Re: [GNU/consensus] Map of Projects / Sessions at 30C3

[hellekin]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 11/15/2013 01:57 PM, Andreas Kuckartz wrote:
>> 
>> That is outside the scope of this working group.
> 
> Dissemination is mentioned as a topic for the 30C3 assembly. And
> (at least) in that context it seems to be in scope.
> 
*** We need to distinguish two vectors in our working group.

One is the hardcore P2P "next generation" that focuses on GNUnet and
peer-to-peer solutions ; and the other is the "transitional" that
focuses on how to go from here to there, including contemplating
alternate paths, such as patching hopeless protocols, or seeking to
reform the existing nightmarish hell of a reality.

Although I'm convinced personally that jumping ships will be the best
move, there are still 1.5-and-growing billion users to convince as
well, without mentioning all the people with whom we all interact with
in our daily lives using insecure protocols and unprotected
communications.

That factual inertia needs to be addressed, and although technologies
such as LEAP do not convince me yet on their practicability, there's
no doubt there's a market for it--people are working on it and do have
the intention to deploy it.  So, it's not only a matter of what we
want, we know, or what we think is best, but also to consider and take
into account the complexity of reality.  The fact that there are many
projects and much attention given to what we like to anticipatively
call "legacy protocols" (SMTP, HTTP), should prompt us not to fight
reality and instead, skim the milk, and embrace them as vectors for
change.

I urge to stop entirely with this anti-whatever discourse: we have
nothing to justify, nothing to fear, and we can't do much about other
people's decisions, but to bring them better alternatives.

> 
> That statement is like "Windows users can't be helped". They can
> never have an absolutely secure system without migrating to another
> operating system. But that does not imply that improving their
> security is impossible as long as they do not make that step. It
> really depends on the threats one intends to protect against.
> 
*** I guess you're right in some way, but *that* is definitely out of
the scope of our working group: we're talking about free software,
right?  So the only correct step such a user could make would be to
start using free software.  And if "they don't have a choice", well,
sorry, but we cannot do everything, talk with the FSF.

That also supports the case of LEAP, or LinkedData, Lorea, etc.: those
projects might not be what we want, and have a lot of flaws from our
point of view, but they're addressing some problem, and there's no
reason not to let them do it--we're free not to use them if that would
harm us.  It's not exactly as if we would let Monsanto take over the
water supplies of a continent, destroy biodiversity, and feed cancer
to entire populations.  We're still talking about lessons learned
here, with potential synergies involved.  Some inventions come from
tricky paths.

If you cannot convince someone to join forces, repeating how bad their
choices are probably won't help convince them.  That's especially
important as while you're complaining, they're working.  And when they
show their product, users go there, and then you can't tell users:
wait! Wait! That is wrong!  On the other hand, showing examples of
things you can do with your solution, that you cannot with another--or
not even considering it: showing what's possible and how to get
started doing it, then yes, you get people working with you.  That's
the hard part.

>> that trojan horse called WebRTC which comes equipped with MITM 
>> capabilities and missed the chance to at least mandate pinning.
> 
> Such decisions are not immutable.
> 
*** Indeed, that could be an interested channel for aggressiveness.

>> How many minutes would it take until all major vendors are
>> compelled to provide backdoors?
> 
*** That is precisely why Snowden defected: for such illegal things
not to be able to happen.  Now, I understand your position, to help
build technology that will prevent such abuse.  But you're still
fighting reality if you consider that question seriously.  "They broke
the Internet. We're building a GNU one."  One where such blackmail
over vendors is not worthy.  We're not looking for absolute, we're
looking for enough.

==
hk

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJShmfUAAoJEEgGw2P8GJg9x8EP/1EfBMcNEF55XNBXHWBJP5Xt
T5eyt2oxJvOuLn8g0VlBExRPnGF61sspcQWaV9uHXscr7RSenV+teokwWW+H0uBP
HHpvah9+TtZHgYkf96z2N4EVriLwQTjNz9MFLP2/qdN1YcOrjya1WJmGbcHCgV4f
wkXLwNMBMAaz2JWbmwZwHAretaJW+l+qcHGEKSfBiIn9avHChIhApG+pnuuRfOfu
es/barFrBheEU5jlHNcjy7qByGOncQmnHvaAvew3nAflQVinoy+TrpMSY4gIwyJT
9qNn74E0VwxkI9OsIXmLJd9OxMxv4miDkeFXb3mRHKtK5LcytzSlHSIv3ySwwmAH
n/TuZ76D5QGm6e49zScbvrfzBReJAcFVEfWh9dl8TjaFUOyyoBzKOZAt/x7l9yXz
Sb9feRJKFCjUZAgKtiB3gMS7eE0x0yQigvRLTKM9W27qX0dXB8FqXgIcajz3RNu3
ZQ7PTO9FxkuXR5Ub/Lrx+j1NGKhbH5IizbR/fux1+9T5DH0E69aFJ63uNgpTbsUm
FJNMylIlIyvbSn8NHqOMkhl5pdbdEPAGe792f0KQmF/LNlO5ivc2pboMdNE/rnb9
mqsklI9ROsswMY7lXNpAlKT4PqktxXFE37Mev3CbYXyOyfzzJtBwwz9cZkFOBx1X
lUgpdC1UYqUZ3yNibsnw
=y/C2
-----END PGP SIGNATURE-----