Posts

Posted on

Identi.ca Updates for 2010-06-18

  • ♺ @mind_booster: Liked "IMPORTANT: twitter is postponing the OAuth switch over to august 16, 2010 http://ff.im/mfSrk #
  • @mind_booster: #oauth is worse than worthless for client apps. basic auth should be kept under https. Do you hear me, @raffi? #fail #
  • @hub: That and the hugely expensive price tag. #
  • @hub: my !freerunner works. some big hw issues but still my main phone. #
  • @rlafuente Há um bug não 100% identificado que causa um lock-up daquilo, já está no ar. #
  • @jzb most I’ve seen complaining couldn’t care less for people’s software freedom and only wish to discuss technical merit. Not !fsf mission. #
  • @rlafuente not yet mas vão haver… #
  • @rlafuente estilo hackdays tens o @codebits 🙂 #
  • Pena 🙁 ♺ @presidencia: Presidente da República enviou condolências pela morte do escritor José Saramago http://bit.ly/bV8sly #
  • ♺ @glynmoody: EU’s Standard Failure on Standards – http://bit.ly/dbAhvL disgraceful bias against #opensource #standards #eu #
  • Damn #worldcup not over yet? Sigh… #
  • 20 milhões de Euros em Tinteiros? E a crise, pá? http://www.base.gov.pt/_layouts/ccp/AjusteDirecto/Detail.aspx?idAjusteDirecto=149751 #
  • 10.6 Milhões de Eur em impressoras, respectivos acessórios, consumíveis e assistência? E a crise, pá? http://is.gd/cUrbD #
  • 8 milhões de Eur para passear num navio? Mais 16 Milhões 1 mês depois? E a crise, pá? http://is.gd/cUrgG http://is.gd/cUrh6 #
  • quase 5 Milhões de Eur em Licenças Microsoft só para os Correios? E a crise, pá? http://is.gd/cUt6E #
Posted on

Identi.ca Updates for 2010-06-17

  • @openinformation upgrade to latest release and dare him to try it out for a month 🙂 !ubuntu #
  • ♺ @jneves: Hoje, encontro Ubuntu-PT em Lisboa, 18h30: http://3dho.sl.pt #
  • LoL near perfect hyperbole of Apple fanboys… ♺ (from too many) The Oatmeal: What it’s like to own an Apple product – http://is.gd/cSxWE #
  • WTF? Dia not in !fedora 13 repo?? #
  • @rahulsundaram yum search dia doesn’t show it anywhere! #
  • @rahulsundaram output is sorted, no dia #
  • @rahulsundaram no time to solve this mistery now, already compiled from scratch 🙁 info also shows it, but yum search doesn’t. 🙁 #
  • ♺ @fontana: #Bilski is only remaining #SCOTUS case to be decided from November 2009 sitting. Next day for opinions’s Monday 21 June. #swpats #
  • At a nice meeting with @lopo and other fine people. #
  • Noticing an increase in spam/vírus emails targeted to !freesoftware developers (for now, emails talking about “changelog” — which aren’t). #
  • @rahulsundaram yeah, yum clean all fixed it, though, dia in !fedora repo for me now as well. #
  • Now with whitewash alert! ♺ @anassahmed: Dell removed “safer than Microsoft Windows” from their #Ubuntu Top Ten list: http://dell.com/ubuntu #
  • @bkuhn bad link! #
Posted on

Identi.ca Updates for 2010-06-16

  • Tou? Tou xim? ♺ @JNegocios: PSD propõe possibilidade de acumular salário com parte do subsídio de desemprego http://xl.pt/r/cTFZXm #
  • Outro "acidente"? ♺ @JNegocios: Inscritos nos centros de emprego sofreram maior descida em mais de três anos http://xl.pt/r/cOcXqP #
  • ♺ @wikileaks IMMI has passed! The Icelandic government unanimously supports press freedoms and will put IMMI into law! More soon #
  • ♺ @bjunior: EU’s president talks about the risk of ‘democracy collapse’ in GR, PT and SP. perfect timing #worldcup http://goo.gl/TBGB #irony #
  • @carlopiana: #gwibber should use the keyring! #
  • ♺ @glynmoody: What will Iceland’s new media laws mean for journalists? – http://bit.ly/aPI2ou useful first analysis #iceland #journalism #
  • ♺ @dmaphy: ♺ @robmyers: RT @mattl Sign the FSF petition against ACTA — Freedom, not compromise — http://ur1.ca/0819e !fsf !gnu !lp !dbd #
  • Damn, sorry for the group spam, even if for a good cause… #
Posted on

Identi.ca Updates for 2010-06-15

  • @stephwho: is that per capita ? and still bad ? #
  • @rahulsundaram: but from the end of June onwards Pino will have to implement bullshit security #oauth in order to work with twitter. #
  • @rahulsundaram: well, I plan to drop support for twitter then, in !elmdentica, as they drop support for client applications w’out #oauth. #
  • @rahulsundaram: and I refuse to use any client application that implements #oauth to get to twitter. Bad protocol, deserves no support. #
  • @stephwho: ouch. but still a bit more than the average in Portugal. Perhaps more than fifty per cent higher, not sure of the value. #
  • @glynmoody: techdirt as well. Twitter is going down the drain. #
  • ♺ @jerezim: @FFII backs Parliament Written Declaration 12/2010 on ACTA http://ur1.ca/07ntb Call n0W! #ACTA #wd12 #
  • @ whoeveriscallingme: At a boring all-day meeting, will call you back when I can, you can send me email… #
  • There must be… someway out of here… #
  • May $DEITY bless nearby power plugs and 3G data cards… sad I forgot my development disk at home… 🙁 #
  • @sandersch 🙂 #
  • Hasn’t it yet? ♺ @glynmoody: Oath Keepers and the Age of Treason – http://bit.ly/cCHVU5 not new, but shocking: is America going bonkers? #
  • OMG… how I hate being in here… #
  • ♺ @glynmoody: EU Written declaration 2010/29 is “extending Data Retention Directive cover search engines” fight it – http://bit.ly/c1c68U #
  • @rlafuente depende das datas 🙂 #
  • @rlafuente pois, mas “sábado” != disponível para 600km de viagem #
  • @rlafuente eu sei 😐 #
  • In an extremely foul mood, decided to be as rude as possible replying to stupid people who keep confusing someone’s gmail with mine. #
  • @rahulsundaram you’re not reading @bkuhn’s message: «any org that puts acquisition of wealth above all other imperatives» #
  • @rahulsundaram which is the definition of a commercial org that has shareholders, at least in the USA, for instance. #
  • @rahulsundaram I’m not wearing blinders, I’m pointing out that you’re missing a big point and as such unnecessary confusion and argument. #
  • @rahulsundaram but it is indeed safe to assume that for profit companies work and react like lizzards, centered on food (profit) and danger. #
  • @rahulsundaram where danger is “competition” #
  • @rahulsundaram where danger is anything that reduces food and safety (like competition). Profit quickly escalates to profit at any cost. #
  • @carlg I don’t know about Canada, but a company with shareholders has the legal obligation to increase their profit, in the USA. #
  • @rahulsundaram you are right, however the relation is not one of equivalency. NPO doesn’t mean more trustworthy, but PO makes it less so. #
  • In Prolog (lest I forgot too much of it) PO(A) :- less_trustworthy(A). NPO(A) :- !,trustworthy(A). NPO(A) :- less_trustworthy(A). #
  • I agree ♺ @rahulsundaram: pointing that Fedora’s played that role more effectively than OSI and if list was OSI’s primary objective, failed #
  • Sorry for the contraption of text, @rahulsundaram 🙁 #
  • @rahulsundaram I think that’s on the #tasklist of @webmink, somehow 🙂 #
  • @jwildeboer Listening to Janis Joplin? 😉 #
  • ♺ @pvilela: Lançada edição 12 Revista BrOffice.org (OpenOffice.org n Brasil) http://broffice.org/revista entrevista Rui Fernandes do OOoPT #
  • Any recommendation on a C library for json parsing that’s widely available in !GNU !Linux distributions, specially !openembedded ? #
  • @bruce89 thanks, will check json-glib out. why would you doubt GObject could be acceptable? Any particular reason? #
  • @brandonrunyon thanks, will check it out and probably compare with json-glib #
  • json-c seems more promising for bringing less bagage… #
  • json-c it is, it carries a lot less baggage than glib-json and was quite quick to get the gist of the api. #
  • I like, but it’s perhaps too erudite for masses ♺ @smaffulli: Do you like the new sticker from Defective by Design? http://is.gd/cQEMy !dbd #
  • ♺ @glynmoody: Assassinate a Pop Star By Illegally Downloading #Music – http://bit.ly/at3O79 don’t they realise this is rather fun? #piracy #
  • Bye bye #libxml in !elmdentica, welcome json-c (much, much simpler). #
Posted on

Identi.ca Updates for 2010-06-14

  • @GabrielfSilva: sera um dia de festa. oposicao contra em bloco pode fazer acontecer! #chipespiaoparamimnao #
  • lol ♺ @glynmoody: Music industry lobbyist calls for death penalty for #piracy – http://bit.ly/cjztF3 give them enough rope.. #
  • this means she’s in favour of #swpat ♺ @zoobab Neelie Kroes not against software patents in standards: http://ur1.ca/06nxm #
  • Concordo! ♺ @GabrielfSilva: @RuiSeabra o site do parlamento é uma grande confusão, não encontro os projectos de lei de revogação anunciados #
  • @bkuhn: yeah when I speak about !freesoftware I usually explain that it’s not the immaterial bits that need freedom it’s you,’audience’ #
  • @bkuhn all that’s at supremecourt.gov right now won’t be appended anymore today? #
  • ♺ @mind_booster: New sticker contest winning design | DefectiveByDesign.org http://ff.im/m2Gav #
  • WRT calling just Linux to a GNU+Linux I just wish defenders of the former to be consistent and say Mach rather than MacOS. And less rabid. #
Posted on

Identi.ca Updates for 2010-06-13

  • @glynmoody: twitter is world wide. As such, any hour could be a peak hour in some timezone. #
  • @pietercolpaert: good luck, hope they go well! #
  • Bored, want to go home … #
  • @gbraad: One of my key points when talking about Free Software when kids are involved is how sharing is such an important value to incentive #
  • @dhraak: what you said makes no sense. difference is only PoV !freesoftware !opensource the same. focus on rights vs capabilities. #
  • @dhraak: #swpat hurts all. like a mine field. #
  • @31daSarrafada: ja estao habituados a isso… #
  • ♺ @moryan: #GameofThrones trailer debuts Sunday night before #TrueBlood on @HBO. What I’ve heard about the clip: http://bit.ly/aNTUZ6 #
  • @schestowitz in one of those critical reviews of !Ubuntu !GNU/!Linux a security feature is idiotically criticized. No exec bit on downloads. #
  • freshmeat to close down? I haven’t visited it in years, but I remember the day I had time for a daily check on what’s new http://is.gd/cO33s #
  • @bkuhn: I felt that way at the end of a fantastic #fosdem 2010 😐 #
Posted on

Identi.ca Updates for 2010-06-12

  • @bruce89 yes, talking from heart. only checked it a long time ago when @lxoliva brought it up on fedora-devel. #
  • Em Alcongosta… #
  • @rysiek: I view those kinds of deals as shameful surrender to #swpat #
  • @joseluis: they work for me, in a gprs connection in #Portugal !gnu !fsf #
  • @rysiek: it was very good that Mark gave Microsoft the middle finger 😉 #swpat #
  • @rysiek: it’s a deal, but not necessarily with Microsoft. Wonder if they’re not painting a target on themselves for MPEG-LA gangsters… #
  • Restaurante Mario, perto do Fundao: nao se comeu nada de especialmente bem feito e ainda nos tentaram levar 15 EUR em entradas q nem vieram. #
  • A friend of mine has had is first born this morning at 10:38 Lisbon time. Congratulations, friend 🙂 #
  • To all my followers on Twitter, due to the end of https basic auth in June 30, my Twitter participation will be exclusively write only. #
  • If you want to interact with me, please follow-me on http://identi.ca/ which is a Free (as in Freedom) Software twitter-like service. #
  • It is also where the really cool people are… 🙂 #
  • @brunomiguel Vão tornar obrigatório oauth/xauth para todas as aplicações e acabar com http basic auth o que é uma treta. #
  • @brunomiguel read my analysis here: http://blog.1407.org/2010/06/11/twitter-is-wrong-should-not-drop-https-basic-auth/ #
  • @brunomiguel São bastante broncos. oauth funciona bem para web-apps (estilo twitpic e afins) mas para aplicações clientes é treta completa. #
  • @brunomiguel exactamente, quem utilizar uma aplicação não web que suporte oauth/xauth pode de repente ver mensagens suas a espalhar spam… #
  • @spot will never happen because upstream does not see it as a problem. Firmware separation will have to start downstream. #
  • @brunomiguel neste momento devias conseguir editar…. #
  • ♺ @webmink: Just when you thought it was safe to use IRC: http://icio.us/f3qvek #
  • @homembit: espero q a vossa nos de uma cabazada! ; #
  • @homembit: lol nao ligo muito a football mas nestas alturas fica um inferno por aqui quando ha vitoria… #
  • ♺ @brunomiguel: mostrei o tuxracer a uns miúdos e eles ficaram fascinados. ainda vão usar caixa mágica em full-time no magalhães #
  • @mairin @jjnova the problem with Ubuntu WRT software freedom is that they hide it more and more. pt_PT locale talked about “gratis software” #
  • @mairin @jjnova (at least ’till recently). More: adding clearly proprietary software to official channels, not just merely #swpat encumbered #
  • @mairin @jjnova but OTOH their huge usability efforts were a big platform towards popularity of a (mostly) Free Software distribution. #
Posted on

Identi.ca Updates for 2010-06-11

  • @mjnalmeida: eu pus o OpenVPN a autenticar-se com "tu sabes o que" 😉 #
  • #xauth solves none of the real problems with #oauth. snce «you still use your [oauth] authorised tokens to interact with the API» #bullshit #
  • #xauth, just as #oauth, is bullshit security for client applications. #
  • ♺ @StopActaNow "The Pirate Bay has stolen about 46 times more $ than actually exist on Earth" – #RIAA http://is.gd/ckYxH #
  • @bkuhn It’s good to set goals, I see no problem in #Red_Hat setting it at $5 billion. What one could see a problem with is how it is reached #
  • @schestowitz you’ll possibly like my comments there… #
  • @support I think I found the behaviour that may be causing unecessary flags. I just accidently flagged @zach. #
  • @zach I accidentally flagged you while I was browsing your previous messages in http://identi.ca/zach #
  • @zach as I was about to press the “previous messages” button, the page finished loading and javascript focused on the text entry area. #
  • @zach as a consequence of the page jumping up, guess what button is now *just*under* the mouse pointer? Yes.. flag… #
  • ♺ @mjray: @ruiseabra @support that javascript auto-focus SUCKS and had me too! Either focus when the field appears or not at all, please. #
  • If it wasn’t unethical, I’d just discretionally block the world cup from the company proxy. Unethical colleagues screaming about it. Grrr #
  • ♺ @karsten: Proprietary technology is a waste of money, says Kroes http://ur1.ca/06whd My take on Kroes speech at #OFESummit !fsfe #
  • ♺ @glynmoody: The Rise And Fall Of The RIAA – http://bit.ly/9fLIDE just the facts (and graphs) #music #
  • ♺ @JMF1957: Um despacho que vale a pena ler, o do procurador de Aveiro. http://is.gd/cLTjG Finalmente tornado público. #
  • @jmcesteves: are you Deep Thought 2.0? #
  • @brunomiguel: Obrigado 🙂 podes ir compondo uma lista de blogs a convidar? #
  • @brunomiguel: wiki! #
  • @brunomiguel: mudaste de user? #
  • ♺ @mjvalente: Iceland passes gay marriage law in unanimous vote | Reuters → http://drp.ly/1aZNc9 #
  • @mairin: to be honest, !fedora already does compromise quite a bit but certainly less so than !ubuntu room for improvement on both of them! #
  • @brunomiguel se puderes tentar agora 🙂 #
  • Perto de Alcongosta para a Festa da Cereja… viva as pens 3G #
  • @gbraad One easy package that comes to mind is Linux (rpm -ql kernel does show some blobs…) but much better than ubuntu in this regard. #
  • @gbraad yes, but it’s waste of valuable developer time not having linux-libre as an alternative kernel in !fedora repos. A foreign repo too. #
  • @gbraad bugs should be filed 🙂 #
Posted on

Twitter is wrong: should not drop httpS basic auth

As some of you might know, I write a µ-blogging tool called elmdentica. It is a client side application developed with Elementary, an EFL library oriented towards small touchscreen interfaces. I only recently learned that Twitter is dropping Basic Authentication support coming next June 30th. They claim it’s insecure because:

  1. with http credentials go in the clear (no problem here)
  2. with https, some people may think it’s too expensive (only complete idiots)
  3. applications have to store user credentials locally

As an alternative, they are making oauth mandatory for APIs that need authentication. While their reasoning may make sense in the context of massively concentrated web applications (think Twitpic and similars) this is absurd for client application like those running in your cell phones or computers.

Let’s take a look at the problem…

oauth gives you a consumer key and a consumer secret that authenticate your application. They don’t authenticate the user, they prove Twitter that you’re a legitimate and registered application.

If both key and secret became public, anyone could make an application pretending to be yours. While someone making a clone of your program isn’t a real problem, if someone writes a trojan horse… then there could be a problem, no?

Well, with oauth, both key and secret need to be known by the application during run time. So at any given moment, the computer running your application will have these two important assets. Either because they are embedded in your code, or because you download them live from a site. The fact remains: they are for all practical effects no longer secrets.

In web applications, no user accesses the only running copy of the software holding both key and secret, so oauth works there.

What about xauth?

I haven’t read much about xauth but after reading this page explaining what xauth is, I’m absolutely convinced the problem remains and wasn’t even tackled. The only issue that was solved, by requesting an user’s login and password only once, without need of local storage or visiting a web page, was an usability issue for client applications.

The real problem is still there, so Twitter is wrong and should not drop Basic Authentication from the https interface.

If they do, elmdentica will very likely not work on Twitter anymore. I don’t care much about that, but the users of elmdentica may care. That pisses me off.

What now?

Fortunately, there is a better alternative to Twitter if you value software freedom called identi.ca. More than just using, you can have your own “Twitter” by installing the Free Software that makes identi.ca, which is StatusNet.

At least they have no plans of dropping Basic Authentication. Hurra!

Posted on

Yes, it’s you. But only you…

I posted the following as a comment at some guy’s blog who claims he’s parting with the FSF because of their “hate speech”. I find it so ridiculous that I commented, but then later on thought I should actually make it a blog post. So here it is:

«If you want people to adapt your ideals or products you gotta show them why they are better than what they have been using: Tell them about the brilliant things they get when they use your stuff, tell them about new possibilities

They do just that. When you claim such a thing, I can only guess you never ever heard or read one of Richard Stallman’s speeches.

Campaigns like DefectiveByDesign or Windows7Sins are *very*small* things compared to the rest.

That you should choose your position over them rather than the whole, and totally demonstrate you missed the point of software freedom, is really revealing that you don’t give a damn about your community‘s software freedom.

You just want, like a spoiled child, to run all the software you want at your will, regardless of whether you’re infringing the law.

Want proof? Nothing easier… I’ll just take your own words:

«The FSF should focus on outlining what positive  things a new users gets from FLOSS: Tell people about VLC that allows them to play basically every type of media without hassle

Well, this is false. Many types of media supported by VLC are encumbered by software patents. In the USA, in particular, doing what you “preach” could become a very concrete and real legal liability: they could be accused of enticing people to break the law.

Is that what you think the FSF should be doing? Really? Or you just never sat and thought things through?