Kushal Das4

FOSS and life. Kushal Das talks here.

kushal76uaid62oup5774umh654scnu5dwzh4u2534qxhcbi4wbab3ad.onion

FreeBSD on a Thinkpad 230

From the first-ever conference I attended, I started picking up many tools and habits from other participants, speakers, and friends. It is still the same with many new conferences I go to, by meeting new people and learning about new technologies, or sometimes about technologies which are not so new.

I use Linux as my primary operating system at home over 15 years now, getting a good Internet connection helped to make it happen. It was the same for my servers too. I do run different distributions, depending on the kind of work that needs to be done. When I go to many language-specific or general technical conferences, I do always find some discussions related to which distribution is good for what. However, whenever I met Trouble aka Philip Paeps, his lines are always amusing, but, also making questions about how FreeBSD differs from Linux in every possible way. I had FreeBSD running in few VMs at home, which is okay to have an understanding of the basics. To know more in details, I decided to move my primary site https://kushaldas.in over FreeBSD around a year ago. Till now it is running fine, and as a simple static website, there is not much to do anyway.

Last week during rootconf I again met trouble and a bunch of old friends (who all are regular in the FreeBSD world). They helped me to understand how to upgrade to the latest release, and showed a few more tricks. I wanted to use it more to become familiar with command line tools.

I got a X230 laptop with CoreBoot and installed FreeBSD 12 on it. The necessary installation went very smooth. Then, I decided to have KDE as a desktop environment on it. I followed the guide. However, I failed to get sddm working. Even though friends at #freebsd and #bsdin tried to help/debug, only in the evening, we figured out that I was missing some critical Xorg related packages.

# pkg install xf86-input-keyboard xf86-input-mouse xf86-input-synaptics xf86-input-libinput xauth

Also, remember to upgrade the system to the latest.

# freeebsd-update fetch
# freebsd-update install

I have installed the regular applications I use in my standard Linux boxes, including FocusWriter. Remember to install the hunspell package and corresponding dictionary for your language, if you want to have spell checking in FocusWriter.

I am writing this blog post in the same tool in the FreeBSD system. I completely forgot how good the old X series ThinkPad keyboards were feeling nice to type on this. I will keep using this system for learning purpose and hoping to write more in the coming days.

Indian news websites over Tor and HTTP vs HTTPS

Following the idea of Secure The News, I wanted to verify if the Indian news websites have proper certificates or can they be viewed over Tor network.

The major problem was to get the list of urls, and I managed to create that from the Wikipedia list of Indian news organizations. Next, I had to write a straightforward Python script to verify the sites over Tor.

I have 181 site URLs and out of those, 5 are down. Among the rest 176 sites, surprisingly all but 3 sites could not be open from Tor network. The following 3 sites are blocking the users from Tor, thus, compromising the privacy and security Tor Browser provides to their readers.

On the other hand, when it comes to enabling HTTPS by default and redirecting people to that, most of these sites failed miserably.

117 sites do not provide their sites over HTTPS. If you do not know why it is important to provide the same, please read this. If you don’t know how to enable HTTPS on your website, you can read this guide.

This is the list of the URLs who are only on HTTP.

That missing paragraph

In my last blog post, I wrote about a missing paragraph. I did not keep that text anywhere, I just deleted it while reviewing the post. Later Jason asked me in the comments to actually post that paragraph too.

So, I will write about it. 2018 was an amazing year, all told;, good, great, and terrible moments all together. Things were certain highs , and a few really low moments. Some things take time to heal, some moments make a life long impact.

The second part of 2018 went downhill at a pretty alarming rate, personally. Just after coming back from PyCon US 2018, from the end of May to the beginning of December, within 6 months we lost 4 family members. On the night of 30th May, my uncle called, telling me that my dad was admitted to the hospital, and the doctor wanted to talk to me. He told me to come back home as soon as possible. There was a very real chance that I wouldn’t be able to talk to him again. Anwesha and I, managed to reach Durgapur by 9AM and dad passed away within a few hours. From the time of that phone call, my brain suddenly became quite detached, very calm and thinking about next steps. Things to be handled, official documents to be taken care of, what needs to be done next.

I felt a few times that I’dburst into tears, but, the next thing that sprang to mind was that if I started crying, that would affect my mother and rest of the family too. Somehow, I managed not to cry and every time I got emotionally overwhelmed, I started thinking about next logical steps. I actually made sure, I did not talk about the whole incident much, until recently after things settled down. I also spent time in my village and then in Kolkata.

In the next 4 months, there have been 3 more deaths. Every time the news came, I did not show any reaction, but, it hurt.

Our education system is what supposed to help us grow in life. But, I feel it is more likely, that school is just training for the society to work cohesively and to make sure that the machines are well oiled. Nothing prepares us to deal with real life incidents. Moreover, death is a taboo subject with most of us.

Coming back to the effect of these demises, for a moment it created a real panic in my brain. What if I just vanish tomorrow? In my mind, our physical bodies are some amazing complex robots / programs. When one fails, the rest of them try to cope , try to fill in the gaps. But, the nearby endpoints never stay the same. I am working as usual, but, somehow my behavior has changed. I know that I have a long lasting problem with emails, but, that has grown a little out of hand in the last 5 months. I am putting in a lot of extra effort to reply to the emails I actually managed to notice. Before that, I was opening the editor to reply, but my mind blanked, and I could not type anything.

I don’t quite know how to end the post. The lines above are almost like a stream of consciousness in my mind and I don’t even know if they make sense in the order I put them in. But, at the same time, it makes sense to write it down. At the end of the day, we are all human, we make mistakes, we all have emotions, and often times it is okay to let it out.

In a future post, I will surely write another post talking about the changes I am bringing in my life to cope.

Aadhaar, the mass surveillance system

If you are following me on Twitter, you have already seen a lot of (re)tweets related to Aadhaar. For the people first time hearing this term, it is a 12 digit unique identification number provided by the Unique Identification Authority of India (UIDAI). It is also the world’s largest bio-metric ID system. It is supposed to be a voluntary service.

From the very beginning, this project tried to hide the details from the Indian citizens. Let it be privacy advocates or security researchers or human rights activists, everyone predicted that this will become a monster, a mass surveillance system, a tool of choice of the power hungry dictators.

Like any other complex system, the majority of the people only see the advertisements from the government and completely miss all the problems and horror stories this project is creating. Here are a few links below for the interested people to read.

Neither my wife, nor our daughter has an Aadhaar (I also don’t have one), that means Py (our daughter) did not get admission to any school last year.

Whenever security researchers or journalists tried to report on the project, the UIDAI tried to hide behind denials and police complaints against the journalists or researchers. There are various reports on how one can get access (both read/write) to the actual production database with as little as $10-30. We now have examples of terrorist organizations having access to the same database. The UIDAI kept telling how this is an unhackable technology and for security they have a 13 feet wall outside of the data center which in turn will keep all hackers away.

They have already build 360 degree databases on top of Aadhaar, and now they are trying to link DNA to the same system.

The current government of India tried their level best to argue in the Supreme Court of India to tell that Indians don’t have any rights to privacy. But, thankfully they failed in this effort, and the Supreme Court ruled privacy as a fundamental right. We are now waiting for the judgment on the Aadhaar (which will hopefully come out in the next few weeks).

Meanwhile, the evil nexus is pushing down Aadhaar to the throats of the Indian citizens and Pakistani spies and gods.

A few days ago, in an event in Jaipur, they asked Edward Snowden the following question.

How big of an issue is privacy?

The answer started with from where that argument comes from.

The answer is that Nazi Germany. The nazi minister of propaganda Joseph Goebbels did this. Because he was trying to change the conversation away from “What are your rights?” and “What evidences must the government show?” to violet them, to intrude into your private life and instead said “Why do you need your rights?”, “How can you justify your rights?”, “Isn’t strange that you are invoking your rights? Isn’t that unusual?”. But, in a free society this is the opposite of the way it is supposed to work. We don’t need to explain why you have a right. You don’t need to explain why it is valuable, why you need it. It is for the government to explain why you don’t deserve it. They go to a court, they show that you are a criminal. This is increasingly falling out of favor, because the governments and companies think that it is inefficient. It is too much work. Life would be easier, life would be more convenient for them, life would be more profitable for them if we didn’t have any rights at all.

But, privacy isn’t about something to hide, privacy is about something to protect. And that is the very concept of liberty. It is the idea that there can be some part of you, of your life, of your ideas that belong to you, not to society. And you get to make the decision about who you share that with. -- Edward Snowden

Why are we reading this in your blog?

This might a question for many of you. Why are reading this in a blog post or in a planet? Because we, the people with the knowledge of technology are also part of these evil plans. We now know about many private companies taking part with their local government to build 360 degree profiles, to track the citizens and to run the mass surveillance systems. For example, related to Aadhaar, for the last 4 years, Google silently pushed the Aadhaar support phone number (which now UIDAI is trying to stay away from) to every Google Android phone in India. When they got caught red handed, they claimed that they did it inadvertently. Finacle software by Infosys denies creation of bank accounts without Aadhaar. Microsoft is working to link Skype with Aadhaar. Bill Gates is trying to push the idea that Aadhaar is all good, and does not have any issues.

What can you do?

You can start by educating yourself first. Read more about the technologies which controls our lives. Have doubt about the things and try to understand how they actually work. Write about them, ask questions to the people in power. Talk about the issues to your friends and family.

This is not gong to be an easy task, but, we all should keep fighting back to make sure of a better future for our next generation.

Latest attempt to censor Internet and curb press freedom in India

A branch of the Indian government, the Ministry of Information and Broadcasting, is trying once again to censor Internet and Freedom of Speech. This time, it ordered to form a committee of 10 members who will frame regulations for online media/ news portals and online content.

This order includes these following Terms of Reference for the committee.

  • To delineate the sphere of online information dissemination which needs to be brought under regulation, on the lines applicable to print and electronic media.
  • To recommend appropriate policy formulation for online media / news portals and online content platforms including digital broadcasting which encompasses entertainment / infotainment and news/media aggregators keeping in mind the extant FDI norms, Programme & Advertising Code for TV Channels, norms circulated by PCI, code of ethics framed by NBA and norms prescribed by IBF; and
  • To analyze the international scenario on such existing regulatory mechanisms with a view to incorporate the best practices.

What are the immediate problems posed by this order?

If one reads carefully, one can see how vague are the terms, and specifically how they added the term online content into it.

online content means everything we can see/read/listen do over cyberspace. In the last few years, a number of new news organizations came up in India, whose fearless reporting have caused a lot of problems for the government and their friends. Even though they managed to censor publishing (sometimes self censored) news in the mainstream Indian media, but all of these new online media houses and individual bloggers and security researchers and activists kept informing the mass about the wrongdoings of the people in power.

With this latest attempt to restrict free speech over the internet, the government is trying to increase its reach even more. Broad terms like online content platforms or online media or news/media aggregators will include every person and websites under its watch. One of the impacts of mass indiscriminate surveillance like this is that people are shamed into reading and thinking only what is in line with the government, or popular thought .

How do you determine if some blog post or update in a social media platform is news or not? For me, most of things I read on the internet are news to me. I learn, I communicate my thoughts over these various platforms on cyberspace. To all those computer people reading this blog post, think about the moment when you will try to search about “how to do X in Y programming language?” on Internet, but, you can not see the result because that is blocked by this censorship.

India is also known for random blockades of different sites over the years. The Government also ordered to kill Internet for entire states for many days. For the majority of internet blockages, we, the citizens of India were neither informed the reasons nor given a chance to question the legality of those bans. India has been marked as acountry under surveillance by Reporters Without Borders back in 2012.

Also remember that this is the same Government, which was trying to fight at its best in the Supreme Court of India last year, to curb the privacy of every Indian citizen. They said that Indian citizens do not have any right to privacy. Thankfully the bench declared the following:

The right to privacy is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution.

Privacy is a fundamental right of every Indian citizen.

However, that fundamental right is still under attack in the name of another draconian law The Aadhaar act. A case is currently going on in the Supreme Court of India to determine the constitutional validity of Aadhaar. In the recent past, when journalists reported how the Aadhaar data can be breached, instead of fixing the problems, the government is criminally investigating the journalists.

A Declaration of the Independence of Cyberspace

Different governments across the world kept trying (and they will keep trying again and again) to curb free speech and press freedom. They are trying to draw borders and boundaries inside of cyberspace, and restrict the true nature of what is it referring to here?.

In 1996, late John Perry Barlow wrote A Declaration of the Independence of Cyberspace, and I think that fits in naturally in the current discussion.

Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather. -- John Perry Barlow

How can you help to fight back censorship?

Each and every one of us are affected by this, and we all can help to fight back and resist censorship. The simplest thing you can do is start talking about the problems. Discuss them with your neighbor, talk about it while commuting to the office. Explain the problem to your children or to your parents. Write about it, write blog posts, share across all the different social media platforms. Many of your friends (from other fields than computer technology) may be using Internet daily, but might not know about the destruction these laws can cause and the censorship imposed on the citizens of India.

Educate people, learn from others about the problems arising. If you are giving a talk about a FOSS technology, also talk about how a free and open Internet is helping all of us to stay connected. If that freedom goes away, we will lose everything. At any programming workshop you attend, share these knowledge with other participants.

In many cases, using tools to bypass censorship altogether is also very helpful (avoiding any direct confrontation). The Tor Project is a free software and open network which helps to keep freedom and privacy of the users. By circumventing surveillance and censorship, one can use it more for daily Internet browsing. The increase in Tor traffic will help all of the Tor network users together. This makes any attempt of tracking individuals even more expensive for any nation state actors. So, download the Tor Browser today and start using it for everything.

In this era of Public private partnership from hell, Cory Doctorow beautifully explained how internet is the nervous system of 21st century, and how we all can join together to save the freedom of internet. Listen to him, do your part.

Header image copyright: Peter Massas (CC-BY-SA)

dgplug summer training 2018

dgplug summer training 2018 will start at 13:30 UTC, 17th June. This will be the 11th edition. Like every year, we have modified the training based on the feedback and, of course, there will be more experiments to try and make it better.

What happened differently in 2017?

We did not manage to get all the guest sessions mentioned, but, we moved the guest sessions at the later stage of the training. This ensured that only the really interested people were attending, so there was a better chance of having an actual conversation during the sessions. As we received mostly positive feedback on that, we are going to do the same this year.

We had much more discussions among the participants in general than in previous years. Anwesha and I wrote an article about the history of the Free Software and we had a lot of discussion about the political motivation and freedom in general during the training.

We also had an amazing detailed session on Aadhaar and how it is affecting (read destroying) India, by Kiran Jonnalagadda.

Beside, we started writing a new book to introduce the participants to Linux command line. We tried to cover the basics of Linux command line and the tools we use on a day to day basis.

Shakthi Kannan started Operation Blue Moon where he is helping individuals to get things done by managing their own sprints. All information on this project can be found in the aforementioned Github link.

What are the new plans in 2018?

We are living in an era of surveillance and the people in power are trying to hide facts from the people who are being governed. There are a number of Free Software projects which are helping the citizens of cyberspace to resist and bypass the blockades. This year we will focus on these applications and how one can start contributing to the same projects in upstream. A special focus will be given to The Tor project, both from users’ and developers’ point of views.

In 2017, a lot of people asked help to start learning Go. So, this year we will do a basic introduction to Go in the training. Though, Python will remain the primary choice for teaching.

How to join the training?

First, join our mailing list, and then join the IRC channel #dgplug on Freenode.

The journey continues at Freedom of the Press Foundation

The code we write is the extension of our emotions and thinking. A few months back a twitter thread on Gnome’s account made Anwesha and me think about it once again. I think the most important reply in that thread came from Miguel de Icaza.

The contribution to Free Software happens over 2 forms, for many it helps to solve or support a personal cause. Sometimes it is something we deeply care about (actually the 2 points are not that different). That is why people come back to home from their daily jobs, and then continue contributing upstream till late night. Many jobs now also allow working on upstream Free Software projects as part of the work. The word Open Source helped to create a bridge between businesses and creators. But, we still have to keep fighting for Freedom in various levels in life, even including for the basic human rights.

More than a month back, the Supreme Court of India ruled that privacy is a fundamental right to every Indian citizen. It was a huge win for every privacy advocate, but it was one of the big battles in the whole fight for right to privacy. Even though governments are using public money to develop software infrastructure, almost none of them are Free Software. There is a current campaign happening for having publicly financed software developer for people to be Free Software. No one knows what is going on in the closed source infrastructure, and if people point out the issues, they are getting punished. If you never heard about Aadhaar project in India, feel free to visit this site to learn about how much destruction it is bringing in.

Journalists were the most common people in the movies (in our childhood days) who used to find out all bad things people in power were doing, and at the end of the movie, public used to win with help of court (and sometimes fights between the hero and villains). Things have changed a lot over the years. Now technology enables many to be in a condition to find out the wrongdoings of the state, or private companies. It is much easier to send across that information to the journalists, and we can see how those revelations are helping the world. But, technology also enables the wrong-doers to attack the whistleblowers and the journalists who publish the truth to the people.

At this point if the government can identify the whistleblower, it is too dangerous to be a whistleblower. If we want to find what the state is doing, so that, we, the people, can have control over it, we need to make whistleblowers safe. -- RMS in his talk last year.

Freedom of the Press Foundation is one such organization working to protect and defend journalism, to support journalists and whistleblowers worldwide. One of the major development from the foundation is SecureDrop project. SecureDrop is an open-source whistleblower submission system that media organizations can use to securely accept documents from and communicate with anonymous sources. It was originally created by the late Aaron Swartz. The project also won The Award for Projects of Social Benefit from Free Software Foundation in 2016. This week I joined the Freedom of the Press Foundation as a staff member to help on the SecureDrop and other projects.

As I started writing the post with Why Free Software?, helping the journalists and whistleblowers with Free Software is vital cause I can personally relate to. In the last month, we saw at least 3 journalists killed in India, from 1992, we have the second highest deaths of the journalists due to their work. We also saw the increased death threats to the journalists in India and other parts of the world. The freedom of the press stands as a pillar of the democracy, and we will continue to protect it.

Taking off Red Hat, but not Fedora

Red Hat, the name means a lot of things to me. Red Hat Linux was the first Linux distribution I ever saw and worked with. Later I moved into Fedora, and it became my defacto distribution from Core 1 days. Started contributing to the project formally from 2006, and joined in Red Hat for the first time back in 2008. People kept asking me why do I wear my Red Fedora everywhere, why do I feel so enthusiastic all the time? For me, it is always the people, the company itself started to provide a healthy relationship with the businesses and Free Software vendors (including itself). It is still standing tall and growing because of the people in the company, who still cares about Freedom. I left Red Hat for 11 months in between, and then came back to work on Fedora itself as Fedora Cloud Engineer in the Fedora Engineering team. Later Sayan also joined the team.

The last 3 years were full of fun in different levels. There were last-minute breakages, heated discussion over IRC or on emails. But, the community stayed above of everything, the goal of releasing a better distribution for everyone, and kept inventing at the same time was in sync. I actually have to admit that I can not express my feelings about working on Fedora as a full-time job. It was the dream coming true. Friendships became deeper, found many complete new points of view at things in life. It is never only about technology. The 4 foundations always remind us why the community is still growing and why we are in love with the project. I should mention that most of my technical know-how about Fedora and many related things actually came from Patrick. He taught me a lot of things over the years.

I am now back as a community contributor to the project. This was a personal decision, and I got support from Anwesha and friends to go ahead with this. I always worked on upstream projects with my personal email ID, means there is nothing changed in Fedora directly for me.

At the end, I want to thank Paul Frields, Matthew Miller, Denise Dumas, and rest of the Fedora Engineering team and the community to give me this opportunity.

My new walking desk

I was spending a lot of time on my chair. My fitbit was telling me that on the face everyday. I had a trademill at home and of course was not using it enough.

Decided to change the scene with a walking desk. Converted my treadmill to a walking desk with the stuff found inside of my office room :) Did around 17k steps in day1 and around 20k+ steps from next day. I am feeling great. I increased the height of the monitor after I took this picture.

Sessions on Eucalyptus

Yesterday we had a session on Eucalyptus in my house. Total 7 people attended the session including me. We started with an all-in-one cloud installation on the Inter NUC(s). After the cloud is up and running, I installed Fedora 20 cloud image on it.

During the installation we had some nice discussions around different technology choices and features of Eucalyptus. Few people also noted the key differences and similarities between OpenStack and Eucalyptus.

Today evening we had a session on “Open Cloud” using Eucalyptus Community Cloud on #dgplug channel on freenode. 15 people attended the session. We went through the different parts of the user console. People created security groups and key pairs. Everyone started their own instances (with little hiccups) and sshed into them. The UI is simple enough for the students to get the idea.

In future I will be doing more sessions on IRC, starting from installing your own private cloud to learning different technology using cloud. I will also put the notes on my blog. If you think I should cover any particular piece of technology please leave a comment in this post.