Older blog entries for danstowell (starting at number 67)

Exploring privacy: BitTorrent Sync (btsync)

Post-Snowden, we all need to understand privacy and cryptography a little bit better than we did before. If you use something like Dropbox to synchronise files between computers, or to collaborate with people, you may wonder about the security of it. Well, you should wonder about the security of it: the way Dropbox works is that it sends your files up into "the cloud" which is really a big filestore run by Amazon. That's handy because if you trash your computer, your files can be recovered from Amazon's servers. But it's not so handy in that all your files are stored on some third-party server, maybe in the EU, maybe in the USA. In general we shouldn't have to trust such third parties, so it'd be better if the data were encrypted so that Dropbox/Amazon couldn't inspect it. (Note: technically the data is "encrypted" on their server but not in a way that prevents them from looking at it.) Even worse, we know (post-Snowden) that it's highly likely the US security services have some kind of "relationship" with Dropbox/Amazon through which they can scan for interesting content etc, under rather looser terms than maybe we thought. So Dropbox provides a personal service but not a private one.

Luckily (?) the makers of Bittorrent have come along with an alternative called BitTorrent Sync, which does the same kind of job but in a peer-to-peer fashion.

The way it works is described in the btsync tech summary and it's rather neat. Transferring files between computers is basically done Bittorrent-style, but it transmits the data directly between your computers over an encrypted connection.

(When I say "directly"... it's still transmitted indirectly in the sense that internet traffic passes through many machines - but I mean that your data is not addressed first to some third-party machine [neither peer nor server] before it gets re-addressed and hops onward to your machine.)

If you have two computers, attached to the internet, you sync files between them by telling them the secret random code that it generates for you. You don't need any central server (in principle), because btsync is able to use a DHT which lets it ask the p2p network, "which IP addresses correspond to machines which know my secret code?"

I think this architecture is really rather nice. There are a handful of extra tweaks you need to be aware of - for example, it does in fact use centralised servers (not just DHT) to help bootstrap awareness of peers, and also to help get round firewalls - but the basic idea is neat, and cuts out the middleman compared against Dropbox. In principle, this appears much better privacy-wise.

There is a major security/privacy issue, but before that here's a minor one. The DHT stores data in the form of "SHA1(Secret):ip:port", which means that although your secret isn't directly stored, if some naughty person was spying on you and detected that your computer had sent out a message saying "who knows about SHA1(Secret)?", then the naughty person could ask the same question and discover the IP addresses of the nodes in your little sharing network. So, that doesn't give away your secret or your data, but it does give away some of your web of connectivity. For example, maybe it lets someone confidently associate your work computer and your home computer. These narrower kinds of information leak are hard to stop, but I believe there are tools that can even avoid them (RetroShare privately hops data from friend-to-friend so that an outside observer could probably work out who your friends are, but not which bit of data is destined for which destination).

The major issue is that Bittorrent sync is not open-source. Many, many security experts can tell you that open-source software is much easier to rely on for security, because the actual software code is out in the open (and ideally, the development process too) and can be inspected for any issues. In the past this was just a vague idea, but now post-Snowden we know that government agencies do force software vendors to compromise the security of their software, and then to deny it to us. So it's very difficult to trust a company (especially, right now, a US-based company) when they say their software is private and secure.

(Of course just because something is open-source doesn't guarantee it is secure. The NSA has been documented tweaking public open-source code, influencing on-the-record standards meetings, etc.)

But if it's closed source, it's like buying a boat and not being able to check all round it to see if it's seaworthy. "Is the hull watertight?" "Well, I've checked the left side, and there are no holes in that side." "Let's go!"

So, it's no wonder that the Free Software Foundation considers it a high priority to make a free-software equivalent to btsync. The design is neat, and in principle it's privacy-preserving. In practice... who knows?

Disclaimer: I'm a citizen not a cryptographer. Post-Snowden we all need to understand privacy and cryptography a little bit better than we did before. You should probably read something by Bruce Schneier or Jacob Appelbaum.

Syndicated 2013-09-11 15:16:16 (Updated 2013-09-11 15:25:47) from Dan Stowell

10 Sep 2013 (updated 10 Sep 2013 at 21:10 UTC) »

Diversity and OpenStreetMap

The big annual meetup of OpenStreetMap folks was last week and it was full of interesting talks. The diversity of people seemed pretty good relative to a lot of the meetups I end up at (open-source software, experimental music, computer science, you know, that kind of thing), but still, the OSM community needs to work towards being more representative of people in general.

In her keynote on diversity, Alyssa Wright gave a telling example, of how a proposal for a "childcare" tag had been voted down, primarily because the people who voted felt unconvinced that it wasn't already covered by the "kindergarten" tag. Alyssa contrasted this with the slightly bizarre plurality of tags for things that traditionally have male associations (e.g. pub, bar, nightclub, stripclub, brothel, each of which have separate amenity tags).

Now, this is a fairly anecdotal contrast, and Alyssa said so herself. (In other slides she showed some statistics which make the point more numerically.) But it illustrates some of the ways in which diversity issues come into play in open wiki-like projects. Maybe the existence of both "pub" and "bar" tags is a weird historical glitch which no-one particularly agrees with (I certainly don't see the point!). That doesn't detract from the fact that there's always going to be some sort of bias built in to OSM's norms, and people who absorb themselves into OSM will absorb and reproduce the norms, and this can be a self-reinforcing problem unless we pay attention to fixing it.

In this post I'm not going to summarise everything that everyone said about diversity. I'm just going to list some of the take-home messages that I got from this strand of talks:

  • "Diversity" relates to many things of course - gender, age, nationality, etc etc etc. Alyssa acknowledged this but said that fixing gender diversity in a community is the fastest and clearest route to fixing diversity in general in a community. This has a definite ring of truth to me. It'd help to focus efforts.

  • Yuwei Lin recommended that project-based mapping was a good idea - from her research it would be a mode of engagement that would work well for women. She suggested examples: the humanitarian OSM team projects, as well as mapping parties to do specific purposeful things such as zoo mapping, mapping of National Trust sites, etc - all sounds good to me.

  • "Measure excellence by teaching" (said Alyssa). This sounds like good advice, especially in the context of a kind-of-techy community like this one, where discussions about GIS systems or web servers can lead to a tendency to measure excellence by fairly techy measures. Teaching is flipping critical to a project like OpenStreetMap, whose success or failure must lie in how well its dedicated "in-group" helps people from outside to engage.

  • "Bikeshedding is normal" said Frederick Ramm, summarising one tendency in OpenStreetMap's mailing lists. I know bikeshedding is pretty much an inevitable fact of organised discussion, but I do fear that it can put off potential (or existing) community members, and I wonder how to arrange things so that unnecessary bikeshedding is truncated...

  • "Stop talking, start mediating" said Alyssa, in her closing recommendations. Sounds like general good advice. (Relates to bikeshedding? Maybe, dunno.)

  • Yuwei recommended diversity-friendly social events. For example the OSM London meetings are always brief mapping parties followed by pub drinking in the mid-to-late evening. Nothing wrong with it in itself, but it could easily be offputting for people who don't drink (e.g. for religious reasons), or have childcare commitments, etc - probably wise to vary the events a bit? A Saturday afternoon in a tea-room would be nice (I know a good one or two).

  • I did notice in one talk, there was a little bit of a tendency to equate female mappers with newbie mappers. Let's not make that mistake! I don't think anyone was stuck on that point, just thought I'd mention it since I noticed it.

  • Frederick talked about the different OSM mailing lists, and he mentioned all the different country-specific mailing lists, each of which uses their national language. He gave an interesting example in which three different communities each came upon a particular topic, but independently and at different times. This made me wonder if this setup, with a "cluster" of semi-independent communities rather than one big community lumped together on a single universal mailing list, was in fact a good way to promote diversity and reduce the impact of self-reinforcing social loops. I wonder, should we de-emphasise the idea of a "main" mailing list or IRC or whatever? A half-formed thought to finish the list with.

I didn't actually end up chatting to most of the people I've mentioned just above, so I haven't really talked any of this stuff through with them. Lucky that there are good people on the case already, so it seems. OpenStreetMap has a diversity-talk mailing list if you'd like to get involved.

Syndicated 2013-09-10 15:56:26 (Updated 2013-09-10 16:17:21) from Dan Stowell

A reminder: you CAN take photographs of police officers and buildings

There's an article in the Big Issue this week about some of the laws that can catch people out. Including this:

"Under Section 44 of the Terrorism Act 2000 you can be arrested for taking photographs of police officers or buildings. It's an offence, you see, to photograph something that may be useful to someone committing or preparing to commit an act of terrorism."

People have indeed been arrested for this. That's an awful state of affairs. BUT! In 2009 there were legal challenges, and the Met Police updated their guidelines to clarify that you CAN take photographs of police officers and buildings. The guidance says:

"Officers do not have the power to delete digital images, destroy film or to prevent photography in a public place under either power [Sec 43 or Sec 44]. Equally, officers are also reminded that under these powers they must not access text messages, voicemails or emails." [Source]

However, during a stop-and-search the police can to some extent look at your photos:

"View digital images contained in mobile telephones or cameras carried by a person searched, provided that the viewing is to determine whether the images contained in the camera or mobile telephone are connected with terrorism."

You should watch this amazing short cartoon, from which I learnt about all this: www.actofterrordocumentary.com

Syndicated 2013-08-31 10:31:33 (Updated 2013-08-31 10:51:40) from Dan Stowell

26 Aug 2013 (updated 26 Aug 2013 at 20:10 UTC) »

Blackberry pavlova

Over the bank holiday we happened to discover a massive trove of BLACKBERRIES! Now of course I'm not going to tell you the exact location - let's just say it was somewhere in the southern half of the UK ;) and we got a massive haul of lovely blackberries:

Untitled Untitled

So we now have many blackberry-oriented puddings ahead of us. To make the most of the freshly-picked blackberries I wanted to make pavlova with blackberries and blackberry coulis. So Philippa's mum kindly told us the secret to her delicious pavlova. My photography here is amateur but trust us this is delicious:

So here's the recipe. The amounts I've written are for a "small" pavlova to serve two. If you change the amounts you'll probably need to adjust the cooking time.

I've got to say, and I know this sounds poncey, but it's not really worth bothering with shop-bought blackberries. We've had them now and again and they always look nice but there's somehow no flavour to them. (Philippa's mum makes it with shop-bought raspberries and that's good. It's really the blackberries I'm on about here.) So, while it's the season, if you can find some blackberries to pick, then take the opportunity, and make this:

  • For the pavlova:
    • 2 egg whites
    • 4 oz caster sugar
    • 2/3 tsp cornflour
    • 1/3 tsp vanilla essence
    • 2/3 tsp malt vinegar
  • For the rest:
    • 10 oz (285g) blackberries
    • 1 heaped tsp icing sugar
    • Ice cream to serve

Pre-heat the oven to 150C.

First you need to whisk the egg whites almost to stiff peaks. For this, follow all the usual meringue advice: you'll need a spotlessly clean bowl (because oil or alkaline can cause it to collapse), and I add a dab of vinegar to the bowl to be sure. Add the egg whites and then whisk them almost to stiff peaks. Add half of the sugar and whisk it in.

Then mix the other half of the sugar with the cornflour. Sprinkle it over the meringue mix, and do the same with the vanilla and the vinegar. Using a big wooden or plastic spoon, fold everything in, until it's mixed and the brown streaks have disappeared. Take care not to over-fold it or the air will go out of it - better to stop a little too soon than a little too late.

Put a sheet of baking paper on a big baking tray, and pour the mixture onto it, making a rough circle. Level it off with the back of the spoon, so it's maybe an inch thick.

Put this into the pre-heated oven for 40 minutes. Then turn off the oven and leave it to cool, without opening the door. This helps prevent it from cracking. After about 30 minutes, or maybe longer, it's probably OK to open the oven door. Then leave it to cool to room temperature, a good hour or so at least.

[...time passes...]

When you're ready to have your afters, prepare the blackberries and coulis etc - it doesn't take a sec. Rinse the blackberries gently. Put half of them onto the plates you're going to serve them on (pick the best-looking non-squishy ones if you have the patience). The other half, put them in a (mini-)blender with the icing sugar, and whizz them up. Then push this mixture through a sieve and collect the lovely dark purple coulis into a serving jug below.

Serve however you like, but each person will want a slice of the pavlova meringue, a load of the fresh blackberries, a generous drizzle of coulis and a couple of scoops of ice cream.

Syndicated 2013-08-26 14:54:24 (Updated 2013-08-26 15:55:33) from Dan Stowell

Review: Waka Waka Solar Charger

Last week we went out to Dartmoor, camping with no electricity or running water. Just beforehand, my friend Jan posted that he'd just received his "Waka Waka" solar charger / light in the post. I think he funded their Kickstarter project - apparently the company started with a solar-powered LED light intended for developing countries, one of those business models where they use the profits from selling their neat little device in wealthy countries to support making it available in poorer countries.

Anyway, so Waka Waka make this neat-looking little solar charger that can provide reading light or can charge your phone via USB. Possibly ideal for camping trips, so I got one too. I don't have much experience with other solar cells but here's my review of this one. Looks neat doesn't it?

waka waka photowaka waka photo

The short review: Really pleasant and functional design which can sit/stand/hang anywhere or fold away. In southern England in August, it needs a proper sunny day to charge my smartphone all the way up (i.e. it can't do a full charge every day) but it's great for topping up a phone so you can keep using it. The LED light is surprisingly bright and pleasantly-coloured.

Some extra notes:

I should mention that my main aim was to keep the smartphone charged up so I could use it for GPS and important phone calls. For that reason, we didn't use the LED light feature much (so that we didn't run it down), so I guess I can't really evaluate the LEDs beyond saying they're lovely and bright and neutrally-coloured, and apparently can last for dozens of hours from a single charge. So, having said that:

  • It has nicely-thought-out status lights so you know what's going on. A subtly flashing "bip-bip" indicates how fast it's charging, and a blue light lets you know when it's charging up your USB device.

  • In southern England (latitude about 50 degrees) in August, it needs a good sunny day to charge all the way from zero to full. With varied sunshine, it charges up pretty far, but only enough to get my smartphone up to about two-thirds. That's not a bad deal at all, and if you live in sunnier climes or if you use your smartphone moderately rather than running it dry each day, I guess you'll have no trouble at all. (Though in less-sunny climes, or if it's not summer....) Also, I didn't "optimise" the position of the solar panel too heavily, just left it on the roof of the tent, pointed it at the sun, and went out walking for the day.

  • Once charged, it doesn't hold its charge for ever. It seems that overnight it can fall back from its 4-bars full status down to 2-bars. So it's not exactly like you can treat it as a "spare battery" once charged, I'd guess it makes sense to use the charge within a day if you're going to.

  • Waterproofness: I must admit I'm a bit baffled by the instructions. Apparently it's rainproof on one side (the solar panel side) but not on the other side. So does this mean it's OK to leave it out in the rain, or not? Well, who knows - but I left it out all day, on at least a couple of days and nights when it rained pretty heavily, and it seems fine.

  • It looks like an iphone in a holder! Now you might think that's just irrelevant. Actually, we live in London so it means I can't leave it outside to charge, and can't really leave it prominently showing anywhere, in case it gets swiped. Luckily, on holiday we were in the middle of a field with no-one around.

As I said, the design of the thing is v pleasant - nice simple block design that has a robust feel to it, including the little stand bit that folds out. Also the stand has a hole that can be used for standing the thing on a bottle, or hanging it from the ceiling, or strapping it to your back-pack. Neat.

Syndicated 2013-08-21 15:01:03 (Updated 2013-08-21 15:01:39) from Dan Stowell

20 Aug 2013 (updated 20 Aug 2013 at 09:10 UTC) »

Zine review: Caught by the River, Field Recording Special

Just before we went on holiday to Dartmoor I got something nice in the post: a zine, the "Caught by the River" Field Recording Special edited by Cheryl Tipp, a lover of field recordings who also happens to be Natural Sounds Curator at the British Library.

Cover art

First reaction: beautiful cover art! A fab drawing of a menagerie of animals surrounds a jolly portrait of the stereotypical field-recordist: a middle-aged man wearing headphones and carrying both a boom mic and a parabolic shotgun mic. Cute.

Inside, there's some great contemplative writing on field recording. It's got a nice amateur feel to a lot of the writing, personal and not too polished. There is the occasional bit of self-indulgence or pretentiousness but not enough to sap its appeal. And this is balanced by some more accomplished and well-written wordism from the likes of Andrew Weatherall and Jonny Trunk. Great names to have in such an issue, plus of course Chris Watson's name appears more times than anyone else's, mentioned (in passing or as subject) by almost everyone.

To give a bit of flavour, some articles I liked:

  • an account of a field recording trip (led by Chris Watson) in North India, and the sort-of-successful attempt to record a Bengal tiger;
  • a lively tribute to Basil Kirchin, someone I hadn't heard of but evidently a pioneer of tape ops;
  • a fever-induced meditation on what the world might be like if sound was a finite resource, about to run out.

The zine really reminds you to listen. I work with sound every single day but in a scientific mode rather than a contemplative mode, so it was good to take this zine out into the Dartmoor countryside.

Halfway through reading the zine I went outside into the dusk to listen. Many birds around, tweeting or whooping only occasionally, and all really spatialised sounds, locatable to one tree or another. In contrast, the slowly modulating steady grey noise of a distant car carving its way up the valley, and the lighter noise of the stream behind and to my left.

Then something unexpected: from across the valley, the sound of someone practising drumming on a djembe or similar hand-drum. At first I wasn't sure if it was a drum or something industrial echoing across the valley, but eventually the shifting rhythm patterns made it clear. A lovely quirk of this soundscape, distinctive but heavily cloaked in the big reverb of the valley.

There's certainly a question to be asked about whether the field-recordist attitude leads to actually engaging with an environment, or instead to distancing oneself from it in an objectifying "audience" mode. After all, it's a bit weird to be present in a sound environment but trying not to be present.... Either way, the practised skill of staying still and quiet and listening opens up some enchanting experiences. I'm not definite that all this sound needs to be on tape - but it does need to be heard.

Zine makes you think.

Syndicated 2013-08-20 03:13:12 (Updated 2013-08-20 04:45:43) from Dan Stowell

Ale in Dartmoor and Devon

While walking around Dartmoor we had some great local-ish ales. Breweries around here seem to be doing a good selection of British ales, not quite as US-influenced as some of the other UK breweries I've sampled recently? Or maybe I'm imagining that.

Here's my list, in roughly descending order of excellence - though they're all good:

  • Bays Summer Ale - light and summery, the tiniest hint of fruit. Very refreshing.
  • Dartmoor's Dartmoor IPA - I liked this one a lot. Lovely clear IPA, golden light colour, hont of pepper, slightly creamy finish. Yum, and Ph says so too.
  • Teignworthy's Moor Beer - very nice session beer. Apparently this is the "Rugglestone" Moor Beer brewed by Teignworthy and served in the Rugglestone Inn (the best pub we found in Dartmoor!). There are a few "Moor Beer"s around.
  • Exmoor Ale - definite quality, full-flavoured but I can't pin it down with any adjectives. I've had their beers at All Tomorrow's Parties before, good stuff.
  • St Austell's Proper Job - a good hoppy IPA, not crazy pokey but a lovely tang.
  • Sharp's Cornish Coaster - refreshingly watery but with a honeyish body, good after a long walk.
  • Devon Ale - good, amber, medium hoppy with some caramel. However, I didn't write down which brewery this is from and now it's not obvious which beer this is actually likely to be...
  • Dartmoor's Legend - decent light and touch of caramelly.
  • Dartmoor's Jail Ale - a worthwhile session ale.
  • St Austell's Tribute - this is decent but too deep in the melon/peach axis for me - not my kind of thing.

Plus a couple which are definitely not from the Devon/Cornwall area, including Lakeland - rich and dark, had it before, like it.

Syndicated 2013-08-19 10:08:34 (Updated 2013-08-19 10:10:29) from Dan Stowell

A great question about birdsong

There are many mysteries about birdsong, some obvious and some not. This one hadn't occurred to me, but it's a great question:

"Why does a sedge wren with 300-400 different songs take days to reveal them, as if he didn't care whether anybody knew how many songs he was capable of singing?"

(From Nature's Music: The Science of Birdsong, chapter 4.)

Syndicated 2013-08-07 05:52:32 (Updated 2013-08-07 05:52:58) from Dan Stowell

Open access: green does NOT mean CC-BY-NC

There's been a fair amount of confusion around the new UK guidelines that mean we have to publish our research articles as open access. One of the urban myths that has sprung up is rather curious, and it's the idea that if you choose to publish under the green route, you're supposed to publish under a Creative Commons NonCommercial licence. This is not true. (It's just one of the many licences that would work.) But I have heard it from heads of research groups, I've heard it from library staff. We need to be clear!

(BACKGROUND: "Green" and "gold" are terms often used to describe two different sorts of open access, and they're also the two terms used by Research Councils UK [RCUK] to tell us what to do. "Gold" means that the publisher has to provide the article freely to everyone, rather than charging people for access; in lieu of that, most publishers will charge us researchers in order to publish under gold. "Green" means the publisher doesn't have to do anything, except to agree that the author can put a copy of the paper on their website or in an online repository. So, both enable free access to research, but in different ways, and with different costs and benefits.)

Now, in RCUK official guidance we have the option of green or gold publication. If we go the gold route, RCUK requires a specific licence: Creative Commons Attribution, aka CC-BY. If we go the green route, the RCUK policy doesn't exactly specify the licence, but it does say that it has to be published "without restriction on non‐commercial re‐use". Pause for a second to unpick the triple-negative in that turn of phrase...

The reason for that wording is that RCUK didn't want the publishers to "lock down" green OA by saying things like "you can self-archive the paper, but only under these strict terms and conditions which don't actually let people get the benefits of OA". For whatever reasons, they decided that it was OK for publishers to forbid commercial reuse (perhaps to prevent other publishers profiting from simply re-publishing?), but they would draw the line and say they weren't allowed to forbid non-commercial reuse. However, the policy doesn't require any particular licence.

But we might be tempted to ask, well, fine, but what is an example of a licence that would satisfy these RCUK rules? Well, Mark Thorley of RCUK gave an example of this: the Creative Commons Attribution-NonCommercial or CC-BY-NC would be fine. It's an appropriate example because it forbids commercial reuse but allows non-commercial reuse. OK so far?

Unfortunately, when you look at Mark Thorley's slides on the RCUK website, that's not exactly what is conveyed. If you go to slide 10 it says:

"Green (at least post print) with a maximum embargo period of 6(12) months, and CC-BY-NC"

OK that's pretty clear isn't it? It doesn't say that CC-BY-NC is just an example, it basically says CC-BY-NC is required. This is not what Thorley meant. I raised this issue on a mailing list, and he clarified the position:

"The policy does not define a specific licence for green deposit, provided non-commercial re-use such as text and data mining is supported. In presentations I say that this 'equates to CC-BY-NC', however, we do not specifically require CC-BY-NC. This is because some publishers, such as Nature, offer specific deposit licences which meet the requirements of the policy. However [...] this is the minimum requirement. So if authors are able and willing to use more open licences, such as CC-BY, we would encourage this. The more open the licence, the less ambiguities and barriers there are to re-use of repository content."

This clarification is welcome. But unfortunately it was provided in a reply on a mailing list discussion, and the RCUK website itself doesn't provide this clarification, so the misunderstanding is bound to run and run. This week I heard it repeated in an Open Access forum, and I hope that if you've read this far you'll help stop this misconception getting out of hand!

Syndicated 2013-07-17 10:43:33 (Updated 2013-07-17 11:02:52) from Dan Stowell

Birds of Manhattan

It doesn't surprose me that the trees still grow in Manhattan. After all they're captives. They still grow, because life always tries to grow.

What amazes me is the birds cheeping away. You can fly! You must have visited quieter, calmer places? Here in the city no-one can hear you sing. The machinations of the city drown everything out beyond a couple of metres - the cars, the subway, the helicopters. Not a place for easy singing.

Do you like it here? Do you have a good territory? All this human noise, is it a curse or an irrelevance? Or maybe, is it all worth it for the central park?

Syndicated 2013-06-01 11:43:05 from Dan Stowell

58 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!