Seeking SOS Fund Projects

I’m spending some time over the next few days looking for the next round of projects which might benefit from an SOS Fund security audit. (Here‘s what’s been done and published so far; a few more are in the works.) The criteria for what makes a good project are recorded on the MOSS website. We have two hard-and-fast criteria:

  • The software must be open source/free software, with a license that is OSI-certified and/or FSF-approved
  • The software must be actively maintained

And then we have a series of factors we consider when evaluating an application:

  • How commonly used is the software?
  • Is the software network-facing or does it regularly process untrusted data?
  • How vital is the software to the continued functioning of the Internet or the Web?
  • Is the project known for something besides the code we are relying on?
  • Does the software depend on closed-source code, e.g. in a web service?
  • Are the software’s maintainers aware of and supportive of the application for support from the SOS fund?
  • Has the software been audited before? If so, when and how extensively? Was the audit made public? If so, where?
  • Does the software have existing corporate backing or involvement?

People do have a tendency to suggest the entirely impractical, such as “Linux Mint” or “Copperhead OS”. We aren’t able to do full audits on corpuses of software of that size. In general, if it’s more than about 200kloc, we are going to have to pick and choose.

If you know of a project which fits, please submit a suggestion, or drop me an email. Thanks!

A New Scam?

I got this email recently; I’m 99% sure it’s some new kind of scam, but it’s not one I’ve seen before. Anyone have any info? Seems like it’s not totally automated, and targets Christians. Or perhaps it’s some sort of cult recruitment? The email address looks very computer-generated (firstnamelastnamesixdigits@gmail.com).

Good morning,

I am writing in accordance to my favourite Christian website, I could do with sending you some documents regarding Christ. I am a Christian since the age of 28, when I got a knock at the door at my house by a group of males asking me to come to a Christian related event, I of course graciously accepted.

I have since opened up about my homosexuality which my local church somewhat accepted, as I am of course, one of the most devout members of the Church. I am very grateful to the church for helping me discover whom I really was at a time where I needed to discover who I was the most.

I would like to obtain your most recent address, as I have seen on your website that you have recently moved house (as of 2016) to a Loughborough address. I would like to send you some documents regarding my struggles with depression and then finding God and how much he helped me discover my real identity.

I thank you very much for your aid in helping me find God and Christ within myself, as you helped me a lot with your website and your various struggles, which gave me strength to succeed and to carry on in the name of Jesus Christ, our Lord and Saviour.

Hope to hear a reply soon,

Kind regards,

<name>

The Ukulele Orchestra of Great Britain

The Ukulele Orchestra of Great Britain come highly recommended. My wife and I saw them last night in Leicester’s De Montfort Hall, and had a wonderful time. They take themselves only semi-seriously, and play a wide range of music; if you’ve never heard Blur’s Song2 played on a bank of eight massed ukuleles, your cultural education is not complete.

They play all around the world, so hopefully there’s a date near you in the next six months.

The Future Path of Censorship

On Saturday, I attended the excellent ORGCon in London, put on by the Open Rights Group. This was a conference with a single track and a full roster of speakers – no breakouts, no seminars. And it was very enjoyable, with interesting contributions from names I hadn’t heard before.

One of those was Jamie Bartlett, who works at the think tank Demos. He gave some very interesting insights into the nature and future of extremism. he talked about the dissolving of the centre-left/centre-right consensus in the UK, and the rise of views further out on the wings of politics. He feels this is a good thing, as this is always the source of political change, but it seems like the ability and scope to express those views is being reduced and suppressed.

He (correctly, in my view) identified the recent raising by Amber Rudd, the Home Secretary, of the penalty for looking at extremist content on the web to 15 years as a sign of weakness, because they know they can’t actually stop people looking using censorship so have to scare them instead.

The insight which particularly stuck with me was the following. He suggested that in the next decade in the West, two things will happen to censorship. Firstly, it will get more draconian, as governments try harder to suppress things and pass more laws requiring ISPs to censor people’s feeds. Secondly, it will get less effective, as tools like Tor and VPNs become more mainstream and easier to use. This is a concerning combination for those concerned about freedom of speech.

Accidental Bitcoin Speculation

I had to pay a ransomware bill in February 2015. I bought the right amount of Bitcoin but, like many people, forgot about the transfer fee, so some kind person donated me 0.005 BTC. This means once I was done, my Bitcoin wallet wasn’t totally empty. I have just logged into it again for the first time since, and found that the value of Bitcoin has gone up 28x since then, and so that small amount is now worth… £21.94 (US$28.91). I guess I’m an accidental Bitcoin speculator…

Submitting comments to the UK Algorithms Inquiry

Algorithms, machine learning, artificial intelligence, and other code-driven decision-making are increasingly hot topics for policymakers across the globe. The latest request for information came from the House of Commons Science and Technology Select Committee of the UK Parliament – a cross party body holding an inquiry into the use of algorithms in public and business decision making. Last week, Mozilla submitted comments, written by me and edited/improved by Heather West, on how we think about the intersection of algorithms and policy.

R.I.P. 1967 – 2017

Unto Us…

Somewhere at some time
They committed themselves to me
And so, I was!
Small, but I WAS!
Tiny, in shape
Lusting to live
I hung in my pulsing cave.
Soon they knew of me
My mother — my father.
I had no say in my being
I lived on trust
And love
Tho' I couldn't think
Each part of me was saying
A silent 'Wait for me
I will bring you love!'
I was taken
Blind, naked, defenseless
By the hand of one
Whose good name
Was graven on a brass plate
in Wimpole Street,
and dropped on the sterile floor
of a foot operated plastic waste
bucket.
There was no Queens Counsel
To take my brief.
The cot I might have warmed
Stood in Harrod's shop window.
When my passing was told
My father smiled.
No grief filled my empty space.
My death was celebrated
With tickets to see Danny la Rue
Who was pretending to be a woman
Like my mother was.

— Spike Milligan

Join OpenStreetMap UK

OpenStreetMap is the world’s premier provider of free-as-in-freedom mapping and routing data, with a data density in many places which far surpasses all proprietary providers. Here, for example, is the centre of Kampala, Uganda, Africa:

They have chapters around the world, and one was recently set up in the home of OSM, the UK. Joining is only £5 a year; please consider joining and supporting them in this way if you use OSM data at all or are interested in the project.

MOSS Conflict of Interest Rules

We decided to implement a lightweight Conflict of Interest policy for the MOSS Committees, not because we have had problems, but because we’d like never to have them :-) They are based loosely on the Wikipedia ones, and are here for anyone to use who wants them (CC-0).

MOSS Conflict of Interest Rules (v1.0)

As a committee member, you must:

1. Disclose actively if you are receiving, will receive, or have received in the past 5 years payment or anything of value from an applicant or their project;

2. Disclose actively if any family member, spouse, partner, business associate, significant other, close friend, or their organizations or employers would benefit from the approval of an application;

3. Answer fully and honestly any relevant and appropriate questions about potential conflicts of interest when discussing an application;

4. Disclose actively if your approval or disapproval of an application could be perceived by others or the public as improper, because even the perception of a conflict or unauthorized personal gain needs to be disclosed;

5. Not approve applications for personal gain.

Under the above rules, a person should “disclose actively” a potential or actual conflict of interest. To “disclose actively” means (1) to report the conflict to the MOSS Administrator; and (2) to do so explicitly and as soon as the conflict is known.

The MOSS Administrator will assess the conflict and, if it is judged to be material, will report it or request that the member report it to the committee.

Accepting Inconsistency

Following my previous post on things I learned at Bible college about how to have a reasonable discussion, here is another: you need to accept that people are inconsistent.

That is to say, it is entirely possible that someone you are debating with will hold two opinions that you believe cannot logically be held at the same time. In a reasonable discussion, you need to accept that this is so without assuming evil intent. One good reason for doing so is that it’s probably true of you also – no-one currently on earth has a worldview and set of opinions which is entirely self-consistent and logically perfect.

What you should not do is claim that one or both of the views “isn’t really their view”, or that they are lying or dissembling when they claim to hold both. You are, of course, entirely entitled to point out the inconsistency as you see it, and ask them how they reconcile the two positions. It may be that they haven’t noticed the conflict, and this will cause them to think. Or it may be that you haven’t understood their position fully, and after discussion, you agree the two views are actually compatible. Or it may be that your worldviews and base assumptions differ to such an extent that what you believe is logically impossible, they think is logically fine.

The clearest examples are also the most controversial, but to try and illustrate: some people I talk to cannot understand how my beliefs about church leadership are consistent with with my view that everyone is created in the image of God and therefore equally valuable and important. But I, of course, think these views are entirely consistent. And I often cannot understand how the views on human rights espoused by some people I talk to are consistent with with their views on abortion. But they, of course, see no conflict. Regardless, in either direction, it’s not OK for either me or them to make bold statements that the other party is a liar, is debating in bad faith, or is in other ways evil just because, in that party’s opinion, the other person’s set of views is not logically coherent.