Cyber Intelligence Sharing and Protection Act which would enter U.S. law if passed, the House of Representatives will be voting on this in the next few days. There are many flaws with this, the EFF has a good FAQ about CISPA. In short it gives power to private companies to share their user's data with 3rd parties whenever they feel like it. This concerns anyone who uses an American company for anything from forums to email and so on.

Obama promised to veto it which could mean he'll actually sign it and say he has some reservations, a bit like with the NDAA.

We Don't All Live in America

There are a few Internet defense organisations based in the U.S.A., many do a brilliant job of gathering informations and breaking them down, investigating and so on. They often will have an option for non-Americans to participate, which is cool. Yet still, the whole thing feels way to America-centric and non-Americans have their own problems too, problems that these organisations do not address unfortunately.

As a non-American, it's perhaps time to stop playing along with American laws/bills and all their protests and petitions. These things just come back over and over again, that's how it works. People invest so much time reading about the new amendments, signing petitions, discussing these things on forums and chatrooms, but in reality it feels more like a big waste of time and energy. Time that could be spent actually doing things.

Actually, Most of Us Do Live in America, Virtually

There are 1 billion active Facebook users (according to Pingdom 2012 in numbers) out of 2.4 billion Internet users. If you want to know what people are thinking and doing, design a law that lets you into the Facebook and you have access to almost 50% of the world's profiles.

Facebook is an American company, if you are a European with a Facebook account then your profile is subject to American law. Even if your data is stored on a server located in Europe. In this case a part of you lives in America.

Facebook is obviously just one example, the same applies to any and every American operated Internet service, so Google, Hotmail, Twitter, Reddit, and so on. Even DuckDuckGo. Within the lot there are some companies that are more or less "good guys", others may be submissive and silent, in the end they are all subject to the Patriot Act and other goodies.

You may be interested in reading Safe Harbor: Why EU data needs 'protecting' from US law.

What Else Can I Do Besides Sign and Tweet ?

CISPA and many of its friends exist only because the overwhelming majority of Interweb users use centralised services. The problem is that almost everyone uses the same communication tools. This makes it easy to design laws that would target them and exploit their already exploited users. And that's what they do.

If the majority of users used their own servers all these laws would be very hard to implement. It would require actual work to start gathering a user's profile, so much that it would probably only happen when it's at least somewhat justifiable.

Running your own server isn't half as complicated as it sounds, I wont go into details here, but there are tools that make it easy (DISS for example, maybe not the best, but I tried at least). The ideal is to do this with friends and provide email services to your family and friends. Cheap and reasonably reliable servers exist and can be found under 20 euros a month even, they could host quite a few users.

All those Internet defense groups should be promoting self hosting, when they do that I will take them seriously.

If you are American it is possible that by violating the Terms of Service of a website (which constantly change without warning) that you are a criminal. With that in mind, here are my Terms of Service: By visiting this website you are exceeding your authorized access. Therefore you are a criminal.

Of course this is a slight exageration, yet in practice the CFAA is unclear and as interpreted would make the Terms of Service of a website an amendment to current law for the user of a website. For example if a website says that you must be over 18 to view the content, then by doing so at the age of 17 you are breaking US law, not just the terms.

With that in mind the terms could contain anything, there's no reason to dismiss absurd terms which may regulate how you may view the site, for example the terms could state that using Ad-Block is forbidden, or even using certain browsers why not. Facebook (and many others) state that you should never give your password to anyone, by doing so you could be found guilty of breaking the law.

I think the terms should remain a private agreement and should simply allow the website owner to deny access/service and/or delete posts from a user, why not. However considering the Terms as an amendment to the law is so insane it's insane.

Further reading:

• Are You A Teenager Who Reads News Online? According to the Justice Department, You May Be a Criminal
• Rebooting Computer Crime Law Part 1: No Prison Time For Violating Terms of Service
• Take Action via EFF (for Americans mostly I guess)
• Fix the CFAA (another link to an EFF site)

Click here to sign the Defective By Design petition

The discussion about implement DRM in HTML has been ongoing on the W3C mailing lists for a while now. Sometimes it seems more of a flame war than others. Companies like Netflix, Microsoft and even Google are trying to push for a standard that would allow the content distributors to control the user's usage of the delivered content.

It's called Encrypted Media Extensions and it says this: This proposal extends HTMLMediaElement providing APIs to control playback of protected content.. They would like to have a standard method for controlling your usage of their content. This means things like restricting users from even being able to pause a video, fast forward/rewind and of course restricting users from recording the content to disk.

I don't see how it would be possible for a user to have a 100% Free and/or Open Source browser that can access a video but yet restrict the user from doing certain things. Or the browser could be Free but then the user would have to install some proprietary piece that will work with the HTML spec to then restrict themselves.

Currently these things are done via non-free plugins such as Flash or Silverlight, maybe also with Java but you really have to be made of hate to make a restricted video player in Java.

The problem that the "content" industry has is that these proprietary plugins are dying, they are limited in adoption, function and they are not optimised for performance. They are a pain in the class (programming joke, sorry). Hence the dream of making DRM part of the standard.

Anyway, I don't see why such a specification should be part of W3C's standard. Those that want to restrict the usage of user's computers could simply get together and create a communal plugin, like Flash or Silverlight, but better and standardised, if they want, even open-source. But in the HTML spec, there should be no effort made to help people restrict users. That's not the point.

Please sign the petition by Defective By Design against DRM in HTML. Indeed, this is defective by design, in so many ways.

The more time goes by the more I feel money is not only evil, but also a device that is blocking our society from evolving properly. I'm sure everyone does at some point. I wanted to write a complete and long post about what I think, but that might take years before it happens. So I'll just write a few things when I can, like now.

To me money is like religion.

If religion has any practical purposes it would be to help people cope with living in a world they don't understand, but also to help create a sense of fairness, community and order. Even if the intentions where initially good, it obviously got out of hand. Religion has been used for a long time to control people.

Money's practical usage is to enable people to exchange services and goods in complex and indirect ways. Barter can't work in our world for this purpose.

The problem with money nowadays is that it is completely disconnected from any kind of reality. What most people earn has nothing to do with the hardship they put in their work. How can some people earn 100 times more than others ? Do they work 100 times more ? What about those with 2 jobs who still struggle to pay their bills ? How does that work ?

The financial crisis and the economy are also a fun couple who have nothing in common. While we produce way more food and iphones than we could ever consume we still manage to have people who can't afford food or iphones.

The only sense I can make out of this is that money is a way to control people. Money is what allows our society to keep everyone scared and working hard. Most of us benefit from it, but not nearly as much as the very few that pull the strings. The dream of climbing up the societal ladder (which strangely reminds of something very biblical) is there to keep everyone's faith in working order.

Religion can only have any effect on society if enough people believe in it. It's the same thing with money.

Update:I feel a need to clarify thoughts on religion. This post isn't an attack on people's personal belief in any religion. I understand that religion can help certain people cope with the unanswerable questions, I also don't think that attacking people's beliefs is constructive. However I think the authority that can come with certain ways of practicing religion has been used to control populations.

The other day I finally got to see Louis CK live, at the o2 (which is a shitty place for comedy). One word: Hilarious.

So there, we're even, I downloaded his stuff without paying, but then I got a bunch of friends who never heard of him to go watch his show. And they enjoyed the shit out of it.

If you haven't heard by now, then here's the news, Ubuntu is developing their own display server (Mir) to replace X. The fun part is that their already is a replacement been under development called Wayland.

The result of this has been a bit of drama. On one side there's the Free Software and Open Source community wondering what's the purpose of writing their own new display server when there's already a replacement under way. On the other side Ubuntu (or should I say Canonical LTD) explains why not Wayland. I'll admit I didn't really get the explanation but the fact they mentioned "user experience" (twice) as being half of the reason leaves me unconvinced. It sounds more like marketing talk rather than technical and/or practical explanations.

Regardless, Ubuntu and Canonical can do what they want, it's obviously their right to freely develop the software they desire. However work on Mir has been ongoing in secret for about a year, they have not communicated with those working on Wayland. Because the software is Free it's more productive to seek a more economic route, on a development time point of view as well as device support. Perhaps Canonical's idea of a display server is too deeply different to be able to share anything with Wayland, that's always possible.

Driving me 3D

Many suggest that Nvidia, AMD and others will develop proprietary drivers for only one display server. If so they would probably only do so for Mir because Ubuntu will use Mir and Steam runs on Ubuntu (mainly) and that's where the non-Windows gamers are most numerous. This could also impact other usages that may require proper graphic controller drivers.

This would be perfect for creating a divide between GNU/Linux and Ubuntu. If Mir actually works then GNU/Linux users may have to dual boot with Ubuntu to play games or use certain programs that will only work with the proprietary drivers (that may depend on how Ubuntu deals with Restricted Boot).

Total Control

It seems as if the primary goal of Mir is for Canonical to have total control over the display server, like with Unity. It can be easier to implement new cool things just like it's easier for Ubuntu to implement profit generating software for Canonical (the Isle of Man based company behind Ubuntu) like the Amazon desktop search.

Yes Mir and Unity are Free Software, however they are the only ones using it and the development isn't always done in the open. To really know we'll have to see where it goes, but for now I am suspicious about either hidden "features" or even non-free bits that may be needed to comply with Steam, Nvidia, Spotify and/or others willing to work with Ubuntu to get their proprietary and DRM'd products on "Linux". I wouldn't be surprised if Mir has been developed to conform to DRM, that would explain "why not Wayland" much better.

Ubuntu has seduced many advanced users who in turn have helped novices into operating a Free system on their computers. Even I have told friends who aren't computer proficient to try out Ubuntu, because it was easy. Then I read what Mark thinks the 'leet' think: ‘Linux is supposed to be hard so it’s exclusive’ is just the dumbest thing that a smart person could say. I've never heard anyone say such a thing, so yes it is a dumb thing to say. This feels like a way to divide the community into those who enjoy raw computing, making them appear as condescending, stubborn and elitist and those who want their computers to "just work". The truth is that the real '1337' wants GNU/Linux systems to be easy and adaptable to whoever the user may be. Gentoo is easy for those who want to compile everything all the time, they made even that kind of computing easy. I use Debian because it's easy, really it's the lazy admin's choice. I don't think there's a distro out there trying to make using GNU/Linux difficult.

Maybe the oversight that comes from the "leet" users is something that doesn't always help Ubuntu's image and perhaps it's time to shake off these drama loving idealistic hippies who helped make Ubuntu popular by bringing their non-geek friends to the club (and helping them find workarounds that were necessary to make Ubuntu work).

I feel that the Ubuntu Community is becoming less important to the Ubuntu project, now it's Canonical that counts most.

Community and Corporation

Further down in that that same blog post from Mark, which was originally about release frequency, he takes a little dump on "pure community": There are lots of pure community distro’s. And wow, they are full of politics, spite, frustration, venality and disappointment. Obvious response: doesn't that sum up Ubuntu ?

Mark then suggests that a GNU/Linux distribution needs a private company because without corporate leadership Free Software projects can't function properly. In fact, in most of the pure-community projects I’ve watched and participated in, the biggest meme is ‘if only we had someone that could do the heavy lifting’. Ubuntu has that in Canonical – and the combination of our joint efforts has become the most popular platform for Linux fans. It's funny because Ubuntu highly relies completely on a 100% community driven project (Debian), it's been stable enough to base their whole distribution on it. It's funny because Ubuntu runs almost entirely using software from non-Ubuntu projects, many of which are corporate-less.

And also, Saying that Ubuntu is the most popular platform for Linux fans is like saying the Toyota Camry is most popular car for automobile enthusiasts.

Even finding the word "Linux" on the Ubuntu website isn't easy, it's mostly reserved for the FAQs and help pages, it's even worse for the term "GNU". Ubuntu is not for "Linux fans", it's for people who want a Free-ish system to be made easy (nothing wrong with that).

Personally I really admire projects that have no corporate control, generally their software is user orientated and has no benefit in deceiving its users. You also get to avoid things like the MySQL fiasco... .. .

iUbuntu

Now that Ubuntu has gained sufficient momentum it is time for them to leave their core users, the "Think Different" users, and go for the mass. Canonical realises that if they want a phone company (device or service) to distribute their OS, they're going to have to make some dirty deals. Deals that will compromise the Freedom of the user.

There are too many emails being sent from donotreply@domain.tld addresses. These addresses explicitly don't exist and/or will not accept emails, yet they are the sender/replyto of important emails like order confirmations and what not. I've recently seen this for domain name transfers.

Emails from such origins should by logic be refused or classified as spam. There is no way for the user to respond to these emails. Email was not designed to send emails on behalf of non-existing or spoofed senders. RFC 5322 clearly states: In all cases, the "From:" field SHOULD NOT contain any mailbox that does not belong to the author(s) of the message. In most cases the donotreply address does not exist and hence cannot belong to the author(s).

Sending emails from an address that is not yours is called Email Spoofing.

Breaking Email Delivery Notifications

Another point is breakage, if the email cannot be delivered there is no way of alerting the sender, bounces can not be routed anywhere. This breaks "email" out of pure contempt of the receiver. The sender does not give a flying crap if the receiver gets the email.

This is the equivalent of a merchant dispatching packages with no return address.

If the email can't be delivered nor bounced, nobody will ever know about it, this is only suitable for spam, not for important emails being sent to your own customers containing important information.

How To Make Things Worse

I received this email for a domain name transfer (for a client) from do_not_reply@ns-not-in-service.com, they've combined the "donotreply" with a dodgy domain name that is not related to anything the client knows of. It also contained a link to webpage on yet another domain that the client has also never heard of, opensrs.net (the 'Whois' details shows EPAG Domainservices, I would have at least expected an email from them or the reseller).

The domain ns-not-in-service.com belongs to Tucows which is a known company, yet they managed to send an email that looks exactly like a scammy phishing mail. Everyone (client and I) thought this was very dodgy at first sight, after investigation it's just a bunch of companies who despise their clients.

By the way, OpenSRS has been informed about this issue almost 4 years ago and they said they'll see what they can do. Nothing. That's what they can do.

Why ?

Why has it become so outrageous to send an email from a sender that can be replied to ? Why take a legitimate email and make it look so fraudulent ? What is the goal besides accustoming users into believing that everything is legitimate ?

If senders of emails remove the possibility of any reply, then they do not deserve to be read.

While playing around with the menus (some minor CSS3 effects) I realised it would be possible to make some sort of Etch A Sketch. Maybe not quite as good, nor as magic. But it's still fun and takes just a few lines of CSS to be added to some basic HTML divs.