Mukund’s blog

Lulu.com is hiring web software developers for their London, UK office. Lulu is a self-publishing company popular with many authors in academia, who write free textbooks. What Lulu does is make an on-demand real printed book out of a digital book (PDF and cover images). So if you have a PDF manual for example, you can publish it on their website (for free) and provide a link for people to purchase a printed copy. They also provide other services to authors, such as ISBN and getting books listed on bookstores like Amazon, etc. Lulu was founded by Bob Young, who was the CEO of Red Hat.

I’m writing about it here as they are a superbly friendly place (gathered from speaking to people in person), and have a casual atmosphere with a good work ethic. They use free software and agile methods and are bright enthusiastic people. When I visited them, I felt that it’d rock to work there. They mentioned that they were seeking web developers who were talented at free software based development on Linux.

So if you are good with free software and are looking for a job involving web development in London, write to Kimberly Richards (krichards at lulu dot com) with your résumé. Send answers to the Lulu quiz too!

Graphics Planet is a new “planet” website using the Planet Feed Reader and based on Planet GNOME’s silverorange theme which was generously sent to me by Steven Garrity for use with Graphics Planet.

Graphics Planet is about the world of people involved in free software development in the field of computer graphics and publishing. We are users and developers on programs such as GIMP, Blender, Inkscape, Scribus, Krita, and other related projects such as the Tango Desktop Project.

If you are a contributor to free software in the field of computer graphics, you may already find yourself on it. If you are a developer on an existing graphics software project distributed under a free software license, or an artist who uses free software and have contributed artwork to free software projects, you are welcome to have your blog added on Graphics Planet. Please mail me.

I am a Firefox user. One feature I want in Firefox is the display of the Organization (O) field of an X.509 certificate when SSL is used. Firefox currently shows a yellow location bar with a lock icon to indicate that an authenticated SSL session is in use. Hovering the mouse cursor over the lock icon shows the signing certificate authority who issued the certificate. I think that people would care to see the name of organization it was issued to, more than the certificate authority’s name (as we already have a trusted list of CAs [hopefully] in our browser).

Opera has this feature and the following screenshots compare Firefox 2 Beta 2 (BonEcho) to Opera:

Firefox:

Opera:

See my name there in the Opera screenshot? Basically what it means is that the certificate which the server has was authenticated by the issuing CA to belong to a person/organization with that name, and the browser has verified it.

Taken sometime around 2001 in my home in Hyderabad, India.. a real “screenshot” . The computer is 90s hardware.

We are having this discussion about data collection and privacy on the web just now in #gimp.. and about things which are done for our best interest:

<mitch> Other people who have bought these books: ....
        Other people who have fucked your wife: ....

Highly recommended!

This private quote was used with permission people, something you should keep in mind when you build your products and services.

bolsh: Even I want to support that Sven and Mitch are two great people to work with in a project. They are very helpful and excellent models (in the people sense ). They guide you well if you’re trying to implement a feature or bugfix. I’ve also thought Sven was abrupt sometimes before, but I know that it’s because he’s being upfront and is harmless. There’re so many things to do, and few people with less time, so sometimes it can be frustrating. Language is also a barrier for non-native English speakers.

Btw, to all GNOME and other programmer people: GIMP is always looking for more developers. GIMP is well designed and very easy to write code for. So if you want to write some cool code, check out the open list of issues and enhancement proposals and see what you can help with. Also read HACKING and the plug-in development documentation. If you want to work on an issue or enhancement, or even something cool you think you want to do for GIMP, you can either join #gimp or use the gimp-developer mailing list and discuss it.

Rest in peace

Following the earlier post about tracking people using the web browser’s cache, here is an implementation of this issue.

To quickly recap, clearing your browser’s cookies is not sufficient to remove all identifying information in your browser from being sent to a website. IMHO, this is a pretty serious issue.

I love my country as most Indians do. We are very patriotic
people, as our independence struggle is a very prominent topic one learns when growing up. The British used the divide-and-rule strategy to divide us and get control over us, but it was because we got united in our aim to get the British to quit India, that we could achieve independence. The partition of the sub-continent into India and Pakistan was something which needn’t have happened (Mahatma Gandhi was very very upset), but then before the British came to India there were several kingdoms.

The Kashmir issue is not very well understood by most people, both in India and Pakistan. They just take sides due to their patriotism. Both countries officially have their point-of-views on the matter. India’s point of view was very nicely stated in Krishna Menon’s address to the UN in 1957 (although it’s a bit verbose to read—apparently this was an 8-hour speech to the UN, the longest ever), and you can read about the documented abuses of people that happened during the time of partition.

I was absolutely angry (because of how patriotic I was) when I grew up and read on the Internet (before the Kargil conflict) that about half of Kashmir had been taken up by Pakistan, and another large chunk of it is under China’s control. No I didn’t know this. I mean, we always knew there was conflict about Kashmir—there were regular terrorist attacks and I’d wake up and find the newspaper on the porch with almost daily headlines of deaths. But we always thought we had the state completely.

Why didn’t I learn about this in school? Because to this day, geography textbooks in India show all of the original Kashmir province under India’s control. There’s no Line of Control, no nothing. We learn about the partitioning of
India, but not about the Kashmir issue. This must be official Indian government policy. I am told by my friends that similar things are taught to students in Pakistan too (I don’t know this for sure). But what does it solve? Why not teach us the truth of the situation as it exists on the ground, so we grow up knowing what the truth is? Perhaps both sides would learn to be more tolerant. Wouldn’t learning the harsh truth be worse when you find out anyway?

It’s absolutely amazing how much we divide ourselves up. Religion, caste, sub-sects in religion, color of your skin, what country you’re from, even what state you’re from. My mother tongue is Tamil (my parents are from Tamil Nadu) and I had joined a school in the state of Andhra Pradesh, and this state’s language is Telugu. Now both Andra Pradesh and Tamil Nadu were one state at one time. So we learn about some sort of “freedom struggle”.. one state fighting for freedom from the larger opressing state. Ouch? Isn’t it simply sad? But don’t take my words for it, because there are others who feel patriotic that they’re Telugu and dislike Tamilians. Such is life on Earth. The only place where you are truly accepted is your home country, your home state, your home town, your home property. A large number of people are tolerant, in that they put up with others. But how many really emphathize?

At my work place in London, UK, I found this globe on a desk and spun it around.. someone had purchased it from a local shop. Upon inspection, I didn’t find Israel on it. Only Palestine. Guess who made it?

You know, during the Kargil conflict, the Indian Air Force had some of its aircraft shot down.. MiGs. Other soldiers who were captured bore torture marks when their bodies were returned. Soon after the conflict, a spy-plane of Pakistan veered into Indian territory near Kori Creek. Now this is contested.. the wreckage was recovered on both sides of the disputed border (oh yeah it was shot down after being warned). The Indian feeling was of joy.. don’t get me wrong, Indians are good people. This’s what happens when you think you’re fighting an enemy. There’s supposed to be a winner and a loser. But one photo which really bugged me was this one:

These were the pilots who had scored one more kill. Except 16 people on that spy plane died. But why are they laughing like this, as if it were a game? I now realise that in the armed forces, it is a game. Don’t for one second think that I dislike these guys. I love these guys to bits, because they are the ones who risk their lives to protect my freedom and my way of life from an enemy.

But what enemy are we fighting? These were the same guys we lived with for so many centuries. Our brothers and sisters. Sure they may have a different religion and a different way of life..

I read all these silly discussions of how foreign policy is wrong. It is wrong, but the solutions to problems don’t lie there. America is selfish for its people.. their people need oil, and it needs to control oil reserves. Their people need security, so it needs to pre-emptively attack and take action against countries it believes are threats. People complain because they’re opressed, but the ironic thing is that if they had control instead, they would not be very charitable about it either. Such is life. If Lebanon had Israel’s capabilities, and Israel was as meek as Lebanon and were infested by terrorists who attacked Lebanon, the same things would have more or less happened with the roles reversed. Those in control like to stay in control. Many times the decisions they make are foolish however.

It’s also impossible to bring about democracy in the Middle East, or just about any other kind of lasting change unless the people want it. This can be observed in Iraq.

How about starting the democracy and freedom festival in Saudi Arabia, which is a dictatorship with disregard for human rights? Bush forgot about this country in the Middle East. But why do you think he did that? Because people are selfish. They look at what’s best for them. This is life.

The Mayor of London Ken Livingstone was one of the most prominent people to note that it was western double standards towards the world which incubates terrorist culture (for lack of a better word). But why do people become terrorists? I mean, we read about double standards too, but we don’t go out with a gun and start shooting people do we? We think about what we’re gonna code next, what movie to watch next, where we’re gonna eat next, etc. So how are the terrorists different from us?

Firstly, it’s insanity which causes one to take the life of another. Someone must be totally brainwashed to do that, to really believe in what they’re doing so much that they’re willing to take others’ lives without judgement, or rather they judge that it’s correct to do so. How do they reach that level of insanity? How do they get brainwashed?

Imagine growing up in a camp, where people around you get shot before you for absolutely no reason. Where there’s very high crime. Where you have very little money all the time. Where you have almost no employment opportunities to put your mind to work. Where things are taken away from you without explanation. Such places exist. Even in western countries, these conditions exist.. poverty, strife and illiteracy is everywhere. This is not about Israelis vs. Palestinians. This is about people valuing their lives, wanting to do good, wanting to accomplish something every day when they wake up. An idle mind is a devil’s workshop. Children who grow up in stressful environments, where you don’t have a page out of the IKEA catalogue for a child’s bedroom, but what you see in your nightmares… when the child grows up, they are emotionally vulnerable. They seek a purpose in life, to do something which will give them a sense of achievement. They are perfect candidates for a brain-wash. It’s like shooting fish in a barrel.

Israeli and Palestinian people both deserve a home on this planet, where they can live without fear, with a purpose to do good. The economy there should be helped, not stifled. Children should have schools to go to. Grown ups should have employment opportunities to keep busy with. I remember a powerful poem by Rabindranath Tagore, one of the greatest minds to have ever graced the earth:

Where the mind is without fear and the head is held high
Where knowledge is free
Where the world has not been broken up into fragments
By narrow domestic walls
Where words come out from the depth of truth
Where tireless striving stretches its arms towards perfection
Where the clear stream of reason has not lost its way
Into the dreary desert sand of dead habit
Where the mind is led forward by thee
Into ever-widening thought and action
Into that heaven of freedom, my Father, let my country awake

I’m sure someone else has thought of this one before, but anyway, time for next thoughtful post. This post contains more than one topic, but you should know this.

Update: Looks like others have thought of this idea before after all! Aww shucks, there go your cool points .

Cookies are a popular way of tracking what you do on the net, not just on some website you visit, but the entire net. As an example, consider you use a web based email service. You get plenty of personal private email there, from your girlfriends, your bank, job websites, shopping websites and pr0n websites (this should be enough to satisfy any entity’s thirst for getting their hands on private material but that’s not nearly all as we’ll soon see).

A digression: Btw, we fight so much to protect our privacy against the government and one of the arguments is that private stuff eventually falls into the hands of some evil public corporation which then uses that material to do evil things. Okay this is a valid argument. So why the hell do we trust our email to free web-based email providers like Yahoo mail, Gmail, Hotmail, etc., some of which didn’t even guarantee that your email will be deleted from their servers when you delete it??? It doesn’t make sense. Would you be okay if your telephone provider says, “Hey here’s a service. Let me record all your phone conversations and store them on our server so you can check them out later. We’ll store 5 years of your phone conversations as MPEG audio files. You can play them back anytime you want! ” Would you settle for that? I tell you it’s getting to that. One day your phone will be free and they’ll have targetted ads based on what you speak with your friends. These ads don’t necessarily need to come via your phone, when the same provider controls various services such as search, email, etc. apart from your phone. Wanna buy your love something for Valentine’s day? They know.

A lot of issues we face with protection of privacy (bloggers getting arrested, what not) would not happen if the relevant information was not collected in the first place. Then companies would not have to resort to “the government is asking me this information—we have to follow local laws”. Don’t collect this information in the first place! Don’t log my searches. Don’t link them to my IP address. Don’t link them to my account which I created for an email service. Don’t log my IP address against my account. Some providers say they do this for our convenience, so we have a better experience. Sure, convenience over security, but at least, give me the right to delete my tracked information from your collection immediately (not after the next full moon) and permanently. And do not share my information with third-parties as there’s no way of controlling its privacy then.

Okay, back on topic. So yeah, you use this free email service. Now this provider has other services which serve ads and track site statistics, not just on their website, but on thousands of other websites, and many of the websites you visit are on that list. This is not a figment of imagination—there are many such providers out there with different combinations of services. So everytime you visit some favourite website, your email provider can know you have visited it and can collect this information. Every time you read a particular article on a website with certain keywords (say physics, or xxx, or MP3 player review), your email provider knows and can link it to your account. What’s worse, they can collect information on the people who are emailing you messages, where they discuss some topic with you.

Clearing cookies may not be enough as you may think. Your browser’s cache is a valuable store of information. A JavaScript .js file resource which is generated dynamically when requested can have embedded a unique tracking ID and can live permanently in your browser’s cache when sent with the right HTTP cache-control headers. This JavaScript file can then be called by pages. The script is never re-requested, and hence keeps the unique ID, and it can call resources on the server-side to track you. They just need to associate this unique ID once with your account (when you login first time after the ID was created), and they can set cookies back again later and track you anyway. The result is that you can be tracked uniquely even past the point where you clear your cookies (i.e., as if you never cleared your cookies to generate fresh ones).

What can they do with all the collected information? Serve you relevant targetted ads. The side effect is that this nice little collection can be shared to other parties (thanks to a thoughtful TOS lawyer), and be shared to the government when forced, to opress their people. If you think this is over-reaction, it has happened and it will happen.

Companies exchange private information. They say that in their TOS which you usually ignore. For example, I was contacted on August 4, 2006 by a script at Google about my Sourceforge.net project, which asked me if someone else should be allowed to create a project on Google’s project hosting service with the same name as the Sourceforge.net project. Let’s ignore the fact that this email was sent by a script and was unsolicited. How did they know my details?? They should have a database of all Sourceforge.net projects and the owner email addresses and other details. I was quite unhappy about it. I created an account on Sourceforge a long time ago in good faith, but without thinking about this. Lennart Poettering has blogged of another private data sharing example, of this with the parties being Canonical/Ubuntu and Debian. Now these two examples are “community examples” of websites in our midst. It makes you wonder about what happens elsewhere.

Think twice about using 3rd party services which collect information about you, esp. when you can avoid using them. I always suggest that people get their own yourdomain.org and run your own email (with web-based access), website, Jabber server, etc. They’re interoperable with others and it takes 1 day to set everything up properly on your broadband connection (if you can’t afford to colo in a datacenter). You have complete control, and can do crazy hacks to filter your emails, generate custom dynamic content on your websites, notify you about stuff using Jabber/XMPP, and what not. And if you are worried about backups of your Maildir, website database, code repositories, etc., you can ask a few friends to store PGP encrypted incremental backups for you and return the favour. And use Adblock, which not only blocks ads, but can also block these nasty tracking scripts. All this takes 1 day of your weekend to setup.

Firefox should perhaps get a patch for a setting to clear the cache when the browser exits.

Update: Colin Leroy wrote to tell me that Firefox (versions 1.5 and above) already has such a feature which can be accessed at Edit→Preferences→Privacy→Settings button. It could be made more conspicuous like the “Keep Cookies” setting.