[liberationtech] GreatFire.org is hiring backend developer

2013-04-23 Thread Martin Johnson 
We are an organization working to bring transparency to and fight online
censorship in China. We operate GreatFire.org which enables real-time
testing of what is blocked by the Great Firewall and the most complete and
updated database of URLs and keywords blocked in China. We also operate
FreeWeibo.com which allows anonymous and uncensored search of Sina Weibo,
the largest microblogging website in China.

Our goals are high and we have a lot to do. For this reason, we are now
hiring a backend developer, specifically to help us create a better
database and search solution.

More at https://en.greatfire.org/work-us
Martin Johnson
Founder of GreatFire.org and FreeWeibo.com | PGP
key
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

[liberationtech] Fwd: [New post] Mapping Corporate Networks With OpenCorporates

2013-04-23 Thread Yishay Mor 
I thought this may be of interest to some people on this list:

-- Forwarded message --
From: OUseful.Info, the blog... 


**
  Tony Hirst posted: "I was due to be at #odw13 today, but circumstances
beyond my control intruded... The presentation I was down to give related
to some of the things we could do with company data from OpenCorporates.
Here's a related thing that covers some of what I was "Respond to this
post by replying above this line
  New post on *OUseful.Info, the blog...*
  Mapping Corporate Networks
With 
OpenCorporates
by
Tony Hirst 

I was due to be at #odw13  today, but
circumstances beyond my control intruded...

The presentation I was down to give related to some of the things we could
do with company data from OpenCorporates. Here's a related
thingthat
covers some of what I was intending to talk about...

(I'm experimenting with a new way of putting together presentations by
actually writing notes for each slide. Please let me know via the comments
whether you think this approach makes my slidedecks any easier to
understand!)
  *Tony Hirst * | April 23,
2013 at 9:17 am | Tags: odw13 ,
opencorporates  | Categories:
Presentation  | URL:
http://wp.me/p1mEF-2Hw

 
Comment
   See all 
comments
   
Like

 Unsubscribe or change your email settings at Manage
Subscriptions.


*Trouble clicking?* Copy and paste this URL into your browser:
http://blog.ouseful.info/2013/04/23/mapping-corporate-networks-with-opencorporates/
 Thanks for flying with WordPress.com 
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] (advice sought) Public safety and configuration of list

2013-04-23 Thread Joseph Lorenzo Hall 
I would suggest if you don't accept the decision of the list members to
keep reply-to-list, you should not subscribe. It seems silly to raise it
again and attempt to appeal to higher authorities that have much better
things on which to spend their time than mediate disputes about mailing
list policy. (I initiated the recent policy discussion of the mailing
list configuration and accept the results, despite not agreeing with the
decision (not on safety grounds).)

best, Joe

On 4/22/13 11:45 PM, Michael Allan wrote:
> To the experts in Liberationtech, Air-L and Mailman lists,
> (cc General Counsel of Stanford University)
> 
> Stanford University has configured the Liberationtech mailing list in
> a manner that is potentially unsafe.  University staff are aware of
> the problem and are evalutating the situation, but have yet to take
> action.  I'm a subscriber to the list, and I ask your advice.
> 
> 
> SITUATION
> 
>   The Liberationtech mailing list is run by Stanford University in
>   connection with its Program on Liberation Technology.  That program
>   investigates the use of IT "to defend human rights, improve
>   governance, empower the poor, promote economic development, and
>   pursue a variety of other social goods." [1] Experts on the list
>   advise and inform on matters such as encrypting communications,
>   protecting infrastructure from cyber attack, and protecting onself
>   from personal danger.  Often those seeking help are in vulnerable
>   situations.  They include aid workers, reporters and activists who
>   live and work in environments where human rights are not well
>   respected, or where the government is too weak to protect people
>   from organized criminals, rival militias, and so forth.
> 
>   The list software is GNU Mailman.  The administration interface
>   includes the following configuration items: [2]
> 
> (a) Should any existing Reply-To: header found in the original
> message be stripped?  If so, this will be done regardless of
> whether an explict Reply-To: header is added by Mailman or
> not.
> 
>  X  No
>  -  Yes
> 
> (b) Where are replies to list messages directed?  Poster is
> *strongly* recommended for most mailing lists.
> 
>   X  Poster
>   -  This list
>   -  Explicit address (c) _
> 
>   Shown above is the default, recommended setting of (1 No, 2 Poster).
>   It leaves the sender's Reply-To headers (if any) unaltered during
>   mail transfer.  Instead of this, the Liberationtech mailing list is
>   configured as follows:
> 
> (b) Where are replies to list messages directed?  Poster is
> *strongly* recommended for most mailing lists.
> 
>   -  Poster
>   X  This list
>   -  Explicit address (c) _
> 
>   With this setting, whenever a subscriber Q sends a message to the
>   list, the software adds a Reply-To header pointing to L, which is
>   the address of the list itself.  The message is then passed on to
>   the subscribers.  The meaning of the added Reply-To header is, "Q
>   asks that you reply to her at L." [3]
> 
>   Note that this is false information; Q does not ask that.
> 
> 
> EXAMPLE OF DANGER
> 
>   Matt Mackall has suggested that, "here of all places", people might
>   get hurt as a consequence of this configuration [4].  I agree.
>   Here's a brief example of how people might get hurt:
> 
> 1. Subscriber P is in a vulnerable situation.  P is distacted by
>the situation and is not getting a lot of sleep.
> 
> 2. P asks the mailing list for advice on the situation, because
>that's the purpose of the list.
> 
> 3. Subscriber Q replies with helpful information.
> 
>The mailing list adds a Reply-To header to Q's message that
>points to address L.  Again, the mis-information is, "Q asks
>that you reply to her at L". [3]
> 
> 4. P replies with private information, including (as Matt puts it)
>a "potentially life-endangering datum".  Tired and distracted,
>P replies by hitting the standard Reply button.  In the mail
>client, this means "reply to Q".
> 
>The reply goes instead to L, which is the public mailing list.
> 
>Oh my god!  What have I done!
> 
> 5. People get hurt.
> 
>   Isn't this a danger?
> 
> 
> POSSIBLE EXPLOIT THAT INCREASES THE DANGER
> 
>   Suppose that P is actually a police operative in an authoritarian
>   state, or a criminal operative in a failed state.  He only pretends
>   to be a vulnerable activist (say).  His real aim is to hurt the
>   activists and other opponents; damage the university's reputation;
>   close down the mailing list; make democracy look foolish [5]; and
>   finally make some money in the bargain [6].  The likelihood of his
>   success is roughly proportional to the amount of harm suffered by
>   the activists and other innocent people.
> 
>   If such an exploit were even *perceived*

Re: [liberationtech] (advice sought) Public safety and configuration of list

2013-04-23 Thread Michael Allan 
Joseph Lorenzo Hall said:
> ... if you don't accept the decision of the list members ...

Maybe there's a misunderstanding here.  The list subscribers are not
responsible for the safe administration of the list.  The university
alone is responsible.  It could never pass that responsibility on to
the subscribers, even if it wanted to.

> ... to appeal to higher authorities that have much better things on
> which to spend their time ...

Well, it was university staff who appealed to counsel some weeks ago,
following an off-list discussion.  As I mention, the university is
evaluating the matter and has yet to make a decision.  My purpose in
posting is to ask advice from experts, and to remind the counsel's
office (a busy place, as you say) of the need for a decision.

Again, pending that decision, I recommend that the configuration be
returned to its default setting.  The default is known to be safe.

Mike


Joseph Lorenzo Hall said:
> I would suggest if you don't accept the decision of the list members to
> keep reply-to-list, you should not subscribe. It seems silly to raise it
> again and attempt to appeal to higher authorities that have much better
> things on which to spend their time than mediate disputes about mailing
> list policy. (I initiated the recent policy discussion of the mailing
> list configuration and accept the results, despite not agreeing with the
> decision (not on safety grounds).)
> 
> best, Joe
> 
> -- 
> Joseph Lorenzo Hall
> Senior Staff Technologist
> Center for Democracy & Technology
> 1634 I ST NW STE 1100
> Washington DC 20006-4011
> (p) 202-407-8825
> (f) 202-637-0968
> j...@cdt.org
> PGP: https://josephhall.org/gpg-key
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] (advice sought) Public safety and configuration of list

2013-04-23 Thread Joseph Lorenzo Hall 
(reply-to-list-only)

On Apr 23, 2013, at 16:39, Michael Allan  wrote:

> Maybe there's a misunderstanding here.  The list subscribers are not
> responsible for the safe administration of the list.  The university
> alone is responsible.  It could never pass that responsibility on to
> the subscribers, even if it wanted to.

There's definitely a misunderstanding. I see mailing lists as fundamentally 
normative negotiations with a foundation of acceptable use, whether 
administered by Stanford or some other entity. Changing the entity that hosts a 
mailman list is one of the most frictionless changes which a community can 
agree to online. So, ultimately it's the list that requires persuasion (in my 
opinion).

--Joe
--
Too many emails? Unsubscribe, change to digest, or change password by emailing 
moderator at compa...@stanford.edu or changing your settings at 
https://mailman.stanford.edu/mailman/listinfo/liberationtech