On a beautiful Sunday morning, I have to link to this bit of ugliness on the illegal bulk data collection by the Canadian spy agency, CSIS. Only a handful members of government knew about and it was only revealed because of a court case.
From the article:
Many corporations and government agencies are now gravitating toward so-called big data computer analytics that can predict patterns of future behaviour based upon records about what has happened in the past. Spy agencies are no different, and the centre in question appears to be the Canadian Security Intelligence Service’s equivalent of a crystal ball – a place where intelligence analysts attempt to deduce future threats by examining, and re-examining, volumes of data.
Continue reading “Canadian spy agency, CSIS, uses illegal bulk data collection to subvert Canadian freedoms”
Check it out, it’s a hackathon for SecureDrop, the software that Aaron Swartz worked on to give whistleblowers a secure method of dropping off files to newspapers on the web. A lot of news organizations have a SecureDrop website that can be accessed through Tor to hide your IP address. Excellent piece of software to hack on.
The hackathon is on Saturday November 5th and Sunday November 6th in San Francisco. Aaron’s 30th birthday would have been next week Tuesday, November 8th.
There are also speakers scheduled after the first day of the hackathon.
Now a bit about Aaron Swartz. He co-authored an early version of RSS and helped launch Creative Commons, and worked on a piece of Python code called web.py (which was one of the web servers Reddit used).
Aaron Swartz’s ideals and all his awesome hackery and coding to support them is something we can all learn from. Instead of simply discussing and debating endlessly, he would at some point sit down and write new tools to build a better future. SecureDrop, Creative Commons, they are all tools in support of the open web, and fundamentally in support of freedom.
SecureDrop is possibly the most important software. It lets journalists receive data from whistleblowers securely. Among the news organizations using SecureDrop are The New Yorker, the Washington Post, VICE Media and the Globe and Mail.
So if you are in San Francisco check out the hackathon. If you are anywhere else in the world, you can still work on SecureDrop, just fire up your favourite text editor and download the code.
The librsvg is going to be slowly converted to Rust.
This is exciting news for developers who are looking to learn Rust and it’s exciting for the free/open source software community. Librsvg is used by Wikimedia to render SVGs on Wikipedia, a fairly vital tool.
What’s exciting is that librsvg has received bug reports for bugs that are related mainly to the use of the C programming language:
Every once in a while someone discovers a bug in librsvg that makes it all the way to a CVE security advisory, and it’s all due to using C. We’ve gotten double free()s, wrong casts, and out-of-bounds memory accesses. Recently someone did fuzz-testing with some really pathological SVGs, and found interesting explosions in the library.
So it will be interesting to see how well Rust can prevent these sorts of errors and how easy it will be to port a C library to Rust.
In the article there’s an example of converting C code to Rust code. Very cool and looking forward to the results. Hopefully this will encourage more open source developers to pick up Rust alongside C!
In August I published a blog post on the TechBridge Makerspace’s IndieGoGo campaign to raise funds for an Alberta, Canada makerspace. The makerspace at the time had raised $4080 and now that the campaign is closed I wanted to give everyone an update on how well their campaign did.
The TechBridge Makerspace has raised $5140 CAD! Very awesome that people donated to them. Not only are makerspaces cool and provide accessibility to 3d printers and other technologies and knowledge, they’re also a way of propagating the culture of hackers and makers, the curious inquisitive nature of hackers who want to explore technology and its possibilities.
Because the IndieGoGo campaign was a flexible goal, TechBridge Makerspace has received all the funds that they raised. $5140 CAD is enough for them to buy some of the equipment that they wanted to get.
Click here to find other makerspaces to donate to.
In this article, Paul Rosenberg explains the problem with how the cryptography debate is approached by technologists and pro-crypto and pro-privacy advocates. To refresh your memory, the FBI tried to force Apple to give up security keys, while the NSA has continually tried to break encryption algorithms. One side wants to weaken encryption so the government always has access, another side wants to weaken encryption on a case-by-case basis to give government access, and a third side wants to keep encryption strong even if it disallows all government surveillance.
The problem, according to him, is that the debate is approached by the third side, the pro-privacy side, with emotional arguments about whether politicians know enough about technology to even be proposing laws related to encryption, and that anti-privacy politicians just want to build a surveillance complex to benefit their pals in the surveillance industry. Furthermore, cryptography is presented as an all or nothing affair, it works or it doesn’t.
Mr Rosenberg argues that this approach is not helpful because it does not approach cryptography realistically and does not go deeper into the details, details which politicians and other people need to be informed on this debate.
The unique approach is to elevate the debate to a debate about government regulatory powers, especially their control over freedom of speech and freedom of expression.
Continue reading “A Unique Approach to the Cryptography Debate”