# & elsewhere

Tribune publiée le 18 juin par les Exégètes dans Libération en version papier et en ligne.

Placer la totalité de la population sous surveillance préventive n’est pas admissible dans une société démocratique. Voici la conclusion tirée par la Cour de justice de l’Union européenne, dans deux arrêts (Digital Rights en 2014 et Tele2 en 2016) concernant les «données de connexion». Pour la cour européenne, ces traces numériques enregistrées dans le sillage des communications électroniques de chacun (géolocalisation, appels téléphoniques, connexions internet, etc.) révèlent des informations précises et sensibles de la vie des personnes. Leur conservation ne peut donc pas être généralisée et systématique ; elle doit à l’inverse être encadrée et limitée afin de garantir le droit fondamental au respect de la vie privée.

Read ›

Posted

Paquet LaTeX

Quelques commandes utiles pour les juristes utilisant LaTeX.

# Liens vers des articles de codes

#### Code civil

L’article 1382 du code civil évidemment:

\cciv{1382}


#### Code de la propriété intellectuelle

Les codes ayant une partie législative et une partie réglementaire nécessitent deux arguments. Par exemple, pour obtenir la référence de l’article L. 122-6-1 CPI, il faut entrer

l'article \cprointl{l}{122-6-1} CPI.


# Liens vers des décisions de justice

#### Jurisprudence européenne

En attendant de trouver un résolveur global pour ECLI, on peut utiliser les identifiants ECLI sur Eur-Lex pour rechercher dans la jurisprudence de l’Union européenne.

Par exemple, EU:C:2010:662 qui peut être obtenu grâce à

\ecli{EU:C:2010:662} % sans les espaces avant les :


Le moteur de recherche de la Cour de justice de l’UE peut aussi être utilisé, par exemple pour référencer une décision de la Cour de justice par numéro d’affaire C-293/12

\cjue{C-293/12}


#### Jurisprudence française

On peut référencer les arrêts de la Cour de cassation ou du Conseil d’État directement par numéro d’affaire, ainsi que les décisions du Conseil constitutionnel par numéro de décision (DC ou QPC).

Voir par exemple l’arrêt de la 2e chambre civile du jeudi 4 décembre 2014 n° 13-25684 [ne fonctionnera pas]

\ccass{13-25684}


ou par exemple, n° 345903 pour le Conseil d’État,

\cetat{345903}


ou encore la décision n° 2015-478 QPC pour le Conseil constitutionnel,

\ccons{2015-478}


# TODO

• ajouter d’autres codes (code de la consommation, code de la sécurité intérieure, etc.)

• générer automatiquement une table des décisions de justice / des articles de code cités dans les écritures

• corriger la requête à légifrance qui ne fonctionne pas pour la Cour de cassation

Posted

TL;DR Use Pandoc, write your document in a combination of YAML, Markdown and, when you need it, inline LaTeX. Read Pandoc’s README.

TeX is awesome. LaTeX was made to make it easier to use TeX and produce high-quality documents.

Still, there are two downsides with using LaTeX:

1. the source of your document is a bit cryptic for people who aren’t used to source code
2. TeX was designed for paper as the output and thus comes with its limitations.

Today, most LaTeX documents end up as PDF and/or printed on paper (which is kind of the same). This is nice, but PDF and paper are not mediums that enable others to co-edit the text (unless they can work with the LaTeX source, but most people won’t learn that, see point 1 above).

This is especially sad because LaTeX is not only able to produce awesome typesets, it’s also able to produce part of the content of the document, thanks to a myriad of packages that you can use in LaTeX (for instance, varioref).

× For example, the varioref package is the best program I’ve seen to make automated references to another point in a document. Using varioref, LaTeX is able to print something like: “see section 3, on the facing page” automatically (or “… on the next page” if the document isn’t supposed to be printed twosides aka recto verso).

That’s great, but that only makes sense for documents in pages, like paper or PDF. It does not make sense for a document in HTML that will be a single “web page” (of course, we could also emulate pages in HTML but, seriously, why are people doing that?) although it still makes sense to be able to refer to another part of the doc (like I did above.)

So what I’m doing these days is mostly LazyTeX.

## What’s LazyTeX?

LazyTeX is a way to use TeX that is lazy, but has the potential to overcome the two donwsides of using strict LaTeX that I just described.

Mainly, LazyTeX is just a funny name I have given to the combination of Markdown, YALM and inline LaTeX, that can be used through Pandoc in order to produce beautiful LaTeX PDF.

The upside to doing this, is that the source is way more legible for people like LibreOffice or Microsoft Office users, and the output will not necessarily be PDF but, in some cases, could as well be HTML or plain text, or something else.

Why’s this lazy? There are two reasons to this:

First, the markdown syntax is lazier than the latex syntax. For instance, a list in markdown is as simple as writing:

This is some text.

- This is the first item of a list
- This is the second item of a list

This is some text.


whereas a list in LaTeX cannot really be more simple than:

This is some text.

\begin{itemize}
\item This is the first item of a list
\item This is the second item of a list
\end{itemize}

This is some text.


You get the idea. Sometimes, even documents that I only need as PDF, for which I could use plain, strict LaTeX – I today prefer to write them in a combination of YAML, Markdown and inline LaTeX – that means, what I call from now on LazyTeX.

However, lazy also has a downside. Mainly, if I mike a mistake in the source file, there are more risks of producing a PDF with the mistake showing in plain sight, rather than having a compilation error.

When I do a mistake in a LaTeX file, usually the compilation will give me an error and not produce the result. Thus, the error flags me that I need to fix something.

However, when I do a mistake in a LazyTeX file (for instance, misplacing a list inside a list because of wrong indention, or misplacing an asterisk that’s supposed to make something bold) – in such cases, the LazyTeX file might compile correctly and will just print the mistake. So I may need to review the PDF more thoroughly, which can be cumbersome for long documents. So, in some cases, maybe LazyTeX should be avoided and strict LaTeX prefered.

## How does it work?

Pandoc is what makes this possible. Pandoc has its own Markdown variant, which enables Markdown to be a bigger subset of HTML than the “vanilla” Markdown is. But Pandoc also has some neat tricks that makes Markdown an interesting source for LaTeX. For instance, the pandoc-citeproc program that’s shipped with Pandoc enables you to use the bibliography engines of LaTeX.

Pandoc also parses YAML data, which you can then use to generate parts of your LaTeX document, especially the preamble.

Pandoc also allows you to have inline LaTeX, meaning you can write some LaTeX inside your markdown and Pandoc will work it out. (Although this has some limitations).

Obviously, one of the biggest upside of Pandoc, is the ability to convert documents from one format to another. Here’s the insane diagram of possibilities:

## What’s not working?

The problem is that Pandoc’s LaTeX “reader” isn’t a full LaTeX parser (yet). So the markdown+inlineLaTeX combination may cause issues for non-LaTeX outputs.

So be careful with some commands. See the sample LazyTeX doc and the resulting PDF.

My solution right now, is to add another layer of complexity, to make things worse: I use custom directives in Emacs’ Pandoc-mode.

Posted

TL;DR Use Pandoc, write your document in a combination of YAML, Markdown and, when you need it, inline LaTeX. Read Pandoc’s README.

TeX is awesome. LaTeX was made to make it easier to use TeX and produce high-quality documents.

Still, there are two downsides with using LaTeX:

1. the source of your document is a bit cryptic for people who aren’t used to source code
2. TeX was designed for paper as the output and thus comes with its limitations.

Today, most LaTeX documents end up as PDF and/or printed on paper (which is kind of the same). This is nice, but PDF and paper are not mediums that enable others to co-edit the text (unless they can work with the LaTeX source, but most people won’t learn that, see point 1 above).

This is especially sad because LaTeX is not only able to produce awesome typesets, it’s also able to produce part of the content of the document, thanks to a myriad of packages that you can use in LaTeX (for instance, varioref).

× For example, the varioref package is the best program I’ve seen to make automated references to another point in a document. Using varioref, LaTeX is able to print something like: “see section 3, on the facing page” automatically (or “… on the next page” if the document isn’t supposed to be printed twosides aka recto verso).

That’s great, but that only makes sense for documents in pages, like paper or PDF. It does not make sense for a document in HTML that will be a single “web page” (of course, we could also emulate pages in HTML but, seriously, why are people doing that?) although it still makes sense to be able to refer to another part of the doc (like I did above.)

So what I’m doing these days is mostly LazyTeX.

## What’s LazyTeX?

LazyTeX is a way to use TeX that is lazy, but has the potential to overcome the two donwsides of using strict LaTeX that I just described.

Mainly, LazyTeX is just a funny name I have given to the combination of Markdown, YALM and inline LaTeX, that can be used through Pandoc in order to produce beautiful LaTeX PDF.

The upside to doing this, is that the source is way more legible for people like LibreOffice or Microsoft Office users, and the output will not necessarily be PDF but, in some cases, could as well be HTML or plain text, or something else.

Why’s this lazy? There are two reasons to this:

First, the markdown syntax is lazier than the latex syntax. For instance, a list in markdown is as simple as writing:

This is some text.

- This is the first item of a list
- This is the second item of a list

This is some text.


whereas a list in LaTeX cannot really be more simple than:

This is some text.

\begin{itemize}
\item This is the first item of a list
\item This is the second item of a list
\end{itemize}

This is some text.


You get the idea. Sometimes, even documents that I only need as PDF, for which I could use plain, strict LaTeX – I today prefer to write them in a combination of YAML, Markdown and inline LaTeX – that means, what I call from now on LazyTeX.

However, lazy also has a downside. Mainly, if I mike a mistake in the source file, there are more risks of producing a PDF with the mistake showing in plain sight, rather than having a compilation error.

When I do a mistake in a LaTeX file, usually the compilation will give me an error and not produce the result. Thus, the error flags me that I need to fix something.

However, when I do a mistake in a LazyTeX file (for instance, misplacing a list inside a list because of wrong indention, or misplacing an asterisk that’s supposed to make something bold) – in such cases, the LazyTeX file might compile correctly and will just print the mistake. So I may need to review the PDF more thoroughly, which can be cumbersome for long documents. So, in some cases, maybe LazyTeX should be avoided and strict LaTeX prefered.

## How does it work?

Pandoc is what makes this possible. Pandoc has its own Markdown variant, which enables Markdown to be a bigger subset of HTML than the “vanilla” Markdown is. But Pandoc also has some neat tricks that makes Markdown an interesting source for LaTeX. For instance, the pandoc-citeproc program that’s shipped with Pandoc enables you to use the bibliography engines of LaTeX.

Pandoc also parses YAML data, which you can then use to generate parts of your LaTeX document, especially the preamble.

Pandoc also allows you to have inline LaTeX, meaning you can write some LaTeX inside your markdown and Pandoc will work it out. (Although this has some limitations).

Obviously, one of the biggest upside of Pandoc, is the ability to convert documents from one format to another. Here’s the insane diagram of possibilities:

## What’s not working?

The problem is that Pandoc’s LaTeX “reader” isn’t a full LaTeX parser (yet). So the markdown+inlineLaTeX combination may cause issues for non-LaTeX outputs.

So be careful with some commands.

My solution right now, is to add another layer of complexity, to make things worse: I use custom directives in Emacs’ Pandoc-mode.

Posted

Here some little known, yet awesome apps or tools that I use. Thanks to the people working on these (I’m glad to have met some of them, and they’re awesome too)!

#### Transportr

Transportr is an Android app to help you use public transports systems. It’s simply the best one I’ve seen, and it supports a lot of systems (city-wide like Berlin or Paris and even long-distance).

#### Feedbin

Feedbin is an RSS web reader. It provides a pleasing reading experience and you can easily browse through items and share links. If you’re looking to host it yourself, have a look at the sources.

#### ikiwiki

ikiwiki powers this blog, hosted by branchable. If you like git and markdow, and editing your texts with your favourite text editor, this is for you.

#### Known

Known (formerly “idno”) is more “socially aware” than ikiwiki. It runs with PHP and it’s basically your easy-to-run indieweb space. If you use it with http://brid.gy you will enjoy a nice integration with twitter and other silos (see an example of my own).

#### YunoHost

YunoHost is custom debian distribution aiming at making self-hosting easy. It provides a nice web interface for administration of your self-hosted server and for users of the web server. If you have basic linux administration skills, this will be very helpful.

#### Pinboard

Pinboard a simple and efficient bookmarking app that also archives the content of marked pages (if you pay for it).1

#### Sharesome

Sharesome lets you easily share files on the web. It has a pleasant interface that works well on all devices I have tested so far. It’s also available as a web app. The neat feature is that you can choose where to host your data (for instance, with remotestorage; you can get an account at https://5apps.com).

#### Terms of Service; Didn’t Read

Some shameless self-promo with ToSDR, the app that tells you what happens to your rights online by rating and summarising Terms of service and privacy policies. You can also get it directly in your web browser or as a web app.

If you’re looking for a curated list of awesome web services that are free of charge and based on free software and open data, look no further than Jan’s Libre projects.

1. Unfortunately, Pinboard is not released as free software. But you can export your bookmarks. ↩

Posted

This morning, we are officially publishing the User Data Manifesto 2.0.

Today, most of users’ data are not stored on their computer’s hard drive any more, but rather online on a service provider’s server somewhere in a data center.

Read ›

Posted

J’aimerais partager ici la mésaventure que m’a fait vivre Transavia France pendant mes vacances ce mois d’août.

Lire ›

Posted

Hier, j’étais au loop avec Okhin pour refaire le chiffrement de mon serveur mail, que je viens de réinstaller (Kolab 3.4, Debian 8).

Voici quelques liens qui nous ont été utiles :

• How to create a self-signed SSL Certificate

Attention cependant, en suivant ces instructions on crée un certificat avec le flag CA false alors que pour utiliser un certificat autosigné sur Android, il faut absolument que le flag CA soit true (voir ci-dessous).

Finalement, voici la commande qui m’a permis de faire le certificat, dans /etc/ssl/private/:

openssl req -x509 -new -key totosh.ampoliros.net.key -out totosh.ampoliros.net.csr -days 730


Cette commande remplace l’étape 2. L’étape 4 n’est donc pas nécessaire semble-t-il.

Ensuite, je copie totosh.ampoliros.net.csr vers /etc/ssl/certs/totosh.ampoliros.net.crt puis je configure mes services pour utiliser ce certificat ainsi que la clé privée générée à l’étape 1.

• Je veux HTTPS

Utilisé pour configurer Apache2.

• Exemples de configuration Postfix de Benjamin Sonntag

Sans oublier de générer dh2048.pem:

openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048

• Securing all Kolab Services

Utilisé pour configurer Cyrus IMAPD.

### Importer un certificat autosigné dans Android

Normalement, avec la commande openssl donnée plus haut, on génère un certificat autosigné acceptable pour Android.

On peut par exemple utiliser l’application CAdroid pour importer le certificat.

Si on est root sur l’Android, on peut aussi copier le certificat directement dans le système en passant par adb. C’est la solution que j’ai choisie.

Installing CAcert certificates on Android as ‘system’ credentials without lockscreen - instructions

(En passant: j’ai un bug sur CyanogenMod qui m’enmpêche pour le moment de modifier les paramètres de sécurité. Je suis donc passé par adb pour autoriser l’installation de sources autres que Google avec la commande: adb shell settings put secure install_non_market_apps 1.)

Posted

Dans un arrêt du 18 mars 2015, la Cour d’appel de Caen a retenu que l’acte de décompilation d’une partie de Skype n’était pas constitutif du délit de contrefaçon, relaxant ainsi l’associé d’une société de sécurité informatique française qui voulait développer un système d’échanges d’informations sécurisé et fiable, interopérable avec Skype.

Posted
 https://youtube.com/devicesupport http://m.youtube.com From: YouTube Help Views: 33749260 0 ratings Time: 03:56 More in Howto & Style
Posted

This month, French Data Network and La Quadrature du Net filed a lawsuit to the Conseil d’État, one of the supreme courts, against the French government on website blocking.

This is part 2 of our series “French Data Network versus the French Government”.

Read ›

Posted

Sometimes, you want to get numbered paragraphs throughout a document.

I’m looking for a way to achieve this with pandoc, in a way that I can write once, and publish in several formats.

I added this in pandoc’s LaTeX template:

$if(numberparagraphs)$
%% numerate paragraphs with a label
\newcounter{paranumero}
\newcommand{\para}[1]{%
\noindent\refstepcounter{paranumero}\llap{\small\bfseries\theparanumero\label{#1}.~}}
$endif$


That way, I can write

\para{shortId} A paragraph...

and later in the document, I can refer to that paragraph\vref{shortId}


That’s good, but it only works in LaTeX. I’d like to write something similar in a Markdown document and be able to also produce HTML, or even ODT or OOXML.

I’ll experiment a bit, but if you have ideas of your own… tell me

TODO: allow to write \para without any value and assign it a predictable \label… for instance the first letter of the first five words of the paragraph.

Posted

Last month, French Data Network and La Quadrature du Net filed a lawsuit to the Conseil d’État, one of the supreme courts, against the French government. Our objective is simple: we want to take down French data retention laws.

#### Who?

• the French Data Network (FDN), the oldest French internet access provider, and a nonprofit organisation promoting the Internet and spreading knowledge on how it works.

• the Fédération FDN, a federation of ISP very much like FDN (FDN is one of the founding members of the Fédération), created to spread and distribute efforts accross geographical locations to serve the same goal.

• La Quadrature du Net, an organisation of activists (which used to be an unorganisation ;-)) defending our rights in the digital age. Maybe you know them for their successful campaigns against ACTA.

#### How?

On December 24, the government issued a décret, an order by the executive branch to enable the application of the law (issued by the Parliament). Décrets can be challenged in court, directly to the Conseil d’État, until two months after they are published. This is the procedure we’re in.

Formally, our target is a décret of the 2013 law setting the strategy for military operations and prerogatives for the near future (the “LPM” law). Specifically, article 20 of this law set new ways for the state to access data retained by telcos and internet ISPs.

For us, this was just a legal opportunity to seize in order to bring our arguments in front of a judge, against the concept of general data retention, i.e. keeping metadata and records on communications of the whole population.

In the aftermath of the European Union Court of Justice’s landmark decision in Digital Rights Ireland (April 8, 2014; C‑293/12 & C‑594/12), data retention laws in Europe are being cancelled, almost automatically, one by one (lately, in the Netherlands, see the preliminary injunction by the Hague court, March 11, 2015). Almost automatically indeed, because national judges, in matter of European Union law, have to apply EU principles and case law directly.

So this is what we’re trying to do in France, albeit one difference. Unlike other data retention laws in Europe, French laws predate the 2006 EU data retention directive; so our task seems a bit more difficult.

#### What?

Anyway, here comes an overview of our main arguments:

• the décret tries to fix the law; because the law did not define correctly its own scope (the definition of the type of data subject to the law). But that’s something the government is not supposed to do! The scope of the law is a legislative power prerogative, not the executive’s.
• the décret had to organise the administrative control defined in the law, but the décret doesn’t do it. Thus, the government did not fullfil the obligations the law created.

And, of course, the main argument (part 4.1 of our legal writing):

• This is a matter of European Union law. As the 2002 directive (so called ePrivacy directive) says in its article 15, measures of data retention must be made according to EU law principles.
• Thus, the EUCJ Digital Rights Ireland decision is directly applicable to French laws on data retention.
• As a consequence, the judge must realise that data retention, as set in French law, is clearly against our fundamental rights to free speech and to the respect of private life! The government cannot legally mandate telcos and internet ISPs to keep metadata and records on the communications of the whole population (and for a whole year at least)!

If you’re interested, you can read the whole thing (in French).

#### What next?

I’ll keep you posted on the blog about the procedure. It should take at minimum a year, if nothing unexpected happens (but it can be significantly longer depending on prejudicial and accessory procedures…).

But as you may know, the government is currently trying to pass new law giving extremely broad powers to the state with regard to surveillance measures, including new ways to access our communications and our data, all of this without effective judicial oversight.

Our legal challenge has thus taken a new level, against the French surveillance state.

Related: La Quadrature’s press release

Posted

Après le dépôt de la requête introductive d’instance contre le décret LPM, c’est au tour du décret organisant le blocage administratif du Web. Nous voici donc à l’acte 2 du contentieux engagé par French Data Network, la fédération de fournisseurs associatifs d’accès internet et La Quadrature du Net contre le gouvernement.

La première requête a été envoyée le 18 février. La deuxième requête est partie aujourd’hui. Les deux documents seront bientôt publiés. Je laisse le soin à Benjamin de le faire, probablement sur le blog de FDN.

Mise à jour: recours LPM, recours blocage administratif

Samedi dernier, j’ai pu présenter notre action lors de l’assemblée générale de FDN. Pour ceux que ça intéresse, voici les diapos. Ils contiennent notamment une chronologie du contexte entourant chacun des deux décrets que nous avons attaqué, ainsi qu’une revue de nos principaux arguments.

Voilà donc trois mois bien remplis qui viennent de passer, depuis la publication du décret LPM. À ce moment-là, on ne se doutait pas que le Gouvernement nous préparait une déferlante de textes attentatoires aux libertés individuelles et à la vie privée.

Il est vrai que le contexte malheureux de ce début d’année n’y est probablement pour rien…

L’actuel projet de loi relatif au renseignement rend donc notre action d’autant plus importante !

Posted

LATEX

XƎTEX

<span class="latex">L<sup>A</sup>T<sub>E</sub>X</span>

<span class="xetex">X<sub>&#398;</sub>T<sub>E</sub>X</span>

.latex sub {
vertical-align: -0.1ex;
margin-left: -0.1667em;
margin-right: -0.025em;
}

.xetex sub {
vertical-align: -0.1ex;
margin-left: -0.1667em;
margin-right: -0.125em;
}

.latex sub, .latex sup, .xetex sub {
font-size: 0.9em;
text-transform:uppercase;

}
.latex sup {
font-size: 0.85em;
vertical-align: -0.2em;
margin-left: -0.26em;
margin-right: -0.05em;
}

Posted

Contribution de ToS;DR à la consultation du Conseil National du Numérique

Posted

title: “Terms of Service; Didn’t Read” author: “Hugo Roy” date: | 2014-01-09

[#Contribuez](https://twitter.com/hashtag/Contribuez?src=hash)


Les Conditions Générales d’Utilisation sont trop longues pour être lues

http://lorrie.cranor.org/pubs/readingPolicyCost-authorDraft.pdf” id=”extractfromlorriecranorthecostofreadingprivacypolicies.http:lorrie.cranor.orgpubsreadingpolicycost-authordraft.pdf” />

Une meilleure information des utilisateurs

Photo https://flic.kr/p/8HxsAL par François Schnell. Licence CC-BY-2.0.

Posted

title: “Terms of Service; Didn’t Read” author: “Hugo Roy” date: | 2014-01-09

[#Contribuez](https://twitter.com/hashtag/Contribuez?src=hash)


Les Conditions Générales d’Utilisation sont trop longues pour être lues

http://lorrie.cranor.org/pubs/readingPolicyCost-authorDraft.pdf” id=”extractfromlorriecranorthecostofreadingprivacypolicies.http:lorrie.cranor.orgpubsreadingpolicycost-authordraft.pdf” />

Une meilleure information des utilisateurs

Photo https://flic.kr/p/8HxsAL par François Schnell. Licence CC-BY-2.0.

Posted

I’ve been looking for a solution to this problem:

Sometimes, I just sent an email, and after 10 seconds I realise: “Oh, damn, I forgot to add something!” or “Oh, nooooes, I sent it to the wrong person!” Whatever. This is annoying.

Making mistakes is human. Email clients are for humans, therefore they should be able to cope with our mistakes and help fix them. That’s why software should allow us to “undo” or “cancel” our actions.

Gmail does this right, so why can’t we do it in Mutt too?

I wrapped my head around this a little bit. And I’m no programmer, so after trying to add some stuff here and there, I finally decided to have it with this very, very, very dirty hack. You’ve been warned. So here’s how I do it:

• I use the msmtpq script which allows me to queue emails when I’m offline, so that msmtp can take care of sending queued email when I’m back online.

• I have tried to put a delay of 30 seconds any time before calling msmtp or I tried to force msmtpq to queue all outgoing email for at least 30 seconds. But I couldn’t make it work. So instead,

• I added sleep 30 && at the beginning of the msmtpq script!

• Result: now when I send an email, I have 30 seconds to realise when I made a mistake. Then, I just need to activate plane mode on my laptop, and fix whatever needs fixing from here.

One issue with this workflow is that I can’t just edit the outgoing email, I also have to make sure I update the openPGP signature. So I’d probably just delete the email and start again from Mutt.

I warned you, this is very ugly

But as they say: the best way to get an answer on the net is not to ask a question, but to give the wrong answer!

So if anyone wants to implement this feature in msmtpq, that would be great. Here’s how it could work ideally, in the .muttrc:

set sendmail="msmtpq --wait 30"
set sendmail_wait=-1  #send in the background


then msmtpq could queue the email for 30 seconds before testing the connection and feeding the email to msmtp. The Queue management could then allow the user to pause all outgoing emails, cancel the email containing the mistake, then sending remaining emails from the queue.

The msmtpq script is available at: http://sourceforge.net/p/msmtp/code/ci/master/tree/scripts/msmtpq/

Posted

hugoroyd posted a photo:

Posted

hugoroyd posted a photo:

Posted

hugoroyd posted a photo:

Posted

hugoroyd posted a photo:

Posted

Pour faire vite : appliquer un filtre à Pandoc

Markdown et LaTeX sont pratiquement à l’opposé l’un de l’autre. C’est deux philosophies qui s’affrontent !

Voici comment écrire un même passage avec :

1. markdown,

puis avec

2. LaTeX (en utilisant « XeLaTeX »).

Voici comment **écrire** un *même passage* avec :

1. markdown,

puis avec

2. LaTeX (en utilisant « XeLaTeX »).


Voici comment \textbf{écrire} un \emph{même passage} avec:

\begin{enumerate}
\item markdown,

puis avec

\item LaTeX{} (en utilisant «XeLaTeX»).
\end{itemize}


On le voit bien, markdown est plus facile à lire et à écrire. Tandis que LaTeX a l’avantage d’être plus prévisible et plus strict ! C’est parce qu’on a d’un côté une syntaxe plutôt lâche ; tandis que de l’autre côté, on a un vrai langage.

Mais il ne faut pas oublier que markdown, à l’origine, est destiné à être converti en HTML (d’où ses limites !). En fait, markdown n’est qu’une syntaxe pour une sous-partie d’HTML. Malheureusement, LaTeX et HTML sont à peu près aussi éloignés que possible dans leur approche de ce qu’est un document. HTML a le mérite de faire de réels documents informatiques plutôt que de produire des documents numériques qui imitent le papier !

Par conséquent, combiner markdown et LaTeX n’est pas sans poser quelques problèmes.

Dans l’exemple ci-dessus, vous avez peut-être pu observer, si vous avez fait attention, que les espaces ne sont pas traitées de la même manière selon qu’on est dans markdown ou dans LaTeX. Ainsi, en markdown, j’insère une espace insécable en guise d’espace typographique avant : ou entre « » — alors que si je fais la même chose en LaTeX, XeLaTeX va prendre les espaces insécables en tant que tel et donc n’appliquera pas ses propres espaces typographiques. C’est pourquoi dans la source LaTeX on n’écrit que les symboles sans s’occuper de leur représentation plus tard dans le PDF.

Voici donc un petit script que j’applique automatiquement avant chaque passage par XeLaTeX grâce à l’option --filter de Pandoc :

#!/bin/bash
sed "s/« /«/g" | sed "s/ »/»/g" | sed "s/ !/!/g" | sed "s/ ?/?/g" | sed "s/ ;/;/g" | sed "s/ :/:/g" | sed "s/1er/1\\\textsuperscript{er}/g" | sed "s/Mme /M\\\textsuperscript{me} /g"


Si vous avez des modifications à suggérer, n’hésitez pas !

Pour une critique de markdown intéressante : My principled objection to Markdown, par Matthew Butterick auteur de Pollen

Posted

title: “Fixing the Biggest Lie on the Web” author: Hugo Roy date: | 2014-11-05

@MozLDN  @ToSDR  #fixingTheBiggestLie


I have read and agree to the terms.

http://www.geekculture.com/joyoftech/joyarchives/2019.html” id=”facebookexperimentsbynitrozacandsnaggyhttp:www.geekculture.comjoyoftechjoyarchives2019.html” />

http://www.geekculture.com/joyoftech/joyarchives/2017b.html” id=”facebookperformanceartbynitrozacandsnaggyhttp:www.geekculture.comjoyoftechjoyarchives2017b.html” />

http://www.geekculture.com/joyoftech/joyarchives/2066.html” id=”newsgroup1bynitrozacandsnaggyhttp:www.geekculture.comjoyoftechjoyarchives2066.html” />

http://www.geekculture.com/joyoftech/joyarchives/2066.html” id=”newsgroup2bynitrozacandsnaggyhttp:www.geekculture.comjoyoftechjoyarchives2066.html” />

# How did we get here?

## ①Terms of Service & Privacy Policies are Too Long To Read

http://lorrie.cranor.org/pubs/readingPolicyCost-authorDraft.pdf” id=”extractfromlorriecranorthecostofreadingprivacypolicies.http:lorrie.cranor.orgpubsreadingpolicycost-authordraft.pdf” />

http://conversation.which.co.uk/technology/length-of-website-terms-and-conditions/” id=”fromwhich.co.ukhttp:conversation.which.co.uktechnologylength-of-website-terms-and-conditions” />

## ②Terms of Service changeAll–The–Time!

https://github.com/tosdr/tosback2” id=”screenshotofcommitsactivityonhttps:github.comtosdrtosback2” />

We may revise these Terms from time to time, the most current version will always be at twitter.com/tos. If the revision, in our sole discretion, is material we will notify you via an @Twitter update or e-mail to the email associated with your account. By continuing to access or use the Services after those revisions become effective, you agree to be bound by the revised Terms.

GitHub reserves the right to update and change the Terms of Service from time to time without notice.

[Couchsurfing] may change the provisions of this Privacy Policy from time to time. If we make changes, we will notify you, including by revising the date at the top of this policy. We encourage you to review the Privacy Policy whenever you use our Services to stay informed about our information practices and the ways you can help protect your privacy.

(Netflix) As we update and expand our services, we may make changes to this policy. *You should check back for updates to this policy from time to time. *You acknowledge that your assent to the Terms of Use and Privacy Policy subsequent to any changes made following your initial consent as well as, your use of the Netflix website or continued use of our service after our posting of changes to this policy, means that you agree to be bound by such changes.

# How can we fix this problem?

## Enforcing your rights in courts

But wait, which courts?

The Court of Santa Barbara in California is the only one competent for disputes arising from the terms of service of Youtube. The applicable law to these terms of service is the one of the State of California.

“You and Netflix agree that any dispute, claim or controversy arising out of or relating in any way to the Netflix service, including our website, user interfaces, these Terms of Use and this Arbitration Agreement, shall be determined by binding arbitration instead of in courts of general jurisdiction. Arbitration is more informal than a lawsuit in court. Arbitration uses a neutral arbitrator instead of a judge or jury, allows for more limited discovery than in court, and is subject to very limited review by courts. Arbitrators can award the same damages and relief that a court can award. You agree that, by agreeing to these Terms of Use, the U.S. Federal Arbitration Act governs the interpretation and enforcement of this provision, and that you and Netflix are each waiving the right to a trial by jury or to participate in a class action. This arbitration provision shall survive termination of this Agreement and the termination of your Netflix membership. YOU AND NETFLIX AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING.”

More on arbitration: http://blog.tosdr.org/posts/hannah-on-arbitration/

## Design is fundamental

![ToS;DR classes](src/ToSDRClass.png)

# Thank you for joining!

And thanks to Andreas from Mozilla London for hosting us!

Follow up, contact me by

hugo@ToSDR.org

Posted

title: “Fixing the Biggest Lie on the Web” author: Hugo Roy date: | 2014-11-05

@MozLDN  @ToSDR  #fixingTheBiggestLie


I have read and agree to the terms.

http://www.geekculture.com/joyoftech/joyarchives/2019.html” id=”facebookexperimentsbynitrozacandsnaggyhttp:www.geekculture.comjoyoftechjoyarchives2019.html” />

http://www.geekculture.com/joyoftech/joyarchives/2017b.html” id=”facebookperformanceartbynitrozacandsnaggyhttp:www.geekculture.comjoyoftechjoyarchives2017b.html” />

http://www.geekculture.com/joyoftech/joyarchives/2066.html” id=”newsgroup1bynitrozacandsnaggyhttp:www.geekculture.comjoyoftechjoyarchives2066.html” />

http://www.geekculture.com/joyoftech/joyarchives/2066.html” id=”newsgroup2bynitrozacandsnaggyhttp:www.geekculture.comjoyoftechjoyarchives2066.html” />

# How did we get here?

## ①Terms of Service & Privacy Policies are Too Long To Read

http://lorrie.cranor.org/pubs/readingPolicyCost-authorDraft.pdf” id=”extractfromlorriecranorthecostofreadingprivacypolicies.http:lorrie.cranor.orgpubsreadingpolicycost-authordraft.pdf” />

http://conversation.which.co.uk/technology/length-of-website-terms-and-conditions/” id=”fromwhich.co.ukhttp:conversation.which.co.uktechnologylength-of-website-terms-and-conditions” />

## ②Terms of Service changeAll–The–Time!

https://github.com/tosdr/tosback2” id=”screenshotofcommitsactivityonhttps:github.comtosdrtosback2” />

We may revise these Terms from time to time, the most current version will always be at twitter.com/tos. If the revision, in our sole discretion, is material we will notify you via an @Twitter update or e-mail to the email associated with your account. By continuing to access or use the Services after those revisions become effective, you agree to be bound by the revised Terms.

GitHub reserves the right to update and change the Terms of Service from time to time without notice.

[Couchsurfing] may change the provisions of this Privacy Policy from time to time. If we make changes, we will notify you, including by revising the date at the top of this policy. We encourage you to review the Privacy Policy whenever you use our Services to stay informed about our information practices and the ways you can help protect your privacy.

(Netflix) As we update and expand our services, we may make changes to this policy. *You should check back for updates to this policy from time to time. *You acknowledge that your assent to the Terms of Use and Privacy Policy subsequent to any changes made following your initial consent as well as, your use of the Netflix website or continued use of our service after our posting of changes to this policy, means that you agree to be bound by such changes.

# How can we fix this problem?

## Enforcing your rights in courts

But wait, which courts?

The Court of Santa Barbara in California is the only one competent for disputes arising from the terms of service of Youtube. The applicable law to these terms of service is the one of the State of California.

“You and Netflix agree that any dispute, claim or controversy arising out of or relating in any way to the Netflix service, including our website, user interfaces, these Terms of Use and this Arbitration Agreement, shall be determined by binding arbitration instead of in courts of general jurisdiction. Arbitration is more informal than a lawsuit in court. Arbitration uses a neutral arbitrator instead of a judge or jury, allows for more limited discovery than in court, and is subject to very limited review by courts. Arbitrators can award the same damages and relief that a court can award. You agree that, by agreeing to these Terms of Use, the U.S. Federal Arbitration Act governs the interpretation and enforcement of this provision, and that you and Netflix are each waiving the right to a trial by jury or to participate in a class action. This arbitration provision shall survive termination of this Agreement and the termination of your Netflix membership. YOU AND NETFLIX AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING.”

More on arbitration: http://blog.tosdr.org/posts/hannah-on-arbitration/

## Design is fundamental

![ToS;DR classes](src/ToSDRClass.png)

# Thank you for joining!

And thanks to Andreas from Mozilla London for hosting us!

Follow up, contact me by

hugo@ToSDR.org

Posted

title: “ToS;DR: Behind the scenes” author: Hugo Roy date: | 2014-11-05

@MozLDN  @ToSDR  #fixingTheBiggestLie


How does ToS;DR work?

# Reviews

## Step 1

Somebody reads the terms and shares what s/he finds out with the community.

(Right now, by sending an email to tosdr@googlegroups.com but we’re making a web interface to replace that: https://tosdr.org/submit-point.html)

A “point” is data describing one particular aspect of terms of service. All terms of service reviews are broken down into several points, so we can discuss each point.

## Step 2

The community discusses the review publicly.

(Right now, on the mailing list, but we’re working on a web interface to replace that: https://tosdr.org/pendingpoints.html)

## Step 3

A moderator checks the discussion and moves the data to the website, once the point is mature enough.

Each point has:

• Title
• Good / Neutral / Bad / Blocker
• a “TL;DR” (a plain-English summary)
• a topic
• a score from 0 to 100

## Step 4

Once a service has enough data points, it gets a Class.

## Points’ score

The more a point has a big score, the more weight it has on the overall class of a service.

(Neutral points don’t influence the class).

# Code

https://github.com/tosdr/

## Submit Point

https://tosdr.org/submit-point.html

## Pending Points

https://tosdr.org/pendingpoints.html

## Firefox extension

https://github.com/tosdr/tosdr-firefox/

IRC

freenode

#tosdr

Posted

title: “ToS;DR: Behind the scenes” author: Hugo Roy date: | 2014-11-05

@MozLDN  @ToSDR  #fixingTheBiggestLie


How does ToS;DR work?

# Reviews

## Step 1

Somebody reads the terms and shares what s/he finds out with the community.

(Right now, by sending an email to tosdr@googlegroups.com but we’re making a web interface to replace that: https://tosdr.org/submit-point.html)

A “point” is data describing one particular aspect of terms of service. All terms of service reviews are broken down into several points, so we can discuss each point.

## Step 2

The community discusses the review publicly.

(Right now, on the mailing list, but we’re working on a web interface to replace that: https://tosdr.org/pendingpoints.html)

## Step 3

A moderator checks the discussion and moves the data to the website, once the point is mature enough.

Each point has:

• Title
• Good / Neutral / Bad / Blocker
• a “TL;DR” (a plain-English summary)
• a topic
• a score from 0 to 100

## Step 4

Once a service has enough data points, it gets a Class.

## Points’ score

The more a point has a big score, the more weight it has on the overall class of a service.

(Neutral points don’t influence the class).

# Code

https://github.com/tosdr/

## Submit Point

https://tosdr.org/submit-point.html

## Pending Points

https://tosdr.org/pendingpoints.html

## Firefox extension

https://github.com/tosdr/tosdr-firefox/

IRC

freenode

#tosdr

Posted

Fixing The Biggest Lie on the Web, Mozilla, London

ToS;DR Behind the Scenes, Mozilla, London

Posted
Fixing the Biggest Lie on the Web

# Fixing the Biggest Lie on the Web

### 2014-10-31

I have read and agree to the terms.

# How did we get here?

## ②Terms of Service changeAll–The–Time!

We may revise these Terms from time to time, the most current version will always be at twitter.com/tos. If the revision, in our sole discretion, is material we will notify you via an @Twitter update or e-mail to the email associated with your account. By continuing to access or use the Services after those revisions become effective, you agree to be bound by the revised Terms.

GitHub reserves the right to update and change the Terms of Service from time to time without notice.

[Couchsurfing] may change the provisions of this Privacy Policy from time to time. If we make changes, we will notify you, including by revising the date at the top of this policy. We encourage you to review the Privacy Policy whenever you use our Services to stay informed about our information practices and the ways you can help protect your privacy.

(Netflix) As we update and expand our services, we may make changes to this policy. You should check back for updates to this policy from time to time. You acknowledge that your assent to the Terms of Use and Privacy Policy subsequent to any changes made following your initial consent as well as, your use of the Netflix website or continued use of our service after our posting of changes to this policy, means that you agree to be bound by such changes.

# How can we fix this problem?

## Enforcing your rights in courts

But wait, which courts?

The Court of Santa Barbara in California is the only one competent for disputes arising from the terms of service of Youtube. The applicable law to these terms of service is the one of the State of California.

“You and Netflix agree that any dispute, claim or controversy arising out of or relating in any way to the Netflix service, including our website, user interfaces, these Terms of Use and this Arbitration Agreement, shall be determined by binding arbitration instead of in courts of general jurisdiction. Arbitration is more informal than a lawsuit in court. Arbitration uses a neutral arbitrator instead of a judge or jury, allows for more limited discovery than in court, and is subject to very limited review by courts. Arbitrators can award the same damages and relief that a court can award. You agree that, by agreeing to these Terms of Use, the U.S. Federal Arbitration Act governs the interpretation and enforcement of this provision, and that you and Netflix are each waiving the right to a trial by jury or to participate in a class action. This arbitration provision shall survive termination of this Agreement and the termination of your Netflix membership. YOU AND NETFLIX AGREE THAT EACH MAY BRING CLAIMS AGAINST THE OTHER ONLY IN YOUR OR ITS INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING.”

More on arbitration: http://blog.tosdr.org/posts/hannah-on-arbitration/

# Thanks!

Follow up, contact me by

Posted

Fixing The Biggest Lie on the Web, Open World Forum, Paris

Posted

I’ve had some problems with the timeline lately. I’m trying to see if there’s a way to “reboot” it and get clean of the bits that should have been left out… This will probably flood the RSS a bit, sorry for the inconvenience!

Posted

hugoroyd posted a photo:

Posted

Here some little known, yet awesome tools that I use. Thanks to the people working on these (I’m glad to have met some of them, and they’re awesome too)!

#### Feedbin

Feedbin is an RSS web reader. It provides a pleasing reading experience and you can easily browse through items and share links. If you’re looking to host it yourself, have a look at the sources.

#### ikiwiki

ikiwiki powers this blog, hosted by branchable. If you like git and markdow, and editing your texts with your favourite text editor, this is for you.

#### Known

Known (formerly “idno”) is more “socially aware” than ikiwiki. It runs with PHP and it’s basically your easy-to-run indieweb space. If you use it with http://brid.gy you will enjoy a nice integration with twitter and other silos (see an example of my own).

#### YunoHost

YunoHost is custom debian distribution aiming at making self-hosting easy. It provides a nice web interface for administration of your self-hosted server and for users of the web server. If you have basic linux administration skills, this will be very helpful.

#### Pinboard1

Pinboard a simple and efficient bookmarking app that also archives the content of marked pages (if you pay for it).

#### Sharesome

Sharesome lets you easily share files on the web. It has a pleasant interface that works well on all devices I have tested so far. It’s also available as a web app. The neat feature is that you can choose where to host your data (for instance, with remotestorage; you can get an account at https://5apps.com).

#### Terms of Service; Didn’t Read

Some shameless self-promo with ToSDR, the app that tells you what happens to your rights online by rating and summarising Terms of service and privacy policies. You can also get it directly in your web browser or as a web app.

If you’re looking for a curated list of awesome web services that are free of charge and based on free software and open data, look no further than Jan’s Libre projects.

1. Unfortunately, Pinboard is not released as free software. But you can export your bookmarks. ↩

Posted

I have given a talk about the FSFE at the Ubuntu Party in Paris, last week.

Posted

The design challenge for the “Terms of Service; Didn’t Read” project (ToS;DR http://tosdr.org) is to provide a meaningful interface for web users to access the legal information parsed in terms of service and privacy policies. #interfacedictatorship

Posted

La FSFE : Free Software Foundation Europe

La FSFE (fondation européenne du logiciel libre) œuvre depuis 2001 pour la promotion du Logiciel Libre en Europe. Présentation de l’organisation, ses campagnes, ses groupes d’expertise juridique et retour sur plus de 10 ans d’activisme : des procès gagnés contre Microsoft au niveau de l’Union européenne aux batailles contre les brevets logiciels et les DRM. Quels seront les défis pour le logiciel libre que nous aurons à relever ensemble ?

Posted

Here’s a list of options I modified in my firefox’s about:config.

• middlemouse.contentLoadURL: false

I use the mouse middle click to copy and paste stuff. So when I accidentally press that mouse middle click while reading a web page, I don’t want Firefox to load whatever’s in my buffer as a URL.

• browser.urlbar.trimURLs: false

Mozilla decided to look more like Google Chrome and started to hide relevant parts of the URL like http://. This feature has helped me exactly 0 time, while on the other hand it was annoying many times when copy/pasting from the URL bar would not give me the entire URL (and the results were not consistent).

• Disabling unsecure ciphers

• security.ssl3.ecdh_ecdsa_rc4_128_sha
• security.ssl3.ecdh_rsa_rc4_128_sha
• security.ssl3.ecdhe_ecdsa_rc4_128_sha
• security.ssl3.ecdhe_rsa_rc4_128_sha
• security.ssl3.rsa_rc4_128_md5 [this one seems required for Youtube’s https to work]
• security.ssl3.rsa_rc4_128_sha

You can now check if your browser uses secure SSL/TLS cipher.

• Replace Google with DuckDuckGo on Firefox

• browser.search.defaultenginename: DuckDuckGo
• browser.search.selectedEngine: DuckDuckGo

Other tips for Firefox:

Using roundcube for mailto: links
Posted
It’s all text!
Posted
Posted

Mozilla is currently promoting the new Firefox 29 (Go get it!). Now, they’re asking us on Twitter: What do you want for the Web? So I clicked on their link and here’s what I got.

I haven’t been able to play YouTube videos for weeks now. Sometimes, it works though. I have no idea what’s going on…

Dear Mozilla, next time you publish a video on your website, I don’t want Flash and I don’t want YouTube. I want HTML5 video (in an open standard format, i.e. free of patent restrictions) and I don’t want you to promote a platform with crappy terms of service.

Posted

I was reading an article by Lorrie Cranor in the MIT Technology Review on how it’s difficult even for her to protect her privacy online.

I appreciate Lorrie Cranor’s work on privacy at Carnegie Mellon University. I have extensively cited her study of the length of privacy policies when I introduced ToS;DR.

However in this article, I was disappointed to see Ghostery mentioned. Ghostery is an browser extension supposed to help users against tracking and surveillance on the web. The main problem is that Ghostery is not released as Free Software1

Earlier on Twitter I quickly posted my frustration about this. People who promote web privacy should stop promoting Ghostery, as it’s proprietary. What’s their business model exactly?

In my earlier tweet I wrongly stated that the source code was not disclosed; but that’s not accurate. There is some code disclosed (I suppose it’s entirely readable and not obfuscated nor minified). But as you’ll notice, the license is “All rights reserved” so, basically, users have no rights.

Ghostery has been playing on the ambiguity for too long. This hypocrisy must stop. See these tweets from years ago…

1. a.k.a Open Source. Both these terms designate the same set of programs. ↩

Posted

It seems Secret is the new thing. So I had a look at their terms of service. Here are some extracts:

TL;DR: They’re not good.

However, unless we expressly state otherwise, your right to use the Service does not include (i) publicly performing or publicly displaying the Service,

That’s funny, because it seems to imply that taking a screenshot of a secret and tweeting it is forbidden (although the Secret co-founder uses them in his post explaining how it works technically.)

When you post, link or otherwise make available content to the Service, you grant us a nonexclusive, royalty-free, perpetual, irrevocable and fully sublicensable right to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display such content throughout the world in any manner or media, on or off the App.

This got to be the most extreme copyright license in Terms of Service that I have ever seen.

Basically, it’s as if you did not exist as an author. Which is fine because it’s supposed to be a secret. But in the process, Secret wants all the rights for themselves (and their future business partners I assume).

(I’m not sure that most Secret messages would pass the originality threshold required for copyright and authors’ right protection anyway.)

#### Modification to the service

Secret reserves the right in its sole discretion to review, improve, modify or discontinue, temporarily or permanently, the Service and/or any features, information, materials or content on the Service with or without notice to you.

#### Suspension/Termination

Secret may suspend and/or terminate your rights with respect to the Service for any reason or for no reason at all and with or without notice at Secret’s sole discretion.

#### Governing Law; Arbitration

PLEASE READ THE FOLLOWING PARAGRAPHS CAREFULLY BECAUSE THEY REQUIRE YOU TO ARBITRATE DISPUTES WITH SECRET AND LIMIT THE MANNER IN WHICH YOU CAN SEEK RELIEF FROM SECRET.

[…]

If settlement is not reached within 60 days after service of a written demand for mediation, any unresolved controversy or claim will be resolved by arbitration in accordance with the rules of the American Arbitration Association before a single arbitrator in San Francisco, California.

#### Legal Compliance

You represent and warrant that: (i) you are not located in a country that is subject to a U.S. Government embargo, or that has been designated by the U.S. Government as a “terrorist supporting” country; and (ii) you are not listed on any U.S. Government list of prohibited or restricted parties.

That’s funny. I guess I don’t know if I’m on a US government list of restricted parties!

Oh, and here’s the Privacy policy.

In case you thought you were “anonymous” when using Secret, think again:

We may share information about you as follows or as otherwise described in this privacy policy:

• In response to a request for information if we believe disclosure is in accordance with any applicable law, regulation or legal process, or as otherwise required by any applicable law, rule or regulation;
Posted

Wall Street Journal: The encryption flaw that punctured the heart of the Internet this week underscores a weakness in Internet security: A good chunk of it is managed by four European coders and a former military consultant in Maryland.

To answer some of the astonished comments I made yesterday, the lack of contributors to the project is baffling. So: the whole Internet relied on 10 volunteers and 1 employee and nobody helped them?

I guess this sort of comes back to one of the essential question in Free Software: how do you get the users to fund it? For some kind of software, this can be difficult; but in the case of OpenSSL I would have thought this to be an easy thing, since so many banks and web companies intensively rely on it.

But apparently, they didn’t care at all if this major piece of security they were using was able to keep up with security standards or not. Considering the number of people involved with the project, I don’t see how it can put enough scrutiny and efforts to make sure it follows the best security review.

(Now, I have to wonder if the WSJ piece is actually correct in the way it counts the contributors to the project, because it’s fairly possible that lots of companies making use of OpenSSL actually had security experts and developers in-house test the code and send patches and bug reports upstream; a bit like Google and that other security firm did when they found out about Heartbleed…)

According to Brett Simmons, That pretty much wraps it up for C.

The whole heartbleed bugs also reminds me that OpenSSL is also an example of bad idea when it comes to licensing issues.

Posted

The heartbleed vulnerability is not only a catastrophic security issue, it also spans other interesting topics.

The first obvious lesson, is that the communication around the vulnerability was brilliant marketing.

The other lesson, less satisfying, is why is the majority of the internet relying on a very poorly funded project?!

The Washington Post published an article that misses the real issue. The heartbleed debacle is not an issue with the fact that OpenSSL is Free Software (the Apple goto fail bug shows it’s even worse when it’s proprietary—all Apple users had to wait several days before a patch was sent), nor with the fact that the Internet have no single authority (if anything, the openssl library is a single point of failure).

I find it astonishing that OpenSSL is so poorly funded and apparently lacks a governance strategy that includes large stakeholders such as the major websites making use of the library and which, instead, are essentially all irresponsible free-riders.

The real issue here is one of responsibility.

Posted
1. Install the linux-xps13-archlinux kernel (now in the AUR)

Note: Since I wrote this, it’s possible that the patched kernel now has more features than only touchpad support.

2. Install xf86-input-synaptics and, from AUR, touchegg and touchegg-gce-git (this last one is to be able to configure gestures with the graphic interface).

3. Edit /etc/X11/xorg.conf.d/50-synaptics.conf

Section "InputClass"
Identifier "touchpad catchall"
Driver "synaptics"
MatchIsTouchpad "on"
Option "TapButton1" "1"
Option "TapButton2" "0"
Option "TapButton3" "0"
Option "ClickFinger2" "0"
Option "ClickFinger3" "0"

# This option is recommend on all Linux systems using evdev, but cannot be
# enabled by default. See the following link for details:
# http://who-t.blogspot.com/2010/11/how-to-meta:ignore-configuration-errors.html
MatchDevicePath "/dev/input/event*"

EndSection

4. Configure your gestures with Touchègg

Here’s my ~/.config/touchegg/touchegg.conf:

<touchégg>
<settings>
<property name="composed_gestures_time">0</property>
</settings>
<application name="All">
<gesture type="DRAG" fingers="3" direction="RIGHT">
<action type="SEND_KEYS">Super+Right</action>
</gesture>
<gesture type="PINCH" fingers="5" direction="OUT">
<action type="SEND_KEYS">Control+Shift+equal</action>
</gesture>
<gesture type="DRAG" fingers="3" direction="LEFT">
<action type="SEND_KEYS">Super+Left</action>
</gesture>
<gesture type="PINCH" fingers="5" direction="IN">
<action type="SEND_KEYS">Control+minus</action>
</gesture>
<gesture type="DRAG" fingers="3" direction="UP">
<action type="MAXIMIZE_RESTORE_WINDOW"></action>
</gesture>
<gesture type="DRAG" fingers="4" direction="UP">
<action type="SEND_KEYS">Super</action>
</gesture>
<gesture type="DRAG" fingers="4" direction="DOWN">
<action type="SEND_KEYS">Escape</action>
</gesture>
<gesture type="TAP" fingers="3" direction="">
<action type="MOUSE_CLICK">BUTTON=2</action>
</gesture>
<gesture type="DRAG" fingers="3" direction="DOWN">
<action type="SEND_KEYS">Super+Down</action>
</gesture>
</application>
<application name="Evince">
<gesture type="DRAG" fingers="4" direction="LEFT">
<action type="SEND_KEYS">Control+Left</action>
</gesture>
<gesture type="DRAG" fingers="4" direction="RIGHT">
<action type="SEND_KEYS">Control+Right</action>
</gesture>
</application>
<application name="Firefox">
<gesture type="DRAG" fingers="4" direction="LEFT">
<action type="SEND_KEYS">Alt+Left</action>
</gesture>
<gesture type="DRAG" fingers="4" direction="RIGHT">
<action type="SEND_KEYS">Alt+Right</action>
</gesture>
</application>
</touchégg>

up to date version on github
5. Add to your session (using gnome-session-properties for instance):

• touchegg

The real improvement is that I can use three-finger tapping to simulate the middle-click mouse button which is used for quick pasting or for opening links in a new tab.

As far as “pinching” is concerned, it does not work reliably at all for me.

Posted

Somebody working at Mozilla put together a timeline of facts surrounding Brendan Eich’s resignation.

And the real tragedy here is that Mozilla would have sorted this out satisfactorily if it hadn’t been sensationalized by the media and turned into an internet witch hunt. Anyone who wrote a news story, posted to their blog, or tweeted about Brendan without understanding paragraph (i)(c) of the Community Participation Guidelines was part of the mob that brought Brendan down.

For more than 15 years, Brendan fought for openness and freedom on the web, and led many of the people who built that open and free web. This week, in a senseless, vicious convulsion, the web turned on him.

Meanwhile, Mozilla published an FAQ.

Q: Was Brendan Eich forced out by employee pressure?

A: No. While these tweets calling for Brendan’s resignation were widely reported in the media, they came from only a tiny number of people: less than 10 of Mozilla’s employee pool of 1,000. None of the employees in question were in Brendan’s reporting chain or knew Brendan personally.

In contrast, support for Brendan’s leadership was expressed from a much larger group of employees, including those who felt disappointed by Brendan’s support of Proposition 8 but nonetheless felt he would be a good leader for Mozilla. Communication from these employees has not been covered in the media.

Which echoes something written in the timeline mentioned above:

11) On March 27th, a small number of Mozillians tweeted variants of “I am an employee of @mozilla and I’m asking @brendaneich to step down as CEO”. These tweets were reported by the tech press, and my perception is that this was the start of the media firestorm. Most (or perhaps all) of the Mozillians who tweeted this were employed by the Mozilla Foundation, not the Mozilla Corporation which means that they report to the executive director of the foundation and not to the CEO. As foundation employees, they did not share the same org chart as Brendan.

This is why pieces like this trouble me:

Both writers seem concerned that Eich’s resignation is a defeat for freedom of expression. If anything, it is a victory – the ouster of a founder and CEO by his own people, at a foundation based on open and equal expression, should be the new textbook example of the system working exactly as it should.

I hope this episode is now closed and that everybody learns a lesson from this.

(Especially, the guys at Rarebit who, after publishing an article “5 reasons why Brendan Eich should step down” now write “I want to say how absolutely sad to hear that Brendan Eich stepped down.” No comments.)

Posted
Posted

The IRS says that Bitcoin is property, not a currency. Bloomberg: “It’s challenging if you have to think about capital gains before you buy a cup of coffee.” No kidding!

It’s interesting, as I was discussing the relationship between property and value yesterday night with Basti.

Posted

Je me baladais hier avec Basti (@skddc) qui était à Paris pour la première fois. Lorsque soudain, j’aperçus des drapeaux chinois mêlés à ceux de la république et aux armoiries de Paris ! Malheureusement, ce n’est pas aussi drôle que dans le film de Jean Yanne et son adaptation à l’opéra, Carmeng.

Posted

Since I first set up Firefox Sync, things have changed. Mozilla thought that they needed to completely change the user experience of setting it up in firefox, thus discarding the previous firefox sync server for a totally new system of “Firefox Accounts”.

That sounds nice, however at the moment it’s nowhere as easy to set up if you want to self-host it instead of relying on Mozilla’s services.

You have to start 3 services:

Unfortunately, the READMEs are not as good as before. Sometimes, they ask you to change settings, but they don’t always tell you in which file you should modify it; or it also happens that the file they mention does not exist (e.g. the “config.json”).

I’ll have to give it another try… I hope that for next time, the documentation will have improved.

Posted

In case you did not notice, the Free Software Pact is now available in even more languages.

As explained in our press release, FSFE officially supports the Free Software Pact drafted by April. The aim is to get candidates to this year’s European Parliament elections to take a stand for free software by signing this little text.

Thus, it’s important to get translations so that you can contact your local politicians and inform them about free software and why it’s important!

A lot of the translating efforts have happened on our mailing list, so go subscribe there if you want to help proofread ongoing translations before uploading them on the wiki.

The elections are coming near!

Posted

I’m having a splendid Sunday at my desk, working on some moot cases for school.

Sometimes to get going, I need some good music that fits the mood. If you’re like me, you’re probably listening to some ambient or minimal music.

I’m on Trentemøller’s 2006 Last Resort right now and it feels great. I have no idea where I got that from, I just don’t remember. But anyway, thanks to the person who gave me this!

Posted

Le projet de réforme de droit d’auteur de Jean Zay dans les années 1930 est un autre de ces textes un peu oubliés, passé dans l’ombre de la loi de 1957 « sur la propriété littéraire et artistique ».

Cet intitulé malheureux est un peu comme une trahison du droit des auteurs qu’Augustin-Charles Renouard avait fondé dans son grand traité de 1838, ce traité là qui est la base de la doctrine des droits moraux en droit français.

Il est peut être temps de compiler une sélection d’articles pour donner une autre histoire du droit d’auteur en France que celle que veut parfois nous inventer certains tenants de la « propriété littéraire et artistique ».

Je rejoins complètement Calimaq dans sa conclusion :

Mais détacher le droit d’auteur de la notion de propriété, c’est aussi ouvrir la porte à un meilleur équilibre entre la protection des droits et les usages, comme le prouve ce « domaine public anticipé » chez Jean Zay. Un retour aux origines du droit d’auteur et du domaine public est difficile, mais il n’est pas complètement impossible.

Posted

Microsoft is caught up in a privacy storm after it admitted it read the Hotmail inbox of a blogger while pursuing a software leak investigation.

While the search was technically legal, [Microsoft’s deputy general counsel] added Microsoft would consult outside counsel in the future.

So if it’s not just legal, but “technically legal”: what does that mean?

Yes, it means the way companies like Microsoft handle privacy is wrong. Yet another example.

Posted

I just came back from the cinema, where I watched Spike Jonze’s Her. This movie has got me thinking.

One thing I notice which was funny is how Theodore’s job kind of makes him fit the same role that her, the AI, is doing for him. Let me explain a little bit. Theodore, the main character, works at beautiful-handwritten-letters.com a service where people ask him to write beautiful letters to their wife for their 50th wedding anniversary, or to their son for his diploma, etc. You get it. By writing letters for other people, expressing some of their most personal emotions for them or even, instead of them, he participates to this society where the human self dissolves.

I guess what I’m saying isn’t making sense if you haven’t seen the movie. So go see it! There aren’t movies like this every year!

Posted

Today, I disabled IPv6 at home. Yes, it’s a shame.

But until Google changes its restrictive policies on IPv6 senders, I have no other choice.

Of course, some people pointed out to me that I might just change to another Internet access provider. But this is bullshit. I’ve got one of the geekiest ISP in Europe… the only thing they are not doing right in this, is not giving me the possibility to set a rDNS on my IPv6 (for now, this is still only possible for my IPv4 address; I understand that this is probably not high priority at the moment…)

What other choices do I have then?

I could try to find an even geekier ISP and switch to franciliens the Paris-area DIY-ISP. But even if they are geekier, they don’t enable IPv6 at the moment.

The other solution would be to get some special service somewhere from a more professional ISP. But that means I give up control over the physical access to the machine hosting and sending my email. That’s totally missing the point of why I’m self-hosting my email in the first place!

The bottom line is: the current Google policy on sending email de facto excludes all IPv6-self-hosted/DIY/email servers. And that’s not good, and Google is to blame for that.

Posted

Frank Zappa used to say that he viewed some of his work as journalism: reporting what he saw around him in society. Thus, if historians from the future want to learn more about our society, looking at rock songs might be a good start.

Well, now we have the web, and with blogging, we’ve got way better materials for historians in the future. Although, as usual, the biggest challenge here is that most of the links from 2001 blogging don’t work any more. Most of the time, professional editors and big companies are usually better in keeping their URI cool.

All I ask you to do today is go back to 2001 — a big moment in the history of blogging. The archive page is in reverse-chronologic order, so you might want to start at the bottom and scroll up. #

That’s the kind of flow I am going to have again. I’ve been blogging in this form, off on the side, since March 2. To me it isn’t theoretical that it will work, I already know it will. #

Posted

Once you have Mutt up and running with the basic tools that will allow you to fetch, index, view, edit and send email, there are a couple of things that you probably need in your .muttrc, no matter what.

I left out all things which are about visual taste, use with external programs, etc. These are really about correcting some defaults which I think are not sane.

• In Mutt, even if you are on the pager that lets you read a selected email, the <up> and <down> keys will not help you navigate inside the email; instead they will bring you to the previous or to the next email in the index.

That’s rather weird and unexpected. One of the first thing I did was trying to scroll inside an email, and Mutt suddenly browsed dozens of emails from the index (even marking them as read…). That’s quite unhelpful. To solve this, add:

bind pager <up> previous-line #scroll inside the message rather than the index
bind pager <down> next-line


That way, you can scroll, or use the arrow keys to read an email inside the pager.

When the pager is not opened, the up and down keys will behave as usual in the index.

• To make Mutt faster

set sleep_time = 0 # be fast


Don’t worry, this does not affect anything, it will just be faster. Here’s the doc about sleep_time:

Specifies time, in seconds, to pause while displaying certain informational messages, while moving from folder to folder and after expunging messages from the current folder. The default is to pause one second, so a value of zero for this option suppresses the pause.

• When you display email in the pager, it can look ugly when the lines are too long and that Mutt, by default, is not very nice about line-wrapping because it can cut words in the middle. You probably want to add:

set smart_wrap

• Changing between mailboxes can be a pain by default in Mutt. You need to tell Mutt where to find your several mailboxes, so you’ll be able to switch between them more easily (for instance by pressing y or with the sidebar). Add:

mailboxes $Mail  I have seen on some Mutt configs that y sometimes does not toggle the list of mailboxes. In that case, you can add something like: macro index y "<change-folder>?<toggle-mailboxes>" "show incoming mailboxes list"  Posted The way it works is: • You’re reading an email on Mutt and you think: Oh, I should really remember that because I need to do X. • You pass this email to emacs’ org-mode containing: • the subject, the date and the from • a link to that email which is mutt:Message-ID • You add some information if you wish to, and you save this in your org-mode todo file. Now, you’re in your org-mode todo list, you can work with it as usual. Now you have this bit, and you need to remember what it’s about exactly. You can click the link in org-mode, and it will open Mutt and show you the right email in Mutt! # Make mutt-open work with mutt-sidebar I used mutt-sidebar and I couldn’t get ./mutt-open to work correctly. I fixed this by changing: HIDE_SIDEBAR_CMD="B" # set to empty string if sidebar is not used  You need to update B with whatever you use to toggle the sidebar. I use CTRL-B so I changed it to HIDE_SIDEBAR_CMD="\CB". That’s it! This is the due to the fact that mutt-open has something called mutt_keys that’s used to display the right email in mutt. However in its current state mutt_keys decides to toggle the sidebar before it actually shows the email. Hence if the toggle sidebar key is not well defined in mutt-open, mutt will hang up there. So I changed this to: mutt_keys="/=i$msgid\n\n$HIDE_SIDEBAR_CMD"  # Make mutt-open work with mutt-kz Since mutt-kz comes with a sidebar as well, the previous paragraph applies. But you might need further changes to the original mutt-open script. Here’s how mine works: mutt_keys="<vfolder-from-query>id:$msgid\n\n<entire-thread>"

Posted

Hey, did you know that on Mutt, ‘CTRL’+K will import public openPGP keys attached to emails (with the right MIME type)?

That makes signing and sharing keys even easier ☺

Thanks gollo for the tip!

Posted

This should work with any carddav server, but if you use Kolab’s carddav server here’s some extra tip!

The problem you want to fix is: it’s impossible to remember everyone’s email address. This problem is solved by most email programs because they are linked to a contact list already. However, for those of us using Mutt, there’s no full contact integration so you need to rely on something else.

One obvious solution is to rely on a mail indexer to search and find addresses in emails from the past. If you use mu, here’s how Karsten does it.

However, that’s not really helping if you have contact information from multiple sources (e.g. typing on your mobile the email address of somebody you just met AFK). This is where a contact server is handy.

If you use Google’s contacts, you can use goobook it works well but it’s quite slow IMHO. And obviously, the problem is that you have given up your whole contact list to Google.

# Find your Kolab addressbook

With Kolab 3.1 comes a CardDav/CalDav/webDav server! Version 3.1 was just released today. So let’s use that instead.

• When I set up Kolab 3.1 before the official release, I got a packaging bug in CentOS, but it’s easy to fix.

• The *Dav server is located at https://kolab.example.org/iRony. Now, you need to find how to link to a specific addressbook. I tried to have a look at the Roundcube interface, for a folder id or something, but I could not find any that was working.

• Just connect a webDav client (in Nautilus, File > Connect to a server) to the iRony folder, and then just navigate to find the addressbook identifier (look in the address bar!)

Hopefully, this will soon not be needed any longer. There will be a “Show address book URL” setting directly in Roundcube’s contacts menu.

# Sync your CardDav addressbook with pyCardDAV

Now install pyCardDav which just landed on Debian last month:

# apt-get install pycarddav
• Sync pycarddav after you entered the Kolab addressbook resource in the config file with pycardsyncer

I advise you run this with --debug to make sure that it does not get stuck in case you have some illegal characters inside one of your vCards. If it gets stuck, then you can just go back to your webDav client and edit the file that’s causing trouble.

• If all goes well, you should be able to search for contacts inside your local copy:

% pc_query hugo
searching for hugo...
Name: Hugo Roy
TEL (CELL): +...
EMAIL (INTERNET\, WORK): hugo at fsfe dot org

# Lookup directly from Mutt

I just added this to my ~/.muttrc:

set query_command="pc_query -m '%s'"
bind editor <Tab> complete-query


That way, in Mutt, just type ‘Q’ to search for a contact. Or you can also press ‘m’ to start a new message, start typing in the ‘To:’ field the name of your contact and just press [Tab] to have autocompletion!

Posted

I began using Mutt in March 2013. (I was using Gnome’s Evolution before, but its searches were really slow and one day I really freaked out when Evolution did something weird which led me to believe that I couldn’t see my emails since 2010. It turns out everything was fine, but Evolution hang up on me).

Beginning on Mutt is “not easy.” I went to Mutterwares to have experienced user show me how they use it. You might be interested in some of the information collected there.

### First tips for Mutt beginners

Once you have Mutt up and running with the basic tools that will allow you to fetch, index, view, edit and send email, there are a couple of things that you probably need in your .muttrc, no matter what.

I left out all things which are about visual taste, use with external programs, etc. These are really about correcting some defaults which I think are not sane.

• In Mutt, even if you are on the pager that lets you read a selected email, the <up> and <down> keys will not help you navigate inside the email; instead they will bring you to the previous or to the next email in the index.

That’s rather weird and unexpected. One of the first thing I did was trying to scroll inside an email, and Mutt suddenly browsed dozens of emails from the index (even marking them as read…). That’s quite unhelpful. To solve this, add:

bind pager <up> previous-line #scroll inside the message rather than the index
bind pager <down> next-line


That way, you can scroll, or use the arrow keys to read an email inside the pager.

When the pager is not opened, the up and down keys will behave as usual in the index.

• To make Mutt faster

set sleep_time = 0 # be fast


Don’t worry, this does not affect anything, it will just be faster. Here’s the doc about sleep_time:

Specifies time, in seconds, to pause while displaying certain informational messages, while moving from folder to folder and after expunging messages from the current folder. The default is to pause one second, so a value of zero for this option suppresses the pause.

• When you display email in the pager, it can look ugly when the lines are too long and that Mutt, by default, is not very nice about line-wrapping because it can cut words in the middle. You probably want to add:

set smart_wrap

• Changing between mailboxes can be a pain by default in Mutt. You need to tell Mutt where to find your several mailboxes, so you’ll be able to switch between them more easily (for instance by pressing y or with the sidebar). Add:

mailboxes \$Mail


I have seen on some Mutt configs that y sometimes does not toggle the list of mailboxes. In that case, you can add something like:

macro index y "<change-folder>?<toggle-mailboxes>" "show incoming mailboxes list"


Here is a list of mutt tips. My ~/.mutt is public.

Delay sending emails in Mutt
Posted
First tips for Mutt beginners
Posted
Getting things done with Mutt and org-mode
Posted
Kolab’s CardDav address lookup in Mutt
Posted
Import openPGP Keys with Mutt
Posted
Posted

Wiki page: New FSFE 2014

At the end of last year, I took it upon myself to bootstrap an effort for fsfe.org into 2014. My main objective was to revamp the website visually into something a little bit more modern and coherent to:

• make the website usable on every screens (tiny mobile, mobile, big mobile/tablet, laptops, desktops, whatevercomesnext)

• built on bootstrap
• use a set of technologies to re-use for www.,wiki.,planet.,fellowship., search. and eventually, blogs.fsfe.org
• relying on LESS

… while using as much as possible what’s already in use on fsfe.org so that the change is minimal (graphically and technically).

I started this effort on test.fsfe.org (english version). I worked on the fsfe.xsl (which is the build template for most of the website), on the index.en page and on http://test.fsfe.org/activities/os/minimalisticstandards.html which should give an overview of what articles should look like on fsfe.org

Still a lot of work is needed:

• in the general template, need to fix the sidebar so that fetch-news work based on the fsfe.org tagging system
• give some love to important pages: donate, support, newsletter, press-releases, etc. (a lot!)
• work on the campaign boxes on the frontpage, work on the news/events fetching template
• agree on the menu (top) and the full menu (bottom)
• work on integrating the new design for other websites:
• wiki
• planet
• fellowship
• search
• wordpress blogs
• writing doc

Contribute to the website!

Subscribe to the mailing list

Posted

I’m a new ikiwiki user. I’ve been interested in using this, because of the git version control, and I liked the idea that I could just clone the entire ikiwiki on my laptop and thus edit it offline with my favourite editor.

So, as every new user, I make some mistakes which could have been pretty easily avoided. Here’s one quite significant.

In order to generate the timeline I use the aggregate plugin. That way I can pull content from lots of sources through feeds, and put it into one page and one feed. This timeline is like a big feed of things I do everywhere on the web. In a way, it’s a PESOS approach in the IndieWeb.

One important technical detail is that the directive displays information on the page itself, such as when was the last time the source feed was checked. This means that each time the feeds are checked, the page that contains the directive has to rebuild in order to update the information.

Obviously, it was a very bad idea for the timeline, because that meant that each time the sources were checked, the whole timeline has to rebuild whole over again. And it took CPU time.

The people running http://branchable.com fixed it for me. Thanks to them! I’ll make sure to use it as a reminder and have separate files for that in the future!

If you have other tips to make ikiwiki more efficient, please comment!

Posted

in 2001, Apple Macbooks1 were black and totally badass! (with GNU Linux on it of course) #FSFE

on Twitter

More photos

1. Edit: Bernhard tells me they were called Powerbooks at the time. ↩

Posted

“nobody is sure what it means, but everyone thinks it’s terribly important. (I’m not kidding you. #Brussels really works like this.)”

Also on Twitter

Posted

It’s quite annoying when you click somebody’s name or email on a web page and that Firefox cannot figure out how to rely on your system preferences to send an email.

For instance, my system is set up so that when I click on an email address or mailto: link anywhere, gnome-terminal opens up with Mutt ready to send an email. For some reason, Firefox tries to figure out all by itself which program I should use.

I have tried to make Firefox use gnome-terminal with Mutt, but it didn’t work. However, it’s possible to add your own webmail there (for some reason, I could choose between Yahoo Mail, Gmail and Mykolab.com but I can’t remember how I did that). Now that I have my own Kolab instance with roundcube, I decided to add my own webmail there. Unfortunately, it seems there’s no way from the graphical interface, so I went straight to: ~/.mozilla/firefox/iceweaselprofile.hugo/mimeTypes.rdf.

It’s quite a big file FWIW (885 lines here). I did not have a look at the details, but hopefully just adding this helps (for the second block, make sure to merge with existing mailto handlers):

<RDF:Description RDF:about="urn:handler:web:https://kolab.example.org/roundcubemail/?_task=mail&amp;_action=compose&amp;_to=%s"
NC:prettyName="Kolab Groupware"
NC:uriTemplate="https://kolab.example.org/roundcubemail/?_task=mail&amp;_action=compose&amp;_to=%s" />

<RDF:Description RDF:about="urn:scheme:handler:mailto"
NC:alwaysAsk="true">
<NC:possibleApplication
RDF:resource="urn:handler:web:https://kolab.example.org/roundcubemail/?_task=mail&amp;_action=compose&amp;_to=%s"/>
</RDF:Description>


(Just replace https://kolab.example.org/roundcubemail/ with your own Roundcube location. And of course, if you don’t use Kolab replace “Kolab Groupware” by whatever.)

Posted

Moved to carddav-lookup

Posted

hugoroyd posted a photo:

MozFest 2013: Energy Labels in the Ravensbourne building! #ToS #OpenNotice. Photo by Pär of CommonTerms.net

Posted

The web page has not been updated yet, but the Core Team of FSFE welcomed a new member this week, Maurice Verheesen, alias mho!

I met Maurice for the first time in Berlin for the FSFE Coordinators Meeting, and I greatly enjoyed his company, and his input! Maurice cares about technology, and he cares about doing it right, and that implies Free Software ☺

On the way back home from Berlin, in the car, Maurice and I sat down with our laptops to work on a new version of the User Data Manifesto. We did some great work there, and had some great discussion on metadata, surveillance and software.

Maurice lives in the Netherlands, and has taken the lead to coordinate Dutch activities recently, hence joining the European Core Team. He already shared with us insights and reports on T-Dose, where the FSFE was present and where he gave a talk on PRISM.

It’s always good to see smart people joining one of the ultra-most important pieces of FSFE!

Welcome Maurice!

Posted

hugoroyd posted a photo:

Void. (Schillingstrasse, U-Bahn)

Posted

hugoroyd posted a photo:

FACEPALM (Caïn ayant tué Abel, Jardin des Tuileries)

Posted

FSFE is a very distributed organisation: most of its active members and contributors live all across European cities. Even if you look at the staff, they’re not that concentrated geographically: while the headquarters are in Berlin, the president of the organisation lives on the other side of Germany (way closer to Brussels and the Dutch border and actually not so far from Paris; Come on Karsten, visit us more often! ☻), our legal coordinator lives in Slovenia, etc.

Back to the point, organisation-wide, FSFE relies on a networks of lots and lots of people, who sometimes group themselves and meet regularly in a European city (Düsseldorf, Ljubljana, Munich, Vienna, Berlin, sometimes Paris, soon Brussels, etc.)

Organising such local group meetings can be hard, especially when the group is not well established yet. (Just to compare, the Berlin fellowship group has been active since 2005 and I suspect the Vienna group shortly after).

Fortunately, there are many ways in which others can help organise a local meeting to participate in FSFE’s campaigns, start new activities for Free Software, organise talks etc.

Lucile and Guido have started gathering some advice and pointers on a Wiki page: MeetingHowTo.

You will find there useful reminders, but also nice pointers:

• Did you know FSFE had a limesurvey instance at your disposal? vote.fsfe.org
• If you need to introduce some basic tools we use within FSFE, Erik made some slides about that (ODP format).
• You can add your events to the FellowshipEvents calendar.
• In case you have doubts, never hesitate to ask somebody!
• email: fellowship at fsfeurope.org
• irc: #fsfe on irc.freenode.net
• jabber: fellowship@conference.jabber.fsfe.org

Posted

Yesterday was Day #2 of the FSFE GA in Vienna. After a short night of sleep, we again began the day around 10.00am. The German chapter of FSFE had their own official General Assembly earlier.

This second part of the GA was more focused on the usual, formal stuff. Review of annual reports (executive report, legal activities report, fellowship report… and soon a campaigning report) and Q&A about the reports.

We also planned out the focus for the next 6-8 months. One important detail for FSFE is that not much is going to be achieved on the side of public policy. With ongoing preparations and campaigning at the European Commission and at the European Parliament, everyone has the coming 2014 elections in mind. There isn’t much to do then for our public policy team. (Although that means it’s time for everybody else to get active on the Ask Your Candidates Campaigns.)

One important focus for 2014 is what we talked about on day #1, our strategy as a whole. Where is FSFE going, and more importantly, where should we go. Major organisational work within the organisation is expected. We’ll see more about that in the future.

We’ll have some minor constitutional changes, including typos (look for “enagagements” instead of engagements in the current copy!)

And last but not least, Karsten has been reconducted in another term as President (his 3rd mandate). Matthias Kirschner is now the Vice-President, as Henrik stepped down to pursue other challenges. Reinhard has been unanimously elected Financial Officer, for another mandate (how many does it make? 5?), because he’s excellent at doing it ☺

Posted

Hello! I’m writing this currently sitting in Metalab, Vienna’s finest Hackerspace, featuring 3d printers, laser-cutting-graving machine, club mate, an authentic phone booth, and a lot of discussions ☺

Looking around me right now, I can spot 6 different nationalities:

• Austrian
• Estonian
• Belarusian
• Italian
• Slovenian
• German

It’s the first time of the day I’m taking a small break on my own, managed my email, and now writing this. [In the process of writing, Heiki and Andrew popped in].

This day, we met and started at 9:30. And we basically all day worked on the strategy of FSFE. Where are we going? What is our core mission? What do we want to achieve? It’s sometimes good to lay back and take a wider look at what’s going on. What difference are we making?

This process is ongoing of course, and will take time. But I’m confident that we have some of the most interesting melting pot of brains and cultures here to fix and handle the situation!

What do you think?

Posted

Moved to import-key

Posted

hugoroyd posted a photo:

Selling crazy stuff in Berlin bar

Posted

hugoroyd posted a photo:

Hackers in the dark - C-Base

Posted

hugoroyd posted a photo:

Alien In front of C-Base Control Commands

Posted

I started blogging here in 2009 when I was an intern in Berlin with the Free Software Foundation Europe. The organisation had just initiated a major change back then: Georg, one of the founding members and first president, handed it over to Karsten. I’ve got to say that I joined during interesting times, and I enjoyed working in Berlin with Matthias and Claudia from the KDE association. I hope I’ve been able to share some of that interest with you readers when I was writing on this blog while an intern.

It’s been 3 years since I was an intern, but I’ve kept on writing here and on my personal blog. However it felt more cumbersome to maintain 2 different blogs (both in 2 languages) than anything else. Moreover the distinction between personal things and free software is difficult to make, as free software and the people who make, use, and defend it, are important parts of my life.

Anyway.

I started blogging at a new place: hroy.eu. I will mostly blog over there, even for matters that are of interest to FSFE fellows and free software activists at large. I will send posts relevant for the free software & FSFE audience to the blogs planet (which I really recommend you read ☺ or if you’re too lazy you can get a good grasp of it each month in the newsletter)

So I’m giving a new focus to this blog. From now on, I will write here about things that are more internally focused on FSFE, and more focused on work, campaigns, and getting things done!

Let’s see how it goes.

Posted

When you get used to a text editor that you like, you start to get annoyed by all the times you have to enter some text and you’re using a shitty editor. This is so true on the web when you try to write something in more than 140 characters.

Matthias showed me a nice firefox extension: “it’s all text” (you can also install it from debian repos). For each text box, you just click a small “edit” button and it will fire up vim1 and let you edit the text there, then send it back to the web interface.

1. Actually, I had to configure it to start GVim instead of vim. I suppose there’s a way to launch a terminal and then vim… ↩

Posted

hugoroyd posted a photo:

Posted

hugoroyd posted a photo:

Posted

Hi, I’d like to know your opinion on the current draft for the User Data Manifesto.

# user data manifesto

“User data” means any data submitted by or collected from a person using a service on the Internet, on which a user has power.1

This manifesto aims at defining basic rights for people regarding their own data in the Internet age. Roughly, we refuse feudalism: people ought to be free and should not have to pay allegiance to service providers.

Thus, users should have:

1. Control over user data access

The data that the user uploads should be under control of this person. Users should be able to decide whom to grant direct access to their data and under which permissions.2

Cryptography3 is necessary to ensure this.

2. Knowledge of where the data is stored

When the data is uploaded to a specific storage provider, users should be able to know: where their data is stored, how long, in which country, and which laws apply.

It is recommended that all users have their own server in the long term and that users do not rely on centralised services. Use of peer-to-peer systems and unhosted apps are a means to that end.

3. Right to leave a platform

Users should always be able to extract their data at any time without being locked in to a specific service.

Open standards for formats and protocols, as well as access to the program under a Free Software license are necessary to achieve this.4

If users have these, they are in control and can reasonably trust the services they use, rather than paying allegiance to the operator of a service.

When users control access to data they upload, it also applies to the operator of the service and to governments. Thus, a service should not force you to disclose private data (including private correspondence). That also means the right to use cryptography5 should never be denied. Exceptions where the user of a service “forces” the user to give access to some user data to the service provider includes cases where data that is necessary for the service to perform the service.6

Some services allow users to submit data with the intention to make it publicly available for all. Even in these cases, some amount of user data is kept private. The user should also have control over this data. This usually applies to so-called “metadata” or to the social graph.

When users make data available to others, whether to a restrictive group of people or to large groups, they should be able to decide under which permissions they grant access to this data. However, this right is not absolute and should not extend over others’ rights to use the data once it has been made available to them. What’s more, it does not mean that users should have the right to impose insane restrictions to other people. But this should be ultimately under the user’s control, not under the control of the operator of the service.

Ultimately, to ensure that user data is under the users’ control, the best technical designs include peer-to-peer or distributed systems, and unhosted applications. Legally, that means terms of service should respect users’ rights.

In the long term, all users should have their own server.

But it is also important that users are not stuck into a specific technical solution. This is why people should always be able to leave a platform and settle elsewhere. It means users should be able to have their data in an open format, and to exchange information with an open protocol. Open standards are standards that are free of copyright and patent constraints. Obviously, without the source code of the programs used to deal with user data, this is impractical. This is why programs should be distributed under a Free Software license.

FAQ:

1. what’s not user data?

User data is not necessarily private data and does not necessarily relate to a person or contains personnally identifiable information. Thus, this manifesto does not aim at modifying personal data regulations, but rather aim at complementing them.

Footnotes

1. For instance, the power to edit or move such data. That means that anonymously “dumped” data, e.g. on pastebin, or data that can be edited directly by anybody, e.g. a public etherpad, do not usually deal with user data.

2. ^6 Services shall apply this principle in spirit. However, we understand that in order to provide some services such as providing email, some amount of user data needs to be accessed by the service provider (e.g. the email metadata from:, to: etc.) This is why Rule #2 is important.

3. ^5 We mean effective cryptography. If the service provider enables cryptography but controls the keys or encrypts the data with your password, it’s probably snake oil.

4. The GNU AGPL-3+ safeguards this right by making it a legal obligation to provide access to the modified program run by the service provider. (§ 13. Remote Network Interaction)

Posted

hugoroyd posted a photo:

Posted

Towards usage restrictions in HTML? video (video.rmll.info)

A 20 minute introduction to W3C discussions on “Encrypted Media Extensions” in HTML. Read: DRM in HTML5 published in draft form

Une introduction de 20min à propos des « Encrypted Media Extensions » dans HTML : des restrictions d’usage. Lire à ce sujet : DRM in HTML5 published in draft form

slides (speakerdeck.com)

Posted

This is wholly heretic to VIM purists, but I find it very useful for people who do use ↑ and ↓ keys and do not intend to use them as a replacement for k and j. Just add in your ~/.vimrc:
Read more

Posted

Introduction aux licences libres

Une introuction générale aux licences libres donnée lors de l’Ubuntu Party de Paris en 2013.

diapos (speakerdeck.com)

Posted

Les CGUs qu’on ne lit jamais

Une petite plongée dans les fins fonds des conditions générales d’utilisation à l’Ubuntu Party.

diapos (speakerdeck.com)

Posted

In a year, how many times have Facebook and Google tried to track me while I was browsing the web? (Note: I’m not even subscribed to Facebook, I barely go to facebook.com).

June 3, 2012:

May 30, 2013:

Google: 32968

Facebook: 36328

PS: You too can block these with the adblock filters from antitracking.net. However, the domain is going to expire. If there are enough flattrs, I will renew the domain. If you are interested in the domain, please contact me ASAP.

If you’re looking for something more advanced: Try Disconnect.me extensions.

Posted

# Will Google keep its promise and give xmpp users a way out?

As you may have seen, Google announced at their Google I/O conference that they were discontinuing their XMPP service, Google Talk. It’s very unfortunate, because XMPP is the most deployed open standard for instant messaging. It gave Google users the ability to communicate instantly with anyone using an XMPP federated service (like FSFE’s fellows XMPP server). Even Microsoft recently enabled its users to communicate to the outside world through XMPP. Now, Google is “replacing” Google Talk with Google+ Hangouts which will no longer support XMPP¹:

Note: We announced a new communications product, Hangouts, in May 2013. Hangouts will replace Google Talk and does not support XMPP.

What we know is that Google stops XMPP federation. Soon, Google users won’t be able to chat with anybody but other Google users. If I were paranoid, I’d say this makes their recent move on Google Talk look suspicious. But enough whining. What can we do about this? Well, there might be a way out for those of you who were using Google Talk as their XMPP service and who had a lot of non-Google contacts. Did you read Google’s Terms of Service? I bet you didn’t . No worries, we sum it up for you at Terms of Service; Didn’t Read. So, you might have noticed this interesting bit:

Google enables you to get your information out when a service is discontinued Discussion Google gives you reasonable advance notice when a service is discontinued and “a chance to get information out of that Service.”

The full terms state:

We believe that you own your data and preserving your access to such data is important. If we discontinue a Service, where reasonably possible, we will give you reasonable advance notice and a chance to get information out of that Service.

So far, the only notice I have seen is on a developer page so I don’t think that counts for a “reasonable advance notice”; we yet have to wait for this when Google announces to their users that they discontinue Google Talk. Or maybe Google’s going to argue that they don’t “discontinue” a Service because Talk is replaced by Hangouts (which does not support XMPP and which isn’t federated). I’d argue it’s not true and that XMPP chat is discontinued. Hence Google should give users a way out. Let’s hope that those who have decided to pay allegiance to Google will be able to get their chat contact list out of Google Talk, with a way to import them into XMPP providers which are federated.

1. it remains unclear whether XMPP support is entirely gone for xmpp-client-to-server according to Ars

Posted

Panel #2 at the European Parliament in Brussels organised by the EP co-rapporteur for the Data protection regulation.

Table-ronde #2 au Parlement européen à Bruxelles organisé par le co-rapporteur de la règlementation relative aux données personnelles.

[event] (greens-efa.eu) [video] (greenmediabox.eu)

Posted

hugoroyd posted a photo:

Some of my books

Posted

hugoroyd posted a photo:

Some of my discs

Posted

hugoroyd posted a photo:

Playing in the FSFE office in Berlin

Posted
 29c3 Talk 5383 (English) lightning talks (Pecha Kucha style) Day 2, Hamburg. Slides and © info: http://tos-dr.info/29c3.html. From: Hugo Roy Views: 683 4 ratings Time: 06:44 More in Nonprofits & Activism
Posted

It seems that your web browser does not support open standards for HTML5 video. Please download Firefox or Chromium, or watch the video on YouTube

Lightning talk given at 29C3, Hamburg. Pecha Kucha style (6 min), introducing Terms of Service; Didn’t Read.

Lightning talk donné au 29C3, à Hambourg. Style Pecha Kucha (6 min), pour introduire Terms of Service; Didn’t Read.

Posted

hugoroyd posted a photo:

#29c3

Posted

hugoroyd posted a photo:

#29c3

Posted

hugoroyd posted a photo:

Posted

hugoroyd posted a photo:

watching Morozov w/ PoLuX

© DPA Britta Pederson

Posted

hugoroyd posted a photo:

FSFE fellows

Photo taken by a FOSDEM visitor

Posted

hugoroyd posted a photo:

Photo de Christian Momon

Posted

hugoroyd posted a photo:

Posted
 From Nightmatch, 1984. From: Hugo Roy Views: 77 2 ratings Time: 02:03 More in News & Politics
Posted
 From: Hugo Roy Views: 85 0 ratings Time: 00:07 More in Science & Technology
Posted

Concluding panel for the first FOSDEM Legal DevRoom moderated by Richard Fontana, with Giovanni Battista Gallus, Bradley M. Kuhn, and myself on app store legal issues regarding free software.

Table-ronde de conclusion du premier thème juridique du FOSDEM modéré par Richard Fontana, avec Giovanni Battista Gallus, Bradley M. Kuhn et moi à propos des enjeux juridiques des app stores pour le logiciel libre.

[audio] (faif.us)

Posted
 Frank Zappa. From: Hugo Roy Views: 12672 121 ratings Time: 00:23 More in Education
Posted
 http://www.libertesnumeriques.net/evenements/stallman-19octobre2011. From: Hugo Roy Views: 40 1 ratings Time: 00:21 More in News & Politics
Posted
 From: Hugo Roy Views: 1147 13 ratings Time: 08:17 More in Film & Animation
Posted

See sources