Nikos Roussos nikos.roussos - opensource https://www.roussos.cc/favicon.ico https://www.roussos.cc/static/img/ 2016-07-13T13:50:58Z Ανοιχτά Δεδομένα και ΟΑΣΑ OASA map

Ως τακτικός χρήστης των μέσων μαζικής μεταφοράς (ΜΜΜ) της Αθήνας επισκέπτομαι συχνά το site του ΟΑΣΑ για να δω τις διαθέσιμες πληροφορίες, ειδικά αν θέλω να χρησιμοποιήσω μια γραμμή με την οποία δεν είμαι εξοικειωμένος, όπως π.χ. τη γραμμή 227. Το link είναι απ' το Wayback Machine του Internet Archive project γιατί αυτή η δυνατότητα έχει πλέον εξαφανιστεί απ' το site του ΟΑΣΑ και στη θέση της υπάρχει παραπομπή για το Google Transit.

Το Google Transit είναι sub-project του Google Maps και η υπηρεσία προσφέρεται μεν δωρεάν, δεν παύει όμως να είναι μια εμπορική υπηρεσία μιας for-profit εταιρίας με συγκεκριμένους όρους χρήσης τόσο για την υπηρεσία όσο και για τα δεδομένα. Όπως όλες οι υπηρεσίες της Google, λειτουργεί ως πλατφόρμα διανομής διαφημίσεων.

Συνειδητά εδώ και πολλά χρόνια έχω σταματήσει να χρησιμοποιώ Google Maps και χρησιμοποιώ OpenStreetMap (και εφαρμογές που βασίζονται σ' αυτό) για πολλούς λόγους. Κυρίως για τους ίδιους λόγους που προτιμώ να διαβάσω ένα λήμμα στη Wikipedia και όχι στη Britanica. Θεωρώ συνεπώς απαράδεκτο ένας δημόσιος (ακόμα) οργανισμός να με ωθεί να χρησιμοποιήσω μια εμπορική υπηρεσία για να έχω πρόσβαση στα δεδομένα που έχω ήδη πληρώσει για να παραχθούν. Σήμερα έστειλα το παρακάτω email στον ΟΑΣΑ:

Καλησπέρα,

Τους τελευταίους μήνες έχουν εξαφανιστεί απ' το site σας (oasa.gr) οι πληροφορίες (στάσεις, δρομολόγια, χάρτες) για όλες τις γραμμές λεωφορείων και τρόλεϊ. Αντ' αυτού η σχετική σελίδα παραπέμπει σε μια εμπορική υπηρεσία (Google Transit).

Ως πολίτης θα ήθελα να μάθω:

  1. Πώς μπορώ να βρω μέσα απ' το site σας τις σχετικές πληροφορίες, χωρίς να χρειαστεί να χρησιμοποιήσω εμπορικές υπηρεσίες (Google Maps, Here Maps, κλπ);

  2. Στη σελίδα με τους όρους χρήσης αναφέρεται πως για όλα τα δεδομένα (χάρτες, σχεδιαγράμματα, γραμμές, δρομολόγια, κ.τ.λ.) δεν επιτρέπεται η εμπορική χρήση τους. Σε ποια δεδομένα αναφέρεστε αν αυτά ούτως ή άλλως δεν διατίθενται μέσα απ' το site σας;

  3. Τα δεδομένα προσφέρονται ελεύθερα μέσα απ' το geodata.gov.gr με άδεια "Creative Commons: Attribution" που επιτρέπει την εμπορική χρήση. Τι απ' τα δύο ισχύει τελικά;

  4. Αν όντως δεν επιτρέπεται η εμπορική χρήση των δεδομένων, που υπάρχει αναρτημένη η συμφωνία που έχετε κάνει με τη Google και ποιο είναι το οικονομικό όφελος για τον οργανισμό;

Δεν ξέρω αν θα λάβω κάποια ουσιαστική απάντηση ή αν θα λάβω οποιαδήποτε απάντηση, αλλά το γεγονός παραμένει εξοργιστικό. Ειδικά αν αναλογιστούμε πως ο ΟΑΣΑ είχε τέτοια υπηρεσία σε λειτουργία απ' το 2011 και προτίμησε να την κλείσει, ενώ παράλληλα προωθεί μια εφαρμογή για κινητά τηλέφωνα που σε μεγάλο βαθμό υλοποιεί τις απούσες απ' το site του υπηρεσίες, αδιαφορώντας για τους πολίτες που δεν διαθέτουν smartphone.

Η άποψη μου είναι απλή. Δεδομένα και λογισμικό που παράγονται και υλοποιούνται με δημόσιο χρήμα πρέπει να είναι και δημόσιο κτήμα. Αυτό σημαίνει πως οι πολίτες δεν θα πρέπει να είναι υποχρεωμένοι να χρησιμοποιήσουν εμπορικές υπηρεσίες για να έχουν πρόσβαση σε δεδομένα δημοσίων υπηρεσιών, ούτε θα πρέπει να "περάσουν" μέσα από app stores συγκεκριμένων εταιριών για να κατεβάσουν την εφαρμογή μιας δημόσιας υπηρεσίας στο κινητό τους. Για τους ίδιους λόγους οι εφαρμογές αυτές θα πρέπει να προσφέρονται ως Ελεύθερο Λογισμικό και ο κώδικας τους να είναι ανοιχτός, καθώς δαπανήθηκε δημόσιο χρήμα.

Ο ΟΑΣΑ στη συγκεκριμένη περίπτωση καταπάτησε οποιαδήποτε έννοια "δημόσιου" αγαθού με την ευνοϊκή μεταχείριση μιας εταιρίας (Google), προσφέροντας της δωρεάν δεδομένα και διαφήμιση, και την ταυτόχρονη απαγόρευση της εμπορικής εκμετάλλευσης των δεδομένων από ανταγωνιστές της.


Σχόλια και αντιδράσεις σε Diaspora, Twitter, Facebook

]]>
2016-07-12 10:51:23
Running a Hackerspace I wrote parts of this post after our last monthly assembly at Athens Hackerspace. Most of the hackerspace operators are dealing with this monthly meeting routinely and we often forget what we have achieved during the last 5 years and how many great things this physical space enabled to happen. But this post is not about our hackerspace. It's an effort to distant myself and try to write about the experience of running a hackerspace.

workbench

Yes, it's a community

The kind of people a space attracts is the kind of people it "wants" to attract. That sounds kind of odd right? How a physical space can want anything? At some point (the sooner the better) the people planning to open and run a hackerspace should realize that they shape the form of the community to occupy and utilize the space. They are already a community before even they start paying the rent. But a community is not a random group of people that just happen to be in the same place. They are driven by the same vision, common goals, similar means, etc. Physical spaces don't have a vision. A community does. And that's a common struggle and misconception that I came across so many times. You can't build a hackerspace with a random group of people. You need to build a community first. And to do so you need to define that common vision beforehand. We did that. Our community is not just the space operators. It's everyone who embraces our vision and occupies the space.


Yes, it's political

There is a guilt behind every attempt to go political. Beyond the dominant apolitic newspeak that surrounds us and the attempt to find affiliations in anything political, there is still space to define yourself. It's not necessarily disruptive. After all it's just a drop in the ocean. But this drop is an autonomous zone where a collective group deliberately constructs a continuous situation where we challenge the status quo. Being not for profit is political. Choosing to change the world one bit at a time, instead of running another seed round, is political. Going open source and re-shaping the way we code, we manufacture, we share, we produce and in the end the way we build our own means of production, is political. Don't hurry to label it. Let it be for now. But it's a choice. Many spaces have chosen otherwise, operating as tech shops or as event hosts for marketing presentations around new commercial technologies and products, or even running as for-profit companies, declaring no political intention. These choices are also political. Acceptance comes after denial.


Rules vs Principles

You'll be tempted to define many ground rules on how you want things to operate. Well, I have two pieces of advice. Never establish a rule for a problem that has not yet emerged. You'll create bigger frictions than whatever problem you are trying to solve. Always prefer principles over rules. You don't need to over-specify things. Given the trust between the people of a hackerspace there is always common sense on how a principle applies.


Consensus vs Voting

All hackerspaces should have an assembly of some form to make decisions. Try to reach consensus, through discussion and arguments. There will be cases where a controversial matter can be hard to have an unanimous decision. Objections should be backed with arguments, otherwise they should be disregarded. Voting should always be the last resort. Remember, the prospect of a voting at the end of a discussion kills many good arguments in the process. Consensus doesn't mean unanimity.


Do-ocracy

Some call it lazy consensus. If you have an idea for a project you don't need permission. Don't wait for someone else to organize things for you. Just reach out to the people you want and are interested in your idea and start hacking.


Code of conduct

You'll find many approaches here. We decided to keep it simple and most importantly to stick on a positive language. Describe what's an accepted behavior inside your community, instead of stating all behaviors you find wrong (you'll miss something). Emphasize excellence over Wheaton's Law. "Be polite to everyone. Respect all people that you meet at the space, as well as the space itself.", is what we wrote on our frontpage. It may not be stated explicitly, but any form of discrimination is not an accepted behavior. Being excellent to everyone means that you accept the fact that all people are equal. Regardless of nationality (whatever that means) or sexual orientation, you should be polite to all people.


Hackability

This is my favorite word when it comes to hackerspaces. I'm sure most people reading this are familiar with Free Software and its four freedom definition. Let me remind you one of the freedoms:

The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.

Something that usually escapes the attention of many people is that the availability of source code is not the important thing here. The important thing is the the freedom to study and change. Source code availability is a prerequisite to achieve that freedom.

Same happens with hackability. Remember the Hackerspace definition as it stands on the Hackerspaces.org wiki:

Hackerspaces are community-operated physical places, where people share their interest in tinkering with technology, meet and work on their projects, and learn from each other.

So again the important thing here is that you tinker/hack things. Many people have misinterpret this into thinking that since there is no mention of Open Source or Free Software in that definition then these things are not important. Again, these are the requirements. In order to hack something, you should be granted the freedom to study and change it. Access to the source code is a prerequisite for this. For those who prefer graphical representations:

hackability

Mind the "principles" next to Free Software, since we are not just talking about software here. This also applies to hardware (hack beaglebones, not makey makey), data (hack OpenStreetMap, not Google Maps), content (hack Wikipedia, not Facebook) and of course software again (teach Inkscape, not Illustrator).

Sharing your knowledge around a specific technology or tool freely is not enough. Actually this notion is often used and more often abused to justify teaching things that nobody can hack. You are a hackerspace, act like one. All the things taking place in a hackerspace, from the tiniest piece of code to the most emblematic piece of art, should by definition and by default be hackable.


Remember, do-ocracy

I hope it's obvious after this post that building and running a hackerspace is a collective effort. Find the people who share the same vision as you and build a hackerspace. Don't wait for someone else to do it. Or if you are a lucky, join an existing one that already runs by that vision. It's not that hard. After all, the only thing we want to do is change the world. How hard can it be?


Comments and reactions on Diaspora or Twitter

]]>
2016-05-27 12:51:23
Will you be my cryptovalentine? cryptovalentine

Roses are red, violets are blue; I use free software to encrypt my online communication and so should you.

Over the last few year Free Software Foundation Europe runs a campaign called "I love Free Software Day". It's an opportunity to share your appreciation (or love) with the developers of your favorite Free Software project. So after you are done reading this post, choose your favorite project and send its developer(s) an appreciation email.

Last year Zak Rogoff , had a great similar idea. On a post he wrote he suggested we use the Valentine's Day as an opportunity to use Free Software in order to setup secure and private communications with our significant other.

Ask someone you like -- romantically or otherwise -- to be your cryptovalentine. If they say yes (yikes, nervous!) use the free program GnuPG to set up private and encrypted communication with them.

Last year this was like a late new year's resolution for me. I didn't want to stick to GnuPG or just set the tools up. I wanted to make sure that all forms of communication are secure and private. This is how I (partially) did it. This is focused on mobile communications, because that is what we almost exclusively use for communicating when online.

Email

The first thing that comes to mind is email and the obvious choice of GnuPG. And specifically OpenKeyChain and K9. And it's of course the first thing I did. If you are thinking "GPG keys on mobile? Are you sure?", then you have a different threat model in mind.

OpenKeyChain has made major steps over the last couple of years in terms of usability. It's easy even to generate a new key directly on your phone and easily fetch your contacts keys from keyservers or import them. It's also easy to connect it with the K9 mail client.

Despite all improvements I'm not completely satisfied with the end result at the moment. There is one thing that can really ruin everything. There is no way currently to configure K9 to encrypt all outgoing emails by default if a key is present. That can lead to accidentally replying to an encrypted email in plain text, or just forget to tick the encryption mode when composing a new email. Good thing is that K9 doesn't quote an encrypted email as unencrypted text when replying, which makes emails look ugly but at least it saves you from leaking data by mistake. There is also the issue of PGP/Mime support, but that' not relevant to the communication model I'm describing here. Both ends will use PGP inline, so you'll be ok.

Chat

The obvious decentralized choice would be Jabber with OTR. Many things have changed over the last couple of years. Apps like WhatsApp or Telegram have become really popular. Both of course are not to be considered secure. Source code is not completely open and free and both are centralized which gives one entity the knowledge of the entire social graph. But these apps created a usability precedence. People expect easy registration, even if that requires giving away their phone number and, even worse, their entire addressbook. And people also expect that this will work flawlessly on mobile, where connection can sometimes be flaky. Jabber with OTR fails on both. For the communication model I'm describing here registration issues are not important. But being able to communicate over mobile networks is really important.

Surprisingly many people on the free and open source camp started using (and promoting) Signal, which is indeed better that the two previous options of WhatsApp and Telegram, since the whole stack is completely free and open source. But it keeps all the other problems mentioned above (centralized, addressbook access, etc). I have written about this in details before and Signal's attitude shows that things can only get worse.

So where does this leave us? Signal's protocol, Axolotl Ratchet, is really well designed. What if this could work on top of Jabber? Then we would have the best things of both worlds. That's what OMEMO does.

So my choice was the Conversations app using Jabber along with OMEMO encryption. I have to admit this turn out to work far better than I expected. You set the encryption once and then you forget about it. It just works. All communications are encrypted by default. Offline messages just work. You don't have to worry if the other end is online at the moment. No need to terminate or re-establish encryption sessions (sounds familiar OTR friends?). This worked so good that we actually replaced email communications. I mean, think about it. Most of the emails we exchange during the day are short texts. The only reason we were using email was because it gives the feeling of asynchronous non-urgent communication. But if you have a chat application that online presence doesn't really matters then you already have this.

SMS

We rarely use the mobile telephony network to chat, and since we started using Jabber/OMEMO, this became even more rare. But just for these rare cases, here is what I did and suggest.

Signal started as TextSecure and it used to support the SMS network too. At some point they decided to drop SMS support for various reasons. Then a free software team forked it and kept just the SMS part (it's Axolotl Ratchet again) and dropped all Google dependencies to create SMSSecure. Similar to what I mentioned above, you setup the encryption once and then you forget it. I set this up months ago and all SMS we have exchanged since are encrypted. The app of course works as a regular SMS app, so you just make it your default one and use it for regular plain text SMS messages for the rest of your not-so-brave contacts. At least you'll have encrypted local storage for your sms messages, something that most sms apps don't offer.

Voice

This is the most difficult one, and the one we haven't yet completely achieve. It's not easy to encrypt phone calls and still keep using the traditional mobile network of your carrier. So the next best thing is to do it over the data network. Again usability is important here. So SIP was not my first option. Many apps have come into life over the last couple of years, but most of them are still not mature enough. For instance Tox is nice, but the mobile client lacks voice calls at the moment and their core protocol is not designed with mobile usage in mind, which leads to battery drainage.

Another similar approach is the Ring. It's also at its early days, but recently the mobile client added voice calls. We started using it over the last month, but it's still early to judge it. If you are interested in the technical details see the core developers presentation at this year's Fosdem.

Video

Weirdly enough this is something we solved long before the voice communications. Video is something you explicitly choose to do, so you don't have so many requirements in terms of integration with the rest of the phone operating system. We use WebRTC. Encryption is mandatory for WebRTC, using DTLS and it's P2P. You can find many services out there, some completely Free and Open Source (so you can set it up on your own if you don't trust them), and a few also offer private rooms.

Another option (still WebRTC) is Firefox Hello. I've been using Hello from the first day it was released and works great. The only problem is that you can initiate a call only from a Desktop Firefox. But a few months back Hello offered the option to create a room, give it an alias to make it more recognizable than a hash and bookmark it. So if both ends have this unique url they can initiate a video call directly from Firefox mobile.

Whatever WebRTC option you choose remember that this works through your browser. I have test this only on Firefox, but it should work on other browsers too with no extra plugin. Just use a browser that it's Free and Open Source. Otherwise you shouldn't trust it for your communications.

Now it's your turn

All apps mentioned here are available on F-droid, so it's not that hard to get started. Remember, our privacy is interdependent. It's not enough to secure your devices only. What better way to start than this? Ask your significant other or someone you like, romantically or otherwise, to be your cryptovalentine. You don't have to use the specific tools I mention here. I urge you to use only Free / Open Source software and decentralized services. And remember this is just the beginning. After you succeed, spread this know-how to the rest of your friends.


Comments and reactions on Diaspora or Twitter

]]>
2016-02-12 15:01:23
Fighting Passive Surveillance should be our top priority massive

Post-Snowden

We definitely live in a different world since Snowden leaks, but for some people nothing has changed. We always knew that certain individuals are targeted by local or international law enforcement agencies. In some cases they even have a legal way of doing this. If you work on certain fields or operate as an activist in political issues, you always assumed or knew that your communications are monitored. We may have better knowledge on the way the do it, or which things they have broken and which not yet. But essentially nothing is new about this on the post-Snowden world.

What Snowden leaks actually changed, what we learned from the documents, is that there is a vast ongoing process of massive passive surveillance and data collection. It doesn't matter if you are considered important. It doesn't matter if you have something to hide or not. All of your communications are monitored, stored and analyzed. This is what changed. This is what we learned.

Let me pause my thoughts for a moment and share a controversial story...

Mobile email encryption

Would you store your private PGP key to your mobile smartphone? Many (most?) hackers/geeks would easily answer in a negative way. Mobile phones have two major security implications that our laptops (usually) don't.

  • Physical security. It's more easy to lose your phone, or for someone to steal it. It's a comparatively smaller device, usually carried away in your pocket. And once you lose it, all keys stored there should be considered compromised (which is a big problem on its own, since PGP doesn't offer Forward Secrecy).

  • More than one operating system. Even if you have taken all measures to secure your operating system, the problem is that your phone runs also a second operating system. The "radio" OS running on your baseband chip. It's a complete proprietary black box, that you don't know what it does. You don't even know if it's isolated from your "smart" operating system.

On a side note, mobile operating systems have a security advantage that almost all modern desktop operating systems (even most major linux distributions) lack. All applications are sandboxed. So even if you are running a malicious application (you know, like Angry Birds) it may do various unwanted things regarding your personal mobile usage (eg. track location) but it can't easily steal your PGP private key stored inside OpenKeyChain's isolated storage. Not many desktop operating systems can protect you from a malicious application getting access to your .gnupg or .ssh folder.

So, although these two points are completely valid and indeed mobile smartphones are less secure, we have to realize that this is where most users read their emails. In many cases, a mobile phone is the only device people read their emails. Many people have come to cryptoparties, and after getting in touch with the complete lack of usability that comes with the standard pgp gui stack (Thunderbird + Enigmail), they ask how the can do the same things on their mobile. Most hackers would react (or even deny to help) exactly because of the reasons mentioned above. Let me clear up the dilemma a bit: Most people have two options to choose. Either use email encryption on their mobile phone or don't use encryption at all. And unfortunately most hackers fail to see that for most people the threat model is passive surveillance.

Threat Model

Not all people are trying to protect from the same things or the same type of adversaries. Not all people have the same Threat Model.

I was very pleased to see Werner Koch presenting at 32c3 this year about the current status of GnuPG, where he mentioned that the focus from now on is the passive surveillance threat model. Building tools that focus on the passive surveillance threat model, means that usability and encryption by default is top priority.

I have participated and co-organized many Cryptoparties, Free Software Meetups, and related crypto/privacy events/workshops. And I believe that the passive surveillance threat model should also be our focus. Yes, sometimes we need to quickly determine if a person has a different threat model (eg. journalists), but most people participating in these kind of events are not targets (at least not NSA targets). We know that they collect everything, we know that they love pgp because it's rarely used and stands out. Let's make their job more difficult. Encrypt all things by default. Let's start from fighting against massive passive surveillance.


Comments and reactions on Diaspora or Twitter

]]>
2016-02-01 11:01:52
Ο σκοταδισμός της πνευματικής ιδιοκτησίας Εδώ και πολλά χρόνια οι εταιρίες παραγωγής οπτικοακουστικού υλικού και οι οργανισμοί συλλογικής διαχείρισης πνευματικών δικαιωμάτων προσπαθούν να αντιμετωπίσουν τη διακίνηση πνευματικού έργου μέσω του internet. Δεν προσπάθησαν ούτε να το κατανοήσουν, ούτε να προσαρμοστούν. Αυτό που ξεκίνησε ως προσπάθεια περιορισμού, συνεχίστηκε ως προσπάθεια καταστολής και προσπάθεια άρσης βασικών ατομικών ελευθεριών. Και δυστυχώς δεν είναι πάντα απλώς προσπάθειες. Υπάρχουν και ήττες και νίκες σ' αυτό τον "πόλεμο".

Φτάσαμε σε ένα σημείο που οι άνθρωποι του πνεύματος (μέσω των εκπροσώπων τους, των δικηγόρων τους και των εταιριών στις οποίες οικειοθελώς παραχωρούν την εκμετάλλευση των έργων τους) έχουν συμφιλιωθεί με την ιδέα πως το δικαίωμα στην πνευματική ιδιοκτησία είναι πιο σημαντικό από βασικά ατομικά δικαιώματα και ελευθερίες, όπως το απόρρητο των επικοινωνιών ή η ελευθερία λόγου. Δεν θα ξεχάσω την τελευταία φορά που συμμετείχα σε ημερίδα του Οργανισμού Πνευματικής Ιδιοκτησίας (ΟΠΙ), το γεγονός πως οι περισσότεροι οργανισμοί αντιμετώπιζαν το internet ως μια μάστιγα που ήρθε στην ανθρωπότητα και πρέπει να κάνουμε ό,τι περνάει απ' το χέρι μας να περιορίσουμε την ελεύθερη χρήση του. Νομικός εκπρόσωπος ενός τέτοιου οργανισμού έφτασε στο σημείο να προτείνει πως θα ήταν "καλή ιδέα" να περιοριστεί το μέγεθος των αρχείων που μπορούμε να κατεβάσουμε απ' το internet σε λίγα MB. Πέρα απ' την φανερή έλλειψη βασικής τεχνογνωσίας για τη λειτουργία του internet, τέτοιες απόψεις και η ευκολία με την οποία προτείνουν να περιορίσουμε ένα εργαλείο που έχει εκδημοκρατίσει σε μεγάλο βαθμό τη διανομή πνευματικής δημιουργίας, είναι ο λόγος που το παρόν post φέρει αυτό τον τίτλο.

Εδώ και κάποιες ημέρες έχει τεθεί σε διαβούλευση ο νέος νόμος διαχείρισης δικαιωμάτων πνευματικής ιδιοκτησίας. Ως συνήθως ο νόμος είναι αρκετά μακροσκελής και οργουελικά ασαφής για να τον διαβάσουν οι περισσότεροι πολίτες. Θα ήθελα να σταθώ σε δύο σημαντικά σημεία του νόμου. Στο θέμα της επιτροπής λογοκρισίας, που συστήνεται στον υπό πρόταση νόμο, και στο θέμα της a priori αμοιβής των καλλιτεχνών από αγορές ηλεκτρονικών υπολογιστών.

Επιτροπή Λογοκρισίας

Το άρθρο 69, παράγραφος 8 περιγράφει τη δημιουργία μιας επιτροπής που θα αποφαίνεται για ζητήματα παραβίασης του νόμου περί πνευματικής ιδιοκτησίας (του περιβόητου 2121/1993) στο internet. Για να σας γλιτώσω αρκετό διάβασμα παραθέτω τα σημαντικά σημεία.

  • Η Επιτροπή είναι 5μελής και θα αποτελείται από τον πρόεδρο και τον διευθυντή του ΟΠΙ, έναν εκπρόσωπο της ΕΕΤΤ, έναν δικαστή του Αρείου Πάγου και έναν δικαστή του Συμβουλίου της Επικρατείας.

  • Οι δικαιούχοι έργων πνευματικής ιδιοκτησίας μπορούν να προσφύγουν σ' αυτή την Επιτροπή, η οποία πρέπει εντός 10 ημερών να αποφασίσει αν υπάρχει όντως θέμα ή όχι.

  • Αν η Επιτροπή αποφανθεί πως υπάρχει παράβαση ζητά απ' τους παρόχους πρόσβασης internet (ISPs) να κόψουν την πρόσβαση στο συγκεκριμένο website.

  • Σε περίπτωση μη συμμόρφωσης προς το δικαστικό της απόφασης η Επιτροπή επιβάλλει πρόστιμο ποσού 500€ έως 1000€ για κάθε ημέρα μη συμμόρφωσης.

  • Είναι σημαντικό πως ξεκαθαρίζεται ότι η παρούσα διαδικασία δεν εφαρμόζεται κατά τελικών χρηστών. Προς το παρόν λοιπόν ο νόμος δεν περιγράφει διαδικασίες άρσης απορρήτου για τους χρήστες που κατεβάζουν έργα πνευματικής δημιουργίας ενδεχομένως παρανόμως.

  • Κατά των αποφάσεων της Επιτροπής μπορεί να ασκηθεί προσφυγή ενώπιον του Διοικητικού Εφετείου Αθηνών εντός 30 ημερών από την κοινοποίηση της απόφασης. Δεν είναι σαφές απ' το κείμενο του νόμου αν την προσφυγή πρέπει να την κάνει ο πάροχος της υπηρεσίας (πχ. ο κάτοχος της ιστοσελίδας) ή μπορεί οποιοσδήποτε θεωρεί πως θίγεται απ' την εφαρμογή της απόφασης να προσφύγει στη δικαιοσύνη.

Αν δεν είναι αρκετά σαφές ας το διατυπώσω όσο πιο εμφατικά μπορώ. Αυτό που περιγράφει ο νόμος είναι τη σύσταση μια επιτροπής με την απόλυτη εξουσία και χωρίς να έχει προηγηθεί καμία δικαστική απόφαση να διατάσσει τους παρόχους να μπλοκάρουν ένα website από το ελληνικό internet.

Είναι φανερό πως η δημιουργία της επιτροπής είναι εμπνευσμένη απ' την αντίστοιχη που υπάρχει για τα τυχερά παιχνίδια (ΕΕΕΠ). Τα πράγματα βέβαια στον χώρο των πνευματικών δικαιωμάτων είναι ακόμα πιο πολύπλοκα και το μέλλον αρκετά πιο ζοφερό.

Υπάρχουν αρκετές δικαστικές αποφάσεις ως τώρα που έχουν διατυπώσει πως το να φιλοξενείς στο website σου παραπομπές για παράνομο υλικό που φιλοξενείται αλλού δεν συνιστά παράβαση. Ο Βασίλης Σωτηρόπουλος έχει καταγράψει κάποιες απ' αυτές τις μικρές νίκες. Υπάρχει η απόφαση του εφετείου της Βαρκελώνης, η απόφαση του Πρωτοδικείου Κιλκίς (με αφορμή το greek-movies.com, που λινκάρει περιεχόμενο κυρίως στο youtube), και πολλές ακόμα σε Ευρώπη και ΗΠΑ.

Για να το κάνω λίγο πιο σαφές αυτό, αν στο site σου παρέχεις links προς κομμάτια μουσικής που φιλοξενούνται αλλού (πχ. youtube) τα δικαστήρια έχουν πολλάκις αποφανθεί πως δεν φέρεις εσύ την νομική ευθύνη για το αν τα έργα αυτά είναι νομίμως αναρτημένα. Θα σεβαστεί η Επιτροπή όλα αυτά τα δεδικασμένα; Ας το τραβήξω όμως λίγο παραπάνω. Τι γίνεται με τους torrent trackers; Οι torrent trackers δεν φιλοξενούν έργα πνευματικής ιδιοκτησίας ή γενικώς αρχεία προς κατέβασμα. Περιέχουν αρχεία μεταδεδομένων (metadata) ώστε να μπορούν οι χρήστες να μοιραστούν αρχεία (πχ. μια ταινία) μεταξύ τους. Παρέχουν συνήθως ένα magnet link, δηλαδή μια παραπομπή ώστε οι χρήστες να διαμοιραστούν αρχεία. Πρακτικά είναι ακόμα πιο "αθώα" από μια παραπομπή στο site μου προς ένα έργο στο youtube. Θα σεβαστεί η Επιτροπή την ελευθερία ύπαρξης τέτοιων υπηρεσιών;

Ποιος ελέγχει την Επιτροπή σε περίπτωση που καταχραστεί την εξουσία της; Ο νόμος δίνει καταρχήν τη δυνατότητα στους παρόχους να αιτιολογήσουν πιθανή μη-συμμόρφωση. Αλλά κρίνοντας απ' το πως έχουν χειριστεί το θέμα με την ΕΕΕΠ, μάλλον δεν πρέπει να ελπίζουμε πως θα σκεφτούν το συμφέρον των πελατών τους. Ο νόμος επίσης δίνει τη δυνατότητα για δικαστική προσφυγή, αλλά εκ των υστέρων και χωρίς να αναστέλλεται η απόφαση στο ενδιάμεσο.

Τέλος υπάρχει και το τεχνικό κομμάτι. Οποιοσδήποτε χρήστης μπορεί να "παρακάμψει" τέτοιες απαγορεύσεις είτε αλλάζοντας τους DNS servers που χρησιμοποιεί από αυτούς του παρόχου του σε κάτι πιο δημοκρατικό. Ή εναλλακτικά να χρησιμοποιήσει Tor. Αλλά νομίζω πως έχει γίνει σαφές ως τώρα πως το πρόβλημα δεν είναι πρωτίστως τεχνικό.

Αμοιβή καλλιτεχνών

Στο ίδιο άρθρο στην παράγραφο 2β ο νόμος προβλέπει αμοιβή 2% απ' την αγορά ηλεκτρονικών υπολογιστών. Δεν θέλω να σταθώ τόσο στο γιατί είναι λάθος να χρεώνεις a priori όλους τους χρήστες ηλεκτρονικών υπολογιστών ανεξαρτήτως αν κάνουν χρήση έργων πνευματικής ιδιοκτησίας. Αυτό που θεωρώ πιο σημαντικό στη συγκεκριμένη περίπτωση είναι το γεγονός πως δεν υπάρχει απολύτως καμία διαφάνεια γύρω απ' τους οργανισμούς συλλογικής διαχείρισης ώστε να αποδίδεται δικαίως αυτή η αμοιβή. Ας πάρουμε το παράδειγμα της μουσικής και της ΑΕΠΙ. Τι γίνεται με τους μουσικούς που έχουν επιλέξει να διανέμουν τη μουσική τους με ελεύθερες άδειες και κατ' επέκταση δεν είναι μέλη της ΑΕΠΙ; Που είναι τα πλήρη οικονομικά στοιχεία της ΑΕΠΙ για να δούμε πώς κατανέμονται τα χρήματα που συλλέγει; Γιατί είναι κερδοσκοπικού χαρακτήρα απ' τη στιγμή που υπάρχει απλά για να εκπροσωπεί τους καλλιτέχνες; Απ' τη στιγμή που υπάρχει αυτή η έλλειψη διαφάνειας και οι οργανισμοί συλλογικής διαχείρισης λειτουργούν ως κερδοσκοπικές ιδιωτικές εταιρίες για ποιο λόγο το κράτος λειτουργεί ως εισπράκτορας για λογαριασμό τους;

Τι μπορείς να κάνεις

  • Ενημερώσου. Διάβασε το αναλυτικό post του kargig για να έχεις μια πιο σφαιρική εικόνα της λογοκρίσίας στο ελληνικό internet.

  • Τώρα ξέρεις. Ενημέρωσε όσους περισσότερους ανθρώπους μπορείς. Μην περιμένεις να αρχίσουν να κυνηγούν και χρήστες (δηλαδή να χτυπήσουν και τη δική σου πόρτα) για να αντιδράσεις.

  • Αν ο νόμος τελικώς ψηφιστεί, φρόντισε τουλάχιστον να αμυνθείς σε τεχνικό επίπεδο. Μάθε πως μπορείς να παρακάμψεις τη λογοκρισία ή/και να διατηρήσεις την ανωνυμία σου. Στο Hackerspace.gr κάνουμε συχνά συναντήσεις και workshops γύρω απ' αυτά τα θέματα. Αν κατά τύχη είσαι σε κάποιο εκπαιδευτικό οργανισμό ή βιβλιοθήκη θα χαρούμε να οργανώσουμε κι εκεί κάποιο workshop.

  • Αν όλα πάνε στραβά, χρειαζόμαστε δικηγόρους. Έστω κι αν καταφέρουμε να αντιμετωπίσουμε τη λογοκρισία εκ των υστέρων και να αντιστρέψουμε περιπτώσεις κατάχρησης εξουσίας εκ μέρους της Επιτροπής, θα είναι αρκετά σημαντικό

  • Γράψε την άποψη σου στη διαβούλευση. Αν και δεν είμαι υπέρμαχος δομών που συντηρούν την ψευδαίσθηση συμμετοχικής δημοκρατίας, ανοιχτής διακυβέρνησης, ή όπως αλλιώς λέγεται αυτή την περίοδο, είναι κρίμα σχεδόν όλα τα σχόλια στο συγκεκριμένο άρθρο να είναι από οργανισμούς συλλογικής διαχείρισης που ζητούν ακόμα μεγαλύτερη "αυστηρότητα".

Αντί επιλόγου

Αν και έχω χρησιμοποιήσει τον όρο "πνευματική ιδιοκτησία" αρκετές φορές στο post, αποφεύγω συνήθως να τον χρησιμοποιώ. Δεν αναγνωρίζω δικαιώματα ιδιοκτησίας στην πνευματικής δημιουργία. Ανέκαθεν θεωρούσα πως απ' τη στιγμή που ένας δημιουργός διαθέσει το έργο του δημόσια τότε αυτομάτως γίνεται και δημόσιο κτήμα (public domain που λένε και οι νομικοί). Αλλά παρόλα αυτά, αν αναγνωρίσουμε δικαιώματα ιδιοκτησίας, τότε θα πρέπει να το κάνουμε σε συνδυασμό με ό,τι ο όρος ιδιοκτησία συνεπάγεται. Μεταξύ αυτών είναι και η φορολόγηση αυτής της ιδιοκτησίας, ανεξαρτήτως αν αποφέρει έσοδα.


Comments and reactions on Diaspora or Twitter

]]>
2016-01-18 11:21:37
monopati, a minimalistic static content generator I have tried many static content generators in the past. My site/blog is rendered to static since a couple of years ago. So this post is about writing yet another static content generator.

I have two major requirements. Simplicity and no extra features. All I want is a simple blog and some static pages. So Markdown and Jinja should be enough. No fancy features needed. I also wanted this to be so simple that even non-tech people would use it with minimum effort. One of the things that bothers me with most generators is that they render the whole website in another folder, so it's hard to have one repository with both your posts markdown code and the rendered output so you can easily host it (eg. on Github pages).

So I scratched my itch and monopati, a minimalistic static content generator, was born. As of today my website is rendered using my own static content generator (with all content on version control). I promise to write a post with concrete easy steps on how to deploy your own website/blog using monopati and without paying for any hosting service.

Feedback and code patches are always welcomed.


Comments and reactions on Diaspora or Twitter

]]>
2016-01-11 17:01:12
Multi-End Message and Object Encryption. What? So, many people promoting Signal over Jabber/OTR for its usability and security features (besides all caveats). Most of these features are offered due the Axolotl Ratchet protocol.

What if this protocol was implemented as an extension to Jabber? This would combine all best things from both worlds. Offline (encrypted) messages, multiple devices, better mobile integration but on the same time decentralized federated service. Well it’s done. Meet OMEMO.

Conversations on Android already supports it, ChatSecure is implementing it too and tickets are already opened on Pidgin and Tor Messenger. Gajim is currently the only desktop app that supports it (through a plugin), but if you want to have OTR too then Gajim is not an option since its OTR plugin is unmaintained.

I’ve been testing Conversations/OMEMO over the last week and it works great. So maybe in a few months we’ll have something truly secure, decentralized and usable to suggest to our friends ;) Or just suggest Conversations to the most brave of your friends.

omemo


Comments and reactions on Diaspora or Twitter

]]>
2016-01-05 12:41:37
If you care about privacy, Signal is certainly not an option Whisper Systems failed big once again. They just announced their "Desktop" version of Signal, which is actually a Chrome app.

So just to get facts straight, this is neither a Desktop nor a Web app. And just like their Android app, you need a Google account to download it.

Actually this is even worse, because you also need to use Chrome to use this app. Channeling all your (meta)data through a closed source browser, built & distributed by the biggest tracking ad company.

If you care about privacy, Signal is certainly not an option.


Comments and reactions on Diaspora or Twitter

]]>
2015-12-05 15:45:08
post-vacations map editing the view

Greek islands are a great place for summer vacations. This year I visited Amorgos, part of the Cyclades island group, and had a short visit at Pano Koufonisi.

Being in a new place means you need some kind of map to guide you through the endless number of beaches, paths and villages. I've been using OpenStreetMap as a map source for a long time and occasionally I contribute back. OpenStreetMap is a collaborative project to create a free editable map of the world. Many people call it the Wikipedia of maps, and it is in some extent. In contrary with all the major industry map services, which utilize free labor from volunteer contributors and give nothing back, OpenStreetMap data are freely distributed to be used by anyone for any purpose.

You can find many places where OpenStreetMap has more rich data than other sources or read stories on how targeted mapping on specific incidents saved thousand of lives. But there are also many places where it lacks reliable data. Amorgos (and unfortunately many other Greek islands) is one of these cases.

During my vacations there I used the only equipment available (my phone) to keep notes that would help me later to enrich OpenStreetMap. I extensivly use Osmand as my main navigation tool so this was my first option of keeping notes. You can either add favorites to mark any POIs or use the notes plugin to take photos or record audio notes. Osmand has also an editing plugin that can help you edit data on the fly, but I prefer to do this later. If you are searching for a more simple app OSMtracker is a better choice, for tracking routes and keeping notes. If you don't have a smartphone during your vacations you can just use paper and pen. Field Papers will help you print the map area you are interested in and you can keep notes with a pen.

Getting back home I had many notes and plenty of work to do. OpenStretMap has a great in-browser editor and the Map Features (really long) wiki page can guide you through the supported map elements. I added/changed around 90 map elements (beaches, paths, roads, buildings, etc) and it took me about an hour. Less than a day later the changes were rendered to the live website and I could feel proud about my contributions :)

So did you enjoyed your vacations? Now start contributing to OpenStreetMap so more people can enjoy the travel to all the places you visited. Happy mapping :)

OSM editing

]]>
2015-08-07 13:48:52
Fedora Flock 2014 Fedora Flock took place last week and this is a log entry for my personal highlights.

Flock 2014 Overall the Flock was awesome. The quality of all technical presentations/workshops was really high. It's amazing how many things currently going on at the Fedora community, not just related to our Operation System (the distribution) but also innovative things that we develop or lead that in the long run benefit the whole Free Software community. As always I had the chance to meet, talk and collaborate in person with many Fedorians and that's always motivating for my contribution to the project.

So here it goes...

Fedora.next: This is currently the most important thing happening regarding the distribution. We are about to release Fedora 21 in three different products (Workstation, Cloud, Server) that will make possible to offer a better user experience in each one of these user groups. Some features that pop into my mind: Server product will implement "Server roles" right on the Anaconda installer, so you can quickly deploy (for instance) a mail server. Cockpit also will land on 21, an awesome server management tool. Cloud product will focus even more on containers (yes that means docker), open source infrastructure (eg. OpenStack) and cloud services (eg. AWS). Workstation product intended for Desktop users and will focus on developers and makers. DevAsistant will play a key role to this. It always surprise me to see developers struggle to setup their work environment on Operating Systems that takes hours to do it, for things that it's a few minutes work on Fedora.

Docker, docker, docker: Aditya did a great introductory workshop during Flock. Fedora is definitely the leading platform for Docker. Next release will improve even better Docker's integration.

Ansible: Another DepOps area where Fedora community has given a lot of time and effort. Again Aditya did an introductory talk, since recently the Infrastructure team migrated everything from Puppet to Ansbile. The last day Praveen did a workshop demonstrating in practice how Ansible can be combined with Jenkins for Continuous Integration.

Packaging: One way that I contribute to the project is through RPM Packaging, so I tried to participate in most of the relevant talks/workshops. Amita Sharma walked us through the Fedora QA workflow, Jan Zeleny presented the roadmap for RPM and Dnf (the yum replacement), Haïkel Guémar coordinated a review package hackfest and Cole Robinson showed how packagers can utilize Virtualization tools for testing things.

Communications: New communication and collaboration tools are on the way. This is not directly related to the project, but it's Fedora people who drive the development on these. Hyperkitty will be the web interface for the upcoming Mailman3, Waarta is a web app for IRC/WebRTC and Glitter Gallery is a collaboration platform for designers which uses git as backend and SparkleShare as the sync client (I maintain the package for Fedora, so I'm really interested to see how this will go).

Novena: Sean Cross gave a keynote speech about the Novena project, the fully Open Source laptop. Still in the beginning, but seems really promising.

]]>
2014-08-13 15:51:54