[liberationtech] The Dangers of Users' Relying on Tech Leaders' Good Will
A great example as to why it's dangerous for users to rely on tech leaders' good will rather than build the right legal frameworks for startups that will take users' interests into account from the get go. Yosem http://www.readwriteweb.com/archives/craigslist-threatens-developers-and-locks-down-data-to-defend-its-decrepit-empire.php Craigslist Lurches to Defend its Decrepit Empirehttp://www.readwriteweb.com/archives/craigslist-threatens-developers-and-locks-down-data-to-defend-its-decrepit-empire.php TAYLOR HATMAKERhttp://www.readwriteweb.com/archives/author/taylor-hatmaker.php · YESTERDAY 5 Commentshttp://www.readwriteweb.com/archives/craigslist-threatens-developers-and-locks-down-data-to-defend-its-decrepit-empire.php#disqus_thread 6 inSharehttp://www.readwriteweb.com/archives/craigslist-threatens-developers-and-locks-down-data-to-defend-its-decrepit-empire.php?utm_source=ReadWriteWeb+Newslettersutm_medium=emailutm_campaign=0db3815dea-RWWDailyNewsletter Craigslist, often portrayed as sleeping giant among the Web's most trafficked sites, has stirred in recent weeks - and it isn't happy. Everyone's favorite place to hunt down an apartment or unload a musty sofa hasn't been left in the dust. Rather, it has set up camp there with a coterie of lawyers and a stubborn streak that punishes the users it claims to have at heart. First the online listings king began slinging legal threats at third-party developers building onto its data. Then it quietly slid out a job posting looking for UI developershttp://www.craigslist.org/about/craigslist_is_hiring. And now Craigslist hasradically redrafted its terms of usehttp://baligu.blogspot.com/2012/08/i-dont-remember-seeing-this-before-at.html, claiming exclusive rights to any content posted on the site. So what the heck is going on, exactly? First, a brief history lesson, made all the more brief by the fact that Craigslist has hardly changed over the past 17 years. Craig Newmark founded the online listings directory back in 1995. There you have it! Craigslist is the ninth most visited website in the United States, according to Web ranking site Alexa http://www.alexa.com/siteinfo/craigslist.org, and the only one in the top 10 with a load time classified as “very fast” (.537 seconds) thanks to its skeletal design. In a Web chock full of widgets, social buttons, popover ads, and other browser confetti, is it such a bad thing that Craigslist refuses to evolve? Padmapper's Craigslist Update Craigslist issued a cease-and-desist order to a small company called Padmapper http://www.readwriteweb.com/archives/padmapper.com in June. An MIT grad named Eric DeMenthon had hacked together a service in 2008 to make apartment hunting easier for himself and his friends. “A lot of times, we'd get to the bottom of a listing and see that it was in the wrong place, and we'd have to give up, he says. What became Padmapper was to help us sift through things by scooping up listings from Craigslist’s considerable database and draping them over Google Maps. I think [Craigslist] is really good for a lot of things. I think they made a lot of good decisions in terms of finding other stuff, when location is not the most important thing. By keeping it so simple, they've made it easy to make it extremely fast - it's one of the fastest sites on the Web, probably, DeMenthon says. It's just a trade-off. But for certain things like apartments, it's not so good.” Padmapper is how Craigslist housing listings *should* work. But as it stands, Craigslist's housing listings are just like its other painful-to-navigate sections: a bare wall of links with a general location in parentheses on the index page. if you’re lucky, the listings are accompanied by images, but you have to click through to see them. There's no Ajax or Javascript magic - this is the vestigial Web circa 1995. Padmapper effectively wrestles Craigslist into a time machine, adding the kind of UI features, like filters and bookmarking, that Web users have come to expect. In doing so, DeMenthon's service makes Craigslist practical for millions of users, who are driven back to Craigslist through Padmapper's geo-search interface. Padmapper Rises Again, Thanks to 3taps Padmapper is a high-profile target of Craigslist’s curmudgeonly ire, but it isn’t the first to suffer such a fatehttp://mashable.com/2007/06/08/listpic-craigslist/. Over the years, the creaky classified-ad elder has crushed a number of would-be innovatorshttp://bits.blogs.nytimes.com/2012/07/29/when-craigslist-blocks-innovations-disruptions/ hoping to improve on its interface or put its vast trove of data to better, more user-friendly use. Craigslist claims that its defensive action prevents third parties from putting a strain on its servers. After the cease-and-desist, in a June 22 blog post, DeMenthon announced that he would yank all Craigslist data from Padmapper - and effectively cripple his own service - until he could cook up a workaround. Then, on July 9, he
[liberationtech] What I've learned from Cryptocat
https://crypto.cat will soon stop being a web-based service, and will only exist as a browser extension. The question is, what should future web-app developers do if they need crypto? Rewrite all crypto primitives from scratch [and hope there's enough interest in reviewing the code], then let users install yet another extension? I believe there's a better solution. I've posted something about it. I hope some of you would find it interesting. http://thedod.noblogs.org/post/2012/08/04/what-ive-learned-from-cryptocat/ Cheers, The Dod ___ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click yes (once you click above) next to would you like to receive list mail batched in a daily digest? You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
[liberationtech] Libtech Wiki to put caveats for Dropbox Google docs?
Hi Libtech, Yosem asked me to work on text links for caveats about Dropbox and Google Docs to use for the Libtech email list guidelines. (The list has been talking about the list's use or non-use of attachments.) Is there a good, working Liberationtech wiki that'd make a good place to stash links and text about caveats for Dropbox and Google Docs? If anyone wants to help, email me either on- or off-list! We should work on one at a time, starting with Dropbox. Also, we should think about what service (if any...) might work well as a good, sufficiently secure alternative for Libtech email list attachments. I'm also curious what file-locker service should be recommended to groups such as small businesses. Mozy.com is one alternative that's been promoted lately. A small business could VPN into a server with an encrypted hard drive somewhere (with backups of that encrypted data!) -- the drives unmounting upon physical confiscation -- and though a skilled IT person could set that up, it's still beyond the range of most ordinary small businesses, I think. Thanks! Douglas ___ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click yes (once you click above) next to would you like to receive list mail batched in a daily digest? You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
[liberationtech] The Olympics and Social Movements
Dear Colleagues, The Olympics have often given activists the opportunity to use the international media attention to achieve the freedom of speech they lack in their own countries. As part of the Sound Ethnography Project organized by UCI anthropology graduate students, I recently contributed a piece about the tragic events of the 1968 Summer Olympics where a vibrant student movement was quashed just ten days before the opening ceremony. Every year on October 2nd, thousands gather at La Plaza de las Tres Culturas in Mexico City to remember the dozens of students who lost their lives that day. I invite you to read my brief piece entitled October 2nd is Not Forgotten and to listen to a fifteen minute recording of the gathering that took place on the 43rd anniversary of the tragedy. They can be found at http://soundethnography.com/. I look forward to reading your comments. Thank you, Cristina Cristina T. Bejarano -- Ph.D. Candidate (ABD) Department of Anthropology University of California, Irvine ___ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click yes (once you click above) next to would you like to receive list mail batched in a daily digest? You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
[liberationtech] Who's interested in project management collaboration tools? And...
where are they and how do I get their attention? Hi Folks, A lot of folks here are involved in using/developing technology to support various forms of networked collaboration, with particular leanings toward open, decentralized approaches. So I wonder if I might solicit opinions on the following. I've been working on some open source software to support virtual teams and projects - putting some of the experiences and techniques I've acquired over the years into code - and I'm trying to gather some support via Kickstarter. The thing is, I'm having a very hard time getting people to even visit the project's web page - so far, only about 300 people have visited the Kickstarter page, despite some serious attempts to spread the word across various email lists, twitter, and so forth. It's one thing if people were looking at the page and not contributing, but I can't even seem to get people's attention - which suggestions one or more of four things: - nobody cares about project management (I hope this isn't the case - I know administrivia isn't sexy, but an awful lot of people are working on an awful lot of projects, and getting buried in mountains of paper, email, phone calls, texts, meetings, and yellow stickies. I sure know that I'm always looking for ways to declutter that side of my life) - I'm not reaching people who care. - I'm reaching people, but not getting their attention. - I'm reaching people, getting their attention, but not providing enough motivation to go the next step and click their mouse (on http://www.kickstarter.com/projects/1947703258/smart-notebooks-keeping-on-the-same-page-across-th So... I'd really welcome any feedback on the questions who cares about project management collaboration tools, how to reach them, and what might motivate them enough to take a look at what I'm doing? Thanks very much, Miles Fidelman -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra ___ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click yes (once you click above) next to would you like to receive list mail batched in a daily digest? You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
Re: [liberationtech] Revised Liberationtech Mailing List Guidelines
Greg Norcie writes: This is a good logic, but there is still a problem even if Google scans uploads. Both state and nonstate actors often use zero day vulnerabilities. Since a zero day has never been seen before, there is no signature for it in any virus database. This is totally true in general, and of course these zero days have been used in real attacks, and of course Google can't necessarily recognize zero-day vulnerabilities. In the particular case of text documents shared through Google Docs -- as opposed to Word files hosted for download with some sort of file sharing site! -- I think malware is a comparatively minor risk. The reason is that when you upload a document to Google Docs, Google imports the content of the document into Google's own internal format. When you then download a document from Google Docs, Google is generating _a new document from scratch_ with the same text and formatting content as the original, but the result is not the same file that was originally uploaded. If someone mails you an attachment, or hosts a document file of their own creation on a web site, your word processor could be compromised if there are software vulnerabilities that the document exploits, like a buffer overflow. And this is also true of, say, a PDF document that you're going to open in a PDF reader; we know that there have been exploits used in the wild against PDF readers. By contrast, if you were to import some Microsoft Word file into Google Docs and then export the resulting Google Docs document in Microsoft Word format, what you'd get back would _not_ be the original file or any modified form of the original file. Instead, you would get a completely new Microsoft Word file, generated from scratch by Google, with essentially the same textual content as the original. (And if you were to export the Google Docs document as a PDF, what you'd get would be a PDF that Google generated from scratch.) Since these documents are being generated by Google in this way, using its own internally-developed software, Google will presumably create safe and valid documents for its users, not ones that contain exploits and malware. We might still worry that someone could _upload_ a malicious document to Google in order to attack Google's import process (and perhaps attack the Google Docs servers in various ways, whether to disable other security features or access private information), but I presume Google's security folks have been very cautious about this aspect and Google Docs import is probably much less vulnerable to malware and exploits than the file import features in popular desktop word processors like Microsoft Word, OpenOffice, and LibreOffice. (Also, attackers can study the binary code of Microsoft Word -- as well as Microsoft's security patches to it! -- or the source code of OpenOffice and LibreOffice -- as well as their developers' security patches to them! -- in order to try to find specific vulnerabilities. It's harder for attackers to speculate usefully about what vulnerabilities may exist in Google Docs import functionality because the attackers probably don't have access to any of the Google Docs code, whether source or binary. So even if there are exploitable vulnerabilities in the way Google Docs parses documents, it will be much harder for attackers to find and exploit them than it would be for published desktop software.) (How do I square this with my observation that Google can't necessarily recognize vulnerabilities? I think the main point is that the zero-day vulnerabilities we're likely to encounter are vulnerabilities in desktop software. Google may not be able to detect these, but it may not be vulnerable to them either! And with cautious programming, it can also default to rejecting files that are suspicious in some general ways, even if it doesn't know exactly what's bad about them. For instance, Andreas Bogk gave a talk last year at the CCC Camp about a PDF security scanner he's been developing which is able to reject several kinds of invalid PDFs automatically. Some of those invalid PDFs may be innocent and not contain any malware or exploits, but Google could still use a scanner like this to reject them and refuse to import them out of an abundance of caution.) -- Seth Schoen sch...@eff.org Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107 ___ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click yes (once you click above) next to would you like to receive list mail batched in a daily digest? You will need the user name and password you receive from the list
Re: [liberationtech] Who's interested in project management collaboration tools? And...
On 5 August 2012 03:25, Miles Fidelman mfidel...@meetinghouse.net wrote: where are they and how do I get their attention? Hi Folks, A lot of folks here are involved in using/developing technology to support various forms of networked collaboration, with particular leanings toward open, decentralized approaches. So I wonder if I might solicit opinions on the following. I've been working on some open source software to support virtual teams and projects - putting some of the experiences and techniques I've acquired over the years into code - and I'm trying to gather some support via Kickstarter. The thing is, I'm having a very hard time getting people to even visit the project's web page - so far, only about 300 people have visited the Kickstarter page, despite some serious attempts to spread the word across various email lists, twitter, and so forth. It's one thing if people were looking at the page and not contributing, but I can't even seem to get people's attention - which suggestions one or more of four things: - nobody cares about project management (I hope this isn't the case - I know administrivia isn't sexy, but an awful lot of people are working on an awful lot of projects, and getting buried in mountains of paper, email, phone calls, texts, meetings, and yellow stickies. I sure know that I'm always looking for ways to declutter that side of my life) - I'm not reaching people who care. - I'm reaching people, but not getting their attention. - I'm reaching people, getting their attention, but not providing enough motivation to go the next step and click their mouse (on http://www.kickstarter.com/**projects/1947703258/smart-** notebooks-keeping-on-the-same-**page-across-thhttp://www.kickstarter.com/projects/1947703258/smart-notebooks-keeping-on-the-same-page-across-th So... I'd really welcome any feedback on the questions who cares about project management collaboration tools, how to reach them, and what might motivate them enough to take a look at what I'm doing? Thanks very much, Have you seen bettermeans? www.youtube.com/watch?v=MAlnMWlvw9g Miles Fidelman -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra ___ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click yes (once you click above) next to would you like to receive list mail batched in a daily digest? You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
Re: [liberationtech] [Freedombox-discuss] Who's interested in project management collaboration tools? And...
Hi Melvin, http://www.kickstarter.com/projects/1947703258/smart-notebooks-keeping-on-the-same-page-across-th So... I'd really welcome any feedback on the questions who cares about project management collaboration tools, how to reach them, and what might motivate them enough to take a look at what I'm doing? Have you seen bettermeans? www.youtube.com/watch?v=MAlnMWlvw9g http://www.youtube.com/watch?v=MAlnMWlvw9g Have now, and in a sense it's the exact opposite of I'm working on - it imposes its view of how to manage collaboration, and it's a centralized system. Most of the feedback I'm getting has been telling me that I need to to a better job of differentiating what I'm doing from the mass of project management products and services, so... 1. Simplicity: The model is more about keeping everyone on the same page (like actors following the same script) than about lots of process. In the case of project management, a script looks more like a list of action items - hence the reason that an awful lot of project managers end up simply keeping track of things in spreadsheets. The trick is how to share the same script across the net. 2. Distributed and Peer-to-Peer: If you're happy with sharing a GoogleDocs spreadsheet, this project isn't for you. If you like linked spreadsheets, but wished they actually worked across the net, and used open formats and protocols - that's what I'm shooting for. Write an action item list in a spreadsheet-like format, email it to collaborators, then as folks update things, those updates propagate automagically - no sorting through tons of emails to extract updates. (Also allow more wiki-like things, for QA, background materials, etc. - again, distributed rather than all running on a central machine). 3. Open everything. -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra ___ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click yes (once you click above) next to would you like to receive list mail batched in a daily digest? You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
Re: [liberationtech] [Freedombox-discuss] Who's interested in project management collaboration tools? And...
Jay Sulzberger wrote: http://www.kickstarter.com/projects/1947703258/smart-notebooks-keeping-on-the-same-page-across-th Perhaps just limited encrypted Usenet? Funny you should mention that. NNTP is, to my mind, the world's greatest messaging protocol. Back in the day, Netscape built a collaboration server that added access controls and some management functions to an NNTP server - it was an incredibly powerful tool. In some sense, the model sitting in the back of my mind, is: - NNTP (with encryption and crypto-based access controls) - easier management of (private) group creation - messages containing HTML JavaScript that can do some embedded threading (think about sending a Wiki page, the initial page shows up as a news message, edits are automatically applied rather than showing up as separate messages) Also perhaps: http://www.kickstarter.com/projects/joeyh/git-annex-assistant-like-dropbox-but-with-your-own with a daemon that labels files, presents histories, and such like. Yes... saw that a while back - does look really interesting. Miles -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra ___ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click yes (once you click above) next to would you like to receive list mail batched in a daily digest? You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
