[liberationtech] Current libtech funding initiatives
Hi all, Is there a comprehensive list of current initiatives funding libtech (and related) projects? If not, what initiatives do you know of that are currently (or soon) taking applications or are interested in discussing interesting projects? Best, Marcin -- Marcin de Kaminski PhDc Sociology of Law, University of Lund Lund University Internet Institute, Cybernorms Research Group Personal homepage - www.dekaminski.se Phone#: +46-(0)768-045151 -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] parallel construction hack
Hi list, Reflecting a bit on parallel construction, it seems to me that no matter how sophisticated the system, you _cannot_ have a perfect firewall between the illegal surveillance used to target an individual and the officers who appear to use legal means in order to make the arrest. Here are the reasons why: * somehow, someone must communicate to the arresting officers where to go and what to look for, and that is almost certainly not part of their normal patrol * having a perfect firewall would potentially put the arresting officers in danger. If the officers truly have no idea that the "random" stop they are instructed to make is going to be a drug kingpin, they aren't going to be too crazy about participating. * people like to talk What if defense lawyers banded together, read through the leaked documents about parallel construction, and created a standardized series of questions to ask officers on the stand for cases where parallel construction is a possibility? These questions could be cleverly constructed to have a broad application-- succinctly covering most of the known and likely scenarios-- while at the same time requiring direct yes-or-no answers from the officers. If they cover their bases then officers who made the arrests using parallel construction would either have to a) be evasive and dodge some of the questions or b) perjure themselves. Now nobody wants to perjure themselves in a courtroom. But even more than that, nobody wants to be part of a group that is systematically perjuring themselves in the courtroom. The more members of the group there are, the more any particular member of the group may be subject to unpredictable repercussions. So either the testimony in cases that use parallel construction becomes ineffectual due to chronic evasiveness, _or_ the cost to the officers testifying becomes too great for them to willingly participate in the program. Or maybe a little of both. Finally, this wouldn't have any harmful effect on officers who make arrests that aren't part of parallel constructions. They'd just continue doing their jobs. Best, Jonathan -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] New IT security measures underway
On 02/03/2014 06:09 PM, John Adams wrote: [...] Additionally, your statement of: "Closed-Source software cannot be secured" -- I prefer open source software but I disagree that it cannot completely be secured. It depends only on the motivation, financial resources, and merit of the company attempting to secure said software. Just because you don't happen to get a look at the source code doesn't make this a definitive statement. There are numerous examples of commercial software being immensely hard to defeat. I don't know the name for it, but there's definitely a misleading (or misled) rhetorical device in the paragraph above. I see it everytime someone mentions the truism about free software being the obvious foundation for security software. I'm not a security expert so let me explain with an analogy: Because of an injury, Django Reinhardt only used two fingers of his left hand to play guitar. He's a pioneering jazz guitarist. That's a pretty cool anecdote. On an unrelated note, go to any serious guitar studio and you will find that students are taught to use more than two fingers when trying to master the guitar. There isn't a guitar teacher in the world that would knowingly limit his/her students to develop with _fewer_ resources than they actually have. But I bet if there were a large number of guitar teachers who-- for historical reasons-- had tragically been taught to play with only two fingers, they'd constantly be reminded everyone else that you _can_ indeed become a great guitarist even with a horrible technique. That'd be a detriment to guitar pedagogy, as I believe it's a detriment to creating and maintaining security software. -Jonathan -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] New IT security measures underway
On Mon, Feb 3, 2014 at 3:43 AM, Rich Kulawiec wrote: > On Fri, Jan 31, 2014 at 09:01:06AM -0800, Yosem Companys quoted: > > "One of these mandates includes having employees with Windows XP > > laptops and desktops migrate to Windows 7 Enterprise or Ultimate, or > > Windows 8 Pro or Enterprise, by April 8. Employees will be able to > > download the latest Microsoft software for free under a new campus-wide > > license obtained in November 2013." > > Let's stop right there. > > If this entire initiative was actually about security in any way, > shape or form, then this paragraph would not be present. Closed-source > software cannot be secured, and changing from one insecure version > of Windows to another is merely an expensive, time-consuming exercise > that achieves nothing of significance. Disclaimer: I can't stand windows and I've nearly banned it from work place. Reality: You don't understand business nor threat modeling. Microsoft is, unfortunately, the backbone of most world-wide business. There are a host of applications from finance, to statistical modeling, HR planning and otherwise that only run on Windows. You can't easily kill it off. When and if we manage to kill it off, attackers will move to the new thing (say. Mac OS) and focus efforts there. So, for the users that must run Windows on a daily basis, they're electing to offer free upgrades. Good on them. The older versions (such as XP) are reaching end of life for support (and security support) and potentially will become a source of indefinite zero-days. Calling this action meaningless due to your implicit bias against commercial software and windows is a fallacy. Properly implemented, it will result in a reduction of the overall threat to the University. Unfortunately, their implementation process isn't very good. I don't agree with the open-ended nature of their solution. Relying on the users to upgrade themselves means generally that the upgrade will never occur. A compliance-enforcing approach, such as those used in the Cisco and Juniper VPN clients would be better. For example, "You have 30 days to upgrade to Windows 7 or VPN and 802.1X will block you from joining our network" is much better than "Go secure yourselves, we'll be over here" Additionally, your statement of: "Closed-Source software cannot be secured" -- I prefer open source software but I disagree that it cannot completely be secured. It depends only on the motivation, financial resources, and merit of the company attempting to secure said software. Just because you don't happen to get a look at the source code doesn't make this a definitive statement. There are numerous examples of commercial software being immensely hard to defeat. -john -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] "The Family of Man" and the Politics of Attention in Cold War America - Program on Liberation Technology
http://liberationtechnology.stanford.edu/events/the_family_of_man_and_the_politics_of_attention_in_cold_war_america/ "The Family of Man" and the Politics of Attention in Cold War America CDDRL Seminar Series DATE AND TIME February 6, 2014 4:30 PM - 6:00 PM AVAILABILITY Open to the public No RSVP required SPEAKER Fred Turner - Associate Professor of Communication and Director of the Program in Science, Technology, and Society at Stanford University Abstract In 1955, the Museum of Modern Art mounted one of the most widely seen – and widely excoriated – photography exhibitions of all time, The Family of Man. For the last forty years, critics have decried the show as a model of the psychological and political repression of cold war America. This talk challenges that view. It shows how the immersive, multi-image aesthetics of the exhibition emerged not from the cold war, but from the World War II fight against fascism. It then demonstrates that The Family of Man aimed to liberate the senses of visitors and especially, to enable them to embrace racial, sexual and cultural diversity – even as it enlisted their perceptual faculties in new modes of collective self-management. For these reasons, the talk concludes, the exhibition became an influential prototype of the immersive, multi-media environments of the 1960s – and of our own multiply mediated social world today. Fred Turner is Associate Professor of Communication and Director of the Program in Science, Technology, and Society at Stanford. He is the author of several books on media technology and American cultural history. In January, the University of Chicago Press published The Democratic Surround: Multimedia and American Liberalism from World War II to the Psychedelic Sixties, from which this talk is drawn. LOCATION Wallenberg Theater Wallenberg Hall 450 Serra Mall, Building 160 Stanford, Ca 94305-2055 FSI CONTACT Kathleen Barcos -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] 3 Job Openings at Syria Justice & Accountability Center
I'm helping IREX (irex.org) and the Syria Justice & Accountability Center (syriaaccountability.org) with technical hiring for the 3 positions listed below: Technology Officer, Web Developer & System Administrator. For any questions or to apply, please contact Andrew White awh...@irex.org Technology Officer Position Summary IREX, an international nonprofit organization, seeks a Technology Officer for the Syrian Justice & Accountability Centre (SJAC). SJAC promotes justice and accountability in Syria by ensuring that violations of international criminal, humanitarian, and human rights law are documented to serve as a deterrent to continuing abuses and for future accountability and transitional justice efforts. The officer will use their expertise to lead the center's IT strategy and systems development and implementations. Required Qualifications Bachelor's degree in Information Management, Computer Science, Computer Engineering or related field. Significant work experience in IT may be acceptable in lieu of formal degree At least 3 years of experience in managing IT projects, staff, contracts and infrastructure Knowledge of Python, Django, Solr & MySQL Experience architecting distributed systems supporting large heterogenous data sets Deep understanding of web development, data modelling and software testing RFP writing skills and proposals evaluation and vendors management Preferred Qualifications Cyber security background is preferred Familiarity with Javascript, AJAX, AWS, video and image processing, geographic data Ability to handle confidential information Arabic language is a plus System Administrator -- Position Summary IREX, an international nonprofit organization, seeks a System Administrator for the Syrian Justice & Accountability Centre (SJAC). SJAC promotes justice and accountability in Syria by ensuring that violations of international criminal, humanitarian, and human rights law are documented to serve as a deterrent to continuing abuses and for future accountability and transitional justice efforts. The sysadmin will use their expertise to manage, update, backup, debug and ensure security of all systems, platforms and infrastructure within the SJAC. Required Qualifications Bachelor's degree in Information Management, Computer Science, Computer Engineering or related field. Significant work experience with IT infrastructures may be acceptable in lieu of formal degree Deep knowledge of Linux operating systems (Fedora, CentOS, Ubuntu) is a must. Strong knowledge in Bash scripting Experience in administering databases, web servers and security services such as SSH, VPN, Nginx, Apache, Solr, MySQL & RabbitMQ Cyber security background and experience. Familiarity with AWS and other cloud services. Preferred Qualifications Familiarity in Python is a plus. Experience with modern devops tools (Chef, Ansible, Salt) is desirable. Ability to handle confidential information. Arabic language familiarity is a plus Web Developer --- Position Summary IREX, an international nonprofit organization, seeks a Web Developer for the Syrian Justice & Accountability Centre (SJAC). SJAC promotes justice and accountability in Syria by ensuring that violations of international criminal, humanitarian, and human rights law are documented to serve as a deterrent to continuing abuses and for future accountability and transitional justice efforts.The developer will use their expertise to design, develop, implement and debug solutions, websites and web application within the SJAC. Required Qualifications Bachelor's degree in Information Management, Computer Science, Computer Engineering or related field. Significant work experience in web development may be acceptable in lieu of formal degree At least 2 years web development experience in a best practices environment, including testing and documentation Strong programming skills in Python and Javascript. Deep understanding and previous experience in Django, Solr, MySQL, haystack, celery, Backbone Strong understanding of AJAX and responsive design Good understanding of modern web stacks, including caching, web server configuration and database design and querying Preferred Qualifications Familiarity in AWS, video and image processing, geographic data is a plus Ability to handle confidential information Arabic language familiarity is a plus -- Peter Fein | wearpants.org | @wearpants I read email at the start and end of each day. IM if urgent. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Who is taking part in #Hack4Good 0.5?
I hope to be able to participate. Not enough of these support online/remote participation, so when one does, I want to encourage them! :) On Mon, Feb 3, 2014 at 7:06 AM, Security First wrote: > Hi everyone, > > Just wondering who on the list is taking part in #Hack4good this weekend? > > Some of the Security First team in London are going to be taking part and > it would be great to meet anyone on the LiberationTech list who is gonna be > there / have a chat on Skype for those online :) > > If your interested in contributing some code over the weekend, our project > team page on Geeklist is here: > > https://geekli.st/hackathon/52c49d837689332d5f19/project/52ea5534b3b6fb4d00b1c51e > > All the best! > -SF > > -- > Liberationtech is public & archives are searchable on Google. Violations > of list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. > Unsubscribe, change to digest, or change password by emailing moderator at > compa...@stanford.edu. > -- Kyle Maxwell [krmaxw...@gmail.com] Twitter: @kylemaxwell -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Who is taking part in #Hack4Good 0.5?
Hi everyone, Just wondering who on the list is taking part in #Hack4good this weekend? Some of the Security First team in London are going to be taking part and it would be great to meet anyone on the LiberationTech list who is gonna be there / have a chat on Skype for those online :) If your interested in contributing some code over the weekend, our project team page on Geeklist is here: https://geekli.st/hackathon/52c49d837689332d5f19/project/52ea5534b3b6fb4d00b1c51e All the best! -SF -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] New IT security measures underway
On Fri, Jan 31, 2014 at 09:01:06AM -0800, Yosem Companys quoted: > "One of these mandates includes having employees with Windows XP > laptops and desktops migrate to Windows 7 Enterprise or Ultimate, or > Windows 8 Pro or Enterprise, by April 8. Employees will be able to > download the latest Microsoft software for free under a new campus-wide > license obtained in November 2013." Let's stop right there. If this entire initiative was actually about security in any way, shape or form, then this paragraph would not be present. Closed-source software cannot be secured, and changing from one insecure version of Windows to another is merely an expensive, time-consuming exercise that achieves nothing of significance. If that statement isn't clear: https://mailman.stanford.edu/pipermail/liberationtech/2013-March/007499.html So the people behind this farsical exercise at Stanford either don't understand security or don't care about it. If they actually did, then they would *ban* Windows from the environment and phase out every system currently running it. That is not, by the way, equivalent to a claim that banning Windows fixes all the security problems. Of course it doesn't. But it's a great first step, and it facilitates many subsequent steps which, in combination, could substantially raise the bar that attackers have to clear. And that would of course go a long way toward protecting PII from a multitude of attack vectors. But as long as Stanford sticks with an operating system that is not only insecure, but insecurable (see above link), they have chosen a path that inevitably leads to failure. Which raises the question: what, exactly, are they playing at here? Is this just a campus-wide CYA? So that when the next breach, and the next one, and the next one come along they can say "but see? look at all the things we did!" and do the usual "nobody could have foreseen" PR schtick? Why doesn't Stanford *really* care about security instead of just pretending that it does? ---rsk -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] Developer and project staff positions available at FrontlineSMS
Hi all Apologies for cross-posting. We’re hiring! We’re currently looking for developers to join our awesome Nairobi-based team, working on our new suite of products including new FrontlineSMS, FrontlineCloud and a new Android app, among other things… also hiring project staff for mobile money and governance projects. Check out the full list here: www.frontlinesms.com/connect-with-us/jobs-and-internships/ Thank you! Laura -- Laura Walker Hudson Chief Executive Officer Social Impact Lab Foundation The Makers of FrontlineSMS \o/ ke m: +254 (0)707 181522 uk m: +44 (0) 7771 592970 us m: +1 (646) 460 5853 e: la...@frontlinesms.com skype: laurawhudson twitter: @laurawhudson www.frontlinesms.com -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
