Grammar As Proxy: The Experian Data Breach

November 15th, 2015

I got a treeware letter recently from Experian explaining how one of their servers had been hacked and how my private data (name, address, Social Security number, phone number, birth date, etc) was likely obtained by criminal resellers. The letter was a little more euphemistic than that, but that’s basically what Experian was admitting. To make up for this incident, they were offering me a free two-year membership in their “ProtectMyID elite credit monitoring and identity theft resolution services”.

Now, one might, in these circumstances, ask oneself “Why would I want to enroll in an identity protection service offered by the very company that just admitted they compromised my identity when their server got hacked?”

Fortunately, their own FAQ addresses this question forthrightly:

Q: Since Experian was compromised; can it effectively offer credit monitoring?

A: Absolutely. This was an isolated incident of one server and one client’s data. The consumer credit bureau was not accessed in this incident and no other clients’ data was involved.

Well, that makes the decision easy. I don’t blame them for getting hacked — that could happen to anyone. But no way am I trusting my private data to people who use a semicolon where they should use a comma!

Privacy is an ecological concept, not a transactional one.

October 5th, 2015

On a private mailing list, a friend recently asked this:

Playing devil’s advocate here: what privacy are you trying to protect? Is it very important to you that websites not know what sort of products you’re interested in (and if so, why)? Or is it that you simply find targeted ads annoying?

I ask as someone who spent four years trying to help websites show less annoying ads.

Below is my response (after someone else on the list said “Sorely tempted to exfiltrate the hell out of this. Can we have it on a web page please?”):


I think Eben Moglen’s observation that privacy is really an ecological concept, not a transactional one, is the best answer to this. Thinking of privacy primarily in terms of the relationship between the user and various commercial third-parties misses the point. This post gives the relevant passage from Eben (it’s not long, and there’s a link to his full talk):

hroy.eu/posts/moglen_privacy_ecological

He has also pointed out that these days it’s an explicit goal of the U.S. government to have and maintain the social graph of everyone. That is, all the relationships, to the highest degree of accuracy and resolution possible. So the information Google and other online services collect is now potential data for that graph. It’s already both subpoena’d at some times and surreptitiously exfiltrated at others (though Google has done admirable work trying to prevent the second; how successful that has been, we can’t know, but it probably has had some limiting effect).

My point is: all that data we’re collecting, once it exists, it’s valuable to more parties than the ones who originally collected it. And by the Ashley Madison Principle, there’s no such thing a confidential dataset. There are only datasets that have not yet been involuntarily shared, and those which have been. There is no guarantee you will be able to tell which category your particular dataset falls into.

So when you ask “Is it very important to you that websites not know what sort of products you’re interested in?”, you’re framing an ecological question in a transactional way. This unintentionally transforms the question from the one we should care about to the one collectors of large-scale data would prefer we ask :-).

I realize, of course, that there is a tradeoff here. Google really can improve the quality of ads — quality as seen not just from the advertizer’s point of view, but even from the user’s point of view — by tracking and analyzing everything everyone does. The benefits are near-term and (for Google and the advertizers) centralized; the costs are long-term and decentralized. But that doesn’t mean the costs aren’t significant. It’s very similar to the economics of a lot of environmental pollution, actually, which is partly why “ecological” is such a good word here. I think in some ways it’s almost the definition of an ecosystem to say it is a system from which short-term, easily measurable benefits can be extracted for particular members at long-term, hard-to-measure (but real) costs for all members. Privacy turns out to be such a system.

Does that help?

Twitter “Verified” Account… Not So Much.

September 13th, 2015

Update Nov 2015: Many thanks to Twitter engineer Eitan Adler for grabbing this one by the horns and steering it skillfully and persistently through the support team. My friend’s problem is now solved.

Note: If you’re from Twitter Inc., please contact me. If you work at Twitter and you know how to fix the problem described in this post (or even if you don’t work at Twitter but you know how to fix it) please feel free to contact me privately about this. It should be pretty easy to prove my friend’s identity in whatever way is needed. I’m kfogel on Keybase.

Dear Lazyweb,

A friend of mine has a Twitter “Verified Account”. This means he’s a well-known enough public figure (which he is) for Twitter to have verified his identity. His Twitter page has a little blue checkmark, which indicates that Twitter is vouching that this person is who you think he is.

The only problem is, his account got hacked.

Not hacked directly. Instead, the hackers used social-engineering to dupe his email provider into giving the hackers control of my friend’s email account. Then in his Twitter account, they pretended to be him claiming to have lost his password, so they could do Twitter’s mailback-confirmation dance to have themselves emailed a password reset link. That password reset link, of course, went to the hacked email account, so then they had his Twitter account too.

My friend is a normal computer user, but is not otherwise particularly technical, and he asked me for help getting back control of his account.

My first thought was that Twitter, since it provides verified accounts in the first place, would also provide some special means of recovering such accounts. After all, they’re vouching for the identity. The sorts of public figures who get verified accounts are also more likely targets for getting hacked, so it would make sense for Twitter to have some recovery mechanism that is specific to verified accounts, some kind of recovery red carpet.

But if so, I haven’t found it yet. As far as I can tell, once someone gets control of the email address associated with a Twitter account, they effectively can take over that Twitter account and there is no to get it way back, even for “verified” accounts. (No, my friend had not set up any phone-number-based confirmation, just his email address.)

Here’s the the only account recovery screen I can get to; I haven’t found any path for holders of verified accounts, other than this path (click to enlarge):

twitter verified account recovery failure

Any suggestions?

(I’m not mentioning my friend’s name here because I don’t want to out this effort to the hackers.)

Freedom of conscience applies to Kenyan immigrants too.

July 9th, 2015

I’ve run across yet another reference to President Obama’s supposedly Muslim father, this time in a magazine that I subscribe to and like, The Atlantic.

It was in this interview of Michael Oren by Jeffrey Goldberg, but the relevant quote is actually from a piece by Oren in Foreign Policy:

In addition to its academic and international affairs origins, Obama’s attitudes toward Islam clearly stem from his personal interactions with Muslims. These were described in depth in his candid memoir, Dreams from My Father, published 13 years before his election as president. Obama wrote passionately of the Kenyan villages where, after many years of dislocation, he felt most at home and of his childhood experiences in Indonesia. I could imagine how a child raised by a Christian mother might see himself as a natural bridge between her two Muslim husbands. I could also speculate how that child’s abandonment by those men could lead him, many years later, to seek acceptance by their co-religionists.

Leaving aside Oren’s highly suspect psychologizing of Barack Obama, there is a more important error here:

President Obama’s father wasn’t Muslim; he was atheist.

In a limited sense — not one that would be sufficient for Oren’s purposes — the assertion that the President’s father “was” a Muslim is true, in that as a child Barack Obama Sr. was briefly Muslim, until roughly the age of six when he converted to Christianity (Anglicanism) while at a missionary school. But in any case, he later rejected that religion, and religion in general, before he ever married Ann Dunham and before Barack Obama Jr. was born. Not that it should matter if our President had a Muslim father, of course, but as it happens, he didn’t. His father was an atheist.

Although minor, I wish this error would be called out more often by journalists, editors, and interviewers. Freedom of conscience is for Kenyan immigrants too. What a pity that the man of whom Barack Obama Jr. wrote “he was a confirmed atheist, thinking religion to be so much superstition” should be remembered by the American public primarily by a religious affiliation he did not hold.

It is true that Obama’s grandfather on his father’s side was Muslim — he converted from Roman Catholicism.

Nice web design, but poor logic: Why OccupyGPL is wrong.

February 11th, 2015

Update 2015-02-12, ~12 p.m. CT: Eric Schultz just told me that the OccupyGPL site has suddenly started redirecting to choosealicense.com, within the last few hours! So my post here is already obsolete — the problem has solved itself. If anyone knows more about this, please leave a comment here. In the meantime, I’ve put a copy of the original text at the end of this post for reference.

Someone just pointed out OccupyGPL to me.

The authors of that site are trying to advocate for open source software licenses of the permissive variety as opposed to the copyleft variety — the GPL being the best-known example of the latter.

OccupyGPL’s logic is confused, however, and their conclusion doesn’t hold up.

They start by saying flat-out:

The GPL is not a free license. It restricts freedoms only to people it deems to be morally acceptable. Often there are people who do not fall inside this morally acceptable box, yet they do really have good intentions.

That makes no sense. There is a very specific, well-developed definition of “freedom” that is used by the free and open source software movement. The Free Software Foundation expresses it elegantly in a four-point definition, and the Open Source Initiative expresses it somewhat less elegantly (but no less clearly) in a ten-point definition, but it’s the same concept either way. That’s also the same definition of “freedom” used by Freedom Defined, by Creative Commons, and by virtually every other organization, including even governments (see here for one example), for deciding what constitutes free and open source software. And under this widely-used, extremely well-agreed-on definition of “freedom”, the GPL is a free license. I mean, it’s not even a close call: just look at the definition, look at the GPL, and see that the GPL meets the definition. QED.

What OccupyGPL doesn’t like is the GPL’s “share-alike” clause, the one that says if you share a GPL’d program with someone, even one to which you have made modifications (such modifications are automatically also covered by the GPL), then you have to offer that recipient the full source code under the GPL, so that the recipient has all the same freedoms you have.

In the strange world of OccupyGPL, that’s a “restriction”, I guess because it… restricts you from placing restrictions on someone else? But that’s as silly as saying that outlawing slavery reduces freedom, because it takes away some people’s freedom to own slaves. Hey, the analogy may be inflammatory, but the logic is the same, and it doesn’t make sense in either case. The freedom to take away others’ freedom is not a meaningful freedom to have — the proper word for that is not “freedom” but “power”.

An only slightly less silly argument offered by OccupyGPL is that the requirement to distribute source code (on request) along with your program could be an onerous burden, and that any license that places onerous burdens on the licensor is problematic. Except that the requirement to distribute source code is not onerous and by definition can never be onerous: you have the source code, and clearly you have a distribution mechanism that was sufficient to distribute the program itself, so you can just distribute the source code via that mechanism as well. The marginal cost for doing so is, basically, zero. Anyone who distributes GPL’d software can comply with the terms of the GPL without any significant extra effort. We have all been doing so for decades now. It’s a complete non-problem. A requirement to enable redistribution is not the same as a restriction on use, no matter how hard they try to paint it as such.

So that argument doesn’t really hold up either.

The third argument offered against the GPL by OccupyGPL is a strictly utilitarian one, but even at that it’s pretty weak. Quoting from their site:

Lets assume that there is a company that wants to use your open source library and integrate it into their proprietary program, they’re even willing to improve your library and release the improvements to the public so that the whole community benefits.

Unfortunately, at the end of the day, the company needs to ship a product so it’d like to keep their core closed source. The GPL outlaws this kind of interaction. Our good citizen, a company wants to release their patches to your library back to the community and yet the GPL is banning them from doing so! It’s not giving them freedom at all! Instead, the GPL is a different set of restrictions. It may be that you personally find the set of restrictions that the GPL offers more morally palatable than traditional closed source licenses, but it is not a free license. It does not grant freedom, it grants different restrictions.

Okay, so now we’re not talking about “more free” vs “less free” anymore (despite the non-sequitur that closes the second paragraph above, and the abuse of the word “banning” to mean something it plainly does not mean). We’re just talking about whether the GPL suits someone’s business model. But that’s a pretty short conversation: the GPL doesn’t suit everyone’s business model — specifically, it doesn’t suit business models that involve restrictive monopoly powers. On the other hand, it’s great for those whose businesses depend on preventing monopolies. For example, consider this alternative utilitarian scenario:

Lets assume that there is a company that wants to launch an online srevice based on your open source program. Their plan is to make proprietary improvements to the program, such that people who use their service and come to depend on those proprietary improvements, have no way to get the source code under an open source license from the company. Not only are those people increasingly locked-in to the proprietary company, but your own business suffers because you insist on giving users (and competitors) freedom.

Fortunately, you released your software the AGPL (a variant of the GPL and no doubt equally hated by the folks at OccupyGPL). This means that the other vendor can’t offer customers a version of your code with proprietary additions — instead, that vendor has to release their changes under the AGPL too. They can still offer the service, but now everyone’s freedom is supported, and we get true competition in a non-monopolistic market. May the best service provider win! It’s a good thing you didn’t use one of those “permissive” licenses, because that would have resulted people’s freedoms being taken away.

This is not some far-fetched scenario, by the way. This is the actual, real-world business justification used by many companies — including my own company — for publishing software under copyleft licenses. I’m not saying that OccupyGPL’s scenario is not realistic. It’s also perfectly realistic. It’s just not a very good argument for the GPL being bad. Copyleft licenses have a complex range of effects; to cherry-pick one particular effect and use it as the basis for an unsupportably broad argument is poor logic and not even very convincing rhetoric.

In short, it doesn’t make sense to say that copyleft licenses are “more free” or “less free” as compared to permissive licenses. Both types of license are fully free; they just differ in other respects. Those differences are worth discussing, and which license you use will depend on what your goals are, but nominalism and cherry-picked scenarios are not a contribution to that discussion nor a help to people trying to choose a license.



Original text of OccupyGPL.org, for reference:

 

This is Google’s cache of http://www.occupygpl.org/. It is a snapshot of the page as it appeared on Feb 10, 2015 14:53:17 GMT. The current page could have changed in the meantime. Learn more
Tip: To quickly find your search term on this page, press Ctrl+F or ?-F (Mac) and use the find bar.

 

Occupy GPL! – The movement to encourage the usage of permissive open source licenses.




The movement to encourage the usage of permissive open source licenses.

The Manifesto

The GPL is not a free license. It restricts freedoms only to people it
deems to be morally acceptable. Often there are people who do not fall inside this morally
acceptable box, yet they do really have good intentions.

Lets assume that there is a company that wants to use your open source library and integrate
it into their proprietary program, they’re even willing to improve your library and release the
improvements to the public so that the whole community benefits.
Unfortunately, at the end of the day, the company needs to ship a product so it’d like to
keep their core closed source. The GPL outlaws this kind of interaction. Our good citizen,
a company wants to release their patches to your library back to the community and yet the
GPL is banning them from doing so! It’s not giving them freedom at all! Instead, the GPL
is a different set of restrictions. It may be that you personally find the set of restrictions
that the GPL offers more morally palatable than traditional closed source licenses, but it is
not a free license. It does not grant freedom, it grants different restrictions.

The GPL is not a free license. It does not grant freedom, it grants different restrictions.

The GPL is too restrictive for most projects. Instead it’s a good idea to use a
TRULY OSS license, a permissive license. Doing so will not make you
vulnerable to companies trying to magically make your code closed source, as you will
continue to distribute it.
There is a significant gain from having more people involved in your project.
Even if these people are companies who want to develop proprietary solutions. A company using
your technology will increase the value of the project. A LOT OF contributions
to open source technologies are from companies using these projects. If you however restrict them
from using your open source project, they might develop their own one which may be open source
(Congratz! You just got another competitor!) or proprietary. Neither you nor the company do really
benefit from this situation. You do want more people using your technology! And they do want to use
and work on an existing project to save a lot of development time and possibly creating a new industry
standard.

Join the Fight!

Here are a few ways on how you can encourage the usage of permissive licenses.

Spread the Word!

Let people know about this site:

Prefer projects using a permissive license!

Use more projects which are licensed under a permissive license, e.g. Clang, node.js or jQuery.

(Re-)License your projects using a permissive license!

License your projects using a permissive license like the MIT, BSD or Apache2 license.
If you have existing non-permissive projects think about relicensing them. Please be aware that the other
contributors also need to agree to the relicensing.

Let library developers know that you want to use it under permissive terms.

You want to use a library but you don’t like the license? Try to open an issue and contact a maintainer
about a possible license change. Discussion is healthy!

Help new open source developer understand that the GPL isn’t the right license for everything

A lot of young open source developers license everything with GPL terms without even knowing
possible consequences. The popularity of GPL projects like Linux made the GPL to be a somewhat
standard choice. This isn’t good! A lot of open source projects would benefit more from a
permissive license. Create awareness, be awesome!

Permissive Licenses

Some popular Permissive licenses.

MIT License

A permissive license that is short and to the point. It lets
people do anything with your code with proper attribution and without
warranty.
License | TLDR; Legal

BSD 2-Clause License

A permissive license lets people do anything with your code with proper attribution and without warranty.
License | TLDR; Legal

BSD 3-Clause License

A permissive license lets people do anything with your code
with proper attribution and without warranty. With a Trademark clause.
License | TLDR; Legal

ISC License

The ISC license is functionally equivalent to the BSD
2-Clause and MIT licenses, removing some language that is no longer
necessary.
License | TLDR; Legal

Apache v2

A permissive license that also provides an express grant of patent rights from contributors to users.
License | TLDR; Legal

Frequently Asked Questions

Q: I don’t want others to close my code!

A: They can’t, your code still is open source. What did they close then? THEIR work
which just happens to be based on your open source code. If you don’t like this, then your
existing license may be a good fit after all.

Q: What is if they write a wrapper around my lib and sell it for $10.000?

A: Yes that could happen but it’s also a rather unlikely scenario. If all they’ve done
is a thin wrapper then you or someone else in the open source community is also capable
of making such a thin wrapper in no time. Then all you need do is undercut them
by $10.000 and a good chunk of freedom.

The more likely scenario is that a company takes your code and produces a large amount
of other code that just happens to use your lib at its core. The said company will sell
their code and their extensions for a large sum of money and they are perfectly entitled
to do so. It’s after all THEIR code.

Even this scenario is beneficial to you. Said company will likely find bugs and fix them.

Q: Open source projects can’t live without the restrictions the GPL offers!

A: Thats not true! Several of our most beloved open source projects are using permissive
licenses: Clang, LLVM, node.js, jquery.

Q: Whats with the name? “Occupy GPL” do you want to destroy the GPL? And all GPL projects?

A: No. Yes it may sound like this, especially thanks to the old really misleading
subtitle. We’ve choosen that name because it’s very aggressive and generates a lot of
attention. We think that the GPL isn’t a good license and it shouldn’t be used as much
as it is today in open source software. Thats an opinion. There is lots of cool software
licensed under the GPL which we’re using every day: Linux, Git, Blender and a lot more.
Kudos to all those awesome folks!

Q: You clearly have no idea what free software is about.

A: Maybe, but I’m more interested in open source software anyway (The FSF makes a distinction here).
I’m also not interested in politics. Just technology and how to improve it.
A nice quote from Linus Torvalds:

“That’s the point of open source – the ability to make the code better for your
particular needs, whoever the ‘your’ in question happens to be.”

Q: What about the LGPL? It seems to fit your problem.

A: Yes the LGPL is (in our humble opinion) a huge improvement over the GPL and somewhat
solves a lot of the problems I’ve mentioned. But it’s also way more complicated to use
then a permissive license and you still have the risk of doing copyright infringement
just by using the project the wrong way.

Q: Isn’t this a bit too aggressive? This site and all? GPL is cool, please don’t hate it

A: Yes, it’s aggressive but that was intentional :), we think that there is a problem
which needs to be tackled, for which one needs attention. If you’re hapy with everything
as it is, cool! Have a nice day!
If you however see a problem in

posts like this
you’re probably at the right place!

Q: What is the purpose of this site?

A: To encourage the usage of permissive open source licenses and create awareness that
the GPL isn’t the right license for every open source project.

Q: I HATE YOU, I HATE THIS, I’LL NOW MAKE MY OWN OCCUPY PERMISSIVE LICENSES SITE!

A: Cool. Feel free to fork this
page
. You can even relicense it under GPL terms if you want to. It’s MIT licensed after all.

We ? open source. Want to help with translation or fix a typo? Fork this website on Github! or contact us @OccupyGPL

Noel Taylor: A Scholar and a Gentleman.

January 15th, 2015

I gave my friend Noel Taylor (yes, the noted William Howard Taft scholar) a book as a New Year’s gift.

This was his response.

When you first presented me with “President Taft Is Stuck in the Bath”

Taft In The Bath (cover)

by Mac Barnett, I delighted over what I assumed would be a scholarly and well researched work that would share new insights into the life of one of our most misunderstood presidents. Lamentably, having now read the book cover to cover several times (an enterprise of only two to three minutes’ time) I have come to the unfortunate conclusion that historically speaking, Barnett is on very shaky ground. Although he notes correctly that Taft was our nation’s 27th president and accurately reports the first names of Taft’s wife and some of his cabinet members, most of the book is taken up with a graphic (literally!) realization of what is nearly universally regarded as an apocryphal tale.

I suppose the title should have given the game away, but I admit I expected more from Mr. Barnett, whose previous works such as “Billy Twitters and His Blue Whale Problem”

Billy Twitters And His Blue Whale Problem (cover)

seem substantially more grounded in fact than this latest work. As it stands, this purported history of a widely discredited story comes across at best as a children’s fairy tale, and at worst as a character assassination of the lowest order.

The real kicker though, is that despite all of these obvious shortcomings, Mr. Barnett has once again, and at the eleventh hour, managed to spirit away from me that recognition which I have chased in futility for over 20 years now. Namely, with “President Taft Is Stuck in the Bath”, Mr. Barnett has won the Bancroft Prize!

So I ask, just who the hell do I have to blow to get a Bancroft Prize in American History?

Rants.org is grateful to Prof. Taylor for permission to reprint his review here.

New York State Senate bill offers tax credit for open source development expenses.

January 8th, 2015

An interesting bill was just introduced in the New York State Senate: open.nysenate.gov/legislation/bill/S161-2015

AN ACT to amend the tax law, in relation to providing a tax credit to individuals for up to two hundred dollars of expenses related to the development and posting of an open source or free license program …

It’s good that it specifically cites the Open Source Initiative and the Free Software Foundation as arbiters of what constitutes an “open source or free license program”. Here’s the full text:

STATE OF NEW YORK

________________________________________________________________________

161

2015-2016

Regular Sessions

IN SENATE

(PREFILED)

January 7, 2015

___________

Introduced  by Sen. SQUADRON -- read twice and ordered printed, and when
  printed to be committed to the Committee on Investigations and Govern-
  ment Operations

AN ACT to amend the tax law, in relation to providing a  tax  credit  to
  individuals  for  up to two hundred dollars of expenses related to the
  development and posting of an open source or free license program

  THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND  ASSEM-
BLY, DO ENACT AS FOLLOWS:

  Section  1.    Section  606  of the tax law is amended by adding a new
subsection (ccc) to read as follows:

  (CCC) OPEN SOURCE OR FREE LICENSE CREDIT.  (1)  A  TAXPAYER  SHALL  BE
ALLOWED A CREDIT, TO BE COMPUTED AS PROVIDED IN THIS SUBSECTION, AGAINST
THE  TAX  IMPOSED  PURSUANT TO SECTION SIX HUNDRED ONE OF THIS PART. THE
AMOUNT OF  CREDIT  SHALL  EQUAL  UP  TO  TWENTY  PERCENT  OF  THE  TOTAL
OUT-OF-POCKET  EXPENSES  OF  THE  TAXPAYER  USED IN THE DEVELOPMENT OF A
PROGRAM THAT IS PROVIDED TO THE PUBLIC UNDER  AN  OPEN  SOURCE  OR  FREE
SOFTWARE LICENSE, UP TO A MAXIMUM OF TWO HUNDRED DOLLARS.

  (2)  FOR  THE PURPOSES OF THIS SUBSECTION, A PROGRAM SHALL QUALIFY FOR
THE CREDIT PROVIDED BY THIS SUBSECTION IF THE CODE FOR SUCH PROGRAM  HAS
BEEN RELEASED UNDER AN OPEN SOURCE LICENSE RECOGNIZED BY THE OPEN SOURCE
INITIATIVE,  OR  HAS  BEEN RELEASED UNDER A FREE SOFTWARE LICENSE RECOG-
NIZED BY THE FREE SOFTWARE FOUNDATION.

  (3) THIS SUBSECTION SHALL APPLY TO ANY INDIVIDUAL FOR ANY TAXABLE YEAR
ONLY IF SUCH INDIVIDUAL ELECTS TO HAVE THIS SECTION APPLY FOR SUCH TAXA-
BLE YEAR. AN ELECTION TO HAVE THIS SECTION APPLY MAY NOT BE MADE FOR ANY
TAXABLE YEAR IF SUCH ELECTION IS IN EFFECT WITH RESPECT TO SUCH INDIVID-
UAL FOR ANY OTHER TAXABLE YEAR AND PERTAINING TO THE SAME PROGRAM OR ANY
PORTION THEREOF.

  (4) IN NO EVENT SHALL THE  AMOUNT  OF  THE  CREDIT  PROVIDED  BY  THIS
SUBSECTION  EXCEED  THE TAXPAYER'S TAX FOR THE TAXABLE YEAR. HOWEVER, IF
THE AMOUNT OF CREDIT OTHERWISE ALLOWABLE PURSUANT TO THIS SUBSECTION FOR
ANY TAXABLE YEAR RESULTS IN SUCH EXCESS AMOUNT, ANY AMOUNT OF CREDIT NOT
DEDUCTIBLE IN SUCH TAXABLE YEAR MAY BE CARRIED  OVER  TO  THE  FOLLOWING
YEAR  OR YEARS AND MAY BE DEDUCTED FROM THE TAXPAYER'S TAX FOR SUCH YEAR
OR YEARS.

  S 2. This act shall take effect immediately and shall apply to taxable
years beginning on and after the first of January  next  succeeding  the
date on which it shall have become a law.

(I didn’t know New York did this stuff in ALL CAPS — I guess that makes it official!)

How hard is open source winning? This hard…

December 5th, 2014

How hard is open source winning? So hard that apparently it can be taken for granted now in contexts where formerly it would have gotten explicit mention.

A moment ago I happened to read this article at TechCrunch: CoreOS Calls Docker “Fundamentally Flawed,” Launches Its Own Container Runtime.

Now, I don’t know anything about the technical merits of the issue here — is Docker the greatest thing since sliced bread? Maybe; beats me. Or is CoreOS justified in saying that Docker has lost its way and that’s why CoreOS needed to launch their back-to-basics replacement project “Rocket”? Could be­! Who knows? You’d have to be pretty deep in to have an informed opinion here.

But what is remarkable is that at no point did the article’s author, Frederic Lardinois, feel it necessary to mention that Rocket is open source. He just took it for granted that you would take it for granted. Obviously, it would be insane for someone to try to replace Docker with anything that wasn’t open source. But in the past, it might not be obvious that this would be obvious. Now it is. Lardinois doesn’t have to say that Rocket is open source any more than he has to say that Rocket is software, or that it can run on the Linux kernel, because any reader would so expect it to be open source as to find explicit mention of that more distracting than informative. The very last thing in the article is a link to Rocket’s source code on GitHub, but Lardinois never actually bothers to say that it’s open source, because he doesn’t have to.

That’s winning pretty hard. When open source has faded into being a background assumption, then it’s no longer just technical infrastructure, it’s cultural infrastructure.

Fix for WordPress 4.1 front page “Not Found” error (from Stealth Publish plugin).

November 12th, 2014

This is a public service announcement for anyone else who runs WordPress straight from SVN trunk and found their site broken after upgrading recently (probably after svn update took their site across the WordPress 4.1 boundary), such that instead of showing recent posts on the front page, you would see only this message:

Not Found.

Sorry, but you are looking for something that isn’t here.

Meanwhile, in your site’s Apache HTTPD error log, you’d see something like this:

  [Wed Nov 12 10:11:43 2014] [error] [client 74.92.190.113]              \
  WordPress database error You have an error in your SQL syntax;         \
  check the manual that corresponds to your MySQL server version         \
  for the right syntax to use near 'EXISTS '' ) \n                       \
  OR \n ( mt1.meta_key = '_stealth-publish' AND CAST(mt1.meta_value' at  \
  line 2 for query SELECT SQL_CALC_FOUND_ROWS  wp_posts.ID FROM wp_posts \
  LEFT JOIN wp_postmeta ON (wp_posts.ID = wp_postmeta.post_id            \
  AND wp_postmeta.meta_key = '_stealth-publish' )  LEFT JOIN wp_postmeta \
  AS mt1 ON ( wp_posts.ID = mt1.post_id ) WHERE 1=1                      \
  AND wp_posts.post_type = 'post' AND (wp_posts.post_status = 'publish'  \
  OR wp_posts.post_status = 'private') AND ( \n  ( wp_postmeta.post_id   \
  IS NULL AND CAST(wp_postmeta.meta_value AS CHAR) NOT EXISTS '' ) \n    \
  OR \n  ( mt1.meta_key = '_stealth-publish'                             \
  AND CAST(mt1.meta_value AS CHAR) != '1' )\n) GROUP BY wp_posts.ID      \
  ORDER BY wp_posts.post_date DESC LIMIT 0, 10 made by                   \
  require('wp-blog-header.php'), wp,                                     \
  WP->main, WP->query_posts, WP_Query->query, WP_Query->get_posts,       \
  referer: http://www.rants.org/wp-admin/customize.php?theme=kisk

The problem turned out to be an obsolete workaround in the stealth-publish plugin. This patch, which removes one line of code, fixed it for me:

  --- wp-content/plugins/stealth-publish/stealth-publish.php
  +++ wp-content/plugins/stealth-publish/stealth-publish.php
  @@ -154,7 +154,6 @@
                                          'relation' => 'OR',
                                          array(
                                                  'key'     => '_stealth-publish',
  -                                               'value'   => '', // This is needed to work around core bug #23268
                                                  'compare' => 'NOT EXISTS',
                                          ),
                                          array(

I haven’t analyzed this in depth, but here’s what I think is going on:

The workaround implemented by that line (that is, setting ‘value’ explicitly albeit only to the empty string, in order to get the right SQL result) is what’s recommended by WordPress bug #23268. However, that bug was fixed in changeset 27689, which (confusingly to those of us not accustomed to development involving multiple SVN trees, yikes) made it to http://core.svn.wordpress.org/trunk in r27528:

  ------------------------------------------------------------------------
  r27528 | wonderboymusic | 2014-03-24 14:57:15 -0500 (Mon, 24 Mar 2014) | 10 lines
  Changed paths:
     M /trunk/wp-includes/meta.php
  
  When using `meta_query` in a `WP_Query`, passing `NOT EXISTS` or `''`
  to `compare` should not require `value` to be set. The resulting SQL
  should then produce the appropriate `OR` clause for existence of
  non-existence after passing the query to the `$key_only_queries` stack
  internally.
  
  Adds unit tests.
  
  Props chrisguitarguy, for the original patch.
  Fixes #23268.
  
  
  Built from https://develop.svn.wordpress.org/trunk@27689
  
  ------------------------------------------------------------------------

Okay, so the bug was fixed in WordPress core, and when I updated, I got the fix.

Unfortunately, the stealth-publish plugin hasn’t gotten the memo yet. That plugin’s latest version is 2.4, and hasn’t been updated since January 2014 — a couple of months before the relevant WP core bugfix. And the workaround in the code is now not only unnecessary, but actually causes an SQL syntax error — which is probably reasonable, since passing a value doesn’t really make sense in a NOT EXISTS test. It’s just that anyone who was using the workaround needs to stop doing so immediately.

I hope that stealth-plugin is still being maintained by its author. It’s hard to tell right now because the stealth-publish home page is currently down for maintenance:

Temporarily down for maintenance. Check back later.

So I’m publishing the patch here, to save other people time.

Disabling the GNOME Workspace Switcher Popup (in GNOME 3.14 on Debian GNU/Linux).

October 11th, 2014

This post is a public service announcement for all those using GNOME 3.14 or higher (in my case on Debian GNU/Linux, although that detail probably doesn’t matter here).

I wanted to get rid of the workspace switcher popup. That’s the thing that looks like this and displays briefly whenever you switch workspaces:

GNOME workspace switcher popup

I do not know what that thing is for. It serves no purpose that I can see. When I go from one workspace to another, I am interested in the destination. Whether I moved conceptually “up” or “down” from another workspace to get there is utterly irrelevant — the popup is just visual noise on my screen, getting between me and wherever I was going. (And by the way, they’re not “up” and “down” in my mind anyway; they’re “left” and “right”. We’ll never understand each other, GNOME. We’re too different.)

A long time ago I disabled that popup, using Windsor Schmidt’s handy Disable Workspace Switcher Popup extension. I just put it into ~/.local/share/gnome-shell/extensions/disable-workspace-switcher-popup@github.com/, launched gnome-tweak-tool, went to the Extensions tab, enabled the new extension, restarted GNOME, built my own backhoe, and voilà, the workspace switcher popup stopped appearing. Or maybe it was the other order? I don’t know. It seems like an awfully complicated procedure, in retrospect, but anyway it worked.

Then recently, after I upgraded to GNOME 3.14, it stopped working — that is, the workspace switcher popup came back.

Here’s what I had to do to suppress it again:

Add “3.14” to the list of supported shell versions in ~/.local/share/gnome-shell/extensions/disable-workspace-switcher-popup@github.com/metadata.json. In other words, I edited this line, adding the “3.13” and “3.14” on the end:

"shell-version": ["3.0", "3.0.1", "3.0.2", "3.2", "3.6", "3.8", "3.10", "3.12", "3.13", "3.14"],

Then restart GNOME, run gnome-tweak-tool, etc.

Looks like I’m not the only person to have run into this problem. Oskari Saarenmaa opened pull request #6 for this — which I didn’t even see before I created basically the same patch in pull request #7, but my patch supports GNOME 3.13 as well, for whatever that’s worth. (Was GNOME 3.13 ever released? I don’t even know, but if it was, my PR will support it. Yay.)

Why this stuff (along with similar things like disabling window animations when switching workspaces) isn’t tweakable via mouse clicks starting from Settings, I don’t understand. I guess you can launch dconf-editor and gnome-tweak-tool, if you’re the kind of person who knows about such things, but GNOME users shouldn’t have to be the kind of person who knows about such things.

Anyway, here endeth the public service announcement. This is how you can disable the workspace switcher popup in GNOME 3.14. Got that, search engine indexes? Good.