A hack and a snowflake

This would be a long post. Before starting, I would like to share or explain that I am not a native English speaker. I say this as what I’m going to write, may or may not be the same terms or meaning that others understand as I’m an Indian who uses American English + British English.

So it’s very much possible that I have picked up all the bad habits of learning and understanding and not any of the good ones in writing English as bad habits as elsewhere in life are the easier ones to pick up. Also I’m not a trained writer or have taken any writing lessons ever apart from when I was learning English in school as a language meant to communicate.

Few days back, I was reading an opinion piece (I tried to find the opinion piece again but have failed to do since) if anybody finds it, please share in the comments so will link here. A feminist author proclaimed how some poets preached or shared violence against women in their writings, poems including some of the most famous poets we admire today. The author of the article was talking about poets and artists like William Wordsworth and others. She picked out particular poems from their body of work which seemed to convey that message. Going further than that, she chose to de-hypnate between the poet and their large body of work. I wished she had cared enough to also look a bit more deeply in the poet’s life than just labeling him from one poem among perhaps tens or hundreds he may have written. I confess I haven’t read much of Wordsworth than what was in school and from those he seemed to be a nature lover rather than a sexual predator he was/is being made out to be. It is possible that I might have been mis-informed.


Meaning of author

– Courtesy bluediamondgallery.com – CC-by-SA

The reason I say this is because I’m a hack. A hack in the writing department or ‘business’ is somebody who is not supposed to tell any back story and just go away. Writers though, even those who write short stories need to have a backstory at least in the back of their mind about each character that s/he introduces into the story. Because it’s a short story s/he cannot reveal where they come from but only point at the actions they are doing. I had started the process two times and two small stories got somewhat written through me but I stopped both the times midway.

while I was hammering through the keyboard for the stories, it was as if the characters themselves who were taking me on a journey which was dark and I didn’t want to venture more. I had heard this from quite a few authors, few of them published as well and I had dismissed it as a kind of sales pitch or something.

When I did write those stories for the sake of argument, I realized the only thing that the author has is an idea and the overall arc of the story. You have to have complete faith in your characters even if they led you astray or in unexpected places. The characters speak to you and through you rather than the other way around. It is the most maddest and the most mysterious of journeys and it seemed the characters liked the darker tones more than the lighter ones. I do not know whether it the same for all the writers/hacks (at least in the beginning) or just me ? Or Maybe its a cathartic expression. I do hope to still do more stories and even complete them even if they have dark overtones just to understand the process. By dark I mean violence here.

That is why I asked that maybe if the author of the opinion piece had taken the pain and shared more of the context surrounding the poem themselves as to when did Mr. Wordsworth wrote that poem or other poets did, perhaps I could identify with that as well as many writers/authors themselves.

I was disappointed with the article in two ways, in one way they were dismissing the poet/the artist and yet they seemed or did not want to critique/ban all the other works because

a. either they liked the major part of the work or

b. they knew the audience to whom they were serving the article to probably likes the other works and chose not to provoke them.

Another point was I felt when you are pushing and punishing poets are you doing so because they are the soft targets now more than ever? Almost all the poets she had talked about are unfortunately not in this mortal realm anymore. On the business side of things, the publishing industry is in for grim times . The poets and the poems being perhaps the easiest targets atm as they are not the center of the world anymore as they used to do. Both in United States as well as here in India, literature or even fiction for that matter has been booted out of the educational system. The point I’m trying to make here that publishers would and are not in a position to protect authors or even themselves when such articles are written and opinions are being formed. Also see https://scroll.in/article/834652/debut-authors-heres-why-publishers-are-finding-it-difficult-to-market-your-books for an Indian viewpoint of the same.

I also did not understand what the author wanted when she named and shamed the poets. If you really want to name and shame people who have and are committing acts of violence against women, then the horror film genre apart from action genre should be easily targeted. In many of the horror movies, both in hollywood, Bollywood and perhaps in other countries as well, the female protagonist/lead is often molested,sexually assaulted, maimed, killed, cannibalized so and so forth. Should we ban such movies forthwith ?

Also does ‘banning’ a work of art really work ? The movie ‘Padmavaat‘ has been mired in controversies due to a cultural history where as the story/myth goes ‘Rani Padmavati’ (whether she is real or an imaginary figure is probably fodder for another blog post) when confronted with Khilji committed ‘Jauhar’ or self-immolation so that she remains ‘pure’. The fanatics rally around her as she is supposed to have paid the ultimate price, sacrificing herself. But if she were really a queen, shouldn’t she have thought of her people and lived to lead the fight, run away and fight for another day or if she was cunning enough to worm her way into Khilji’s heart and topple him from within. The history and politics of those days had all those options in front of her if she were a real character, why commit suicide ?

Because of the violence being perpetuated around Rani Padmavati there hasn’t been either a decent critique either about the movie or the historical times in which she lived. It perhaps makes the men of the land secure in the knowledge that the women then and even now should kill themselves than either falling in love with the ‘other’ (a Muslim) romantically thought of as the ‘invader’ a thought which has and was perpetuated by the English ever since the East India company came for their own political gains. Another idea being women being pure, oblivious and not ‘devious’ could also be debated.

(sarcasm) Of course, the idea that Khilji and Rani Padmavati living in the same century is not possible by actual historians is too crackpot to believe as the cultural history wins over real history. (/sarcasm)

The reason this whole thing got triggered was the ‘snowflake’ comments on https://lwn.net/Articles/745817/ . The article itself is a pretty good read as even though I’m an outsider to how the kernel comes together and although I have the theoretical knowledge about how the various subsystem maintainers pull and push patches up the train and how Linus manages to eke out a kernel release every 3-4 months, I did have an opportunity to observe how fly-by-contributors are ignored by subsystem-maintainers.

About a decade or less ago, my 2-button wheel Logitech mouse at the time was going down and I had no idea why sometimes the mouse used to function and why sometimes it didn’t. A hacker named ‘John Hill’ put up a patch. What the patch did essentially was trigger warnings on the console when the system was unable to get signal from my 2-button wheel mouse. I did comment and try to get it pushed into the trunk but it didn’t and there was also no explanation by anyone why the patch was discarded. I did come to know while building the mouse module as to how many types and models of mouse there were which was a revelation to me at that point in time. By pushing I had commented on where the patch was posted and the mailing list where threads for patches are posted and posted couple of times that the patch by John Hill should be considered but nobody either got back to me or him.

It’s been a decade since then and still we do not have any proper error reporting process AFAIK if the mouse/keyboard fails to transmit messages/signals to the system.

That apart the real long thread was about the term ‘snowflake’. I had been called that in the past but had sort of tuned it out as I didn’t know what the term means/meant.

When I went to wikipedia and came up with the ‘snowflake’ and it came with 3 meanings to the same word.

a. A unique crystalline shape of white

b. A person who believes that s/he is unique and hence entitled

c. A person who is weak or thin-skinned (overly sensitive)

I believe we all are of the above, the only difference is perhaps a factor. If we weren’t meant to be unique we wouldn’t have been given a personality, a body type, a sense of reasoning and logic and perhaps most important a sense of what is right or wrong. To be thick-skinned also comes the inability to love and have empathy with others.

To round off on a somewhat hopeful note, I was re-reading maybe for the umpteenth time ‘Sacred Stone‘ an action thriller in which four hindus along with a corrupt, wealthy and hurt billionaire try to blow the most sacred site of the Muslims, the Mecca and Medina. While I don’t know whether it would be possible or not, I would for sure like to see people using the pious days for reflection . I don’t have to do anything, just be.

Similarly, the spanish pilgrimage as shown in the Way . I don’t think any of my issues will be resolved in being either of the two places but it may trigger paths within which I have not yet explored or forgotten longtime ago.

At the end I would like to share two interesting articles that I saw/read over the week, the first one is about the ‘Alphonso‘ and the other Samarkhand . I hope you enjoy both the articles.


WordPress.com tracking pictures and a minidebconf in Pune

This would be a big longish post.

I have been a wordpress.com user for a long time and before that blog post for a long long time. Sometime back on few blog posts I began to notice that on planet.debian.org the pictures were not appearing. I asked the planet maintainers what was going on. They in turn shared with me a list of filters that they were using as a default. While I’m not at liberty to share any of the filters, it did become clear from reading of the regular expressions of the filters and conversations with the planet maintainers that wordpress.com was at fault and not Planet.debian. I tried to see if there was anything as a content producer I could do but apparently nothing. The only settings for media or even for general has no settings through which I could stop tracking.

Sharing a screenshot below –

Media settings in normal wordpress.com account.

Sp while there’s nothing I can do atm, I can share about the Debian event that we did in reserved-bit about couple of months ago. Before I start, here’s a small brief about reserved bit, it’s a makerspace right next to where all the big IT companies are and where they come to pass the time after work. It’s on top of a mall.

Reserved-bit is run jointly by Siddhesh and Nisha Poyarekar husband-wife duo. Siddhesh was working with Redhat and now does his own thing. Works with Linaro and is a glibc maintainer and I read somewhere that he was even a releaser of couple of glibc releases (Update = actually 2.25 and 2.26 of glibc which is wow and also a big responsibility.) Pune is to India what Detroit was to the States. We have number of automobile companies and siddesh did share he was working on the glibc variants for the automobile, embedded market.

Nisha on the other hand is more on the maker side of the things, his better half and I believe she knows quite a bit of Aurdino. I believe there was a workshop yesterday on aurdino but due to time and personal constraints was not able to attend it or would have got more to share. She is the one who is looking at the day-to-day operations of maker-bit and Siddhesh chips in as and when he can.

Because of the image issue, I had been dragging my feet to post about the event for more than couple of months now. I do have access of a debconf gallery instance but was not comfortable for this. If I do attend a debconf then probably that would be the place for that.

Anyways, about 3 months back Gaurav shared an e-mail on the local LUG mailing list . We were trying to get the college where the LUG meets as it is one of the central parts of the city but then due to scheduling changes it was decided to be held at reserved-bit. I had not talked with Praveen for some time but had an inkling that he might be bringing one of the big packages which has a lot of dependencies on them which I shared in an email . As can be seen, I also shared the immense list that Paul always has and as can be seen free software is just growing leaps and bounds, what we are missing are more packagers and maintainers.

I also thought that it is possible that somebody might want to install debian and hence shared about that as well.

As I wasn’t feeling strong enough, I decided to forgo taking the lappy along. Fortunately, a friend arrived and we were together able to reach the venue on time. We probably missed about 10 minutes which probably was the introduction session a bit.

Image of Praveen talking about various software

Image – courtesy Gaurav Sitlani

Praveen is in middle, somewhat like me with the beard, and white t-shirt.

I had mentally prepared myself for newbie questions but refreshingly, even though there were lot of amateurs, most of them had used Debian for sometime. So instead of talking about why we need to have Debian as a choice or why X disto is better than Y we had more pointed topical questions. There were questions about privacy as well where Debian is strong and looking to set the bar even higher. I came to know much later than Kali people are interested in porting most of their packages and maintain it in main, more eyes to see the code, a larger superset of people would use the work they do than those who would only use kali and in time higher quality of packages which is win-win to all the people concerned.

As I had suspected Praveen shared two huge lists of potentials software that needs to be packaged. Before starting he took some of the introductory part of the npm2deb tutorial. I had played with build programs before but npm2deb seemed a bit more automated than others, specifically with the way it picks up the metadata about software to be packaged. I do and did realize that npm2deb is for specific bits only and probably that is the reason that it could be a bit more automated than something like makefile, cmake, premake but then the latter are more generic in nature, they are not tied to a specific platform or way of doing things.

He showed a demo of npm2deb, the resultant deb package, ran lintian on top of it . He did share the whole list of software that needs to be packaged in order to see npm come into Debian. He and Shruti also did a crowdfunding for it sometime back.

I am not sure how many people noticed but from what I recollect both nodejs and npm came around June/July 2017 in Debian. While I don’t know it seemed Praveen and Shruti did the boring yet hard work to bring both the biggish packages into Debian. There may be some people involved as well which I might not know about but that is unintentional. If anybody knows any better feel free to correct me and will update it here as well.

Then after a while Raju shared the work he has been doing with Hamara but not in great detail as still lot of work is yet to be done. There were questions about rolling release and how often people update packages, while both Praveen and Raju pointed out that they did monthly updates, I am more of a weekly offender. I usually use debdelta to update packages and its far much easier to track and have the package diffs cheaply without affecting the bandwidth too much.

I wanted to share about adequate as I think it’s one of the better tools but as it has been orphaned and nobody has stepped up, it seems it will die a death after sometime. What a waste of a useful tool.

What we hadn’t prepared for that somebody had actually wanted to install Debian on their laptop then and there. I just had the netinstall usb stick by chance but the person who wanted to install debian had not done the preparatory work which needs to be done before setting up Debian. We had to send couple of people to get a spare external hdd which took time, copying the person’s data and then formatting that partition, sharing the different ways that Debian could be installed onto the system. There was a bit of bike-shedding there as there are just too many ways. I am personally towards have a separate / , /boot (part of it I am still unable to resolve under the whole Windows 10 nightmare, /home, /logs and swap. There was also a bit of discussion about swap as the older model of 1:1 memory doesn’t hold much water in the 8 GB RAM+ scenario.

By the time the external hdd came, we were able to download a CD .iso and show a minimal desktop installation. We had discussions about the various window managers and desktop environments, the difference and the similarities. IIRC, CD 1 has just LXDE as none of the other desktop environments can fit on CD1. I also shared about my South African Debconf experience as well the whole year-long preparation it takes to organize Debconf. IIRC, I *think* I shared having a conference like that costs north of USD 100,000 (it costed that much for South Africa, beautiful country) – the Canadian one might have costed more and the Taiwan one happening coming July would cost the same even though accommodation is free. I did share that we had something like 300+ people for the conference, the Germany one the year before had 500 so for any Indian bid we would have to grow up a whole lot more before we think of getting anywhere of hosting a debconf in India.

There was interest from people to contribute to Debian but this is where it gets a bit foggy, while some of the students want/ed to contribute they were not clear as to where they could contribute. I think we shared with them the lists, shared/showed them IRC/Matrix and sort of left them to their own devices. I do think we did mention #debian-welcome and #debian-mentors at possible points of contact. As all of us are busy with our lives, work etc. it does become hard to tell/advise people. Over the years we have realized that its much better to just share the starting info. and let them find if there is something that interests them.

There was also discussion about different operating systems and how the work culture and things differed from the debian perspective. For e.g. I shared how we have borrowed quite a bit of security software from the BSD stable and some plausible reasons of where BSD has made it big and where it sort of failed. The same was dissected for other operating systems too who are in the free software space and quite a few students realized it’s a big universe out there. We shared about devuan and how a group of people who didn’t like systemd did their own thing but at the same they realized the amount of time it takes to maintain a distro. In many a ways, it is a miracle that Debian is able to be independent and have its own morals and compasses. We also shared bits of the Debian constitution and Manifesto but not too much otherwise it would have become too preachy.

Coming towards the end, it gives me quite a bit of pleasure to share that Debian would be taking part in Outreachy and GSOC at the same time. While the projects seem to be different, I do have some personal favorites. The most exciting to me as a user are –

1. Wizard/GUI helping students/interns apply and get started – While they have narrow-cased it, it should help almost everybody who has to get over the learning curve to make her/is contribution to Debian. Having all the tools configured and ready to work would make the job of on boarding on to Debian a whole lot easier.

2. Firefox and Thunderbird plugins for free software habits – It’s always a good idea to start of with privacy tools, it would make the journey of free software much easier and enjoyable.

3. Android SDK Tools in Debian – This I think would be a multi-year project for as long as Android is there as a competitor in the mobile space. Especially for Pune students doing work with Android might lead to upstream work with Linaro who have been working with companies and various stake-holders to have more homogeneity to a kernel which would make it more secure, more maintainable in the short and long run.

4. Open Agriculture Food Computer – This probably would be a bit difficult but for colleges like COEP who have CNC lathes and 3-d printer and a benefactor in Sharad Pawar and other people who are interested in Agriculture, Nitin Gadkari . The TED link shared and reproduced below does give some idea. Vandana Shiva, who has been a cultural force and has a seed bank so we have culture, recipes and food for generations would be pretty much appropriate for the problems we face. It actually ties in with another ted talk which is also a global concern, the shortage of water and recycling of water.

This again from what I could assess with my almost non-existent agricultural skills, would be multi-year project as the science and understanding of it are in early stages. People from agriculture, IT, Atmospheric Science etc. all would have a role in a project like this. The interesting part of it is that from what has been shared, it seems there are lots that can be done in that arena.

Lastly, I would like some of the more privacy consciously people to weigh in on 1322748. I have used all the addons which have been mentioned on the bugzilla one time or the other and am stymied as my web experience is poorer as I cannot know who to trust and who to not without the info. about what ciphers the webmasters are using. Public pressure can only work when that info. is available.

I am sure I missed a lot, but that’s all I could cover. If people have some more ideas or inputs, feel free to suggest in the comments and I will see if I can incorporate them in the blog post if need be.

webmail saga continues

I was pleased to see a reply from Daniel as a reaction to my post. I read and re-read the blog couple of times yesterday and another time today to question my own understanding and see if there is anyway I could make life easier and simpler for myself and other people whom I interact with but finding it somewhat of an uphill task. I will not be limiting myself to e-mail alone as I feel until we don’t get/share the big picture it would remain incomplete.

Allow to share me few observations below –

1. The first one is probably cultural in nature (either specific to India or its worldwide I have no contextual information.) Very early in my professional and personal life I understood that e-mails are leaky by design. By leaky I mean being leaked by individuals for profit or some similar motive.

Also e-mails are and were used as misinformation tools by companies and individuals then and now or using sub-set or superset of them without providing contextual information in which they were written. While this could be construed as giving straw man I do not know any other way. So the best way, at least for me is to construct e-mails in a way where even if some information is leaked, I’m ok with it being leaked or being in public domain. It just hurts less. I could probably give 10-15 high-profile public outings in the last 2-3 years itself. And these are millionaires and billionaires, people on whom many people rely on their livelihoods should have known better. In Indian companies, for communications they do have specific clauses where any communication you had with them is subject to privacy and if you share it with somebody you would be prosecuted, on the other hand if the company does it, it gets a free pass.

2. Because of my own experiences I have been pretty circumspect/slightly paranoid of anybody promising or selling the cool-aid of total privacy. Another example which is of slightly recentish vintage and pains me even today was a Mozilla add-on for which I had done RFP (Request for Package) which a person for pkg-mozext-maintainers@lists.alioth.debian.org (probably will be moved to salsa in near future) packaged and I thanked him/her for it. Two years later it came to fore that under the guise of protecting us from bad cookies or whatever the add-on was supposed to do, it was actually tracking us and selling this information to third-parties.

This was found out by some security researcher casually auditing the code two years down the line (not mozilla) and then being confirmed by other security researchers as well. It was a moment of anguish for me as so many people’s privacy had been invaded even though there were good intentions from my side.

It was also a bit sad as I had assumed (perhaps incorrectly) that Debian does do some automated security audit along with hardening flags that it uses when a package is built. This isn’t to show Debian in a bad light but to understand and realize that Debian has its own shortcomings in many ways. I did hear recently that lot of packages from Kali would make it to Debian core, hopefully some of those packages could also serve as an additional tool to look at packages when they are being built 🙂

I do know it’s a lot to ask for as Debian is a volunteer effort. I am happy to test or whichever way I can contribute to Debian if in doing so we can raise the bar for intended or unintended malicious apps. to go through. I am not a programmer but still I’m sure there might be somehow I could add strength to the effort.

3. The other part is I don’t deny that Google is intrusive. Google is intrusive not just in e-mail but in every way, every page that uses Google analytics or the google Spider search-engine be used for tracking where you are and what you are doing. The way they have embedded themselves in web-pages is it has become almost impossible to see almost all web-pages (some exceptions remain) without allowing google.com to see what you are seeing. I use requestpolicy-continued to know what third-party domains are there on web-page and I see fonts.googleapis.com, google.com and some of the others almost all the time. The problem there is we also don’t know how much information google gathers. For e.g. even if I don’t use Google search engine and if I am searching on any particular topic and if 3-4 of the websites use google for any form or manner, it would be easy to know the information and the line/mode or form of the info. I’m looking for. That actually is same if not more of a problem to me than e-mails and I have no solution for it. Tor and torbrowser-launcher are and were supposed to be an answer to this problem but most big CDNs (Content Distributor Networks) like cloudfare.com are against it so privacy remains an elusive dream there as well.

5. It becomes all the more dangerous when in mobile space where Google Android is the only vendor. The rise of carrier-handset locking which is prevalent in the west has also started making inroads in India. In the manufacturer-carrier-Operating System complex such things will become more common. I have no idea about other vendors but from what I have seen I think the majority might probably be doing the same. IPhone is supposed to also have lot of nastiness where it comes to surveillance.

6. My main worry for protonmail or any other vendor is should we just take them at face-value or is there some other way for people around the world to be assured and in case things take a worse time be possible to file claim for damages if those terms and conditions are not met. I looked to see if I could find an answer to this question which I asked in my previous post and I looked but didn’t find any appropriate answer in your post. The only way I see out of is decentralized networks and apps but they too leave much to be desired. Two examples I can share of the latter. Diaspora started with the idea that I could have my profile in one pod, if for some reason I didn’t like the pod, I could take all the info. to another pod with all the messages, everything in an instant. At least till few months back, I tried to migrate to another pod and found that feature doesn’t work/still a work in progress.

Similarly, zeronet.io is another service which claimed to use de-centralization but for last year or so I haven’t been able to send one email to another user till date.

I used both these examples as both are foss and both have considerable communities and traction built around them. Security or/and anonymity is still at a lower path though as of yet.

I hope I was able to share where I’m coming from.