Skip to main content

Songs on the Security of Networks
a blog by Michał "rysiek" Woźniak

Black PR around Polish e-Textbooks

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

Black PR campaign against e-textbooks in Poland that trundles through polish media is a premeditated attack against our right to education. For years now open education resources proponents have been fighting for resources available on permissive, or “libre”, licenses, allowing for copying, remixing and spreading them around – so that teachers are not afraid to make a copy of an application used in class or a textbook needed for their homework. This freedom is jeopardized by particular interests of a couple of publishing companies.*

Much has been said lately in Poland about (or rather, mainly against) the plan to bring electronic textbooks and open education resources to Polish public schools. What is worth noting: while the critique was usually aimed at financial, technical or procedural issues, the real source of ire for those behind this campaign are, in fact, the libre licenses themselves.

What are libre licenses

In almost every textbook on one of the first or last pages you will find the text “all rights reserved”. It’s a reminder that they are also covered by copyright laws, and that rightsowners’ (publishers’, authors’) express consent is required to copy, redistribute or modify it.

Libre licenses invert this situation, by expressly and unequivocally giving such consent to anybody interested in doing so, as long as they retain proper attribution of authorship. No need to ponder if it is legal to share libre licensed music (e.g. downloaded from Jamendo) nor if we can re-use a Wikipedia article – libre licenses these sites sport for the content are a loud and clear “sure thing, go ahead!”

This, for reasons that should be pretty obvious, has a lot of sense in education. Open education resources allow teachers and students to use, re-use, modify, improve, supplement and share – or even publish their own versions of them! – without the fear of running afoul of complicated copyright laws. It is the proven model behind, for example, free software and Wikipedia – however, when used in in education, apart from providing for better, more complete and upt-to-date learning materials, it also helps foster deeper student and teacher involvement in the process.

And of course, parents (especially of more than one child) could also feel the purely financial advantage such model offers them, as instead of buying, year by year, new textbooks, they could just download the updated version. All this is possible with libre licensing of education resources.

Almost everybody engaged in education – students, parents, teachers – libre licenses are a huge step forward. They allow creativity to thrive, save money, enable updating of the resources by third parties (instead of writing them anew from scratch each time) and fight the digital exclusion (anybody can prepare a braille version without even having to ask for permission), while at the same time giving students practical idea on how copyright law works.

However, such culture of sharing is (at least seemingly) incompatible with business models of large publishing companies, hence the current black PR campaign against e-textbooks. The question remains: should such a purely business issue be a problem of students, parents and teachers?

Libre business

Regardless of what the publishers would like you to think, there are several examples of business models perfectly compatible with libre licensing and open education resources.

It is because they are libre-licensed, open education resources can (and should!) be used and improved upon by the publishers, regardless of who was the original author. There is not a single reason why the publishers cannot prepare professional printed versions, after all many parents will prefer them to printing at home! Textbooks will need appropriate exercise books, tests, other materials – and thanks to the libre license of the textbook any publisher will have the ability of preparing those.

Publishers could even prepare specially adapted versions for certain class profiles – removing unneeded material and extending upon certain relevant sections. Not only can they do that – this possibility is in and of itself one of the reasons for creating open education resources.

Conjuration of reality

Publishing business does not want to acknowledge all that, because it spells changes. Instead of trying to find new business models, new ways of operating, compatible with libre licenses (and the future of education in Poland) – publishers prefer to treat open education resources as a “problem” that needs “solving”, using lawyers and PR agencies.

Changes will inevitably come, regardless of how those opposed to them try to conjure the reality. Respected education centres around the world also see that: Harvard University asked its staff to publish their work on libre licenses, instead of in science periodicals sporting proprietary licensing schemes. This will supposedly allow it to save 3.5 million dollars each year, at the same time rising availability of scientific research within the scientific community and well beyond it.

Polish education has a chance to not only follow this example, but go further. Polish libre-licensed e-textbooks is already commented broadly in education communities around the world. As far as open education goes, Poland can become a true leader.

Should, then, profits of a few publishing businesses stand in the way of better, more affordable and modern education?

Hypochristian Love

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

Australian Christian Lobby, in a tweet already deleted (wonder why, don’t they stand behind their convictions?), likened gay marriage and gay love to zoophilia and paedophilia. I like how this particular argument pops up here and there from the “Christian” side.

I like how such religious groups compare sex between two willing adult humans to sex with animals, implying that at least one party to it is no better than an animal – while still vehemently opposing the theory of evolution, saying that suggesting that humans come from monkeys somehow “strips humans of their dignity”. Because obviously calling people “animals” doesn’t.

I like how they compare homosexuality to paedophilia, regardless that homosexual sex (just as heterosexual sex) is sex between consenting adults, while paedophilia seems to be more often then not sex between a clergyman and a non-consenting child.

And I like how Catholic clergy claims this is a “family issue”, and that same-sex marriage is a danger to “family values”, while having absolutely no experience in building marriages and families of their own at all.

Finally, I like how they do that while “spreading the Christian message of Love”. I can admire a good troll.

Some new Layout Goodness

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

Because Firefox 13 decided to b0rk the layout of this brag, I finally got around to get back to work on it. And as Firefox 14 has already fixed this bug, instead of working on a work-around I was able to implement some of the missing stuff.

So, we finally have a menu – right there in the top-right corner. And boy am I proud of this one! Not a single line of JavaScript, pure CSS3 (esp. transitions). There you will find the home button, Table of Contents, language selector and an additional link to (up until now available only through the site’s main title) the About section.

Apart from that every entry now has a “back to top” link at the very end.

Obviously there is still a lot of work ahead of me, including both things that need fixes (like the “next page”/“previous page” links that are not exactly properly aligned) and things that need to be implemented from scratch (e.g. mobile devices layout; interface translations).

Party 2.0

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

Thinking about political parties, we think of behemoths, huge amalgamates of people and philosophies, preying on contemporary political events and social sentiments on their way to power. Power treated as an aim in and of itself, as the main reason and sense of the party’s existence. Political programmes of such huge organisations are usually gargantuan texts containing gigantic amounts of information on the official party line concerning seemingly every possible issue.

This causes problems. First of all, the machiavellian approach, want of complete, total power – as only by wielding it it is possible to push through with such complex system of ideas.

Secondly, this in practice bars the voters from making informed, rational decisions in the voting booth: how can they navigate in such a vast labyrinth of party programmes? And even if they could, they usually end up finding out they agree with social agenda of Party A, but only Party B has a sane economical one. Go and try to vote!

This, then, ends with a choice made on completely insubstantial grounds, either by subscribing to some populist agenda or hooking up on one of the many substitute topics (like gay marriage, that should by the way have been legalized a long time a go, under any of the proposed names; or abortion debate in which the level of informed, merit-based discussion is next to naught). That, or voting on a particular candidate that turned up in some form of a survey, “matching” candidate’s answers against voter’s views.

Is it finally time for Political Parties 2.0, then?

I believe so. It’s high time for single task parties, created with the aim of introducing a small set of well-defined, particular changes to reality (e.g. “reforming the copyright law to allow free of charge, legal, non-commercial sharing and remixing of culture”). Parties viewed from beginning till the very end as mere tools, not as aims in and of themselves; parties that seek and use many different methods of achieving their goals – as it’s possible to introduce change without entering the Parliament.

And, what’s as important – parties that are managed differently. Enough already with the parties of charismatic leaders that make almost all important decisions and push their own agendas using party members’ energy and time. Time for direct democracy, for example in the form of Liquid Democracy. We need parties that make decisions in maximally inclusive ways; ones that every member of has valid say, whom will vote according to party policy within the party “task” not because he has to, but because his true aim is, in fact, introducing this particular change in reality.

Such small, task-oriented parties also seem an interesting offer to those that feel that societies get too antagonised by the large, traditional political forces. They will more eagerly work together on issues that are not part of their particular “task”; possible they would also vote for what other task-oriented parties propose, as long as it’s not conflicting with their particular task.

To be able to avoid a task-oriented party becoming a traditional behemoth, such parties should also sport a clause in their statutes that would automagically dissolve them upon achieving their goals.

Party as a system hack

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

Today I would like to talk about hacking the system, but not a computer one. I do feel, you see, that the current political system (in, mind you, which I include media) is inherently hackable as far as introducing concrete, well-defined changes into reality is concerned; it can be done by political parties that do not even have to win any elections – as long as the issues at hand are clearly defined.

How? It’s easy.

Let’s try this on the example of copyright reform, which undoubtedly is dearly needed, and yet is not to be found (as far as I know) in any large party’s political programme. It’s a very visible issue lately (thanks to ACTA, but not only) that the general public has spoken out about quite loudly and clearly, yet no big political party seems to know how to go about it.

It should be enough, now, to simply create a political party which would have a single stated aim: change the copyright law. Such a party would have almost no chances of entering the Parliament; however, as it would be a political party, media would instantly get interested, and its name would spring up at an occasion where copyright reform, “piracy” and similar topics is discussed.

If such a party had a well-defined aim and actions that need to be undertaken to achieve it (i.e. which laws need to be changed, and how), and if it had well thought-through arguments those so-called “serious” parties would start to consider this small party a threat to at least some part of their political base. And while the chances of it entering the Parliament would still be close to nil, the “large” parties – fighting over every opinion poll point – would likely find it unacceptable.

The easiest way out of this conundrum for those large parties is, of course, copying – by simply incorporating the particular aim of this small party in their political programmes and preparing well their argumentation (for or against).

This, of course, will make the chances of entering the Parliament by the small party even smaller, but by now that’s irrelevant: the postulate has just entered big parties programmes; even more, by taking part in debates on the issue they themselves make it more prominent. And that’s exactly what the doctor ordered.

Because suddenly a topic that was completely absent from political debate is prominently featured in it, including getting into parties’ programmes. If the small party founders did their job well and the aim was well and clearly defined (which usually is not the case with the majority of political programme wording), it’s quite possible to hold the big parties accountable for it – still using the small party as the boogeyman when needed.

Are corporations dangerous only in collusion with governments?

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

One of the moments that made RightsCon Rio great: instead of attending one of the lectures, I had a tough, intense discussion with Thor Halvorssen of and Paulo Rená on… well, on a few topics really, including where do fundamental/human rights come from (are they inherent to every single human being or are they a by-product of society) and whether or not corporations are becoming a threat to those rights on their own (without government “help” in this regard).

The former is a topic well trodden by many thinkers. The latter is what I would like to summarize here, as I deem it’s both important and timely.


The issue arose while discussing a different one (which is important by itself, and which I will cover soon). What the topic boils down to is this question:
Multinational corporations are behemoths, some have more money and hard assets than many governments; hence, power of those corporations is becoming less and less accountable to any society. Is this dangerous in and of itself, or only when such corporations “get in bed” with governments?

I am willing to concede that governments are inherently dangerous; I am willing to concede that the most evil that corporations did up until today was, as Thor put it, “when corporations were in bed with governments”. And I am willing to concede that the military monopoly, held by governments, is one of the most important reasons for that.

However, I am also deeply concerned that what we see here is the game changing before our very eyes. Corporations – which cannot be called the most ethical entities on this Earth – are now amassing more power than many governments, and some are already building their own armies. I feel it is probable that military monopoly will be broken soon.

A historical analogy

Polish history in the 17th and 18th century is a good analogy here.

Simplifying quite a bit – Polish nobility had vast personal liberties and had substantial say in government affairs for centuries. Over the years, magnates (the highest class of nobility) gathered more and more power in their (private) hands while Polish Army was mainly based on “pospolite ruszenie” – forces mobilised from Polish gentry.

At some point military power in disposal of several magnates was enough to challenge the military power of the King, by gradually claiming their sole rule and own laws over their territories. This led to the magnates-led nobility revolting against the government and internal struggles in the country.

Finally, it resulted in loss of independence and dismantling the Polish-Lithuanian Commonwealth, once formidable force in Europe and the world, by bordering states.

Modern-day nobility

What is interesting is that we can see a very similar storm brewing today when it comes to multinational corporations.

They are, in fact, being treated like modern-day gentry. They have been granted vast privileges (corporate personhood, “money is speech” verdict in the US, etc.). They do have much say in governmental affairs (through lobbying, revolving door techniques and other means). Similarly to nobility, they cannot be imprisoned and court proceedings are slanted in their favour, if only because of huge legal teams and vast coffers they have at their disposal.

They amass more money and information, and hence power, than many governments. They have their own armies in the form of security agencies. And it’s not a government that knows how to build the newest jet fighter or the best rocket launcher – the corporations do.

They feel authorised to rule their “subjects” – employees and private clients – just as magnates ruled theirs; its the means that changed: now instead of decrees they issue Terms of Service, EULAs and internal regulations.

From this there is just a single small step to be made towards an overt corporatocracy. And already some corporations are asserting their own rule over certain areas. Just like Polish magnates did in the eve of internal troubles.

Danger ahead

Hence, I see the situation becoming extremely dangerous in two scenarios:

  • either a corporation will gain powers that exceed powers of governments, including breaking the military monopoly, and then will use those powers to their own ends;
  • or, maybe, the more power a corporation has, the more likely it becomes that it will “go to bed” with a government.

Either way, we end up in a situation in which it is the power of the corporation that is the extreme and immediate danger to our personal liberties and human rights. We need to be clear on that and acknowledge it.

Proxies! Proxies everywhere!

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

Another follow-up after the RightsCon and OpenITP conferences in Rio – during OpenITP workshop session an interesting idea has been floated as an case-study in the Game Theory and Censorship working group:
if every (or most; or just many) HTTPS-enabled webservers on the Internet were configured as open proxies, this could provide invaluable additional layer of security and resilience for anti-censorship and anti-surveillance tools, like TOR; and would be very useful in and of itself.

As Lucas Dixon of Google Ideas pointed out, this idea was being discussed informally on and off during at least the last year or so.

I love the idea, and I believe it is worth some serious thought. Should this become reality, it would be close to impossibru to selectively censor the Internet, especially by oppressive regimes (like the USA or China), as to accomplish that they would need to effectively censor all HTTPS communication with all such HTTPS-enabled open proxies. I’d like to see the US censoring google.pl

Good reasons

Imagine a world in which you could use any public-facing HTTPS server as an anonymous proxy just by telling your operating system or application to use it so. No need to set-up TOR and the traffic not only looks like valid HTTPS traffic, it actually is valid HTTPS traffic to a valid HTTPS host.

Because it’s end-to-end encrypted, censorship and surveillance tools have no way of distinguishing it from normal traffic to this particular website, save for a MITM attack (this does happen, but adds another layer of complexity and needed effort to the censor’s system). Surveillance is still possible via getting server logs from the proxy operator, but that’s much harder than simply listening-in all the time.

While the TOR project does a stellar job in obscuring their traffic so it’s hard to tell from HTTPS, a simple list of operating TOR nodes is enough to prove problematic – as China’s example shows. In this case it’s a legitimate website doing the proxying, hence a regime would have to actually block the website instead of trying to find TOR traffic and block that.

This would mean that the choice that a regime has is either to block the whole HTTPS Internet; invest in complicated MITM attacks (that either require a compromised CA, or are completely visible to users); or accept the fact that they cannot selectively censor the Internet anymore.

And do keep in mind that selective blocking and filtering is active in many western democracies, including Italy or Great Britain. This could prove an invaluable tool for Internet users from those countries too.

Bad excuses

Now, let’s try to poke holes in the notion, shall we?

Obviously the first and biggest problem that comes to mind is the NIMBY-esque statement of any server admin worth their salt:
I do not want my server’s IP showing up in some child-porn server’s logs, and am not at all interested in partaking in all the law enforcement fun fun fun related to that later.

Or put it a bit differently – there will be abusers, period.

Thankfully, we already have an example of such a situation, and I am talking, of course, about TOR exit nodes. Admins make the decision whether to run a TOR exit node on their servers with this very consideration in their minds, and many do decide to run it. There are two reasons for that:

  • catering to the needs of dissidents and human rights activists in oppressive regimes is a honourable, humane thing to do, and the occasional abuser can be considered a poor excuse not to do it;
  • we have logs to prove that it is not us that initiated the “unlawful” connection, and the more widespread the practice is, the better standing we have to explain that we cannot be held liable for what other people do with our service.

Both of those work for TOR, and I see no reason for them not to work in this case.

I think that this is the biggie, the rest are technicalities – i.e. how much bandwidth and processing power can you provide for the open proxy part of your server is a technical question every admin would have to answer for themselves.

So what about TOR?

In no way am I advocating doing the above instead of operating a TOR exit node or bridge; if you can run TOR, do! If not, HTTPS ubiquitous anonymous proxies is a complementary measure that helps in some scenarios.

It does not provide strong anonymity, so it doesn’t help much against surveillance (the logs are being kept by the proxy operators!) and thus cannot in any way be viewed as TOR replacement. From regular user’s point of view, however, it is easier to set-up and integrate with their browsing habits – it hence can cater to the needs of some of the users that found TOR too complicated to set-up and use, but still need a way to circumvent certain kinds of censorship.

Automagic re-publishing from Twitter to StatusNet

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

For a while now I see a serious problem in the fact that many Free Software advocates, privacy activists, human rights defenders and generally important players in this technical-slash-fundamental-rights Internet community publish their short bursts of brilliance only on Twitter.

It’s problematic, because Twitter is a closed, proprietary and – most importantly – centralised social network that has even agreed to censor tweets under certain circumstances, and while I do applaud their policy of generally standing up for the user, I cannot in good conscience say it’s a good solution for us hacktivists (because things like these are the more likely to happen the more users use Twitter).

Now, I am painfully aware that getting all the cool kids to migrate from Twitter to a more libre and decentralised StatusNet-based services (like Identi.ca or Telecomix’s instance) is a pipe dream, at least for the time being – and while I would love to see that happening, I am not going to go taliban on that. Instead, I would like to focus on making StatusNet-based services more usable for Joe User.

And that means tackling the…

Network Effect

One of the main Joe’s hurdles with those libre microblogging sites is that, well, not many people are there. I do not completely agree with that (i.e. there is no @rms on Twitter), but I do see the problem.

It’s called the “network effect”. What it means is that, as far as communication networks/means are concerned, the more people use a given service, the more incentivised are other people to join it. That’s actually quite obvious – you want to use a communication medium that lets you, well, communicate with as many people as possible; hence you usually choose the one that has the most of your friends or people you’d like to hear from and talk to.

Problem here is that while users of different StatusNet instances can engage each other, as this de-centralised service (just like e-mail) allows different servers to communicate, Twitter is incompatible with them while still being the largest microblogging site today. This means that even if somebody wants to go libre and set-up a StatusNet account somewhere, they quickly find they still need Twitter to follow many of the people they are interested in following.

Of course, I don’t stand a chance in hell of convincing @BillGates to set-up a libre StatusNet account (not that I miss him dearly on the libre side of microblogging), but us hacktivists and human rights champions should know better, right?

The Plea

So here’s my plea: at least do not reinforce the network effect by publishing solely on Twitter. This is the least you can do and you don’t even need to go through hoops and loops, e.g. by publishing by hand on many different services or using a third party to do it for you – you can get the software to do just that. All you need is a StatusNet account.

It costs nothing; it doesn’t compromise your account in any way (as it doesn’t even give the StatusNet instance any write-access to your Twitter account); it helps people move from centralised service to a de-centralised one; it circumvents Twitter’s own geography-based censorship (once it’s on StatusNet, it’s not under Twitter’s control); and it gives access to your tweets to people that made a conscious decision to steer clear of corporate-owned, centralised communication platforms. What’s not to love!

Here’s what you do.

The How To

Turns out Twitter provides RSS feeds for each user timeline under the address:
https://twitter.com/statuses/user_timeline/USERNAME.rss
where USERNAME is the Twitter handle; for instance, here’s @ioerror’s: https://twitter.com/statuses/user_timeline/ioerror.rss.

StatusNet, on the other hand, can use RSS feeds as sources. That means you can tell your StatusNet (i.e. Identi.ca) account to publish whatever gets published on your Twitter account, automatically.

You can do that in your StatusNet service account settings. After logging-in to the web-interface of your StatusNet service of choice, go to Settings -> Mirroring, click “RSS or Atom feed”, paste your Twitter timeline RSS feed and click “Add feed”. Make sure that “Mirroring style” is “Repost the content under my account”.

That’s it. You are no longer an obstacle on the way to de-centralisation. Kudos.

TPSA/Orange and GIMP, or a word on 5 users

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

Some might remember how a few years ago biggest Polish ISP mistakenly blocked GIMP’s website for their users.

Today I took part in a meeting on net neutrality, content blocking and privacy, within the framework of workshops run by Polish Ministry of Administration and Digitalization. The topic of informing on blocks engaged by the ISPs to protect their networks came up, obviously the ISPs are fighting tooth and nail against that.

I reminded the representatives present about how Telekomunikacja Polska (now owned by Orange) blocked GIMP’s website, and how such an information would be instrumental for server’s admins to solve the problem on their side or at least know what’s going on.

As a reply, Mr Tomasz Piłat, Orange rep, said the following:

And all 5 GIMP users were outraged

After which another Orange rep requested “some respect” towards their company.

Perfect ToDo-oid

This is an ancient post, published more than 4 years ago.

As such, it might not anymore reflect the views of the author or the state of the world. It is provided as historical record.

UPDATE: the first version is now published on KDE-Look, enjoy.

Okay, so I have finally decided to write my first Plasmoid – you know, the KDE Plasma widget. No, I haven’t written it, yet. Yes, I know what I am going to write:
the best damn to-do list under the friggin’ sun!

So, what my ideal ToDo list will do? Basically, I am going to insolently rip-off BasKet Note Pads. Do you know BasKet? Well, you should. Best note-taking app I know.

More accurately, though, the minimal functionality would be:

  • one-click tasks adding, a’la my current ToDo handler Task Timer;
  • one-click starting/stopping timing of tasks, again inspired by Task Timer;
  • task grouping/subtasks, as with notes in BasKet;
  • drag-and-drop task ordering, including within groups;
  • one-click deletion/marking as done, for efficiency all around.

After implementing that I will consider also:

  • CalDAV/iCAL/vCAL sync with my calendars, for added joy;
  • ability to connect to BasKet, because sometimes the full app would be much more convenient;
  • tags, categories, including visual clues, so that a single glance of the plasmoid would pass all the needed info.

Obviously, I am still thinking what else could be done with that. Comments welcome, as always.