Category: Tech

The SFLC Tries to Terminate Conservancy's Trademark

2017-11-16, 7:09 am
Categories: Politics, Stream of Consciousness, Tech

In my last two posts, I've talked about the Linux Foundation's apparent disdain for the GPL (the license that Linux is published under, which allows derivative works but requires them to be published under the same license), and Eben Moglen's apparent souring on legal enforcement of the GPL. I mentioned that the Software Freedom Law Center is seeking to terminate the Software Freedom Conservancy's trademark, and that Bruce Perens believes that this is retaliation by the LF. So let's continue, shall we?

The Linux Foundation now represents corporate interests, not the community. The GPL is designed to protect the community. So there's some friction there right off the bat.

In fact, as I mentioned in the first part, the LF used to have two community representatives on its board, but terminated the position.

Why? Well, it happened right after the Software Freedom Conservancy's Executive Director, Karen Sandler, announced her intention to run for a seat. Looks like the Linux Foundation didn't like that. VMware certainly didn't, since Conservancy is currently funding a GPL enforcement lawsuit against it.

And, as noted in the previous post, Eben Moglen published an article arguing against GPL enforcement. That doesn't seem to have gone over well with the Free Software Foundation; he resigned his position as FSF General Counsel soon after. That's a hell of a thing, after nearly 25 years in the role.

Now, Moglen's SFLC has filed to terminate the Conservancy's trademark, stating that the marks are too similar and could cause confusion. This seems out of the blue; the SFLC started Conservancy, and legally represented it for years; if it were concerned about trademark confusion, it should have expressed those concerns eleven years ago.

Perens went on a bit of a tear about this; he submitted an article to Slashdot titled Software Freedom Law Center Launches Trademark War Against Software Freedom Conservancy, and has commented extensively on two articles at LWN, one quoting Conservancy's post and the other quoting the SFLC's response.

Perens believes the connection is clear: as the Linux Foundation has come to represent corporate members over the Linux community, it has become increasingly critical of the GPL. Eben Moglen and the SFLC, which is funded by the LF, still purport to believe in the GPL, but have become increasingly critical of legal actions enforcing it. The LF includes VMware on its board, and Conservancy is funding a GPL enforcement action against VMware; in light of these facts, it does not appear coincidental that the LF eliminated its community representative positions right after the executive director of Conservancy expressed an interest in running for one, and the Software Freedom Law Center suddenly became concerned that the Software Freedom Conservancy -- an organization which it started -- has a name that's too similar.

So how will this all turn out? I'm not a lawyer, but I think Conservancy is on pretty solid ground here. Of course, if Perens is right, then this isn't really about a trademark at all. And if Perens is right and the Linux Foundation really is out to punish Conservancy, then this action may not be the end of it.

The SFLC and Conservancy: A History

2017-11-15, 7:59 am
Categories: Politics, Stream of Consciousness, Tech

Yesterday, I went over how the Linux Foundation doesn't seem to like the license Linux is published under very much.

Bruce Perens, co-founder of the Open Source Initiative and founder of the Linux Standard Base (which led to the formation of the Linux Foundation), says it's worse than that, and that the Linux Foundation is now undermining GPL enforcement against its member organizations.

This is a complicated story, so strap in. I mean, if this sounds like something you're interested in. If it doesn't, then I don't blame you; come back on Friday, when I'll have about 750 words on April from Teenage Mutant Ninja Turtles.

Still here? Okay.

The Software Freedom Law Center is funded by the Linux Foundation, and provides pro bono legal services and representation to developers of free/open-source software. Its chairman is Eben Moglen, who was pro bono general counsel for the Free Software Foundation from 1994 to 2016. Moglen has done a hell of a lot for free software over the course of the last 25 years.

In 2006, the SFLC launched the Software Freedom Conservancy, an organization that provides free financial and administrative services to free software projects. Today Conservancy represents 48 projects, notably including BusyBox, Git, phpMyAdmin, QEMU, Samba, and Wine. Conservancy is an independent entity and not part of the SFLC, though the SFLC represented Conservancy through 2011.

In 2007, the SFLC and Conservancy began GPL enforcement suits on behalf of BusyBox. BusyBox is a minimal bootable system that's in everything; if you're using a piece of consumer electronics that's more complicated than a microwave oven, there's a good chance it's got BusyBox in it. And a lot of those electronics companies don't bother to follow the GPL and release their source code modifications.

There's been some backlash against GPL enforcement in the years since. BusyBox's maintainer, Rob Landley, later regretted the lawsuits; he deemed them counterproductive, and said they hadn't helped BusyBox or any other project, they'd just convinced companies like Google to avoid the GPL and use permissive licenses instead.

Maybe so. But if nobody ever enforces the GPL, then it's meaningless. A mere suggestion.

Conservancy has continued its GPL enforcement actions. Currently, it's funding Christoph Hellwig's litigation against VMware in Germany. VMware distributes a modified version of the Linux kernel; Hellwig is a kernel contributor and, thus, one of the many copyright holders in the Linux kernel. (While many free/open-source projects require that contributors assign all copyright to a single rightsholder, such as Conservancy or the GNU Project, the Linux kernel does not; every single contributor to the Linux kernel maintains the copyright to the portion of the kernel they contribute, but licenses it under the GPL for anyone else to use.)

Eben Moglen seems to have soured on GPL enforcement. Last year he published an article in the International Free and Open Source Software Law Review titled Whither (Not Wither) Copyleft. His arguments are similar to Landley's: all these GPL enforcement suits are actually bad for the GPL, because they discourage companies from using the GPL at all.

Moglen makes the argument that litigation should be a last resort, and that parties should try to resolve their disputes amicably if at all possible. The thing is, I don't think anybody actually disagrees with that.

When has Conservancy chosen to sue, when there was any other path available? BusyBox v Westinghouse was a default judgement. Westinghouse didn't even bother showing up to court; I don't see how politely-worded E-Mails were going to get it to comply. Conservancy spent three years attempting to negotiate with VMware, to no avail; the lawsuit is a last resort. Whither copyleft? indeed.

Bruce Perens thinks the SFLC's recent trademark action is retaliation for Conservancy's enforcement action against VMware. I'll save the why for my next post. Tune in tomorrow, same Thad-time, same Thad-channel.

The Linux Foundation Hates Copyleft

2017-11-14, 7:47 am
Categories: Politics, Stream of Consciousness, Tech

It's been kinda weird, seeing the Linux Foundation slowly transform into an organization that is fundamentally opposed to the license Linux is published under.

But the Linux Foundation is in the business of turning a profit, and that's meant embracing corporate America -- even Microsoft is now a member. In fact, the board is overwhelmingly made up of corporate representatives now: Facebook, AT&T, Qualcomm, Cisco, VMware (we'll come back to them tomorrow), Intel, HP, Bitnami, Panasonic, Hitachi, Samsung, IBM, Microsoft (Microsoft!), Comcast, Huawei, NEC, Oracle, Fujitsu. There used to be two community representatives on the board, but they eliminated that position (we'll come back to that on Thursday).

Linux is published under the GNU General Public License. The GPL is what GNU/Free Software Foundation founder Richard Stallman calls "copyleft": if a piece of software is licensed under the GPL, then that means anyone else is free to access, modify, and redistribute the source code, provided that if they release a modified version, they publish it under the same license.

Corporations don't much like copyleft or the GPL. They like more permissive licenses, like the MIT License and the BSD Licenses, which allow them to take someone else's code, modify it, and not give their modifications back to the community.

Linus Torvalds, the man who the Linux Foundation is named after, gets this. FOSS Force's Christine Hall recounts his remarks at LinuxCon last year:

“I think that if you actually want to create something bigger, and if you want to create a community around it, the BSD license is not necessarily a great license,” he said.

“I mean, it’s worked fairly well, but you are going to have trouble finding outside developers who feel protected by a big company that says, ‘Hey, here’s this BSD license thing and we’re not making any promises because the copyright allows us to do anything, and allows you to do anything too.’ But as an outside developer, I would not get the warm and fuzzies by that, because I’m like, ‘Oh, this big company is going to take advantage of me,’ while the GPL says, ‘Yes, the company may be big, but nobody’s ever going to take advantage of your code. It will remain free and nobody can take that away from you.’ I think that’s a big deal for community management.

“It wasn’t something I was planning personally when I started, but over the years I’ve become convinced that the BSD license is great for code you don’t care about. I’ll use it myself. If there’s a library routine that I just want to say ‘hey, this is useful to anybody and I’m not going to maintain this,’ I’ll put it under the BSD license.

“Whenever licenses come up, I want to say that this is a personal issue,” he continued, adding a disclaimer most likely meant mainly for the benefit of the BSD folks, some of whom resent Linux’s success, but also to appease big enterprise, which is where the Linux Foundation gets virtually all of it’s funding.

“Some people love the BSD license,” he said. “Some people love proprietary licenses, and do you know what? I understand that. If you want to make a program and you want to feed your kids, it used to make a lot of sense to say that you want to have a proprietary license and sell binaries. I think it makes less sense today, but I really understand the argument. I don’t want to judge, I’m just kind of giving my view on licensing.”

Jim Zemlin, Executive Director of the Linux Foundation, seems to feel a little bit differently. Hall quotes him, in an article titled The Linux Foundation: Not a Friend of Desktop Linux, the GPL, or Openness:

“The most permissive licenses present little risk and few compliance requirements. These licenses include BSD and MIT, and others, that have minimal requirements, all the way to Apache and the Eclipse Public License, which are more elaborate in addressing contributions, patents, and indemnification.

“In the middle of the spectrum are the so-called ‘weak viral licenses’ which require sharing source code to any changes made to the originally licensed code, but not sharing of other source code linked or otherwise bound to the original open source code in question. The most popular and frequently encountered licenses in this category are the Mozilla Public License and the Common Public Attribution License.

“Restrictive Licenses present the most legal risk and complexity for companies that re-distribute or distribute software. These licenses are often termed ‘viral’ because software combined and distributed with this licensed software must be provided in source code format under the terms of those licenses. These requirements present serious risks to the preservation of proprietary software rights. The GNU General Public License is the archetype of this category, and is, in fact, the most widely used open source license in the world.”

Hall adds, "While his points are accurate enough, and reflect what I’ve already written in this article, the terms he uses suggest that the foundation holds the GPL and other copyleft licenses in contempt."

So what's all that got to do with the Software Freedom Law Center filing to have the Software Freedom Conservancy's trademark terminated? Nothing, insist the Linux Foundation and the SFLC. But Bruce Perens -- who founded the Linux Standard Base, one of the organizations that became the Linux Foundation -- thinks it's retaliation for a GPL enforcement lawsuit against VMware.

But that's a story for another post. Or two...

HyperCard

2017-11-07, 7:47 am
Categories: Games, Stream of Consciousness, Tech

I was looking for something to post about, and then Jeremy Parish posted a mail call for HyperCard comments over on Retronauts.

And I've got a few things to say about HyperCard, because there's a straight line between HyperCard and what I do for a living (and for a hobby) today.

HyperCard was my first development environment. I was 7 or 8 years old and I wanted to make games. Today we've got Kodu and Super Mario Maker. In 1990, we had HyperCard.

HyperCard's interface bore a certain resemblance to PowerPoint, with drawing tools that looked a lot like MacPaint. You could show slides -- or "cards" -- in order, as in PowerPoint, but you could also use buttons to link to cards out of order. So it was a useful language for making Choose Your Own Adventure-style games. "If you want to examine the sound coming from the next room, turn to page 38. If you want to see what's going on outside, turn to page 44." That kind of thing, but with buttons to click.

My game, SEKR's Awesome Adventures, was mostly that sort of thing. (It's pronounced "Seeker", and it was my grandpa's dog's name.) There were a few roundabout ways to get to where you were going, some of which would result in your untimely death. The most complex sequence involved selecting two tools from a list that you'd be allowed to use later on -- and keeping track of your selection required just a bit of actual programming.

I mostly built SEKR through the simple point-and-click frontend, but HyperCard also came with its own programming language, HyperTalk. I used HyperTalk to track what weapons/tools the user selected, and the endgame would adjust accordingly: you're in a pit; did you bring the grappling hook? It's pitch-black; did you bring the night-vision goggles? Store a variable and test a conditional; this is absolutely as simple as programming gets. It was a pretty good place to start.

And that's more or less how the Web works: fundamentally, it's a set of pages, and users navigate between them using hyperlinks. For more complicated stuff than just moving between pages, your browser has built-in support for a scripting language.

The similarities aren't coincidental. The HyperCard Wikipedia entry says:

Through its influence on Robert Cailliau (who assisted in developing Tim Berners-Lee's first Web browser), HyperCard influenced the development of the Web in late 1990. Javascript was inspired by Hypertalk.

HyperCard is where I started programming. And while I never did make a career of game development, I'm still programming, and there's a more-than-passing resemblance between developing for HyperCard and developing for the Web.

My grandmother's been cleaning old stuff out of her house, and a few weeks ago she gave me a bunch of old 3.5" floppies. SEKR's Awesome Adventures is probably in there somewhere -- the original graphical HyperCard version, the text-only remake I put together in QBasic a few years later, and maybe even the unfinished Turbo Pascal port with PC speaker music (which played fine on the 286 I wrote it on but way too fast on a 486; you had to turn off Turbo to slow it down. Remember Turbo buttons?).

I really should buy a USB floppy drive and see if I can get any data off those disks.

My Old Car

2017-11-02, 7:58 am
Categories: Stream of Consciousness, Tech

In 2006, I bought a used 2002 Chevy, for $4000.

It was a reliable damn car, and lasted longer than any of us expected. But about a year ago, the AC compressor went out. I decided it would make more sense to get a new car than fix the old one, so a few months ago, that's what I did.

I planned on giving the Chevy to my dad, who needs a car. But when we went in to transfer the title, we found out I couldn't. Turns out that, some years back, he sold his van to a coworker without getting the title transferred over. The coworker abandoned the van (whatever "abandoned" means; as we'll see below, in the eyes of the law "abandoned" can just mean "parked on the curb too long"), and now Dad's stuck with a $500 fine before he's allowed to register another car.

So the Chevy's been sitting out on the curb for the past few months, while I've been waiting for Dad to get his paperwork sorted. During these months, I didn't take the car out regularly to keep its battery charged -- I knew I should have, but it was a-hundred-and-fuck-you degrees out, and if I wanted to drive a car with no AC in that weather, I wouldn't have bought a new car.

So, my own damn fault; by the time I tried to take the car out again, the battery was dead.

The design of the street I live on makes it difficult to line two cars up for a jump. I've got a little device called a Power Station PSX that's got jumper cables and an air compressor built into it, but its battery was no longer holding a charge. I had already E-Mailed the Power Station company to ask if the battery was replaceable, but I'd received no response.

At any rate, on Thursday the 19th, I got home to find a bright orange sticker on my Chevy declaring that it had been confirmed as abandoned and I had 120 hours to move it or it would be towed.

I don't know if the police officer who left the tag was just a busybody -- it's pretty obvious to a casual observer that nobody's driven this car in awhile; it's got cobwebs and leaves and shit under it --, or if one of my neighbors complained about my car to the police. In the latter case, jeez, neighbor, I wish you'd just come and rung my bell and talked to me about it. I know the thing's an eyesore, and I didn't mean for it to be there this long, but is it really going to be any less of an eyesore in my driveway? If you'd asked me to just clean up the leaves and the cobwebs, I'd have done it.

And yeah, I've been meaning to get that battery charged anyway, but a hard 5-day deadline is a little tight. I mean, it's nice to have a weekend in there, but even if I can find a battery with Amazon two-day shipping at this point, it's Thursday night and that means I won't be getting it until Sunday.

I wondered if I could just reverse the thing back a car-length. What's the legal standard for moving your car? So I called the Tempe Police Department, and talked to an officer who politely and repeatedly failed to answer that question. "How far do I need to move it?" -- "You need to move it." -- "Yes, but what is the legal standard for moving it? If I move it one car length, will it still be considered abandoned? If I move it a couple of houses over, will it still be considered abandoned?" -- "Sir, you just need to move your car within 120 hours." And so on.

Ultimately, I decided the only safe course of action would be to move the Chevy to the driveway and keep my new car on the curb. This doesn't really seem like it solves any kind of a problem. I pointed this out, in exasperation: "If I just switch them so that the old car is in the driveway and the car I drive to work is on the curb, I don't see how that's helping anybody."

"Because," she said, "then the car isn't there during the time you're at work." And I remembered, ah yes, never ask a police officer how a law makes sense, and disengaged from the conversation. It reminded me of the Douglas Adams story about the time he was pulled over to the center lane in the middle of a curve, and when he protested to the policeman that this was unsafe, the policeman responded that it was safe because he was there at the request of a policeman.

Yes. Yes of course everybody is better off because, during work hours, there's not a car in that spot. In case there's, like, a block party in the middle of a weekday and there's no other place to park. How silly of me.

So I went back to trying to figure out whether I could change the battery in my Power Station, or, if I couldn't, whether I could replace the whole thing -- and, either way, whether I could do it by Tuesday afternoon.

A replacement Power Station would run $150 -- and wouldn't be there in time.

So I searched some more for answers on whether I could replace that battery. And I found a YouTube video demonstrating how to do exactly that.

The official battery, the brand and model that came with the Power Station, was expensive and I couldn't find it with Prime shipping. But, for the first and only time in human history, a YouTube comment proved helpful: commenter Maverick Alchemist noted that, based on the voltage, wattage, and physical dimensions of the battery, an item listed as ExpertPower EXP12180 12 Volt 18 Ah Rechargeable Battery with Nuts and Bolts should do the job. And whaddaya know: two-day shipping.

I kept busy Friday night and Saturday; I made sure to get my chores out of the way -- yard cleaned, dishes washed, laundry done, bills paid, groceries purchased -- before Sunday, to make sure I'd have plenty of time to take care of the car -- change the Power Station battery and jump it, at minimum, and then, if something broke down along the way (battery didn't arrive on time, battery didn't work, jump didn't work...), time to get somebody to help me push the damn thing into the driveway in case my wife and I couldn't manage it by ourselves.

I managed to finish all my other chores up in time to take Saturday night off and go to the Alamo Drafthouse to see the Mads. I'll have a post about that along soon.

So Sunday rolled around. I took the Power Station out front, grabbed my tools, and set to taking it apart to change the battery. The process was tedious -- a hell of a lot of screws, and a couple of inconveniently-placed nuts -- but straightforward. The new battery arrived, the new battery worked, I buttoned it back up. The new battery didn't have a full charge, so I went ahead and plugged it in for a few hours, just to be sure.

And so finally, Sunday evening, around sundown, I went out, popped the hood, wired it up, and turned the Power Station on.

I turned the key.

It started.

First try. It really couldn't have possibly gone any better. Like I said: this old girl is reliable.

So I drove around the neighborhood for about half an hour, to make sure I got a good charge. It was a nice drive, too, with the windows down; we're still seeing some pretty warm days here (I think that day got up to the high 90's), but the evenings are pretty much perfect.

I'll try and take it out once a week or so from here on in, so I won't have to do that again.

Net Neutrality Day

2017-07-12, 8:31 am
Categories: E-Mail, Politics, Stream of Consciousness, Tech

Today's the Net Neutrality Day of Action.

Here's what I said about net neutrality during the open comment period in 2014, before the Title II rules passed, when the FCC was pushing a policy that would allow ISPs to charge websites for fast lanes:

This is exactly the kind of policy you get when you put a cable company lobbyist in charge of the FCC: a plan nobody but the cable companies could possibly want, and that seeks to make the Internet work like cable TV.

This plan has no benefit whatsoever to consumers. Cable companies demand extortion money from content providers; the providers who are willing and able to pay pass that cost on to their consumers (as Netflix has already done by raising its streaming subscription price), and the providers who aren't are put at a crippling disadvantage. You can bet the ever-increasing bottom dollar on your cable bill that if Comcast had had the opportunity to demand a premium from YouTube to stream video in 2005, we wouldn't be talking about YouTube today -- though maybe that would have been good news for Real Networks, as we'd probably still be limping along on the vastly inferior RealPlayer. Buffering...

This proposal is a government handout to the kind of companies that need it the least: monopolies and near-monopolies that already provide poor service at exorbitant prices, and suffer no market backlash for the simple reason that they provide a necessary service and have no competition.

Google doesn't want this. Microsoft doesn't want this. Netflix doesn't want this. Amazon doesn't want this. Consumers don't want this, and small businesses sure as hell don't want this. The only ones who DO want this are the cable companies who pick our pockets every month -- and their former employees like Chairman Wheeler.

And here's what I said during the open comment period this year, with the FCC preparing to repeal the Title II rules and, once again, proposing Internet fast lanes:

Seeking public comment? This is a farce. Chairman Pai heard exactly what the public had to say in 2014. The public responded, overwhelmingly, in support of net neutrality; indeed, the public interest was so high that the traffic brought down fcc.gov.

If Chairman Pai cared what the public thought, he would not be reversing a rule supported by the public in order to grant more power to internet service providers, some of the most despised companies in America. Nobody wants this except Comcast, AT&T, Charter, and Time Warner.

There is no free market competition in broadband Internet in America. There is no incentive for ISPs to compete on price or on service. We, as Americans, are a captive audience; our only choices are "use whatever ISP is available at our address" and "try to participate in twenty-first century America without Internet access".

We've already seen AT&T prioritizing its own traffic and Comcast banning protocols it didn't like. We need net neutrality protections to prevent predatory, monopolistic ISPs from engaging in that behavior. This is obvious to every American who's seen their monthly bill go up while the quality of service goes down.

But Chairman Pai has made it abundantly clear that he doesn't care what the American public has to say. If he did, he wouldn't even be considering repealing net neutrality.

I was wrong about Wheeler. He backed away from the fast-lane proposal, and passed Title II regulation. It wasn't perfect, but it was better than I ever thought we'd get.

I don't think I'm wrong about Pai. I'd love to be, but I think the fix is in. Pai doesn't give a fuck what the American public has to say.

But it's not about Pai. Pai won't last forever. Trump won't last forever. Even if the Republican majority in Congress sticks around, they're going to have to face their constituents sooner or later. And while net neutrality is a partisan issue on Capitol Hill, it's got broad bipartisan support everywhere else.

I don't think today's protests are going to make a damn bit of difference to Pai. But this is a long game. We need to keep the pressure on.

And hey, I've been surprised before. I thought SOPA and the TPP were foregone conclusions too. Maybe I'll be pleasantly surprised again.

Tracking

2017-07-11, 8:22 am
Categories: Politics, Stream of Consciousness, Tech

I wrote a post about VPNs a few months back, referring to the recent repeal of Obama-era regulations that would have prevented ISPs from selling customer browsing history.

There's a common refrain I've seen from people who favor the repeal, both in the government and in Internet comments sections: "Google and Facebook track you and sell your data, and the government doesn't stop them from doing it, so it's not fair to stop your ISP from doing it!"

Now, this argument is fundamentally dishonest, for the following reasons, off the top of my head:

  • Your ISP sits between you and every single site you visit. Google and Facebook have extensive tracking operations, but not that extensive.

  • You can use the Internet without using Facebook or Google. It may not be easy, but it's possible. You can't use the Internet without your ISP.

  • Google and Facebook's business model is that they provide a service and, in exchange, you allow them to gather your personal data and resell it to third parties. Your ISP's business model is that it provides service and, in exchange, you pay them eighty fucking dollars a month. Did I say eighty? They just kicked it up to one-thirty, if you want unlimited data.

    When you give your personal data to Facebook or Google to sell to third parties, you get their service in return. When you give your personal data to your ISP to sell to third parties, you get fucking nothing in return, because you're already paying your ISP money in exchange for Internet service. Is your ISP going to lower your bill in exchange for taking your personal information to sell to third parties? LOLno.

  • Google and Facebook have competitors. Those competitors don't have the dominant market position that Google and Facebook do; hell, maybe they're just plain not as good. But they exist. They're options.

    There is no significant broadband competition in the US. If I don't like my ISP, I can't just switch to another one, because there is no other one available at my address. My choices consist of Cox, no Internet, and moving.

    There's no incentive for your ISP to behave ethically. There's no incentive for your ISP to charge you fairly. There's no incentive for your ISP to provide quality service. My ISP is a monopoly. Yours probably is too. Or, at best, it might have one competitor that does all the same shit.

  • Google and Facebook have pages where you can opt out of tracking.

But. Despite the intellectual dishonesty of the "but Google and Facebook track you!" argument, there is a kernel of truth in there: yes, Google and Facebook track you, yes it's difficult to avoid that tracking, and no, there are no regulations in place to protect your data. This is a problem.

So, shortly after writing that post, I removed the Google Analytics code from this site. And now I've also updated the site so that the fonts it uses are hosted here at corporate-sellout.com, not called from Google Fonts (hat tip to the Disable Google Fonts WordPress plugin). I'm still using a Google Captcha on the Contact page for now, but I'm looking at alternatives. Plus, there are YouTube videos embedded on this site...and, well, there's nothing I can really do about preventing Google from tracking you when you load YouTube videos. Sorry about that.

I'm also planning on adding SSL to the site, eventually, but I haven't gotten around to it yet.

This blog's not a business. Occasionally somebody buys something through an Amazon Associates link, or buys my book (thanks!), but I've got a day job; I'm not here to make money. I write stuff here because I like to write stuff. Sometimes people like it, and that's cool, and it's cool to know that people are reading. But that's as far as my interest in analytics goes.

I don't resell data; I don't do SEO or A/B headlines or clickbait or any other kind of crap to try and drive people here -- hell, I hate all that shit. But I like looking at site stats once in awhile to see where people are coming from, where somebody's mentioned me, and to laugh at search terms like "did stan lee bone at jack kirby's wife".

So I'm looking for a new stats package. Server-side; just for me, not Google.

Meanwhile, I am looking for ways to use Google as little as possible, not just on this site but in general. I think I can probably get a few more posts out of that subject.

Hide Techdirt Comments

2017-07-10, 8:30 am
Categories: Stream of Consciousness, Tech

Updated 2022-02-28: Updated script for the new Techdirt comment engine.

Updated 2021-04-30: Fixed a bug that was preventing some replies from being hidden.

Updated 2019-09-11: Minor update because the site layout has changed slightly and the old version was no longer working.

Updated 2019-04-11: General cleanup; change to OOP.

Remove some techniques that are no longer needed since recent Techdirt update; add handling for some new types of predictable troll behavior.

Better blocking of flagged users who aren't logged in.

Updated 2018-08-19: Hide comments that have already been hidden by user flagging (this is mostly useful if the hideReplies boolean is set true).

Updated 2018-08-15: Added hideLoggedOut. If set true, then the script will hide any user who isn't logged in, unless their name is in the whitelist array.

Added hideReplies. If set true, then when the script hides a comment it will also hide all the replies to the comment.

If you set both hideLoggedOut and hideReplies to true, then the Techdirt comments section gets much quieter.

Updated 2018-08-09: Some doofus has been impersonating me. Script will now automatically flag and hide posts by fake Thad.

In addition to hiding posts if their subject line is too long, the script will now also hide posts if the username is too long. Additionally, the script can automatically flag posts if the subject or username exceeds a specified length.

This thing's gotten complicated enough that I think it's probably subject to copyright now. I've added a license. I chose a 3-Clause BSD License.

Updated 2018-06-20: Ignore mixed-case and non-alpha characters.

Updated 2018-03-06: Fixed case where usernames inside links were not being blocked.

Updated 2018-03-04: Added function to hide long subject lines, because some trolls like to write manifesto-length gibberish in the Subject: line.

There is now a maxSubjectLength variable (default value: 50). Any subject line exceeding that length will be hidden. If you reply to a post with a subject line exceeding that length, your reply's subject line will default to "Re: tl;dr".

Updated 2017-07-12: Added @include.

In my previous post, I mentioned that I spend too much of my life responding to trolls on Techdirt.

With that realization, I whipped up a quick Greasemonkey/Tampermonkey script to block all posts from specified usernames.

// ==UserScript==
// @name          Hide Techdirt Comments
// @namespace     https://corporate-sellout.com
// @description	  Hide comments on Techdirt, based on user and other criteria.
// @include       https://www.techdirt.com/*
// @require       https://c0.wp.com/c/5.9.1/wp-includes/js/jquery/jquery.min.js
// ==/UserScript==

const $ = jQuery;

// Boolean settings:
// if true, hide all posts from users who aren't logged in
const hideLoggedOut = true,

// if true, hide all replies to hidden posts
  hideReplies = true;

// List of users whose comments you want to hide -- collect 'em all!
const blacklistedUsers = [
  'btr1701',
  'Koby',
  'Richard Bennett'
],

// If an anonymous post begins with one of these strings, hide it
blacklistedStrings = [
  'out_of_the_blue',
  'Nothing to hide, nothing to fear'
],

// List of users whose comments you don't want to hide
whitelistedUsers = [
  'Chip',
  'Thad'
];

// global variable for storing gravatars of non-logged-in posters who have been blocked
let blockedGravatars = [],

// global variable for storing comments that aren't hidden
comments = [];

// check all non-hidden comments for a blocked gravatar
// (check each time a gravatar is blocked)
function checkCommentsForBlockedGravatar(blockedGravatar) {
  for(let i=0; i<comments.length; i++) {
    if(comments[i].gravatar === blockedGravatar) {
      comments[i].gravatarBlocked = true;
      comments[i].removeComment();
    }
  }
}


// Comment class
// Constructor
function Comment(node) {
  this.container = node;
  this.body = $('> .comment-body', this.container);
  this.nameBlock = $('.comment-author', this.body);
  this.name = $('> .fn', this.nameBlock).text();
  this.linkNode = $('> .url', this.nameBlock);
  this.loggedIn = this.linkNode.length > 0
    && this.linkNode.attr('href').startsWith('https://www.techdirt.com/user/');
  this.gravatar = $('> img', this.nameBlock).attr('src');
  this.gravatarBlocked = false;
  this.flagBtn = $('.report-button', this.body);
  this.alreadyHidden = this.container.hasClass('flagged');
  this.alreadyFlagged = this.flagBtn.hasClass('has-rating');
  this.postContent = $('.comment-content', this.body).text().trim();
  
  // If I click on the "Flag" button, remove the comment
  var that = this;
  that.flagBtn.one('click', function() {
    that.removeComment();
  });
}

// Functions
Comment.prototype = {
  constructor: Comment,
  
  checkForBlockedGravatar: function() {
    if(this.loggedIn) {
      return false;
    } else if(this.gravatarBlocked !== true) {
      // only need to find gravatar in blockedGravatars array once;
      // once this.gravatarBlocked is set true, then it will always be true.
      this.gravatarBlocked = blockedGravatars.includes(this.gravatar);
    }
    return this.gravatarBlocked;
  },
  
  blockGravatar: function() {
    this.gravatarBlocked = true;
    blockedGravatars.push(this.gravatar);
    checkCommentsForBlockedGravatar(this.gravatar);
  },
  
  removeComment: function() {
    if(hideReplies === true) {
      this.container.remove();
    } else {
      // replace comment with 'removed'
      // -- because replies will still be visible, this is necessary
      // so you can tell there's a missing post that they're replying to.
      this.body.text('removed');
    }
    if(!this.loggedIn && !this.gravatarBlocked) {
      this.blockGravatar();
    }
  },
  
  badStart: function() {
    for(let i=0; i<blacklistedStrings.length; i++) {
      if(this.postContent.startsWith(blacklistedStrings[i])) {
        return true;
      }
    }
    return false;
  },
  
  check: function() {
    if(
      this.alreadyHidden
      || this.alreadyFlagged
      || this.checkForBlockedGravatar() === true
      || blacklistedUsers.includes(this.name)
      || (this.loggedIn === false && hideLoggedOut === true && !whitelistedUsers.includes(this.name))
      || (this.name === 'Anonymous Coward' && this.badStart())
    ) {
      this.removeComment();
      return true;
    }
    return false;
  }
};

$('div.comment').each(function() {
  // skip comment if it's already been removed
  if(document.contains($(this)[0])) {
    const cmt = new Comment($(this));
    if(cmt.check() === false) {
      comments.push(cmt);
    }
  }
});

License

Copyright 2017-2021 Thaddeus R R Boyd

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
  2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
  3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Further Thoughts

(Note: The script was much smaller when I originally wrote this part of the post.)

This is a blunt instrument; it took about five minutes to write. It lacks subtlety and nuance.

Blocking all anonymous posters on Techdirt is not an ideal solution; most anons aren't trolls. (Most trolls, however, are anons.) I apologize to all the innocent anons blocked by this script.

I could make the script more precise. Techdirt's trolls are creatures of habit with certain noticeable verbal tics (more on that below); if I had a good parser, I think I could whip up a scoring system that could recognize troll posts with a high degree of accuracy.

The question is, how much time do I want to spend on that?

On the one hand, "five minutes in a text editor" is the appropriate amount of time for dealing with forum trolls. Anything else seems like more effort and attention than they deserve.

On the other hand, it's a potentially interesting project, I've always wanted to spend some time studying natural language processing, and any programming project is time well-spent if it teaches you a new skill.

So I haven't decided yet. Here's the script as it stands, in its initial, blunt-instrument-that-took-five-minutes form. If I update the script, I'll update this post.

Chip Tips

Lastly, as I can no longer see anonymous posts, this means I will likely have to give up my beloved sockpuppet, Chip, the man who hates all government regulations and loves to eat leaded paint chips. To anyone and everyone else who wants to keep the spirit of Chip alive, you have my blessing to post under his name.

A few tips on how to write as Chip:

  • Never use the backspace key.
  • Remember to add random Capital Letters and "quotation marks" to your posts, in Places where they "don't" make Sense!
  • Most sentences should end with Exclamation Points!
  • I told you So!
  • I have "lots" of Solutions! So many I can't Name a single "one"!
  • Sycophantic Idiots!
  • Every Nation eats the Paint chips it Deserves!

Boy, my regular readers are going to have no fucking idea what I'm talking about in this post.

Come back tomorrow; I plan on having a post about online privacy that should be a little less niche.

Resources for pfSense, Private Internet Access, Netflix, and Hulu

2017-04-02, 3:32 pm
Categories: Politics, Tech

You've probably heard by now that the US Congress just repealed Obama-era regulations preventing Internet service providers from selling their users' browsing data to advertisers. I'll probably talk more about that in future posts. For now, I'm going to focus on a specific set of steps I've taken to prevent my ISP (Cox) from seeing what sites I visit.

I use a VPN called Private Internet Access, and a hardware firewall running pfSense. If that sentence looked like gibberish to you, then the rest of this post is probably not going to help you. I plan on writing a post in the future that explains some more basic steps that people who aren't IT professionals can take to protect their privacy, but this is not that kind of post.

So, for those of you who are IT professionals (or at least comfortable building your own router), it probably won't surprise you that streaming sites like Netflix and Hulu block VPNs.

One solution to this is to use a VPN that gives you a dedicated IP (I hear good things about NordVPN but I haven't used it myself); Netflix and Hulu are less likely to see that you're using a VPN if they don't see a bunch of connections coming from the same IP address. But there are problems with this approach:

  • It costs more.
  • You're giving up a good big chunk of the anonymity that you're (presumably) using a VPN for in the first place; your ISP won't be able to monitor what sites you're visiting, but websites are going to have an easier time tracking you if nobody else outside your household is using your IP.
  • There's still no guarantee that Netflix and Hulu won't figure out that you're on a VPN and block your IP, because VPNs assign IP addresses in blocks.

So I opted, instead, to set up some firewall rules to allow Netflix and Hulu to bypass the VPN.

The downside to this approach is obvious: Cox can see me connecting to Netflix and Hulu, and also Amazon (because Netflix uses AWS). However, this information is probably of limited value to Cox; yes, they know that I use three extremely popular websites, when I connect to them, and how much data I upload and download, but that's it; Netflix, Hulu, and Amazon all force HTTPS, so while Cox can see the IPs, it can't see the specific pages I'm going to, what videos I'm watching, etc. In my estimation, letting Cox see that I'm connecting to those sites is an acceptable tradeoff for not letting Cox see any other sites I'm connecting to.

There are a number of guides on how to get this set up, but here are the three that helped me the most:

OpenVPN Step-by-Step Setup for pfsense -- This is the first step; it'll help you route all your traffic through Private Internet Access. (Other VPNs -- at least, ones that use OpenVPN -- are probably pretty similar.)

Hulu Traffic -- Setting up Hulu to bypass the VPN is an easy and straightforward process; you just need to add an alias for a set of FQDNs and then create a rule routing connections to that alias to WAN instead of OpenVPN.

Netflix to WAN not OPT1 -- Netflix is trickier than Hulu, partly because (as mentioned above) it uses AWS and partly because the list of IPs associated with AWS and Netflix is large and subject to change. So in this case, instead of just a list of FQDNs, you'll want to set up a couple of rules in pfBlockerNG to automatically download, and periodically update, lists of those IPs.

That's it. Keep in mind that VPN isn't a silver bullet solution, and there are still other steps you'll want to take to protect your privacy. I'll plan on covering some of them in future posts.

Cox Claims to Be Unable to Revoke a DHCP Lease

2016-02-25, 12:49 pm
Categories: E-Mail, Stream of Consciousness, Tech

I've always advocated being kind to tech support people. They have a tough job, it's not their fault you have a problem, and they spend all day dealing with abuse from people who act like it is their fault.

Well, yesterday, for the first time in my life, I cursed out a phone support rep. I'm not proud of it, but in my defense, I'd been talking to support for 90 minutes by that point, and the last 30 of that had been a conversation where this tier-2 rep talked in circles, blamed me for problems with their server, repeatedly said she couldn't help me, refused to listen to my explanations of the problem, and acted like a condescending ass.

Seriously, this is the worst tech support experience I have ever had. Beating out the previous record-holder, the guy who told me that my burned-out power supply wasn't really burned-out, I was probably experiencing a software issue. After I told him there were burn marks on the power connector.

At least that one was funny. The conversation I had with Cox yesterday wasn't funny, just infuriating.

Here's what happened: on Monday evening, when I tried to send an E-Mail, I started getting this error:

An error occurred while sending mail: The mail server sent an incorrect greeting:
fed1rmimpo306.cox.net cox connection refused from [my IP address].

I tried unplugging the modem to see if I'd get a new IP assigned. No luck. I tried turning the computer off and then on again. No luck. I tried sending mail from other devices. Same result.

So on Tuesday afternoon, I pulled up Cox's live support chat to ask for some help.

The rep eventually told me he'd escalate, and that the issue should be fixed within 24 hours.

Just shy of 27 hours later, I pulled up Cox's live support chat again, to ask what the problem was.

The rep -- a different one this time -- quoted me this feedback from the ticket:

Good afternoon, the log below shows the username can send on our servers. This may be a software, device or network issue. Please review the notes and contact the customer.

In other words, they'd tested the wrong thing. The mail server was rejecting my connection, based on my IP address, before my mail client sent my username and password. And Cox's solution to this was...to confirm that my username and password were working.

I explained this to the rep, over the course of 75 excruciating minutes. I demonstrated by disconnecting my phone from my wifi network and sending an E-Mail while connected to my wireless carrier. It worked when I connected to Cox's SMTP server over LTE; the same mail app on the same phone failed when connected to my wifi.

I explained that the mail server was blocking connections from my IP address, and that they needed to either make it stop blocking my IP address or assign me a different IP address.

The rep told me that was impossible, that residential accounts use DHCP, which assigns IP addresses at random.

I told him that I know what DHCP is, and that I wasn't asking for a static IP address, I was just asking for someone to revoke my DHCP lease and assign my modem a new IP address from the DHCP pool.

He told me that the only way to get a new IP address is to disconnect your modem for 24 hours.

I told him that was unacceptable, and I asked if there was anyone else I could talk to.

He gave me a number to call.

The person who answered the phone said she'd escalate to a tier-2 tech. I said, pointedly, that I did not understand why nobody had thought to do that in the preceding 75 minutes.

As it turns out, tier-2 techs are worse than tier-1 techs. Tier-1 techs at least know that they don't know everything, and are willing to ask for help from people who know more than they do. Tier-2 techs think they do know everything, will not ask for help from someone who knows more than they do, and certainly will not listen to a customer who knows more than they do.

Well, probably not all of them. But that was sure as hell my experience with the tier-2 tech I got stuck with.

First, she had the sheer gall to tell me my modem wasn't connected to the Internet.

I told her I could connect to websites, I could receive E-Mail, and that the error message on sending mail was not a timeout, it was a Connection Refused. I added that I was doing this from a computer that was connected to my router by a cable, that I had not accidentally jumped on somebody else's wifi.

She would have none of it. She insisted "We can't see your connection here, so you're not connected." Repeatedly. When I told her that I was clearly connected to the Internet, she just kept telling me that no, I wasn't.

Finally she told me to bypass my router and plug my desktop directly into my modem. I told her that this wouldn't fix anything, because this was happening from multiple devices that all had Internet access. She got huffy and standoffish and told me she couldn't help me if I wasn't willing to do what she asked.

So I did it. I climbed back behind my computer, traced the cable to the router, and swapped it with the one coming from the modem.

Absolutely nothing changed. Except that she said. "Oh. You're running a Linux computer? We don't support Linux."

I responded, "The operating system I am using is not relevant to whether your server is accepting connections from my IP address."

But some reps aren't interested in helping. They're only interested in finding an excuse for why they don't have to help you.

I asked her if there was any way she could determine why my IP was being blocked. I noted that it seemed to be on some sort of blacklist.

She asked if I'd checked whether it was on any public blacklist. I responded that I had, and that it had an expired listing on SORBS from 2013 -- well before it was my IP address; I've only lived in this house since 2014 --, that I hadn't found it in any other blacklist, and that a SORBS listing from over two years ago should not result in my suddenly losing the ability to connect to SMTP two days ago.

She said that if I was on a blacklist, those were handled by third parties and it was my responsibility to get de-listed. I explained that I did not see my IP on any currently-active blacklists, and asked if she could look up what was causing the rejection. She said she couldn't.

I asked if she could reset my IP. She said that the only way to do it would be to shut down my modem for 25 hours. (Already I had somehow lost another hour!)

I told her that was unacceptable, and asked how I could get it reset remotely.

She told me that was impossible, that residential accounts use DHCP, which assigns IP addresses at random, and that the only way to get a new DHCP address is to disconnect your modem for 25 hours.

I told her that it is not impossible, that the same router that provides DHCP leases is capable of revoking them, and that I needed somebody to do that for me.

We went round and round like this for awhile.

At one point, she said, "We can't do that; it's done automatically."

I responded that anything a computer does automatically can also be done manually, and that there is certainly someone in Cox who has the account access to log into the router that is assigning IP addresses and revoke a lease.

She started to explain DHCP to me again -- it was about the fifth time at this point -- and I snapped.

I shouted, "I know how DHCP works; I ran an ISP, for fuck's sake!"

I feel kinda bad about that.

I finally got pushed over to a supervisor -- another twenty minutes on hold -- who tried to tell me that Cox can't help me because they don't support third-party programs like what I'm using, and that if I could send messages from webmail, that's what I should do.

I said, "Are you seriously telling me that Cox does not support sending E-Mail from phones or tablets?"

The supervisor backed off that claim and said that she didn't really understand the technical stuff, that she could send me back to tier 2.

I responded that it had been two hours and I didn't think it was in anyone's best interest for me to continue this conversation, but that if I decided to call back tomorrow, what could I do to get some service?

She said to ask for tier 2 again, and this time ask for a manager.

I'm debating whether I really want to deal with that kind of aggravation, or if I'd be happier just abandoning the Cox E-Mail address that I've been using for fifteen fucking years.

Incidentally, Cox just jacked its prices up by $7 a month. Why is it that every time the cost goes up, the quality of service goes down? I remember the first time they hiked my bill, they dropped Usenet service.

That was in 2009. Since then my bill's gone up $27. My service sucks; several times a day my connection just stops working and I have to restart the modem.

And of course I can't switch to another ISP, because there isn't one available at my address. My "choices", such as they are, are as follows:

  • Pay $74 a month for Cox
  • Steal wifi from a neighbor who's paying for Cox
  • See how far I can get using only my phone's data plan for Internet access

I'm pretty much fucked, like most Americans are on broadband access.

And the hell of it is, even if there were another provider available, all the alternatives seem to be even worse.

I mean, Christ, at least I don't have Time Warner or Comcast.