Discussion2011-06-08-freedom-vs-power.en
Wed Jun 8 23:05:18 2011
I just published Freedom vs Power, in which I explain the differences between freedom and power, rights and privileges, and how copyright and copyleft relate with that.
So blong...
2010-08-10-what-would-you-do.en
Wed Aug 11 04:43:43 2010
This Tuesday morning, I went to bed carrying the weight of an experiment that gave me a temporary balance of almost BRL 10 billion (about USD 5.7 thousand million) in one of my bank accounts. Seriously. No wonder I couldn't sleep very well. I kept thinking how the day would end, and that was before it occurred to me that it could have been far, far more. If you found out a way to have a virtually unlimited supply of money for a day, what would you do?
Irrelevant details
Let me backtrack for a bit, but feel free to skip the net banking technical details straight to the next section. I've never thought of myself of a great software tester, but my track record of locating implementation flaws in Internet banking systems, out of black-box observation of the system behavior, has been pretty solid.
Last year, I wanted to invest in some funds at one of the banks in which I have an account, but the entry barrier was a bit more than I wanted to invest in them. I figured I could put the money in and take it out on the next day. However, once I put the money in, the option of scheduling future operations on that fund became available. I was about to schedule a withdrawal, but then I wondered, what if I told the system to add the exact amount I wanted to invest in that fund on the next day, and then I canceled the first operation? Without much to lose, I gave it a try. In spite of having canceled the initial deposit, the subsequent one was accepted, even though it was below the entrance barrier. Cool, eh?
At another bank, I found out I could perform both operations on the same day, because it accepted more than one operation per day per investment fund. Quite useful for investment funds with high entry barriers and long periods of retention. I didn't quite expect the bank to honor those investments, I discussed the situation with the bank managers, but they didn't seem too concerned. “No harm is done, so, if the system lets you do it, by all means, go for it”, both said.
It was at yet another bank that I ran into a far more disturbing flaw, also last year. It permitted even initial deposits to be scheduled for future dates, but it was robust enough to prevent the trick above. However, one day it happened that I had scheduled a withdrawal from one fund and a deposit to another fund for the same day. The deposit wasn't performed, presumably because the bank system attempted to process it before the withdrawn funds were available. I.e., it didn't find enough funds for the operation, so it didn't perform it. That behavior sucks, but that's not the really interesting part.
The interesting part was that I then canceled the scheduled operation, to perform it manually at a time I could see the funds were available, and I was surprised to find that my balance was still the amount I intended to invest. Looking at the transaction log for the day, I saw an entry that credited that amount, which was supposed to cancel the debit that it hadn't performed. I took note of it, mentioned it to the bank manager, and didn't think back of it. I couldn't believe that balance would survive long and, indeed, it disappeared overnight.
Last week, I had an identical situation occur to me, and I was surprised that the problem hadn't been fixed after so many months. Annoyed that the operation I'd requested hadn't been performed, I canceled it, performed it manually, and then, just to vent out my frustration, requested another investment using the virtual funds I'd been given. I told the bank manager what was going on, got a call from some technical person to whom I described the bug in more detail, and relaxed. I had been told just a week before that investment requests that would get me to a negative balance wouldn't be honored, so I was pretty sure at least one of the two requests would bounce. Surprise! It didn't, and the next day I had a very negative balance.
Megabucks out of thin air
Once I came up with a plan to restore my balance, I wondered how far the bug went. I visited the web site and scheduled for the next business day (today) an investment of the highest amount possible: BRL 9,999,999,999, and told the bank manager about it, asking her to cancel it if it would cause any trouble. This morning, I checked that the operation hadn't taken place, and it was still there, so I proceeded to cancel it. And then I laughed for a couple of minutes as I saw a balance of nearly BRL 10 bi on my account.
I sent another e-mail to the bank manager and crashed in bed. I started to worry that the police might show up; that the bank manager hadn't seen my e-mail the day before and couldn't cancel the operation, and it would cause some big trouble for the bank; that the bank was going to call and offer me all sorts of investment opportunities; that I'd run into another bug because of such a huge number, and then it would overflow and I'd be stuck with insurmountable debt.
While I agonized over it, I realized I hadn't explored all the possibilities. I had scheduled only one operation for that day. What if I scheduled many? Say, with a few dozens of such operations, at USD 6 bi a piece, for nearly 24 hours I could be “richer” than Carlos Slim, Bill Gates, Warren Buffet, Larry Ellison, Eike Batista and the other top 10 richest people in the world, plus the family that owns WalMart, all together.
I sent yet another e-mail to the bank manager, but before I decided whether or not to give that a try, the bank called me back this afternoon and told me they'd fixed the bug, and the fix would go live overnight. The anxiety and the excitement were over. I still had a balance of BRL 10 bi for some 12 more hours, but, put in the perspective above, it didn't sound like a lot any more.
Facing the moral and ethical dilemma
Only then did I start wondering what good could I have done if, instead of being honest and helpful to the bank, I had taken advantage of the bug to get as much money as I possibly could and do good things for humankind.
I would have to give up my life as I know it, and have to live on the run or even put an end to it, without any certainty that the good I'd tried to do was carried out for good. Assuming, of course, that the attempts to transfer any significant fraction of these funds out of the bank before the end of the day would even succeed rather than get me in jail.
Still, I wondered, how much would it take to distort the stock market enough to crash the stocks of Microsoft, Apple, Oracle, Adobe, etc, so they'd stop doing harm? How much would I have to transfer away from this multi-national bank for it to go insolvent itself, and take a lot of the international financial market that rules the world with it? Heck, how much would it take to buy enough stock to control all these banks and non-Free Software businesses and, why not, even some somewhat-Free and nebulous computing businesses as well, and then donate all the stock and remaining funds to the network of FSFs?
It's too late now, and I'm somewhat comforted by not having thought of it while it still was. I'd have faced a very difficult moral and ethical dilemma otherwise. But now that I thought of it, I'm having a bit of a hard time convincing myself that sacrificing my own life as I know it wouldn't have been a small price to pay to get all of these businesses to do good for humankind, instead of pursuing maximum profit at the expense of humankind.
What do you think? What would you have done, given this opportunity?
So blong...
Vote up
Vote down
2010-05-26-calling-on-mpegla-bluff.en
Wed May 26 03:21:31 2010
Even just before Google released VP8 and WebM as Free Software, MPEG-LA and likely partners started rattling their (dark)light sabers threatening to assemble a patent pool to collect royalties from WebM users, just like they do with MPEG and H.264. Please bear with me while I show why it's nothing but a bluff to scare businesses and people away from the multimedia format that will displace the MPEG-LA golden-egg layer. Unless their FUD campaign succeeds, that is.
It can be taken as a given that MPEG-LA or other patent trolls will attempt to collect royalties from any multimedia formats. What got my attention was a combination of the fanfare, the timing and the wording of the press announcements.
Smart patent trolls don't scare people away from technology covered by their patents: they instead let businesses become dependent on it, and only then do they offer, erhm, protection.
MPEG-LA is doing no such thing. The announcement, echoed to anyone who would listen just as Google contributed WebM to humankind, clearly intends to steer people away from the new competitor. They seem terrified by it, and they should be. If they are yet to assemble a patent pool to cover VP8, right now they have nothing on it, and if On2's and Google's analyses are correct, that's all they will ever have.
Now, what if Google's and others' analyses are wrong? The nature of patents is such that, unless you can show all technology you use is at least 20 years old, you may find yourself at the wrong end of a patent lawsuit. It doesn't matter how many patents or patent licenses you've got, you're always at risk that someone else holds a patent that covers some technology your business depends on. Even if you did plenty of patent reseach, patents can be granted after your research, and if they were applied for early enough, you still lose.
This is just as true for WebM as it is for H.264 and any other codecs that MPEG-LA claims to control. Even if MPEG-LA offered to idemnify or hold harmless any of its licensees should a patent holder outside the pool initiate litigation, they can't possibly promise to obtain a license for the licensees. Any such patent holder could just decide not to license the patent at all.
What kind of stupid patent holder would do such a nonsensical thing?, you might ask. Well, what if Google held a patent that read on H.264, and that wasn't in MPEG-LA's pool?, I might respond.
I say we call on MPEG-LA's bluff. Worst case, if they succeed in pooling patents to cover VP8 and WebM, we'll be no worse off than with H.264.
So blong...
2010-05-21-fsfla-back-up.en
Fri May 21 22:07:27 2010
Yay! FSFLA.org was down for a bit longer than two weeks, because of a disk failure, but it's now up and running again.
Thanks to FSFE's sysadmins for their hard work in bringing FSFE's and FSFLA's servers back up, at a new location where physical access to the servers won't be a problem!
We now return to our regular programming...
So blong...
2010-02-14-bye-bye-google.en
Sun Feb 14 07:02:32 2010
Dear Google,
We've been together for several years, but I must say I've thought of breaking up with you more and more often lately. Your recent public betrayal got me to decide I don't want to be involved with you any more. I realize it's Valentine's Day, and also Carnival, but... what did you expect me to do? Trust is something we work hard to build over the years, but lose in a split second.
I have long granted you access to some private parts of my life. At first, it was just archiving public mailing lists. Then, you helped me keep in touch with friends that I might otherwise never see again. Then you started listening on my conversations, but even that was sort of ok, for I had agreed with it, hadn't I? You always said I could trust you, and I did. It didn't look like you'd share the private information I shared with you, so trust built over the years.
But the other day I met a side of yours I didn't know, saying on TV how much you valued privacy: that if there was something I didn't want anyone else to know, I shouldn't be doing it in the first place. Still, I thought that was a simple mistake of yours, and that I could still trust you, so I carried on with you.
And then Buzz hit me. That was too much.
As far as I know, I depend on my privacy right now for my physical safety, like Harriet Jacobs, or for the performance of my job, like journalists who had their sources exposed when Buzz was pushed upon them.
But, like trust, privacy is something that takes dedication over the years, and a single mistake will undo a lot of hard work. I don't want to wait for the day I realize I need my privacy back.
Google, I lost the trust I had in you, but I don't think it's too late for me to avoid losing also my privacy. I'm closing our shared accounts, I'm emptying the drawers you saved for me in your closet, I'm destroying the keys after locking the doors, and I won't grant you access to my private parts any more.
I'm also telling all my friends that I broke up with you, and why. I'll also invite them to keep in touch with me through other means.
For instant messaging, I'm reachable at lxoliva@jabber.org and lxoliva@jabber-br.org. Even those who choose to remain with you can register this alternate address in GTalk, although I'd much rather they registered at jabber.org using some Free Software implementation of the XMPP instant messaging protocol adopted by GTalk, like Pidgin.
For social networking, I'm sticking to the PSL-Brasil network, that runs Noosfero, and gNewBook, built upon elgg. Don't worry, Google, I'm not joining Facebook, that would be at least as stupid as remaining on Orkut.
For microblogging, I'm sticking to identi.ca, that runs the StatusNet.
Pidgin, Noosfero, elgg and StatusNet are all Free Software. They respect the essential freedoms of its users, even those users across the net. I know I'm entitled to share them with my friends, adapt them to my own needs, install my own copies and set up my own interoperable networks if I want to, and more. That's unlike other microblogging, social networking and instant messaging services. And, what's more, I'm in love with their developers.
As for e-mail, I use lxoliva@fsfla.org for Free Software matters and oliva@lsd.ic.unicamp.br for other stuff... E-mail is supposed to be private, so I wouldn't recommend using any third party service, even if it's built on Free Software. It's not hard to set up one's own web mail service; I manage myself the servers of both personal addresses I use. They don't have an army of your employees behind them, but given the Facebook employee interview, such an army sounds more like a curse than a blessing.
Google, if you need, you know where to find me and, if you didn't, there are other search engines out there that may know. The same goes to all of my friends. I'll see you all around.
So blong,
2009-09-21-linux-2.6.31-libre1.en
Tue Sep 22 02:50:25 2009
Oops. Linux-2.6.31-libre wouldn't build if you enabled the usbdux drivers in staging. Non-Free firmware name deblobbing error. Fixed in 2.6.31-libre1.
Aside from that, there are changes to the deblobbing of Radeon, R128 and MGA drivers, in preparation for the removal of the non-Free firmware from the drivers proper, and some improvements contributed by Trisquel's Rubén Rodríguez Pérez to make it easier to run the deblob scripts on a kernel that's already partially deblobbed, or for a different variant or base release.
Along with 2.6.31-libre1, 2.6.27.34-libre2 and 2.6.30.7-libre were released, and binary packages for Freed-ora 12 testing are underway.
Be Free!
So blong...
2009-09-18-sugar-labs.en
Tue Sep 22 02:10:52 2009
Sugar Labs and Free Software Foundation Celebrate Software Freedom Day, Announce Joint Efforts to Promote the Sugar Learning Platform for Children Worldwide
CAMBRIDGE, MA, September 18, 2009 – Sugar Labs, nonprofit provider of the Sugar Learning Platform for children, and the Free Software Foundation (FSF), which promotes computer users' right to use, study, copy, modify, and redistribute computer programs, have announced joint efforts to collaborate and promote Sugar on the occasion of Software Freedom Day, September 19th. The FSF will host an event in Boston featuring Sugar Labs Executive Director Walter Bender, FSF president Richard Stallman, and other speakers. Peter Brown, FSF's executive director, said, "The Sugar Learning Platform is fast becoming an essential route to computer user freedom for children around the world. The international free software movement is getting behind Sugar, and we want to use Software Freedom Day as an opportunity to help draw community attention, developer resources, and external funders to the important work going on at Sugar Labs."
The FSF has upgraded its hosting services support of Sugar Labs to keep pace with its growth. As part of the ongoing relationship, Bernardo Innocenti, a member of the Sugar Labs Oversight Board, is working at the FSF offices. Mr. Innocenti stated: "The FSF and Sugar Labs are pursuing distinct, but interdependent goals; Free (as in Freedom) Software is a fundamental part of globally accessible education, and good education enables critical thought, a pre-requisite for appreciating the value of Freedom."
Sugar is a global project. Translated into 25 languages, it is used in classrooms in 40 countries by over 1 million children as part of the One Laptop per Child (OLPC) nonprofit program. Sugar's simple interface, built-in collaboration, and automatic backup through each student's Journal have been designed to interest young learners. The recently released Sugar on a Stick (SoaS) project brings Sugar to even more children, allowing young learners to keep a working copy of Sugar on a simple USB stick, ready to start up any PC or netbook with the child's environment and data. Pilot projects in schools with Sugar on a Stick are underway in Boston, Berlin, and elsewhere. SoaS is free software available under the General Public License (GPL) and is available for download without charge at sugarlabs.org.
According to Walter Bender, "Sugar is running on over 99% of all of the OLPC-XO laptops around the world because governments prefer its quality, openness, built-in collaboration, and easy localization to indigenous languages. Teachers and students are exercising their freedom by modifying and improving Sugar and its Activities. With Sugar on a Stick, access to Sugar is even more widespread."
For example, Uruguay has distributed a Sugar-equipped OLPC laptop to every student in the country. Alexandre Oliva of FSF's sister organisation Free Software Foundation Latin America (http://www.fsfla.org) said, "I was amazed when I first saw Sugar in action in Peru two years ago; shortly thereafter, my daughter tasted Sugar and loved it. She's going to elementary school next year, and I'm very happy she can now easily carry Sugar with her, and share it with her friends. Myself, I'm going to spread its freedom into as many schools as I can." Karsten Gerloff, President of Free Software Foundation Europe (http://fsfe.org), added: "Education and Free Software are both all about sharing knowledge. Through projects like Sugar, young people around the world can discover the creativity that freedom makes possible. Together with the political backing that FSFE's Edu-Team and others are building, Sugar puts Free Software in its rightful place in education."
Sugar Labs relies on the efforts of software developers who donate their skills to the project. Mr. Bender continued, "We are looking for developers with experience in GNU/Linux, Python and/or Gtk+ for contributing to the Sugar shell and educational Activities for children. We also need testers, experienced packagers, and educators willing to contribute their ideas for Sugar in the classroom."
Republished joint FSF and Sugar Labs press release, with permission.
So blong...
2009-09-12-linux-2.6.31-libre.en
Sat Sep 12 18:38:50 2009
Linux-libre 2.6.31 is available. Go get it at one of the mirrors listed at http://fsfla.org/selibre/linux-libre/
http://linux-libre.fsfla.org will be down tomorrow (2009-09-13), moving to a newer and faster machine. Thanks, FSF!
So blong...
2009-06-12-linux-2.6.30-libre.en
Sat Jun 13 00:19:28 2009
Wow, I didn't quite expect linux-2.6.30 to come out this week. I hadn't been able to get my hands onto the 2.6.30 rcs through the entire cycle, save for a few hours circa rc2 or so.
Lucky for me, on the 9th I got a time slot to fix a few deblobbing bugs in earler releases of Linux-libre, and when I was about done with it, Linus published 2.6.30. Turns out deblobbing a release is so much easier that deblobbing the rc patches. Thank you, Linus! :-)
Anyhow... With 2.6.30 out of the way, I guess I'll go back to trying to speed up deblob-check, and to back-port the gen3 deblobbing machinery to 2.6.26 and earlier.
But this will probably have to wait until I finish writing a couple articles, preparing and delivering one new speech and some GCC patches, all before the end of June.
So blong...
2009-05-11-isca-anzol-rede.en
Mon May 11 18:37:49 2009
The second issue of Revista Espírito Livre (Free Spirit Magazine), with the Portuguese version of the article The Bait, The Hook and The Wide Net, about the risks of computing in the cloud for schools of users, in a fishing allegory.
So blong...
Last update: 2010-06-25 (Rev 7019)