I’m spending some time over the next few days looking for the next round of projects which might benefit from an SOS Fund security audit. (Here‘s what’s been done and published so far; a few more are in the works.) The criteria for what makes a good project are recorded on the MOSS website. We have two hard-and-fast criteria:
The software must be open source/free software, with a license that is OSI-certified and/or FSF-approved
The software must be actively maintained
And then we have a series of factors we consider when evaluating an application:
How commonly used is the software?
Is the software network-facing or does it regularly process untrusted data?
How vital is the software to the continued functioning of the Internet or the Web?
Is the project known for something besides the code we are relying on?
Does the software depend on closed-source code, e.g. in a web service?
Are the software’s maintainers aware of and supportive of the application for support from the SOS fund?
Has the software been audited before? If so, when and how extensively? Was the audit made public? If so, where?
Does the software have existing corporate backing or involvement?
People do have a tendency to suggest the entirely impractical, such as “Linux Mint” or “Copperhead OS”. We aren’t able to do full audits on corpuses of software of that size. In general, if it’s more than about 200kloc, we are going to have to pick and choose.
I got this email recently; I’m 99% sure it’s some new kind of scam, but it’s not one I’ve seen before. Anyone have any info? Seems like it’s not totally automated, and targets Christians. Or perhaps it’s some sort of cult recruitment? The email address looks very computer-generated (firstname.lastname@example.org).
I am writing in accordance to my favourite Christian website, I could do with sending you some documents regarding Christ. I am a Christian since the age of 28, when I got a knock at the door at my house by a group of males asking me to come to a Christian related event, I of course graciously accepted.
I have since opened up about my homosexuality which my local church somewhat accepted, as I am of course, one of the most devout members of the Church. I am very grateful to the church for helping me discover whom I really was at a time where I needed to discover who I was the most.
I would like to obtain your most recent address, as I have seen on your website that you have recently moved house (as of 2016) to a Loughborough address. I would like to send you some documents regarding my struggles with depression and then finding God and how much he helped me discover my real identity.
I thank you very much for your aid in helping me find God and Christ within myself, as you helped me a lot with your website and your various struggles, which gave me strength to succeed and to carry on in the name of Jesus Christ, our Lord and Saviour.
The Ukulele Orchestra of Great Britain come highly recommended. My wife and I saw them last night in Leicester’s De Montfort Hall, and had a wonderful time. They take themselves only semi-seriously, and play a wide range of music; if you’ve never heard Blur’s Song2 played on a bank of eight massed ukuleles, your cultural education is not complete.
They play all around the world, so hopefully there’s a date near you in the next six months.
Today, we launch Firefox 57 “Quantum” – the culmination of a year’s work to rebuild Firefox from the inside out as a “flipping fast”, standards-compliant, user-centric browser which takes maximum advantage of modern computers. If you haven’t tried Firefox in a while, now is the time to give it another go.
On Saturday, I attended the excellent ORGCon in London, put on by the Open Rights Group. This was a conference with a single track and a full roster of speakers – no breakouts, no seminars. And it was very enjoyable, with interesting contributions from names I hadn’t heard before.
One of those was Jamie Bartlett, who works at the think tank Demos. He gave some very interesting insights into the nature and future of extremism. he talked about the dissolving of the centre-left/centre-right consensus in the UK, and the rise of views further out on the wings of politics. He feels this is a good thing, as this is always the source of political change, but it seems like the ability and scope to express those views is being reduced and suppressed.
He (correctly, in my view) identified the recent raising by Amber Rudd, the Home Secretary, of the penalty for looking at extremist content on the web to 15 years as a sign of weakness, because they know they can’t actually stop people looking using censorship so have to scare them instead.
The insight which particularly stuck with me was the following. He suggested that in the next decade in the West, two things will happen to censorship. Firstly, it will get more draconian, as governments try harder to suppress things and pass more laws requiring ISPs to censor people’s feeds. Secondly, it will get less effective, as tools like Tor and VPNs become more mainstream and easier to use. This is a concerning combination for those concerned about freedom of speech.
I had to pay a ransomware bill in February 2015. I bought the right amount of Bitcoin but, like many people, forgot about the transfer fee, so some kind person donated me 0.005 BTC. This means once I was done, my Bitcoin wallet wasn’t totally empty. I have just logged into it again for the first time since, and found that the value of Bitcoin has gone up 28x since then, and so that small amount is now worth… £21.94 (US$28.91). I guess I’m an accidental Bitcoin speculator…
Algorithms, machine learning, artificial intelligence, and other code-driven decision-making are increasingly hot topics for policymakers across the globe. The latest request for information came from the House of Commons Science and Technology Select Committee of the UK Parliament – a cross party body holding an inquiry into the use of algorithms in public and business decision making. Last week, Mozilla submitted comments, written by me and edited/improved by Heather West, on how we think about the intersection of algorithms and policy.
I was recently interviewed by the “Darknet Diaries” podcast about the Diginotar incident, for which I did Mozilla’s security response. Even though this major CA breach happened back in 2011, it still casts a long shadow over the CA industry today, as the scale of the catastrophe has not since been equalled.
OpenStreetMap is the world’s premier provider of free-as-in-freedom mapping and routing data, with a data density in many places which far surpasses all proprietary providers. Here, for example, is the centre of Kampala, Uganda, Africa:
They have chapters around the world, and one was recently set up in the home of OSM, the UK. Joining is only £5 a year; please consider joining and supporting them in this way if you use OSM data at all or are interested in the project.
The Mozilla Open Source Support (MOSS) update for Q3 has been published on the main Mozilla blog. Highlights include the launch of our pilot program focussed on supporting open source in India, a large grant to Ushahidi, and a very successful audit of the chrony NTP daemon.
We decided to implement a lightweight Conflict of Interest policy for the MOSS Committees, not because we have had problems, but because we’d like never to have them :-) They are based loosely on the Wikipedia ones, and are here for anyone to use who wants them (CC-0).
MOSS Conflict of Interest Rules (v1.0)
As a committee member, you must:
1. Disclose actively if you are receiving, will receive, or have received in the past 5 years payment or anything of value from an applicant or their project;
2. Disclose actively if any family member, spouse, partner, business associate, significant other, close friend, or their organizations or employers would benefit from the approval of an application;
3. Answer fully and honestly any relevant and appropriate questions about potential conflicts of interest when discussing an application;
4. Disclose actively if your approval or disapproval of an application could be perceived by others or the public as improper, because even the perception of a conflict or unauthorized personal gain needs to be disclosed;
5. Not approve applications for personal gain.
Under the above rules, a person should “disclose actively” a potential or actual conflict of interest. To “disclose actively” means (1) to report the conflict to the MOSS Administrator; and (2) to do so explicitly and as soon as the conflict is known.
The MOSS Administrator will assess the conflict and, if it is judged to be material, will report it or request that the member report it to the committee.
This video is pretty awesome throughout, but the pinnacle is at the end:
The great thing about social media was how it gave a voice to voiceless people, but we’re now creating a surveillance society, where the smartest way to survive is to go back to being voiceless. Let’s not do that. — Jon Ronson
The final party at the recent Mozilla All Hands, organized by the ever-awesome Brianna Mark, had a “Your Favourite Scientist” theme. I’ve always been incredibly impressed by Charles Babbage, the English father of the digital programmable computer. And he was a Christian, as well. However, I didn’t really want to drag formal evening wear all the way to San Francisco.
Instead, I made some PDFs in 30 minutes and had a Babbage-themed t-shirt made up by VistaPrint, for the surprising and very reasonable sum of around £11, with delivery inside a week. I had no idea one-off custom t-shirts were so cheap. I must think of other uses for this information. Anyway, here’s the front:
and the back:
The diagram is, of course, part of his original plans for his Difference Engline. Terrible joke, but there you go. The font is Tangerine. Sadly, the theme was not as popular as the Steampunk one we did a couple of All Hands ago, and there weren’t that many people in costume. And the Academy of Sciences was cold enough that I had my hoodie on most of the time…
So the situation is not terrible, but it’s not awesome either. Several useful extensions, particularly those that modify the chrome or the browser behaviour, or which tweak prefs, are simply not replaceable in the new world.