Skip to main content

Songs on the Security of Networks
a blog by Michał "rysiek" Woźniak

Diaspora-Based Comment System

This is an ancient post, published more than 4 years ago.
As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

I think I already threw that idea on the (Diaspora) wall, but now I had a bit longer to ponder about it, so: how about we make a Diaspora-based comment system for websites/blogs?

How it could work

When creating a blog (or brag) entry, a post with the whole or part of it, and a link to original source, would be created, e.g. using a user specifically created for that particular website. The website operator could then facilitate discussion of that entry by either:

  • including the Diaspora comment system through an IFrame (with a proper post and discussion of it), or
  • using some API to feed comments to Diaspora and get replies from it.

Of course, there could be other ways to use that comment system on a website.


I can see at least a few serious advantages of that approach:

  • discussion could go on on Diaspora and on the website, while still being perfectly in sync;
  • Diaspora users wouldn’t have to set-up accounts with the website just to partake in the discussion;
  • anonymous posts could be catered for by creating a special, pod-wide user for anonymous postings on all website using a given pod, or by a website-specific anonymous user - both ways enable easy enabling and disabling of Anonymous comments (via aspects), even down to given entries;
  • who is able to comment on a given story would be also trivially controlled by simply setting the aspects that the entry is being posted in on Diaspora.

I don’t, however, see any disadvantages. Though that doesn’t mean there aren’t any.

What would be needed

Some good, stable, thought-through API, obviously; maybe a dedicated pod just for such a use would be a good idea, too. I think OAuth functionality would be required to be able to give users a possibility to comment on the website and yet get the comment posted on Diaspora under their UID.


I’d love to hear your comments and ideas on that – let’s experiment with that and already use Diaspora to that end: here’s the thread.

Conflict of values

This is an ancient post, published more than 4 years ago.
As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

Today a bit more philosophically, regarding the main topic of the next 48 hours – tenth anniversary of the 9/11 Attacks.

Without even going into some more or less interesting conspiracy theories – this was a tragedy. One, that without a doubt changed the world. In many, many ways.

One of the changes was a complete reevaluation of values. Such a terrifying, unimaginable scenario was, for example, the reason to instantly tighten security measures across the scale – effective or not, yet still very much felt and visible.

So here’s the thing: after 9/11 under the pretext of enhancing safety (of flights, but not only) some fundamental values have been sacrificed. Values that have been considered the cornerstone of democracy, especially the American one. Of course, not all at once, but rather a step at a time – nevertheless the overall outcome is the same. This sacrifice, this lack of respect for those values is ironically the most intense in the USA.

Right to privacy lost with wiretapping (including illegal wiretapping); personal inviolability (in Englih law called Habeas corpus; in Poland – Neminem captivabimus) has found itself jailed in Guantanamo; personal dignity every day dies a little bit in busy hands of TSA operatives and on screens of porn-scanners; tolerance and multiculturalism gave way to racial profiling.

All of those instruments are meant to enhance security; however, even if we assume that they are effective in their stated purpose (which, in many cases, is doubtful), there is a question that needs an answer: safety of what, exactly, is being thus enhanced? After stripping away rights, personal freedoms, dignity, all is left is the purely biological fact of being alive.

Asked directly, however, we would probably agree that this simple biological fact, breathing, heart beating, etc., is not a value in and of itself. This is not what we learn from history’s heroes; this is not what we read in literature; this is not what was being instilled in our minds since infancy – regardless of culture we come from. We know and respect examples of giving one’s life for love, for country, for family… Human life is valuable not in and of itself, but rather (for example) because of what this man could achieve. In other words, there are some higher values.

There were those that sacrificed their lives fighting for (among others) dignity, freedom from surveillance, racial and religious tolerance. And they are considered heroes.

Which, apparently, is at odds with current hierarchy of values in the States (and, more and more, also abroad). Looks like after 9/11 we all have collective split personality – one part still tries to keep appearances as if there were higher values (like dignity) more valuable than biological life; the other part is hell bent on defending this very sum of biological processes, even at the price of those “higher” values.

Maybe it’s time to ask, though, how much of it is a personality disorder, and how much is deliberate calculation and hypocrisy.

On-line privacy and anonymity: case in point

This is an ancient post, published more than 4 years ago.
As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

From a comment in a discussion on Diaspora:

I used a nym(*) through most of the Bush years as I live in a very conservative area and my criticism of the prez and warz was carried in some pretty prominent places. I actually feared for my life. So, I hid behind anonymity.

Surprise! Even in “the land of the free” people exercise their right to anonymity fearing ostracism and persecution for political views.

Now, does anybody have any more enlightening comments as to why we do not need on-line anonymity (as, supposedly, if you’re not doing anything wrong you have nothing to hide) and how nobody wants on-line privacy?.. I’m looking at you, Schmidt and Zuckerberg!

**) “nym” - pseudonym*

On being careful with words

This is an ancient post, published more than 4 years ago.
As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

A certain whirli, on Diaspora, dropped a nice text on Google’s Real Name Policy and how it can affect the whole industry – and our lives.

I agree with the basic premise and the reasoning that once Google gets away with that, probably many other companies and websites will follow; that puts online anonymity and privacy in huge jeopardy (for more on that, read the linked article, not much I can add to what’s there).

However, I do have a problem with use of certain words and phrases in the text. “Transparency”, someone/something being “open for scrutiny”, “accountability” – have been applied by authors to private persons, regular users of online services. That should not be.

“Accountability”, “transparency”, “openness to scrutiny” are terms/qualities that in our democratic society have inherent positive air to them, we feel that those properties are good and important.

Governments, companies, public servants, officials, treaties, negotiations, lawmaking, etc. – these are examples of what should be “accountable”, “transparent” and “open for scrutiny” in a democratic state. All of these have big influence on private persons’ lives and hence must be possible to observe and control by those same persons.

On the other hand, when the situation gets reversed (as it can be feared once Real Name Policy gets enacted across the web) and it will be private persons being watched and controlled by governments, companies, public servants and officials, something wrong happens and the state of affairs seems to drift towards totalitarianism.

In such a case using words and phrases with positive emotional load – like “accountability” or “transparency” – doesn’t play well: if Google or a government official tried to use those terms in such a context, I would even say it’s an intentional manipulation meant to show something inherently bad (total state/corporate control of private persons’ lives) as inherently good.

I feel that words like “invigilation” and “surveillance” much better fit the purpose then.


I had a very constructive and interesting discussion, first by e-mail, then on Diaspora, with (among others) the author of the article.

To sum it up – I might have overreacted a bit due to my engagement in both:

  • fighting for privacy and anonymity of private persons, against surveillance;
  • advocating transparency and accountability of official dealings, governments, corporations, etc.

To the first stipulation, written above, I would like to add a second one: using such positively-loaded words to describe negative phenoena dilutes that positive emotional load, making it harder to use it in the positive context (e.g. advocating transparency of government).

Mind you, that’s just for the record, a Gedankenexperiment if you will; I fully accept that in the case of that particular article this might not apply.

Of malware, hot steam, privacy, using one's brain and paedoparanoia

This is an ancient post, published more than 4 years ago.
As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

So I read today about an Apple Service employee that installed malicious software on his female customers’ lappys. The software then asked for the lappy to be placed “near hot steam”(!) to “clean an internal sensor”.

Guess what. Ladies then actually took their lappys to the bathroom while they were taking showers. Yes, nude photos were made with the built-in webcam – that was the whole idea.

Now, in the later section of the linked article one can read that for instance Geek Squad has a policy of searching their customers’ computers and reporting any and all allegedly illegal material found. That means (among others) child pornography, obviously.

The Perfect Storm

Okay, let’s go out on a limb here and imagine what could happen with those combined:

  • a 14yo girl’s father takes her MacBook to an Apple Service where, incidentally, our little “voyeur” works;
  • lappy gets a servicing and some malicious software treatment;
  • back at home, the 14yo daughter gets the “place near hot steam” message and promptly – probably after consulting her father – takes her MacBook to the bathroom while taking a shower;
  • nudie pics are made – those qualify as child porn;
  • some time later the father, for one reason or the other, takes the MacBook to Geek Squad;
  • GS finds alleged child porn and reports the father to the authorities.

Prosecution, persecution and stigmatization ensue. Family is ruined. Father is finally found not guilty, but after many years of trial and being treated as a paedophile. Probably loses his job and acquintances in that time.

What went wrong

Obviously the guy in the Apple Service shouldn’t have installed the malware. But that’s just the tip of the iceberg, and that is what is really scary.

First of all, people should have some minimal understanding of the technology they use, and make some use of their brains. I’m not talking about understanding how a NOR gate in a CPU works, I’m talking about “electronics and hot steam? that doesn’t sound right” kind of mental process.

Secondly, come on, when you’re sending your electronic device for service, you should at least clean it up a bit (if that’s possible, obviously); nobody will respect your privacy if you yourself won’t.

Then there’s the Geek Squad sifting through people’s private stuff. It’s as if you ask a plumber to fix the drain and he starts looking in your basement for clues of a possible murder. His job is to fix the darn drain, not to be a self-appointed criminal investigator, and if he thinks otherwise, well, that’s trespassing – isn’t it.

And finally – but I guess most importantly – the continuous paranoia about paedophiles everywhere. This is exactly what apparently justifies the Geek Squad to invade ones privacy during PC servicing; this is exactly what causes the father to be stigmatized, family to be destroyed, before the verdict is brought in. This is what changes “innocent until proven guilty” into “paedophile once alleged”. This is what caused a paediatrician to be harassed and driven out of her home, seeking police protection, after a mob mistook “paediatrician” for “paedophile”.

This, and not using ones brain.

Kragen Thinking Out Loud

This is an ancient post, published more than 4 years ago.
As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

I found this diamond accidentally (well, not quite; I follow Jacob Applebaum), but I just might end up observing it closely. Kragen Thinking Out Loud, or a mailing list on which Kragen Sitaker shares his thoughts with the world. Something like a blog, but without the blog, RSS, etc.

Some great starters to get the hang of it:

The last one is especially mind-tickling; it’s one of those texts one reads and gets an Instant Epiphany of some Basic Truth (in this case – that P2P cannot work effectively on an ADSL Internet connections, due to the dreaded A).

The second text I would like to wholeheartedly recommend to all the Apple and Google fans out there. No, no trolling.

Oh, and I just might add a newsletter functionality here on the brag for all of you that prefer the traditional way of getting their news.

Willpower, productivity and cycling

This is an ancient post, published more than 4 years ago.
As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

Just read a great article on willpower, addictiveness and productivity; if you haven’t yet, do, it’s well worth a read (as is the article that inspired it).

Anyhow, I have two short conclusions from this read, one more personal, the other more general.

The personal one stems from the fact that I used to cycle each day at least 30 minutes, as I lived on the outskirts of Warsaw and that was the best means of transport (at least for me). I always thought that the single biggest gain for me in that was the physical exercise – sun or rain, wind or snow, every day at least 30 minutes of biking.

After what I’ve read a second great gain pops to my mind: Each day, I had at least 30 minutes of completely uninterrupted time with myself and my thoughts. I suddenly remembered how much was I able to think through during this time. I’ll have to make myself start cycling (or possibly frequenting a swimming pool?) again, for both reasons.

The more general conclusion has a premise: there is a continuum of types of people, between completely focused, wielding formidable willpower (and hence very productive) on one end of the spectrum, and totally disorganised, run mainly by impulses and urges (and hence less productive) on the other – and I am probably somewhere in the middle; please bear in mind that “being productive” is used here as in original text, a much wider term than just “productive at work”.

And here’s the kicker: I have a feeling that almost all of the marketing, economic and political agendas of any significant power (be it a large corporation, an important political party, etc.) are geared towards the impulse-driven part of the society, as it’s probably much easier that way. But wait, there’s more! It would seem they are actually actively working towards moving as many people as possible from the “willful, productive” part of spectrum towards “impulsive, weak-willed, consumerist” (sic!) end.

And that’s both scary and unacceptable.

Neo FreeRunner as a WiFi Soundcard

This is an ancient post, published more than 4 years ago.
As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

For some time now I have been trying to craft a WiFi Soundcard from my Neo FreeRunner (running Debian). Still a long way to go, but after few hours of heavy fighting I finally have some success. Namely, I was able to (kind of) play a song on my lappy through PulseAudio, via UDP/RTP, to PulseAudio on the Neo and hear something (very distorted, but discernible).

So, state of the art for today is:

  • basically it should work out-of-the-box;
  • the WiFi link here seems too weak/unstable for a full 44100Hz stereo;
  • for the time being it works only after joining the multicast group manually with mcfirst;
  • sound quality is awful (due to the above problems).

But I got some sound through. Will be working on it some more in my spare time.

A Weekend with lawyers

This is an ancient post, published more than 4 years ago.
As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

I just spent a Weekend with (among others) a bunch of lawyers. Great, in my humble opinion, lawyers (confirmed by their successes, position, or offices held). Also – against the stereotype – great human beings, co-operation with whom is an honour and a privilege.

And it was hard. Painful. Very disturbing. The more so the higher regard I held them in.

So what has happened?

Well, while we were more or less agreed as far as some general values and issues are concerned (or at least we were able to find common ground, understand each others’ position and respect that), the moment the discussion veered into territory of law and lawmaking – carnage ensued.

Don’t get me wrong! We were all friends; every single moment of those discussions was of highest cultural and rhetorical standard. The extremely frightening thing was that in some things they were completely unable to find any common ground!

When I discuss an issue with a fellow IT specialist, we can get to a point where we understand each others’ views and assumptions, find those we do not agree about (like what’s important, feature-richness or time-to-market) which are actually the crux of our disagreement on a higher level (like, which methodology to assume).

Getting back to the lawyers – well, the data could have been the same; the assumptions could have been the same; the conclusions would still be completely different!..

This is seriously frightening once you realise you’re supposed to be living in a State of Law, but the law itself is almost completely subject to interpretation.

Problem Genesis

That got me thinking “why”. Why all natural sciences, all engineering domains, et al, are able to arrive at concrete, tangible conclusions (and produce unequivocal doctrines, documents, procedures, etc.), yet still, lawyers (and economists, apparently) are unable to do that?

Short answer that I arrived at is: lack of scientific method and process, no possibility to execute a verifiable experiment, testing a given theory. That’s not the fault of lawyers, mind you, but simply a characteristic intrinsic to those fields.

Scientific procedure can in a timely manner verify a given theory, checking the data or executing an experiment with – that’s crucial! – as much variables set as possible, testing the theory in a very controlled environment. Even more! Others can check the experiment, check the data, re-test it all and make sure there was no error in it all.

As far as lawyers and economists are concerned – that’s simply impossible. And that, taking the influence of those two groups on our day-to-day reality into account, is the tragedy of our times.

One step closer to ideal

This is an ancient post, published more than 4 years ago.
As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

Finally, I had the time to work a bit on the brag. So here goes:

  • language switching controls now work;
  • as do page switching controls;
  • hence you are finally able to get to entries other than the last 5;
  • now we also sport messages (including a message on browser support);
  • and some cosmetics.

Nevertheless, still a lot of work to be done.