on. There's another reason. I mean, you're not raging because of the Article 1 of the very same Terms of Services ( I emphasize ):

Rights - Art 1: Instagram does not claim ownership of any Content that you post on or through the Service. Instead, you hereby grant to Instagram a non-exclusive, fully paid and royalty-free, transferable, sub-licensable, worldwide license to use the Content that you post on or through the Service, except that you can control who can view certain of your Content and activities on the Service as described in the Service's Privacy Policy, available here: http://instagram.com/legal/privacy/.

So, yes, instagram could already do whatever they want about the content you post. Heck, they can even give it for free to whoever they want. And you'll see a similar article in all the new generation web services: Facebook, Twitter, Google, have them.

But, you would not protest for your privacy invasion. Or because we've lost so many things due to the existence of those services. No, you are protesting for the worst ever reason.

You are protesting because hype people are protesting (Pink, or any another big account). You're just following the hype instead of thinking. You are protesting because you advocate for the non-free licence CC by-nc-sa - it is non-free because it forbid some uses.

You're protesting and raging and crying because you can't accept that someone is selling what you give to them. You're protesting against your own stupidity. Your protesting because you think that sharing must be done only freely. You're protesting because someone might someday use what you create without your consent. You're protesting because someone took some liberties toward the stupidity that is copyright.

Yeah, protesting because instagram is doing whatever they want with the content you uploaded there, is protesting in favor of copyright. It's taking a stance for a strong copyright system, for putting an end to the sharing system that powers up the internet.

Some might argue there's some privacy implication. The implication did start at the moment you put things online without extremely strong encryption on a centralised system.

You want to defend your privacy? Don't use a centralised system. Encrypt everything. Take back the control over your data. And let instagram and facebook dying.

Update (02/11/2012) I added the 'ask a passphrase' functionnality in the hook.

Intro

As you might already know, I have a yubikey I use as an authentication token. Without it, I cannot log on my computer as a normal user.

But I wanted to do more than that. Like, blocking the boot if the key is not present, unmounting encrypted drive by removing the key, etc.

In this post, I'll show you how I've tweaked my initrd system to stop booting if I haven't plugged in the key. I'm using the basic kernel from arch linux, and the mkinitcpio system that is shipped in this distribution.

However, the scripts mught be easy to port to a different one.

Writing hooks

I needed a new hook for that. This hook will be responsible of embedding the necessary binaries and modules, and to run them at boot.

The Arch wiki has a page about writing some custom hooks. It just need two non-executable scripts. The neat thing is that those script will embedd all required dependencies when creating the image.

So, use your editor of choice and create the first file /usr/lib/initcpio/hooks/yubikey and paste this content in it:

\#!/bin/bash

\# Use y2kchalresp to test if the yubikey is present
run\_hook() {
    local CHAL YCHAL PASS TRIES OK
    msg ":: Loading necessary modules for yubikey..."
    /sbin/modprobe hid\_generic 
    sleep 2

First, we need to load the required modules. dmesg tolds me that this is the module hid_generic (quite expectable since the key actually is a usb keyboard). I need to sleep a little bit, to give time to the USB bus to detect the key. In case your system doesn't detect the key, you might need to increase it.

    TRIES=0
    OK="KO"
    CHAL="thechallengeresult"
    while [ $TRIES -lt 3 ]
    do
        read -p "Enter your yubikey passphrase: " -s PASS
        YCHAL=$(ykchalresp -2 "$PASS")

This is the crypto part of it. CHAL contains the expected result challenge (that is the result of the command runned in YCHAL), the PASS is the challenge submitted to the key and YCHAL is the command sent to the key to have an answer from it.

We also start a loop to grants you the ability to mistype your password. The call to read with the -s flag is used to define a passphrase and to not display what you're typing.

        if [ "$CHAL" != "$YCHAL" ]
        then
            err "Challenge Response with yubikey failed"
            ((TRIES += 1))
        else
            msg "Challenge Response with yubikey correct"
            OK="OK"
            break
        fi
    if [ "$OK" != "OK ]
    then
        exit 1
    fi
}

If everything is ok, CHAL and YCHAL are equals, and you can process to the end of the boot. Else, you increment TRIEs, and you loop. If tries is greater or equal to 3, then you end the loop.

At the end of the loop, if OK doesn't contain OK, then exit, else continue the normal boot process.

The second needed file require by mkinitcpio, in the /usr/lib/initcpio/install/yubikey script.

#!/bin/bash

build() {
    add_module hid_generic
    add_binary /usr/bin/ykchalresp
    add_runscript
}

The build function is called to pack everything in the initrd. We need a module and a binary, so we add them here. And then the add_runscript function tells mkinitcpio that there is a script in hooks/yubikey to be included.

help() {
cat <<HELPEOF
    This hook tries to lock the computer at boot if no yubikey is inserted
HELPEOF
}

The help function just display a message when you want to know what this hook is about.

Then, just add the yubikey hook in your HOOKS array, edit /etc/mkinitcpio.conf and add it after the usbinput things.

And rebuild the initrd.

mkinitcpio -p linux

And now, on boot, you will need your yubikey plugged in.