Category Archives: Uncategorized

IoT

We, in the US, are starting to  talk more widely about the dangers posed by Internet of Things (IoT) devices. This is great!

IoT devices are by and large terrible. They’re truly horrendous. They can be nice in a lot of ways — I enjoy controlling the music in the kitchen from my phone — but they normalize the situation where we trade our privacy and data for convenience. This is not just true of obvious surveillance technologies, though it is especially true for them and I want to talk about those.

Most of the conversation I have seen about surveillance IoT — like Ring doorbells and home surveillance devices — is focused on the insecurity of it. Major news outlets covered when a girl was harassed by someone hacking into a Ring camera her parents installed into her bedroom.

Ignoring how creepy it is that her parents decided to install a camera in her bedroom, this story is disturbing because it’s about someone violating the sanctity of what should be a safe space for a family and, moreso, for a child. This is posed as a security issue affecting an individual.

We need to shift the conversation in two ways:

1) No amount of security will make these kind of devices safe;

and

2) This is not just about the individual — these types of surveillance put communities at risk.

I think the latter is the more important point, and something I want to focus on. The conversation should not just be about the security risk of someone breaking into my home surveillance. Instead it should focus on how, for example, surveillance systems are putting your neighbors at risk, especially as these systems are being co-opted by law enforcement and faulty facial recognition tech is being used.

We should talk about how victims of domestic violence and stalking can be monitored and tracked more easily by their abusers.

I believe strongly that the people making decisions, designing, building, and selling these technologies have a responsibility to the people who purchase them as well as those who come in contact with them. I view broadening the conversations beyond the “unhackability” of devices as a necessary next step.

 

 

MollyGive 2019

After much deliberation, I decided to not do MollyGive 2019. This was a bit of a blow, especially after MollyGive 2018 having a lot less reach than previous years. (For MollyGive 2018 I supported a large, matching donation to the Software Freedom Conservancy.)

I’ve spent the past seven months paying helping a friend pay their rent. I’ve paid for groceries, train tickets, meals, coffee, books for people I know and people I don’t. Medications for strangers. I stopped keeping track of the “good” I was doing, and instead just gave when I saw people in need.

This is counter to my past behavior. I’ve been burned a few times when offering funds to people who have a major need in their life — thousands of dollars to help people make major life changes only to have them instead use the money on other things.

I believe pretty strongly that, generally, people in need know what they need and are capable of taking care of it themselves. I don’t think it’s my place to dictate or prescribe. The experience of being burned and my thought about people knowing what they need were at odds.

At the same time, I saw people suffering around me. People who know what they needed .People in positions I’ve been in: food or medication? A winter jacket or rent? I have the resources to take care of those material needs, so I supported them when the opportunity presented itself.

I have a friend who is scheduled to have surgery this spring. They have been given advice on how to fundraise for the surgery. In fact, people facing  the prospect of life saving, crushing debt generating treatments are given lots of information about how to run successful crowd funding campaigns. This is appalling. You should be disgusted by it. You need to be disgusted by it.

Giving to charity helps. Giving to your neighbors helps. However, this is not enough. The sheer level of suffering and injustice in the world, in your country, your neighborhood, your home is sickening and giving ourselves a reprieve by donating to charities will not fix these systemic problems.

All of that being said, I have made donations to non-profits, and will make more. I hope you’ll join me in supporting groups that are doing good, necessary work. I also hope you’ll join me in striving to bring about the big societal changes that will make it so we don’t need so many charities.

My career has been in non-profits, it is my dearest hope to one day be out of a job. In the mean time, I’ll continue to work, and I’ll continue to give in whatever ways I can.

Consent

I was walking down the platform at the train station when I caught eyes with a police officer. Instinctively, I smiled and he smiled back. When I got closer, he said “Excuse me, do you mind if I swipe down your bag?” He gestured to a machine he was holding. “Just a random check.”

The slight tension I’d felt since I first saw him grabbed hold of my spine, shoulders, and jaw. I stood up a little straighter and clenched my teeth down.

“Sure, I guess,” I said uncertainly.

He could hear something in my voice, or read something in my change of posture. “You have to consent in order for me to be allowed to do it.”

Consent. I’d just been writing about consent that morning, before going to catch the train down to New York for Thanksgiving. It set me on edge and made more real what was happening: someone wanted to move into my personal space. There was now a legal interaction happening. “I don’t want to be difficult, but I’d rather you didn’t if you don’t have to.”

“It’s just a random check,” he said. “You don’t have to consent.”

“What happens if I say no?”

“You can’t get on the train,” he gestured to the track with his machine.

“So, my options are to let you search my bag or not go see my family for Thanksgiving?”

“You could take a bus,” he offered.

I thought about how I wanted to say this. Words are powerful and important.

“I consent to this in as much as I must without having any other reasonable option presented to me.”

He looked unconvinced, but swiped down my bag anyway, declared it safe, and sent me off.

Did I really have the right to withhold consent in this situation? Technically, yes. I could have told him no, but I had no other reasonable option.

At the heart of user freedom is the idea that we must be able to consent to the technology we’re directly and indirectly using. It is also important to note that we should not suffer unduly by denying consent.

If I don’t want to interact with a facial recognition system at an airport, I should be able to say no, but I should not be required to give up my seat or risk missing my flight spending exceptional effort as a consequence of refusing to consent. Consenting to something that you don’t want to do should not be incentivized, especially by making you take on extra risk or make extra sacrifices.

In many situations, especially with technology, we are presented with the option to opt out, but that doesn’t just mean opting out of playing a particular game: it can mean choosing whether or not to get a life saving medical implant; not filing your taxes because of government mandated tax software; or being unable to count yourself in a census.

When the choice is “agree or suffer the consequences” we do not have an option to actually consent.

Ethical Source (2)

Continued from “Ethical Source.

Keeping Ethics in Open Source

For the sake of argument, we’re currently going to assume that open source (defined as “software under an OSI approved license”) does not adequately address social issues.

Ethical Source proponents suggest adopting licenses with “ethics clauses,” also frequently known as “do no harm clauses.” These include such points as:

  • must confirm to local labor laws;
  • may not be used by governments;
  • environmental destruction; and
  • may not be used to profit from “the destruction of people’s physical and mental health”

as well as the above examples from the Vaccine License and the Hippocratic License.

I would argue that these types of clauses are inherently flawed either due to ambiguity or unintended consequences.

To address the former, I want us to look at “environmental destruction.” There is a solid argument that all software causes environmental destruction – due to the drain on non-renewable energy resources. Software that makes cars safer also powers these cars, which fits into a narrative of car driven environmental damage.

When considering “the destruction of people’s physical and mental health,” we have to acknowledge how much software is damaging to both the physical and the mental. I am definitely having back problems due to poor posture as I sit typing away all day at my laptop. Social media has enabled bullying that has literally killed people.

These sorts of clauses are just too ambiguous to use.

Then there are more firm qualifiers, like must confirm to local labor laws. This seems rather straight forward, but there are plenty of places where women are still fighting for the right to work, for equal pay, and against all forms of discrimination. In some countries husbands can prevent their wives from working. Following local labor laws means creating a community where whole groups of people are not allowed to participating in the building of open source software.

I also want to point out that “government use” is a very broad category. Governments provide health care, social security, scientific funding, arts funding, and necessary infrastructure. By restricting government use, we are restricting our access to things like education and weather data.

Licenses are not the tool to push for social issues. Licenses are a tool to build equity, and they are even a tool to fight against inequality, but they alone are not enough.

Seth Vargo pulled source code from the Chef code base when it came to light that Chef was working with ICE. Google employees staged walkouts and protests against Project Dragonfly. Tech workers and contributors can institute codes of conduct, ban companies doing evil from their communities, refuse to accept pull requests or contracts, unionize, collectively organize, and simply refuse to work when the technology they’re creating is being used for evil or by evil.

The other problem with Do No Harm licenses is that they require the adoption of those licenses. There are already many open source licenses to choose from. Much of the critical infrastructure we’re discussing is being built by companies, which I think are unlikely to adopt Do No Harm licenses.

Acknowledgments to Elana Hashman for ideas here.

Ethical Source

This is going to be post one of some unknown number. I think I cannot write everything I want to say in one post, but also that it would just make it undigestably long.

Read part 2!

Is Ethical Source Open?

Let’s first define our terms here: “open source,” for the sake of this particular post, means “under an OSI approved license.” An OSI approved license must meet the points laid out in the Open Source Definition (OSD) — a ten point list of qualifications. “Ethical source” is being defined as being “under a license that applies moral or ethical limitations to the use and modification of the software.”

Ethical source is not open source. Eevery ethical source license I’ve seen violates OSD 5 and/or OSD 6.

5. No Discrimination Against Persons or Groups

The license must not discriminate against any person or group of persons.

6. No Discrimination Against Fields of Endeavor

The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.

The Vaccine License is a good example of the first:

The Vaccine License is a software license that requires that users vaccinate their children, and themselves, and that user businesses make a similar requirement of their employees, to the greatest extent legally possible. The required vaccinations are those recommended by the user’s national administration, for example the United States Center for Disease Control. There is an exception for those who, for medical reasons, should not receive a vaccine.

The Vaccine License is saying that you cannot use software under the vaccine license if you’re not vaccinated (medical exceptions exist).

The Hippocratic License violates the second point:

No Harm: The software may not be used by anyone for systems or activities that actively and knowingly endanger, harm, or otherwise threaten the physical, mental, economic, or general well-being of other individuals or groups, in violation of the United Nations Universal Declaration of Human Rights (https://www.un.org/en/universal-declaration-human-rights/).

Services: If the Software is used to provide a service to others, the licensee shall, as a condition of use, require those others not to use the service in any way that violates the No Harm clause above.

If you have been following the conversation around licenses and ethical source, this is not new. If you haven’t, then it might be!

In the former case, there is a straightforward connection: not vaccinated? Not eligible to use it! This is specifically about the individual user.

The latter example, the Hippocratic License, violates OSD 5 in that it may not be used by individuals (or groups of individuals) found in violation, but it also makes verboten fields of endeavor — horrible, illegal ones, but fields of endeavor none the less. You cannot use this software for torture.

Neither of these licenses are open source.

In general, ethical sources licenses place restrictions on individuals, groups, or fields of endeavor, this means that they cannot be open source.

Does it matter that they are not “open source”?

There is commercial and social value in a license being open source. For a company, it’s a friendly certification mark that appeals to customers, consumers, and potential employees. From a social perspective, by creating open source software you’re adding to the Software Commons — the resources available to everyone. This is just nice. Plenty of people want their software to be open source, and they especially want it to be open source on their terms.

In some contexts and for some people, ethical technology is nearly synonymous with free/open technology — or it is a prerequisite that a piece of technology be open source for it to be ethical.

There is also already a strong community around open source software. People consider themselves not just a member of a project’s community, but the open source community. By being part of the open source community, you are getting access to a lot of people and you are part of something. There’s a lot of value in that. It is understandable why proponents of Ethical Source licenses would want it to also be open source.

However, under the current circumstances, something simply cannot be open if there are restrictions to “ethical” cases.

Autonomy

I’ve been stuck on the question: Why is autonomy an ethical imperative? or, worded another way Why does autonomy matter? I think if we’re going to argue that free software matters (or if I am anyway), there needs to be a point where we have to be able to answer why autonomy matters.

I’ve been thinking about this in the framing of technology and consent since the summer of 2018, when Karen Sandler and I spoke at HOPE and DebConf 18 on user and software freedom. Sitting with Karen before HOPE, I had a bit of a crisis of faith and lost track of why software freedom matters after I moved to the point that consent is necessary to our continued autonomy. But why does autonomy matter?

Autonomy matters because autonomy matters. It is the postulate on which not only have I built my arguments, but my entire world view. It is an idea that is instilled in us very deeply that all arguments about what should be a legal right are framed. We have the idea of autonomy so fundamental as part of our society, that we have been trained to have negative, sometimes physical, reactions to the loss of autonomy. Pro-choice and anti-choice arguments both boil down to the question of respecting autonomy — but whose autonomy?  Arguments against euthanasia come down to autonomy — questions of whether someone really have the agency to decide to die versus concerns about autonomy being ignored and death being forced on a person. Even climate change is a question of autonomy — how can we be autonomous if we can’t even be?

Person autonomy means we can consent, user freedom is a tool for consent, software freedom is a tool for user freedom, free software is a tool for software freedom. We can also think about this in reverse:

Free software is the reality of software freedom. Software freedom protects user freedom. User freedom enables consent. Consent is necessary to autonomy. Autonomy is essential. Autonomy is essential because autonomy is essential. And that’s enough.

Free software activities (November 2019)

November brings two things very demanding of my time: Thanksgiving and the start of fundraising season.

Free software activities (personal)

  • The Open Source Initiative had it’s twice-a-year face to face board meeting! Good times all around.
  • Debian is having a GR. I’ve been following the development of proposals and conversation, which is basically a part time job in and of itself.
  • Participated in Debian Community Team meetings.
  • I started drafting Bits from the Debian Community Team.
  • Wrote some blog posts! I liked them this month.
  • Wearing multiple hats I attended SustainNYC, talking about sustainability in free and open source software.
  • I submitted to some CFPs — SCaLE, FOSSASIA, and OSCON.
  • I am serving on the papers committee for CopyLeftConf, and for this I reviewed proposals.

Free software activities (professional)

  • We launched a fundraiser! (About a patent infringement case)
  • Funding a legal case is an expensive proposition, so I am also meeting with companies and potential large donors interested in helping out with the case.
  • We launched another fundraiser! (About general Foundation activities)
  • I participated in the hiring process to fill two roles at the GNOME Foundation.

Health care

One of the most important issues for free software within the US is one we rarely talk about: healthcare. That is why I am going to write about it.

These days, sustainability in FOSS is a hot topic. In my experience, for many years this conversation focused nearly exclusively on making FOSS -profitable- for companies, in order to create jobs. Now, the conversation is shifting to ask: what conditions do we need to create so that everyone who wants to work in FOSS can do so?

The answer is not the same for everyone, nor is it the same in every country. Someone supporting a family of two, three, four, or however many has greater income needs than I do, as my biggest financial responsibilities are debt and a cat. However, I also have a condition with a mortality rate estimated at 15%. Access to affordable, comprehensive health care is not just a nice perk, but crucial for my continued survival.

Access to health insurance has been the primary factor in all of my professional decisions: staying places where I was miserable, doing work I hated, even choosing where to apply. Access to health insurance was a major factor in my moving to Massachusetts, which offers health insurance to all residents.

While my free software career has been amazing — I am extremely lucky that I was able to cultivate a skill set and social network that enabled me to work in the greater sphere of FOSS (and previously open ed) — I would have made different decisions had I not been reliant on employers to provide me with health insurance.

In the United States (and many, many other places), access to affordable, comprehensive healthcare (from here on: healthcare) is a major factor holding people back from FOSS contribution. When your access to health care is tied to your employer, your time — and literally your life — is dependent on your employer. This seriously impacts your ability to even have free time, let alone using that time to build FOSS.

Since the creation of software largely relies on people’s professional skill sets, we’re asking people to do in their free time what they do in their paid time — design, develop software, plan architecture, organize events, maintain systems and infrastructure, be a lawyer, manage finances, and everything else that strengthens FOSS and FOSS communities. In asking someone to take on a leadership role in a FOSS project or community, you’re asking them to take on another job — one that comes with neither pay nor benefits.

When people face constant threats to their existence due to fearing for their lives (i.e. their health), it can be hard, if not impossible to spend their time contributing to FOSS, or indeed to any activist project.

People who live in societies that rise to meet the basic material needs of all citizens are able to spend time contributing to the greater good. Those of us struggling to survive, however, must forgo opportunities to become participating members of communities that are trying to change the world. Instead, we look to our employers (usually with commercial interests) to meet our needs.

When you work in tech, meeting our basic material needs through employer-sponsored insurance comes at a steep price: non-compete agreements, signing away patent and intellectual property rights, fights to ensure your work is available under a free and/or open source license, and giving up more than 8 hours a day/40 hours a week. When we try to create good FOSS in addition to that, we burn out, we become miserable, and we’re trapped.

People are incapable of creating FOSS when they’re sick, burnt out, worried about their health, struggling with an ongoing condition or disability, or dead. It’s that simple. [powerful]

People fighting for access to healthcare should care about free software for many reasons, but we as a free software community also need to care about access to health care. This is for the sake of ourselves and the sake of our communities. We cannot build the tools and resources the world needs when we are struggling simply to live.

If you accept the notion that lack of access to comprehensive healthcare impacts our ability to have the resources necessary to create something like free software, then we can acknowledge that, by providing health care to everyone, everyone will then be in a better, more equitable position from which they can contribute to FOSS and lead safer, happier lives.

According to the KHN, 8.5% of U.S. Americans didn’t have health insurance in 2018. Un-insurance rates are even higher among non-white populations according to HHS. As a community, we’ve accepted that the lack of diversity and the over-representation of cis white folks is a problem. We need to create more equitable conditions — so that people come to FOSS from similar places of privilege, rather than having a huge disparity in privilege and oppression. Providing health care to everyone will help alleviate this, and will enable more people to do the things they are passionate about — or things they will become passionate about once they have the chance to do so.

If we are to create a world where FOSS is successful, access to health care is paramount and we need to take it seriously.

Cocktails: Kyoto

Tech has a drinking problem. I won’t go into it now, but I am generally very hesitant to talk about alcohol on the internet because I don’t want to be part of a culture that -encourages- drinking (even though I have been in the past). Since this blog is mainly tech focused (with some baking interludes), I’ve gone out of my way to not write about drinking. The thing is, I really enjoy cocktails. It’s a casual hobby of mine.

When I plan for a trip, I research cocktail bars in the area(s) where I will be traveling. I make lists and put them on a map. I have priorities and notes. I get a lot out of blogs and articles on these things, so I decided I probably ought to “give back” to that experience.

So, here are my thoughts on the cocktail bars I visited in Tokyo.

Bar Rocking Chair

Web site

This was my favorite in Kyoto. The staff were very friendly and very nice. They were patient with my Japanese, even though they spoke excellent English. When we arrived they were a bit busy, but managed to just barely find a place for us to sit. Deeply appreciated.

I had a The Best Scene and a Jyu-raku, and very much enjoyed them both. I chose these because The Best Scene is their award winning cocktail, and the jyu-raku comes with port. They have an impressive port collection, and it seemed like it was a good place to try out a port cocktail.

I also really just liked the atmosphere here. Typically I strongly prefer to sit at the bar, but had a really lovely time sitting in a rocking chair by a candle-filled fireplace, admiring the port collection, watching the flames dance, and sipping on a great drink.

If I lived in Kyoto, I could see Rocking Chair becoming my cocktail home base.

L’Escamoteur

Web site?

L’Escamoteur is great, but let’s be clear, it’s a kitschy bar with a bit of a Steampunk flair, from the bartenders’ hats to the bathroom through a hidden bookcase door. I don’t think the kitsch is a detractor, but I was a little surprised after hearing how great the drinks are, as I’m not used to seeing such a marriage between over the top visual novelty and drinks that are actually worth the wait.

They specialize in showy drinks, including those that use smoke and fire. While I was not into the intense eye contact the bartender I didn’t chat with made while playing with chartreuse, aflame in that particular shade of blue alcohol burns, I was into how chatty everyone else was. We talked about drinks and Kyoto, how they ended up at a bar in Kyoto, and our shared experience of living abroad.

I forget what I had, other than something with chartreuse in it — something I normally stay away from — because I FORGOT MY COCKTAIL NOTEBOOK. For shame! I did enjoy what I had. We did have a drink made with smoked whiskey that tasted like biting into a delicious, sweet, burning piece of wood. I recommend that. I think there was a negroni, and something kind of sweet and spicy.

This place was a lot of fun, and I do recommend it highly.

nokishita711

Web site

I loved this place so much. A lot of that was the novelty of it. Nokishita711 is unrepentantly nothing but itself and what it wants to be. This bar probably comfortable fits eight, but Tomoiki (the drink director) will keep cramming people in, to share with them his unbridled love of gin and marrying its myriad tastes with those of Japanese traditional flavors.

He painstakingly makes one drink at a time, serves it to you, and then makes the next. He’s in no rush, and reminds you that you shouldn’t be either. Gin, and cocktails, are meant to be taken as a moment unto themselves, and savored for as long as it will last.

When we were there, he played low key hip hop, dancing along while mixing drinks.

Okay, maybe I was just charmed by Tomoiki. I really did enjoy the drinks though. They were creative, they were weird, they provided new experiences about what a cocktail is and can be.

Did not get to, but still want to check out:

Thinkers

Free and open source software, ethical technology, and digital autonomy have a number of great thinkers, inspiring leaders, and hard working organizations. I see two discussions occurring now that I feel the need to address: What will we do next? Who will our new great leader be?

The thing is, we don’t need to do something new next, and we don’t need to find new leader.

Organizations and individuals have been doing amazing work in our sphere for more than thirty years. We only need to look at the works of groups like Public Labs, OpenStreetMap, and Wikimedia to see where the future of our work lies: applying the principles of user freedom to create demonstrable change, build equity, and fight for justice. I am positively inspired by the GNOME community and their dedication to building software for people in every country, of every ability, and of every need. Outreachy and projects and companies that participate in Outreachy internships are working hard to build the future of community that we want to see.

Deb Nicholson recently reminded me that we cannot build a principled future where people are excluded from the process of building it. She also pointed out that once we’ve have a techno-utopia, it will include everyone, because it needs to. This utopia is built on ideas, but it is also built by plumbers — by people doing work on the ground with those ideas.

Deb Nicholson is another inspiration to me. I’ve been lucky enough to know her since 2010, when she graciously began to mentor me. I now consider her both a mentor and a dear friend. Her ideas are innovative, her principles hard, and her vision wide.

Deb is one of the many  people who have helped and continue to help shape my ideas, teach me things. Allison Randall, Asheesh Laroia, Christopher Lemmer-Webber, Daniel Khan Gilmore, Elana Hashman, Gabriella Coleman, Jeffrey Warren, Karen Sandler, Karl Fogel, Stefano Zacchiroli — these are just a few of the individuals who have been necessary figures in my life.

We don’t need to find new leaders and thinkers because they’re already here. They’ve been here, thinking, writing, speaking, and doing for years.

What we need to do is listen to their voices.

As I see people begin to discuss the next president of the Free Software Foundation, they do so in a context of asking who will be leading the free software movement. The free software movement is more than the FSF and it’s more than any given individual. We don’t need to go in search of the next leader, because there are leaders who work every day not just for our digital rights, but for a better world. We don’t need to define a movement by one man, nor should we do so. We instead need to look around us and listen to what is already happening.