Diane Trout firstname.lastname@example.org
By day, IS generalist for an biology lab currently working on ENCODE, speciallizing in the python scientific stack. By night, trying to contribute to Debian and KDE. Also easily distracted by various kinds of role playing games.
- Surveillance trade offs:
Today my partner got a message from InstaCart telling us a food product had been recalled because of an unexpected peanut contamination. That could honestly be a really important notice for someone.
But then I also saw this law suit over on twitter.
Bose Corp spies on its wireless headphone customers by using an app that tracks the music, podcasts and other audio they listen to, and violates their privacy rights by selling the information without permission, a lawsuit charged.via https://twitter.com/zeynep/status/854781604845281281
The complaint filed on Tuesday by Kyle Zak in federal court in Chicago seeks an injunction to stop Bose's "wholesale disregard" for the privacy of customers who download its free Bose Connect app from Apple Inc or Google Play stores to their smartphones.
Perhaps the problem isn't surveillance but the lack of power to hold business & state entities accountable for abusive practices.
Mike Linksvayer likes this.I agree that "lack of power to hold business & state entities accountable for abusive practices" is a problem, but it's not clear to me this story is a datapoint in favor of that sentiment...we'll see how the case coms out:
Zak is seeking millions of dollars of damages for buyers of headphones and speakers, including QuietComfort 35, QuietControl 30, SoundLink Around-Ear Wireless Headphones II, SoundLink Color II, SoundSport Wireless and SoundSport Pulse Wireless.
He also wants a halt to the data collection, which he said violates the federal Wiretap Act and Illinois laws against eavesdropping and consumer fraud.Dore, a partner at Edelson PC, said customers do not see the Bose app's user service and privacy agreements when signing up, and the privacy agreement says nothing about data collection. Edelson specializes in suing technology companies over alleged privacy violations.
When will someone demand, in addition to remedies like halting data collection and monetary damages, source code for all affected products, under an open license, so that consumers can use a different vendor to fix their products, rather than the one that has voided their trust.My more paranoid tendency is to go in to a store and pay cash for things, which then avoids several easy options for profiling my purchase history...
Buying something though a web or app is logged and is tracked... but sometimes that tracking is helpful. (with warranty or product recalls)
and you're right, being able to customize the device with a different FOSS would provide the user options to protect their data.
- FWIW I upgraded my pump instance to 4.0.0.beta5.
Seems to be mostly working.
- New blog post, I confess to not reading my email, and link to a presentation by a #noemail early dropper. http://ghic.org/~diane/put-your-hand-in-the-inbox.html
- Google talk s2s federation is scheduled for termination on Jun 26.
Weren't we just wondering why it was still around?
There are a couple of projects to speak the hangouts protocol that might be usable as a gatewayShow all 5 replies
I have just a couple @gmail.com contacts on my Jabber roster. One of them already registered a real XMPP account a couple weeks ago for different reasons, and the other one is a family member who I was thinking of moving to a serious XMPP server anyway, since, really, very few servers keep the broken security needed to keep in touch with stupid Gmail...
Claes Wallin (韋嘉誠) likes this.
- I've been thinking about email for a while, and decided to start writing some of those thoughts down. http://ghic.org/~diane/what-about-email.htmlShow all 8 replies@clake as for "most email goes through gmail"
Maybe most person to person email touches gmail.
But I get a lot of notification emails that never touch gmail. Twitter, and github send messages directly, several newsletters are either direct or via a service like mailchimp.
It's because of "transactional" messages like these that make it hard to completely opt out of email
Claes Wallin (韋嘉誠) likes this.
>> Diane Trout:
“@email@example.com I haven't managed to figure out how to subscribe to someone over Google's s2s connection since they deprecated it. But people I subscribed to prior to the spam waves still work. They didn't remove it must made it really hard to use”
Well, first they'd need to be using their account from a standard XMPP client, or set GMail's web interface chat to "Classic" or "Old" or whatever's called.
Bonus points if the person doing that gives them feedback to going back to """old chat""" such as "I want XMPP federation, not Hangouts silo" ;)
Secondly, as you probably know, your server would need to have very lax encryption settings. I don't recall the exact name of the things, but something that most XMPP servers agreed to require back in 2014 or so, that GMail, of coooourse, doesn't.
So yes, Google made it quite hard to use. I wonder why they didn't just kill it completely...
Well, at least prosody allows you to add a whitelist of servers for which strict verification of SSL is not enforced (and comes with gmail.com as the example content), so it is possibile to talk with people on gtalk without having to allow substandard settings with everybody else.
It's definitely not something that I'd like to depend on, however, just something that currently makes it somewhat easy to have a migration plan to something else that doesn't require to be all-or-nothing-now.
- I discovered a bad thing about Emacs.
Control-/ is bound to undo and one of my cats can stand on "Control", "/", ".", "left arrow"
Two seconds undo with the occasional cursor movement made a mess of about 5 minutes of editing
LUCKILY! You can get it back! Emacs' undo history provides a very nice system of both undo and redo.
Try typing some text, or doing some various complex things, then type undo a few types. Now move the cursor, or do something that "interrupts" a sequence of undos. Now start typing undos again. You're now reversing your undos!
The emacs manual includes more information on undo/redo... it's a pretty nice system. Of course, like anything in emacs, more can be done.
- The simplest thing I could think of to help fight XMPP spam is a shared blocklist, and a utility save, merge, and upload ones block list.
There's a little network of xmpp spammer lists at these repositories https://github.com/detrout/XMPPSpammer
I have a small bit of code using sleekxmpp to download the block list. I next I need to get it to update the list on the server
Though what was most effective for me was blocking a few domains, which unfortunately requires administrator access.
- Grumble. Stupid Russian mafia computer criminals, This is why we can't have nice things.
I've started getting SPAM on my jabber server, some open XMPP servers have unrestricted registration, which is only slightly less bad than running an open SMTP relay.
Unfortunately the easiest solution is to blacklist domains generating a lot of SPAM. Which of course breaks federation.
Christopher Allan Webber shared this.Show all 12 replies
I feel your pain but in a different direction today.. Getting a lot of backscatter email because some asshat is using my address in their spam.
On the XMPP side I had to shut down the Proxy65 part of my XMPP server because it was being abused and Eating tons on bandwidth. But that was a while ago now
Diane Trout likes this.@freemore I too hate backscatter email. I set some pretty strict SPF rules on my domain which cut down on the backscatter, Though I still need to learn how to set up DKIM and DMARC.
Thanks for mentioning the Proxy65, I have that installed, and am not sure if its being misused, so another set of ACLs to go check.
- Ok Win10 that's a good idea.
The task manager shows breakdowns for CPU, Memory, Disk and Network both a total and per application.
On desktop Linux its hard to get per application disk and network utilization
- I was helping archive some data for https://github.com/climate-mirror/datasets and wondered how would someone know if a DIY data mirror hadn't tampered with the data.
Best I can think of is scientists really should sign their data.
Perhaps data producing projects should generate indexes of files containing a couple of high quality hashes and then have several project members gpg sign the hash index.
2016-11-17T03:55:46Z via AndStatus To: Public
A long list of things to do as a community to help resist hate groups, from the southern poverty law center https://www.splcenter.org/20100216/ten-ways-fight-hate-community-response-guide
Stephen Sekula likes this.
Stephen Sekula shared this.
Thanks for sharing this, Diane. I've been watching some hate-based events unfolding at my own University, and the student and faculty community (led by the students) has so far responded wonderfully, doing a lot of the very things that SPLC recommends.
Diane Trout likes this.
- I was thinking about the how hate groups and bot harassment cause serious problems on twitter. The problem of harassment is likely to be even worse for decentralized tools like pump or blog comments.
I've wanted a way to restrict participating users to those who are likely to behave reasonably, without me having to moderate hate-speech comments.
One idea I had was to use https://shibboleth.net/, it supports a form of curated federation. Federation members download a signed configuration file that lists the approved identity providers for all the members.
One nice thing about shibboleth is that the identity provider site can control how much information is shared, and it can be as little as "yes the user is a member of our organization". This is a lot better than WebID (and probably Oauth) where you always get something like their home page or email address.
The current users of shibboleth are mostly research & higher education, so for instance there's the US InCommon and the European eduGAIN federations which are also trying to work together, but since their professional they have professional fees.
I was imaging the free software volunteer world might form its own federation. So we might start with technical groups like a federation between Debian, Fedora, FSF, Apache, and Python foundation.
If it works then perhaps it could be extended to support other less technical civil society groups.
I was hoping that by restricting access to groups that have a process to vet their memberships and are willing to kick people who are sufficiently obnoxious we could make it harder for trolls to slip in and attack people
(or prevent spammers to just drown useful discussion).
Though the more anarchistic types would probably still dislike that this gives groups power over them.
Anti-Trump protests in Los AngelesAlso from twitter: https://twitter.com/sandyherr2/status/797625070134771713
"Wilshire Blvd LOS Angeles Closed for Protest, INCREDIBLE SITE. PROUD OF THEM ALL"
Dana likes this.
Dana shared this.
Oakland anti-Trump protestCalifornia does not like Trump.
From twitter. https://twitter.com/Bill_Palmer/status/797944601638223872
Post said human chain 3.5 miles long
- Though to be fair, for some people I might currently recommend non-free software.
I realized Office 365 is probably a good choice for people who still email attachments, because opening potential mal-ware on someone else's computer is probably safer for the recipient.
All of us who work in the production and dissemination of information need to engage in a serious reality check.We need to think about her research.