Responsibility & Cost

These are some notes about a open source presentation I may make at some point in the future. It’s target is programmers and technical staff and project managers who want to understand Free and Open Source better.

Back in the old days of programming, everything you made was your responsibility. Computers were simple, programs were simple and programmers were self reliant. It was a golden age of programming innovation where programmers could explore their entire field and stake claims in the uncharted areas of the software hinterland and most of the time were able to earn decent money while doing so.

But progress meant complexity. Complexity brought with it a phase change from programs developed by single individuals to programs developed by teams, or entire large corporations. No matter how large you made the company or how much money you could push into a project, software projects just seemingly grew to fit their environment, always growing more in complexity than any company could reasonably keep up with.

And so there developed a solution to the complexity. We pay someone else to create a generic system that allows our team to create more complex software at a higher level. These generic systems always had limitations, but with competition, systems like operating systems, databases, web-servers all came into existence to solve to major problem in software: Just how much complexity can a programmer possibly write before they can’t remember it all or how complex a piece of software gets before a team can no longer coordinate effectively around it.

So we have this desire for every greater complexity, but also a growing need to reduce which bits of the complexity that we are personally responsible for.

It’s not difficult to see how paying a company for a piece of software that solves the problem is a fine way to reduce the personal responsibility. You get a piece of software that does almost everything you need and your work then only consists of learning how to use the software and how to customise it for your specific business.

The way the software was sold was very much like selling bananas off a shelf. You’d get the rights to run a single copy that you paid for and that would be that. Any copying would be as if you stole a bunch of bananas from the grocers. This thinking is required if you want to sell software like this, but it isn’t the only way software can be sold.

This is where Free Software comes in. It’s a way of licensing software that works with the realities of software instead of against them. It doesn’t pretend that code is a banana, it treats the code as if it WILL be copied. And that’s ok. What’s specifically important about Free Software is the freedom that it demands users have. No matter how much money you pay for a piece of software, the user must ALWAYS have control over their own software and must ALWAYS be free.

More to follow…

Software Freedom Society

I’ve been mulling over a new idea and I’ve come to my blog to draft my thoughts on it. I’m probably wrong, but I really want you to comment your thoughts below.

We have a Free Software world which is dominated by schools of thought, each focusing on a particular piece of the Free Software problem. Some of them know that they have a limited scope such as the Freedom Software Law Center and Software Freedom Conservancy (legal and sub-incorporation respectively) and then there are groups which try to be all things to all people like the grand daddy of them all, the Free Software Foundation.

I think the FSF itself wants to have a very limited scope, but it just can’t shake the fact that it’s political protests have implications outside of what it wants to do. Things like economics, interpersonal relationships, community culture and creative rights and remuneration to name a short few examples. I think perhaps that people who believe in the FSF’s political campaign, want it to be more. I know I’m frustrated with it’s lack of “do anything productive at all”, that seems to defined the last nine years. Many people who I know here in Boston voice similar low level grumblings think it’s lost focus a great deal because of what users want it to be.

Then there’s another organisation, the Canonical Ltd hype machine that is the Ubuntu community. It’s a pretty good force in the Free Software world (some people will disagree) but again, it’s members want it to be more than a corporate cheer-leading squad. They desire an authority that can standardise, set example, lead. But let’s be honest, Canonical can’t possibly do anything right in a lot of eyes outside of the Ubuntu community itself (even if it empirically did so). So the route to using the boundless capacity of enthusiasm and good ideas about community management and treating non-coders with respect has been watered down or rejected, ever tied to a company that is desperate to make money and over eager for your attention about it’s latest announcement that it drowns it’s own community out.

Now imagine a community that’s dedicated to Software Freedom like the FSF, as respectful and energetic as the Ubuntu Community, as transparent as Debian and as well defined as the Law Center. It’s goals would be to host an open membership, be an arena for debate about community structure, a place to document and explore social standards in both projects and the user communities surrounding them and to invite all to participate in projects as non-coding members.

We could take charge of the areas that the FSF struggles to host, help generalise existing community wisdom that might be tainted by the Canonical brand and provide valuable guides and education on the best ways to run projects and all the pieces needed to make them work.

We could do this by beating a drum and collecting together everyone until we get a critical mass that the social project works. But there is another more useful way too. Many coding projects suffer from a lack of infrastructure for their community operations, not just a lack of know-how. So we’d also start providing the-best-we-know-how pieces of community infrastructure such as mailing lists, forums, chat servers and social media mechanisms. The idea would be to share a lot of the technical burdens and let smaller projects have all the things they need to run a fun, inclusive and accessible community.

This project would of course ask other organisations to dismantle some of their existing structure. We’d have to gain trust and try and close down duplication as much as creating new spaces. This is after all about standardisation of social and community tools and practices and like the xkcd comic states, making new generic standards often leads to more standards. So making our infrastructure fast, pretty and reliable would also be important goals.

So, given that I’ve just rambled on about a passionate but off the top of my head idea (thanks for reading it!), what do you think? Please do comment below, comment in the social media link you might have used or you can email me at doctormo áŧ gmail.com with your thoughts. I really do want to hear from people as this idea could be important to the whole Free and Open Source Software universe.

Science bootstrap glyph icons

I’m starting a new repository on GitHub which will be an svg based set of scientific icons.

This is just the start of making some free to use (CC-BY-SA 4.0), science based icons that will be compiled into a web font (ttf, oeff, svg etc) and provide a css file to easy drop in placement into many websites in the science fields.

A lot of the icons are meant as inaccurate depictions. The goal is to convey the general idea behind the button or status without having to have every proton in the right place.

If you’d like to help, there are instructions on the github page for contributions.

GPG with Confirmation

I got tired of Evolution email client giving me those horrid error messages when ever I try to email someone who’s key isn’t in my current list of keys.

The design of this is appallingly bad. It discourages the use of GPG rather than encouraging the importing of keys and it makes no mention of helping you acquire keys if possible. It also allows for no additional or optional footer to explain to the recipient that their message couldn’t be encrypted because they don’t use GPG.

While I couldn’t do much about the later, without hacking on the evolution codebase directly. I did do a bit of hacking on the former with a gpg middlware. Yes, when I say hack, I mean HACK. A dangerous and potentially devastating way of wrapping the gpg binary with my own python script that could intercept the evolution call and do work to search, display and add keys to encourage the use of encryption overall.

The design was simple. When we are asked to encrypt for a person who we don’t have the keys for, we do a search. The results are shown in a GUI to the user and they can select a key to use. This then is added to the key ring and used to encrypt the email.

This setup allows for experimentation with user prompting and workflow. It’s not something I would recommend be installed on user’s computers. But for designers and developers, this sort of match-stick making is a valuable platform to build, try, test and rebuild quickly.

I use zenity for the user interface. This is a Gtk command line tool that lets you launch a window from the command line and the interface is good enough to support photos in lists and returning which item was selected. Very cool.

Bellow you will find the script I created for this hack, this is saved to /usr/bin/gpg and gpg is moved to gpg.orig:

#!/usr/bin/python
#
# Wrap the gpg command to provide evolution with a bit of extra functionality
# This is certainly a hack and you should feel very bad about using it.
#
# Public Domain, Authored by Martin Owens  2016
#
import os
import sys
import atexit

from collections import defaultdict
from subprocess import Popen, PIPE, call
from tempfile import mkdtemp, mktemp
from datetime import date
from shutil import rmtree

to_date = lambda d: date(*[int(p) for p in d.split('-')])


class GPG(object):
    keyserver = 'hkp://pgp.mit.edu'
    remote_commands = ['--search-keys', '--recv-keys']

    def __init__(self, cmd='/usr/bin/gpg', local=False):
        self.command = cmd
        self.photos = []
        self.local = local
        self.homedir = mkdtemp() if local else None
        atexit.register(self.at_exit)

    def at_exit(self):
        """Remove any temporary files and cleanup"""
        # Clean up any used local home directory (only if it's local)
        if self.local and self.homedir and os.path.isdir(self.homedir):
            rmtree(self.homedir)

        # Clean up any downloaded photo-ids
        for photo in self.photos:
            if os.path.isfile(photo):
                os.unlink(photo)
            try:
                os.rmdir(os.path.dirname(photo))
            except OSError:
                pass

    def __call__(self, *args):
        """Call gpg command for result"""
        # Add key server if required
        if any([cmd in args for cmd in self.remote_commands]):
            args = ('--keyserver', self.keyserver) + args
        if self.homedir:
            args = ('--homedir', self.homedir) + args

        command = Popen([self.command, '--batch'] + list(args), stdout=PIPE)
        (out, err) = command.communicate()
        self.status = command.returncode
        return out

    def list_keys(self, *keys, **options):
        """Returns a list of keys (with photos if needed)"""
        with_photos = options.get('photos', False)
        args = ()
        if with_photos:
            args += ('--list-options', 'show-photos',
                     '--photo-viewer', 'echo PHOTO:%I')
        out = self(*(args + ('--list-keys',) + keys))

        # Processing the output with this parser
        units = []
        current = defaultdict(list)
        for line in out.split('\n'):
            if not line.strip():
                # We should always output entries if they have a uid and key
                if current and 'uid' in current and 'key' in current:
                    # But ignore revoked keys if revoked option is True
                    if not (current.get('revoked', False) and options.get('revoked', False)):
                        units.append(dict(current))

                current = defaultdict(list)

            elif line.startswith('PHOTO:'):
                current['photo'] = line.split(':', 1)[-1]
                self.photos.append(current['photo'])
            elif ' of size ' in line:
                continue
            elif '   ' in line:
                (kind, line) = line.split('   ', 1)
                if kind == 'pub':
                    current['expires'] = False
                    current['revoked'] = False

                    if '[' in line:
                        (line, mod) = line.strip().split('[', 1)
                        (mod, _) = mod.split(']', 1)
                        if ': ' in mod:
                            (mod, edited) = mod.split(': ', 1)
                            current[mod] = to_date(edited)

                    (key, created) = line.split(' ', 1)
                    current['created'] = to_date(created)
                    (current['bits'], current['key']) = key.split('/', 1)
                elif kind in ('uid', 'sub'):
                    current[kind].append(line.strip())
                else:
                    current[kind] = line.strip()

        return units

    @property
    def default_photo(self):
        if not hasattr(self, '_photo'):
            self._photo = mktemp('.svg')
            with open(self._photo, 'w') as fhl:
                fhl.write("""
  
""")
            self.photos.append(self._photo)
        return self._photo

    def recieve_keys(self, *keys, **options):
        """Present the opotunity to add the key to the user:
         
        Returns
          - True if the key was already or is now imported.
          - False if keys were available but the user canceled.
          - None if no keys were found within the search.

        """
        keys = self.search_keys(*keys)
        if not keys:
            return None # User doesn't have GPG

        # Always use a temporary gpg home to review keys
        gpg = GPG(cmd=self.command, local=True) if not self.local else self

        # B. Import each of the keys
        gpg('--recv-keys', *zip(*keys)[0])

        # C. List keys (with photo options)
        choices = []
        for key in gpg.list_keys(photos=True):
            choices.append(key.get('photo', self.default_photo))
            choices.append('\n'.join(key['uid']))
            choices.append(key['key'])
            choices.append(str(key['expires']))

        if len(choices) / 4 == 1:
            title = "Can I use this GPG key to encrypt for this user?"
        else:
            title = "Please select the GPG key to use for encryption"

        # Show using gtk zenity (easier than gtk3 directly)
        p = Popen(['zenity',
            '--width', '900', '--height', '700', '--title', title,
            '--list', '--imagelist', '--print-column', '3',
              '--column', 'Photo ID',
              '--column', 'ID',
              '--column', 'Key',
              '--column', 'Expires',
            ] + choices, stdout=PIPE, stderr=PIPE)

        # Returncode is generated after communicate!
        key = p.communicate()[0].strip()

        # Select the default first key if one choice.
        # (person pressed ok without looking)
        if not key and len(choices) == 4:
            key = choices[2]

        if p.returncode != 0:
            # Cancel was pressed
            return False

        # E. Import the selected key
        self('--recv-keys', key)
        return self.status == 0

    def is_key_available(self, search):
        """Return False if the email is not found in the local key list"""
        self('--list-keys', search)
        if self.status == 2: # Keys not found
            return False
        # We return true, even if gpg returned some other kind of error
        # Because this prevents us running more commands to a broken gpg
        return True

    def search_keys(self, *keys):
        """Returns a list of (key_id, info) tuples from a search"""
        out = self('--search-keys', *keys)
        found = []
        prev = []
        for line in out.split("\n"):
            if line.startswith('gpg:'):
                continue
            if 'created:' in line:
                key_id = line.split('key ')[-1].split(',')[0]
                if '(revoked)' not in line:
                    found.append((key_id, prev))
                prev = []
            else:
                prev.append(line)
        return found


if __name__ == '__main__':
    cmd = sys.argv[0] + '.orig'
    if not os.path.isfile(cmd):
        sys.stderr.write("Can't find pass-through command '%s'\n" % args[0])
        sys.exit(-13)

    args = [cmd] + sys.argv[1:]
    # Check to see if call is from an application
    if 'GIO_LAUNCHED_DESKTOP_FILE' in os.environ:
        # We use our moved gpg command file
        gpg = GPG(cmd=cmd)
        # Check if we've got a missing key during an encryption, we get the
        # very next argument after a -r or -R argument (which should be
        # the email address)
        for recipient in [args[i+1] for (i, v) in enumerate(args) if v in ('-r', '-R')]:
            # Only check email addresses
            if '@' in recipient:
                if not gpg.is_key_available(recipient):
                    if gpg.recieve_keys(recipient) is None:
                        pass
                        # We can add a footer to the message here explaining GPG
                        # We can't do this, evolution will wrap it all up in a
                        # message structure.
                        #msg = sys.stdin.read()
                        #if msg:
                        #    msg += GPG_TRIED_FOOTER
                        #sys.stdout.write(msg)
                        #sys.exit(0)

    # We call and do not PIPE anything (pass-through)
    try:
        sys.exit(call(args))
    except KeyboardInterrupt:
        sys.exit(-14)

Sincerity of the Pin

This last two weeks I’ve been wearing a safety pin. It’s a small symbol of my personal commitment to support and interfere with public displays of hatred and intolerance.

In the last week there’s been backlash. Some calling it white guilt, others calling it a twitter action and many being critical of the sincerity of people who want to show that they will do something.

The first criticism that this symbol is a matter of white guilt is completely daft. Firstly because it’s a symbol I’ve seen non-white people wearing and also because I’m not guilty that I’ve had privilege thrust at me, I’m angry about it. I know what it’s like to be on the opposite end of that particular stick and moving between my home town in the English north to the USA has turned the way people see me around. From being an uneducated criminal class waste of space to being a quaint English, articulate, sensible Beatles accented gentleman in the space of a six hour flight.

If anything, I would stand up for the working class of any colour or creed. It’s a built in part of me and it will probably get me into trouble. There might be people out there who will wear it as fashion, or guilt, but I see no value in doubting the sincerity of people. And that’s realyl what the backlash is, a disrespectful doubt that the motives or the carry through will not live up to the symbol.

That leads me to that second point. That this is a Twitter action. That is, a re-share of an idea with no substantive action backing it up.

No.

This is something which will remind me to do something, if that means putting myself in danger, calling the police or just comforting the victim. I have made a vow to myself to be that voice if called upon. I know I live in a liberal city where I will not be called upon often, and that habitation does make it less useful. But there is racism here, there is misogyny here. It’s always been in Boston and I’ll always disprove of it.

But now, if it manifests in public, I’ll have to do something about it.

Inkscape Contest and Spreadshirt

For the past few weeks we’ve been running a contest to pick the next about screen. It’s a regular contest that we run and this one is special for me because it’s the first time we’ve managed to run the contest on inkscape.org instead of the deviantArt page. Because of this, we’ve had really good response this time around and the voting process is now ongoing:

https://inkscape.org/en/gallery/=about-screen-contest/contest-for-092+0/

The other good news is that the Free Software Conservancy has set up a spreadshirts account for inkscape, so the plan is to try and produce some physical goods. At first we’ll just inkscape logo items, but we’ll try and move to getting other items too. Maybe even incorporating artworks. Although that’ll bring up a good discussion we’ll have to have with the artists to make sure they’re happy with the idea, even if they’ve licensed things under CC.

https://shop.spreadshirt.com/inkscape-shop/

2016 Sucked

This year was the focal of manure. We have no idea what the future will hold, but the probability for happiness and a quiet life is diminished.

Good luck everyone.