Web 2.0 and F/LOSS
Submitted by Jon on Fri, 09/26/2014 - 14:39
I am far from the first to compare digital security practices to safer sex practices. Heck, you can even see a rap career blooming as Jillian York and Jacob Appelbaum suggest that it's time that we "talk about P-G-P" at re:publica.
Talking about software and trust gets both very boring and very depressing quickly. Let's instead move on to the juicy sex-ed part!
A quick disclaimer: First, apologies for the at-times male and/or heteronormative point of view; I'd welcome more inclusive language, especially around the HTTPS section. Second, I am unabashedly pro-Tor, a user of the tor network, and am even lucky enough to get to collaborate with them on occasion. The garlic condom photo comes from The Stinking Rose..
Super-duper Unsafe Surfing
Using the Internet without any protection is a very bad idea. The SANS Institute's Internet Storm Center tracks "survival time" - the time a completely unprotected computer facing the raw Internet can survive before becoming compromised by a virus - in minutes. Not days, not even hours. This is so off the charts, that with a safer sex metaphor, using no protection is more akin to just injecting yourself with an STD than engaging in a risky behavior.
Barely less unsafe surfing
Adding in a constantly-updated anti-virus tool, and a firewall, and making sure that your operating system is up to date is akin to being healthy. You have a basically operational immune system - congrats!. You'll be fine if the person you're sleeping with has the common cold, but anything more serious than that and you're in trouble.
Using HTTPS - visiting websites which show up with a green lock icon - is also a good practice. You can even install some browser plugins like HTTPS Everywhere and CertPatrol that help you out.
HTTPS is kind of like birth control. You may successfully prevent *ahem* the unauthorized spread of your information, but you're still relying on a significant amount of trust in your partner (to have taken the pill, to withdraw), and there are things out of your knowledge that can go wrong - the pharmacist provided fake pills, or you have a withdrawal failure (please note this is about digital security advice, and not at all giving good safer sex advice - a quick visit to wikipedia is a good start for effective -- and non effective birth control methods!). With SSL Certificates, you are still trusting that the website has good practices to protect your information (insert the constant litany of password reset links you've had to deal with this year here), and there have been cases of stolen SSL certificates) and are tools to help an attacker try and intercept your encrypted traffic.
Slightly Safer Surfing
With digital security, a lot like with safer sex, some methods can be combined for a greater effect, but layering other methods can be a horrible idea. Adding using anti-virus tools, firewalls, system updates, and HTTPS on top of any other method here is a universally Good Thing.
Using a VPN is like using a condom, provided by your partner for this encounter, and given to them by a source neither of you have any real trust in. Asking the manufacturer for information about exactly how it's made, or what its expiration date is will often result in grand claims (but no hard evidence). Requests to see the factory floor and verify these claims are presumed to be jokes. The VPN-brand condom generally works, and is definitely fast and easy, but you're placing a lot of trust in a random company you found while searching the Internet, and probably also the cheapest one you found. On top of that, you're also still trusting your partner to not have poked any holes in the condom.
Overall, It's still much better to be using the VPN than not, and if you trust your partner (i.e. the website or service you're going to), and you trust the VPN provider for whatever reason - perhaps a widely trusted company has given an independent audit of the VPN, or you or your workplace has set it up yourself - then for most situations you're pretty safe. Layering a VPN on top of the above tools is good, but layering VPNs on VPNs or on other networks is actually not dissimilar to layering condoms - it actually makes failure in very weird (and, lets face it, awkward) ways /more/ likely.
Still, though, wouldn't it be better if you could rely even less on trust, and have that trust backed up with evidence that you yourself can look at?
Using Tor is like using a condom which you not only know has gone through extensive testing, you can even visit the factory floor, look at the business' finances, and talk with the engineers and factory staff. It's /still/ not 100% safe, but it is a heck of a lot safer, and you can verify each and every claim made about what it does and does not do.
And to be clear here, if you're logging in to a website over Tor, that website now knows who you are (you're no longer anonymous to them, and possibly others watching you do this along the wire), and that website is storing your password and may fail to protect it at some point. That website can still turn out to be malicious and attack you, and very powerful adversaries can even specifically try and intercept traffic coming from a website and going into the super-secret Tor network, change it, and include an attack they know works well against out of date versions of the browser you're using. An out of date Tor browser is like an expired condom - it's best not to bet your life on it.
To really (over-)extend the analogy, the Tor-branded condom business happens to be heavily funded by a religious organization that is strongly against birth control (and indeed has an entire project that tries to undermine birth control methods, to the point of installing secret hole-punchers in condom factories). This same organization (it's large!) does have a different and vocal component that strongly supports safer sex, and not only funds giving away condoms, but also the production of them. It's not, seemingly, the most logical set up, but hey, we're talking religion, politics and sex - logic doesn't always come in to play here.
Like sex, there is no truly "safe" way to play on the Internet, and it's unrealistic to expect that abstinence from the Internet is realistic. So, be careful out there, adopt safer practices, and keep your wits about you. Good luck!
Submitted by Jon on Fri, 09/19/2014 - 09:05
There's a budding conversation on "trust" over in the twitterverse. I began a draft post a while back that compared Tor (the amazing privacy and anti-censorship network and all privacy-protecting software to condoms. More on that soon, but let's actually talk about how you might have trust in a software project, using Tor as an example. Tor has been in the news recently, and I've had a ton of people ask me about how safe it is to use, so I figured one click-bait headline is as good as another in having an open and honest discussion about Tor.
First, let's be transparent. Tor - not unlike the Internet itself - did in fact start out as a project by the US Naval Research Laboratory, and does continue to receive funding by the US Government to support freedom of expression around the world, with targeted efforts to enable free speech and access to uncensored information in countries where Internet connections are heavily filtered.
So, can you trust Tor? How do you know that the NSA hasn't forced Tor into building a "back door" into the Tor software, like they did with RSA Security, and many other pieces of software you use daily, or like what has historically happened to privacy-protecting services like hushmail?
The answer is actually that you should not actually need to trust the organization behind Tor in order to be confident that the software is built to be safe. This is enabled by the fact that Tor is open source - meaning you can read every line of the code they use to build the software you install. Of course, even with open source software, you're trusting whoever is compiling it do do so on a secure system and without any extra malicious intent. The Tor Project answers this problem by using "deterministic builds", which let you check, independently, that the code posted publicly is the code you're running.
If you use Windows or Mac, both "closed source" operating systems, you are absolutely, 100% trusting that no one in the company, nor any government with significant sway over these companies, has snuck in code to allow remote spying. You have no way to inspect the code running your operating system, and every tool you use on top of it is vulnerable to being undermined by something as simple as a hack to the tiny piece of software that tells your computer how to talk with the keyboard, which could just as easily also store every password you have ever typed in. You're also trusting your ISP, every web site you log in to, and thousands of other intermediaries and companies, from the ones who provide SSL Certificates (enabling the "green lock" of a secure website) to the manufacturer or your wifi router and cablemodem to not betray your trust by accident, under duress, or with malicious intent.
Of course, even back in the green pastures of open source, there is no "absolute" level of trust, no matter how much we'd like there to be. Rare is the user who actually checks the "signature" of the download file against the posted "signature" online to make sure the tool they're about to install is the intended one. And even rarer is the user who checks in on the deterministic build process (and it's still fragile, so hard to guarantee even so). Even at this level, you are trusting the developers and others in the open source and security community to write solid code and check on it for bugs. The Tor Project does an exceptional job at this, but as heartbleed reminds us, huge, horrible bugs can go unseen, even in the open, for a long time. You're also trusting all the systems that the developers work on to not be compromised, and to be running code that is also in more or less good condition, and to be using compilers that aren't doing funny things.
For what it's worth, this is hardly a new problem. In my unhumble opinion, I'd still rather have this more open model of shared trust in the open source world than rely on any single company, whose prime motive is to ship software features on time.
So - can you trust Tor? I do. But saying that I "trust" Tor doesn't mean I have 100% faith that their software is bulletproof. All software has bugs, and particularly security software requires a lot of work on the part of the user to actually make it all work out as expected. It's time to talk about trust less as a binary and more as a pragmatic approach to decision making based on best practices, source availability, and organizational transparency.
Submitted by Jon on Sat, 04/12/2014 - 20:11
There's a point here about heartbleed and security — I promise. Keep with me.
As I am wont to once the weather finally begins to coöperate, I've been trying a few new things out on the grill. When I'm in this exploratory phase, I love digging through the infinitely interesting BBQ blogs of the Internet - they're full of hard-won knowledge about fire and smoke, but often lack a certain level of technical polish.
Case in point, my reference blog for this week's experiment was a well-seasoned old blog, but they'd lost every single comment from years of discussions. Why? No technical glitch, but simply because they'd chosen a private company to manage their comments - and it went out of business, leaving them not only without a commenting tool, but without those years of educational clarifications and discussions.
Ownership and control matter. This is true when you're talking about your possessions, your house, your comments on a BBQ blog, and with your software. I've railed against app-ification before, but I want to make a slightly deeper point here. If you bought a house, but with the condition that any repair, no matter how minor, you had to contract the previous owner (and only them) to make at a cost of their choosing - would you feel you really owned or controlled that house? Would you buy a car where the hood was locked shut, accessible only to the specific dealership where you bought it?
These cases are very much the situation with the vast majority of software you run on your computer. From Microsoft Word to Apple's iTunes, and even more insidiously, OSX and Microsoft Windows themselves - are all locked away from you. You've been forced to pay hundreds of dollars for them with the purchase of any computer - but you have no control or real ownership over them.
The alternative is what's called "free" or "open source" software (people get into fierce debates on the terminology here, which I'm ignoring for the time being). All software starts with instructions that are more-or-less understandable by humans; commands like if (this thing) then (do this other thing). Generally speaking, this "language" is then turned into something that's closer the more basic tools that computers understand. Imagine a particularly skilled dog with a great memory - by stringing together enough fetches, play deads, stops, roll overs and so on, you could eventually come up with a sequence of commands that would have this dog go out and buy a beer for you at the corner store, and bring in back.
"Closed source" software only gives you the computer-understandable version, and it's surprisingly difficult to turn that back into a simple, human-understandable chunk of logic. "Open source" software, on the other hand, always provides you with the original, understandable language.
This means a lot of things - one, you can tweak it. If you don't like the beer that your dog fetched, you can find the human-speak parts of the commands where it's selected, and make sure your preference for hoppy beer is respected, and then turn it back into the commands your computer can do.
This ability to change how your own tools work itself has many additional benefits - you can share that change, and if it's useful enough, that change itself will be included in the next version of the "core" software that everyone uses.
And finally, Heartbleed
This openness also means anyone can look at the logic that is driving their tool. This means that when you start talking about trusting software, there's a heavy preference towards the software that you can look at the source code of, and even more preference towards software where a lot of people have been looking at this same code.
So, that failed with heartbleed. The team behind OpenSSL is tiny compared to their impact. Two out of every three secure servers in the world are running the software that this four-person team manages. And on New Years Eve 2011, one of their developers committed a very, very subtle piece of code that basically didn't make sure that all the doors were closed behind it, and no one else at the time (or anyone who'd taken a look the in two years and chance since) noticed.
So obviously the whole open source thing is broken, right? The bug is out in the open for anyone to figure out, but no one fixed it!
It's not quite so simple. Do you really think that a working piece of closed-source code gets a second glance by its development team? They're just as bound by priorities and shipping product releases as an open-source team, but their code gets locked away with not even the chance for a third party to find a bug and lend a hand — but it's no more secure than the open source tools from concentrated probing, and testing for flaws just like heartbleed.
So yes, heartbleed was bad, but it was also a reminder in how powerful the open source software world can be in finding and fixing a bug. Most of us woke up with some updates to install, and that was the end of it. What horrible, dark bugs are lurking, unfindable, in every piece of closed source software? The precise number is unknowable, but the prevalence of viruses and malware that affect deeply closed systems like Windows might be a strong hint.
No more broken hearts
Going forward, I obviously have a long wishlist of things I'd like to see - a public discussion on what trust in software really means, better tools on every platform to guarantee software packages are what they claim to be (Tor is doing amazing work here), a return to inter-operable standards, especially when we're talking security systems... But as a beginning point, simply better support structures for open code development would be nice. We have volunteers building the basic structures of the Internet - which is an absolutely amazing and good thing - but let's make sure they have the time and resources to do it.
Submitted by Jon on Fri, 04/12/2013 - 09:29
I've been reflecting on some of the challenges I've faced across multiple organizations trying to leverage the power of technology to create positive social change. This reaches way back to my work as a Peace Corp volunteer, up through grad school, my time as a contributing editor at OLPCNews, and through multiple NGOs balancing tech, impact, and budgets.
Obviously, there's no definite one-size-fits all approach to implementing technology in any sector, much less the world of the international NGO that stretches from hip online platforms to how to best use dusty Nokia feature-phones.
Here are the principles I've come up with to date. I took these to Twitter in a lively discussion, and want to expound upon them a bit more:
- Build for sustainability. Minimize what you have to build yourself, and leverage existing platforms
This means giving strong preferences to open source platforms or at least existing services that meet a set of criteria (their service meets your needs, you own your data, shared values, track record...) For any service, someone, somewhere has already built a powerful framework that will be constantly updated and improved, and bakes in thousands of features (security, translation, powerful content management, mobile interfaces, etc.) which will be effortless to turn on when you discover you need them. Focus your precious software development budget on the much smaller number of things that are custom to your work and don't exist. This greatly reduces the initial dev costs as well as ongoing maintenance costs.
- Seriously, don't build it yourself.
Submitted by Jon on Mon, 11/19/2012 - 12:51
Create pro-consumer mobile technology and open up a new market of multi-platform and platform-agnostic users who want the best devices.
The Washington Post ran a great article on the increasing problems of vendor lock-in with tablets and mobile devices. In simple language it boils down the problem around why buying an app for one device doesn't give you access to that app anywhere else; if you switch from an iPhone to an Android phone, you'll have to re-buy your apps, and your iTunes content. This partially is lock-in, but there's also a halo-effect - you can transfer an app from on iPhone to a new iPhone, or content from your desktop iTunes to your iWhatever - and the more devices from the same vendor, the better the system works.
But this is a horrible direction to take, and why I rarely buy apps or content from locked-down stores like iTunes. My desktop computer runs Ubuntu Linux, my tablet Android, and my phone is an iPhone. The media server for our house is a Mac Mini, and I finally retired my hold-out Windows computer last year. I refuse to buy music that I can only listen to on one of those myriad devices any more than I'd buy a CD that only plays in my car, but not in my home, or food that I could eat in the kitchen, but not in the dining room or on a picnic.
By and large, I'm a good target demographic - some discretionary income, a gadget afficionado, and generally plugged in to fun new technologies, but my market is rarely well served.
Submitted by Jon on Mon, 09/24/2012 - 16:02
Here are the video links for my presentations from Campus Party Europe:
GeekEconomy with Don Tapscott (Author, Speaker and Advisor on Media, Technology and Innovation) and Simon Hampton (Director Public Policy EU, Google)
My slides and notes here: joncamfield.com/blog/2012/08/scaling_social_innovation
Submitted by Jon on Wed, 09/05/2012 - 15:21
Quick quiz. Which of these should not be protected as free speech?
[ ] A gun (you know, the kind you can hold and shoot)
[ ] Plans for a nuclear weapon
[ ] Political statements (lots and lots of them)
[ ] Detailed instructions on how to communicate privately
[ ] Detailed instructions on how to make an archival, digital copy of a DVD
The answer is either none or all of the above - we are in a world where free speech (in the form of computer code) can create real world objects and actions that are themselves regulated or outright illegal. But if the action is illegal, is the code that causes it also illegal? If so, the line gets very blurry very quickly. If not, we still have some fascinating problems to deal with, like printable guns. Regardless, we need to educate policy makers to understand this digital frontier and be prepared to defend free speech when this gets unpleasant. Spoiler: It's already unpleasant. Our world is defined by code, where programmed actions have very real, tangible effects.
Code of Protest
Civil disobedience can take some weird forms. While today masked digital vigilantes of Anonymous act as a curious type of Internet immune system; reacting against gross infringements of cyber liberty, their methods are not as new as you might think. In the late 90s, the Electronic Disturbance Theater (http://en.wikipedia.org/wiki/Electronic_Disturbance_Theater) was supporting the Zapatistas by flooding Mexican government sites with a rudimentary DDoS (Distributed Denial of Service) attack, which brings a webserver down by overloading it. This concept is at the heart of LOIC, Anonymous's "Low Orbit Ion Cannon" (http://en.wikipedia.org/wiki/Low_Orbit_Ion_Cannon). EDT's version, "Floodnet," had the nice touch of requesting webpages with names like "human rights" from the government sites, resulting in errors clogging up the server reading something like "404 - human rights not found." Asking for a webpage is pretty clearly something akin to shouting at a rally, or a "cyber sit-in" (http://angelingo.usc.edu/index.php/politics/cyber-sit-ins-grassroots-to-gigabytes/) - get enough people to do it, and it causes some level of annoyance - but it's still an act of speech.
Free speech and a dead-end for copy controls
Fortunately, CSS was not particularly well crafted, and was quickly and thoroughly broken with a chunk of code nicknamed decss by a Norwegian teenager nicknamed "DVD Jon". This caused a slight bit of controversy. DVD Jon was accused of theft in Norway, and users in the States were threatened with fines and jailtime for re-distributing it under the DMCA law.
In a predictable story arc, the next chapter of this story is of course the Internet digerati of the day getting royally teed off and causing a ruckus. The source code of decss was immediately turned into graphic art, secretly embedded in photos, turned into poems, and even a song (http://www.youtube.com/watch?v=GekuuNqAiQg) - a gallery of creative works using or containing the decss code remains online: http://www.cs.cmu.edu/~dst/DeCSS/Gallery/ . DVD Jon won his case (http://news.bbc.co.uk/2/hi/technology/3341211.stm) and we all celebrated the somewhat obvious win for free speech and consumer power.
Private speech and munitions export controls
We can rewind even further back to the early 90s, when Phillip Zimmerman published the entire source code of his powerful encryption tool, PGP, in a book (of the paper, box-shaped physical object type). Now, encryption this powerful was classified (until 1996) as a "munition" and subject to export controls with the types of penalties you might expect for selling military equipment on the black market. Had PGP been released as a program, it would obviously fall into this categorization. As text in a book, however, it appeared to be protected as free speech. The stupidity of the distinction of course also spurred many to make t-shirts and code snippets of this "illegal" code. Eventually, a series of court cases (Bernstein v. United States, Junger v. Daley) establishing that source code, indeed, counts as free speech.
Free speech and real munitions
Code is speech, code is reality.
In linguistics, you have the concept of "Illocutionary Acts" - acts which are embodied in language. There aren't many - no matter how I say that I'm going to go for an after-work run, the act of running can only be done by my whole body. Oaths are the best example of these acts - speaking the oath is making the oath, and that combination of idea and action is a powerful sentiment.
And every line of code can be just as powerful.
Submitted by Jon on Fri, 08/24/2012 - 18:00
What follows are my speaking notes from my talk with on the role of open source models in scaling social change. You can see this, plus Ashoka Fellow Gregor Hackmack's presentation onhis own amazing scale, at http://live.campus-party.org/player/load/id/27aba4389df7558611f3f6d5967b... .
Submitted by Jon on Fri, 05/25/2012 - 07:39
The ICT_Works blog has come out swinging: Linux vs. Microsoft is the most useless debate in ICT4D
As would any sane-minded person after being subjected to a shouting match in Kyrgyzstan. And the core point is absolutely valid - when you're talking about educational outcomes, there is no effective difference:
Educators stressed that teachers already had extensive training on Windows software and would be confused, even lost, in the Linux environment. Students who learned Linux and LibreOffice would be at a disadvantage in the job marketplace as employers would only hire staff that are fluent in Microsoft applications. [...] All of the adults in the conference learned how to use computers back when Windows 98 was in vogue, some even started with Basic, yet no one complains they cannot use an iPhone, iPad, or even MacBook without training.
Submitted by Jon on Wed, 11/09/2011 - 09:32
The trend I'm most interested in right now is actually as much offline as it is on. It really hit me a few weeks ago as I was reading through the minutes of an Occupy General Assembly. Here was a huge meeting with multiple viewpoints that was being successfully self-facilitated, prioritizing issues and moving quickly. This was a committee that was being collaborative, open, transparent, and still ... effective.
It really got me thinking on how we are are becoming accustomed to new social constructs in movements, government, and business. These concepts are familiar to anyone who's delved into the nuts and bolts of open source software -- like collaboration, shared or no ownership, team-building, and radical transparency -- but they're popping up everywhere offline.
So, I want to tackle the convergence of these concepts offline with the democratization of tools online
By democratization, I really mean simplicity and open to all. An important pre-condition to this is basic access, but we are increasingly living in an access-rich world, thanks to mobile. This year, Africa surpassed both European and the Americas and is now the second largest market for mobiles - behind only the Asia/Pacific region.
But beyond access, there is a new "digital divide" if you will -- the ability to create and engage in a participatory experience. Things like Twitter and blogging have long been low barriers of entry for getting your voice heard online. The exciting development in this arena is that it is mindbogglingly easy to create complex sites and apps with drupal and wordpress, at least compared to the work this would have taken 10 years ago.
This combination of a simple toolbox and open social constructs is powerful.
The past few years have been accelerating this convergence. Blogs and Wikipedia have permanently altered publishing, Twitter, Facebook and foursquare have opened up your social life, and Yelp and Tripadvisor have changed your customer service interactions with travel and dining destinations.
But more importantly, crowdfunding models like Kiva and Kickstarter are toe-in-water steps towards creating collaborative business models by seeking out customers and supporters in a very early stage and rallying their support around potential projects and products. Co-working spaces provide entry-level incubation for young startups with great perks of cross-startup networking and talent sharing. These fast prototyping models reduce overall risk and create engaged, evangelical customers and partners.
The social change sphere has jumped in to this intersection and is spawning hundereds of really exciting co-creation models. We've seen this in crisis mapping (Snowpocalypse, Haiti, Thailand), protest movements (Moldova, ArabSpring, OWS), open data mashups combining entrepreneurs and civic data (Apps4Democracy, UN Global Pulse), and even countries crowdsourcing their own constitutions (Iceleand and now Morocco)
The availability of these easy to use platforms and expectations of openness and co-creation is forcing new levels of engagement in all sectors. People are no longer OK with occasional, reactive, or superficial engagement.
My first human interaction with a brand shouldn't be after I post a negative tweet - nor should it be a annual 10 page user survey that never changes anything. I want to help build their business and be engaged at a strategic level, even though I'm "just" a consumer
If that sounds a bit insane and totally unscalable, just replace business with government and consumer with citizen and it suddenly sounds less crazy.
Business, non-profits, social enterprises, and governments will all need to open up not only their data or their superficial interactions, but begin to fully collaborate with their communities on their policies and business plans.
This means that 2012 holds a huge potential for global co-creation and new organizational frameworks, and anyone who doesn't begin to engage customers, supporters and citizens in this way is going to be shut out by organizations that aren't merely building their business with their users in mind, but building their business with their users.
With these concepts of shared ownership, highly functional teams, collaboration and transparency, combined with online structures that parallel these same values, we have a world where decentralized, democratized power structures forming across the digital/analog borders. This changes governance, economics, social change and business.
Holy shit, this is going to be a wild, fun ride.
Submitted by Jon on Thu, 10/27/2011 - 08:37
I will be discussing the tech trends from 2011 and looking forward to what 2012 holds for us with a fine group of panelists during DCWeek. Our panel still has some free tickets left - RSVP at http://www.meetup.com/net2dc/
Want to get in the action early? Join our thread over at Quora.
Read more about the event at DCWeek: http://bit.ly/dcweektechtrends1108
Submitted by Jon on Wed, 08/10/2011 - 15:46
The events in London over the past few days have been deeply interesting in the wake of last month's conversation on mobile and online activism during and after #ArabSpring. In this case, the actors are different, but the response patterns are similar - the embattled government pushing on technology providers to share private data or turn off mobile messaging services. In this case, it's RIM/Blackberry in the middle, with calls from MPs to "curfew" Blackberry messaging, and RIM itself offering to help policy by sharing message contents. This promptly led to the Blackberry site being hacked, with the hacker posting:
"We have access to your database which includes your employees information; e.g - Addresses, Names, Phone Numbers etc. - now if u assist the police, we _WILL_ make this information public and pass it onto rioters ... do you really want a bunch of angry youths on your employees doorsteps?"
Obviously, that's not a very nice thing to do, particularly considering it's unlikely any of these employees had much to do with this decision in the first place.
The lines are not quite as clear as one would like, though. All protests are messy, and it's rarely clear who is in the right. Many countries claim to be representative democracies of one flavor or another. If youth were protesting a regime in yet another Middle East/North African country, we would be globally shaming RIM/Blackberry for cavorting with the government. Of course, in the case of London, it seems to be more a gang of thugs and looters than a political statement.
The challenge, of course, is that the technology vulnerabilities might be useful to authorities during a riot, but are also useful to authoritarian governments in squelching a revolution. Not unlike wikileaks, you don't get to pick and choose who benefits from the technology, or who is made vulnerable by it.
Ashoka Changemakers is hosting a competition supported by Google to source innovative ideas in the Citizen Media space solving some of this tension around privacy, speech, and trust. There's some amazing thoughtwork in the space getting recorded at the Ashoka News and Knowledge blog.
All of that is a long introduction to the better-late-than-never summary of the July ICT4D Meetup. You know that it's a good technology discussion when it turns into a people discussion, and so went our conversation around Online Activism after #ArabSpring : What's Next?.
Our panelists discussed the strange role of being an Egyptian following along from abroad via social media, the roles of traditional and new media in civic engagement, and examples of online activism around the world, from Azerbaijan to Spain.
The core topic we kept coming back to was that the excitement around new technologies was justified, social media is a tool, not a movement. So while a cat-and-mouse game around technology will likely continue, the core of any social change is the people involved, not whatever tools they are using. Check out the twitter stream here.
Submitted by Jon on Thu, 07/14/2011 - 08:00
If May 3rd gets to be World Press Freedom Day, then after today's events, July 14 (in addition to already being Bastille Day) should be Citizen Media Day.
The "celebrations" really started yesterday, with Ashoka Changemakers (with the support of Google) launching a global competition (fully supported in nine languages, no less) to source innovative ideas in citizen media. I've got to say, I love how the timeline goes "backwards" in Right-to-Left languages like Arabic. Many thanks to our work with Ashoka Israel in launching Kikar (loosely, "Market square") in Hebrew.
Later in the day, at 5:30pm, I will be moderating a panel on "Online Activism after #ArabSpring : What's Next?" - there are a few seats still available, more information and RSVP at http://www.meetup.com/intlrel-76/events/23103221/ . Follow along on twitter with the hashtag #AAS, and there's a remote possibility we may be able to livestream the event.
Finally, we get to wind down at Circa Bistro with a happy hour co-hosted with ICTWorks - information and RSVP here: http://ict4drinks-july14.eventbrite.com/.
Submitted by Jon on Thu, 03/10/2011 - 20:21
When I asked the Ginger Man if they could host a crazy crowd of ICT4D and mobile4dev geeks rolling in to network and share stories from the frontlines of technology and development, they replied simply, "bring it."
I forward that sentiment on to you. If you hack, build, or implement tools all the way from water pumps to LED lanterns to OLPCs to citizen journalism software, bring your best toy, story, or idea for how technology can support global development, promote equality, and topple authoritarian regimes.
RSVP here, but attendance will be governed by the space we have available: http://ict4dev.eventbrite.com/
Bonus: Learn about the upcoming Ashoka/Changemakers collaborative competition on building sustainable models supporting access, freedom of speech, information quality and privacy! You can read the background on our googly adventure.
Monday, March 12 starting at 5pm at The Ginger Man (301 Lavaca)
Submitted by Jon on Mon, 02/07/2011 - 20:25
Register now at http://ict4dev.eventbrite.com/ - only 20 RSVPs available until we nail down a venue!
In Austin for SXSWi? A Geek? (ok, granted) Interested in changing the world? Building off of last year's amazing ICT4D meetup during SXSW, we're back at it this year with the second annual ICT4D Happy Hour: Geeks, Drinks, and Doing Good. We're also planning more than a day in advance this time (wow!).
We'll gather on Monday, March 14, 2011, starting around 5pm for a happy hour at a downtown watering hole (Hopefully the Gingerman like last year). Bring your favorite ICT4D toys (OLPCs, solar-powered GSM thingamajiggers, mHealth diagnostics and other gizmos) and your best ideas and inspiring innovations to talk about while sharing drinks with your colleagues from across the street and around the world.
Submitted by Jon on Thu, 05/06/2010 - 12:46
Just a quick note: Ubuntu 10 totally rocks. Better digital video and audio support (via HDMI and toslink) than Windows 7, slicker than Mac OSX with a great dock and productivity-enhancer with gnome-do/docky, tons of crazy user interface enhancements, a smooth 3D desktop... the list goes on. It's amazing, and it's open source.
Submitted by Jon on Fri, 10/02/2009 - 13:07
ServiceWire.org is a refreshed version of a news system that's been part of YSA's servenet.org toolset for years. In fact, when servenet.org was launch in the mid-nineties (1996 in fact) its motto was "Our Content in Youth Info" - a few years ahead of its time in terms of "Web 2.0" concepts or peer-generated content.
In late 2008 I decided it was time to bring ServiceWire up to date with current technologies. It still got a smattering of news and press release submissions from the field, but it was no longer the source of news and knowledge about what was happening in the service movement.
At its heart, ServiceWire is very simple - it takes content from the service field and collects it all in one place, making it easy to follow, comment on, and explore trends.
Read on to learn all about how it works, how you can take greater advantage of it, and how you can make your own version of it!
Submitted by Jon on Wed, 07/29/2009 - 13:10
In Social Networks (not Facebook) and Development I covered the relevance of local social networks and social capital / trust for successful, long-term community and economic development.
Finding, engaging an empowering local social networks is the first step. I believe connecting these networks to the global communities of interest and practice on the Internet can provide a multiplier effect.
In the recent Technology Salon on Malawian health ICT systems, it was discussed how hiring recent Malawian college grads and connecting them to the global community of open source coders gave them an immense resource to draw on as they began their work; and they were soon contributing as peers and mentors to other programmers around the world.
That's power, and that's the 21st century version of technology transfer.
Submitted by Jon on Thu, 07/16/2009 - 19:56
I am weary of the term "crowdsourcing." Now, I'm not against the concept. I think small, bite-sized acts of service and kindness can make huge differences in the right situations. Indeed, it's the social-benefits business model of The Extraordinaries, and is at the core of what Yochai Benkler means when he discusses the power of "peer production" in The Wealth of Networks:
People began to apply behaviors they practice in their living rooms or in the elevator — "Here, let me lend you a hand," or "What did you think of last night’s speech?" — to production problems that had, throughout the twentieth century, been solved on the model of Ford and General Motors. The rise of peer production is neither mysterious nor ﬁckle when viewed through this lens. It is as rational and efficient given the objectives and material conditions of information production at the turn of the twenty-ﬁrst century as the assembly line was for the conditions at the turn of the twentieth.
But the term "crowdsourcing" itself is outdated. It presumes that there's some central organization doing the sourcing (paralleling "outsourcing"), and it seems to get applied in all sorts of roles where that's not relevant.
Submitted by Jon on Tue, 06/16/2009 - 07:46
A critical network upgrade must be performed to ensure continued operation of Twitter. In coordination with Twitter, our network host had planned this upgrade for tonight. However, our network partners at NTT America recognize the role Twitter is currently playing as an important communication tool in Iran. Tonight's planned maintenance has been rescheduled to tomorrow between 2-3p PST (1:30a in Iran).
As much as I fear what happens after the honeymoon with SMS and social media under repressive governments, currently they provide an amazing tool for immediate news even during crisis, citizen voice and discussion.
Update: The State Department is now involved; http://ac360.blogs.cnn.com/2009/06/16/state-department-to-twitter-keep-i... :
By necessity, the US is staying hands off of the election drama playing out in Iran, and officials say they are not providing messages to Iranians or “quarterbacking” the disputed election process.
But they do want to make sure the technology is able to play its sorely-needed role in the crisis, which is why the State Department is advising social networking sites to make sure their networks stay up and running for Iranians to use them and helping them stay ahead of anyone who would try to shut them down.
Submitted by Jon on Thu, 05/28/2009 - 10:20
With a surprising lack of fanfare, OLPCNews recently revealed that Sugar is beating out Windows XP in XO deployments:
Apparently the conversations are going pretty much as many of us had expected: Initially country representatives inquire if Windows XP runs on the XO laptop. That doesn't really come as a surprise - for many people Windows is the definition of a computer. However, upon further investigation every country decided to stick to Sugar.
It's hardly a surprise, based on the wretched state of XP on the XO for educational purposes.
The surprising part is that after thousands of people screaming (including myself) about XP on the XO, the news that everyone is choosing Sugar went almost unnoticed.
This is a very good, if somewhat Pyrrhic, victory - there was a lot of time and effort lost to get XP to run, and a lot of bad blood created.
Long-term, however, the fact that head-to-head, Sugar is winning installations after review by education ministries is fantastic:
-It's an important mindshare victory for open source, especially at the operating system level (on the computing side) and at the ministry-decision-makers level on the policy side. This win will put downstream decisions on software on a more level playing field (hopefully?)
Submitted by Jon on Tue, 05/19/2009 - 11:34
As always, Ethan Zuckerman brings together all the threads surrounding the Guatemala protests, including information about the arrested Twitter user and some "trending topics" muckraking:
I ran a little tool I developed a few weeks back to check the frequency with which phrases and hashtags appear on Twitter. #escandalogt isn’t hugely frequent, registering at 0.052% - compared to #swineflu, for instance, which was running at over 2% at the height of hype/hysteria. What’s interesting is that #escandalogt is about as frequent as several of the tags listed on Twitter’s “Trending Topics”, getting more use than #fixreplies, #GoogleFail and #theoffice, all currently featured on the right sidebar. It’ll be interesting to see whether #escandalogt emerges there… or whether this is a sign that those topics aren’t entirely algorithmically generated and some human curation is involved.
Submitted by Jon on Wed, 04/15/2009 - 08:03
There's been a lot of noise about the role of Twitter in the recent Moldova protests. Ethan Zuckerman took it on himself to quantify the data. It's not as glamorous as blindly claiming that twitter did (or did not) ignite the protests based on some stories, but it does provide a good sanity-check:
My bitter, cynical hope had been to demonstrate that the conversation switched from a small Romanian-language conversation about the actual protest events to a self-congratulation festival in the English-language twittersphere. Good thing we’ve got data to prove me wrong. [...] I’d expected to see “twitter” emerge as one of the most popular terms by Wednesday or Thursday, and to see the conversation shift into English. [...] But by Thursday, Twitter’s out of the top 20 entirely and “comunistii” ranks behind Moldova and Chisinau. So yes, the conversation on Wednesday - the busiest day with over 1,000 authors - included lots of non-Moldovans. But the conversation quickly shifted back to the political standoff.
That being said, there are under 200 reported actual twitter users inside Moldova; so while the conversation avoided turning into the twitter version of back-patting, it also is not the twitter flash-mob we're looking for.
Worse, governments are getting more sophisticated in limiting the utility of mobile phones for this kind of disruption, as Evgeny Morozov at ForeignPolicy reminds us:
I've just spoken to a Moldovan friend who is himself a big technology fan; according to him, there is little to none cellphone coverage in the square itself (turning off cellphone coverage in protest areas is a trick that was also used by the Belarusian authorities to diffuse 2006 protests in Minsk's central square), so protesters have to leave it to post updates to Twitter via GPRS technology on their mobiles.
It seems likely that next time around, the government will also make sure GPRS is hobbled as well, and there were reports that the government was strong-arming local ISPs into restricting outside connections.
So while Twitter was involved, it seems too early to claim it's victory, as both Evgeny Morozov and Ethan Zuckerman seem to agree on. There was no sign-in form at the protest with a "Where did you hear about this? ( ) Twitter ( ) Facebook ( ) SMS (non-twitter) ( ) Friend ... " so we can't really be sure of the impact of any one social utility over another (though we could do some interesting things with Facebook photo tagging perhaps?), and this will continue to haunt any attempts to link online social media movements with offline action.
That's not the only story here, though. While I'm excited about turning online interaction into offline action, I strongly believe that the lower-hanging fruit in social media sites is real-time, mass reporting of events. You may get a thousand different viewpoints, but you're guaranteed to not just get one filtered and sanitized report. As Evgeny Morozov notes;
There are also a few moving English-language Twitter posts like this - "in #pman a grenade thrown by the police has torn apart one of the protester's leg"- that would surely be perused by foreign journalists.
We saw the role of SMS and Twitter in getting the news out about the Mumbai bombings in November 2008. As microblogging sites get increasingly sophisticated (or their users settle on hashtags and location update formats) I think we can expect to see fast local news coming not from traditional media but from our peers. Without editorial oversight or research/verification, we'll have to rely on mass numbers of twitterers reporting on each event to present an evenhanded view, but overall I see this move towards instant sharing of information as an amazing development that will only getbetter and more interesting, both in the case of free speech and media, and for mobile possibilities for development.
Submitted by Jon on Sun, 03/15/2009 - 12:01
Sometimes, I lie awake at night and worry about copyright. I then start worrying if this makes me irreconcilably weird.
I worry both for our American culture, as items have stopped falling into the public domain and becoming available to re-use and re-mix, or simply to re-present for free. If this doesn't seem like a problem, this video on a 6-second drumbeat will blow your mind - especially if you then read this story about an artist being sued for a 1 minute clip of silence making fun of John Cage's 4'33" of silence. The artist ended up settling out of court.
I worry more generally about international trade and development, as we inflict ever-tighter IP regulations on countries we give aid to or trade with - regulations which we scoffed and flouted during our own development.
We're no longer protecting innovation with these laws - we're protecting the first movers (often big, established businesses), and encouraging gaming the patent system to try and get the most generic and sweeping patent accepted.
Submitted by Jon on Sun, 03/15/2009 - 10:59
OLPC and F/LOSS enthusiast Dr. Sameer Verma, an Associate Professor of Information Systems at San Francisco State University has been beating the XO drum in Jamaica with this presentation to the University of the West Indies/Mona (UWI) and at the ICT4DJamaica conference (with great photos) last September.
You probably already know Sameer from either his role as organizer of SF-OLPC or his OLPCNews guest entry earlier this year, OLPC Jamaica, and the beginnings of a pilot project in August Town, a community near UWI, a stone's throw away from where I lived while in Jamaica.
Submitted by Jon on Fri, 12/26/2008 - 05:30
This is the continuation of my journal on getting mapping to work for Global Youth Service Day in Drupal, which starts with an overview of maps and drupal, and continues with a discussion of modules, then talks about getting content into the map.
Remember back in Part II where I mentioned the Views and Panels module?
Views gives you very precise control over what shows up on new maps you can show up. Even better, use can create "arguments" that can be passed through the URL to further define what shows up. For example, I created a view whose base URL was /gysd/map/ -- if you go there, you get a listing of years to choose from (do you want to see events from GYSD 2008? GYSD 2009?) If you click on 2008, the url is now /gysd/map/2008 - and you see all the events for that year. I then created some other map options to list by country, state, and so on, so there's another path that goes like this: /gysd/map-by-location/2008/us/FL . If I cut that one off at 2008/, I'd see a listing of all the countries I had data for. If I cut it at us/ , I'd see all the regions (states) with data. You could also set a map up with zip codes, taxonomies, and so on. Drupal 6's Views2 is an order of magnitude more powerful that Views1, and alone it's a reason to upgrade to D6.
To create a map view, you have to first (after installing the views modules above, and creating a new view) select GMap View from the Page view set of options (under View Type). This enables the map functionality. I put information into the Header section to guide users in the navigation process.
Submitted by Jon on Mon, 12/08/2008 - 14:38
It's been a while since I posted on my Drupal Mapping project, and that's partially because I've been spending some time getting a great site that aggregates and re-publishes news for the volunteer service world together at ServiceWire.org using Drupal 6, FeedAPI, Views, and some other fun tricks - you can follow it on Twitter at @ServiceWire - it posts about once an hour or so with news about volunteer service and service-learning.
Anyhow, my experience working with D6 and the newest Views module have convinced me that as long as most of the tools I need for the map are available on D6, it's time to move. So I'm rebuilding from scratch (bad luck with upgrades of recent, and I'd like to apply and cement my recently gained knowledge). Unfortunately, the Node_import module - key to a lot of the testing I want to do on the map and views - is not quite ready, so I'm waiting for that to release an update that works with Location and CCK, and in a holding pattern until then.
Submitted by Jon on Wed, 11/19/2008 - 05:31
So now we have the basic setup and are ready to start on the map - placeholders for content, maps, and actual content, and it's time to forge ahead with improving the user experience and information architecture (at the same time, even!).
I also just came across another blog article at around the same level of detail that covers other aspects of Drupal, which I haven't touched on much here for a more articles-rich site. Check it out: http://dejitarob.wordpress.com/2007/11/26/how-i-used-drupal-to-build-tam... . Along similar lines, I stumbled across a series by IBM that gives a surprisingly clear overview of the next level in to Drupal geekery, without flooding you with information: http://www.ibm.com/developerworks/ibm/library/i-osource5/
Submitted by Jon on Thu, 10/23/2008 - 14:02
Drupal by itself is pretty powerful, but where it really shines is when you start plugging in the modules which have been developed for it. There are hundreds (if not thousands), and the first mistake I made on my first Drupal install was to just start clicking away before I'd learned the ropes. Luckily, this is what sandbox installs are made from, so a few database drops and folder deletions later I could start from scratch (again).
To get this all working, I now present you with the modules I activated or installed for the map project:
Submitted by Jon on Wed, 10/22/2008 - 13:36
This is my "journal" of work in creating a user-modifiable map of the Global Youth Service Day events taking place around the world. The goal was to create a map that staff non-techies could manage, non-techie youth and organizations from around the world could add to, and still (a) work and (b) be friendly to the techies managing it, allowing for mass import and so on.
The GYSD Map in progress!
This is the first part of a series of entries (four or five probably). This first one covers the overview and core software I'm using, and some discussion of why I've chosen what I have. The next entry will cover modules and initial configuration work.
This guide is going to be a bit on the techie side, and I presume at least a bit of Drupal and webhosting experience when going through it, but nothing you can't google for help on from the community. As a caveat, I'm also relatively new to drupal, this is only my third foray into the more complex worlds it offers.
Submitted by Jon on Fri, 09/26/2008 - 14:49
This week's Technology Salon was on information sharing and ways to use social media and peer-generated content in international development. Less of a lecture and more of a roundtable discussion, lots of interesting ideas were floated, from using Peace Corps volunteers as on-the-ground information resources to running contests for ways to use technology in development scenarios.
Submitted by Jon on Mon, 09/01/2008 - 08:14
Ning, if you haven't heard of it, is a roll-your-own "web 2.0" platform, where you can combine blogs, videos, forums, and so on in seconds in a web interface. It's like a constrained, but amazingly easy to use social content management system. What's better is that it has impressive open-source hooks in, if you want to go down that route, you can access and build upon your site's code and data structure. It's free for it's basic my community name . ning.com, and beyond that you start paying fees for custom names and services.
Submitted by Jon on Wed, 08/27/2008 - 11:46
This quirky animation compares social media to ice cream to explain the value of basic customer generated content (uin the form of tagging, rating and comments). It does two things - makes you hungry for ice cream, and understand the need to enable your website guests to leave feedback.
(I found this on Richie Zamor's excellent site)
Submitted by Jon on Wed, 08/20/2008 - 05:52
Note to techies - this article is intended for the nonprofit crowd and as such is basically an introduction to RSS. There's a few interesting things at the end (RSS->animated gif via feedburner, Yahoo Pipes, and MIT/Google's Exhibit tool).
The Web 2.0 revolution has democratized huge swaths of online technology, making it easier for people who didn't grow up taking computers apart and programming games from themselves out of instructions from 3-2-1 Contact magazine article to contribute to online websites via easy-to-update blogs, wikis, and so on. These are all fantastic tools, mostly free and open. You can also read my overall guide to open source tools for non-profits to get situated in some terminology and theory.
There's one technology embedded in almost all of these systems that lets you track updates, news, events, even changes to a wiki page. These updates can pop up on your desktop, appear in most email clients (but not Outlook 2003, Outlook 2007 supports RSS however!), appear in your web browser, and even get embedded on your web page.
This is my favorite web magic, and it's called RSS - Real Simple Syndication. Anywhere you see this symbol, there's some RSS involved.
So in short, RSS is a tool that lets a website or blog send out updates -- new content, calendar items, blog updates, and so on -- in a standard format that makes it "really simple" to include in a webpage, subscribe to in email programs, with many web browsers such as Flock or FireFox, online tools like Google Reader, and more.
Keep reading to learn more about the why and how of RSS for nonprofits!
Submitted by Jon on Tue, 07/29/2008 - 21:15
Today, Twitter launched one person from their normal Internet life to getting news on the California-regional LAist and valleywag blogs, CNet, a top-rated digg story, a google search term all to herself, fan-created artwork, and a skyrocketing number of followers inside Twitter. In three hours, with one twitter.
Submitted by Jon on Wed, 06/18/2008 - 11:03
I'm sure you're tired of hearing me talk about twitter as an innovative and easy tool for outreach and engagement. So listen instead to Amy Gahran and her conversation with the Mars Phoenix rover - via twitter:
Submitted by Jon on Thu, 06/05/2008 - 13:55
While few of the concepts at the 2.0 nonprofit conference were hardly new to me (Use twitter! uh, ok.); it was good to see where other nonprofits were and what the nonprofit leaders in the space were doing, and what the lessons they had learned were.
Again, trying not to sound snooty here, but the lessons weren't very "new" either, but the way they phrased them were -- instead of speaking about crowdsourcing, peer-production and open source/sharing, the presenters framed the same general concepts in communications and strategy language like message control (it's dead), reader-focused theories of change, stakeholders/champions, voice and vision, and so on. This gives me more relevant vocabulary to use to champion the full-sharing concepts when I speak with nonprofits.
Read on for my run-down and links to even more event notes!
Submitted by Jon on Thu, 05/22/2008 - 16:59
Would you like an Ubuntu to go?A recent The Guardian interview with Canonical CEO Mark Shuttleworth reveals this gem:
TG: Will you be coming out with a tailored version of Ubuntu for the ultraportable sector?
MS We're announcing it in the first week of June. It's called the Netbook Remix. We're working with Intel, which produces chips custom-made for this sector.
Submitted by Jon on Tue, 04/01/2008 - 11:13
So coming up on 25th-28th of April is the 20th annual Global Youth Service Day, and I'm trying to see if I can do something fun with Twitter; like having youth from around the world send short SMS updates about their projects. I'm looking at various ways to include others without risking problems of needing to monitor the account for inappropriate content and so forth, so SMS-style JOIN GYSDs, #tags, TwitterMail, and so on.
Submitted by Jon on Fri, 03/21/2008 - 14:02
I predicted in January that Facebook would "hit its limit. I predict some more ad snafus a la Beacon, and the 3rd party apps become overwhelming and all-too-reminiscent of MySpace.", and today the Sillicon Alley Insider predicts a Facebook decline: For some early users, the thrill is gone.
Submitted by Jon on Wed, 01/02/2008 - 10:48
A few predictions for what we'll see online in 2008:
Submitted by Jon on Wed, 01/02/2008 - 10:15
A recent thread of emails over on the 501 Tech Club DC email list brought more Web 2.0 resources to light. So in the spirit of sharing:
NetworkForGood has an excellent set of short articles on using social sites for fundraising.
http://www.cmswire.com/ Offers news on content management
Submitted by Jon on Fri, 12/28/2007 - 11:35
A quick rundown of my recent posts looking at the value of using Open Source in combination with Web 2.0 tools for non-profits / NGOs and the like:
The Power of Open - an introduction to the economic background knowledge important to discuss how Web 2.0 and Open Source work (also discusses what Web 2.0 and Open Source mean).
Twitter - A sidetrack to peek at a new Web 2.0 service.
Submitted by Jon on Wed, 12/26/2007 - 08:19
In an earlier post I took you through some of my favorite desktop F/LOSS projects, and I've blathered on about the Flock browser separately. If you really want to embrace the social web, though, you should bring some of it home to your organization.