This is a full theatrical run, with 7-8 screenings a day. The filmmaker, Nina Paley (who is now Artist-in-Residence at QuestionCopyright.org), will be doing Q&A after the 8:25pm show most nights. On Monday, Dec. 28th, I’ll join her to take questions about the film’s free distribution model and the free culture movement.
Tickets are available online. Here’s a show schedule (click on the time to purchase tickets for that show):
Sometimes I have to trade information with people I’ve never met. I know who they are, in the sense that I know what they’re working on, why we’re collaborating, etc. But I wouldn’t recognize their face or voice. Occasionally, the information we’re trading is sensitive — news of a software security vulnerability, for example, or the address of a mutual collaborator who cares about privacy.
How can you know that the person you’re talking to is the person you think they are? You can send them encrypted messages, but you still need to verify that you’re using the right encryption key. So you call them up or find them in an online chat room and verify the key fingerprint… but how do you know that the person you’re verifying with is the right person and not some man-in-the-middle attacker?
It may all sound a bit spy-vs-spy, but anyone who works on widely-used open source software can find themselves in this situation. It’s happened to me more than once.
The solution I use is something I call the Instant Answer Protocol:
Alice wants to verify that the person she’s talking to in real-time is Bob. She digs up a few random facts about Bob on the Internet, or by talking to someone they both know, then phones or chats online with Bob and asks him about those facts. In the absence of a very dedicated impersonator, only Bob would be able to instantaneously answer unexpected questions about himself, so his identity would then be established to a high degree of certainty. After that, she can voice-verify Bob’s encryption key fingerprint or do whatever else she needs to do.
Such a check still wouldn’t protect against a determined and well-funded imposter… but then, how can you even be sure it’s you reading this?
I’ve used the protocol several times. I’ve never caught my interlocutor trying to fake someone else’s identity, but it gave me peace of mind anyway.
Obviously, this is a very old protocol. It predates the Internet, and probably literacy itself. Does anyone know if this protocol already has a name in cryptography circles?
The Subversion project has applied to become part of the Apache Software Foundation — an application we all expect to suceed swimmingly, given that Subversion has been operating more or less along ASF guidelines for years anyway, and includes a number of ASF members and officers among its developers.
The move isn’t that much of a change, actually. The web pages and repository hosting may move over to the ASF, but the developers are still the same, as is the participation of Subversion’s long-time primary corporate sponsor, CollabNet.
The main effect of the move will be to free up some developer time that had gone to maintaining the separate non-profit Subversion Corporation. It just makes more sense to handle Subversion’s non-profit needs as part of an established entity that’s already been doing it for ten years. You can go nuts trying to deal with all the tax and legal stuff… why not let the ASF handle it? 🙂
I have to admit to a vaguely warm and fuzzy feeling about it: the ASF is a place for mature projects that intend to be around for a long time, independently of what any individual developer does. Their policies are aimed at ensuring the long-term health of the development communities, and they have a lot of practice at working with corporate sponsors of development already. Ben Collins-Sussman put it better than I could: “Collabnet has always been the main supplier of ‘human capital’ for the project in terms of full-time programmers writing code, and that’s not going to change as far as I can see. Collabnet deserves huge kudos for the massive financial investment (and risk) in funding this project for nearly 10 years, and it seems clear they’re going to continue to be the ‘center’ of project direction and corporate support for years to come. And this pattern isn’t uncommon either: the Apache HTTPD Server itself is mostly made up of committers working on behalf of interested corporations.”
I haven’t made any commits to Subversion in a long time — too long, but I’ve got a busy new job and a non-profit on the side, so my time is mostly spoken for lately. Although I still read the Subversion mailing lists and occasionally chime in with (increasingly uninformed) opinions, more and more I’m becoming just a regular user. Subversion has had several releases since I stopped doing development work on it; I’ve upgraded each time and it’s just been rock solid, a pleasant experience all around. Exactly the way version control should be.
You can read more at QuestionCopyright.org about how Nina was almost unable to release the film because of copyright restrictions on 80-year-old songs, which she eventually had to pay off at a total expense of more than $50,000.00 US. She took out a loan to do it, and she’s still paying that back. Whenever Congress extends copyright durations, especially retroactively, this is what it means for working artists. Three cheers for state-granted monopolies on culture.
After fourteen years, my car has finally given up the ghost:
I know it’s an inanimate object, but I still feel sad. 14 years is a long time. It was my first car, and hugely important to me both economically and emotionally (my parents bought it for me as a gift when I was 24 — thank you, mom and dad!). It enabled me to live independently when I was roaming the Midwest, first working at the University of Illinois in Champaign-Urbana, then later in Indiana starting Cyclic Software with Jim Blandy. When I lived for a year in China, Jim leased it and took excellent care of it (even saving all the service receipts; years later I inundated an extended-warranty insurance company’s fax machine with all our receipts, until the guy on the other end literally called back laughing and begging me to please stop, saying that he gave up and that the insurance company would pay for the new repairs). It was with me for nine years in Chicago, handling the winters just fine. In its last three years it drove across the country a few times, and for a brief period was my only home (that’s a long story; I won’t go into it here, but suffice it to say that a car like that you don’t junk lightly).
The above photograph is the last one I took of it, at the auto repair shop in Maspeth, Queens. They’ll tow it to its final resting place. But my favorite photograph of it is actually from a trip I wasn’t on. Micah and Stew took it up to Vermont last winter, and in this shot (of Stew pouring salt with help from Iggy) you can see it in its natural habitat:
We’re brainstorming a grant application over at QuestionCopyright.org — lend a hand if you can. Here’s the paragraph from the foundation’s page that made me sit up and take notice (emphasis added):
“Grants are also made to support efforts to strengthen areas that directly affect the context in which artists work. In 2006 the Foundation formally designated one of its grants The Wynn Kramarsky Freedom of Artistic Expression Award to recognize the work of organizations with a deep-seated commitment to preserving and defending the First Amendment rights of artists. Named in honor of the Foundation’s former Board Chair, the grant rewards outstanding advocacy, legal, and curatorial efforts on behalf of those whose rights to free expression have been challenged…”
I recently received this email (paraphrased), and didn’t have a good answer:
I work in the federal government, writing documents that are sometimes published in the Federal Register. I saw in the New York Times a reference citing you as someone who would like to see the government use version control software.
Keeping track of the changes in my work is important. Currently, we use the “Track Changes” feature In Microsoft Word. But before working here, I worked in open source software projects, where we used CVS to track our changes. I thought it would be easy to use the same methods in government work, but I haven’t found software that does what CVS does except for Microsoft Word documents. Do you have any information about what software would be needed to track changes in Word?
John Joseph Bachir and I did an interview about version control systems and open source development, way back in September of 2007. It was a great conversation, because he’s very technical but also interested in the social aspects of coding. Anyway, then all sorts of stuff happened, in both our lives, and the interview didn’t get online until now. But here it is. Hope you like it. Comments at JJB’s blog, please — he transcribed it, he ought to at least get the comments!