Year: 2010

Posted on

Identi.ca Updates for 2010-06-13

  • @glynmoody: twitter is world wide. As such, any hour could be a peak hour in some timezone. #
  • @pietercolpaert: good luck, hope they go well! #
  • Bored, want to go home … #
  • @gbraad: One of my key points when talking about Free Software when kids are involved is how sharing is such an important value to incentive #
  • @dhraak: what you said makes no sense. difference is only PoV !freesoftware !opensource the same. focus on rights vs capabilities. #
  • @dhraak: #swpat hurts all. like a mine field. #
  • @31daSarrafada: ja estao habituados a isso… #
  • ♺ @moryan: #GameofThrones trailer debuts Sunday night before #TrueBlood on @HBO. What I’ve heard about the clip: http://bit.ly/aNTUZ6 #
  • @schestowitz in one of those critical reviews of !Ubuntu !GNU/!Linux a security feature is idiotically criticized. No exec bit on downloads. #
  • freshmeat to close down? I haven’t visited it in years, but I remember the day I had time for a daily check on what’s new http://is.gd/cO33s #
  • @bkuhn: I felt that way at the end of a fantastic #fosdem 2010 😐 #
Posted on

Identi.ca Updates for 2010-06-12

  • @bruce89 yes, talking from heart. only checked it a long time ago when @lxoliva brought it up on fedora-devel. #
  • Em Alcongosta… #
  • @rysiek: I view those kinds of deals as shameful surrender to #swpat #
  • @joseluis: they work for me, in a gprs connection in #Portugal !gnu !fsf #
  • @rysiek: it was very good that Mark gave Microsoft the middle finger 😉 #swpat #
  • @rysiek: it’s a deal, but not necessarily with Microsoft. Wonder if they’re not painting a target on themselves for MPEG-LA gangsters… #
  • Restaurante Mario, perto do Fundao: nao se comeu nada de especialmente bem feito e ainda nos tentaram levar 15 EUR em entradas q nem vieram. #
  • A friend of mine has had is first born this morning at 10:38 Lisbon time. Congratulations, friend 🙂 #
  • To all my followers on Twitter, due to the end of https basic auth in June 30, my Twitter participation will be exclusively write only. #
  • If you want to interact with me, please follow-me on http://identi.ca/ which is a Free (as in Freedom) Software twitter-like service. #
  • It is also where the really cool people are… 🙂 #
  • @brunomiguel Vão tornar obrigatório oauth/xauth para todas as aplicações e acabar com http basic auth o que é uma treta. #
  • @brunomiguel read my analysis here: http://blog.1407.org/2010/06/11/twitter-is-wrong-should-not-drop-https-basic-auth/ #
  • @brunomiguel São bastante broncos. oauth funciona bem para web-apps (estilo twitpic e afins) mas para aplicações clientes é treta completa. #
  • @brunomiguel exactamente, quem utilizar uma aplicação não web que suporte oauth/xauth pode de repente ver mensagens suas a espalhar spam… #
  • @spot will never happen because upstream does not see it as a problem. Firmware separation will have to start downstream. #
  • @brunomiguel neste momento devias conseguir editar…. #
  • ♺ @webmink: Just when you thought it was safe to use IRC: http://icio.us/f3qvek #
  • @homembit: espero q a vossa nos de uma cabazada! ; #
  • @homembit: lol nao ligo muito a football mas nestas alturas fica um inferno por aqui quando ha vitoria… #
  • ♺ @brunomiguel: mostrei o tuxracer a uns miúdos e eles ficaram fascinados. ainda vão usar caixa mágica em full-time no magalhães #
  • @mairin @jjnova the problem with Ubuntu WRT software freedom is that they hide it more and more. pt_PT locale talked about “gratis software” #
  • @mairin @jjnova (at least ’till recently). More: adding clearly proprietary software to official channels, not just merely #swpat encumbered #
  • @mairin @jjnova but OTOH their huge usability efforts were a big platform towards popularity of a (mostly) Free Software distribution. #
Posted on

Identi.ca Updates for 2010-06-11

  • @mjnalmeida: eu pus o OpenVPN a autenticar-se com "tu sabes o que" 😉 #
  • #xauth solves none of the real problems with #oauth. snce «you still use your [oauth] authorised tokens to interact with the API» #bullshit #
  • #xauth, just as #oauth, is bullshit security for client applications. #
  • ♺ @StopActaNow "The Pirate Bay has stolen about 46 times more $ than actually exist on Earth" – #RIAA http://is.gd/ckYxH #
  • @bkuhn It’s good to set goals, I see no problem in #Red_Hat setting it at $5 billion. What one could see a problem with is how it is reached #
  • @schestowitz you’ll possibly like my comments there… #
  • @support I think I found the behaviour that may be causing unecessary flags. I just accidently flagged @zach. #
  • @zach I accidentally flagged you while I was browsing your previous messages in http://identi.ca/zach #
  • @zach as I was about to press the “previous messages” button, the page finished loading and javascript focused on the text entry area. #
  • @zach as a consequence of the page jumping up, guess what button is now *just*under* the mouse pointer? Yes.. flag… #
  • ♺ @mjray: @ruiseabra @support that javascript auto-focus SUCKS and had me too! Either focus when the field appears or not at all, please. #
  • If it wasn’t unethical, I’d just discretionally block the world cup from the company proxy. Unethical colleagues screaming about it. Grrr #
  • ♺ @karsten: Proprietary technology is a waste of money, says Kroes http://ur1.ca/06whd My take on Kroes speech at #OFESummit !fsfe #
  • ♺ @glynmoody: The Rise And Fall Of The RIAA – http://bit.ly/9fLIDE just the facts (and graphs) #music #
  • ♺ @JMF1957: Um despacho que vale a pena ler, o do procurador de Aveiro. http://is.gd/cLTjG Finalmente tornado público. #
  • @jmcesteves: are you Deep Thought 2.0? #
  • @brunomiguel: Obrigado 🙂 podes ir compondo uma lista de blogs a convidar? #
  • @brunomiguel: wiki! #
  • @brunomiguel: mudaste de user? #
  • ♺ @mjvalente: Iceland passes gay marriage law in unanimous vote | Reuters → http://drp.ly/1aZNc9 #
  • @mairin: to be honest, !fedora already does compromise quite a bit but certainly less so than !ubuntu room for improvement on both of them! #
  • @brunomiguel se puderes tentar agora 🙂 #
  • Perto de Alcongosta para a Festa da Cereja… viva as pens 3G #
  • @gbraad One easy package that comes to mind is Linux (rpm -ql kernel does show some blobs…) but much better than ubuntu in this regard. #
  • @gbraad yes, but it’s waste of valuable developer time not having linux-libre as an alternative kernel in !fedora repos. A foreign repo too. #
  • @gbraad bugs should be filed 🙂 #
Posted on

Twitter is wrong: should not drop httpS basic auth

As some of you might know, I write a µ-blogging tool called elmdentica. It is a client side application developed with Elementary, an EFL library oriented towards small touchscreen interfaces. I only recently learned that Twitter is dropping Basic Authentication support coming next June 30th. They claim it’s insecure because:

  1. with http credentials go in the clear (no problem here)
  2. with https, some people may think it’s too expensive (only complete idiots)
  3. applications have to store user credentials locally

As an alternative, they are making oauth mandatory for APIs that need authentication. While their reasoning may make sense in the context of massively concentrated web applications (think Twitpic and similars) this is absurd for client application like those running in your cell phones or computers.

Let’s take a look at the problem…

oauth gives you a consumer key and a consumer secret that authenticate your application. They don’t authenticate the user, they prove Twitter that you’re a legitimate and registered application.

If both key and secret became public, anyone could make an application pretending to be yours. While someone making a clone of your program isn’t a real problem, if someone writes a trojan horse… then there could be a problem, no?

Well, with oauth, both key and secret need to be known by the application during run time. So at any given moment, the computer running your application will have these two important assets. Either because they are embedded in your code, or because you download them live from a site. The fact remains: they are for all practical effects no longer secrets.

In web applications, no user accesses the only running copy of the software holding both key and secret, so oauth works there.

What about xauth?

I haven’t read much about xauth but after reading this page explaining what xauth is, I’m absolutely convinced the problem remains and wasn’t even tackled. The only issue that was solved, by requesting an user’s login and password only once, without need of local storage or visiting a web page, was an usability issue for client applications.

The real problem is still there, so Twitter is wrong and should not drop Basic Authentication from the https interface.

If they do, elmdentica will very likely not work on Twitter anymore. I don’t care much about that, but the users of elmdentica may care. That pisses me off.

What now?

Fortunately, there is a better alternative to Twitter if you value software freedom called identi.ca. More than just using, you can have your own “Twitter” by installing the Free Software that makes identi.ca, which is StatusNet.

At least they have no plans of dropping Basic Authentication. Hurra!

Posted on

Yes, it’s you. But only you…

I posted the following as a comment at some guy’s blog who claims he’s parting with the FSF because of their “hate speech”. I find it so ridiculous that I commented, but then later on thought I should actually make it a blog post. So here it is:

«If you want people to adapt your ideals or products you gotta show them why they are better than what they have been using: Tell them about the brilliant things they get when they use your stuff, tell them about new possibilities

They do just that. When you claim such a thing, I can only guess you never ever heard or read one of Richard Stallman’s speeches.

Campaigns like DefectiveByDesign or Windows7Sins are *very*small* things compared to the rest.

That you should choose your position over them rather than the whole, and totally demonstrate you missed the point of software freedom, is really revealing that you don’t give a damn about your community‘s software freedom.

You just want, like a spoiled child, to run all the software you want at your will, regardless of whether you’re infringing the law.

Want proof? Nothing easier… I’ll just take your own words:

«The FSF should focus on outlining what positive  things a new users gets from FLOSS: Tell people about VLC that allows them to play basically every type of media without hassle

Well, this is false. Many types of media supported by VLC are encumbered by software patents. In the USA, in particular, doing what you “preach” could become a very concrete and real legal liability: they could be accused of enticing people to break the law.

Is that what you think the FSF should be doing? Really? Or you just never sat and thought things through?

Posted on

Identi.ca Updates for 2010-06-10

  • ♺ @glynmoody: Cyber War: Microsoft a weak link in national security – http://bit.ly/aoiIsO stuff at the end of piece is worrying #microsoft #
  • @support I noticed I wasn’t getting any messages from @jwildeboer. Went to his identica page and noticed I have him flagged. Bug? unflag plz #
  • I would love it if someone could tell @jwildeboer I didn’t flag him in Identi.ca. @greve @karsten @zoobab? Please? #
  • @stephwho did he comment on that? #
  • @support feature request: ability to “unflag” so users don’t have to bug @support 🙂 #
  • @stephwho thank you, I didn’t ask you because I had understood you weren’t with him today 🙂 #
  • @stephwho yeah, they probably are in write-only mode, right now 🙂 #
  • @stephwho oh my… not even… oh… OMG! #
  • Increased the messages list area in !elmdentica by moving the timeline description to the title bar and the toolbar at the bottom (+handy) #
  • Type your status here… #
  • @ronnypfannschmidt Good for you! 🙂 #
  • Wow! What do you do when str2 = strndup(str1, 8) returns a string with 8 NULLs instead of str1’s first 8 characters? #
  • If I printf(str1) I see all I expected. #
  • @tonnerre do what, instead of strndup(str, limit), then? #
  • @support @jwildeboer is not blocked, only flagged. Toggling block and back again doesn’t change flag status. #
  • @tonnerre of course not, these printf(str1) is just a contraction, in code is printf(“%s”, str1) and only exists to debug what’s the prob. #
  • @tonnerre my problem is: str1=”123456789″; str2=strndup(str1, 8); and now str2==”” #
  • 20 #
  • @support yeah, it took some pages of looking backwards in timeline, but yes, I receive. I only noticed because I thought he’d report today. #
  • @stephwho It’s an attack on the PIGS, Portuguese and Spanish were robbed yesterday, as well. #
  • But it’s South Africa! How could one not expect the tourist attraction of being robbed? Wondering when rape will start showing up… #
  • @smaffulli: gwibber always sucked codewise but has the best UI #
  • ♺ @glynmoody: Memo From #Dell: #Ubuntu Linux Is Safer Than Windows – http://bit.ly/ccW8La grab a screenshot before it gets “disappeared” #
  • ♺ @glynmoody: Lawyers Warn WordPress Over File-Sharing News Blog – http://bit.ly/c9ll8R this is an unwinnable war, lawyer people… #
  • @smaffulli yeah, about that time I also visited an SCO press conference/workshop to add some fire to their party 😉 #
  • What’s coming up in the next !elmdentica release for your !freerunner: http://is.gd/cKGiA http://is.gd/cKGkp #
  • http://www.ubuntu.com/products/casestudies/Andalusia-deploys-220000-Ubuntu-desktops-in-schools-throughout-the-region !ubuntu #schools #es #
  • @bugabundo haven’t checked xauth yet, but if it needs to store the secrets in client app like oauth, then it’s just as much bullshit. #
Posted on

Identi.ca Updates for 2010-06-09

  • ♺ @glynmoody: WebM has landed on Firefox 4 nightlies – http://bit.ly/aUbIN7 form an orderly queue #webm #firefox #video #
  • ♺ @joaop: More of this please. NOT! RT @BreakingNews Malaysian princes reach s/ment over who has the right to use Bentley owned by their dad #
  • @andersongouveia: dude, why do you advertise proprietary software so much? Bad form! #
  • ♺ @schestowitz: “MS Has Already Approached Canonical Pressuring Them to Sign up to a Patent Deal” http://ur1.ca/06ixf #swpats !ubuntu !fsf #
Posted on

Identi.ca Updates for 2010-06-08

  • ♺ @PauloTrezentos: ASE 2010 http://39lo.sl.pt. Paper presents new approach to better Linux dependencies solving. Work was developed w/INESC #
  • ♺ @BoingBoing: Terrorists figure out how to get America to attack itself: leave harmless, "suspicious" ba… http://bit.ly/cyVDTf #
  • ♺ @glynmoody: Zaragoza’s move to complete open source desktop going to plan – http://bit.ly/cgIqIz Spain’s Munich? #opensource #migration #
  • As usual, vendor lock-in effects are the biggest challenges. Get rid of the toxic waste! 🙂 #
  • #apple #bigbrother #facetime ♺ @carlopiana: @jwildeboer Have you read this http://bit.ly/doecD8 ? Big brotherish, innit? #
  • @stephwho use Perl 😉 (@jwildeboer can explain you the pun) 🙂 #
  • @stephwho Perl is a programming language with a tendency to «Do what I mean» because sometimes what people mean is not what they want. #
  • @jwildeboer bullshit! You can make any language be a “write-only” language. That’s a matter of following good practices or not. #
  • People who make healthcheck documents in hundreds of *powerpoint* slides should be shot without mercy. #
  • ♺ @jerezim: RT @clarinette02 RT @stoppacta: Australian senator Lundy raises #ACTA concerns http://bit.ly/aPOD1R #StopACTA #
  • ♺ @FFII European Parliament “calls for greater investment in the use of open source software in the EU” http://bit.ly/c2XbEw #
  • «European charter of users’ rights (…) this should include in particular users’ rights relating to digital content» http://bit.ly/c2XbEw #
  • With relation to last status message: be afraid… be very afraid. #
  • ♺ @caostheory The Gov of Malta issued a directive giving preference to OSS in all government projects http://bit.ly/cCEabz #
  • ♺ @carlopiana: Malta #rocks: http://ur1.ca/06722 law to prefer !freesoftware in procurement. Via @maslett #
  • @evan: please don’t make the twitter mistake as oauth is bullshit security outside of web-apps. don’t drop http auth. #
  • @jmcesteves: what? what? what? 🙂 #
  • @bob_sutor: you can’t make GPL/LGPL applications for iPays as #Apple forbids it. #
  • ♺ @mind_booster: Liked "Mozilla evangelist: #Apple #HTML5 demos harm the open Web #dirtytricks" http://ff.im/lGmiC #
  • @greve I sadly envy you from afar… the only joy I can take is how close Ponto Final is to me… #
  • @greve hehe everything is still fine, I hope, here it is… predicted date still the same? 🙂 It would be so cool if they came up same day.. #
  • @zach oh, thank you, thank you, thank you, thank you, thank you, thank you, thank you, thank you, thank you, thank you, thank you! #
  • ♺ @lxoliva: Brazilian court refuses to uphold foreign copyrights (MS, AutoDesk) for lack of reciprocity in US law ur1.ca/069sa (via @ufa) #
  • ♺ @lxoliva: juiz espanhol equipara P2P a empréstimo de livros bit.ly/9THGFI como na intro de fsfla.org/blogs/lxo/pub/p2plano-b #
  • If !fedora 13’s #firefox has pt_PT localization problems (eg, Save is C-s, quit/sair is C-s as well and bad), is that upstream or not? #
  • @ender2070 if that’s so, then I probably know who to pester until fixed 🙂 #
  • @ender2070 it’s very unnerving to find out that C-q doesn’t work anymore #
Posted on

Identi.ca Updates for 2010-06-07

  • @Biafra: lol semantics. Of course, but the meaning is that military style of command is not the proper way of leading knowledgeable people. #
  • @jwildeboer:no openvpn for android ? tsk tsk tsk #
  • ♺ @glynmoody: The Australian Parliament goes CC – with v3.0 – http://bit.ly/9271c2 nice move #cc #australia #
  • @glynmoody !cc but NC and ND. While I understand ND, NC I don’t. Anyways… better than nothing at all. #
  • @glynmoody and *again*, IIRC? @bkuhn grats, dude! 🙂 #
  • @bkuhn right, my memory of that detail wasn’t correct, anyways, feeling’s the same! 🙂 #
  • @fontana delayed, *again*? I suspect they’re finding it very difficult to agree on a position… #
  • ♺ @glynmoody: Human Rights Eroding in Name of Copyright Protection http://bit.ly/d9FpDj not new, but worth saying again #copyright #freedom #
  • ♺ @glynmoody: OpenSource Could Mean Open Door for Hackers http://bit.ly/bqRbpH think we’ll need to see the methodology on this one #security #
  • @schestowitz my firefox from fedora 13 isn’t playing that ogg 🙁 #
  • ♺ @mind_booster: Liked "Zangaram-se as comadres." http://ff.im/lDLZa ACAPOR e MAPiNET (good riddance, `as duas) #
  • @brunomiguel: more than enough RAM and storage! I wanna! #shogo #tablet #
  • ♺ @TMorais: Internet censorship harms schools – http://www.boingboing.net/2010/03/26/internet-censorship.html #
  • ♺ @leonivek: Venture Capitalists Lobby Against Software Patents http://bit.ly/boe4lA !oss !linux #
  • @gbraad: thought you went there with a contract in hands! problems? hope not … good luck , man ! #
  • @brunomiguel: #openPandora sucks a bit, freedomwise. not sure about #shogo but seems better equipped. #
  • @gbraad: phew 🙂 #
Posted on

Identi.ca Updates for 2010-06-07

  • @Biafra: lol semantics. Of course, but the meaning is that military style of command is not the proper way of leading knowledgeable people. #
  • @jwildeboer:no openvpn for android ? tsk tsk tsk #
  • ♺ @glynmoody: The Australian Parliament goes CC – with v3.0 – http://bit.ly/9271c2 nice move #cc #australia #
  • @glynmoody !cc but NC and ND. While I understand ND, NC I don’t. Anyways… better than nothing at all. #
  • @glynmoody and *again*, IIRC? @bkuhn grats, dude! 🙂 #
  • @bkuhn right, my memory of that detail wasn’t correct, anyways, feeling’s the same! 🙂 #
  • @fontana delayed, *again*? I suspect they’re finding it very difficult to agree on a position… #
  • ♺ @glynmoody: Human Rights Eroding in Name of Copyright Protection http://bit.ly/d9FpDj not new, but worth saying again #copyright #freedom #
  • ♺ @glynmoody: OpenSource Could Mean Open Door for Hackers http://bit.ly/bqRbpH think we’ll need to see the methodology on this one #security #
  • @schestowitz my firefox from fedora 13 isn’t playing that ogg 🙁 #
  • ♺ @mind_booster: Liked "Zangaram-se as comadres." http://ff.im/lDLZa ACAPOR e MAPiNET (good riddance, `as duas) #
  • @brunomiguel: more than enough RAM and storage! I wanna! #shogo #tablet #
  • ♺ @TMorais: Internet censorship harms schools – http://www.boingboing.net/2010/03/26/internet-censorship.html #
  • ♺ @leonivek: Venture Capitalists Lobby Against Software Patents http://bit.ly/boe4lA !oss !linux #
  • @gbraad: thought you went there with a contract in hands! problems? hope not … good luck , man ! #
  • @brunomiguel: #openPandora sucks a bit, freedomwise. not sure about #shogo but seems better equipped. #
  • @gbraad: phew 🙂 #