Category:

Archives:

What is Open Source software and why does it matter?

  on August 14th, 2012

I am still surprised how few people seem to understand what open source (aka ‘free as in freedom’) software means and why it is important for us all. Therefore I shall try to explain, as best I can, concentrating mainly on the, primarily Google funded, mobile device OS, Android (for that is perhaps the most familiar open source software to most people today).

In a nutshell, open source software makes the source-code freely available to all, to do with as they wish. This is true of Android, Linux and so many more projects that nobody could hope to list them all.

So that means I can download Android, for free, and put it on my own device? Yes. I can tinker with it, make it do what I want? Yes, with one proviso – if you share the compiled (binary) changes with anyone else then you must also share the source code, so everyone can take what you’ve done and tinker with that themselves. That’s the deal – if you take and change then you also give those changes back.

This sort of community spirit openness might sound almost scary, wild west territory. Instead it has given us things like the effort to run Android on the Raspberry Pi and the Ouya, a games console that anyone is free to write software for, without the crippling licence fees, potential content censorship and expensive development kits of the established players. This cannot be stressed enough – students, the curious and the paranoid can all examine and learn from the Android source code. You want to know how any of it works, then it’s right there in black and white. I should also stress that Google did not need to be involved or even asked permission (let alone paid any money) for Android to be put on the Raspberry Pi or Ouya. Open source software is a resource for all and projects like Ouya could not hope to exist otherwise.

Why does this matter to me, I’m not a programmer? It matters because Android is effectively a community resource, those that can program are free to submit their improvements back to the Android Open Source Project. That’s how open source software thrives, lots of people scratching their own itches and submitting their ideas and software changes for all. But people aren’t that generous are they, they’ll just keep the changes for themselves? No, even with those who do think that way it quickly becomes too much effort – every time there is a new version of Android released they have to reapply their changes to the code, it’s easier to submit it ‘upstream’ into the official version.

What happens if Google really goes evil on us? You mean the Google that employs so many highly skilled (and therefore highly paid) people to work full time on Android and then gives that code away, for free, to everyone and anyone? Unlikely but not impossible, I suppose – management changes, circumstances change. In that case the community just takes the Android source code and ‘forks it’, which is to say they simply build a competing version of Android based on the same, mainly Google funded, source code. Anybody is perfectly entitled to do that. In fact, in essence, Amazon have already done just that with the Kindle Fire. In that instance it was for their own commercial purposes rather than a community-led move, so it will always be something of a dead-end fork but that need not be the case if there were community consensus. Maintainers of open source software, such as Google, always need to be mindful of their user and developer community, lest they lose their project from underneath them. This is what will make Google stick to their ‘Don’t be Evil’ motto more than anything else.

Well, I’ve rambled on in a manner that was rather less convincing that I intended. Clearly I’m not quite in the rhetorical mood I need to be!

It boils down to this: when you invest in open source platforms you potentially enrich us all, instead of the few. Think about the sort of person you are – are you one of those self centred people that you might find working in the City of London or the sort that values freedom and sharing?

You might think it’s just a phone. It’s not. It’s an ethos.

 


 

Calm before the redesign and social networking temptations.

  on August 11th, 2008

TwitterWith our recent podcast now published, I have a few days before I need to think about the next one or the August (for September!) Staggering Stories update.

That being the case I find myself looking, once again, at a site visual redesign. My current efforts are a bit of a shock to the eyes, it will probably need to be toned down a bit! Much more work is outstanding on that job, not least the actual implementation on 400 odd html files…

Onto my other quick subject, though – social networking sites. Yesterday afternoon I was looking at the ex-Outpost Gallifrey forum and the SFX forum to post announcements on the Podcast 26 release. On at least one of those sites I was beaten to it by one of my fellow Staggering Stories friends. At the bottom of her post she put a link to the Staggering Stories Facebook site. Now I’ve been resistant to the MySpaces and Facebooks of this world for some time, it all seemed a bit pointless and a bit faddish. The past year I’ve been particularly resistant to Facebook after seeing someone publicly vilified (very publicly) for a jokey Facebook profile (that was actually done by a friend of theirs.) Is it time I relented, though? Can I sit by and not be part of that Staggering Stories facebook group? Probably not. That cracking sound you hear is probably leading to an imminent cave in!

The other Social Networking thing I’m currently investigating is Twitter. Yes, I’ve already created a Twitter account, AdamJPurcell. Just quickly, what’s Twitter? According to the ever amazing Wikipedia (more popular than the Celestial Home Care Omnibus):

Twitter is a free social networking and micro-blogging service that allows its users (also known as twits) to send updates (otherwise known as tweets) which are text-based posts of up to 140 characters in length.

Why? It is just a way to add a bit more life to the Staggering Stories site. I can post saying that we are about to start recording a podcast. I can tell people that I’m working on the next update. Even tell them about Sci Fi type things I’m doing or have just found out about. Of course I can do this ‘micro-blogging’ direct on my new mobile phone, too.

Will this Twitter idea really catch on with me? Maybe. Maybe not. Who knows. An interesting experiment.

 


 

Online Privacy Protection

  on June 14th, 2008

Privacy is not a crimeThe whole Phorm debate has died down a little recently. It’s still coming coming, though, as are similar systems throughout the world. A while back I promised I’d note down some tools that I use to help protect my privacy online so you might do the same. So, here is my current setup:

  • Firefox
    • The best place to start with online privacy and safety is, I find, to use the Firefox Web Browser. The list of advantages over the default (on Windows) Internet Explorer browser are far too numerous for me to list here. The main point is that Firefox is just more secure. It also has a very good Extensions framework that we can use to plug in any manner of Add-Ons, such as:
  • CookieCuller
    • The all too numerous advert and web user tracking firms all use web browser cookies to remember who you are. A cookie is basically a tiny little text file that is saved on your computer by a website. The web is non-stateful, in other words every page request you make is unique and unassociated with any other. Think of the web as someone with no short term memory. You are on a walrus cleaning kit shop web site, you browse to the product that is correct for your particular walrus (it might have especially leathery skin). You click on ‘buy’. This causes the page to refresh, i.e. the web server serves another page to your browser. The web server knows what you’ve just clicked, as it is directly responding to it, so it can show you your new item in your basket. Click ‘check out’ and, whoops, your cleaning kit has gone! Why? Because it only knows about your last action, namely clicking ‘check out’. It has forgotten about the ‘buy’ you clicked the time before – it has no memory, it can only respond to your current action. That’s where cookies come in. The web server might assign you a unique ID (often a fantastically long random number). The web server can then request that cookie from your browser every time a page needs to be built. The server can then store, usually in a database on its end, a history of your actions. When it sees your cookie it knows who you are, can look you up in its database and can thereby remember what you’ve done already. Incredibly useful and even essential for many sites.
    • The problem is that adware firms and tracking firms (often one and the same) can also use cookies to remember who you are. Almost all major websites now havew third party tracking junk on their webpages. Phorm also uses this technique to remember who you are (and, even, remember who you are and that you’ve ‘opted out’ of being tracked!) The obvious solution to this is to either block or automatically delete these cookies. That’s where CookieCuller comes in. It’s a Firefox extension that enhances the already built in cookie control options. With the default Firefox cookie support you can already ban cookies from sites that you choose (the likes of advertising.com, phorm.com, oix.com, adrevolver.com, webtrendslive.com, and so forth). That’s great if you are sure about banning those cookies outright and keep an eye on new cookies that appear (Firefox ‘Preferences’, ‘Privacy’ section, ‘Cookies’ tab, ‘View Cookies’). An alternative, or as a supplement in my case, is to use CookieCuller to automatically delete cookies when starting up Firefox each time. They can still see what you do over that Firefox usage session but next time you use Firefox they won’t realise you are the same person, you’ll be automatically assigned a new unique ID as your last one is gone. Install CookieCuller, perform the necessary Firefox restart, go to the ‘Tools’ menu, ‘Extensions’, select ‘CookieCuller’, press the ‘Preferences’ button and check the ‘Delete unprotected cookies at startup’ box. There you have it, those firms that have been tracking you for months will no longer be able to do that day to day. You can also ‘protect’ certain cookies from the automatic chop (such as any Staggering Stories cookies – we’re not tracking you, honest!) so you aren’t forever having to type in your usernames and logins to some sites that remember such things. See the ‘Tools’, ‘CookieCuller’ main preferences page for that.
  • Adblock or Adblock Plus
    • Another couple of Firefox extensions. They both serve the same purpose: removing those irritating adverts. Small unobtrusive adverts aren’t normally a problem. However, these days many pages come plastered with dozens of irritating flashing images, jumping all over the place. I not only don’t like looking at them but I outright don’t trust them, at best they might be trying to track me, at worst they might be trying to install malware on my system. The best option is to stop them downloading to my machine at all. Saves bandwidth (pages load quicker), saves my sanity from the crazy flashiness and protects me from any nastiness. Either Adblock or Adblock Plus will help with this. Personally I still use Adblock (it’s simpler but, as I recall of Adblock Plus, requires more work to maintain than its Plus variant). You can try out both (one at a time!) to see which you prefer. The original Adblock provides a list of elements on the page, such as images and javascript, along with where they came from. Usually these adverts come from another site than the one you are visiting and are therefore very easy to spot in the list. You can then simply always block from that advert bureau site (which, when you’ve encountered most of the major bureaus, will clean up the majority of all sites for you – there are only so many advert peddlers that most sites use).
  • TOR
    • This is a big leap from Firefox and add-ons, even I rarely use it. TOR stands for The Onion Router. All of the above ideas still pass pages and other data through your ISP’s systems in a fashion they can intercept. Your ISP still knows where you are going online and, potentially, what you are reading/watching and buying. I say potentially as some sites, particularly shops during the check-out phase, do encrypt the traffic so no one else can read it. They can still see where you are, however. The only way to avoid your ISP being able to snoop on your privacy is to encrypt all of the traffic on your computer before it goes out to your ISP, including the name/URL of your destinations. But how can your ISP send your requests onto the correct site when they don’t know where you want to connect? That’s where an onion routing network comes in. Think of an onion, any onion. In the centre is your data – the web page you are trying to read or data you are sending back to the web server. Around that are multiple layers of encryption. A series of machines, as part of the TOR network, are out on the Internet waiting for your traffic. You have a layer of encryption for each machine. Your computer sends the onion to the first computer in it’s list. That computer, and only that computer, can decrypt the first layer. Inside it sees another layer and an instruction of the next TOR computer to send the diminished onion on to. The next TOR computer does the same, passing on to the next computer and so on. Finally the onion will have only one layer left, it strips it off by decrypting it. There it finds the now unencrypted centre of the onion which may be, for example, a request for a web page. The machine grabs that page on your behalf (the web site not knowing that the TOR machine requesting the page isn’t where it will ultimately go). Then it creates a new onion that is sent on a reverse path back to you.
    • The upshot of all this is that the ISP only sees encrypted traffic into the TOR network and has no idea the route through the TOR network it might take and especially not the final destination. Likewise the final destination doesn’t know the true source of the traffic, only the IP address of the exit point of the TOR network you are currently using (it is a random path, including entry and exit point, each session). Clever stuff. Not perfectly secure and I haven’t explained it particularly well or accurately but it will certainly stop your ISP and their Phorm buddies invading your online privacy. It is also often a little slow, for obvious reasons. That’s why I rarely use it but then Phorm isn’t active on Virgin Media yet (so far as we know…) It also requires a special proxy to be installed on your computer (or local network) and configuration of your web browser(s) to use it. It may well be worth all the trouble in the future, though…

That’s all the tools I currently use to stop strangers snooping on me (or, at least, make it a lot more difficult). Take this as a starting position, a place to begin your understanding. Everyone should have an understanding of the privacy tools on offer. I once heard someone equate your ISP to your doctor. Both know a lot of private details about you. Wouldn’t you be horrified to hear your doctor is selling those details to third parties? Potentially your ISP knows even more sensitive information about you. They should treat ‘patient’ confidentially with even more care. Instead they really are looking to betray those confidences for money. Don’t let them.

 


 

Phorm and The Privacy Problem

  on March 20th, 2008

big-brother.pngIf you’ve got nothing to hide then you’ve got nothing to worry about. So say those who wish to intrude on our lives in so many varied and insidious ways. It’s an argument that, on the face of it, is hard to counter.

Phorm is the new Internet monitoring system that is about to be installed on about 90% of all UK broadband lines. British Telecom, Virgin Media and Carphone Warehouse have done a deal with this Phorm outfit that will see all regular web traffic pass through servers Phorm have provided. A unique ID will be assigned to your computer in the form of a web browser cookie. Every web page you then go to will be categorised and put against your unique profile in the Phorm system. This profile will be used to target adverts at you.

Such ‘consumer profiling’ is not new. Every shop loyalty card you have is all about building a profile of you. Of course the difference between what type of tea you buy and what you do online is vast. Do you do Internet banking? Do you use web based email? Do you run a blog? Social networking sites? Ever looked up medical advice? Car or home insurance? Forums? Wikipedia searches? Online shopping? The list can go on and on. Still got nothing to hide?

We’ve all heard stories of people having their identity stolen simply by people looking through their rubbish. We are all warned to shred important documents instead of just bin them intact. At least with our rubbish we can be fairly confident that the local authorities aren’t systematically sifting it to build up a picture of who everyone is (that would be a massive manual task that simply could no remain hidden, even conspiracy theorists must surely agree). The difference with Phorm is that we absolutely do know they are sifting through our online activities and there is almost certainly a lot more to be learnt from it than could ever be determined by our refuse. That’s their business model – find out all they can about us. It is, in effect, a wiretap on our Internet usage. How about now, still nothing to hide?

Public outrage has prompted Carphone Warehouse to promise an ‘opt-in’ for this service. BT and Virgin Media have made no such promise, so we assume the standard ‘opt-out’ mechanism will be used – you will be tracked unless you specifically opt out. What’s more in both scenarios it is still less than clear what this will mean on a hardware level. It currently appears that either way your traffic will go through a Phorm provided computer, the difference is that we are told that someone who has opted-out (or not opted in, in the case of Carphone Warehouse) will have their activities ignored. For many people this is not good enough, they don’t want their traffic going anywhere near Phorm computers. Not surprising, given that 121Media (the people behind Phorm) have in the past been accused of distributing spyware. Many Anti-Virus companies are also publicly considering classing the Phorm identity cookie as adware and automatically blocking it. Of course this doesn’t stop the traffic from entering the black box Phorm computers.

How much money is 121Media paying BT, Virgin Media and Carphone Warehouse? How can we trust these people as our ISPs, selling their customers activities to a third party? Is this just the beginning of a nasty trend? It is almost unbelievable that they’d take money to install third party computers between their customers and the wider Internet. All regular web traffic passing through Phorm, without exception. Big brother in a box that the Russian 121media own and administer remotely. It beggars belief. It speaks volumes as to value they put on their customers privacy. How can they ever be trusted again?

There is much more to be said on this yet. The limitations of the Phorm spying (both claimed and the certain (as in https should always be immune)). The potential ways around it. The legal questions the whole thing raises – does this constitute illegal ‘interception’ under the Regulation of Investigatory Powers Act 2000 (RIPA)?

More information can be found via the ever useful Wikipedia Phorm page. The BBC News Phorm coverage is also pretty good. The Register is probably the most vocal on Phorm news.

Certainly sign the Phorm Petition on the 10 Downing Street website, while you still can (before it expires I mean, I’m not suggesting that the new Phorm systems would ever block access to such protest sites…)

In future you may have to be very careful where you go on the Internet, even accidentally…

 


 

Portal: Where’s my Cake?!

  on November 17th, 2007

Portal - looking at yourself, sidewaysI’ve just finished the fantastic PC game Portal. One of the best games I’ve played in a very long time – I highly recommend it to all. It’s basically a puzzle game where you play a test subject who has to use an innovative ‘Aperture Science Handheld Portal Device’ (aka the ‘portal gun’) to step from one part of a level to another (or move objects past barriers). That’s not a great description, you really have to play it to fully understand.

The physics of the game are what makes it special. That and the dark sense of humour that pervades it. I don’t want to spoil the ending, it’s definitely worth seeing unprepared, but if you find yourself stuck on a puzzle don’t give up – the ending is funny enough to keep trying!

Just to explain the game concept a bit more, you can think of the Stargates from SG1 or the Jump Gates from Babylon 5. Basically you have two portals that you can cast onto walls, floors or ceilings (with deliberate exceptions). Go into one and you come out of the other. Unlike the Stargates or Jump Gates, you can actually see through the portals. So, if you put two portals on opposite walls you will be able to look into one and see your own back. In fact you will be able to chase yourself through an infinitely recursive series of portals – like looking into a mirror with another mirror behind you.

The physics get fun too. Imagine casting a portal onto the floor and another onto the ceiling directly above. Step into the portal on the floor and you fall through the portal above you and then into the portal on the floor and then through the ceiling… Yes, you can fall forever! Other interesting effects happen when you cast onto a wall and the floor, for example. You can look through either portal and the world you see beyond will be at a right angle!

It’s not often that a truly innovative game comes along these days, especially not one done so well. It might be a little short but it is pretty cheap to make up for that. I bought it as part of The Orange Box (Valve’s amazing pack of AAA titles, Half Life 2, Team Fortress 2 and Portal) for £25 from Sainsbury’s (more normally £30 or £35). I bought it mainly for Portal, I heard such great things about it – clearly I wasn’t disappointed. You can also buy Portal on its own for $19.99 (plus VAT for us Brits, taking to about £12, probably) on Steam.

Yes, this sounds like an advert! Not many games are good enough to make me recommend them so strongly. I’m afraid there doesn’t appear to be a demo for Portal but Steam does have a Trailer.

My only reservation is: who got my cake?