2012

Got my copy of Coding Freedom: The Ethics and Aesthetics of Hacking by Prof. Gabriella Coleman:

Coding Freedom cover

If you’re a hacker in the free software world, or just interested in that world, you’ll probably like this book as much as I did. Biella Coleman is an anthropologist who did fieldwork in the Debian Project and studied the politics, ethics, and culture of the free software world. In other words, she analyzed us. Who can tell a fish about water? Apparently, an anthropologist can, because the results are enlightening and thought-provoking — as well as just plain enjoyable to read.

Update 2012-12-31: There’s an excellent and thorough review by David Banks up now. He’s obviously very familiar with the academic landscape Coleman works in, and the impact her book should have there, but both the book and that review are accessible to non-academic readers (I am one) as well.

Update 2014-01-06: Concurring Opinions held an online symposium on “Coding Freedom” in the Fall of last year, with posts from Prof. Coleman, Nabiha Syed, Amy Kapczynski, Julie Cohen, Ed Felten, Laura DeNardis, Danielle Citron, James Grimmelmann, Nicklas Lundblad, Steven Bellovin, Frank Pasquale, and myself. Check it out!

You can get the book from Princeton University Press.

Something I’ll be at when I’m in New York City on the 3rd Monday of a month:

OpenITP NYC Techno-Activism 3rd Mondays

From the description at OpenITP:

Join us on December 17 to kick-off our first Techno-Activism Third Mondays! Connect with techno-activists and hacktivists in the New York area, and individuals interested in anti-censorship and anti-surveillance tech. Additionally, yummy goodies and drinks will be served, and internet will be provided for those who want to hack projects. Register Now!

Where: 199 Lafayette Street, 3B, New York, NY, 10021

That’s this coming Monday, folks!

I’m about to launch a Kickstarter campaign, which means I need to complete the Amazon Payments online tax interview process (since Amazon is the only payment mechanism for Kickstarter), but I can’t because Amazon repeatedly gives me an extremely unhelpful error message early in the tax interview.

Here’s the screen video. First you see the problem happening in Firefox, then I switch over to Chromium and show it happening there too, then back to Firefox just to confirm. Note that Chromium says the interview process is only “10%” complete, whereas Firefox has it at “20%”. This is because earlier in Firefox I had finally made it past this error on an earlier step, and am now stuck at 20%; in Chromium, I couldn’t even get past that first step. Update: I later reproduced the problem repeatedly with Internet Explorer on Windows, at a nearby Kinkos, though that’s not captured in this video.

The error just says:

There was an error. You may retry by closing this box or abandon the interview to try again later.
[Abandon Interview]     [Close]

That’s it. Pretty informative, eh?

Anyone seen this problem before? I guess my next step is to go to a Kinkos and rent time on a Windows machine; a pity, but I’ve got to get this done, and reimplementing Kickstarter is (pardon the expression) a nonstarter. I realize it greatly simplifies their business to just offer one payment mechanism, but this is far from the first report of problems with Amazon Payments; I hope Kickstarter decides to diversify their payment mechanisms someday.

Update: The problem happened on the Windows machine at Kinkos too, in both Internet Explorer and Firefox. I eventually found a workaround: I kept hitting “Abandon Interview”, then restarting from the beginning: it seemed to let me go one more step each time, though I had to do a lot of abandoning and restarting to finish the process. Urgk.

Notes: on my own machine, the software details are: Firefox / Iceweasel 10.0.10 running on Debian GNU/Linux; Chromium version 22.0.1229.94 Debian wheezy/sid (161065). I didn’t get the details from the Windows machine at Kinkos.

I’ve been traveling and spending a lot of time in cafés, hotels, etc, recently. So I’m on a lot of different wireless networks, most of which are open to the public though they are sometimes password-protected (with the password physically posted in the vicinity of the network).

This also happened to be around the time the Open Wireless Movement had their public launch. So I got to thinking…

What if every time I signed on to a new network, the dialog box asked me if I wanted to upload to a global database the network name, password (if any), lat/long location, and any other information it can glean automatically?

example dialog box, with option unchecked

One would just use one’s judgement about when to send the information upstream to the database. I think there’s no problem relying on judgement here: after all, these are already public networks that accept strangers — when there’s a password at all, anyone who has it (e.g., anyone in or near a certain cafe) can already share the password with whomever they choose. The only people who can take advantage of it are those in the area anyway. If your judgement says it’s okay to share the information, then you just check the box (which starts out unchecked by default, because this should always be a positive decision by the user):

example dialog box, with option checked

Then, of course, when a device is searching for a wireless network to join, it would consult the same global database (copies of which would be synced automatically to the local machine from time to time).

The upload option could prompt the user to offer an optional “notes” field, for example to include the location’s name, physical address, access policy, whatever. Well, there are lots of possible tweaks, but you get the general idea.

Is anyone already doing this?

After extensive interviews with all the candidates, and careful consideration of their proposals, policies, and vaccination histories, Rants.org endorses

President Barack Obama

Barack Delano Obama

for President of the United States.

U.S. readers, please vote today.

Today’s New York Times has a perfect example of why journalists need to evaluate what people tell them, and why objectivity can’t mean simply repeating the claims of every party large enough to get a reporter’s attention:

In the battles, Republicans are mobilizing to defend against what they say is the potential for voter fraud, and Democrats are preparing to protect against what they say are efforts to suppress voting rights.

The only way for that paragraph to be quality journalism is if it is followed immediately by an explanation of the fact — yes, fact, because that’s what it is — that there is no voter fraud problem, that the absence of a voter fraud problem is well-documented and known to anyone who takes even a mild interest in the matter, and that Republican efforts to “solve” this non-existent problem can therefore only be explained by some other motivation. It seems obvious that that motivation must be a desire to suppress turnout, since the demographics most affected by needless voter ID laws tend to vote Democratic, but hey, if you’d rather offer that as one hypothesis and let the readers draw their own conclusion, that’s fine. What’s not fine is to simply report both claims as though they’re equal on their merits and then provide no factual investigation. Why bother informing readers if you’re not going to inform readers?

(Voter registration fraud is fairly common, but is completely different from voter fraud. It has no effect on election integrity — it’s a fraud on the organization(s) conducting the registration drives, not on the electorate.)

Unfortunately, the NYT did not include these easily-verifiable facts (which are even admitted by Republicans who aren’t playing along) anywhere in the article. To read it, you’d think both sides are lawyering up because each side is likely to be guilty of some nefarious attempt to steal the election. The truth is that only one side is likely to be guilty of that. That side needs its lawyers in order to perpetrate the attempt, and the other side needs its lawyers in order to defend against it.

My side is the one defending democracy. I wish both were, but if only one side is, then that’s my side. Everything else is a distraction, when you have one side actively trying to prevent the other from voting. If you’re a U.S. citizen, I hope you’ll join us, and vote for Barack Obama and for Democrats in every national race for which you are a constituent.

The birtherism idiocy was bad enough; the refusal of most Republican elected officials to outright dismiss it when the subject comes up is unconscionable. And now attempts to commit election fraud (by preventing qualified voters from voting) in the false name of preventing voter fraud? This used to be a respectable political party; maybe someday it will be again, but the signs aren’t too promising of late :-(.

I just ran into a (retrospectively) hilarious but subtle user interface #fail.

This is the Dokuwiki administrative panel for adding or editing a user account. Can you spot the potential problem here?

User add/edit form, with Real Name field immediately following single Password field.

You might not see it right away, perhaps because you’re used to sites using a dynamic popup window for password confirmation.

Password confirmation is where you enter the new password, and are then asked to repeat it in a separate field, typically immediately following the first password field, to make sure that there are no typos (because after all, if the password isn’t what you thought it was, you might have a hard time logging in to fix it). Sometimes the confirmation field is right there in the form, and sometimes it pops up only after you finish entering data in the first password field.

But this interface doesn’t do a confirmation field at all. That makes sense, if looked at purely logically: I was logged in as the admin user, using the form to create a new kfogel account for myself. Since the password I’m entering is for kfogel, not admin, there’s no danger that I won’t be able to log back in and fix it if I get it wrong — I’d just log in as admin again, whose password is not being changed here.

The problem is expectations. With very other piece of software where I go through this routine, I have to enter the password twice (original plus confirmation). Reflexively, I did so here too. I know, it says “Real Name” next to the field, but, as with most users, what’s in front of my eyes is no match for what’s behind them. So I blithely entered the password into the second field too, thinking it was the password confirmation.

The result:

Resultant user list, showing my password in the clear.

Oops :-).

While I was doing this, I was chatting in IRC with another admin of the same wiki. He was creating his own non-admin user account at the same time I was. After I made the above mistake, I told him about it in IRC — and while I was telling him about it, he was busy making the same mistake:

kfogel, I just pasted my password in the real name field too! What a blooper

At this point, I think that qualifies as a user interface bug, not a user bug!

The fix is easy: on or before submission, have the form notice if the Password and Real Name fields contain the same value, and ask the user if they really meant that. Filed as DokuWiki bug #2654.

Can I write this entire blog post while I’m on hold with a manager-level service representative at Clearwire? Let’s see…

I just got a Clearspot 4G wireless hotspot device. Clear’s Terms of Service includes this bit in section 13(c):

YOU MAY CHOOSE TO PURSUE YOUR CLAIM IN COURT AND NOT BY ARBITRATION if: (i) your claim qualifies for small claims court in a location where jurisdiction and venue over you and Clearwire is proper, in which case you may initiate proceedings in small claims court; or (ii) YOU OPT OUT OF THESE ARBITRATION PROCEDURES WITHIN THIRTY (30) DAYS FROM THE DATE YOU FIRST ACTIVATE ANY SERVICE WITH CLEARWIRE (THE “OPT-OUT DEADLINE”). You may opt out by calling Clearwire’s customer service department, at (888) 888-3113, before the Opt-Out Deadline.

Arbitration is well-known to favor the corporation (I learned that from talking to professional arbitrators), so naturally I wanted to opt out. I called the number they gave me to do so.

I’m now 45 minutes into this call, and no one I talk to understands anything I’m asking nor is able to read & comprehend their own Terms of Service. The first person I talked to started out thinking I was initiating a dispute (“No, the service has been fine, I have no dispute, that’s not what I’m calling about…”). The rep I’m talking to now is trying to convince me that the clause just means that I can go to arbitration any time (“No, the whole point is that I don’t ever want arbitration”), Oh, okay, sorry sir, it just mean that you can go to court if you don’t want arbitration (“Yes, but only if I have opted-out by the deadline, which is why I’m calling you now, and I’ll need some confirmation that I made this call”) Ah, in that case, just call us within 30 days of the dispute if you want to go to court rather than arbitration (“Uh, that’s not what the text there says at all, so I can’t accept that answer…”) Yes, sir, I think I understand now, you want [insert something I don’t want here].

By the end, the second person I talked to was finally able to understand — with much guidance from me, frequent holds while he went and talked to someone else, and constant reminders from me to please refer to the actual text of the terms of service and to not misread it as saying something much more customer-friendly than it actually says — and he promised me he’d escalate it to someone who would then call me back (!) and, eventually, send me an email with the confirmation I wanted.

I have little faith this will actually happen. But he also gave me a case number: #03686152 (yes, we finally finshed the call, most of the way through this blog post). So now I’m posting this as public evidence that I really did opt out of arbitration for any dispute that may arise in the future about my service with Clearwire.

Opt-outs and other customer-driven ToS changes are such a crock; it’s simply false advertising, and should be treated as such. These clauses are close to meaningless without a “maximum time spent” law putting a cap on the amount of effort a customer has to spend to invoke them. If the terms say “call (888) 888-3113 to opt out” when they should say “call (888) 888-3113 and spend an unpredictable amount of time on the phone fighting through our customer service thicket to opt out”, then the terms are simply deceptive. I have no doubt that Clearwire is perfectly aware of this; what motivation do they have to make this process efficient for the customer?

I’m tempted to invoice them for the call. Sheesh.

Update (1 hour later):

The same representative, Charles, called back. He confirmed that my understanding of that paragraph in the ToS is correct (nice to hear, though not a surprise, since the English was pretty unambiguous!). He also said that he’d escalated this internally — that they were now reviewing their procedures for handling this request, and were considering sending email confirmation in the future.

I said I was happy to hear that and asked if I could be the first customer to receive that email. He replied that he understood why I wanted that, but could not make that committment yet. He did say that he absolutely (“more than 100%”) guaranteed that Clear would keep an accurate record of this case and of the fact that I had requested to opt out of arbitration, and that I could rely on Clear being able to retrieve that fact just from the above case number. I actually believe him, and told him so, but said that I’d still like to be updated about the procedure review, and asked how long that process would take. He said he thought 3-5 business days, and promised that he would call me back to let me know. Well, last time he said that it turned out he meant it, so I have some faith this will actually happen.

Maybe instead of invoicing Clear, I should invoice every other Clear customer :-).

I know it’s a category mistake to feel human emotions toward a corporate entity, but I can’t help feeling sympathy for Google when I see articles like this (which come out all the time — this one just happens to be today’s example):

“A new patent could position Google as the world’s dominant identity platform”

But before I start ranting, let me fact check:

Does anyone know of any instance of Google pre-emptively filing a patent infringement claim or threatening the same? That is, not as a response to an incoming patent threat, but as a first-strike move intended to monopolize a market by blocking out competitors? Responses in comments, please.

If it’s happened, I haven’t heard about it. As far as I can tell, Google collects its enormous piles of patents simply as a defensive measure: if everyone around you is armed to the teeth (and some of them, like Apple and Oracle, actually use their weapons on a regular basis), then you don’t really have a choice about whether to arm yourself. The question is just how much budget and preparedness you’re going to devote to it, as opposed to conducting your actual business.

So when I see articles like the above, saying stuff like this…

Earlier this week Google was granted a US patent that could position the company as the world’s dominant identity platform with the potential to control hundreds of millions of personal identities. The implications – both beneficial and threatening – are significant.

Superficially, the concept behind the patent appears benign enough. The patented system has the ability to create different pseudonymous identities for users, meaning that users could decide who gets to see their real identity as opposed to a pseudonym, but with each identity secretly linked and thus carrying an equal degree of integrity. That means a person could establish a more flexible and trusted relationship with other users without disclosing a real world identity. …

…I wonder if I’m missing something, or if the author just hasn’t been watching the company’s actual behavior very closely.

Corporate culture matters. As far as I can tell, starting from the people at the top, Google is fundamentally uncomfortable with government-granted monopolies on technology and business methods. Maybe they just feel that using patents for supply manipulation is short-term thinking, or maybe they feel it’s wrong, but either way, I do not recall having seen Google use those monopolies to establish or maintain market dominance (again, corrections welcome). Their large patent portfolio seems to be held mainly for defenses against incoming patent threats… which is the case for many companies, and just demonstrates the insanity of the system.

Meanwhile, the rapacious climate encouraged by the companies that do use their patent portfolios aggressively causes everyone to be tainted with suspicion, leading to articles like the above.

Disclaimer: I worked at Google briefly in 2006, then left amicably to pursue other ambitions. I’m still on good terms with colleagues from that time, but I have no financial interest in the company.

Shared Learning Collaborative logo

Calling all Chicago (and midwest regional) education hackers:

The Shared Learning Collaborative is holding a two-day tutorial / tagathon / code-a-thon event in Chicago this coming weekend, September 8th and 9th. There will be introductory sessions explaining the SLC architecture and ecosystem, API intros, coding sprints starting from the sample code and working toward real applications, etc. If you haven’t heard of SLC, think of it as doing for K-12 education data what the nascent health IT movement is doing for health care data.

Illinois is one of the states in the pilot phase of the project, with integration starting in Bloomington in September and proceeding through the state over the next year or so. So if you have or know kids in public schools in Illinois, they’ll be using SLC software soon. SLC is opening sourcing their stuff, of course, and is explicitly aiming for a multi-developer, multi-vendor open source community (the education world needs more opportunities for technical creativity, not more lock-in). This code camp is the first of several they’ll be holding.

Attendance is free; just register on Eventbrite (or you can do it through the Facebook page). First 200 attendees get the free tee-shirt.

   Saturday, September 8:  9am  —        (Day 1 schedule)
   Sunday,   September 9:       — 6pm    (Day 2 schedule)
   (see session descriptions)

The location is exactly where you’d expect it to be — at the increasingly inescapable 1871 tech startup space:

   222 Merchandise Mart Plaza
   12th Floor
   Chicago, IL 60654
   USA

For teachers and parents:

  • Common Core State Standards
  • The Learning Registry
  • Meta-Tagging Educational Content

For coders:

  • Configuring a development environment for working with SLC
  • Internals of SLC Sample Code and APIs
  • Work sprints to get your Hello World completed
  • Getting started on your first application

See the full event description for more.

Disclaimer: I’ve done some consulting work for SLC. This blog post is not part of that work, however; I just wanted to get the word out. If I weren’t traveling on the dates of the code-a-thon, I’d be attending it myself.