Everything In Between

If your project so much as pretends to have a profit motive, I will tell you to go fuck yourself and your project.

Quick Hit Remix: 3 Reasons Why Rape Fans from Both Sides of the Fence Hate “Consent as a Felt Sense”

leave a comment

Both feminists and anti-feminists routinely make 3 arguments against changing cultural understandings of consent towards a “Consent-as-Felt” and away from a “Consent-as-Permission” model.

The first is that understanding consent as “being okay with an experience one is having or has had” rather than as “expressing permission to do a thing” is incompatible with the legal system. We consider this a feature, not a bug. Obviously, the legal system is also incompatible with providing peace of mind for its citizens and justice for the alleged perpetrators.

The second is that consent-as-felt “attacks personal responsibility” (in anti-feminist jargon) or “removes individual agency” (in feminist jargon). This logic asserts experiencing sex that one later “regrets” is categorically different and mutually exclusive from (“real”) rape because (“real”) rape is always identifiable as such at the moment bodies collide—and anyways, nevermind that intimate violation, not regret, is rape’s defining element. And even if we were to cede the ridiculous point that rape survivors “should take personal responsibility and not put themselves in a situation to get raped,” this still means the people who raped them are rapists. In other words, they are arguing that your regret is a false accusation.

The third is that accepting consent as a felt sense would “trivialize” the instances of rape currently recognized as rape because we would be forced to accept that things we don’t today consider (“legitimate”) rape are, in fact, also rape. Put another way, they argue we should not want to call all rapists rapists because our priority must be auditing and ranking rape survivors’ experiences. In this logic, not all rape is, y’know, RAPE, so they have euphemistic modifiers like “date,” “gray,” and “marital,” which all convey the meaning: “only sorta.” But it is certainly not “trivializing” rape to say that rapists are rapists any more than it trivializes photography to say that photographers are photographers. Endlessly debating these semantics while ignoring how many rapes, how much trauma, is being experienced right now, today, that we are not even willing to name is pedantic at best, and cruel at worst.

All three of these arguments anti- and pro-feminists are making against our Consent as a Felt Sense essay assist in the perpetuation of an environment so universally coercive that the rapes we can recognize as such are but a mere fraction of the trauma experienced. What the reaction to Consent as a Felt Sense shows most of all is that folks from “both sides” of the issue want discussion about consent to stay firmly rooted in lawyerly debating which rapes are “rape” and which are not.

We don’t think that’s helpful.

A more succinct remix of my longer essay, “3 Reasons Why Rape Fans From Both Sides of the Fence Hate ‘Consent as a Felt Sense.’”

See also:

Written by Meitar

October 1st, 2014 at 2:53 pm

“How I Explained Heartbleed To My Therapist”

leave a comment

This is an important post by Meredith L. Patterson:

“Remember back around April or May, when you had to change your passwords on all the websites you use? Facebook, Yahoo, LinkedIn, everywhere?” He nods, vigorously. “Do you remember hearing the word ‘Heartbleed’ back around then?” A blank look. Maybe I should have worn the T-shirt. Too late. I have to press on.

“That part’s not important. It doesn’t matter what the problem was called. What matters is, there’s one piece of software that nearly all those websites use to make sure that all the messages that go between your browser and their site are private. And nobody pays for it.”

“Nobody at all?”

“Nobody. The people who write it have been working on it for like fifteen years now, and they’re basically all working for free, the same way I’m doing on the work I’d rather be doing, even though Google and Facebook and practically every company with a website relies on that software these guys make. ‘Relies’ as in without this software, all their business evaporates.” I leave out the part where half of “these guys” are my dead husband’s friends and they’re not all guys; there will be time to talk about that at a later appointment. “And back around New Year’s in 2011, one of those guys made a little mistake with a really big consequence. The upshot of it was that any jerkoff could just ask whatever websites they wanted for whatever private information they had on hand at the time — your passwords, your calendar, whatever.

“And nobody in a position to fix it noticed until April of this year. Which is why you and everybody else had to change all your passwords. And in the meantime, who knows how many credit card numbers and god knows what else got snatched.” My e-cigarette is nearly empty but I fidget with it anyway, calculating on the back of the envelope in my head whether I can dredge just one more hit of nicotine without burning the coil to an ashy, taste-ruining wreck. Everything has become a cost-benefit analysis on the edge of a razor in this New New Economy that has become my life: how far can I stretch the resources I have before physics or information theory dictate they snap? “And even after a disaster like this, these poor fuckers are still running on handfuls of donations. They’re still overstretched and understaffed. It’s a tragedy of the commons problem.”

That’s a catchphrase you hear sometimes in sociology, a cousin dialect to the language of psychoanalysis he speaks. He leans forward. “In what way?” he asks. I hope it means I’ve given him firmer footing than all this computery shit he doesn’t speak.

“These bugs that happen, these mistakes in software that lead to vulnerabilities, they aren’t one-off problems. They’re systemic. There are patterns to them and patterns to how people take advantage of them. But it isn’t in any one particular company’s interest to dump a pile of their own resources into fixing even one of the problems, much less dump a pile of resources into an engineering effort to fight the pattern. Google could easily throw a pile of engineers at fixing OpenSSL, but it’d never be in their interest to do it, because they’d be handing Facebook and LinkedIn and Amazon a pile of free money in unspent remediation costs. They’ve got even less incentive to fix entire classes of vulnerabilities across the board. Same goes for everybody else in the game.

See also, “Your Consent Is Not Being Violated By Accident” and “Predator Alert Tool as a Game Theoretic Simulation of Countermeasures to Rape Culture,” two posts further describing the intentional abuse by the Silicon Valley for-profits against individuals and organizations who explicitly declare a “people over profit” motive. Also relevant is this short post about the so-called “sharing economy,” bluntly titled, “Get on your knees and thank the Silicon Valley elites for your chance to serve them.

The Internet as an Identity-Multiplying Technology

leave a comment

When I saw that a friend had shared this years-old post about Facecebook founder Mark Zuckerberg‘s infamous remark that “Having two identities for yourself is an example of a lack of integrity,” I thought I’d chime in:

Actually, Zuckerberg’s is a common misunderstanding of telecommunications.

If you’ve done even a tiny bit of academic study on media you will have encountered McLuhan’s “The Medium Is the Massage,” which talks about the ways that many people “approach the new with the psychological conditioning and sensory responses of the old.” In other words, people treat the Internet like TV we can click on, just as they treated TV like radio we can see. This is obviously wrong, but it takes a lot of time for people as a demographic whole to approach new technological abilities in what we might call a “native” way. See, for instance, the entire discussion around “Digital natives,” of which I will note Zuckerberg is not.

What’s at issue in the “nymwars” (or “Real Names Policies”) is not integrity at all, but rather power and control. Namely, that of an authoritarian entity such as a government to have the power to legitimize what your identity is (your “real name”), and to control what you can do with that identity. Facebook has a cozy relationship with governments because the interests of both governments and Facebook are well-aligned with respect to how they would like people to use identities. This is why Facebook appeals to the legal system to enforce its “Real Names” policy, see specifically the Computer Fraud and Abuse Act clauses about “misrepresenting identity” for “authorized” versus “unauthorized access.”

In point of fact, however, identities are not inherently static things—there is no “real” you distinct from any other you, at least not any more or less “real” than any other (“part of”) you. They can and do change with time, space, and other factors. The physical capability of communicating to people far away from us therefore has a direct impact on the identities we hold, and subsequently, choose to claim, because that is a fundamentally different thing than speaking to someone who is next to you. This began with the invention of writing, not the telegraph. The telegraph simply sped up the process.

What Zuckerberg and many other people don’t understand is that the impact telecommunication actually has on identities is a fracturing and multiplying of identities. They are still stuck cognitively processing the Internet as a “window” through which you can “look at things” like “pages.” (Why do you think they called it a “Browser window”?) But what the Internet actually is, with respect to who we are (as opposed to we do) is very different. The Internet is much more like a ham radio than a telephone. Just as ham radio operators took callsigns when transmitting, so do we take “screen names” when writing online forum posts.

What this means in the Internet, a world with unlimited space distinctly unlike ham radio, is that an individual body can be influential in an unlimited number of arenas that may never intersect. And, given that, it means an individual body can have an unlimited number of distinct identities, each one time-and-space-sliced. There is a real, whole “identity” in each of these time-and-space slices of influence.

The Internet is therefore unique in that exactly contrary to Zuckerberg’s self-serving assertions, the Internet is an identity multiplexing technology. It is not, never has been, and I strongly argue must never be allowed to be an identity trunking technology.

End rant.

The interaction between telecommunication and identity, as well as this interaction’s effect on societal notions of safety and privacy, has been one of my primary philosophical inquiries. For more, see also:

Written by Meitar

September 19th, 2014 at 2:42 pm

Your Consent Is Not Being Violated By Accident

leave a comment

unquietpirate:

When you start looking for examples of nonconsensual culture in technology, you find them absolutely everywhere.

- Deb Chachra, Age of Non-Consent

About a month ago, someone sent me this lovely rant and asked me to publish it anonymously. I’ve been sitting on it mostly because I got wrapped up in other things. But I was reminded of it tonight when I read Deb Chachra’s “Age of Non-Consent” and Betsy Haibel’s “The Fantasy and Abuse of the Manipulable User”.

Both of the above pieces draw links between rape culture and issues of consent in software design. I recommend them both, particularly the Haibel piece, for incisive and disturbing analysis of the details of how the Stacks intentionally build software to violate their users’ consent — and what a major problem this is given technology’s influence on culture as a whole.

This coercion is picked up on and amplified by the platforms themselves – when someone I know tried to delete his Facebook account, it tried to guilt him out of it by showing him a picture of his mother and asking him if he really wanted to make it harder to stay in touch with her.

I’ve been in meetings where co-workers have described operant conditioning techniques to the higher-ups, in those words – talking about Skinner boxes and rat pellets and everything. I’ve been in meetings where those higher-ups metaphorically drooled like Pavlov’s dogs. The heart of abuse is a fantasy of power and control – and what fantasy is more compelling to a certain kind of business mind than that of a placidly manipulable customer?

- Betsy Haibel, The Fantasy and Abuse of the Manipulable User

However, where these otherwise terrific articles don’t go far enough is in explicitly acknowledging that the people who are most responsible for perpetuating rape culture and the people writing consent-violating software are the same people. It’s no coincidence that Facebook doesn’t care about your consent, because most of the people who work at Facebook wouldn’t think twice about getting you drunk and “taking advantage” of you at a party, or of defending a friend who did.

So, while both of the above authors optimistically implore high-level developers and other elite tech workers to adopt an ethic of “enthusiastic consent” when it comes to software design — as if the majority of workers in that sphere understand what that is or would even care if they did — my angry and extremely on-point friend below has another solution:

There has been much gnashing of teeth recently about how blatantly people’s privacy is violated by software like the new Facebook messenger app. These articles or editorials will rage about “companies like facebook” and often have a picture of Mark Zuckerberg’s punchable face just so people know who to have rage at.  One imagines Zuckerberg, possibly at the same table as the director of the NSA, maybe a CIA agent, and maybe the ghost of Steve Jobs all conspiring to violate your privacy and make hardware you bought do what they want against your will. The villain in these stories is either the CEO of some company or “the corporation” as a faceless monster.     

But what’s really going on here?  What we have, overwhelmingly, is a lot of technology being built which ignores the consent of the user.  A app which no one wants is forced on everyone, things which clearly everyone will hate are put in vague terms of service which essentially say that the service provider can do anything they want any time they want and there is nothing you can do about it.  How did this happen?  

Meanwhile, if you follow technology media and especially feminist technology media you see constant stories about what a festering shithole of sexism the technology industry is.  These articles are generally along the lines of a narrative about female engineers trying to be at conferences or trade shows and facing constant harassing of just about every kind from their overwhelmingly male peers.  They are constantly being touched, catcalled, and generally treated like shit, obviously against their will. Articles will talk about how this needs to be addressed in order to improve the quality of life for women in tech as well as to bring more women into tech.  As tech insider media, they meanwhile generally ignore the role of the user in all this.

What I find disappointing here, and is the point of this article, is that these are all the same shit heads, and that this is no accident.  Is it an accident that the same men who think it’s ok to grab ass at a technical conference are writing software that deliberately and blatantly ignores the consent of the user all the time?  No.  Because software is simply one of the worst industries in the history of technology.  I think it would be hard to find any industry in the history of technological capitalism that has held itself to such low standards and shown such consistent contempt for the user or for quality of their product.  

It is time for people in the public at large to stop seeing companies like Facebook as either a monolithic inhuman monster, or the personal fiefdom of some monstrous oligarch like Zuckerberg, but rather like just a big group of horrible people doing horrible work.  It’s time for the tech backlash within the industry to wake up to just how fucked the rest of us are by this, and for the rest of us to wake up to just how fucked this industry is from the inside.  

It’s time to smash Silicon Valley.

Yes, to all of this. My personal experiences of working in the software industry validates every word of this. It is why I left.

Written by Meitar

September 15th, 2014 at 2:36 pm

“Bitcoin can’t lead on its own to a disintermediated society,” and other uncomfortable truths about BitCoin

leave a comment

We live in an epoch of techno-utopianism with a strong drive for techno-cracy. The former means that many believe that technology alone determines certain outcomes, while the latter believes it is a good thing that flawed human processes are replaced by ‘clean’ technological processes. Both attitudes are very dangerous.

First, distributed technologies do not necessarily lead to distributed outcomes. We have seen this historically with the effect of the invention of printing, which led to a democratisation of knowledge and literacy, but also in time replaced the local autonomy of free medieval cities with much stronger and controlling nation-states, i.e. more political centralization, not less. Networks which have no counter-measures to maintain equality inevitably lead in time to a new concentration of resources. Hence, in Amazon and iTunes, the so-called long tail of culture consumption predicted by Chris Anderson is no longer operative, and in p2p social lending, 80% of loans are provided by big bangs and institutions, the very forces the technology was supposed to disintermediate.

Again and again, we see that the potential disintermediation of power, which may affect established powers, creates new intermediaries, such as the platform monopolies. Technologies are indeed, used by social forces, who inflect technologies for their own needs. The inequality of bitcoin ownership will inevitably further affect the structures that make bitcoin operational, leading to new kinds of monopolies. Technologies are always infused with human values, no programming or infrastructure is truly neutral in that respect.

Michel Bauwens’s “A political evaluation of BitCoin” sums up some of the most overlooked problems with cryptocurrency. A short read (~5 minutes) and very worth the time.

See also:

Written by Meitar

September 9th, 2014 at 7:23 pm

Cyberbusking: An Unusual Appeal

leave a comment

So, I don’t usually use blog posts to explicitly ask readers for donations. But I’m doing that tonight because in the span of 2 months, I’ve had to use money for a laptop repair ($300+), a car repair (~$370), and as of tonight, a car tow (~$130) and repair that I don’t yet have the bill for. These numbers are pretty extreme, for me.

As regular readers know, I don’t have a house. I have a car. That car is my house. (Legally speaking, I’m a vagrant.) For most folks, rent is the most expensive part of their budget. That’s true for me, too. It’s just that, for me, “rent” means “car insurance.” Since I’m kind of a cyborg, I also have a cell phone bill, and these two expenses combined are what I think of as “rent.”

I’ve done a lot more than I used to think possible to distance myself from the need to use money. To large extent, it’s worked. A huge chunk of my food comes from others’ waste, and another huge chunk of it comes from gift cards from readers like you. Most of my “cash on hand” also comes from donations, often for the utility software I make available such as Tumblr Crosspostr or the Inline Google Spreadsheet Viewer. (I also used to be on food stamps, but those were cut.)

I’ve been jobless for over four years now, and homeless for more than three. And yet, it’s in that time—the time when I’ve been jobless and homeless—that I’ve been at my most impactful, in areas ranging from sexual violence prevention to seed saving and food justice. I bring this up not to justify my existence (I don’t have to justify existing), but to remind you that having a job is totally unrelated to doing meaningful work. Telling jobs and bosses to go fuck themselves has been one of the best things I’ve ever done in terms of my personal productivity, and in terms of my positive impact on society.

I hope that’s as inspiring to you as it feels to me, because living in a world where people are treated first and foremost like humans instead of line items is a Big Fucking Deal to me. And getting rid of money is a necessary step towards that world.

But taking the path less traveled doesn’t make me independent of others. No one’s really completely independent anyway. What it makes me, then, is simply a lot more aware of the ways in which I am dependent on other people. And then my car breaks down for the second time in that many months while I’m hundreds of miles away from anyone I know and, well, #UghCapitalism.

What everyone intuitively knows but most people don’t acknowledge is that we use money to outsource the work of having human relationships. If I stayed put in this area long enough to make some friends, eventually someone might help me get the parts and fix my car. Or I could ditch the car, go back to hitchhiking, relying solely on the kindness and curiosity of strangers. And if I can’t get the money to fix my car, then maybe that’s what I’ll do. I’m pretty resourceful. Look, I’ll probably be just fine.

But if I’m going to get my car fixed, which I’d like to do so that I can continue focusing on coding instead of where my next ride is coming from, and if I’m going to get it fixed any time in the near future, which I’d like to do so that I can keep a commitment to someone I care about further up the coast, I’ve got to use money to do that. I’m lucky that I can dip into my bank account—something a lot of people don’t even have. But that’s money I would have otherwise spent primarily on things like gas or food.

I’m not really asking for your help because I can’t live without it. I probably can. But your donations make it possible for me to not merely survive, but to create; to focus on projects, ideas, and resources that make our world a better place. If you think what I’ve been doing is valuable, I need your help to continue spending my time and energy on that work. And if you think I’ve done a lot on my own, just imagine what I can accomplish with your help.

So, if you’ve appreciated any of the essays on my blogs, or if you’ve been using any code I wrote, and you’ve been on the fence about whether to donate, please do. There is no such thing as “just” a small donation. And given the past two months of expensive equipment failures, now is a time when even small donations will really make a difference.

Thanks.

Written by Meitar

August 12th, 2014 at 8:41 am

Shall. We. Play. A. Game? Predator Alert Tool as a game theoretic simulation of countermeasures to rape culture

one comment

In “Strategies Without Frontiers,” one of this week’s BSides LV information/security conference talks, software engineer and co-originator of the language-theoretic approach to computer security Meredith Patterson used Predator Alert Tool as an example of “an organic response against predatory [societal] games.” Or, in simpler words, Predator Alert Tool was cited as an example of how we can change our cultural environment from a relatively safe place for (sexual) predation into one that’s actively hostile to sexually predatory behaviors. And we can talk about that process using math, like this:

Normal form of the classic Prisoner's Dilemma game theory problem displays a matrix of outcomes for a given combination of player strategies ("cooperate" or "defect").

Normal form of the classic Prisoner’s Dilemma game theory problem displays a matrix of outcomes for a given combination of player strategies (“cooperate” or “defect”).

That’s why myself and a group of volunteer culture hackers have been blanketing the Internet’s social media websites with numerous different variations of Predator Alert Tool prototypes. We’re dissecting rape culture and using what we learn to devise game theoretic counter-strategies encoded as software tools that help people avoid undesirable outcomes.

That sounds complicated, but it has very humble origins: scale protective mechanisms that already work.

For the future, to use Meredith’s words:

Predicting your adversary’s behaviour is the holy grail of threat modeling. This talk will explore the problem of adversarial reasoning under uncertainty through the lens of game theory[. …] But as a tool for the real world, game theory seems to put the cart before the horse: how can you choose the proper strategy if you don’t necessarily even know what game you’re playing? For this, we turn to the relatively young field of probabilistic programming, which enables us to make powerful predictions about adversaries’ strategies and behaviour based on observed data.

In “the transparent society” of the public Internet, we can observe a lot of data. After all, the Internet is a record-keeping archive at the same time as it is a telecommunications medium. And this data reliably reveals patterns about who behaves in predatory ways:

People who try to break tools designed to support rape survivors are extremely likely not to support those who have had their consent violated. And it just so happens that identifying people who are likely to be unsupportive of those who have had their consent violated is what Predator Alert Tool is designed to do. Letting people attack PAT and then identifying who launched those attacks turns out to be an exceptionally reliable indicator—undeniable, even—that those attackers should be included in the database itself.

For the more mathematically minded, Predator Alert Tool can be approached as a reputation system coupled with a societally iterated prisoner’s dilemma. That is to say, it’s a tool designed to help you make dating choices that take into account all the past interactions a given person (like, say, the cutie you’re scoping out on OkCupid) has had. As one oft-targeted woman put it, “PEOPLE CAN SEE WHAT YOU TWEET AROUND HERE and some of us can’t afford to have short memories.”

And wouldn’t you know it? A lot of hackers are already working on this problem. Unfortunately for those of us who think rape is kind of a shitty thing to do, those highly-skilled and well-paid mathematicians and computer hackers are usually employed by secretive government agencies that are famous for sharing sexually explicit photos of attractive women intercepted from their private Internet communications. (Also, hey, thanks for letting us know about that, Edward Snowden.)

Sadly, we live in a world where sociopathic behavior isn’t just tolerated, it’s rewarded. Until that changes, I can guarantee you this: violence prevention needs more hackers.

Written by Meitar

August 6th, 2014 at 5:18 pm

Turn your Android phone into a full fledged programming environment

leave a comment

These days, mobile phones are basically computers. And not just any computer. If you have a smartphone, then it’s the same kind of computer as a regular ol’ laptop. Sure, the two look different, but once you get “under the hood” they look and feel remarkably similar.

I didn’t have a compelling reason—other than sheer curiosity, I suppose—to pop the hood of my Android smartphone until my one and only laptop suffered a severe electronics failure. It was unusable. It wouldn’t boot. (Thankfully, I’ve kept regular backups in an encrypted disk image on an external drive, so I didn’t lose any data.) Not having “a computer” is a really big deal to me, but I wasn’t totally without a computer. I had a smartphone. Necessity being the mother of invention (or resourcefulness as the case may be), I decided to dive into my Android device while I was waiting on my laptop repair.

My mission, which I chose to accept, was to see if I could turn my Android phone into a fully fledged web development console. Lo and behold, I could. And it’s not even that hard, but I did have to do some digging.

That’s because searching the ‘net for phrases like “web development on Android” mostly returns information on how to code and debug websites for mobile browsers, rather than how to use mobile phones as your environment for developing websites. Once I figured out which tools were suited for the task (and my personal tastes), though, everything else fell into place.

Tools for using Android as a development environment

I favor free, small, utilitarian apps that do one thing well, run with as few permissions as possible, and do not have advertisements. This means I looked for apps that could offer desktop-like functionality in the Android operating system. After some trial and error, here are the ones I found and like.

OI File Manager (filesystem explorer)

Pretty much everything on a computer ultimately gets represented as files on a filesystem. So, if you’re going to be writing code, you need to put that code into files. But smartphone interfaces like Android and iOS present you with apps to use, not a filesystem to browse. I have always hated this, in part because it’s just another way for companies to try to own your experience rather than giving you control of it. But also because it’s just downright clumsy given the underlying technology.

Some newer Android systems come with an app called File Manager that does give you some ability to create folders and move files (like the pictures in your Gallery app’s Albums) around. But it’s pretty limited and doesn’t show you all the files on your phone, like the hidden so-called “dotfiles.”

Enter OI File Manager.

This is an free, open-source, drop-in replacement for Android’s filesystem explorer. Using OI File Manager, you can move, rename, copy, and even share a file or batches of files all in one click. Even if you’re not a developer, I highly recommend grabbing OI File Manager, available on the Google Play Store.

VimTouch (source code editor)

Vi or Emacs? Vi, duh. Why? Because it’s small, fast, and available everywhere. Sure enough, an Android version exists, too. And it does what it says on the tin. VimTouch even has handy buttons for frequent commands like writeout (:w) and yank line (yy) to make your small-screen keyboard editing that much less painful.

Screenshot of VimTouch running on an Android phone and displaying an HTML file for editing.

Screenshot of VimTouch running on an Android phone and displaying an HTML file for editing.

On that note, and while not specifically related to development, I also picked up the Hacker’s Keyboard from the Google Play Store. This is a replacement for the software keyboard that ships with your Android device designed to make special characters often used in programming languages (like brackets or braces) easier to type.

The one drawback is that Hacker’s Keyboard doesn’t work well with TalkBack, Android’s built-in assistive technology for people who are visually impaired. This matters to me in principle, but thankfully I’m not visually impaired, so its failure to integrate with that part of the Android system doesn’t deter me. YMMV.

Alternative: 920 Text Editor

If you’re not already familiar with vim, using it can feel a little alien. In my searching, I also really liked the 920 Text Editor. It’s a more traditional text editor akin to Notepad++, so I grabbed both.

SGit

All of my projects are saved in git version control repositories. I need to be able to pull, commit, and push to those repositories. SGit fits the bill. It’s an ad-free, open source, full-featured git client with SSH transport support and even a built-in text editor and file browser, all clocking in at under 1.6MB. I particularly liked that the developer even went through the pains of removing unnecessary permissions from the application in a recent update to SGit on the Google Play Store.

AndFTP

Lyesoft’s AndFTP is a popular general purpose file transfer app that can FTP, SFTP, and SCP files around. Again, I liked that it’s small (1.27MB), feature-rich with its own file browser and transfer resume support, and is ad-free. An easy one-click install of AndFTP from the Google Play Store.

Firefox for Android with View Source Mobile add-on

Most Android devices come with the Google Chrome web browser pre-installed. It’s designed to be fast, and it is. If you don’t have an objection to using a Web browser built by an ad-supported company that probably already knows everything about you (as I do), you might as well stick with it.

That said, nothing beats Firefox’s ecosystem of add-ons and plugins. This is even more true for a developer, because one of the many functions conspicuously absent from smartphone Web browsers is a “View source” button. Luckily, View Source Mobile, an add-on for Firefox for Android, restores this vital function to the web browser.

Screenshot of Firefox for Android displaying the HTML source code of a web page using the "View Source Mobile" add-on.

Screenshot of Firefox for Android displaying the HTML source code of a web page using the “View Source Mobile” add-on.

Alternative: VT View Source

There’s also an app called VT View Source which does much the same thing, but runs as a full app instead of a Firefox for Android add-on. It has a few extra goodies like a one-click “Save to file” button. That can be useful if you’re going to be doing a lot of work. You can use Android’s “Share” functionality in your Web browser (whether Chrome or Firefox or some other browser, like the popular Dolphin Browser) to pass the URL to VT View Source and load it up.

In practice, I found that VT View Source didn’t always load the pages I tried to feed it, so I had to go back to Firefox’s “View source” add-on. Nevertheless, it’s good to know this alternative exists if for some reason Firefox for Android won’t work for you.

Palapa Web Server

The main reason this whole task was easier than I thought it was going to be is because Palapa Web Server packages a full LAMP-like development stack into a single, free Android app. Palapa Web Server gives you Lighttpd, MySQL, and PHP all pre-configured. It even offers to install PHPMyAdmin for you so you can create and manage MySQL databases right from your phone’s browser.

Best of all, you can edit the server config files right in the app itself. I took advantage of this to bind both the Lighttpd and MySQL servers to localhost, for security reasons. By default, turning on the servers will accept incoming network connections from anyone on your network, effectively giving people in-the-know a backdoor into your phone. That’s not good.

Screenshot of the Lighttpd server config screen in the Palapa Web Server app for Android.

Screenshot of the Lighttpd server config screen in the Palapa Web Server app for Android.

Other useful apps

The above apps are core utilities you’ll need to do some programming on your Android phone. Ultimately, the hardest part is working with the incredibly small screen. But even that can be eased by getting yourself a Bluetooth keyboard.

Even with all the above tools, though, my Android phone still felt very much like a smartphone. It didn’t really feel like a computer system in the way I was used to. So, here are the other tools I found and like that really make full use of Android’s Linux roots.

Note that for most of these to be interesting, you really ought to root your phone. If you’re not familiar with the process of rooting an Android phone, LifeHacker’s “Everything You Need to Know About Rooting Your Android Phone” is a good place to start reading.

SuperSU

If you have rooted your phone (it’s worth it), it’s a good idea to ensure you know what apps actually have superuser (“root”) access, and be able to revoke that permission from apps that don’t need it anymore. That’s where a superuser access manager like SuperSU comes in. It replaces the su binary on your system and pipes requests from apps to use it through it, so that it can enforce restrictions you put on which apps are allowed to use the root user and which aren’t.

Screenshot of SuperSU on Android displaying superuser access rights for the AdBlock Plus app.

Screenshot of SuperSU on Android displaying superuser access rights for the AdBlock Plus app.

I liked SuperSU because it’s a plain and easy, no-frills access manager.

Android Terminal Emulator

Every decent computer system needs a command line. Jack Palevich’s Android Terminal Emulator is that thing, for Android. It’s tiny. It’s colorful. Get it.

BusyBox Free

Once you explore the command line environment on Android for a few moments, you’ll notice that there’s not actually a lot there. The standard GNU/Linux utilities you’re probably already familiar with just aren’t available. That’s because they’re not installed.

BusyBox is what will give them to you. And, after you’ve rooted your phone, BusyBox Free is the best app package I’ve found for installing them on an Android phone. (It’s open source, too.) Once installed, you’ll be able to do things like netstat -an | grep -i listen in the Android Terminal Emulator just as you could on any other Linux distro.

Screenshot of a full Linux command line running on an Android phone using a combination of BusyBox Free and the Android Terminal Emulator apps.

Screenshot of a full Linux command line running on an Android phone using a combination of BusyBox Free and the Android Terminal Emulator apps.

ConnectBot (ssh client)

Even with BusyBox installed, one thing you’ll still be missing is a stand-alone SSH client for remote logins. That’s where the open source ConnectBot app comes in. It’s basically a terminal emulator, but one that connects to other computers (running SSH servers) and gives you a command line prompt on those machines. This is invaluable if, for instance, you ever find yourself on the move and need to quickly restart your website’s Web server.

Security and privacy essentials

Finally, if you care about your privacy and security (and you should), here’s a few more apps you don’t want to miss:

Orbot (Tor anonymizing proxy)

Orbot is Tor for your Android phone. If you’re unfamiliar with Tor, I suggest you read at least the start of my comprehensive guide to using Tor on Mac OS X.

The good folks who ported it to Android even made a snazzy walkthrough for complete beginners. Check it out.

ChatSecure (Jabber+OTR for Android and iOS)

If you do any serious chatting on your phone, you’ll want to pick up ChatSecure from the Google Play Store. Not only is it a multi-account Jabber client (so it works with Google Talk and Facebook Chat and so on), it can automatically encrypt your chats with anyone else who’s using an Off-The-Record (OTR) chat client, too.

For more apps like this, such as encrypted text messaging and voice calls, check out Open WhisperSystem’s TextSecure and RedPhone. (And if you have an iPhone, or if your friends do, tell them to go try Signal, the free encrypted voice calling app for iPhone.)

AdBlock Plus

I’ve said it before and I’ll say it again: advertisements are malware. Thankfully, AdBlock Plus does a pretty amazing job at getting rid of them. It works best if you’ve rooted your phone, but even if you haven’t, installing and configuring this app by following its easy on-screen instructions can turn those annoying ads in pretty much any app into blank “can’t load this image” squares.

Killing ads means you use less of your data plan (no need to load an ad!), which also saves you money. There’s just no good reason for any Android phone not to have this app. (And hey, there are AdBlock Plus versions for your laptop’s Web browser, too. Hint hint nudge nudge.)

What about you?

I did some serious research, but things change quickly in the computer world. Did I miss an awesome app? Do you have a cool tip for getting the most desktop-like experience out of an Android phone? Share your favorite apps and tips in the comments. :)

Written by Meitar

August 1st, 2014 at 11:46 pm

How to: Securely configure Mac OS X for network packet sniffing with Wireshark

leave a comment

If you’re anything like me, you often run into a computer problem or five that could be diagnosed more quickly by taking a peek at activity on the network. The best general purpose tool for inspecting network activity has gotta be Wireshark. It’s an industry-standard, open source packet sniffer that you can use for fun and profit.

Installing Wireshark is easy enough since various installers are probably already available for your system. Some builds for Mac OS X, however, expect you to run Wireshark from an admin user account in order to actually capture network packets. Although it seems the official Wireshark package recently lifted the requirement of an admin user, its Mac OS X readme used to say:

On Mac OS X, the BPF devices live on devfs, but the OS X version of devfs is based on an older (non-default) FreeBSD devfs, and that version of devfs cannot be configured to set the permissions and/or ownership of those devices.

Therefore, we supply a “startup item” for OS X that will change the ownership of the BPF devices so that the “admin” group owns them, and will change the permission of the BPF devices to rw-rw—-, so that all users in the “admin” group – i.e., all users with “Allow user to administer this computer” turned on – have both read and write access to them.

Using your computer day-to-day as an admin user is generally a very bad idea because it means one wrong click has a much greater chance of causing problems. Instead, I use a “standard” account and would recommend you do the same. Moreover, if you’re using an unofficial Wireshark package on Mac OS X, such as one obtained through MacPorts (as I am), then you may not even have Wireshark’s startup item. This will likely result in a common “no capture interfaces available” error in Wireshark itself.

Most of the solutions on the Web will also just tell you to chmod the /dev/bpf* devices. That’ll work, but you’ll have to chmod them after every reboot. To fix that, you can mimic Wireshark’s own startup item with a Mac OS X launchd job. Here’s one minimally modified from a MacPorts patch for this issue:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>Label</key>
	<string>org.macports.wireshark-chmodbpf</string>
	<key>Program</key>
	<string>/bin/sh</string>
	<key>ProgramArguments</key>
	<array>
		<string>/bin/sh</string>
		<string>-c</string>
		<string>/usr/sbin/chown root:wireshark /dev/bpf*; /bin/chmod g+r /dev/bpf*</string>
	</array>
	<key>RunAtLoad</key>
	<true/>
	<key>KeepAlive</key>
	<dict>
		<key>SuccessfulExit</key>
		<false/>
	</dict>
</dict>
</plist>

Save the above property list as a file named org.macports.wireshark-chmodbpf.plist (or something equally meaningful to you) and place it in your Mac’s /Library/Documents/LaunchDaemons folder. Unlike the original MacPorts patch and the old Wireshark package, this job changes the group ownership of /dev/bpf* to a group named wireshark.1

All you have to do is create a group named “wireshark” on your Mac, and add any user you want to give packet sniffing permissions to it. Once that’s done, load the launchd job by opening the Terminal and running the following command as an administrator:

sudo launchctl -w load /Library/LaunchDaemons/org.macports.wireshark-chmodbpf.plist

This way, only users in the “wireshark” group will be able to read from the BPF devices in Mac OS X, and you can still use your Mac as a non-admin user while packet sniffing.

  1. As of this writing, the official Wireshark package for Mac OS X will create a group named access_bpf for this purpose, basically equivalent to what I’ve named my wireshark group. []

Written by Meitar

July 15th, 2014 at 12:31 pm

Never have a career.

leave a comment

You are a multiplicity. […] The one and the many are not opposed to each other, okay? You can have one thing that is a multiplicity. A multiplicity. It’s such a strange phrase, “a multiplicity.” You’re a one thing that’s many things. You don’t have to add all up. “Who am I, REALLY?”

This is what a lot of capitalism, for want of a better word, wants from you: What am I gonna be? I’m gonna be…a CHEF! I’m gonna be…a MARKETING CONSULTANT! Right? “What am I gonna be?” Such a ridiculous question.

The question is what are you gonna do, today? What are you gonna do tomorrow? What are you gonna do for a year? What are you gonna do?

You don’t have to be something. What ARE you? “I’m a, a…I’m a financial analyst!”

“You ARE a financial analyst?” Aren’t you, like, ten million things? One of them happens to be “financial analyst” because, in capitalism, they make you work 60 hours a week? They really want you to be just one thing. They don’t want the financial analyst who comes in and he’s also smoking a spliff, listening to music, and writing an Opera, and doing all the other things he likes to do. Right? He has to be ONE thing.

So, these idiotic questions like, “What am I gonna do? What am I gonna be? What’s my career?” Right?

Career is the most insidious, evil question. Never have a career. Who wants a career? It’s the worst thing. Like, what am I gonna devote my entire life to that’s gonna make someone else a whole lot of money? That’s what the question is. Remember those questions that are on the [chalk]board on Tuesday: “What’s at stake? Who pays?”

The question, “Who am I? What am I?” It’s a ridiculous question. You’re a multitude. You’re many, many things.

Daniel Coffeen, in “Rhetoric 10: Lecture 8,” February 13, 2008.

See also:

Written by Meitar

June 19th, 2014 at 11:30 am

Posted in Crosspost,Maybe Maimed

Tagged with ,