Language Selection

English French German Italian Portuguese Spanish

Just talk

Slack: It Used to Be a GNU/Linux Distro, Now It's Surveillance Capitalism

Filed under
Just talk

I like "Freedo" (a symbol for freedom) better

Freedo

THE meaning of words can change over time, along with connotations that accompany these words. A little cat, for example, we can no longer call "pussy" and the word "gay" rarely means happy (colloquially). What about "Slack"?

Once upon a time I knew Slack as a solid, freedom-respecting distribution (GNU/Linux distro), whereas nowadays it is something to be stubbornly avoided as it threatens my freedom. It's technically spyware. It is a threat to everybody's freedom because of the network effect. When we use it we participate in a viral campaign of unwanted societal dependency. We help it spread exponentially. Like disease amongst anti-vaxxers. Richard Stallman had spoken about it in the context of Skype long before Microsoft entered the fray/picture. That's just common sense. The requirement of opening a Slack account to interact with other people is like the equivalent of an employer demanding the applicant has a Facebook account (despite all that is known about Facebook's incredible abuses). It can harm our neighbours, colleagues, family and friends as much as it harms ourselves.

As a little bit of background/context/polite remarks on this, I had been writing about Slack (the spyware, not the distro) for several years -- years before the prospects of actually using it. I never ever used it, but I know about it technically, from various angles (not just the shallow, user-centric end). Slack is proprietary at the front end and the back end. Only Slack employees know for sure what it does (and may do in the foreseeable future, as per secret roadmaps). They cannot speak out about it, for fear of retribution (so they're inherently gagged by fear over mortgage etc. or self-restraint that defies logic/ethics). Stallman has long warned about the morality of such circumstances and the ideology they breed. It was recently discovered that Facebook had targeted its critics (a huge number of them), subjecting them to Stasi-like treatment not for any government but for a private corporation, namely Facebook. It had been 'hunting' people using dubious and shallow justifications/pretexts. Nobody has yet been held accountable. Negative press has been the only cost/toll, so they got away with it with barely even a slap on the wrist. Others may imitate them, seeing that there are no fines, no arrests, no sanctions.

A colleague told me several months ago that someone at our company wanted to experiment with Slack; there was no final decision about it, so I assumed it was like our RT/OTRS 'dance' (choice of ticketing system half a decade ago). Sometimes we explore FOSS options/alternatives, which is a good thing! He sent me an invite, but he wasn't assertive about me joining as it was still an experimental thing (as I understood it back then, based on what I was told; I'll come to that in a moment). I thought we would, if it got adopted, still have options (duality). One colleague (at least) wasn't even sent an invite, so I took that as a sign of the adoption's semi-hearted nature (at the time). My colleagues never mentioned it since, except one person (who apparently liked Slack). Another colleague wondered why nobody had told her about it; as if she was left out, but she's happily using Kopete on KDE, so on she went with Jabber.

I've long been writing about Slack, maybe about 15 years (even when the name referred to a Live GNU/Linux distro, well before the name got 'hijacked'; it's Debian-based, it still has regular releases a few months apart, not the same as Slackware despite the names' similarity; BoycottNovell made a Slack-based distro called SUEME Linux 12 years ago); Tux Machines publishes announcements of Slack releases several times a year, but it's always about the distro. It's a European distro with pedigree; but I digress..

Nowadays "Slack" means something different; in a technical context, people no longer recognise it as the distro's name; Slack is now the darling of corporate media; myself and others could never quite explain why (we were rather baffled as it did not seem particularly innovative and we thus attributed most/all the press coverage to good marketing/PR); the name collision also raised legal questions because Slack is a well-known distro and the name is strictly used in the domain of software; it has been used for decades. Now the distro's development team needs to explain to people what came first and how this confusion came about.

OK, so now Slack is enjoying a valuation at $billions (as per very recent news headlines), with IPO rumours floated as well (making it easier to buy/subvert). Slack is relatively new a player/contender; it goes about 3-4 years back (in the mainstream), around the time we were in Alton Towers. I still remember that based on other events. Privacy activists had been warning about it and recently I kept seeing (also publicly writing about) more red flags. Slack, the company, is getting more invasive over time. It's like Facebook. Facebook for business. LinkedIn got picked by Microsoft, along with all that data (NSA PRISM comes to mind). Personal messages, passwords, social graphs, employment records and so on. Even location (picked every 60 seconds or so from one's phone through the 'app'). Same for Skype, which Microsoft added to PRISM just months after buying it (Microsoft was first in PRISM, based on Snowden's leaks -- it was one among the first stories to come out/emanate). Far less opinionated people than myself have blasted Slack for a variety of reasons. Some tweets of mine about it go ~3 years back (warning for 'opinionatedness'... I don't mince words much).

I still remember having to install Skype on an old phone for one company meeting. Back then the mere installation (for one hour, then deleted) meant sending Microsoft entire address books, entire call history and more. This phone of my wife is 7+ years old, so that's a lot of data, going a long way back. That's their business model. I'm usually apprehensive because some of my sources, e.g. for exclusive articles in Techrights (I published my 25,000th article last week in Techrights!), are named in files on my system. I'm no Free software 'purist' per se (I use proprietary drivers sometimes), but "Slack would be the surveillance capitalism competitor to Jabber," to quote something I read yesterday. They digest information, including corporate communications. There's a certain risk associated with this, including competitive risk. As a Free software-based company I think it's important to demonstrate that every piece of proprietary framework can be swapped with FOSS. There are quite a few Slack equivalents that are FOSS; a colleague told me that another colleague had brought some of these up. We might examine these soon, maybe test and adopt these. Time will tell. Maybe I'll write about some of these.

I am also reading about bridges between protocols that enable access to Slack, but yesterday when researching it I found that Slack is gradually burning these bridges/gateways. Not entirely surprising, as once they get to a certain point/market share they up/boost the lockin. Naturally. More so if they have obligations to shareholders. Twitter did this last August, shutting out all third-party apps/APIs for the first time ever (in the company's entire existence). Many of us were devastated because we had built interaction tools, custom-made around these APIs). So, basically, whatever a centralised platform gets adopted, we can always lose control as they can change everything they want at any time. Even, at worst, some company can just buy them for the data; they can start charging a lot, they can shut down, change ToS etc.

The bottom line is, Slack ought to be avoided. It's worse than proprietary because it's all centralised, even the data. There's no concept such as "private" or "privacy". These are only illusions.

Unixstickers

Filed under
Just talk

Unixstickers

Awesome products, will definitely get another bunch of some more stickers soon Smile

GitHub as the Latest Example of Microsoft Entryism in Free/Libre Software

Filed under
Just talk

"This is in effect the very same trick they did/pulled with Novell and SUSE (where Nat Friedman came from after his Microsoft internship) about a decade ago."

Postman

THE recent GitHub takeover, which has not formally been approved just yet (although there are no foreseen barriers to it), is definitely bad news; it is a lot of things to Microsoft however. It is good news only to Microsoft and GitHub shareholders, who basically sold out many developers without rewarding/compensating them for this unwanted (to them) takeover.

There are many aspects to it: First of all, it helps paint Microsoft as "open source" and it helps Microsoft gain leverage over developers, e.g. their choice process of framework/s and licence/s (Microsoft still dislikes copyleft); by leverage over platform they can suggest Azure, for example, or create bindings to it; they gain leverage over projects tied to governments, including some of our clients at work; Microsoft can vainly tell them, i.e. the governments and their developers: "look, you want FOSS? We're FOSS" (so they effectively become their own competitor!). In fact, there's so much more and I could easily name a couple dozen examples, but I know people pursue/need concision here. For an analogy, in politics this concept or strategy is known as "entrism" or "entryism".

Microsoft also uses patents to blackmail FOSS; there's that element too, albeit many people conveniently choose to forget it. Microsoft is sending patents to patent trolls, then offers "Azure IP Advantage". This is in effect the very same trick they did/pulled with Novell and SUSE (where Nat Friedman came from after his Microsoft internship) about a decade ago.

There are many other angles to it, including programming languages, frameworks (e.g. proprietary IDEs like MSVS), code editors and not just bindings to Microsoft as a host and API provider. People, especially developers of software, generally know how E.E.E. works; the basic precondition/premise is that you gain controls/leverage over that which threatens you (Nokia: Elop, Novell: Mono and lots more examples). So that's kind of a way of getting inside, gradually forming a partnership and then shutting down or sidelining whatever threatens you. Like Xamarin did to RoboVM, in effect killing it under Friedman's leadership. Friedman is going to be the chief of GitHub.

Microsoft can direct the opposition's decisions and its fate. Sadly, they already do this inside the Linux Foundation, where Microsoft staff already has chairs in the Board.

From what I can gather, developers ditching GitHub is becoming a fairy common thing this month. I already see the 1) active 2) large 3) non-Windows ones leaving, but it can take time; some told me they still rely on open bug reports and other 'vendor lockin'; that needs some work before they can migrate; the real alternative is self-hosted git.

"Sadly, they already do this inside the Linux Foundation, where Microsoft staff already has chairs in the Board."

In Memoriam: Robin "Roblimo" Miller, a Videographer and Free Software Champion

Filed under
Just talk

Videographer Robin Roblimo Miller

Robin "Roblimo" Miller was a clever, friendly, and very amicable individual who everyone I know has plenty of positive things to say about. I had the pleasure of speaking to him for several hours about anything from personal life and professional views. Miller was a very knowledgeable person whose trade as a journalist and video producer I often envied. I have seen him facing his critics in his capacity as a journalist over a decade ago when he arranged a debate about OOXML (on live radio). Miller, to me, will always be remembered as a strong-minded and investigative journalist who "did the right thing" as the cliché goes, irrespective of financial gain -- something which can sometimes be detrimental to one's longterm health. Miller sacrificed many of his later years to a cause worth fighting for. This is what we ought to remember him for. Miller was - and always will be - a FOSS hero.

May everything you fought for be fulfilled, Mr. Miller. I already miss you.

Orangutans are some of the most solitary animals critically endangered as human consumption grows; Ban Palm oil Industry.

Filed under
Just talk

Orangutan

Orangutans are some of the most solitary animals critically endangered as human consumption grows.

Orangutans are currently only found in the rainforest of Borneo and Sumatra where both species are endangered. The orangutans' habitat has decreased and is rapidly being devastated by loggers, palm oil plantations, gold miners, and unnatural forest fires.

Watching videos of orangutans over hundreds of times is nerve-wracking, seeing them in distress and in great trauma as babies watch their mothers hacked and killed by poachers. They are using their machete which is so inhumane, as many of these infants die without the help of their mother and some other infants are sold as pets, ending in the hands of their 'owner', maltreated and malnourished, making their situation even worse. This happened because of the humongous demand and consumption of humans. Guilt is creeping on me; while enjoying my food and applying all the cosmetics for vanity it is like slaughtering an innocent and beautiful primate slowly and accurately. I wasn't thinking at all; I'm closely blinded of my needs, having never bothered to think that somewhere out there someone is tormented. I can't let this happen any longer. I must act and make a stand and be the voice of orangutans. I'm calling for everyone to ban and stop buying palm oil products. We must stop deforestation and the palm oil industry, strongly and swiftly before orangutans and all other animals sail into extinction.

Beijing Zoo is No Place for Pandas

Filed under
Just talk

Pandas in Beijing Zoo
Photo credit: Nick Hopkins

I am a Panda lover. I work as a support engineer in an I.T company here in the United Kingdom. Most of my spare time is spent watching different Panda videos -- both old and new videos. Basically, it is my therapy; a 'stress release' for me. I find them to be adorable and precious creatures. As a matter of fact, I would like to volunteer to come to Sichuan. I want to experience and feel what it's like to be a Panda keeper, to be able to interact with them for real. The Panda is China's National Treasure, so it's a shame to watch the Panda videos from Beijing zoo, as the place is disgusting and not ideal for Pandas to live in (and for sure for all the rest of the animals who unfortunately got stuck in this prison cell).

The place looks like a ghost town. Lifeless and languished. Knowing that Pandas wear a thick fur on their body, can you imagine what it feels for them in 30C or 35C (summer temperature)? What it probably feels like all the time? Come on, if you really care, you must do something now, otherwise these Pandas will die. Please bring them back to their sanctuary where they really belong.

Winner: Triathlon in The Spa At The Midland

Filed under
Just talk

The Spa At The Midland - Rianne SchestowitzI never thought I could win in a challenge of 3 events.

I guess age is not an excuse for giving up... more so in physical fitness; as the saying goes, health is wealth.... consequently, I'll keep doing my routine and even yoga. It is extremely relaxing!

Motivation, hard work, discipline. By-product is triumph... Smile

GNOME Release Party Manchester

Filed under
Just talk

GNOME Release Party Manchester

Summary: Today's party celebrating the release of GNOME 3.22

RIANNE AND I both attended today's GNOME release party in Manchester. It was a good opportunity to meet some geeky people, including a few from Codethink, which organised this event.

With the latest Kubuntu 15.10 (Wily)

Filed under
Just talk

I love the KDE desktop—I really do. However… here are some grumbles.

Happy Easter and Remarkable Spring

Filed under
Just talk

Happy Easter

Syndicate content

More in Tux Machines

Android Leftovers

One Mix Yoga 3 mini laptop demostrated running Ubuntu

If you are in interested in seeing how the Ubuntu Linux operating system runs on the new One Mix Yoga 3 mini laptop. You are sure to be interested in the new video created by Brad Linder over at Liliputing. “ I posted some notes about what happened when I took Ubuntu 19.04 for a spin on the One Mix 3 Yoga in my first-look article, but plenty of folks who watched my first look video on YouTube asked for a video… so I made one of those too.” The creators of the One Mix Yoga 3 have made it fairly easy to boot an alternative operating system simply by plugging in a bootable flash drive or USB storage device. As the mini laptop is powering up simply hit the delete key and you will be presented by the BIOS/UEFI menu. Simply change the boot priority order so that the computer will boot from a USB device and you are in business. Read more

Security: Curl, Fedora, Windows and More

  • Daniel Stenberg: openssl engine code injection in curl

    This flaw is known as CVE-2019-5443. If you downloaded and installed a curl executable for Windows from the curl project before June 21st 2019, go get an updated one. Now.

  • Fedora's GRUB2 EFI Build To Offer Greater Security Options

    In addition to disabling root password-based SSH log-ins by default, another change being made to Fedora 31 in the name of greater security is adding some additional GRUB2 boot-loader modules to be built-in for their EFI boot-loader. GRUB2 security modules for verification, Cryptodisk, and LUKS will now be part of the default GRUB2 EFI build. They are being built-in now since those using the likes of UEFI SecureBoot aren't able to dynamically load these modules due to restrictions in place under SecureBoot. So until now using SecureBoot hasn't allowed users to enjoy encryption of the boot partition and the "verify" module with ensuring better integrity of the early boot-loader code.

  • Fedora 31 Will Finally Disable OpenSSH Root Password-Based Logins By Default

    Fedora 31 will harden up its default configuration by finally disabling password-based OpenSSH root log-ins, matching the upstream default of the past four years and behavior generally enforced by other Linux distributions. The default OpenSSH daemon configuration file will now respect upstream's default of prohibiting passwords for root log-ins. Those wishing to restore the old behavior of allowing root log-ins with a password can adjust their SSHD configuration file with the PermitRootLogin option, but users are encouraged to instead use a public-key for root log-ins that is more secure and will be permitted still by default.

  • Warning Issued For Millions Of Microsoft Windows 10 Users

    Picked up by Gizmodo, acclaimed Californian security company SafeBreach has revealed that software pre-installed on PCs has left “millions” of users exposed to hackers. Moreover, that estimate is conservative with the number realistically set to be hundreds of millions. The flaw lies in PC-Doctor Toolbox, systems analysis software which is rebadged and pre-installed on PCs made by some of the world’s biggest computer retailers, including Dell, its Alienware gaming brand, Staples and Corsair. Dell alone shipped almost 60M PCs last year and the company states PC-Doctor Toolbox (which it rebrands as part of ‘SupportAssist’) was pre-installed on “most” of them. What SafeBreach has discovered is a high-severity flaw which allows attackers to swap-out harmless DLL files loaded during Toolbox diagnostic scans with DLLs containing a malicious payload. The injection of this code impacts both Windows 10 business and home PCs and enables hackers to gain complete control of your computer. What makes it so dangerous is PC-makers give Toolbox high-permission level access to all your computer’s hardware and software so it can be monitored. The software can even give itself new, higher permission levels as it deems necessary. So once malicious code is injected via Toolbox, it can do just about anything to your PC.

  • Update Your Dell Laptop Now to Fix a Critical Security Flaw in Pre-Installed Software

    SafeBreach Labs said it targeted SupportAssist, software pre-installed on most Dell PCs designed to check the health of the system’s hardware, based on the assumption that “such a critical service would have high permission level access to the PC hardware as well as the capability to induce privilege escalation.” What the researchers found is that the application loads DLL files from a folder accessible to users, meaning the files can be replaced and used to load and execute a malicious payload. There are concerns the flaw may affect non-Dell PCs, as well. The affected module within SupportAssist is a version of PC-Doctor Toolbox found in a number of other applications, including: Corsair ONE Diagnostics, Corsair Diagnostics, Staples EasyTech Diagnostics, Tobii I-Series Diagnostic Tool, and Tobii Dynavox Diagnostic Tool. The most effective way to prevent DLL hijacking is to quickly apply patches from the vendor. To fix this bug, either allow automatic updates to do its job, or download the latest version of Dell SupportAssist for Business PCs (x86 or x64) or Home PCs (here). You can read a full version of the SafeBreach Labs report here.

  • TCP SACK PANIC Kernel Vulnerabilities Reported by Netflix Researchers

    On June 17th, Researchers at Netflix have identified several TCP networking vulnerabilities in FreeBSD and Linux kernels.

  • DNS Security - Getting it Right

    This paper addresses the privacy implications of two new Domain Name System (DNS) encryption protocols: DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH). Each of these protocols provides a means to secure the transfer of data during Internet domain name lookup, and they prevent monitoring and abuse of user data in this process. DoT and DoH provide valuable new protection for users online. They add protection to one of the last remaining unencrypted ‘core’ technologies of the modern Internet, strengthen resistance to censorship and can be coupled with additional protections to provide full user anonymity. Whilst DoT and DoH appear to be a win for Internet users, however, they raise issues for network operators concerned with Internet security and operational efficiency. DoH in particular makes it extremely difficult for network operators to implement domain-specific filters or blocks, which may have a negative impact on UK government strategies for the Internet which rely on these. We hope that a shift to encrypted DNS will lead to decreased reliance on network-level filtering for censorship.

Drawpile 2.1.11 release

Version 2.1.11 is now out. In addition to bug fixes, this release adds one long awaited feature: the ability to detach the chat box into a separate window. Another important change is to the server. IP bans now only apply to guest users. When a user with a registered account is banned, the ban is applied to the account only. This is to combat false positives caused by many unrelated people sharing the same IP address because of NAT. Read more Also: Drawpile 2.1.11 Released! Allow to Detach Chat Box into Separate