from:"Feross Aboukhadijeh"

Re: [liberationtech] #YesWeCode Initiative - & Prince

2016-04-22 Thread Feross Aboukhadijeh

> If that was his attitude, then his attitude sucked.

That's interesting. I saw it as an attempt to empower black youth --
changes the dynamic from "it's someone else's fault" to "what can *we* do
to fix the problem?"

On Fri, 22 Apr 2016 at 18:00 Chrrles Paul  wrote:

> ---
> "I said, 'Well, yeah, Prince that's true but that's because of racism.'
> And he said, 'No, it's because we have not produced enough black Mark
> Zuckerbergs. That's on us. That's on us. To deal with what we're not doing
> to get our young people prepared to be a part of this new information
> economy.'"
> ---
>
> If that was his attitude, then his attitude sucked.
>
> On Sat, Apr 23, 2016 at 9:02 AM, Jayne Cravens <
> j...@coyotecommunications.com> wrote:
>
>> #YesWeCode (http://www.yeswecode.org) is an initiative that seeks to
>> mobilize tech and social justice leaders to connect 100,000 low-opportunity
>> young adults to the skills and experiences they need to access high-paying
>> careers in technology. CNN commentator Van Jones founded the #YesWeCode
>> initiative with the support of Prince, who passed away yesterday.
>>
>> http://www.yeswecode.org/prince
>>
>> Jones elaborated on Prince's involvement at the 20th Anniversary Essence
>> Festival:
>>
>> "After the Trayvon Martin verdict I was talking to Prince and he said,
>> 'You know, every time people see a young black man wearing a hoodie, they
>> think, he's a thug. But if they see a young white guy wearing a hoodie they
>> think, oh that might be Mark Zuckerberg. That might be a dot-com
>> billionaire.'"
>>
>> "I said, 'Well, yeah, Prince that's true but that's because of racism.'
>> And he said, 'No, it's because we have not produced enough black Mark
>> Zuckerbergs. That's on us. That's on us. To deal with what we're not doing
>> to get our young people prepared to be a part of this new information
>> economy.'"
>>
>> Since July 2014, YesWeCode has been focused on three activities:
>>
>> Communicate: In partnership with Oakland, Calfornia-based organizations,
>> #YesWeCode launched an interactive website with a powerful search tool that
>> enables users to find local coding education resources. This tool also
>> helps users find local events and learn more about coding opportunities.
>>
>> Convene: #YesWeCode has convened 100+ coding practitioners and
>> stakeholders in New York, San Francisco, Chicago, and New Orleans.
>> #YesWeCode partnered with Qeyno Labs to host a Start-Up Weekend hackathon
>> in February 2015, focused on uplifting young African-American men and boys.
>>
>> Catalyze: In July, #YesWeCode launched at the 20th Anniversary ESSENCE
>> Festival with a youth-focused hackathon and a headline performance by
>> Prince, before a festival audience of 500,000 people.
>>
>> Just seemed appropriate to post this.
>>
>> ---
>> <><><><><><><><><><><><><><><><>
>> Ms. Jayne Cravens MSc
>> Portland, Oregon, USA
>>
>> The web site - http://www.coyotecommunications.com
>> The email - j...@coyotecommunications.com
>> Me on Twitter, other social networks, & my blog:
>> http://www.coyotecommunications.com/me/jayneonline.shtml
>>
>> Author: The Last Virtual Volunteering Guidebook
>> More about the book, and how to buy it
>> (as a paperback or as an e-book):
>> http://www.energizeinc.com/store/1-222-E-1
>> <><><><><><><><><><><><><><><><>
>>
>> --
>> Liberationtech is public & archives are searchable on Google. Violations
>> of list guidelines will get you moderated:
>> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
>> Unsubscribe, change to digest, or change password by emailing moderator at
>> compa...@stanford.edu.
>>
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> compa...@stanford.edu.
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] popcorn-time

2014-04-07 Thread Feross Aboukhadijeh

Jonathan, see: http://webtorrent.io (Still a work in progress)

How does WebTorrent work? https://github.com/feross/webtorrent/issues/39

Feross
✩ blog http://feross.org/ | ✎ studynotes http://www.apstudynotes.org/ |☮
webtorrent http://webtorrent.io/


On Mon, Apr 7, 2014 at 12:50 AM, ChaTo (Carlos Alberto Alejandro CASTILLO
Ocaranza) ch...@chato.cl wrote:

  Hi,

 An answer to the single point of failure of having a URL to pull the
 content is to use a secure distribution mechanism.

 I think a great candidate is BitMessage, which I have been using for some
 months now: https://bitmessage.org/wiki/Main_Page

 BitMessage is a secure peer-to-peer communications protocol that allows
 you to broadcast a message (or receive a broadcast message) without
 revealing your IP address.

 Cheers,

 On 04/06/2014 11:41 PM, Jonathan Wilkes wrote:

 Hi list,
  Can some tech liberator out there versed in javascript and video
 streaming please take over the popcorn-time project?  It looks like it was
 developed pseudonymously by at least three teams now which have all
 disappeared (probably due to pressure from Hollywood).

 If you haven't heard of it, see:
 https://en.wikipedia.org/wiki/Popcorn_Time

 Why should this interest you?

 * Licensed GPL v3
 * Has the most user-friendly interface I've seen in a piece of free
 software
 * Runs on GNU/Linux, OSX, Windows
 * Streams downloads efficiently and uses Bittorrent to seed while the user
 watches (with no setup or intervention by the user)
 * Accessibility.  Looks like the project is getting bullied with a game of
 whack-a-mole, probably due to pressure from Hollywood. AFAICT there is no
 new technology being used-- the original devs used mostly pre-existing libs
 to make something that is easy to use.  What everyone on this list can do
 using Transmission and VLC can now be done by non-experts.

 How to stop the game of whack-a-mole?

 There needs to be something like a popcorn kernel team.  It should use
 exactly the same API as the software currently does, but just have a place
 where the user can type in an address from which to pull the content.  It'd
 be pretty easy to host a tracker with one or two public domain titles and
 test with that.  Then if a site like archive.org decides to adopt the YTF
 API to access its public domain videos, users can just add that address and
 start streaming the content.  (And again because they are also seeding this
 helps out archive.org, so it's a win-win.)

 That would remove the only controversial line of code-- the url of YTF--
 so that anyone who wants to improve the software may do it without being
 bullied.  Also, if there were a well-known organization dedicated to
 hosting and defending free software that could host the repo and front page
 it would lower the risk of a rogue, suspicious site putting up downloads
 with malware in them. (And each time Popcorn-time gets resurrected at some
 new domain that risk increases.)

 The original code is still on github.  Not sure about the other
 incarnations.  It's worth noting that there seemed to be quite a bit of
 activity on each incarnation (bug fixes, improvements) so it might be worth
 it to try to find a link to the most recent incarnation.  (And since it's
 git it should be easy to audit the changes.)

 I really wish I knew javascript and node.js.  Then I'd just do it myself.
 :)

 Best,
 Jonathan


 --
 ChaTo (Carlos Castillo) http://chato.cl/
 LinkedIn http://linkedin.com/in/chato · 
 Facebookhttps://facebook.com/chato·
 Twitter http://twitter.com/chatox

 --
 Liberationtech is public  archives are searchable on Google. Violations
 of list guidelines will get you moderated:
 https://mailman.stanford.edu/mailman/listinfo/liberationtech.
 Unsubscribe, change to digest, or change password by emailing moderator at
 compa...@stanford.edu.

-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Announcing Scramble.io

2013-08-23 Thread Feross Aboukhadijeh

This is great work, DC. Congrats on launching!

 This does not improve on the properties of PGP, fundamentally. Without a
 pre-existing secure channel, knowledge of this public hash is just as
 susceptible to MitM.

Scramble isn't trying to improve on PGP at the cryptographic level -- it
actually *uses* PGP (specifically, OpenPGP.js) to encrypt the emails.

The point of Scramble is to make PGP actually usable by humans. PGP's
problem is not that we lack a way to make pre-existing secure channels,
it's that literally no one uses it. Scramble makes PGP usable by the masses.
 It's webmail so it's convenient and doesn't require any software
configuration. And it uses a great little trick pioneered by tor hidden
services to eliminate the need for key signing parties, which
weren'thttp://ripe60.ripe.net/images/photo-keysigning.jpg
 muchhttp://ripe61.ripe.net/wp-content/uploads/2010/11/key-signing-prague.jpg
 fun http://mdcc.cx/~joostvb/plaatjes/20050910-tilburg-tosti/ksp.jpganyways.

All this usability gain from webmail, but what about attacks like what
would have happened to LavaBit? Some say that webmail can't be made secure.

We don't know much about what LavaBit was asked to do, but Scramble is
(theoretically)
secure against attacks from centralized adversaries like governments who
control root CAs and could take over and even operate the Scramble servers.
 The browser treats the server as a dumb blob store, decrypts all data
locally, and doesn't ever download new javascript (if you're use the chrome
extension version of Scramble, two click install). An actively malicious
server is not a problem. Mad cool.

Even if you're *not* using the chrome extension version (i.e. paranoid
mode), it's impossible for a central adversary who controls the Scramble
servers to do a targeted attack against you specifically, because the
browser downloads all the javascript upfront and only requests
user-specific mailbox data afterwards. It doesn't download any new code
after it's identified you to the server. Again, mad cool.

If the attacker served malicious JS to everyone, users would quickly notice
and word would get out. A distributed program could automate this check.

I recommend you all read the two links DC posted. Scramble is the real
deal. Good news for all of us!

Feross
feross.org - peercdn.com (make your site faster  reduce your bandwidth
costs!)


On Fri, Aug 23, 2013 at 2:12 AM, Ximin Luo infini...@gmx.com wrote:

 On 23/08/13 09:53, DC wrote:
  Hi everyone,
 
  I'm DC, and I've been lurking here for a few weeks :)
 
  Since the NSA leaks, I've been inspired to work on an old dream:
 end-to-end
  encrypted email.
 
  One difficult problem in public-key encryption is key exchange: how to
 get a
  recipient's public key and know it's really theirs.
  My plan is to make make your email the hash of your public key.
  For example, my address is *nqkgpx6bqscsl...@scramble.io
  mailto:nqkgpx6bqscsl...@scramble.io*
  (I borrowed this idea from Tor Hidden Services.)
 

 This does not improve on the properties of PGP, fundamentally. Without a
 pre-existing secure channel, knowledge of this public hash is just as
 susceptible to MitM.

 You can argue well my email address is pasted on so many websites, it's
 infeasible for an attacker to MitM all of them, but you can say the same
 thing
 for PGP keys too.

 In some senses it's even worse because a human has to remember the hash
 *exactly*, instead of having PGP manage the email-fingerprint mapping for
 you. You could write some address book software to improve on this,
 however.

  This lets you build an email system with some nice properties:
  * It's webmail. I want something easy to use and understand, unlike PGP,
 so
  that nontechnical people can grok it.
  * Webmail has an inherent weakness: if push comes to shove, the NSA can
 compel
  a Scramble server to serve bad Javascript to their users. I want to give
 users
  the option to install the app as a Chrome extension. Same HTML, CSS, and
 JS,
  but served locally, so the server is untrusted.
  * You can look up someone's public key from an untrusted server, and
 verify
  that it's actually theirs.
  * Anyone can run a Scramble server
  * It's open source
  * All email between Scramble addresses is encrypted. Both Subject and
 Body are
  encrypted via PGP.
  * With some precautions, it's possible to avoid associating your real
 identity
  with your email address at all. This means that even From and To can be
 anonymous.
 
  Feel free to try it out! https://scramble.io/
 
  Here's a more thorough description of my design and my
  motivations: https://scramble.io/doc/
  Finally, here's a more thorough description of the technical
  details: https://scramble.io/doc/how.html
 
  Thoughts?
  Best
  DC
 
 


 --
 GPG: 4096R/1318EFAC5FBBDBCE
 git://github.com/infinity0/pubkeys.git


 --
 Liberationtech is a public list whose archives are searchable on Google.
 Violations of list guidelines will get you moderated:

Re: [liberationtech] Announcing Scramble.io

2013-08-23 Thread Feross Aboukhadijeh

 Sounds very cool yes. But where is the OpenPGP.js stored?

scramble webmail: it's stored on the server and transmitted over https.
scramble extension: stored locally, never/rarely updated, like tor browser
bundle.

See: https://scramble.io/doc/#explanation

I'm sure DC can elaborate more.

Feross
feross.org - peercdn.com (make your site faster  reduce your bandwidth
costs!)


On Fri, Aug 23, 2013 at 5:36 AM, Jerzy Łogiewa jerz...@interia.eu wrote:

 Sounds very cool yes. But where is the OpenPGP.js stored?

 --
 Jerzy Łogiewa -- jerz...@interia.eu

 On Aug 23, 2013, at 2:28 PM, Feross Aboukhadijeh wrote:

  Even if you're *not* using the chrome extension version (i.e. paranoid
 mode), it's impossible for a central adversary who controls the Scramble
 servers to do a targeted attack against you specifically, because the
 browser downloads all the javascript upfront and only requests
 user-specific mailbox data afterwards. It doesn't download any new code
 after it's identified you to the server. Again, mad cool.

 --
 Liberationtech is a public list whose archives are searchable on Google.
 Violations of list guidelines will get you moderated:
 https://mailman.stanford.edu/mailman/listinfo/liberationtech.
 Unsubscribe, change to digest, or change password by emailing moderator at
 compa...@stanford.edu.

-- 
Liberationtech is a public list whose archives are searchable on Google. 
Violations of list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] #YesWeCode Initiative - & Prince

Re: [liberationtech] popcorn-time

Re: [liberationtech] Announcing Scramble.io

Re: [liberationtech] Announcing Scramble.io

4 matches

Site Navigation

Mail list logo

Footer information