Greetings! Just thought I’d check in from my extended hiatus and offer a few info items on SpaceFM.
My development work on SpaceFM and my other projects is still currently suspended, so no change there, but mostly they are still running as they were. I’ve been working elsewhere and have only been a user on Linux lately. I can’t tell you much about my plans, except that I am that much more determined to not ever run a system that includes systemd, especially seeing the direction it’s going (IP forwarding, etc), growing way beyond a safe and stable init system. Clearly many people aren’t happy with it, but they never were, and I doubt major distros are going to listen to their users. So I’ve been giving things some time to bubble, seeing what falls out of this mess as options.
When I have some free time, I may try gentoo without systemd, or I may try one of the BSDs. Let me know below if you’ve found a promising road away from systemd. My only real hesitation is my Brother MFC-4720 printer, which is a good printer but always hell to install, and I never could get it working on gentoo or BSD last I tried. But I’m told desperate times call for desperate measures. Once I find my next OS direction, then I will decide what if anything I want to do in the area of software dev. For now I’m just using SpaceFM on a retro Debian system, nice and quiet while all hell is breaking loose in Linux, but I think my days of using Debian are soon done.
A few notes on SpaceFM…
My thanks to previous SpaceFM contributor BwackNinja, who has been maintaining a maintenance fork of SpaceFM with a few bugfixes, plus he has added the ability to have transparent desktop backgrounds. Nice work there, so if you want to use that feature, you can grab the source, and if you have an urgent issue with SpaceFM, you might want to politely bring it to his attention. You are also still welcome to post issues to the main SpaceFM issue tracker, so others can review them, offer possible fixes, and I may eventually see them.
If you encountered an error in the console saying Attempt to unlock mutex that was not locked some months ago when starting SpaceFM, or were unable to start it, this was caused by an update in glib 2.41 which broke many GTK apps, especially when used with GTK 2.24.24. This problem was corrected upstream in the release of GTK 2.24.25, but still may affect some older versions of GTK2, as well as GTK3. BwackNinja’s fork includes a fix for this, and you can read more details here. Thanks to everyone who helped troubleshoot that in my absence!
Also, those using the IgnorantGuru PPA should have noticed a key expired error on my key. Rather than replace the key at this time, I have simply removed the expiration date from my public key (0x01937621), so it’s no longer expired, and have re-uploaded it to keyservers. You can get and add the updated key with these commands, and the PPA should work again:
gpg --keyserver keys.gnupg.net --recv-keys 0x01937621 # If you receive an error, try again later. # Then, add the keys to apt-key: bash -c 'gpg --export -a 01937621 | apt-key add -'
Alternatively, you can use the keyserver at keyserver.ubuntu.com, and it should migrate to others in time.
I haven’t been keeping up with Linux or SpaceFM discussions much, so if there’s something you want me to know (keeping in mind that I’m not currently working on these projects), some thoughts or resources you’d like to share with other SpaceFM users (the homepage directs them here and many users are subscribed), etc., now is your chance to leave your comments, links, etc. I’ll leave this thread open for comments for a few weeks. Also feel free to give any thoughts on anti-systemd migration – I’d like to know what people are using. Thanks and best wishes!
I will be beginning a hiatus from my public projects shortly, which means those projects will be suspended indefinitely, including development on SpaceFM and udevil, updates to this blog, and other little works. Suspended means all motion will stop, but most sites I maintain should remain accessible and unchanged. The duration of this hiatus is undefined. This may morph into a retirement, or I may restart some of it eventually in OpenBSD or another platform, or I may simply return and resume work on some or all of the projects.
If you are using SpaceFM or udevil, etc. and want to continue using them, I suggest doing so. Some distros may drop them automatically once they are ‘unmaintained’, but there’s nothing to stop you from using them indefinitely, and these are well-debugged at this point. Eventually some breakage may occur (eg GTK3), but there are probably enough people using SpaceFM now that someone can offer a patch if needed. It’s very easy to make and share a fork on github. I will also be using them myself, so if something major breaks I may come out of hibernation (like an angry bear woken early from slumber!) with an update.
With regard to Linux, I plan on falling behind the systemd wave in Debian, avoiding it. I may eventually move toward Gentoo, or over to one of the BSDs as well. But in avoidance of systemd, I won’t be keeping up with the latest edge of Linux for awhile, which makes for a poor developer’s environment. You’re welcome to join me, in which case SpaceFM and udevil should keep working as they are, even without current maintenance. To give you an idea, in the past six months I’ve needed to fix only a handful of bugs, none of them critical. So this isn’t abandoning ship, it’s more like setting sail for real.
I have weighed this decision carefully, because I know a lot of people really like SpaceFM, and I like to give projects decent support, even if free. I tried to put it on a back burner, but the project has too much energy and mass now for that, and I feel like I’m leaving people in limbo. So I decided to be realistic based on the last few months, and simply put these projects into suspension. I do sometimes continue such things, as I did last year after being on hiatus for several months. So overall, I again suggest that if SpaceFM works well for you, there’s nothing to stop you from continuing to use it indefinitely, supporting it indirectly, or forking it for any purpose.
This blog is now closed to comments in order to eliminate spam being added. If you would like to be informed of any temporary or permanent returns from my hiatus, you can subscribe for email updates. My other sites will shortly show ‘suspended’ notices just to let people know the status of projects. Yet I’ll do my best to merely freeze everything and keep it available. I may leave the issue trackers open, so any bugs can be tracked, yet note that only I have write access to the Github repositories I own, as well as this blog. The wikis should remain available for additions.
Thanks for all the support and interest, and good luck navigating.
Also see February 17, 2015 Update above for the latest info.
Today I decided to give Bitcoin a try – thought I would share some initial thoughts from a newbie perspective. Many of my readers are probably ahead of me on this so can skip reading, but note that you can now donate me some Bitcoins to play with… please. :)
I’ve read some of the papers on Bitcoin but haven’t actually tried it til now. I’m not a wealthy person by any means so I don’t play with money much except for essentials, but I figured it was time I tried it. I’m glad I did – it’s interesting to see how it’s handled and some of the services springing up around it.
If you’ve never tried it, I strongly recommend freeing up a little cash and giving it a try. If nothing else, it’s cool to learn about, and it’s cool to handle a crypto-currency first-hand, a currency that isn’t centrally controlled. You really do ‘own’ it. You can be like me and not take it too seriously. Would I invest huge amounts in it even if I had it? Probably not. While the concepts are sound, it’s still experimental in the real world, and the central banking thugs will probably find ways to attack it, from theft to attempts at regulation. But I think it’s great to get to know it in a hands-on way.
The recent MtGox theft seems to have frightened some people, but I say “duh!” To me the whole point of a crypto-currency is distribution. Hold it in your own hands (PC). If you keep your coins in someone else’s possession, essentially a bank, you’d better hope they have good vaults and aren’t thieves, and to me that defeats the purpose. From what little I know of it, MtGox was a good lesson on how not to use crypto-currency. And I think that Bitcoin survived that heist says a lot. It was basically a bank robbery – shows it has real value. :)
So I discovered a few services. Coinbase is sort of like Paypal for US customers, you can buy Bitcoins by transferring US dollars from a bank account, and can receive Bitcoins from a Donate button like the one I now have here on the blog, and can then convert them back to dollars in your bank account. No fees involved, and some of the people from Paypal seem to be involved. Reviews are mostly positive. (There is a lot of FUD on Bitcoin in general, so read deeply – TPTB don’t want you using something they can’t control.)
To me though, it’s less interesting to see everything in terms of exchange rates, and just work with Bitcoins themselves as a means of exchange. I just need to get some to try it out a bit, so currency conversion is a starting point. I think the whole racket of trying to make money by selling high and buying low is useless, as it is in general. Try providing real services instead of just milking the system. Yet given the number of people trying to play it like a scam, Bitcoin has held up well. Regardless of exchange rates, 1 BTC == 1 BTC, and that should remain true for quite some time. I think it’s cool to own a few.
I’m also trying out the Electrum python-based client for Linux, right in Debian’s repos. Looks pretty well designed, and people seem pretty well-informed in the community. But I don’t have any BTC yet so it’s kind of boring. MultiBit is popular too, but Java is a turn-off for me. The advantage to using your own client is that it’s like holding cash in your wallet – you’re not going through a bank or central service. It’s as secure as your computer in general, which is good enough for something at least. No currency is guaranteed – it’s only money, people. Use it to exchange some stuff, but don’t obsess over it in any form. Keep it real.
There are other digital currencies, but from what I understand not many are like Bitcoin – they are centrally controlled and can be printed at will, etc. Bitcoin is based on some sound mathematics. Even if it doesn’t survive, I think it’s worth being part of, at least in a small way, even as a global experiment that may evolve into its successor. It has an exciting feel to it and people seem to be enjoying learning about its ups and downs.
For those who don’t know, much human suffering has been created by centralized banking – the banksters who rob and control whole nations. I think the concepts of crypto-currency deserve participation for what they can become. Actually quite a few online stores and brick-and-mortar stores are accepting Bitcoin now. The merchant services are becoming streamlined. I think the services are worth exploring and using in limited ways, but learning how to use a client like Electrum and maintaining your own wallet directly is worth learning too – it’s easy.
So I hope you give Bitcoin a try with me for the experience itself, and don’t believe all the FUD – the Bitcoin FAQ is a good read. It’s actually a pretty cool thing. No, it won’t make you rich, and yes, it’s somewhat unstable in terms of exchange rates. But it is what it is, and it seems to have a solid start. I’ll let you know how I’m doing with it, and feel free to share your experiences.
In his Q&A to his keynote address at the World Hosting Days Global 2014 conference in April, the world’s largest hosting and cloud event, Julian Assange discussed encryption technology in the context of hosting systems. He discussed the cypherpunk credo of how encryption can level the playing field between powerful governments and people, and about 20 minutes into his address, he discussed how UNIX-like systems like Debian (which he mentioned by name) are engineered by nation-states with backdoors which are easily introduced as ‘bugs’, and how the Linux system depends on thousands of packages and libraries that may be compromised.
I recommend watching his 36 minute Q&A in its entirety, keeping in mind my recent warnings about how GNU/Linux is almost entirely engineered by the government/military-affiliated Red Hat corporation.
The Voice of Russia website has an article on Assange’s address with a few quotes:
“To a degree this is a matter of national sovereignty. The news is all flush with talk about how Russia has annexed the Crimea, but the reality is, the Five Eyes intelligence alliance, principally the United States, have annexed the whole world as a result of annexing the computer systems and communications technology that is used to run the modern world,” stated Julian Assange in his keynote address…
Don’t just read the short article, listen to the address yourself, because Assange goes into many areas, and the work being done in these fields.
Assange mentions how Debian famously botched the SSH random number generator for years (which was clearly sabotaged). Speaking of botched security affecting Red Hat, Debian, Ubuntu, Gentoo, SuSE, *BSD, and more, the nightmarish OpenSSL recently botched SSL again (very serious – updated comments on how a defense contractor in Finland outed the NSA here?) It’s very hard to believe this wasn’t deliberate, as botching the memory space of private keys is about as completely incompetent as you can get, as this area is ultra-critical to the whole system. As a result, many private keys, including of providers, were potentially compromised, and much private info of service users. Be sure to update your systems as this bug is now public knowledge. (For more on how OpenSSL is a nightmare, and why this bug is one among many that will never be found, listen to FreeBSD developer Poul-Heening Kamp’s excellent talk at the FOSDEM BSD conference.)
From the start, my revelations on this blog about Red Hat’s deep control of Linux, along with their large corporate/government connections, hasn’t been just about spying, but about losing the distributed engineering quality of Linux, with Red Hat centralizing control. Yet as an ex-cypherpunk and crypto software developer, as soon as I started using Linux years ago, I noted that all the major distributions used watered-down encryption (to use stronger encryption in many areas, such as AES-loop, you needed to compile your own kernel and go to great lengths to manually bypass barriers they put in place to the use of genuinely strong encryption). This told me then that those who controlled distributions were deeply in the pockets of intelligence networks. So it comes as no surprise to me that they jumped on board systemd when told to, despite the mock choice publicized to users – there was never any option.
A computer, and especially hosting services (which often run Linux), are powerful communication and broadcasting systems into today’s world. If you control and have unfettered access to such systems, you basically control the world. As Assange notes in the talk, encryption is only as strong as its endpoints. eg if you’re running a very secure protocol on a system with a compromised OS, you’re owned.
As Assange observed:
“The sharing of information, the communication of free peoples, across history and across geography, is something that creates, maintains, and disciplines laws [governments].”
UPDATE: Wikileaks is officially denying that Julian Assange literally said “Debian Is Owned By The NSA”. For people who are choking on the mere summary title of this article, please see definition of Owned/Pwn (and get some hip!)
- Ts’o and Linus And The Impotent Rage Against systemd
- Biography of a Cypherpunk, and How Cryptography Affects Your Life
(second half details Red Hat’s involvement in Linux)
To lighten the mood a bit here, a little news from Linux Hollywood…
While some may only remember the name Wil Wheaton as the teenage Wesley Crusher on Star Trek: The Next Generation, he went on to become one of the first and biggest celebrity bloggers (with a hand-coded website running on Linux), and is touted as a champion of geek affairs. He’s a big advocate of Linux, open source and anti-DRM. Is he a SpaceFM user? :) Not sure – try it out Wil – but I’ve talked with him a few times on his blog and he’s a great guy, and super-talented. Just a few weeks ago he posted his geeky thoughts on his latest Ubuntu install, and he’s even an Xfce user.
He writes yesterday on his blog that he will be starring in a new innovative series on the SyFy (formerly Sci-Fi) network: The Wil Wheaton Project, airing May 27th. His account there of what he went through to make the show happen was interesting, and it sounds like quite a creative show. Maybe he’ll even feature some Linux stuff there? Who can say, but nice to see a talented Linux geek making it big. Check it out.
Also see: Hollywood Reporter Article
Bringing some links buried in comments below to the top, I think these critiques of systemd’s integration and maintenance deserve some review.
First, kernel developer Theodore Ts’o, the developer of e2fsprogs and current maintainer of ext4, shares his reservations about systemd’s engineering, and the trouble he has had understanding and using it.
…a lot of the fear and uncertainty over systemd may not be so much about systemd, but the fear and loathing over radical changes that have been coming down the pike over the past few years, many of which have been not well documented, and worse, had some truly catastrophic design flaws that were extremely hard to fix.
He goes on to describe how he previously had to neuter policykit’s security (rendering his system very vulnerable) just to get his system working, and how he has found systemd “very difficult sometimes to figure out”. Should we be concerned that a kernel developer, obviously a very qualified computer user (an MIT graduate in his 40s), has trouble understanding and using policykit and systemd to configure his own system? Where does that leave the average Linux user in handling these atrociously complex and built-to-be-broken technologies?
…Kay Sievers and Lennart Poettering often have the same response style to criticisms as the GNOME developers [read other Red Hat developers] — go away, you’re clueless, we know better than you, and besides, we have commit privs and you don’t, so go away.
Predictably, fanboys rush to systemd’s defense in the comments, telling us how wonderfully documented and supported it is, what a quiet, fascist paradise the systemd mailing list is, and how responsive the developers are to every bug, request and patch submission.
Yet just two days ago, we see Linus Torvalds (the creator of Linux and maintainer of the Linux kernel), launching into a tirade against – yes, you guessed it – systemd developers because of their atrocious response to a bug in systemd that is crashing the kernel and preventing it from being debugged. Linus is so upset with systemd developer Kay Sievers (gee, where I have heard that name before – oh, that’s right, he’s the moron who refused to fix udev problems) that Linus is threatening to refuse any further contributions from this Red Hat developer, not just because of this bug, but because of a pattern of this behavior – a problem for Kay because Red Hat is also foaming at the mouth to have their kernel-based, no doubt bug- and security-flaw-ridden D-Bus implementation included in our kernels. Other developers were so peeved that they suggested simply triggering a kernel panic and halting the system when systemd is so much as detected in use.
So much for systemd developers’ responsiveness, and its great engineering, witless fanboys. (Are we really sure many of these fanboys aren’t part of an Infiltrate, Manipulate, Deceive, and Destroy program?)
While Ts’o’s discussion of systemd wanted to make me wretch for its usual polite, politically-correct crap, he did at least bring up some core problems in that typically watered-down way that mainstream developers express their opinions so as not to offend any fascists in their midst. Yet even Linus’s tirade, and the lengthy user discussion which followed it, completely miss what’s really happening to Linux. It seems these developers and users can’t rise up enough to get a 3D view – all they can do is focus on minute issues in isolation and fail to put the pieces together in any coherent way. Are they just afraid or feeling awkward to discuss it, or are they like other kernel developers I’ve heard from who are completely clueless about what Red Hat developers represent?
I’ll put it together for you once again. For those who missed it in my other articles, Red Hat is a billion-dollar corporation with deep ties to the US military (their largest customer), and thus inevitably the NSA (a military security organization), etc. Adding to the conflict of interest, they have as direct corporate partners Google, Apple, and other too-large-to-imagine corporations with their hands in slime. Red Hat developers dictatorially control the core engineering of Linux, including components such as udev, udisks, xorg, dbus, systemd, etc., used by every major Linux distribution, as well as other common desktop components such as GNOME and GTK. (As Ts’o put it, “we have commit privs and you don’t”.) These are simple facts, though curiously never discussed. In many developers’ views, these Red Hat developers have consistently introduced closed, overly complex, security-breaking technologies to Linux for years, and have a long and tired history of sabotaging kernel development, creating unending bugs and problems for kernel developers, which they often categorically refuse to address. Linus knows them well – or does he?
Yet the myth continues that Linux is somehow not surreptitiously developed as a product of the military-industrial complex, and that its core engineering is based on open and free contributions. Discussions like these ones above revolve around whatever the bugs of the day are, and completely fail to assess what appears to be deliberate and systemic damage done to the Linux ecosystem, primarily through Red Hat developers.
Wake up, morons – and that includes you Linus (who likes to call out morons as such himself). Start telling it like it is, and start addressing the real systemic problems in Linux’s engineering – namely that brown shirts like Kay Sievers and Lennart Poettering are just front men for a much uglier reality. Otherwise you’re just trying to sweep back the ocean with a broom – your actions are useless and doomed to fail. Getting angry won’t help – start getting smart, and start developing a genuinely free and open operating system, taking you-know-who out of the loop. If you can’t or won’t do that, then you may as well just surrender Linux to them entirely, which is pretty much the case already.
- Julian Assange: Debian Is Owned By The NSA
- Biography of a Cypherpunk, and How Cryptography Affects Your Life (second half details Red Hat’s involvement in Linux)
SpaceFM 0.9.4 has been released. Please check out SpaceFM News for a few announcements and the changes to this version.
At the risk of turning this into the ‘bad news blog’, I have discouraging news regarding the release of GTK 3.10, which has now reached Debian Testing.
While working on SpaceFM recently, I noticed that all of the menu icons are gone.
No menu icons, meaning no app icons in the Open menu. This is the new GTK3 default, unannounced as far as I can tell, and not publicly discussed. I see from an Ubuntu thread back in 2009 that GNOME made this their default back then. That thread indicated that GNOME (which I don’t use) has a configuration editor to turn menu icons back on, and there was rumor of the option being removed eventually. The developers deemed it “less cluttered”.
In GTK 3.10, you can still add the line ‘gtk-menu-images = true‘ to ~/.config/gtk-3.0/settings.ini to turn them back on. Yet if this was already the GNOME default, why make it a new GTK default five years later, breaking current behavior? Are they planning to disable them entirely soon? A quick search reveals no discussion or documentation on this change.
As an app developer, I can tell you that most GTK and GNOME users won’t change that setting, or even be aware that it exists. Thus my app will be icon-less, and the settings for customizing menu icons in SpaceFM won’t have any effect. I thought GNOME was always the icon-driven UI compared to KDE, so this seems very strange.
No Mnemonics Either – At All
In addition, as you can see in the above shot, mnemonics have been removed entirely. These are where eg “Copy” in the menu has an underlined ‘C’, allowing you to press Alt+C to activate it. SpaceFM allows you to customize these too. Mnemonics have also been removed from dialog labels, meaning, for example, you can no longer press Alt+N in SpaceFM’s rename dialog to put the cursor in the Name box, and you can’t click an OK button by pressing Alt+O.
Unlike the missing menu icons, it appears that mnemonics have been permanently disabled. Per the GTK 3.10 docs: “gtk-enable-mnemonics has been deprecated since version 3.10 and should not be used in newly-written code. This setting is ignored.” IOW, it’s also impossible to turn them back on with gtk-enable-mnemonics = true in settings.ini, and themes can’t override this either. I say this appears to be the case, because I can find no further documentation or discussion of this change. [UPDATE: It seems you can press the Alt key once to make the mnemonics appear while the mouse is over an item. Anyone know how to disable this feature and make them always shown? Please leave a comment.]
Good luck to disabled persons with limited or no mouse use. And based on feedback, many people use these mnemonics, myself included. Key shortcuts provide a much faster UI than clicking a mouse, especially for commonly repeated tasks.
Fortunately, SpaceFM users can choose a GTK2 build of SpaceFM (most distros offer packages for both for compatibility with MATE, etc), and I personally plan to drop use of GTK3 due to this change, as well as their breaking existing defaults and behavior. I don’t want to deal with lost and broken functionality everytime I update my system – it interrupts my workflow. Plus I use mnemonics at times, especially with annoyingly slow touchpads. Yet for apps that have ‘moved forward’ to GTK3, such as Roxterm, we’re stuck with mnemonic-less menus and dialogs.
What is the vision and motivation behind permanently removing such core UI functionality, not just changing the toolkit default, which is bad enough, but killing it entirely? All that GTK and app code, debugged and working well, now in the trash bin. Whatever their vision is, I don’t like it. Their rampage of removing functionality is clearly just getting started.
At some point, I believe I may need to drop GTK3 support entirely from SpaceFM, but we haven’t reached that point yet. This change doesn’t require me to re-code anything, it just diminishes the user experience when GTK3 is used. I had planned to make the GTK3 build the default soon, but I believe I will stick with GTK2 as a default, and for stability I recommend that to users. If it comes to a point where I can’t support both, I will drop GTK3. I’m not chasing after all their time-wasting breakage. And many projects have been resisting the move to GTK3, which I think is wise. I guess it’s telling that the GIMP project, the original developer of GTK (GIMP Toolkit), is sticking to GTK2, and they’ve been told not to expect to be able to use GTK3 for such a robust app.
This still presents problems, because using a mixture of GTK2 and GTK3 apps on your system is wildly inefficient. This means that library components of both versions must be resident in memory, as well as all the components related to GTK, such as icon caches, etc. You’re basically doubling the system requirements and slowing it down. For this reason, I strongly advise app developers to support a hybrid GTK2/GTK3 build. While it requires a few ifdefs, it’s reasonable. See SpaceFM’s gtk2-compat.h for some ideas.
Further, developing an app on a toolkit that is no longer actively developed or supported presents obvious problems. Yet GTK3 is supported so poorly, and the developers of it respond to app developers and users so arrogantly and dismissively, that it’s effectively the same. Yet how long will GTK2 remain compatible with changes in X, glib, and other components? Lets hope some forks get going strong.
This solidifies my conspiratorial opinions that GTK is deliberately being driven into the ground by Red Hat, alienating users and developers, both to turn the corporate-developed Qt into THE monolithic Linux UI toolkit, and perhaps to convert GTK into some kind of tablet-only nightmare. “Linux is a government, military product, right down to its core” – the core engineering is controlled almost exclusively by Red Hat, regardless of what distro or DE you use. I guess the military isn’t keen on recruiting disabled persons, so why bother with mnemonics? And who needs icons in a colorless corporate world? I can understand why app developers, even in Xfce and LXDE, are being slowly driven to Qt, yet once everyone is in that corporate boat, where will the captain take it?
I’m happy to announce that udevil is now available in Debian’s official testing and unstable repos. Thanks to Mateusz Łukasik for his work maintaining udevil and SpaceFM packaging on Debian, as well as his Ubuntu PPAs. For older Debian versions, you can still use the build-from-source packages in my PPA. Please see the updated Debian wiki page for details.
For those not familiar with udevil, it is a small tool that can simplify your system’s handling of devices, used by itself on the command line or within the SpaceFM file manager. udevil can replace need for udisks, consolekit, policykit, etc., creating a simple and easily configured system. udevil also includes the optional devmon automounting daemon, which will automount just about any device inserted, hassle-free, and can autostart apps and take other automatic actions you specify. Visit udevil Homepage
For a little over two years, I have been on a strange odyssey into the heart of Linux, and I think now is a good time to summarize that journey for some readers that haven’t followed every step, and to answer some questions that it has opened. Like most users, I came to Linux with the impression that it was an openly and freely developed OS, a saner alternative to the corporate OSes such as Windows. I knew corporations had developed some of the software and had infiltrated the kernel, but I thought Linux was largely driven by users and community development, largely volunteers. And I thought the assertions that Linux took security more seriously were based in facts – that things were basically done smartly, because this is ‘our OS’.
Being semi-retired from such work, I never intended to develop software in Linux. This happened as a result of my first encounter with something ‘not quite right’ in Linux. Originally a user of the KDE version of Ubuntu, I began to see disturbing patterns in how daemons were being used, and generally how the system was being engineered to be increasingly locked down, intrusive, and overly complex. I knew these patterns well because I had used and developed on Windows for many years. With the advent of KDE4, I was driven to abandon KDE and Ubuntu completely, moving to Arch Linux with just Openbox. This was also my first real introduction to the ‘g’ side of Linux (GNOME and GTK apps and daemons), since now I was avoiding any KDE dependencies.
When I first began using Linux, a little over a decade ago, I chose the name “IgnorantGuru” because I was a guru in some areas of computers, certainly not a novice, but I was also a Linux noob and ignorant of plenty! I always feel this way about knowledge: acknowledge both what you know and what you don’t know – this is where learning begins, or continues. The surest way to learn nothing is to believe you know it all. So I got to know bash a bit and started sharing scripts, and eventually set up this blog to maintain my scripts and let people see what I was up to in my own explorations and uses of Linux. This blog also saw some fame in the form of an article I did on the lack of package signing in Arch Linux, a large controversy at the time which established this blog as a controversial news and discussion site. Then as I started hacking the legacy PCManFM so I could add a few custom commands to it, PCManFM-Mod was born. Feedback on this small mod convinced me that I wasn’t the only person interested in simple, flexible software, and this interest eventually grew into the SpaceFM and udevil projects. I am a Linux developer and blogger, when I had set out to be neither! Such is life.
I’m not new to all of this. I don’t usually go into my history much as I prefer a layer of anonymity to work in peace, and it helps me stay on topic. Yet here I would like to share a little of my general background so you can understand where I’m coming from. Sometimes I get the impression that people are confused as to why their file manager developer takes some of these blogging issues so seriously. Why does he care?
I care because I am a cypherpunk, or I was. Much of the software I’ve developed in the past has been in the general area of crypto and various related clients, servers, etc. If you were around back then, you knew my name (alias) – I wrote popular software of the day and had articles published by the EFF, etc. For those of you too young to know or remember, this was the period, and just following the period, when Phil Zimmerman first released strong cryptography into the civilian domain (PGP). The US federal government started a virtual war against this, and did everything they could to make Phil’s life miserable for years – he was persecuted. To help characterize the times for you, the only way he could release the source was to print it in books, then sell the books worldwide. This was still legal (although it infuriated the feds) because printed books had censorship protections and freedoms. People would buy the books, scan in the code (a very tedious and error-prone process, especially for crypto code), and (try to) compile it. This is how strong crypto first left the military domain and found use around the world, even something as simple as the https you now take for granted. Crypto wasn’t just used to keep secrets, but to expose them and to protect people (dissidents, activists, even intelligence agents). Anonymous and pseudonymous remailers, the precursors to today’s tor network, were developed and basically created chaos for those who numbered and controlled everyone. It became much more difficult to suppress information.
It was an exciting time – people are now revisiting some of that excitement with the Snowden affair and such – and we were all eager to master these new tools and free the world. Although some commercial software did exist, the 80s were very much a do-it-yourself time in computers. Much of what you used, you wrote yourself, so adding crypto to that mix created an explosion of new tech. “Conspiracy theory” was not a term then, and no one would have taken it seriously. If you didn’t distrust every government and newspaper, you were simply a damn fool. This is why I still consider most of you damn fools. ;) It’s hard for me to comprehend the naiveté in today’s world, and the easy validity given to people who ‘debunk’ revelations of obvious corruption.
I’ll share two personal anecdotes to give you an idea of those times for me. For one, I personally discovered a crypto key in a widely used crypto server of that day that had most of its bits set to 0x00 (rendering it compromised). No paranoia required – I witnessed it. People had been relying on this sophisticated tool for their anonymity (in some cases their LIVES) for a few years and it hadn’t been detected, despite alleged peer review. I happened to be examining the source to borrow some code and I couldn’t believe my eyes. A chill went down my spine. I immediately published my findings to the mailing list so that I would not become anyone’s target (paranoid? perhaps, but I was scared). The server’s developer quickly corrected it, but it left a lot of serious crypto people shocked and questioning, and it pretty much outed him (or someone he worked with – we didn’t have git in those days to find who did it) as someone’s agent, probably some government’s agent. He was actually a very likable fellow, though, and I had spoken to him on occassion. It was disturbing to see his likely involvement. I have never completely trusted anyone since.
The other event also left an indelible memory. My work was strictly legal (I even did my best to obey the ridiculous code export rules of the day, though they were mostly useless, locking the barn door after the horse had left), so I didn’t often have overt friction with the various agencies harassing people. As with the mailing list event, I tried to use openness to protect me. Release first, explain later. They knew of me and let me know that, and my web pages would routinely be shut down on spurious copyright claims, etc., but it was mostly just annoyances. Although I worked behind a layer of strong anonymity in those days, being a developer, one was always logging into servers and such, and we didn’t have the tools of today, so I knew I wasn’t hidden from serious players. Yet in this case I was sure I had heard from them. Although writing hard crypto (in the mathematical sense) wasn’t my central area, I had combined two crypto algorithms in a unique way. I was excited – it seemed to create an exponentially stronger algorithm and method. As was my habit, I released my notes immediately – everything to reproduce it – don’t want the hot potato. And I promised it would be in my next software release. It was then I received the oddest emails, like I had stepped on someone’s toes. Someone was desperately trying to convince me that I shouldn’t use the algorithm. First, they tried various broken technical arguments (which only revealed to me that they were lying), and then it turned into virtual threats. Who would be this motivated to make me stop using this algorithm, I wondered. I had the impression that the guy in some agency who monitored this area realized it would make a whole lot of new work.
It was almost like he was trying to protect me, to save me from myself. It wasn’t my first contact with ‘weird’ – I had received out-of-place business offers and other questionable things in the past. I got phone calls in the middle of the night, hang ups, just to let you know you were on someone’s list (this was common then among us, before cell phones existed). Yet this was eerie, and we never knew who we dealt with in those days. Intelligence agencies to an extent helped the process, even against the government’s own wishes and laws, because their agents used these same tools as us, and basically all the people using PGP and other tools were creating lots of cover traffic for their spooks. So even within governments there has always been a mixed reception to crypto breaking loose, and we found ourselves in strange company at times.
Long story short, within a few years of that incident, I quit the business and destroyed my PGP keys. It was always stressful having someone’s life depending on your code and keystrokes. (File management is blissfully relaxing by comparison, even though this is generally considered stressful work since you have people’s data in your hands.) After working for quite a few years in this area, I was developing shortness of breath and heart palpitations, and my nerves were simply shot. I had also come to see that the biggest players had developed ways of manipulating our systems. I saw the emergence of the new strategies of keyloggers, plausibly deniable code errors, weak OS security, network sniffing, and other non-brute-force attacks. All of the OSes of the day were simply not up to the task of providing a secure platform for anything. So the greatest algorithms were basically at the mercy of Microsoft’s (deliberately) botched security.
Plus, I had done my part, and I was burned out. Twenty-some years ago, I was working hard to help develop the technologies you’re using today. Now, I can barely follow the manuals I wrote back then – seems like gibberish to me and I simply don’t remember enough detail to understand most of it. When I decided to develop SpaceFM, I figured it would be a relatively relaxing project, with just basic security issues. The last thing I ever expected to be involved with again was spies.
I feel like I’m in one of those movies where the expert tries to retire but his retirement is invaded and he’s pulled back into ‘the game’. I don’t want to be in the game. How did this happen? I’ll tell you.
I’m a problem solver. I can analyze systems, find what’s not working or not optimum, track it down and correct it. I’m very good at this, you might say gifted. That’s why my software generally works well. Yet some aspects of SpaceFM were not working well. As I followed the trail of why they were not working well, I was led right into Red Hat and company.
For those who haven’t followed this blog, here are a few of the steps. I noted how udisks2 was built broken, seemingly deliberately breaking everyone’s work. Even before this, Linus and other kernel developers had noted horrible dev practices in the kernel, with some commenting that it seemed like Red Hat was engineering it to be broken. This is what I saw too – all these Red Hat developers doing surgery on the deepest parts of Linux, breaking it! I asked outright, What Is Red Hat Doing To Linux? It’s unusual seeing such high motivation in Linux developers – usually they have obvious reasons for the changes they take the time to make. Yet many of Red Hat’s changes had no immediate purpose or advantage – it was like watching a chess player putting pieces in place for some later conquest.
Next came my GNOME (et al): Rotting In Threes article, originally based on an email from someone who didn’t want their name involved (gee, that’s odd in open source), which exposed a climate of hostility to users and developers, and basically demonstrated how Red Hat completely controlled GTK and GNOME. This article went viral, bringing over 50,000 visitors to this blog and attracting the attention of Linux Users and Developers magazine’s editor. I eventually wrote my A Linux Conspiracy Theory article for them, extending on the material in the GNOME 3 article. I didn’t really want to write this (writing is a lot of work, especially when you have an editor in a print magazine ;) Yet I felt it was a good opportunity to make people aware of some of these development practices I was seeing, so I did my best to present what I was seeing at the time.
Since then, more has happened to reveal the true story here, the depth of which surprised even me. The GTK development story and the systemd debate on Debian revealed much corporate pressure being brought to bear in Linux, which I ranted about in GTK fesses up – this ain’t for you; Qt takes over the world. In comments there and in Ubuntu To Dump Nautilus, some really startling facts about Red Hat came to light. For me the biggest was the fact that the US military is Red Hat’s largest customer:
“When we rolled into Baghdad, we did it using open source,” General Justice continued. “It may come as a surprise to many of you, but the U.S. Army is ‘the’ single largest install base for Red Hat Linux. I’m their largest customer.” (2008)
This is pretty much what I had figured. I’m not exactly new to this, and I figured that in some way the military-industrial/corporate/intelligence complex was in control of Red Hat and Linux, and was devolving it into a useless, compromised toy. But I didn’t expect it to be stated so plainly. Any fool should realize that “biggest customer” doesn’t mean tallest or widest, it means the most money. IOW, most of Red Hat’s money comes from the military – they have first say in its development. And the connection between the military and spying agencies, etc. should be obvious. Not to mention the fact that dealing with Red Hat developers always creeps me out, just like those weird emails in the 90s. Something just isn’t right there.
Next, a reader posted this FOSDEM: NSA Operation ORCHESTRA Annual Status Report. Well worth watching in its entirety (including the Q&A at the end), to me this turned out to be a road-map detailing how Red Hat is operating on Linux! I recognized so much of it from personal experience at this point (and trust me, Red Hat controls almost every core component in Linux, in case you didn’t know). Presented by FreeBSD developer Poul-Heening Kamp (aka PHK), it does a great job of introducing some very subtle concepts, and I was shocked by how closely the examples he gave matched what I had been seeing Red Hat (and other corporations) doing in Linux the last few years. He also explains that “PSYOPS For Nerds” is a reality – our communities are being engineered and propagandized very effectively, pushing them in the directions desired not by us, but by… whom?
Well, what do you know? Without even trying to get there, my simple explorations into what was broken in Linux led a trail straight to the NSA (or whoever is behind such three-letter agencies). As usual, just follow the money. And these days, they admit much of it openly – secrets are just too hard to keep.
While I don’t use PGP much these days except to sign releases (old, good habit), what is an ex-cypherpunk rebel like me to think of such things? I honestly don’t know. It seems people have become very complacent and accepting of corporations and governments running their lives. We wouldn’t have been so appeasing in the 80s and 90s, but these are different times, and I understand that. Largely people are oppressed and heavily propaganda-fed. PHKs belief that this is not merely a technological problem but a social/political one is a view I have expressed several times, almost verbatim.
I think all of these revelations bring up questions for Linux users. For example, why should I care about encryption if I have no secrets to hide from a government or enemy? Why should I care about them rooting everyone’s system and being in charge of its core engineering decisions? Why should I care that Linux’s security is just a myth, as is the idea that it’s freely and openly developed, and anyone can participate? Why should I tell the truth about it? Why should the reality that Linux is a military- and spy-agency-created OS be important? Here are some of my answers to those questions.
It turns out that cryptography is not just for keeping secrets, and intrusive spying is not just about finding bad guys.
Computer technology, like any technology, has been weaponized. It is not merely used to serve homes and businesses, it is used to gain supremacy and control over people, governments, and other institutions. Today’s computers, the military versions of which are far beyond civilian specs, are very powerful to put it mildly. Anytime you have great power, held in darkness in the hands of a few people, you have a recipe for tyranny. Do you enjoy war and destruction in your neighborhood? If not, you should be paying attention to this, NOW. Because one thing I can tell you: All these people know how to do is create war.
Let’s be clear: This is not a new problem. Humans on earth have been enslaved for thousands of years. Governments and banks have always been corrupt and severe. Every form of communication, even something as simple as a typewriter or printing press, has come under constraints and control designed ultimately to control people. It’s that simple. There are those who would enslave and control the world. While some of them may believe in their causes and feel they are ‘the good guys’ despite the insane things they do every day as ends-to-means, one thing that history has shown is that power corrupts absolutely. And governments abuse every power they assume, without exception. It’s history, including modern history. This is the world we have always lived in, and we always manage to scrape out some small degree of freedom from absolute tyranny (although there has been plenty of it experienced). Where does it end?
While PHK in the video says just use politics to solve this problem, most of us know that politics and media are as crippled as technology. They are largely controlled. I would say use everything to help address these problems: technology, politics, and in general, social change. Many people think they can change something by just voting once a year. But that requires almost no effort or risk, and as such produces almost no result. Real change requires real efforts, affecting every area of our lives. It’s costly – a genuine investment.
Cypherpunks have always advocated using strong cryptography as a tool of social change because it helps level the playing field. It is way to help distribute and balance power and information, rather than having it in the hands of a few people. How does this work?
I am not an advocate of battling the NSA, creating lots of secrets, private armies, and all of that. Rather, what we can do with this technology can be open and free. Cryptography can be used to keep information free, including information on corruption (eg whistleblowers). Simply put, it can empower and protect people who stand up for people. Who is stealing what from the people of this world? Let’s shine some light there.
Cryptography is also used in authentication – webs of trust – so that you can identify someone. Why would this be socially powerful? Ask yourself why we need elected representatives (vastly overpaid, corrupt lawyers) deciding the laws that control our societies? Why can we not simply micro-vote on each issue ourselves? We cannot do this because we are not allowed to, and the technology that could easily make it happen is suppressed. If the current electronically corrupt voting systems were replaced and recreated, many old tricks wouldn’t work. It is simply ridiculous that we have legal representatives in their current form – it is a total failure to use cryptography effectively.
Why is it important to have an OS that is free of rootkits and security holes? Because the computer is a very important tool in the modern world, and for citizens to exercise their power, they need such a tool to be reliable. They must own and control it. Beyond this, there are the many creative freedoms found in computers (or any information-based technology), and all the social growth they represent.
While this may sound strange for a cypherpunk, I am not a big believer in secrets. Rather, I am a big believer in openness (in finance, governments, business), and a believer in the free flow of information. I also feel that most intellectual property schemes do more to hold back progress than any other system – the idea of owning information is simply a system of mind control and exploitation. Many of the people reading this are deeply invested in that exploitation system whether they want to admit it or not, and are inclined to defend it because it serves short-sighted interests. But when you’re a slave breaking rocks, you may not think so much of where that system has brought you. You too are being herded aboard the trains, and your perks are temporary. History will show you this if you look at it.
Cryptography, and especially the larger concepts of distributed, non-centralized systems, open and participatory government and development groups, open accessible hardware, and many other powerful ideas that you see open source people advocating DO affect you. They protect you and everything you value in your life. Using such tools effectively and routinely is investing in your future.
Having grown up in the 80s, I am used to visions of the future – we spent a lot of time thinking about such things back then. We were a generation of dreamers, with nuclear annihilation hanging over us. A lot of our dreams from 20 years ago are now encoded, in your web browser for example, as reality. We lost the war against intrusion, but I believe we did take some steps toward openness and computing freedom. The primary threat today seems to be technological tyranny – the old Big Brother concept coming to living life (and death). Primarily it is an attack on the mind and creativity of man. I don’t see as much dreaming of the future today – the generations today seem to lack vision. Maybe it’s time to get some, to dream a little, and to put those dreams into action with real technology and POWER. The power that large groups of people united in certain principles acquire. This is different from concentrated power that oppresses people. It is distributed power that you share in, and which protects you and everyone.
One of the first and foremost principles is honesty. It’s time to start telling the truth about what’s happening in Linux, despite all the paid disruptors interfering in such discussions. Many Linux users and developers operate from myths that are simply no longer true, and really never were. Linux is a government, military product, right down to its core. There’s a start to truth-telling for you.
I’ll tell you one secret: It’s very, very difficult to control information, and to control people. In the long term it’s impossible. We have an easy advantage in many ways, because information is free by nature, and people are ever recreating themselves, defying control. I wouldn’t want to be a power-monger trying to rule the world! It’s a very tough job. And everything we can do to make that job more difficult is worth it.
The powers that be in this world don’t want to protect you, they want to protect themselves and their power. Nor do they want to share that power with you. They are not creating systems that create security for you and end corruption (stealing from you), they are creating systems that create vulnerabilities and concentrate corruption (wealth) in their hands. The solution is to distribute power, and to reveal the ‘plots’. Terrorists (the favorite theme of the day) don’t want open, authenticated systems anymore than governments do. Thieves always want closed, complex, dark systems where they can hide and manipulate without being exposed for what they are. Governments want the same (surely an amazing coincidence). People should have the wisdom to see that such systems serve no one but thieves.
So that’s my little pep talk. To be honest, I am as overwhelmed by the state of this world as anyone. There are no simple solutions. But I do believe in certain principles, and I do believe in how powerful they are – if you apply them. Learn to use the tools that matter, and use them well. Use them to create nothing less than a new world.