Self Hosting

I was an early adopter on Pinterest. I liked the service myself, not because I was looking for more social media, but because it allows me to aggregate links and sort them visually. I’m one of those people who navigate by landmarks, so having a visual cue reminds me which link goes to which article.

The problem is that the owners of Pinterest have been working to “improve” the site, often making it harder to use. Primarily adding more bells and whistles — that use more of my computers resources (internal memory). This makes it virtually impossible to use on my little underpowered netbook. (I can only have about 3 browser tabs open before it locks up.) So I usually do research on my big and powerful desktop computer, and the aggregate the links in Pinterest. I have an extensive link library I began to compile there during last years NaNoWriMo when I began my historical novel.

The problem is, Pinterest has recently crippled the service to anyone not signed in. This means I can’t just look at the site to find the link to the material I need, I have to sign in — and use more memory than I can afford — to access this. This is a huge problem for my own use of my own “pins.” But as someone who wants to share links to my own content, this means only people willing to sign in to Pinterest will be able to access my content.  That’s a problem.  I won’t be sharing Pinterest links anymore.

People concerned about personal privacy call that a registration wall. That’s a big part of why I stopped using Smashwords. I couldn’t use it for the purpose many authors use it — to give out free copies of ebooks — but if people have to pay Smashwords in personal information, the eBooks are not free at all. (Now I email review copies of ePubs, or people can anonymously download from TUEBL.)

And of course, there is Imgfave, another service that allows me to do much the same thing– without needing to be signed in to access my own (or anyone else’s) content.  So that will do.

Who’s The Boss?

When we use someone else’s website, they get to make the rules, and we have to follow them. They can change how the site works, or what users are allowed to do, whenever they like. If we don’t like it, all we can really do is leave. (See: MySpace)

Pinterest is not alone in retaining control over how it chooses to allow us to use its website. The same is true of every other website that “generously” allows users to aggregate content or create content for its own greater glory (and profit). All we have to do is pay them in personal information and trust the faceless people making decisions not to change it to make it unusable for us.

Off the top of my head (but by no means an exhaustive list) web platforms that control your data can includes: Twitter, Facebook, G+, Pinterest, Imgfave, Instagram, dropbox, ScribD, NaNoWriMo, LibraryThing, GoodReads, MySpace, LinkedIn, DeviantArt, Imgur, Flickr, YouTube, Livestream, Wattpad, blogspot, WordPress.com, Tumblr, Livejournal etc.

DIY

whatsinsideIf you want to control your own data, you need to host it yourself. And that certainly will sound like a scary proposition. But is it any scarier that ripping up that carpet and replacing it with the tiles you want instead? We have no qualms about Do-It-Yourself projects in the physical world, it is not so much different in a digital world. Probably the biggest difference is that there are sure to be many more how-to videos on You-Tube for doing digital DIY. You can very often talk to actual people who made the software you need online via Twitter or through email. (Ever tried to ask Facebook a question?)

blogging

I know WordPress software is licensed to share, so you can download it to your own computer and host your own blog yourself, on your own computer. It is so easy lots of small businesses do this. WordPress even allows you to port your blog hosted on its free site to your own computer any time you like.

(Which is a great way to make backups… not because I don’t trust WordPress to do so, but because like any corporate service provider, it may be compelled to remove some or all of your content on receipt of a DMCA notice (a legal process that merely requires an accusation of copyright infringement… no proof needed). If your original work is taken down in this way, you will need to prove yourself innocent and then upload your content again. Backups are always a good idea because digital data is fragile. I am not certain but I think you can host your own Tumblr as well.

social media

If you are more interested in social media than blogging, there are a growing number of self hosting alternatives out there. If you like Facebook you might want to look at Friendica or Diaspora, if you like Twitter, you can host your own GNUsocial or StatusNet instance in the Fediverse.  If you just want to be free of Twitter censorship, you can sign up for an account hosted by individual people, and there are a couple of big co-ops like Quitter and Gnusocial.de.

private browsing

I don’t know about you, but I don’t actually trust Google’s “private” browser to be private. And of course if you want more freedom from being tracked, you might want to use Duckduckgo or StartPage or Ixquick to do your web searches…

The only way to be private online is by using encryption (and even then you need to follow best practices). LONG passwords are more secure than a clever one that is difficult to type or remember.)

If you want to be secure, for email use PGP (stands for “Pretty Good Privacy”) the best (free) software; and for everything else, use TOR (TOR project). Great resources can be found at KW Crypto

And of course, you have the same problems if you use software that you don’t actually own… so Free Software is the way to go.

 

[Note: normally I would link everything but I simply don’t have time just now.  Maybe later.]

Why I Can’t See The Facebook Attachment You Shared

Sometimes I find such annoying messages in my Facebook feed:

This Attachment may have been removed, or the person who shared it  may not have  permission to share it with you.

When this happens, I usually send a direct message to the person who posted it, because I assume that if they shared it with me, they actually want me to see it– whatever “it” might be. Maybe it’s just another cute cat picture, but you never know if it might be the cure for cancer.

Sometimes when I go to re-share something someone else shared, I get a message warning me some of my readers might not see it… because the person who posted its privacy settings might exclude my Facebook friends or group mates. Maybe their privacy settings only allows their friends — amd not friends of friends — to see what they post. Or maybe it was initially posted to a closed group. Whatever the reason might be, I just don’t share it. Having such non=posts in a timeline does neither of us any good.

If the post originated with you, probably your privacy settings exclude me from seeing your attachment.

After I tell the person who posted it, if neither of us can see it, it probably means somebody complained about it… (maybe it was a breastfeeding image) and FB agreed your post violated community standards AND censored it, or someone made a copyright claim and DMCAed it.

Possibly the most annoying thing is that Facebook drops these messages we can’t see in our timelines. When you realize FB only shares some of what our FB friends post in our timelines, it seems ridiculous that these locked down messages always appear. But there is good reason for that: Facebook wants us to complain to our friends so they will make their privacy settings more open.


Oddly enough, I agree with FB that we should have wide open privacy settings on Facebook, because when we do, it’s easier to remember that nothing posted on Facebook is private.

That’s Facebook for you.

Permission or Free Culture?

Creative Commons logoDisclaimers like “this video is not owned” and that “no copyright infringement is intended” have zero legal validity.  It used to be that copyright was only enforced against commercial copyright infringement.  But we’re living in copyright crazy times.

In most of the world, any video (music, painting, movie, story poem etc.) that is created is automatically locked into copyright by the videographer/maker.

The reason Lawrence Lessig calls ours “permission culture” is because when you copy ANYTHING under such copyright law without getting permission from the copyright holder (who may not be the creator) you are committing copyright infringement.    copyright jail ~ by question copyright

Copyright infringement used to be a purely civil matter, but as it is “strengthened,” not only is it becoming harder to tell what is infringement, it is becoming criminalized, which means anyone– from school kids to grandparents — needs to be aware of this in self defence.

Since everything starts out copyrighted, sharing it is copyright infringement, which is illegal most places–  unless it is in the public domain or it is licensed to share with a free culture license like Creative Commons.

If you want people to share your story, poem, song, picture, video etc. here is the Creative Commons tool to select the license *you* want.


The Question Copyright “Copyright Jail” is by Nina Paley
 

HeartBleed and Passwords

Heartbleed is a security breach that compromises passwords. Now is the time to change passwords.

--Bob Jonkman

Bleeding HeartsMy favourite spring flowers are called “bleeding hearts,” but this spring the online world is reeling with the discovery of something completely different — an Internet problem that’s been named “Heartbleed.

This is is not a computer virus, it is a mistake someone made in the SSL software code.  When such a mistake is made in a novel it would be called a typo, but on the Internet, Heartbleed is a serious security flaw.

For years watchdog organizations like the EFF (Electronic Frontier Foundation) have been advocating the adoption of internet security feature called SSL/TLS encryption.

Secure Sockets Layer (SSL), more properly called Transport Layer Security (TLS), has become the default approach for protecting sensitive data flowing over the Internet. SSL uses encryption to provide data confidentiality for connections between users and websites and the web-based services they provide. The vast majority of sensitive web traffic, such as user login screens, e-commerce checkout pages, and online banking, is encrypted using SSL.

Thales e-Security: SSL/TLS Encryption

Over time more and more websites have adopted this security measure as a way to make the Internet a safer place for you and me. That’s why something like three quarters of the Internet uses SSL/TLS encryption today.  This is a good thing.

What is Heartbleed?

The security vulnerability known as Heartbleed is a programming error in the SSL code, and it’s a bad thing because it has made every site that uses SSL vulnerable.  Although we are only hearing about it now, it has existed since 2011 or 2012.

I first heard about it on Wednesday, April 9th, 2014.  Today (April 11th) the Toronto Star reports the Government of Canada is disabling federal government public websites — at taxtime — in a move to protect users.  I don’t understand why they didn’t do this the moment the Heartbleed story broke.

This vulnerability went undetected for something like five months (and apparently NSA knew, but didn’t bother to mention it to its Five Eyes allies, like, say, The Government of Canada, because NSA was too busy exploiting the vulnerability for its own purposes.)

Heartbleed vs Websites

A real world comparison might be that using SSL is like a having double lock deadbolts on the door, and “Heartbleed” is what happens when you forget to lock the back door.  Ordinary people can’t fix the Heartbleed problem.  It can only be repaired (or patched)  by the people running SSL websites & servers.

The Internet giants (Facebook, Twitter, Google etc.) were warned first, so they fixed the problem before the vulnerability was announced publicly.  Most of them are trying to allay the fears the media has been whipping up about this all week.

But the Internet is also crowded with many smaller sites that smaller organizations and even ordinary people host themselves.   The EFF has kindly explained how our SysAdmins can effect the Heartbleed fix:

The Bleeding Hearts Club: Heartbleed Recovery for System Administrators

Correcting the code is not an immediate fix, because each SSL secure website also must have its Security Certificate updated, which will take time with so many websites doing this.

Heartbleed vs People

For you and me, the biggest problem is that our passwords may be compromised.

This is such a big glitch, most of us won’t be attacked today.  Our passwords probably won’t be used to crack our accounts right now because so much of the web is affected.

But we can no longer trust that our passwords are secure.

A Better Analogy

The Apartment Analogy

If the superintendent of an apartment building replaces flimsy locks on the doors of all the rental units with good strong deadbolts, it makes it harder for bad guys to break in.

If someone secretly copies the master key, they can break into apartments.

When clever crooks use the duplicate master key to break into apartments, they are very careful in what they steal.  So long as the thefts aren’t noticed, the thieves  can keep coming back for more.

No one can tell there is a problem until something is discovered to be missing..

The only defense that the tenants have is to change the locks on the door.

Heartbleed

If a website or email platform adopts SSL/TLS security, the website security becomes much more powerful, because it adds encryption which prevents most security breaches.

A bad guy exploits Heartbleed by using it to download passwords etc.

When Internet criminals exploit the Heartbleed error, their intrusion is invisible. There is no way to see how much security information has been downloded, or whose security has been breached.

No one can actually tell who or what is at risk until there is an actual attack.

The only defense that the users have is to change the passwords on their data.

 

 

 



Like the NSA, black hat hackers (or crackers) may have already filled databases of passwords they’ve found the Heartbleed system. .   Even if the  System Administrator has fixed the Heartbleed problem for their website, it doesn’t change the fact that any bad guy who cracked the website before the fix still has your password.  Or passwords.

If three quarters of the people in Toronto left their doors unlocked, only some of those homes would be broken into right away.  Because so much of the Internet has been at risk, they might not get you today, but they might tomorrow, or next week.

HTTPS WEBSITES ARE VULNERABLE

You can tell a website uses SSL by looking at the URL (or the website address).  SSL website URLs don’t start with http:// (like this one).  SSL URLs all begin with https://.  You used to be able to tell with a glance at your browser bar, but today’s fashion is to hide this part of the URL in the browser bar.   Some browsers show you are at an SSL site  with a padlock symbol, others display SSL URLs in different coloured text, but if you aren’t sure, you should be able to see which it is by cutting and pasting the URL it into whatever text editor you use.

Not all HTTPS websites were vulnerable to Heartbleed because there are different versions and configurations, but there is no easy way for you and I to tell which SSL sites were vulnerable.

As well as SSL websites, any secure site where you use passwords — email, instant messengers or IRC services may have been compromised.

Nobody Knows For Sure

Google, Amazon, Facebook and Paypal claim their customers are not at risk because they have fixed any Heartbleed problems they had.

But because the Heartbleed vulnerability is invisible,  until someone actually breaks into our accounts, we can’t even tell if they have been compromised.  Even if the Internet giants have fixed their problems, the only way we users can be sure we are safe is by changing our passwords.

Someone has put together a Heartbleed Test so we can discover which SSL sites we use are vulnerable or fixed.  Once we know the website is no longer vulnerable to Heartbleed, we can only be sure of our security after our password is changed.

Tumblr just told me to change my password, which means Tumbler has fixed their Heartbleed problem, and wants to be sure its users accounts are secure.  Bravo.

I am in the process of typing the URLs of sites where I have passwords (Facebook, Twitter etc.) into the Heartbleed Test to find out they are secure before I change my passwords.

Heartbleed isn’t a threat to websites like  Pinterest (http://www.pinterest.com/)techDITZ (http://techditz.russwurm.org/blogs/) or deviantART (http://www.deviantart.com/) that have not yet made the transition to HTTPS

Password No-Nos

  • Never use the same password more than once.
  • Never use passwords like “Password” or “1234”
  • Never use your mother’s maiden name, the name of a loved one, or a birthday… especially these days when all of our personal data is being harvested by corporations and governments alike. If your parent, partner, child, co-worker, next door neighbor or best friend can guess your password, it isn’t secure.

Good Password Practices

I have plenty of passwords, so I keep them filed in a safe place on my desktop computer. But I learned the importance of having a backup copy somewhere else this past summer when I had a major disk failure and I lost something like a terabyte of data — mostly photos —and my password list!

The only time you have to change your password is when:

  1. it has been breached (or when there is a good probability it has been breached
  2. when the website owner tells you you must. or
  3. when you’ve foolishly shared you password with someone you shouldn’t have.

Bob Jonkman, one of the computer security experts I know, recommends using a password manager, such as KeyPassX. But if you don’t he says:

  • Use a different password on every site or application for which you need a password. That way if one site is compromised it doesn’t affect every other site. Of course, Heartbleed affects every [https] site, so that’s not always true.
  • Make it long. Long passwords are good passwords. 20 characters is good. 16 is probably adequate. 10 is marginal.
  • Choose a phrase that is easy to remember, but difficult to guess. As an example, something like “Itookthebustoworkthismorning” — it’s sufficiently long, easy to type, easy to remember.
  • Don’t bother with $p3c14l characters or numbers; the bad guys have software that makes those substitutions too. Special characters make the password difficult to type and difficult to remember. If you need to type slowly because of special characters then it’s easy for a bad guy to shoulder-surf and see what you’re typing. According to KeepassX the passphrase “Itookthebustoworkthismorning” has 28 characters for 224 bits of entropy; on the other hand, passwords with 28 random characters with upper-case, lower-case, numbers and special characters (created by KeepassX’s password generator) have only 182 bits of entropy.
  • If the site does not offer a password reset option then write down your password, and keep it where you keep your money. If the passphrase is protecting $10 worth of data then keep it in your wallet; if the passphrase is protecting $10,000 worth of data then keep it in a safe. Don’t forget to write down the site or application name, the user ID, and any other credentials you need.

— Bob Jonkman, [kwlug-disc] Heartbleed affected sites

Although Heartbleed is a problem, it is being resolved all over the Internet… all over the world… as you read this.

And SSL encryption is still a good idea, just as house keys are, because personal security is important.   And privacy matters.

XKCD: HeartbleedCredits:

XKCD “Heartbleed” by Randall Munroe is released under a Creative Commons Attribution-NonCommercial 2.5 License.

Happy GNU Year

[simulpublished across all my blogs]

Happy GNU Year Card


This virtual card is the best gift I can give my readers and online friends this holiday season. Not just because its the best and most awesome Happy GNU Year card you’re likely to find online, but because I created it entirely using free culture and free software.

The Free Software Foundation‘s GNU operating system led to the adoption of the gnu as its symbol. Free software is incredibly important for a host of reasons, and yet I very much suspect it wouldn’t exist at all any more but for the efforts of Richard Stallman and the FSF. I highly recommend that you use free software as much as possible, not just because it’s usually free of charge (gratis) but far more importantly, because it respects our personal freedom (libre).

The penguin “Tux” is the mascot of the Linux kernel, is the heart of the free and open source software operating systems we use today. (MacOS and Windows are the non-free software used in personal computing devices (computers, cell phones, tablets, PVRs &tc.)

Creative Commons Attribution-Sharealike 3.0 Unported (CC BY 3.0)) LicenseIf you click on the card, you’ll find a higher definition version suitable for printing. And you are allowed to print it, because this card carries a free culture license, specifically a Creative Commons Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) License This license gives you the freedom to use this creative work in any way you like, even commercially, with only 2 restrictions.

  1. The “Attribution” restriction means you must credit the creator(s) as specified.
  2. Second, whether printing it out and selling physical copies, mailing it to you your friends, or modifying it to create something completely different, it must carry the Creative Commons Attribution-Sharealike License, or a similar license that requires attribution perpetuation of the license terms.

Attribution is simply giving credit where credit is due. I try to provide attribution for everything I use, even work in the public domain. The “share-alike” part of the license exists to prevent creative works from being removed from free culture and locked behind copyright.

Below you can see the steps that led to this card. Click on any of the images below for a larger/printable version.

Happy GNU year Green draft

The green one is my first try, which I like a lot. It could make a good poster, but it’s too difficult to see and read in small formats because it’s too cluttered.

free software wallpaper

Next is the “wallpaper” background I devised. I modified the Powered by GNU-Linux sticker set originally created by deviantdark and published on deviantArt under a Creative Commons Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) License. There are many free software operating systems not included, so I added Trisquel and centOS when I made up the wallpaper background. You can download the printable sticker sets from the deviantART Powered by GNU-Linux page and make your own sticker for your computer.

Happy GNU year stencil Red

The last red and white image is the first draft of the red card. I loved the simplicity of Rasmus Olsen‘s gnu meets penguin titled GNU/Linux licensed Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) that I found on Flickr. I altered the image by bringing the penguin close enough to touch noses with the gnu, and stood them both on the lettering. In the final version, I changed the lettering because it was hard to read when the wallpaper was added.

CORRECTION: Rui Damas is the originator of the GNU/Linux artwork I reused, and it was actually released under the GNU Public License. I’m not entirely sure what that does to my licensed usage. [Thanks to Mike Linksvayer for pointing that out!]

Free Software & Free Culture

It’s no harder to learn to use free software than it is to learn to use a windows computer or a Mac. Many Apple and Windows users are already using free software with Firefox or OpenOffice (I prefer LibreOffice). The coolest and best ebook conversion software is called Calibre (it comes with a good e-reader so you can read eBooks on your computer). And of course my favorite blogging software, WordPress is free software. Wikipedia runs on free wiki software (which is why there are wikis popping up all over) and if you’re into video production, you could so worse than the amazing Blender 3D animation software or Kdenlive for video editing. You can use social networking with GNUsocial and Friendica. If you do switch to free software, the biggest difference you’ll notice is that you don’t have to pay for things again and again and again. Other advantages include better security and a much lower incidence of spyware and other malware.

It was difficult for me to unlearn Photoshop so I can learn to use GIMP, but I keep trying. I still look for a lot of the features where they would be in photoshop, but its getting easier. I have yet to find anything Photoshop can do that can’t be done in GIMP; the challenge is finding out how to do it. That’s why I’m so pleased I made this card entirely with GNU Image Manipulation Program (GIMP) on my computer, which is currently runs on Linux Mint in a MATE desktop environment that has the Ubuntu Studio plug-in.

As the copyright maximalists successfully lobby to lock up more and more of our culture for longer and longer terms, the importance of free culture has become more apparent. Sites like the Flickr photosharing site and deviantArt make it easy for users to give their work Creative Commons licenses, so they are often the easiest places to find images licensed to share.

All versions of my GNU year card are licensed Creative Commons Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) License. If you’re interested in finding out what free culture is out there, I’ve been growing a list of Free Culture resources. And if you have some spare cash left over from last year, please consider making a donation to the two non-profit organizations that have been instrumental in ensuring the continued existence of free software and free culture:

The Free Software Foundation and Creative Commons.

And have a Happy GNU Year!

My Open Letter to Sir Tim Berners-Lee and the World Wide Web Consortium

connectivity (cc by laurelruswurm)

Dear Sir Tim Berners-Lee and the World Wide Web Consortium:

Re: Keep DRM out of Web standards — Reject the Encrypted Media Extensions (EME) proposal

As a middle aged mother, I’ve been learning (and sharing what I’ve learned) about net neutrality, the importance of free software, free culture, nd an open Internet, ever since I began hand coding my own HTML web pages and participating on the Internet in 2009. As a creator from a creative family, as well as publishing my own content online, I run a blog for my eighty three year old father. I have come to consider myself a netizen.

One reason DRM is dangerous is that it can hide all manner of spyware and malware from users. Another is that most people don’t even know what it is, or if they do, how to recognize it. While governments have allowed large corporations and media conglomerates to cripple digital products with DRM, there is no requirement anywhere in the world to to inform customers or computer users of such application.

I have avoided DRM wherever possible, but even with the absurd extension of copyright laws, I have been certain that free culture will win out eventually. But that confidence presupposes a free market.

In Canada where I live, our new Copyright Act makes it illegal to circumvent DRM for any reason at all, even if the the circumvention is allowed under our “fair dealing” exemptions, or if the DRM is applied inappropriately. I consider the application of DRM to freely licensed or public domain creative works to be inappropriate.

This is a huge concern for me, both as a cultural consumer and as a self publishing author. Existing copyright law has prevented me from even seeing the finished production of one of my own works.

Independent creators and Internet users are already at a huge disadvantage, because the large media special interests have the wherewithal to successfully lobby governments around the world into maximizing copyright laws and the attendant copyright monopoly to their own great benefit, at our expense.

These large and powerful special interest groups have long had a seat at the W3C table. But where is there representation for Internet users?

Most of the public does not even know W3C exists, let alone how to comment on an issue such as this. Although I am passionately interested in the subject, until I read Harry Halpin’s Guardian article last week, I had no idea there was any way for Internet users or creators to express our dismay beyond signing the Defective By Design’s “Keep DRM out of Web standards — Reject the Encrypted Media Extensions (EME) proposal” Petition. But Mr. Halpin pretty much implies that petition wasn’t enough.

Although Canada has been a world leader in Internet adoption, most Canadians are still not online. For most of those who are, participation on Facebook signifies the height of technical prowess. Certainly most Canadians haven’t even heard of the Guardian, and so will not have even read the article.

Mr. Halpin essentially gave me the weekend to get the word out. This weekend Identi.ca, the social network of choice for a great many people who are aware of these issues, is undergoing a massive migration from a backend of StatusNet to pump.io software. Many users like myself have been consumed in setting up our own federated status net instances. As well, those of us with privacy concerns have been caught up in the NSA Prism news story. For myself, I’ve had two major family happenings this weekend in addition to those online issues.

Maybe a few people who understand the issue will have read the blog post I wrote, but a weekend is not much time. Especially considering that the special interests that want DRM written into the Web Standard have been at the table for so very much longer.

Until the W3C holds a widely publicized meaningful consultation process, that Free Software Petition must be given at least as much weight as the opinions of any other group of stakeholders. Perhaps more, since the inclusion of DRM in the standard panders to the direct benefit of a specific special interest lobby group. Internet Users are easily the largest group of stakeholders, and our exclusion from the process means that the W3C must look out for the public good.

Keeping even a whiff of DRM out of the Web Standard will not harm the corporate special interests who lobby so effectively for it. They can just continue on as they have been, locking their own content behind DRM. Allowing the DRM toehold EME provides will lead to DRM becoming the default.

DRM exists to break interoperability. If DRM is allowed into the W3C Standard, it will become the W3C Standard. If W3C supports this, it will sacrifice the free and open Internet, not just for us, but for generations to come.

Please don’t do this.

Regards,
Laurel L. Russwurm

inappropriate

There is a huge uproar going on in the tech community just now.

Email delivery company SendGrid has fired developer evangelist Adria Richards after she tweeted her annoyance at sexual jokes made by developers during the Pycon conference. One of the joking developers was also fired.

Some men are vociferously defending their right to free speech.

But Adria Richards didn’t suppress their free speech, she replied with free speech of her own. If you’re going to make the Free Speech defense, you have to grant her the right to free speech. Otherwise its a double standard.

Others complain she was eavesdropping. But if the gentlemen were speaking loud enough for her to hear them in a public place, that doesn’t exactly fly.

Some women are absolving the men, and bashing Adria Richards, who they think is making it worse. For them. But turning a blind eye to sexism or racism may give an illusion of safety, but it helps entrench the inequity of the “gentleman’s agreement” that allows it to persist.

The ensuing storm of insult, acrimony and threats simply proves to illustrate the point:

lewd jokes have NO place at a PROFESSIONAL tech conference.

what was so wrong?

Two men were sitting in the second row of a professional conference, making jokes during a presentation. They were clearly speaking loudly enough for people in the front row to hear their commentary during the presentation. [Although the intention of the comments has been defended, it has been acknowledged that the comments reported were actually made.]

Putting the gender issue aside, making jokes during a presentation is disrespectful to the presenter and the audience around you. Most people attend such presentations because they want to hear the presentation, not the class clown heckling in the audience. Running commentary may be fine in your livingroom, but not a movie theatre or conference because it interferes with the presentation.

The behaviour itself is inappropriate, unprofessional and juvenile.

Some people think she should have confronted them then and there. But this was happening during a presentation. Had she asked them to stop, would they? Or would it “make a scene” and disrupt the presentation even further?

It is also very clear that women in tech are very much in the minority. It can be physically dangerous to speak out when you are physically surrounded. The fact that Adria Richards has subsequently received physical threats against her person indicates this was in no way an unreasonable concern.

There is no doubt Adria Richards was particularly disturbed by the sexual nature of the conversation behind her. She felt attacked, so she struck back in self defense. It would have seemed a reasonable course of action to photograph the culprits and publicly shame them on Twitter.

two wrongs

Yet it appears that the men intended no offense.

The thing is, that doesn’t matter. Because Adria Richards felt victimized. When people feel attacked, it’s human nature to defend ourselves. She struck back with the tools at hand. Even if she may have over-reacted.

Very often people accustomed to being bullied become more sensitive. A word or action can feel like an attack even if that isn’t how it’s meant. Humans may misinterpret the situation, but it doesn’t make our feelings less real. She was right to stand up for herself.

What I do have a problem with is that Adria Richards published identifiable photographs of people on the Internet without their permission. Even if they are in a public place, it seems to me to be an invasion of privacy. Which is why I think her response was in the wrong.

I made a similar argument some time ago about the Reddit creepshots issue. Reading mr. hank’s apology, it is easy to see that he, too, feels victimized. Most particularly because she smiled when she took the photograph. That would have made him feel she was laughing at his jokes. Yet smiling is often defensive.

don’t make a right

Still and all, I don’t think either of them should have been fired. This is a conversation we need to have, because there should be more women in technology. Both parties made mistakes. The clever ones learn from our mistakes.

But problems don’t get solved by agression and polarization. Attacking people for speaking up won’t change anything, it just makes it worse. It’s like running into a wall. We don’t need a gender war, we need to stop villifying and start understanding.

Perhaps everyone needs to take a deep breath and read the The Code of Conduct adopted late last year by the Python Software Foundation precisely because attitudes need some adjusting. Because people do need to feel safe. Sexual innuendo can be a way of flirting, or male bonding, but it simply has no place in the workplace.

Even when the workplace is a software convention.

red brick wall

DIY Resources

Raspberry Pi

Free software exists because people create it, and want to share. Why do people create their own software? Quite often, its to “scratch an itch”… if the software you need doesn’t exist, sometimes you have to make it yourself.

One of the cool things is that the free software community is really community. People who know are almost always willing to help people who are just learning.

In my geographic locality of Waterloo Region there is a monthly Ubuntu Hour in both Kitchener and Waterloo. These meetings, held in a local coffee shop or restaurant, help form free software communities, and allowing new free software users to connect with more experienced users.

The local Linux User Group has monthly presentation meetings to explain various software/hardware (I am actually writing this at the Kitchener Waterloo Linux User Group (or KWLUG) meeting where someone from the local KWARTZlab makerspace is showing off a Raspberry Pi computer.)

It’s also possible to find like minded groups throughout the world with the MeetUp web site.

Not everyone is equipped to write their own software.
I myself am nowhere near writing my own software, but I have been learning to fiddle with things so that I can get closer to achieving what I want to achieve. Before being brave enough to even contemplate such a thing, most of us might set up our own Facebook page.

You may have spent some time finding the right blog theme (or template) that most closely sets up your blog so it is laid out the way you want it to be.

When I first started making my first web page, the most amazing tool for me was the online HTMLdog online tutorials, which is still my main resource for XHTML and CSS.

For JavaScript there is something called Code Academy.

If there is software that you want to learn to use, or even just how to do a tiny fix, particularly for open source or free software, chances are there is some online tutorial, perhaps even video tutorials, to show you how.

If you’re on a social network, like Identi.ca, Friendica, Diaspora, Twitter, reddit, or even google+, you can often find the answers you need. Addressing a query to “lazyweb” on Twitter will often turn up the answer you need.

And of course, you can always try typing your question into the search bar of your favourite Search Engine (my favourites are DuckDuckGo and ixQuick

KWLUG meeting