Everything In Between

If your project so much as pretends to have a profit motive, I will tell you to go fuck yourself and your project.

Your Consent Is Not Being Violated By Accident

leave a comment

unquietpirate:

When you start looking for examples of nonconsensual culture in technology, you find them absolutely everywhere.

- Deb Chachra, Age of Non-Consent

About a month ago, someone sent me this lovely rant and asked me to publish it anonymously. I’ve been sitting on it mostly because I got wrapped up in other things. But I was reminded of it tonight when I read Deb Chachra’s “Age of Non-Consent” and Betsy Haibel’s “The Fantasy and Abuse of the Manipulable User”.

Both of the above pieces draw links between rape culture and issues of consent in software design. I recommend them both, particularly the Haibel piece, for incisive and disturbing analysis of the details of how the Stacks intentionally build software to violate their users’ consent — and what a major problem this is given technology’s influence on culture as a whole.

This coercion is picked up on and amplified by the platforms themselves – when someone I know tried to delete his Facebook account, it tried to guilt him out of it by showing him a picture of his mother and asking him if he really wanted to make it harder to stay in touch with her.

I’ve been in meetings where co-workers have described operant conditioning techniques to the higher-ups, in those words – talking about Skinner boxes and rat pellets and everything. I’ve been in meetings where those higher-ups metaphorically drooled like Pavlov’s dogs. The heart of abuse is a fantasy of power and control – and what fantasy is more compelling to a certain kind of business mind than that of a placidly manipulable customer?

- Betsy Haibel, The Fantasy and Abuse of the Manipulable User

However, where these otherwise terrific articles don’t go far enough is in explicitly acknowledging that the people who are most responsible for perpetuating rape culture and the people writing consent-violating software are the same people. It’s no coincidence that Facebook doesn’t care about your consent, because most of the people who work at Facebook wouldn’t think twice about getting you drunk and “taking advantage” of you at a party, or of defending a friend who did.

So, while both of the above authors optimistically implore high-level developers and other elite tech workers to adopt an ethic of “enthusiastic consent” when it comes to software design — as if the majority of workers in that sphere understand what that is or would even care if they did — my angry and extremely on-point friend below has another solution:

There has been much gnashing of teeth recently about how blatantly people’s privacy is violated by software like the new Facebook messenger app. These articles or editorials will rage about “companies like facebook” and often have a picture of Mark Zuckerberg’s punchable face just so people know who to have rage at.  One imagines Zuckerberg, possibly at the same table as the director of the NSA, maybe a CIA agent, and maybe the ghost of Steve Jobs all conspiring to violate your privacy and make hardware you bought do what they want against your will. The villain in these stories is either the CEO of some company or “the corporation” as a faceless monster.     

But what’s really going on here?  What we have, overwhelmingly, is a lot of technology being built which ignores the consent of the user.  A app which no one wants is forced on everyone, things which clearly everyone will hate are put in vague terms of service which essentially say that the service provider can do anything they want any time they want and there is nothing you can do about it.  How did this happen?  

Meanwhile, if you follow technology media and especially feminist technology media you see constant stories about what a festering shithole of sexism the technology industry is.  These articles are generally along the lines of a narrative about female engineers trying to be at conferences or trade shows and facing constant harassing of just about every kind from their overwhelmingly male peers.  They are constantly being touched, catcalled, and generally treated like shit, obviously against their will. Articles will talk about how this needs to be addressed in order to improve the quality of life for women in tech as well as to bring more women into tech.  As tech insider media, they meanwhile generally ignore the role of the user in all this.

What I find disappointing here, and is the point of this article, is that these are all the same shit heads, and that this is no accident.  Is it an accident that the same men who think it’s ok to grab ass at a technical conference are writing software that deliberately and blatantly ignores the consent of the user all the time?  No.  Because software is simply one of the worst industries in the history of technology.  I think it would be hard to find any industry in the history of technological capitalism that has held itself to such low standards and shown such consistent contempt for the user or for quality of their product.  

It is time for people in the public at large to stop seeing companies like Facebook as either a monolithic inhuman monster, or the personal fiefdom of some monstrous oligarch like Zuckerberg, but rather like just a big group of horrible people doing horrible work.  It’s time for the tech backlash within the industry to wake up to just how fucked the rest of us are by this, and for the rest of us to wake up to just how fucked this industry is from the inside.  

It’s time to smash Silicon Valley.

Yes, to all of this. My personal experiences of working in the software industry validates every word of this. It is why I left.

Written by Meitar

September 15th, 2014 at 2:36 pm

“Bitcoin can’t lead on its own to a disintermediated society,” and other uncomfortable truths about BitCoin

leave a comment

We live in an epoch of techno-utopianism with a strong drive for techno-cracy. The former means that many believe that technology alone determines certain outcomes, while the latter believes it is a good thing that flawed human processes are replaced by ‘clean’ technological processes. Both attitudes are very dangerous.

First, distributed technologies do not necessarily lead to distributed outcomes. We have seen this historically with the effect of the invention of printing, which led to a democratisation of knowledge and literacy, but also in time replaced the local autonomy of free medieval cities with much stronger and controlling nation-states, i.e. more political centralization, not less. Networks which have no counter-measures to maintain equality inevitably lead in time to a new concentration of resources. Hence, in Amazon and iTunes, the so-called long tail of culture consumption predicted by Chris Anderson is no longer operative, and in p2p social lending, 80% of loans are provided by big bangs and institutions, the very forces the technology was supposed to disintermediate.

Again and again, we see that the potential disintermediation of power, which may affect established powers, creates new intermediaries, such as the platform monopolies. Technologies are indeed, used by social forces, who inflect technologies for their own needs. The inequality of bitcoin ownership will inevitably further affect the structures that make bitcoin operational, leading to new kinds of monopolies. Technologies are always infused with human values, no programming or infrastructure is truly neutral in that respect.

Michel Bauwens’s “A political evaluation of BitCoin” sums up some of the most overlooked problems with cryptocurrency. A short read (~5 minutes) and very worth the time.

See also:

Written by Meitar

September 9th, 2014 at 7:23 pm

Cyberbusking: An Unusual Appeal

leave a comment

So, I don’t usually use blog posts to explicitly ask readers for donations. But I’m doing that tonight because in the span of 2 months, I’ve had to use money for a laptop repair ($300+), a car repair (~$370), and as of tonight, a car tow (~$130) and repair that I don’t yet have the bill for. These numbers are pretty extreme, for me.

As regular readers know, I don’t have a house. I have a car. That car is my house. (Legally speaking, I’m a vagrant.) For most folks, rent is the most expensive part of their budget. That’s true for me, too. It’s just that, for me, “rent” means “car insurance.” Since I’m kind of a cyborg, I also have a cell phone bill, and these two expenses combined are what I think of as “rent.”

I’ve done a lot more than I used to think possible to distance myself from the need to use money. To large extent, it’s worked. A huge chunk of my food comes from others’ waste, and another huge chunk of it comes from gift cards from readers like you. Most of my “cash on hand” also comes from donations, often for the utility software I make available such as Tumblr Crosspostr or the Inline Google Spreadsheet Viewer. (I also used to be on food stamps, but those were cut.)

I’ve been jobless for over four years now, and homeless for more than three. And yet, it’s in that time—the time when I’ve been jobless and homeless—that I’ve been at my most impactful, in areas ranging from sexual violence prevention to seed saving and food justice. I bring this up not to justify my existence (I don’t have to justify existing), but to remind you that having a job is totally unrelated to doing meaningful work. Telling jobs and bosses to go fuck themselves has been one of the best things I’ve ever done in terms of my personal productivity, and in terms of my positive impact on society.

I hope that’s as inspiring to you as it feels to me, because living in a world where people are treated first and foremost like humans instead of line items is a Big Fucking Deal to me. And getting rid of money is a necessary step towards that world.

But taking the path less traveled doesn’t make me independent of others. No one’s really completely independent anyway. What it makes me, then, is simply a lot more aware of the ways in which I am dependent on other people. And then my car breaks down for the second time in that many months while I’m hundreds of miles away from anyone I know and, well, #UghCapitalism.

What everyone intuitively knows but most people don’t acknowledge is that we use money to outsource the work of having human relationships. If I stayed put in this area long enough to make some friends, eventually someone might help me get the parts and fix my car. Or I could ditch the car, go back to hitchhiking, relying solely on the kindness and curiosity of strangers. And if I can’t get the money to fix my car, then maybe that’s what I’ll do. I’m pretty resourceful. Look, I’ll probably be just fine.

But if I’m going to get my car fixed, which I’d like to do so that I can continue focusing on coding instead of where my next ride is coming from, and if I’m going to get it fixed any time in the near future, which I’d like to do so that I can keep a commitment to someone I care about further up the coast, I’ve got to use money to do that. I’m lucky that I can dip into my bank account—something a lot of people don’t even have. But that’s money I would have otherwise spent primarily on things like gas or food.

I’m not really asking for your help because I can’t live without it. I probably can. But your donations make it possible for me to not merely survive, but to create; to focus on projects, ideas, and resources that make our world a better place. If you think what I’ve been doing is valuable, I need your help to continue spending my time and energy on that work. And if you think I’ve done a lot on my own, just imagine what I can accomplish with your help.

So, if you’ve appreciated any of the essays on my blogs, or if you’ve been using any code I wrote, and you’ve been on the fence about whether to donate, please do. There is no such thing as “just” a small donation. And given the past two months of expensive equipment failures, now is a time when even small donations will really make a difference.

Thanks.

Written by Meitar

August 12th, 2014 at 8:41 am

Shall. We. Play. A. Game? Predator Alert Tool as a game theoretic simulation of countermeasures to rape culture

leave a comment

In “Strategies Without Frontiers,” one of this week’s BSides LV information/security conference talks, software engineer and co-originator of the language-theoretic approach to computer security Meredith Patterson used Predator Alert Tool as an example of “an organic response against predatory [societal] games.” Or, in simpler words, Predator Alert Tool was cited as an example of how we can change our cultural environment from a relatively safe place for (sexual) predation into one that’s actively hostile to sexually predatory behaviors. And we can talk about that process using math, like this:

Normal form of the classic Prisoner's Dilemma game theory problem displays a matrix of outcomes for a given combination of player strategies ("cooperate" or "defect").

Normal form of the classic Prisoner’s Dilemma game theory problem displays a matrix of outcomes for a given combination of player strategies (“cooperate” or “defect”).

That’s why myself and a group of volunteer culture hackers have been blanketing the Internet’s social media websites with numerous different variations of Predator Alert Tool prototypes. We’re dissecting rape culture and using what we learn to devise game theoretic counter-strategies encoded as software tools that help people avoid undesirable outcomes.

That sounds complicated, but it has very humble origins: scale protective mechanisms that already work.

For the future, to use Meredith’s words:

Predicting your adversary’s behaviour is the holy grail of threat modeling. This talk will explore the problem of adversarial reasoning under uncertainty through the lens of game theory[. …] But as a tool for the real world, game theory seems to put the cart before the horse: how can you choose the proper strategy if you don’t necessarily even know what game you’re playing? For this, we turn to the relatively young field of probabilistic programming, which enables us to make powerful predictions about adversaries’ strategies and behaviour based on observed data.

In “the transparent society” of the public Internet, we can observe a lot of data. After all, the Internet is a record-keeping archive at the same time as it is a telecommunications medium. And this data reliably reveals patterns about who behaves in predatory ways:

People who try to break tools designed to support rape survivors are extremely likely not to support those who have had their consent violated. And it just so happens that identifying people who are likely to be unsupportive of those who have had their consent violated is what Predator Alert Tool is designed to do. Letting people attack PAT and then identifying who launched those attacks turns out to be an exceptionally reliable indicator—undeniable, even—that those attackers should be included in the database itself.

For the more mathematically minded, Predator Alert Tool can be approached as a reputation system coupled with a societally iterated prisoner’s dilemma. That is to say, it’s a tool designed to help you make dating choices that take into account all the past interactions a given person (like, say, the cutie you’re scoping out on OkCupid) has had. As one oft-targeted woman put it, “PEOPLE CAN SEE WHAT YOU TWEET AROUND HERE and some of us can’t afford to have short memories.”

And wouldn’t you know it? A lot of hackers are already working on this problem. Unfortunately for those of us who think rape is kind of a shitty thing to do, those highly-skilled and well-paid mathematicians and computer hackers are usually employed by secretive government agencies that are famous for sharing sexually explicit photos of attractive women intercepted from their private Internet communications. (Also, hey, thanks for letting us know about that, Edward Snowden.)

Sadly, we live in a world where sociopathic behavior isn’t just tolerated, it’s rewarded. Until that changes, I can guarantee you this: violence prevention needs more hackers.

Written by Meitar

August 6th, 2014 at 5:18 pm

Turn your Android phone into a full fledged programming environment

leave a comment

These days, mobile phones are basically computers. And not just any computer. If you have a smartphone, then it’s the same kind of computer as a regular ol’ laptop. Sure, the two look different, but once you get “under the hood” they look and feel remarkably similar.

I didn’t have a compelling reason—other than sheer curiosity, I suppose—to pop the hood of my Android smartphone until my one and only laptop suffered a severe electronics failure. It was unusable. It wouldn’t boot. (Thankfully, I’ve kept regular backups in an encrypted disk image on an external drive, so I didn’t lose any data.) Not having “a computer” is a really big deal to me, but I wasn’t totally without a computer. I had a smartphone. Necessity being the mother of invention (or resourcefulness as the case may be), I decided to dive into my Android device while I was waiting on my laptop repair.

My mission, which I chose to accept, was to see if I could turn my Android phone into a fully fledged web development console. Lo and behold, I could. And it’s not even that hard, but I did have to do some digging.

That’s because searching the ‘net for phrases like “web development on Android” mostly returns information on how to code and debug websites for mobile browsers, rather than how to use mobile phones as your environment for developing websites. Once I figured out which tools were suited for the task (and my personal tastes), though, everything else fell into place.

Tools for using Android as a development environment

I favor free, small, utilitarian apps that do one thing well, run with as few permissions as possible, and do not have advertisements. This means I looked for apps that could offer desktop-like functionality in the Android operating system. After some trial and error, here are the ones I found and like.

OI File Manager (filesystem explorer)

Pretty much everything on a computer ultimately gets represented as files on a filesystem. So, if you’re going to be writing code, you need to put that code into files. But smartphone interfaces like Android and iOS present you with apps to use, not a filesystem to browse. I have always hated this, in part because it’s just another way for companies to try to own your experience rather than giving you control of it. But also because it’s just downright clumsy given the underlying technology.

Some newer Android systems come with an app called File Manager that does give you some ability to create folders and move files (like the pictures in your Gallery app’s Albums) around. But it’s pretty limited and doesn’t show you all the files on your phone, like the hidden so-called “dotfiles.”

Enter OI File Manager.

This is an free, open-source, drop-in replacement for Android’s filesystem explorer. Using OI File Manager, you can move, rename, copy, and even share a file or batches of files all in one click. Even if you’re not a developer, I highly recommend grabbing OI File Manager, available on the Google Play Store.

VimTouch (source code editor)

Vi or Emacs? Vi, duh. Why? Because it’s small, fast, and available everywhere. Sure enough, an Android version exists, too. And it does what it says on the tin. VimTouch even has handy buttons for frequent commands like writeout (:w) and yank line (yy) to make your small-screen keyboard editing that much less painful.

Screenshot of VimTouch running on an Android phone and displaying an HTML file for editing.

Screenshot of VimTouch running on an Android phone and displaying an HTML file for editing.

On that note, and while not specifically related to development, I also picked up the Hacker’s Keyboard from the Google Play Store. This is a replacement for the software keyboard that ships with your Android device designed to make special characters often used in programming languages (like brackets or braces) easier to type.

The one drawback is that Hacker’s Keyboard doesn’t work well with TalkBack, Android’s built-in assistive technology for people who are visually impaired. This matters to me in principle, but thankfully I’m not visually impaired, so its failure to integrate with that part of the Android system doesn’t deter me. YMMV.

Alternative: 920 Text Editor

If you’re not already familiar with vim, using it can feel a little alien. In my searching, I also really liked the 920 Text Editor. It’s a more traditional text editor akin to Notepad++, so I grabbed both.

SGit

All of my projects are saved in git version control repositories. I need to be able to pull, commit, and push to those repositories. SGit fits the bill. It’s an ad-free, open source, full-featured git client with SSH transport support and even a built-in text editor and file browser, all clocking in at under 1.6MB. I particularly liked that the developer even went through the pains of removing unnecessary permissions from the application in a recent update to SGit on the Google Play Store.

AndFTP

Lyesoft’s AndFTP is a popular general purpose file transfer app that can FTP, SFTP, and SCP files around. Again, I liked that it’s small (1.27MB), feature-rich with its own file browser and transfer resume support, and is ad-free. An easy one-click install of AndFTP from the Google Play Store.

Firefox for Android with View Source Mobile add-on

Most Android devices come with the Google Chrome web browser pre-installed. It’s designed to be fast, and it is. If you don’t have an objection to using a Web browser built by an ad-supported company that probably already knows everything about you (as I do), you might as well stick with it.

That said, nothing beats Firefox’s ecosystem of add-ons and plugins. This is even more true for a developer, because one of the many functions conspicuously absent from smartphone Web browsers is a “View source” button. Luckily, View Source Mobile, an add-on for Firefox for Android, restores this vital function to the web browser.

Screenshot of Firefox for Android displaying the HTML source code of a web page using the "View Source Mobile" add-on.

Screenshot of Firefox for Android displaying the HTML source code of a web page using the “View Source Mobile” add-on.

Alternative: VT View Source

There’s also an app called VT View Source which does much the same thing, but runs as a full app instead of a Firefox for Android add-on. It has a few extra goodies like a one-click “Save to file” button. That can be useful if you’re going to be doing a lot of work. You can use Android’s “Share” functionality in your Web browser (whether Chrome or Firefox or some other browser, like the popular Dolphin Browser) to pass the URL to VT View Source and load it up.

In practice, I found that VT View Source didn’t always load the pages I tried to feed it, so I had to go back to Firefox’s “View source” add-on. Nevertheless, it’s good to know this alternative exists if for some reason Firefox for Android won’t work for you.

Palapa Web Server

The main reason this whole task was easier than I thought it was going to be is because Palapa Web Server packages a full LAMP-like development stack into a single, free Android app. Palapa Web Server gives you Lighttpd, MySQL, and PHP all pre-configured. It even offers to install PHPMyAdmin for you so you can create and manage MySQL databases right from your phone’s browser.

Best of all, you can edit the server config files right in the app itself. I took advantage of this to bind both the Lighttpd and MySQL servers to localhost, for security reasons. By default, turning on the servers will accept incoming network connections from anyone on your network, effectively giving people in-the-know a backdoor into your phone. That’s not good.

Screenshot of the Lighttpd server config screen in the Palapa Web Server app for Android.

Screenshot of the Lighttpd server config screen in the Palapa Web Server app for Android.

Other useful apps

The above apps are core utilities you’ll need to do some programming on your Android phone. Ultimately, the hardest part is working with the incredibly small screen. But even that can be eased by getting yourself a Bluetooth keyboard.

Even with all the above tools, though, my Android phone still felt very much like a smartphone. It didn’t really feel like a computer system in the way I was used to. So, here are the other tools I found and like that really make full use of Android’s Linux roots.

Note that for most of these to be interesting, you really ought to root your phone. If you’re not familiar with the process of rooting an Android phone, LifeHacker’s “Everything You Need to Know About Rooting Your Android Phone” is a good place to start reading.

SuperSU

If you have rooted your phone (it’s worth it), it’s a good idea to ensure you know what apps actually have superuser (“root”) access, and be able to revoke that permission from apps that don’t need it anymore. That’s where a superuser access manager like SuperSU comes in. It replaces the su binary on your system and pipes requests from apps to use it through it, so that it can enforce restrictions you put on which apps are allowed to use the root user and which aren’t.

Screenshot of SuperSU on Android displaying superuser access rights for the AdBlock Plus app.

Screenshot of SuperSU on Android displaying superuser access rights for the AdBlock Plus app.

I liked SuperSU because it’s a plain and easy, no-frills access manager.

Android Terminal Emulator

Every decent computer system needs a command line. Jack Palevich’s Android Terminal Emulator is that thing, for Android. It’s tiny. It’s colorful. Get it.

BusyBox Free

Once you explore the command line environment on Android for a few moments, you’ll notice that there’s not actually a lot there. The standard GNU/Linux utilities you’re probably already familiar with just aren’t available. That’s because they’re not installed.

BusyBox is what will give them to you. And, after you’ve rooted your phone, BusyBox Free is the best app package I’ve found for installing them on an Android phone. (It’s open source, too.) Once installed, you’ll be able to do things like netstat -an | grep -i listen in the Android Terminal Emulator just as you could on any other Linux distro.

Screenshot of a full Linux command line running on an Android phone using a combination of BusyBox Free and the Android Terminal Emulator apps.

Screenshot of a full Linux command line running on an Android phone using a combination of BusyBox Free and the Android Terminal Emulator apps.

ConnectBot (ssh client)

Even with BusyBox installed, one thing you’ll still be missing is a stand-alone SSH client for remote logins. That’s where the open source ConnectBot app comes in. It’s basically a terminal emulator, but one that connects to other computers (running SSH servers) and gives you a command line prompt on those machines. This is invaluable if, for instance, you ever find yourself on the move and need to quickly restart your website’s Web server.

Security and privacy essentials

Finally, if you care about your privacy and security (and you should), here’s a few more apps you don’t want to miss:

Orbot (Tor anonymizing proxy)

Orbot is Tor for your Android phone. If you’re unfamiliar with Tor, I suggest you read at least the start of my comprehensive guide to using Tor on Mac OS X.

The good folks who ported it to Android even made a snazzy walkthrough for complete beginners. Check it out.

ChatSecure (Jabber+OTR for Android and iOS)

If you do any serious chatting on your phone, you’ll want to pick up ChatSecure from the Google Play Store. Not only is it a multi-account Jabber client (so it works with Google Talk and Facebook Chat and so on), it can automatically encrypt your chats with anyone else who’s using an Off-The-Record (OTR) chat client, too.

For more apps like this, such as encrypted text messaging and voice calls, check out Open WhisperSystem’s TextSecure and RedPhone. (And if you have an iPhone, or if your friends do, tell them to go try Signal, the free encrypted voice calling app for iPhone.)

AdBlock Plus

I’ve said it before and I’ll say it again: advertisements are malware. Thankfully, AdBlock Plus does a pretty amazing job at getting rid of them. It works best if you’ve rooted your phone, but even if you haven’t, installing and configuring this app by following its easy on-screen instructions can turn those annoying ads in pretty much any app into blank “can’t load this image” squares.

Killing ads means you use less of your data plan (no need to load an ad!), which also saves you money. There’s just no good reason for any Android phone not to have this app. (And hey, there are AdBlock Plus versions for your laptop’s Web browser, too. Hint hint nudge nudge.)

What about you?

I did some serious research, but things change quickly in the computer world. Did I miss an awesome app? Do you have a cool tip for getting the most desktop-like experience out of an Android phone? Share your favorite apps and tips in the comments. :)

Written by Meitar

August 1st, 2014 at 11:46 pm

How to: Securely configure Mac OS X for network packet sniffing with Wireshark

leave a comment

If you’re anything like me, you often run into a computer problem or five that could be diagnosed more quickly by taking a peek at activity on the network. The best general purpose tool for inspecting network activity has gotta be Wireshark. It’s an industry-standard, open source packet sniffer that you can use for fun and profit.

Installing Wireshark is easy enough since various installers are probably already available for your system. Some builds for Mac OS X, however, expect you to run Wireshark from an admin user account in order to actually capture network packets. Although it seems the official Wireshark package recently lifted the requirement of an admin user, its Mac OS X readme used to say:

On Mac OS X, the BPF devices live on devfs, but the OS X version of devfs is based on an older (non-default) FreeBSD devfs, and that version of devfs cannot be configured to set the permissions and/or ownership of those devices.

Therefore, we supply a “startup item” for OS X that will change the ownership of the BPF devices so that the “admin” group owns them, and will change the permission of the BPF devices to rw-rw—-, so that all users in the “admin” group – i.e., all users with “Allow user to administer this computer” turned on – have both read and write access to them.

Using your computer day-to-day as an admin user is generally a very bad idea because it means one wrong click has a much greater chance of causing problems. Instead, I use a “standard” account and would recommend you do the same. Moreover, if you’re using an unofficial Wireshark package on Mac OS X, such as one obtained through MacPorts (as I am), then you may not even have Wireshark’s startup item. This will likely result in a common “no capture interfaces available” error in Wireshark itself.

Most of the solutions on the Web will also just tell you to chmod the /dev/bpf* devices. That’ll work, but you’ll have to chmod them after every reboot. To fix that, you can mimic Wireshark’s own startup item with a Mac OS X launchd job. Here’s one minimally modified from a MacPorts patch for this issue:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>Label</key>
	<string>org.macports.wireshark-chmodbpf</string>
	<key>Program</key>
	<string>/bin/sh</string>
	<key>ProgramArguments</key>
	<array>
		<string>/bin/sh</string>
		<string>-c</string>
		<string>/usr/sbin/chown root:wireshark /dev/bpf*; /bin/chmod g+r /dev/bpf*</string>
	</array>
	<key>RunAtLoad</key>
	<true/>
	<key>KeepAlive</key>
	<dict>
		<key>SuccessfulExit</key>
		<false/>
	</dict>
</dict>
</plist>

Save the above property list as a file named org.macports.wireshark-chmodbpf.plist (or something equally meaningful to you) and place it in your Mac’s /Library/Documents/LaunchDaemons folder. Unlike the original MacPorts patch and the old Wireshark package, this job changes the group ownership of /dev/bpf* to a group named wireshark.1

All you have to do is create a group named “wireshark” on your Mac, and add any user you want to give packet sniffing permissions to it. Once that’s done, load the launchd job by opening the Terminal and running the following command as an administrator:

sudo launchctl -w load /Library/LaunchDaemons/org.macports.wireshark-chmodbpf.plist

This way, only users in the “wireshark” group will be able to read from the BPF devices in Mac OS X, and you can still use your Mac as a non-admin user while packet sniffing.

  1. As of this writing, the official Wireshark package for Mac OS X will create a group named access_bpf for this purpose, basically equivalent to what I’ve named my wireshark group. []

Written by Meitar

July 15th, 2014 at 12:31 pm

Never have a career.

leave a comment

You are a multiplicity. […] The one and the many are not opposed to each other, okay? You can have one thing that is a multiplicity. A multiplicity. It’s such a strange phrase, “a multiplicity.” You’re a one thing that’s many things. You don’t have to add all up. “Who am I, REALLY?”

This is what a lot of capitalism, for want of a better word, wants from you: What am I gonna be? I’m gonna be…a CHEF! I’m gonna be…a MARKETING CONSULTANT! Right? “What am I gonna be?” Such a ridiculous question.

The question is what are you gonna do, today? What are you gonna do tomorrow? What are you gonna do for a year? What are you gonna do?

You don’t have to be something. What ARE you? “I’m a, a…I’m a financial analyst!”

“You ARE a financial analyst?” Aren’t you, like, ten million things? One of them happens to be “financial analyst” because, in capitalism, they make you work 60 hours a week? They really want you to be just one thing. They don’t want the financial analyst who comes in and he’s also smoking a spliff, listening to music, and writing an Opera, and doing all the other things he likes to do. Right? He has to be ONE thing.

So, these idiotic questions like, “What am I gonna do? What am I gonna be? What’s my career?” Right?

Career is the most insidious, evil question. Never have a career. Who wants a career? It’s the worst thing. Like, what am I gonna devote my entire life to that’s gonna make someone else a whole lot of money? That’s what the question is. Remember those questions that are on the [chalk]board on Tuesday: “What’s at stake? Who pays?”

The question, “Who am I? What am I?” It’s a ridiculous question. You’re a multitude. You’re many, many things.

Daniel Coffeen, in “Rhetoric 10: Lecture 8,” February 13, 2008.

See also:

Written by Meitar

June 19th, 2014 at 11:30 am

Posted in Crosspost,Maybe Maimed

Tagged with ,

New “Support Circle” feature in Predator Alert Tool for Twitter helps cyberbullying targets get help from friends

leave a comment

Tonight’s update to the Predator Alert Tool for Twitter adds a feature inspired by the award-winning Circle of 6 anti-violence iPhone app to help cyberbullying targets call for help when they need it:

This screenshot shows a small excerpt from a four hour long cyberbullying dogpile by @nullvoid9 on Twitter, with the new "Get help from your Support Circle" link under their tweet.

Your Support Circle are other Twitter users who you know and trust to publicly back you up when you’re getting bullied on Twitter. When you’re enduring cyberbullying on Twitter, you can use Predator Alert Tool for Twitter to get help from your Support Circle in one click. Everyone in your Support Circle receives a Direct Message asking them to help you, with a link to the harassing messages.

Just the other day, I was harassed on Twitter for more than 4 straight hours by a clique of pop social justice cyberbullies. As a result of that, I spent all night yesterday and all day today trying to come up with more ways to literally encode anti-bullying mechanisms into the technology that I use. As I said then:

[I]f we want to meaningfully address #cyberbullying we need to:

  1. build communication tools for target(s) & supporter(s) to connect, FAST.
  2. Change the way we think about abuse and #cyberbullying (and violence) from “a thing bullies do” to “an experience that a target endures,” and
  3. nurture mutually meaningful relationships w/other individual people (as opposed to “support causes for demographics”).

For me personally, this means continuing to literally encode these goals in Predator Alert Tool code. You can help by sharing ideas with me. Until you have an idea to share you can also help by sharing links to work I already did to encode ideas by @unquietpirate & others in code. Those links are easy to find on the Internet, e.g., on LifeHacker and at [my homepage], maymay.net.

The “Support Circle” feature I added to Predator Alert Tool for Twitter today is part of me enacting goal number 1: build communication tools for target(s) and supporter(s) to connect, fast.

As usual, sending me bug reports and feature requests are both equally appreciated, as are donations of food to keep me hacking.

Written by Meitar

June 16th, 2014 at 1:17 am

Predator Alert Tools for OkCupid, Facebook, and Twitter featured by LifeHacker.com

one comment

The Predator Alert Tool for OkCupid was featured on LifeHacker’s “After Hours” sex and dating themed site:

Predator Alert is a userscript, which means you’ll first need to install Tampermonkey for Chrome, or Greasemonnkey for Firefox, and then install Predator Alert. Once installed, the add-on will prompt you to log in to your profile, and walk you through a number of questions related to consent and sexual violence. By answering the questions, the tool gets visibility into the answers other users provide to the same questions, and it’s able to use their answers to raise the red flag if it finds someone dangerous. There’s a detailed installation guide and walkthrough here, and more detail on the nature of the questions at the link below.

Once you’re all set up, the tool does the rest of the work for you. As you browse OkCupid, the tool will visually highlight any user’s profile that’s answered those same questions in a concerning way (namely, one that implies that at worst, they have or are willing to sexually assault someone, or at the very least don’t care about the other party’s consent.) Similarly, each time you open a user’s profile, the tool snags the user’s profile picture and runs it through the United States’s Sex Offender Registry (via CreepShield.com) for facial recognition matches. It’ll display the match percentage next to their profile, and you can click it for more information[…].

[…]

Hit the link below to download, and read more about the methodology behind the tool. You can also grab it for other networks as well, including Facebook and Twitter.

Predator Alert Tool for OkCupid | Maybe Maimed but Never Harmed

Check out my blog’s Predator Alert Tool tag for lots more, including screenshots of the tools in action.

Written by Meitar

June 12th, 2014 at 11:33 pm

Why a “Predator Alert Tool” for Twitter?

leave a comment

Despite many “anti-bullying” campaigns, online harassment and cyberbullying are prevalent behaviors. Most anti-abuse efforts fail because they tend to focus on appeals to authority. The now-ubiquitous “Report Abuse” buttons on social networking websites like Twitter are one such example, yet their ubiquity have not curbed the behaviors or harm they purport to address or mitigate.

We believe these efforts have failed because cyberbullying and online harassment are cultural, not technological, problems inherited from a society where coercion and abusive behavior offline are normalized. Abusive behavior is no more successfully mitigated in the physical world through appeals to authority than it is likely to be mitigated in the online world through the same sorts of appeals. This is doubly true in an environment where the biggest “bullies” are the authorities themselves:

People who are being abused have no recourse, because the systems that are supposedly set up to help them actually harm them further. Victims of domestic violence who call the police are often jailed themselves, because the police are required to arrest somebody and choose to arrest the ‘hysterical’ victim over the seemingly ‘calm and rational’ abuser. When I was in grade school, this happened on a regular basis: Kids threw rocks at me, and then I got sent to the principals office, because I punched one of them. It didn’t matter that I punched them because they were THROWING ROCKS AT ME. It happens at all scales, including and especially on the Internet.

@maymaymx, Predator Alert Tool for Twitter developer

To put it less diplomatically, the Internet has been doing “report abuse” wrong because its admins are corrupt. The “Report Abuse” button should go to the rest of the user community, not just the site admins.

Predator Alert Tool for Twitter is the Twitter part of an Internet-wide anti-abuse effort to change the way people think about bullying, violence, and abuse. Rather than creating an opaque appeal to authority that silences people (such as current “Report Abuse” forms), it sends a radically transparent and contextualized signal boost to friends and supporters of the person who bullies and abusers target. Using Predator Alert Tool for Twitter, the targeted user can ask for help and support at the same time as they are alerting the rest of the Twitter user community about behavior they have experienced as abusive.

I began writing some further concept documentation for Predator Alert Tool for Twitter, because I don’t sound enough like a broken record for most people to even begin to understand what the hell I’m doing, yet. It’s really lonely being so (intentionally) misunderstood.

Written by Meitar

June 5th, 2014 at 1:28 pm